Beruflich Dokumente
Kultur Dokumente
Configuration User
Guide
PERPETUAL INNOVATION
Table of Contents
Introduction .......................................................................13
Chapter 1: Overview ..................................................................15
Enterprise Application Example .................................................................... 16
Enterprise System Benefits ........................................................................... 17
Open Architecture Technology ........................................................................................ 17
Core Technology Features .............................................................................................. 17
revision 1 3
Table of Contents
4 revision 1
revision 1 5
Table of Contents
6 revision 1
Internet Information Services (IIS) for Windows Server 2008 ..................... 106
.Net Configuration with SQL Server .............................................................................. 107
Serving Dynamic Content with Windows Server 2008 .................................................. 107
Creating Virtual Directories ........................................................................................... 107
Configure SSL ............................................................................................................... 107
revision 1 7
Table of Contents
revision 1 9
Table of Contents
10 revision 1
Appendices ......................................................................173
Appendix A: The Application.config File ...............................175
Modifying the Application.config File ........................................................... 175
Application.config File Settings ................................................................... 177
ConnectionString ........................................................................................................... 177
DatabaseType ............................................................................................................... 178
Lnl.LicenseSystem.Client.Host ..................................................................................... 178
Lnl.LicenseSystem.Client.Port ...................................................................................... 178
SRConnectionString ...................................................................................................... 178
SchemaOwner .............................................................................................................. 178
Error Log ....................................................................................................................... 178
revision 1 11
Table of Contents
Index ...............................................................................................195
12 revision 1
Introduction
Chapter 1:
Overview
OnGuard Enterprise combines independent multiple-site access control, alarm
monitoring and ID badging into a single, distributed, enterprise-wide, security
management solution. OnGuard Enterprise allows security managers to monitor
multiple corporate sites worldwide simultaneously from a single, centralized
location. This feature is especially critical for large multi-national corporations
that need to be able to access any facility whether its across the world or across
town at any given time, using a single ID card. Growing corporations require
scalable security systems as they add new facilities worldwide, and OnGuard
Enterprise allows them to monitor new sites from a central location.
The OnGuard Enterprise advanced system design allows mid- to large-sized
multinational organizations to maintain both a central Enterprise database server
and multiple autonomous Regional database servers that operate independently
of the central server. Each Regional Server Node site has its own access control
system. The central server is used for analysis and reporting, and has the ability
to view all sites. The cardholder database is global; cardholder records are shared
among all sites. Cardholders and their badges can be updated anywhere in the
system, and the changes will be distributed to all sites. Information stored on
each Regional Server Nodes database is synchronized with the Enterprise server
on a predetermined basis, offering consistently updated personnel information
and access control field data for optimum security and access control.
Making changes to any forms on an Enterprise system, except for cosmetic
changes, requires a full download to be made using Replicator by all Regional
Server Nodes. Be sure that there are NO transactions from Regional Server
Nodes that need to be replicated to the Master Server Node. These transactions
will be lost after you make a FormsDesigner change! Also, FormsDesigner
changes are contained only on the Master Server Node.
The Replication Administration application provides centralized management
and configuration of Enterprise systems and mobile stations. It is available in
both the Enterprise and standard versions of OnGuard, and the software license
determines whether the database can be configured as an Enterprise system or a
mobile station. On an Enterprise system, it is used to manage the Master Server,
Regional Server Nodes, and mobile stations from one location. On a standard
system, it is used to manage all mobile stations.
An example of an Enterprise application is illustrated on the following page.
revision 1 15
Overview
CORPORATE
HUMAN RESOURCES
DATABASE
MASTER SERVER
AN
W
W
AN
ENTERPRISE REGION #N
ENTERPRISE REGION #1
NODE # 1 DATABASE
NODE # N DATABASE
Field Hardware
Field Hardware
Enterprise Regional
Server #1
Readers
Readers
Enterprise Regional
Server #2
Alarm Monitoring
System Administration
Alarm Monitoring
Alarm Monitoring
System Administration
Alarm Monitoring
Badging
Mobile Badging
Badging
Mobile Badging
WAN
WAN
REGION # N- 1 DATABASE
Field Hardware
ISC
ISC
Alarm
Alarm
Readers
Readers
Regional Server N-1
System Administration
Alarm Monitoring
Badging
16 revision 1
REGION # N- 2 DATABASE
Field Hardware
Alarm Monitoring
Mobile Badging
System Administration
Alarm Monitoring
Badging
Alarm Monitoring
Mobile Badging
List Builder Entries. Entries in List Builder are capable of being modified
on a specific Regional Server Node. Using buildings and departments as an
example, two Regional Server Nodes representing California and New York
sites would be capable of setting up their own respective buildings and
departments at those particular Nodes.
revision 1 17
Overview
Terms to Know
18 revision 1
remotely capture cardholder photos and information and upload them to the
Master Server Node. It can be a SQL Server Express or SQL Server
database. It doesnt even have to be a server, it can be a Windows
workstation.
Warning
DO NOT RESTORE any Master, Regional Server, or Distributed ID database! This will
likely corrupt the entire multiple server Enterprise due to the interaction between each
database. DO NOT RESTORE any database without first contacting Lenel.
Replicator User Guide. The Replicator User Guide describes the Replicator
application, which is used to upload and download information between the
various servers in your system.
revision 1 19
Overview
20 revision 1
Chapter 2:
Considerations/Recommendations
Minimum recommendations should include at least a 2-3 character Master/
Regional Server Node prefix, followed by a 2-3 character segment prefix, and
then followed by a descriptive name for the object. Other options can include
detailed object names for each individual OnGuard object, i.e. ISC, readers,
alarm input, alarm output, access level, etc. This topic is covered in depth in the
Professional Engineering Services Enterprise Planning Session and Lenel
strongly recommends the full implementation of established guidelines.
revision 1 21
%HIRUH,QVWDOOLQJDQ(QWHUSULVH0DVWHURU5HJLRQDO6HUYHU1RGH
Database Planning
It is important to be able to determine the storage space for both the Master and
Regional Server databases so that the correct server hardware can be purchased.
22 revision 1
Enterprise Master
Enterprise Region
Distributed ID Master
Regional
Server 1
Distributed ID Mobile
Regional
Server 2
Mobile 1
Regional
Server 3
Mobile 2
Enterprise Region
Distributed ID Master
Distributed ID Mobile
Regional
Server 1
Mobile 1
Master
Replication
Administration
Regional
Server 2
Regional
Server 3
Mobile 2
revision 1 23
%HIRUH,QVWDOOLQJDQ(QWHUSULVH0DVWHURU5HJLRQDO6HUYHU1RGH
24 revision 1
To log into a mobile unit because you have to actually see the transactions
Chapter 3:
Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2.
3.
Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.
4.
b.
Attach the hardware key on the OnGuard License Server computer. For
more information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.
c.
Install the software license for this computer. For more information,
refer to the Installation Guide.
d.
Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.
revision 1 25
Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2.
3.
Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.
b.
Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.
c.
Install the software license for this computer. For more information,
refer to the Installation Guide.
d.
Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.
4.
Configure the server to be a(n) OnGuard Regional Server Node. For more
information, refer to Configure the Regional Server Node Database on
page 128.
5.
Download all cardholders to the new Regional Server Node. For more
information, refer to Download All Cardholders to the New Regional Server
Node on page 133.
6.
26 revision 1
Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2.
3.
4.
Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.
b.
Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.
c.
Install the software license for this computer. For more information,
refer to the Installation Guide.
d.
Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.
5.
6.
revision 1 27
Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2.
3.
4.
Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.
28 revision 1
b.
Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.
c.
Install the software license for this computer. For more information,
refer to the Installation Guide.
d.
Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.
5.
6.
Database
Management
Systems
Chapter 4:
Important:
If you have SQL Server 2005 Express installed on your system, the database
software will not be automatically upgraded during the OnGuard upgrade. If
you want to upgrade your database software, instructions for upgrading from
SQL Server 2005 Express to SQL Server 2008 Express are provided in this
chapter.
Note:
The following sections will show you how to install and upgrade SQL Server.
SQL Server 2008 Express Edition on page 32.
Installing SQL Server Management Tools on page 33
SQL Server 2008 Standard Edition on page 34.
Prerequisites
The following prerequisites are required prior to installing SQL Server 2008. If
SQL Server 2008 Express is installed by the OnGuard installation, .NET
Framework and Windows Installer will be installed automatically.
Microsoft .NET Framework 3.5 SP1
Microsoft Windows Installer 4.5 or later
Microsoft Windows PowerShell 1.0
Note:
Windows PowerShell can be downloaded from the Microsoft Web site: http:/
/www.microsoft.com/windowsserver2003/technologies/management/
powershell/download.mspx.
revision 1 31
SQL Server 2008 Express Edition can be installed or upgraded from MSDE
automatically during the OnGuard installation process. Manual instructions
are provided for upgrading from SQL Server 2005 Express in the following
section.
Important:
32 revision 1
Communication Server must be stopped. To perform the upgrade you must have
the latest service pack approved for use with OnGuard applied.
1.
2.
The SQL Server Installation Center is displayed. Click Installation from the
left pane, then click Upgrade from SQL Server 2000 or SQL Server 2005.
3.
The Setup Support Rules window will identify potential problems that might
occur during installation. You must correct any failures before setup can
continue. If no problems are identified, click [OK].
4.
5.
If you agree with the license terms, select I accept the license terms.
b.
Click [Next].
6.
7.
After the setup files have been installed, the Setup Support Rules will run
again to identify potential issues. You must resolve any failures before setup
can continue. Once the check has completed successfully, click [Next].
8.
In the Select Instance window, select the existing SQL Server installation
from the drop-down and click [Next].
9.
revision 1 33
Installation Steps
To perform the installation, complete the following steps:
1.
2.
b.
c.
d.
Upgrade Steps
Installing SQL Server 2008 on page 34.
SQL Server 2008 setup requires Microsoft .NET Framework 3.5 SP1 and
Windows Installer 4.5. If you do not have these prerequisites prior to
installing SQL Server 2008, the setup will prompt you before installing
them.
1.
34 revision 1
browse for setup.exe on the disc drive. Alternatively, you can run
setup.exe from Windows Explorer.
2.
The SQL Server Installation Center is displayed. Click Installation from the
left pane, then:
For upgrades, click Upgrade from SQL Server 2000 or SQL Server
2005.
3.
The Setup Support Rules window is displayed. You must correct any failures
before setup can continue. If no problems are identified, click [OK].
4.
The Product Key window is displayed. Enter your product key and click
[Next].
5.
6.
a.
If you agree with the license terms, select I accept the license terms.
b.
Click [Next].
The Setup Support Files step will install any of the listed components that
are missing from your system.
a.
Click [Install].
b.
7.
8.
b.
revision 1 35
Note:
For upgrades these features may already be selected and it may not be
possible to change the selections.
c.
9.
Click [Next].
10. Review the Disk Space Requirements information and click [Next] if you
have sufficient space.
11. The Server Configuration window is displayed.
b.
Enter and confirm a password for the SQL Server system administrator
account.
c.
Click [Add].
d.
e.
Change the From this location field to the local machine by clicking
[Locations] and selecting the local machine from the list.
f.
Click [Find Now], then select Administrators from the Search results
listing window.
g.
Click [OK], then click [OK] again to close the Select Users or Groups
window.
h.
14. In the Error and Usage Report Settings window, deselect both options. Click
[Next].
15. The Installation Rules or Upgrade Rules window will determine if there are
any barriers to the installation process. If there are no failures, click [Next].
16. In the Ready to Install or Ready to Upgrade window, click [Install] or
[Upgrade] to begin the installation.
17. After all installation progress has completed, click [Next].
18. In the Complete window, click [Close].
19. Reboot the computer, even if you are not prompted to do so. This completes
the installation of SQL Server 2008. You can now go on to configure SQL
Server 2008.
36 revision 1
Click the Windows Start button, then select All Programs > Microsoft SQL
Server 2008 > SQL Server Management Studio to start the SQL Server
Management Studio.
2.
3.
In the Object Explorer pane, expand the Databases folder. Right-click the
Databases folder and select New Database.
4.
5.
a.
b.
c.
d.
Scroll to the right in the Database files listing window and click the
browse button in the Autogrowth column of the log file row.
e.
Select the Restricted File Growth (MB) radio button and set a
maximum log file size. The recommended maximum log file size is
2048.
f.
Click [OK].
b.
c.
In the Other options list view, set the Auto Shrink, Auto Update
Statistics, Auto Create Statistics, and Recursive Triggers Enabled
drop-downs to True.
d.
Click [OK].
Create a Login
1.
In the Object Explorer pane of the SQL Server Management Studio, expand
the Security folder.
2.
3.
b.
revision 1 37
Note:
c.
Note:
If you choose to select the Enforce password expiration check box, you
will be required by SQL Server to select a new login password at regular
intervals. When the login password is changed by SQL Server, it must also
be updated with the Lenel Login Driver. Failure to update the Login driver
will cause OnGuard not to function properly.
4.
5.
Select the following databases from the Users mapped to this login list:
b.
6.
dbcreator
serveradmin
master
tempdb
Click [OK].
In the Object Explorer pane of the SQL Server Management Studio, rightclick on the OnGuard database and select New Query.
2.
3.
a.
b.
c.
Click the close (X) button to close the query tab, then click [No] when
prompted if you want to save the changes.
38 revision 1
1.
In the Object Explorer pane of the SQL Server Management Studio, rightclick on the database engine <ServerName> and select Properties.
2.
3.
Set the Maximum server memory (in MB) option to be roughly one half of
your systems actual memory. This will make sure that the database does not
use your entire systems memory, which would needlessly slow down your
system.
4.
Click [OK].
This procedure requires that the Recovery Model is set to Simple in the
Database Properties > Options page.
1.
In the Object Explorer pane of the SQL Server Management Studio, rightclick the OnGuard database, then select Tasks > Shrink > Files.
2.
b.
c.
Click [OK].
revision 1 39
40 revision 1
Chapter 5:
Note:
Note:
Important:
If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.
revision 1 41
Note:
42 revision 1
Install Oracle 10g (For more information, refer to Step 1: Install Oracle 10g
Server Software on page 44.)
Key points:
a.
Install Oracle 10g Server from the Oracle 10g Server disc.
b.
c.
d.
e.
2.
Install the latest approved patch sets. Refer to the Lenel Web site for more
information.
3.
Create the Lenel database. (For more information, refer to Step 3: Create the
Lenel Database on page 45.)
If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
Rename the database storage files and expand their sizes to match the
table below.
Notes:
To change the database size, double-click the size field, enter the number of
M Bytes, and click [OK].
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 7: Create the Lenel User on page 58.)
New Tablespace
names
Size (MB)
USERS
LENEL_DATA
50
TEMP
LENEL_TEMP
50
SYSTEM
SYSTEM
50
UNDOTBS1
UNDOTBS1
50
4.
Note:
Run the Net Configuration Assistant. (For more information, refer to Step 4:
Run the Net Configuration Assistant on page 51.) Type LENEL as the New
Service Name.
The Service Name is not case-sensitive.
5.
Verify that the system works. (For more information, refer to Step 5: Verify
the System is Working on page 56.)
6.
7.
Note:
Note:
Load the LenelUser.ora script into SQL Worksheet and run it.
revision 1 43
8.
9.
Insert the Oracle 10g Server disc into your disc drive to launch the Autorun
program. Click [Install/Deinstall Products]. Alternately you may launch the
installation by executing the setup.exe file on the disc.
2.
3.
4.
5.
6.
7.
44 revision 1
a.
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
Review the space requirements to make sure you have enough available
disk space on the drive you will install Oracle on.
b.
Click [Install].
Note:
8.
9.
10. If you intend to install the OnGuard server on the same machine as the
Oracle server it is necessary to install Oracle Client software at this time.
Once the client software installation is complete, return to these instructions
to continue configuring Oracle. For more information, refer to Configuring
Oracle 10g Client Software on page 63.
Click the Windows Start button, then select Programs > Oracle OraDB10g_home1 > Configuration and Migration Tools > Database
Configuration Assistant. This launches the Oracle Database Configuration
Assistant.
2.
3.
b.
Click [Next].
revision 1 45
Note:
4.
Note:
b.
Click [Next].
Selecting a template that does not include datafiles gives you full control to
specify and change every database parameter.
5.
Note:
b.
46 revision 1
Click [Next].
Note:
6.
7.
Next choose the passwords you would like to use for the different accounts.
Click [Next].
8.
Next choose the storage options that best suit your needs. Click [Next].
9.
b.
c.
revision 1 47
Note:
If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
d.
Click [Next].
b.
c.
d.
Click [Next].
b.
14. Rename the tablespaces and specify a reasonable size for holding the
OnGuard information.
a.
48 revision 1
Old Tablespace
names
New
Tablespace
names
USERS
LENEL_DATA
50
TEMP
LENEL_TEMP
50
SYSTEM
SYSTEM
50
UNDOTBS1
UNDOTBS1
50
Note:
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 7: Create the Lenel User on page 58.)
15. When you double-click the Size field, the Edit Datafile window is displayed.
To continue changing the tablespace size:
a.
b.
Click [OK].
b.
Click [Finish].
revision 1 49
50 revision 1
a.
b.
Click the Start button, then select Programs > Oracle OraDB10g_home1> Configuration and Migration Tools > Net
Configuration Assistant. This launches the Net Configuration Assistant.
2.
3.
4.
a.
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
revision 1 51
5.
6.
7.
b.
Click [Next].
Select the Use the standard port number of 1521 radio option.
b.
Click [Next].
52 revision 1
b.
Click [Next].
8.
9.
b.
Click [Next].
b.
c.
d.
Click [Next].
revision 1 53
b.
Click [Next].
54 revision 1
a.
b.
Click [Next].
Note:
a.
b.
Click [Next].
b.
Click [Next].
Note:
a.
b.
Select the Use the standard port number of 1521 radio button.
c.
Click [Next].
revision 1 55
56 revision 1
b.
Click [Next].
Note:
2.
3.
Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 47.)
b.
Click [OK].
4.
5.
b.
Click [Next].
revision 1 57
6.
b.
Click [Next].
c.
Click [Next].
d.
Click [Finish].
58 revision 1
perform a custom install of the Oracle Client software and select the Enterprise
Manager 10g Java Console.
1.
Click the Windows Start button, then select Programs > Oracle OraDB10g_home1 > Application Development > SQLPlus Worksheet.
2.
Important:
a.
Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 50.)
b.
c.
Click [Close].
3.
Verify Oracle connects properly. You should see Connected in the display
box, as shown.
4.
revision 1 59
Note:
Note:
a.
Select the File > Open menu option. The script loads into Oracle
SQLPlus Worksheet.
b.
c.
Select LenelUser.ora.
If the file is not displayed, type *.ora in the Filename field and click
[Open].
d.
5.
60 revision 1
Verify there were no errors. You should see the following text:
User created.
Grant succeeded.
Commit complete.
Create a new Oracle user with Windows authentication credentials for single
sign-on.
For more information, refer to the Database Authentication for the Web
Applications chapter in the Installation Guide.
revision 1 61
62 revision 1
Chapter 6:
Important:
If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.
Insert the Oracle 10g Client disc in your disc drive. This will launch the
Autorun program. Alternately you may launch the installation by executing
the setup.exe file on the disc.
2.
3.
4.
5.
6.
7.
Note:
a.
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
8.
revision 1 63
Note:
If you are installing Oracle Client as part of the Oracle Server installation
instructions, you may click cancel and return to step Step 2: Install the Latest
Approved Patch Sets on page 45.
9.
a.
b.
Click [Next].
b.
c.
Click [Next].
10. In the Service Name window, enter the global database name and click
[Next].
64 revision 1
11. In the Select Protocols window, verify that TCP is highlighted and click
[Next].
12. In the Host name field, type the name of the computer that Oracle is
installed on, and then click [Next].
13. Select the Yes, perform a test radio button and click [Next].
14. The [Change Login] button window is displayed.
a.
b.
c.
Click [OK].
revision 1 65
66 revision 1
Chapter 7:
Note:
Note:
If the OnGuard server is not located on the same computer as Oracle 11g
Server, then Oracle 11g Client must be installed on the OnGuard server to
allow it to connect to the database. Oracle 11g Client must also be installed
on all OnGuard clients.
Important:
If installing the 64-bit version of Oracle you must also install the 32-bit
version of the client tools or OnGuard will not work properly.
Important:
If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.
Important:
You cannot install Oracle 11g on a server with the IP address set to DHCP.
revision 1 67
Note:
68 revision 1
Install Oracle 11g (For more information, refer to Step 1: Install Oracle 11g
Server Software on page 70.)
Key points:
a.
Install Oracle 11g Server from the Oracle 11g Server disc.
b.
c.
d.
e.
2.
Install the latest approved patch sets. Refer to the Lenel Web site for more
information.
3.
Create the Lenel database. (For more information, refer to Step 2: Create the
Lenel Database on page 71.)
If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
On the Memory tab, select Custom and use the default values for
shared pool, buffer cache, and java pool.
Rename the database storage files and expand their sizes to match the
table below.
Notes:
To change the database size, double-click the size field, enter the number of
M Bytes, and click [OK].
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 6: Create the Lenel User on page 75.)
New Tablespace
names
Size (MB)
USERS
LENEL_DATA
50
TEMP
LENEL_TEMP
50
SYSTEM
SYSTEM
50
UNDOTBS1
UNDOTBS1
50
4.
Note:
Run the Net Configuration Assistant. (For more information, refer to Step 3:
Run the Net Configuration Assistant on page 74.) Type LENEL as the New
Service Name.
The Service Name is not case-sensitive.
5.
Verify that the system works. (For more information, refer to Step 4: Verify
the System is Working on page 75.)
6.
7.
Note:
Note:
Load the LenelUser.ora script into SQL Worksheet and run it.
revision 1 69
8.
9.
Insert the Oracle 11g Server disc into your disc drive to launch the Autorun
program. Click [Install/Deinstall Products]. Alternately you may launch the
installation by executing the setup.exe file on the disc.
2.
3.
4.
70 revision 1
a.
b.
Review the default Oracle Base and Home locations and modify if
desired.
c.
d.
e.
Click [Next].
b.
Click [Next].
Review the space requirements to make sure you have enough available
disk space on the drive you will install Oracle on.
b.
Click [Install].
Note:
5.
6.
7.
Install the latest approved Patch Set. The list of approved patch sets can be
found on the Lenel Web site at: http://www.lenel.com/support/downloads/
onguard#compatibility-charts.
Click the Windows Start button, then select Programs > Oracle OraDB11g_home1 > Configuration and Migration Tools > Database
Configuration Assistant. This launches the Database Configuration
Assistant.
2.
3.
Note:
a.
b.
Click [Next].
4.
Note:
b.
Click [Next].
Selecting a template that does not include datafiles gives you full control to
specify and change every database parameter.
5.
Note:
b.
Click [Next].
revision 1 71
Note:
6.
7.
Choose the passwords you would like to use for the different accounts. Click
[Next].
8.
Next choose the storage options that best suit your needs. Click [Next].
9.
Note:
a.
b.
c.
If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
d.
Click [Next].
12. The Initialization Parameters window is displayed. Make your choices and
click [Next].
13. The Security Settings window is displayed.
a.
b.
c.
14. Next choose whether to enable automatic maintenance tasks. Click [Next].
15. The Database Storage window is displayed.
a.
b.
16. Rename the tablespaces and specify a reasonable size for holding the
OnGuard information.
a.
72 revision 1
Old Tablespace
names
New
Tablespace
names
USERS
LENEL_DATA
50
Note:
Old Tablespace
names
New
Tablespace
names
TEMP
LENEL_TEMP
50
SYSTEM
SYSTEM
50
UNDOTBS1
UNDOTBS1
50
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 6: Create the Lenel User on page 75.)
17. When you double-click the Size field, the Edit Datafile window is displayed.
To continue changing the tablespace size:
a.
b.
Click [OK].
b.
Click [Finish].
b.
revision 1 73
Click the Start button, then select Programs > Oracle OraDB11g_home1> Configuration and Migration Tools > Net
Configuration Assistant. This launches the Net Configuration Assistant.
2.
3.
4.
5.
6.
7.
a.
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
Select the Use the standard port number of 1521 radio option.
b.
Click [Next].
b.
Click [Next].
8.
9.
b.
Click [Next].
b.
c.
d.
Click [Next].
74 revision 1
Click the Start button, then select Programs > Oracle OraDB11g_home1> Configuration and Migration Tools > Net
Configuration Assistant. This launches the Net Configuration Assistant.
2.
3.
4.
a.
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
5.
6.
Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 72.)
b.
Click [OK].
7.
8.
9.
a.
b.
Click [Next].
b.
Click [Next].
c.
Click [Next].
d.
Click [Finish].
revision 1 75
Oracle server, you may perform a custom install of the Oracle Client
software and select the Enterprise Manager 11g Java Console.
1.
Click the Windows Start button, then select Programs > Oracle OraDB11g_home1 > Application Development > SQLPlus Worksheet.
2.
Important:
a.
Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 73.)
b.
c.
Click [Close].
3.
Verify Oracle connects properly. You should see Connected in the display
box.
4.
Note:
Note:
a.
Select the File > Open menu option. The script loads into Oracle
SQLPlus Worksheet.
b.
c.
Select LenelUser.ora.
If the file is not displayed, type *.ora in the Filename field and click
[Open].
d.
5.
Verify there were no errors. You should see the following text:
User created.
Grant succeeded.
Commit complete.
76 revision 1
Create a new Oracle user with Windows authentication credentials for single
sign-on.
revision 1 77
78 revision 1
Chapter 8:
Important:
If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.
If installing the 64-bit version of Oracle you must also install the 32-bit
version of the client tools or OnGuard will not work properly.
1.
Insert the Oracle 11g Client disc in your disc drive. This will launch the
Autorun program. Alternately you may launch the installation by executing
the setup.exe file on the disc.
2.
3.
4.
5.
6.
a.
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
b.
Click [Next].
7.
Review the summary and click [Install]. The installation process may take
several minutes or more depending on your system resources.
8.
9.
revision 1 79
80 revision 1
OnGuard
Installation and
Configuration
Chapter 9:
2.
Install the components that are needed from the prerequisites section:
Microsoft .NET Framework 3.5 SP1 - Required for some applications to work
correctly. While installed automatically during the OnGuard installation some
systems have shown that installing it beforehand increases the speed of the OnGuard
installation significantly.
3.
4.
Note:
Installation Procedures
Install the OnGuard 2010 Enterprise Software
1.
Insert the OnGuard 2010 Enterprise disc into a disc drive on a computer
running the Windows operating system.
2.
If auto-run is enabled, simply click the [Install Now] button. If not, click the
Start button, then select Run. In the dialog box, browse to the disc and select
revision 1 83
setup.exe from the disc drive. Alternatively, you can navigate to the disc
manually and then run setup.exe.
3.
The Microsoft .NET Framework 3.5 SP1 installation wizard begins. Click
[Install] to begin installation. Microsoft .NET Framework 3.5 SP1 must be
installed for some OnGuard features to work correctly.
4.
When prompted, read the Software License Agreement. If you agree to its
terms:
5.
6.
a.
b.
If you want to install the typical installation features which are preselected in the setup program, select the Typical System radio button..
Choose the database option that best describes how the database will be
installed and configured. Before selecting an option, check the system's
database configuration and verify that you are not installing or reinstalling a
database that your system does not require. If you are unsure of your
system's database configuration contact the System Administrator. Installing
or reinstalling a database incorrectly can cause your system to work
improperly. The choices for database configurations are:
New SQL Server Express - select this option if you would like the
installation process to automatically install SQL Server Express and
configure a database.
Oracle Server - select this option if your system already has an Oracle
database installed or if a database will be manually created after the
installation process.
Notes:
84 revision 1
Demo System - select this option if you would like the installation
process to automatically install SQL Server Express and configure a
demo server and database.
SQL Server 2008 Express Edition can be installed automatically during the
OnGuard installation process. During the installation process you may install
SQL Server 2008 Express by selecting the New SQL Server Express or
Demo System option. If you plan to use SQL Server 2008 Express Edition
then it is highly recommended that you install it automatically with one of
these options. If a non-default instance of SQL Server 2008 Express Edition
is already installed, a warning message appears asking to verify your choice.
Installing or reinstalling a database incorrectly can cause your system to
work improperly.
7.
Click [Next].
8.
Notes:
Accept the default location of the License Server or click [Browse] and
specify a different location.
In the Port field, enter the number of the port to be used for access
control system communication. It is recommended that you accept the
default value of 8189.
If you accept the default port setting of 8189, it is written into the ACS.INI
file. If you want to enter a port setting other than 8189, it is written into both
the ACS.INI file AND the
OnGuard\LicenseServerConfig\Server.Properties file. This file will
only be created during the install if the port setting is changed. If you want to
change the port setting in the ACS.INI file after the installation (either to a
new setting or back to 8189), then you must also change it in the
Server.Properties file.
To make changes in the ACS.INI file on a Windows Vista or Windows 7 computer
you must right-click on the ACS.INI file and run it as The Administrator.
9.
Notes:
The Custom Setup window will be displayed. Select the access control
system features you wish to have installed.
Click the name of a feature on the left to display its description on the right.
Below the Feature Description the disk space requirements of the selected
feature are displayed.
10. Click the icon to the left of a feature to display a popup menu of installation
choices for that feature. Click [Next].
11. Click [Install] to begin the installation.
12. A check is performed behind-the-scenes to determine if a language pack is
installed. If an old language pack is installed, the following message is
displayed:
revision 1 85
If you wish to cancel the installation and remove the language pack by
yourself, click [Cancel].
If you wish to remove the language pack and continue the installation,
click [Remove & Continue].
13. After Windows configures OnGuard, the status and progress bar will be
updated.
Important:
page 88.
If you are using a software license you do not need to configure a hardware key nor
must you install Sentinel drivers. For more information, refer to Install Your
86 revision 1
You must install the driver for the hardware key BEFORE attaching the USB
hardware key to the computer.
2.
3.
Install the SafeNet USB hardware key driver by doing the following:
a.
Navigate to the SafeNet directory on the Supplemental disc and then doubleclick the .exe file. This can be found by navigating through the following
folders on the supplemental disc: /License Key Drivers/SafeNet.
b.
c.
d.
The wizard continues, and the Setup Type window opens. Select the
Custom radio button, and then click [Next].
e.
The Custom Setup window opens. Make sure only the Parallel Driver
and the USB System Driver get installed. You do not need to install any
of the Sentinel Servers or Sentinel Security Runtime. Click on Sentinel
Protection Server, Sentinel Keys Server, and Sentinel Security Runtime
and select, This feature will not be available. [Click Next].
f.
Click [Install].
g.
b.
c.
Configure Authentication
An authentication method with the database must be configured for browserbased applications to work properly. Create an account in both Windows and the
database system for use with single sign-on authentication. For more
information, refer to Chapter 10: Database Authentication for Web Applications
on page 93.
revision 1 87
Important:
The Security Utility also needs to be run whenever any update to the
operating system takes place.
Click Start > Programs > OnGuard 2010 > Security Utility.
2.
3.
4.
88 revision 1
Make sure that the License Server is running. The License Server must be
run wherever you wish to use License Administration.
2.
Click the Windows Start button, then select Programs > OnGuard 2010 >
License Administration. If your browser has JavaScript support enabled, a
new window will open with the License Administration application in it.
Otherwise, follow the directions in the browsers window and click the
hyperlink to continue. The License Administration application will then
open in the same browser window. You must have cookie support enabled
for this to work.
Note:
3.
In the Username field, type a valid username. When logging in for the first
time, the Username is admin.
4.
5.
revision 1 89
Note:
After logging in for the first time, you are strongly encouraged to modify the
default username and password as soon as possible to discourage
unauthorized use.
6.
The first time you log in you are strongly encouraged to change the
password. To do this, click the Change Your Password hyperlink.
7.
The Administrator Properties page is displayed. You can change the user
name, password, or both. This user name and password is only used for the
License Administration application.
a.
To change the user name, enter a new value in the Username field.
b.
c.
If you are changing the password, you must reenter the password in the
Confirm Password field.
d.
2.
3.
4.
90 revision 1
a.
To change the user name, enter a new value in the Username field.
b.
c.
If you are changing the password, you must reenter the password in the
Confirm Password field.
Obtain a new license file from Lenel. Be sure that you know where the
license file is saved, as you will need to know the location to successfully
install the license.
2.
3.
4.
5.
6.
In the License file field, enter the name and location of the file containing
the license that you want to install. You can use [Browse] to locate the file.
7.
Click [Next].
8.
View the license and make sure that it is the correct license.
9.
Scroll down to the bottom of the window and click [Next]. If the license is
not the correct license, click [Back] to go back and choose another license
file.
10. Read the terms of the license agreement and select the Yes radio button if
you agree with the terms of the license.
11. Click [Finish].
The license will be installed. The entry that is displayed in the Installed Licenses
drop-down listbox indicates the name of the product that the license controls, and
will be updated to include the new license.
Important:
revision 1 91
92 revision 1
1.
Click the Windows Start button, then select Programs > OnGuard 2010 >
Database Setup.
2.
If upgrading the database, the Choose Task window opens. Select the action
you would like to perform. Click [Continue]. The choices include:
Add/remove missing system data for current build - If you feel that you are
missing system data, selecting this will add information back into the build.
Compare database schema [no data] - Checks to see if the schema has
changed. This does not compare data. This would be useful to run before
upgrading to see if any schema changes have occurred, though it is not
necessary.
3.
4.
A Database Setup Progress window opens that states which database you are
upgrading to which version. You must select [Execute] to continue.
5.
The database will install. If upgrading the database, the system will be
checked for anomalies. Anomalies are database features that are unknown to
OnGuard and can include custom tables, triggers, stored procedures, etc. Not
all users will encounter anomalies. When prompted to take action on
anomalies, the items listed should be familiar to the person performing the
upgrade. Select all items that you know should exist and click [Continue].
Failure to select known anomalies may result in the failure of custom
functionality.
6.
When the database setup has been completed successfully you will receive a
message telling you that to use the OnGuard web applications you will need
to run the Form Translator Utility. If you plan on running the browser-based
applications click [Yes]. Otherwise, click [No].
7.
2.
Note:
revision 1 93
Click the Windows Start button, then select Programs > Microsoft SQL
Server 2008 > SQL Server Management Studio. This launches the SQL
Server Management Studio.
2.
In the Object Explorer pane of the SQL Server Management Studio, expand
the Security folder.
3.
4.
5.
6.
a.
In the Login name field, type server-name\username, where servername is the name of the server and username is the name of the
Windows user.
b.
Click [Search] to launch the Select User or Group dialog. This dialog is used
to verify that the Login name is correct.
a.
In the Enter the object name to select text box, enter the user name.
b.
c.
Click [OK].
b.
c.
db_owner
public
Click [OK].
2.
94 revision 1
If you do not want to use Windows authentication you can also store the
Lenel credentials in the Web.config file. For more information, refer to
Provide Credentials in the Protected File on page 98.
2.
Find the <system.web> line and add the following line below it:
<identity impersonate=true />
3.
Find the <add key=reportDSN ... > line and verify that the value
is equal to the DSN name for connection to the database.
4.
5.
6.
7.
2.
3.
4.
5.
6.
a.
b.
c.
Click [OK].
d.
Click [OK].
b.
Click [OK].
revision 1 95
Note:
2.
3.
4.
5.
6.
2.
3.
4.
On the Delegation tab, select the Trust this computer for delegation to
specified services only radio button.
Note:
96 revision 1
5.
6.
Click [Add], and add the service running the database. For example, the
mssqlserver service and the computer name running the database server.
7.
Click [OK].
Restart IIS
After completing the above steps for configuring reports for Area Access
Manager (Browser-based Client), restart IIS.
1.
2.
Right-click Internet Information Services and select All Tasks > Restart
IIS.
Click the Windows Start button, then select Programs > Oracle (this may
be different depending on your installation) > Application Development
> SQLPlus Worksheet.
2.
Important:
3.
Important:
Type or paste (with modifications) the following script into the worksheet:
Modifications must be made in two places that the string
OPS$DOMAIN\DOMAINUSER is found. Replace both instances of
DOMAIN with the name of the domain and DOMAINUSER with the name
of a user that will be logged in to Windows when Database Setup is run. You
must make sure that your DOMAINUSER and DOMAIN are both entirely
in uppercase letters or you may encounter problems accessing certain
applications.
revision 1 97
5.
6.
SQLNET.AUTHENTICATION_SERVICES=(NTS)
2.
98 revision 1
Important:
Important:
Application.config
The application.config file can be used to store the Lenel user credentials for
access to the database when Windows authentication is not used. This is not the
recommended configuration, however with ACL the login credentials can be
secured. The user account that runs the LS Application Server service must have
read permission for the file.
Web.config
The Web.config file contains user credentials only if reports are generated from
the browser-based Area Access Manager and Windows authentication is not
being used.
Read permission must be configured for the account running the Web Service.
This is the ASPNET account if running IIS 5.0 or the account configured as the
Identity for the application pool that it is in if running IIS 6.0.
revision 1 99
Note:
For information on storing Lenel user credentials for Crystal Reports, see
Browser-based Reports on page 108.
1.
2.
3.
On the same line, change the Integrated Security value to: Integrated
Security=No;
4.
Oracle Users
Oracle users must also edit the sqlnet.ora file to specify the authentication
method.
1.
2.
100 revision 1
Note:
If you are using Windows authentication this procedure is not necessary for
browser-based reports.
1.
2.
Find the <add key=reportDSN ... > line and verify that the value
is equal to the DSN name for connection to the database.
3.
If you are using SQL with a different database name, edit the value to
equal the name of the SQL database.
If you are using Oracle, the reportDatabase key is not required should
not be specified. Remove <Server Name>lenel from the value and
set it equal to .
4.
5.
6.
The user that the Web Application Service is running under needs
permission to create and delete files from the directory set in the
reportTemporaryFilePath line.
7.
a.
Find the following line and either leave the default path or type a
different directory location: <add
key=reportTemporaryFilePath
value=C:\Temp\LnlWebServiceReports\></add>
b.
c.
Grant permission to create and delete files in the directory to the user
that the Web Application Service is running under.
revision 1 101
102 revision 1
The OnGuard server must have port 80 open for client connections.
revision 1 103
The Form Translator utility must be run after the Web Application Server is
installed. The Web Application Server enables the browser-based applications to
be run.
Note:
Form Translator must also be run after forms are modified using
FormsDesigner. Form Translator is only installed on the server. If you are
editing forms from a client, you must run Form Translator on the server for
the browser-based and smart client-based applications to continue to
function properly.
2.
Run Lnl.Tools.FormTranslator.exe.
3.
Log into Form Translator. Enter in the OnGuard sa login information for
the fields, which include User Name, Password, and Directory. Click [OK].
If Form Translator happens to fail simply follow these instructions again and
consult your Lenel representative.
104 revision 1
Default IIS directories and permissions are used. Consult your system
administrator to ensure that your security requirements are met. For more
information, refer to Creating Virtual Directories on page 105.
Use of SSL to ensure security across the network when using browser-based
applications is highly recommended. Refer to IIS documentation for additional
IIS and SSL configuration if desired. Once SSL has been configured, several files
must be updated with the new URL. For more information, refer to Configure
SSL on page 106.
2.
3.
4.
5.
6.
2.
3.
From the listing window, select ASP.NET v2.0 and click [Allow].
revision 1 105
Configure SSL
Refer to IIS documentation for SSL configuration instructions. Once SSL has
been configured with IIS, URLs need to be changed from http to https.
Specifically, follow the procedures for updating the following files:
Updating the Preferences.js File for SSL on page 108
Configuring the Services.config File on page 115
Configuring the FlexApplicationConfiguration.xml File on page 116
Configuring the SilverlightApplicationConfiguration.xml File on page 116
Configuring the ClickOnce Files on page 116
Default IIS directories and permissions are used. Consult your system
administrator to ensure that your security requirements are met. For more
information, refer to Creating Virtual Directories on page 105.
Use of SSL to ensure security across the network when using browser-based
applications is highly recommended. Refer to IIS documentation for additional
IIS and SSL configuration if desired. Once SSL has been configured, several files
must be updated with the new URL. For more information, refer to Configure
SSL on page 106.
106 revision 1
2.
In the Computer Management tree, expand Roles > Web Server (IIS) >
Internet Information Services.
3.
On The Internet Information Services (IIS) Manager window, expand Sites >
Default Web Site and click lnl.og.web.
4.
Make sure that the ASP.NET version is set to 2.0 which it should be by
default. To check:
a.
b.
Configure SSL
Refer to IIS documentation for SSL configuration instructions. Once SSL has
been configured with IIS, URLs need to be changed from http to https.
Specifically, follow the procedures for updating the following files:
Updating the Preferences.js File for SSL on page 108
Configuring the Services.config File on page 115
Configuring the FlexApplicationConfiguration.xml File on page 116
Configuring the SilverlightApplicationConfiguration.xml File on page 116
Configuring the ClickOnce Files on page 116
revision 1 107
Authentication
An authentication method with the database must be configured for browserbased applications to work properly. Create an account in both Windows and the
database system for use with single sign-on authentication. For more
information, refer to Database Authentication for Web Applications on page 93.
Open the Windows services from Control Panel > Administrative Tools >
Services.
2.
Locate the LS Application Server service in the list. Right-click the service
and select Properties.
3.
4.
Type the user name of the Windows account in the Enter the object name
to select text box and click [Check Names].
5.
Click [OK] to exit the Select User dialog and [OK] to save the changes to the
LS Application Server properties.
2.
Browser-based Reports
Area Access Manager has the ability to generate reports with a browser-based
client. Additional configuration steps are necessary to enable reports in Internet
Explorer:
Crystal .NET Components must be installed on the Web Application Server.
108 revision 1
Additional steps are required for Crystal Reports to access the database. Either NT
authentication must be configured or the Lenel user credentials must be stored in the
Web.config file and protected with security. For more information, refer to Configure Authentication for Reports in Area Access Manager on page 100.
By default, the Reports option is hidden from the browser-based Area Access Manager. The Preferences.js file must be edited to show the Reports button.
The IIS user must be able to access the temp folder (typically C:\Windows\temp).
Oracle users must grant full control of the Oracle folder to the user running the Web
Service.
2.
3.
revision 1 109
2.
3.
On the Security tab, select the user that runs the Web Service from the
Group or user names list.
4.
In the Permissions list, select the check box to allow Full Control to the
user.
5.
Click [Advanced].
6.
Select the Replace permission entries on all child objects with entries
shown here that apply to child objects check box.
7.
Click [Apply].
110 revision 1
1.
2.
3.
Select a workstation in the Configuration Download Service host dropdown box or browse for one in the system.
Client Configuration
Additional configuration steps are necessary for browser-based applications on
the client.
revision 1 111
2.
3.
Type the URL for the OnGuard server that the Web site is hosted on.
b.
Click [Add].
c.
Click [Close].
4.
5.
Locate the following settings in the list and verify that they are set
correctly:
Item
Setting
Enable
Enable
Prompt
Enable
b.
Click [OK].
6.
On the Advanced tab, select Multimedia > Play animations in web pages.
7.
112 revision 1
workstation that will use single sign-on authentication to connect to the browserbased applications. Additional steps must be performed on the server.
1.
2.
On the Security tab, select the Trusted Sites icon and click [Sites...].
3.
In the Add this Web site to the zone field, enter the domain name of
the Web application server.
b.
Click [Add].
c.
Click [Close].
4.
5.
Note:
Set the User Authentication > Logon setting to Automatic logon with
current username and password.
Using Windows to store a username and password for the application will
override the Automatic logon with current username and password
setting in Internet Explorer.
b.
6.
Click [OK].
Click [OK].
Application
URL
http://<server name>/lnl.og.web/
lnl_og_aam.aspx
VideoViewer
http://<server name>/lnl.og.web/
lnl_og_videoviewer.aspx
Visitor Management
Host
http://<server name>/IdvmHost
Or, if manual sign-on is being used:
http://<server-name>/idvmhost/
?useAutomaticSSO=false
revision 1 113
Application
URL
Visitor Management
Administration
http://<server name>/AdminApp
Note:
Accessing ClickOnce
If you are using ClickOnce for Visitor Management Front Desk or Kiosk, the
following URLs are also needed.
Application
URL
http://<server name>/FrontDeskClickOnce
ClickOnce Kiosk
http://<server name>/KioskClickOnce
Create Bookmarks
Create favorites in Internet Explorer or shortcuts in the Start menu to enable users
to easily access the browser-enabled applications.
114 revision 1
Using SSL
After installing the Web Application Server through a custom installation,
additional configuration is needed to use SSL.
If you do not plan to use SSL, then you do not have to perform this procedure.
1.
Navigate to C:\Inetpub\wwwroot\lnl.og.services\IdvmWebHost.
2.
Security policy
File
No transport security,
Windows Authentication not
required
HttpServices.config
HttpsServices.config
HttpsWithWindowsAuthenticationServi
ces.config
No transport security,
Windows Authentication
required
HttpWithWindowsAuthenticationServic
es.config
3.
a.
b.
revision 1 115
2.
3.
4.
2.
3.
4.
Additional changes need to be made to the Front Desk and Kiosk ClickOnce files
(serviceModelClient.config.deploy) to use SSL. For more information, refer to
ClickOnce Setup on page 117.
Prerequisites
Before using ClickOnce, make sure the computer has Microsoft .NET
Framework 3.5 with Service Pack 1.
Additionally, the Kiosk requires Windows XP and the Touch-It Virtual Keyboard
software.
Note:
116 revision 1
ClickOnce Setup
To utilize ClickOnce, OnGuard must first be installed on the server. Doing so will install a
folder, FrontDeskClickOnce for Front Desk, or KioskClickOnce for the Kiosk, with
the required files. In most typical installations, the folder will be
C:\Inetpub\wwwroot\FrontDeskClickOnce or
C:\Inetpub\wwwroot\KioskClickOnce.
Methods of Deployment
One option for deployment is to make it available through a shared network location. To
do this, move the ClickOnce directory to the appropriate location on your network.
Another option is to deploy through the server. With this method, the application
can be installed on the computer by accessing the files with a browser.
Server Name
The name of the server is usually configured during the installation process. However, if
you wish to change it, this can be done in the serviceModelClient.config.deploy file. This
is located in C:\inetpub\wwwroot\FrontDeskClickOnce\config for Front Desk or
C:\inetpub\wwwroot\KioskClickOnce\config for Kiosk.
revision 1 117
Using SSL
The configuration files will also need to be changed when using SSL.
1.
2.
3.
Comment markers <!-- and --> are used to indicate a portion of the
code that will be ignored.
Comment out the endpoint address section of code for http by surrounding it
with comment markers.
a.
b.
4.
5.
Remove the comment markers <!-- and --> surrounding that section to
enable the code.
6.
Installation
Once the ClickOnce deployment site has been created and configured, it is possible to
install the application.
Installing the Application via Network
118 revision 1
1.
2.
3.
4.
Click [Install].
Note:
1.
2.
Click [Install].
1.
2.
3.
1.
2.
revision 1 119
1.
2.
3.
4.
5.
Comment markers <!-- and --> are used to indicate a portion of the
code that will be ignored.
Comment out the endpoint address section of code for http by surrounding it
with comment markers.
a.
b.
6.
7.
Remove the comment markers <!-- and --> surrounding that section to
enable the code.
8.
9.
Install the application. After doing so, you should be able to log in and use the
application.
Note:
120 revision 1
For more information about configuring the system, refer to the Visitor
Management Front Desk and Visitor Administration User Guides.
2.
Stop Replicator and all OnGuard services on the Master and Regional Server
Nodes.
If the release note instructions or installation procedure for the hot fix
prompts you to back up your database, proceed to do so to both prevent data
loss and verify the integrity of the backup. Refer to Database Backup and
Restoration in the Installation Guide for more information.
2.
2.
Verify that the LS License Server and LS Login Driver services are started.
3.
Run Database Setup on the Master Server to update the database (unless not
required, per the specifications of the Hot Fix notes).
4.
revision 1 121
2.
Verify that the LS License Server and LS Login Driver services are started.
3.
Run Database Setup on the Regional Server Nodes to update the databases
(unless not required, per the specifications of the Hot Fix notes).
4.
122 revision 1
You will now be prompted to perform a full download if the hot fix has been
applied. Depending on the hot fix, a full download may be required.
Master
Segment 1
Segment 2
Segment 3
Regional
Server 1
Regional
Server 1-1
Segment 4
Regional
Server 2
Regional
Server 1-2
Regional
Server 2-1
Regional
Server 2-2
Segment 5
revision 1 123
Enterprise Configuration
Single Segment: If you log into a single segment, whether it is the Master
Server Node or an Regional Server Node, you will see only the information
for that particular segment.
Segment Group: If you log into a segment group, you will see only the
information for the segments that make up that particular segment group.
Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2.
3.
Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.
Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 67.
124 revision 1
b.
Attach the hardware key on the OnGuard License Server computer. For
more information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.
c.
Install the software license for this computer. For more information,
refer to the Installation Guide.
d.
Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.
You are now ready to configure the Master Server Node database. To do this:
Note:
1.
Start and log into Replication Administration on the Master Server Node.
2.
When you log into Replication Administration for the first time, it detects
that you have a standard database. The following message is displayed.
Click [Yes].
3.
a.
b.
In the Enterprise server display name field, you may specify a userfriendly name for the server node.
c.
Each Enterprise system must have one instance of the ID Allocation Service
running. It is highly recommended to run the ID Allocation Service on a
Master Server, Distributed ID Master Server, or Master Server-level client.
The ID Allocation Service will only function if the ACS.INI file on the
computer running the service is pointed to the Master Server.
d.
revision 1 125
Enterprise Configuration
Note:
If you specified a failover name for the Master Server Node in the
fault tolerance/disaster recovery solution, then you will need to
select the This server uses a virtual server name checkbox and
enter the failover name used to identify the Master Server Node in
the fault tolerance/disaster recovery system rather than the actual
machine name.
You can modify this value after the Master has been created by clicking
Enterprise Server Configuration in Available Views after selecting the
Master Server Node in the System Tree.
e.
126 revision 1
Click [OK].
4.
5.
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.
6.
If your database does not contain any data, skip ahead to step 7. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.
7.
revision 1 127
Enterprise Configuration
If you want to configure (add) several access panels, use the Configure
Access Panels Wizard which is available by selecting Wizards from the
Application menu in System Administration. The wizard provides detailed
instructions to guide you through the configuration process.
If you want to configure (add) several readers, use the Configure Readers
Wizard which is available by selecting Wizards from the Application menu
in System Administration. The wizard provides detailed instructions to guide
you through the configuration process. The wizard cannot be used to add
biometric or wireless readers.
Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2.
3.
Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.
Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 67.
128 revision 1
b.
Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.
c.
Install the software license for this computer. For more information,
refer to the Installation Guide.
d.
Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.
You are now ready to configure the Regional Server Node database. To do this:
Note:
1.
2.
When you log into Replication Administration for the first time, it detects
that you have a standard database. The following message is displayed.
Click [Yes].
3.
a.
b.
In the Regional Server Node Name field, you may specify a userfriendly name for the server node.
c.
Each Enterprise system must have one instance of the ID Allocation Service
running. It is highly recommended to run the ID Allocation Service on a
Master Server, Distributed ID Master Server, or Master Server-level client.
The ID Allocation Service will only function if the ACS.INI file on the
computer running the service is pointed to the Master Server.
d.
revision 1 129
Enterprise Configuration
Note:
e.
Note:
If you specified a failover name for the Regional Server Node in the
fault tolerance/disaster recovery system, then you will need to
select the This server uses a virtual server name checkbox and
enter the failover name used to identify the Regional Server Node
in the fault tolerance/disaster recovery system rather than the actual
machine name.
You can modify this value after the Regional Server Node has been created
by clicking Enterprise Server Configuration in Available Views after
selecting the Regional Server Node in the System Tree.
f.
130 revision 1
In the Parent server workstation name field, specify the name of the
Regional Server Node that this node is the child of.
Note:
When the parent server is running an Oracle database, the Parent server
workstation name field must be set to the Oracle Service Name (SID
Service Name).
g.
In the ODBC Data Source to parent server field, specify the ODBC
Data Source. This will be used by Replicator to move data between
nodes.
h.
i.
Click [OK].
4.
5.
6.
revision 1 131
Enterprise Configuration
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.
132 revision 1
7.
If your database does not contain any data, skip ahead to step 8. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.
8.
over time. New pre-allocated IDs may be obtained at ANY time after the
Regional Server Node is configured.
9.
Click [Allocate New IDs Now] when you are ready to continue.
Download all cardholders to the new Regional Server Node. For more
information, refer to Download All Cardholders to the New Regional Server
Node on page 133.
2.
3.
Make sure to perform all necessary maintenance on a regular basis. For more
information, refer to Chapter 18: Enterprise System Administration on
page 165.
revision 1 133
Enterprise Configuration
initial download. Lenels strategy for this makes use of the Default Access
Group assignment for Badge Types. This allows you to assign default access
levels on a per Badge Type basis for badges that are manually entered at the
Regional Server Node as well as for badges which are added elsewhere in the
Enterprise system and downloaded via the Replicator application.
If you wish to automatically assign access levels when downloading new badges
(see the appropriate manuals or help files for more information on how to
perform these tasks):
1.
2.
On the Access Groups page, add groups which group the levels you need to
assign to each Badge Type. It is recommended that you use segment-wide
(<All Segments - [master display name] - Recursive>) groups for this
purpose, which will serve you better should you decide to further segment
the system at a Regional Server Node.
3.
On the Badge Type page, modify each Badge Type and select the Default
Access Group that you wish to automatically assign to the Badge Type.
When you are ready to download all cardholders to your Regional Server Node:
1.
2.
Start the Replicator application by clicking Start > Programs > OnGuard
2010 > Replicator (see the Replicator User Guide or online help for more
information on this application).
3.
4.
5.
6.
If you have default access groups for badge types and wish to automatically
assign them at this time, make sure the Add default access group when a
badge is added is checked.
7.
134 revision 1
The ACS.INI file is a control file that sits on each computer that runs ANY
OnGuard software. This can be a client or a server. The ACS.INI file is located
within the Windows directory on a computer. In Windows XP, this directory is
often [Drive]:\\WINDOWS. Substitute the letter of the hard drive that Windows
is installed on for [Drive].
There are many sections within the ACS.INI file. Each section is denoted within
the file by the following syntax:
[Section]
The settings that relate to the Replicator are found within the Distributed
Exchange section in the ACS.INI file. They are:
Component (key)
name
Default value
Description
CheckInterval
180
LastChecked
<Date Set by
Replicator>
revision 1 135
Enterprise Configuration
136 revision 1
Run manually.
Downloads may be full (everything) or incremental (only the changes since the
last download).
A Distributed ID Management consists of a Distributed ID Master Server, as well
as one or more Distributed ID/Mobile Stations. In this configuration if access
control is being used, it is contained in the Distributed ID Master database.
Distributed ID/Mobile Stations are used only for adding, modifying, and deleting
cardholder information (cardholder, badges, access level assignments, and
multimedia capture). They can optionally print badges as well.
The following diagram illustrates a typical Distributed ID Management
configuration:
Distributed ID Management System
Database
Master
Database
Database
Mobile Station 1
Mobile Station 2
Key:
Upload/Download, Wired or Wireless Network Connections
revision 1 137
Must use ID controls to prevent duplicate IDs with the Distributed ID Master
Server and all other Distributed ID/Mobile Stations.
Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root of the OnGuard 2010
Enterprise disc.
2.
3.
138 revision 1
Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.
Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 67.
b.
Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
Install the software license for this computer. For more information,
refer to the Installation Guide.
d.
Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.
4.
5.
Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root of the OnGuard 2010
Enterprise disc.
2.
3.
Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.
Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 67.
4.
b.
Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.
c.
Install the software license for this computer. For more information,
refer to the Installation Guide.
d.
Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.
Configure the Distributed ID/Mobile Station database and perform the initial
configuration and synchronization. This includes designating the server as a
Distributed ID/Mobile Station using Replication Administration, and preallocating a set number of Cardholder IDs and Badge IDs (if using automatic
revision 1 139
2.
140 revision 1
1.
2.
When you log into Replication Administration for the first time, it will detect
that you have a standard database. A message will prompt you to decide
whether you want to make the system a Distributed ID Server. Click [Yes].
3.
4.
Click [OK].
5.
6.
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.
7.
If your database does not contain any data, skip ahead to step 8. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.
8.
2.
ID CredentialCenter
Database Setup
Login Driver
Replicator
Replication Administration
Documentation
After the installation is complete and the computer has been rebooted, open
the ID CredentialCenter program. Configuring a Distributed ID/Mobile
revision 1 141
Station requires that no cardholder data exists, so you must delete the default
record in the database. To do this:
a.
b.
Click [Search], then [OK]. There should be only one sample record
for Lisa Lake. If this is not true, something is wrong with your
installation!
c.
3.
4.
When you log into Replication Administration for the first time, it will detect
that you have a standard database. A message will prompt you to decide
whether you want to make the system a Distributed ID Server. Click [Yes].
5.
a.
142 revision 1
3) For ODBC Data Source Name, type a name for the DSN. The
recommended name is LenelMaster.
4) Select the correct Database Type for the master database server. If
its SQL Server, type the computer name of the server, or click
[Browse] to select a server.
5) Click [OK].
Note:
b.
c.
d.
e.
f.
g.
You can modify this value after the station has been created on the Enterprise
Server Configuration form. The Enterprise Server Configuration form is
displayed by clicking it beneath the station in the System Tree.
h.
i.
Click [OK].
6.
7.
8.
revision 1 143
naming scheme and you wish to proceed using the current database name,
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.
9.
If your database does not contain any data, skip ahead to step 10. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.
10. The Pre-Allocated ID Ranges form is displayed. This allows you to adjust
the amount of pre-allocated IDs for each record type that you wish to grab
for the region initially. You can also adjust the Low Water Mark, which is
the amount of remaining IDs below which new IDs will automatically be
grabbed again. There is normally no need to change these default settings;
however you may wish to adjust the number of Cardholder and Badge IDs
you wish to allocate depending on how many new Cardholders/Badges you
expect to be added at the Distributed ID/Mobile Station over time. New pre-
144 revision 1
allocated IDs may be obtained at ANY time after the Distributed ID/Mobile
Station is configured.
11. Click [Allocate New IDs Now] when you are ready to continue.
12. The following message is displayed. Click [OK].
revision 1 145
146 revision 1
The strong password enforcement feature in OnGuard also checks the Lenel
database users password when logging into applications. Database user
passwords apply to SQL Server Express, SQL Server, and Oracle. For
information on changing your database password refer to Change the
Database Password on page 149.
The following table summarizes the OnGuard default accounts and passwords:
User
name
Password
How to change
the password
Default system
administrator account.
This is the account that
is used initially to log
into the main OnGuard
applications, such as
System
Administration.
SA
SA
For more
information,
refer to About
Accounts on
OnGuard database.
This is the actual
OnGuard SQL Server
Express, SQL Server,
or Oracle database.
LENEL
page 151.
MULTIMEDI
A
For more
information,
refer to Change
the Database
Password on
page 149.
License
Administration
account. This is the
account that is used
initially to log into the
License
Administration
application.
ADMI
N
ADMIN
For more
information,
refer to Install
Your OnGuard
License on
page 46.
For more
information,
refer to Install
Your OnGuard
License on
page 88.
revision 1 147
Password Standards
When creating a strong password keep the following guidelines in mind:
Note:
For Oracle databases the following account usernames and passwords are
not allowed to be used together:
System and Manager
Internal and Oracle
Sys and Change_On_Install
2.
Click [OK]. The registry will then be updated with the specified Login
Driver location, and the software will attempt to open the database again
using the password from this new login driver. If this is successful, you will
be allowed to log in. Otherwise, an error message will be displayed.
148 revision 1
Note:
1.
2.
3.
Click [Modify].
4.
Change the database password, and change the password in the Login
Driver manually later
Change both the database password and the Login Driver password at
once. If you choose this option, the password will be sent over the
network as plain text.
revision 1 149
b.
The
icon appears in the system tray. Right-click the icon, then select
Open.
c.
The Login Driver window opens. From the Edit menu, select Change
Password.
2.
3.
Click [Continue]. If you wish to change the password for a database server
account now, that is, LENEL, select the account from the list, then click
[Change Password].
a.
b.
c.
In the Confirm password field, type the new password again. Because
the password cant be seen while you type, this gives you an extra
assurance that you typed it correctly.
d.
Note:
e.
4.
150 revision 1
If the check box is selected, the password in the Login Driver will
be changed, but you will need to change the password manually on
the database server. For more information, refer to Change the
Lenel Account Password on page 150.
About Accounts
The System Administrator should create a unique account for each user of the
applications. The System Administrator can also, for each user, create a list of
permissions, which specifies precisely which screens, fields, and buttons the user
can access.
During initial installation of the application, default accounts are created. These
include:
User name
Password
Type
sa
sa
system account
admin
sample
user
sample
badge
sample
These are provided as samples. You may change the passwords and use the
accounts, or remove them. The exception to this is the system account, SA. By
definition this account has permission to do anything in the system. A user with
system access has unlimited access to the application. You cannot delete or
change the system account except to modify the password, which you are
strongly encouraged to do as soon as possible to discourage unauthorized use.
The first time you log into OnGuard to configure the application, you should log
in as SA and your password should be SA.
Change the system account password in the database using Database Setup.
2.
revision 1 151
with the following exception: in step 3 on page 150, select the system account
from the list (SA by default), then click [Change Password].
152 revision 1
1.
It is essential that you do NOT lose this password. If you do not have the
system administration password, you can potentially lose your entire
database since no one may gain access to the information.
2.
Write down the password and store in a secure place that wont get lost.
3.
4.
BE SURE to inform the customer that you have changed the system
password.
5.
Upgrading an
Enterprise System
2.
3.
4.
5.
Make sure that the Master and Regional Server Nodes have the latest
approved Windows service pack and Windows updates (see the release notes
for specifics). Upgrade any machines that do not. Refer to the release notes
for the versions of Windows that are supported. The release notes are located
on the root directory of the OnGuard 2010 Enterprise disc.
6.
On the Master and Regional Server Nodes, upgrade all databases to SQL
Server 2008 with the latest supported service pack as indicated by the release
notes.
7.
8.
9.
a.
b.
c.
d.
e.
Run the IntelligentVideo Database Upgrade Utility on any node that has an
IntelligentVideo Server configured on it. The tool is located in the Digital
Video > IntelligentVideo DB Upgrade folder on the Supplemental
revision 1 155
Materials disc. For more information, refer to the readme.htm file located in
the same directory.
10. When the Master Server Node and all Regional Server Nodes have the same
database version, start Replicator on all Regional Server Nodes.
11. Confirm that Replication is working using Replication Administration. For
more information, refer to the Replication Administration User Guide.
12. Perform a full download if upgrading a region from an OnGuard release
before version 6.0 to a version 6.0 or later. Otherwise a full download is not
required.
13. Run the Universal Time Conversion Utility. For more information, refer to
Appendix F: Universal Time Conversion Utility on page 191.
Once you upgrade OnGuard you are prompted to update your SQL Server
data sources to use SQL Server Native Client 10.0 drivers. If you choose not
to update your data sources automatically you will have to do so manually
before your system will function.
To upgrade OnGuard 2010 Enterprise, perform these steps in the order listed.
Important:
156 revision 1
1.
2.
start up. All services with the prefix LS and LPS should be shut down. Be
sure all OnGuard applications are closed on all workstations. Users should
not run any OnGuard applications during the installation process.
Back up every database before proceeding, and verify the integrity of the
backup. Refer to Database Backup and Restoration in the Installation
Guide for more information
revision 1 157
Note:
If you are using any custom .dll files you must back these up prior to
upgrading the OnGuard software. Back up the custom .dll files now.
Perform the following procedures first on the Master Server Node, then on all
Regional Server Nodes, and finally on all Mobile Stations:
1.
Install (upgrade) to the latest OnGuard build. If you are using a version pre5.11.216, you must first upgrade your master server node to 5.11.216, then
upgrade your regions to the same version. From there, you may proceed to
upgrade your master and then regions to 6.1.
2.
3.
4.
Insert the OnGuard 2010 Enterprise disc into a disc drive on a computer
running the Windows operating system.
2.
Click the Windows Start button. Click the Run... popup menu choice. In the
Run window, select setup.exe from the disc drive. Alternatively, you can run
setup.exe from Explorer.
3.
The Microsoft .NET Framework 3.5 SP1 installation wizard begins. Click
[Install] to begin installation. Microsoft .NET Framework 3.5 SP1 must be
installed for some OnGuard features to work correctly.
4.
When prompted, read the Software License Agreement. If you agree to its
terms:
a.
b.
5.
6.
A status meter will indicate the progress of the upgrade. Once the upgrade is
complete, click [Finish].
7.
Depending on the components that were installed, you may need to reboot
the computer. If you are prompted to do so, reboot the computer.
158 revision 1
Click the Windows Start button, navigate to Programs > OnGuard 2010
and select Database Setup.
2.
3.
b.
Click [Continue].
4.
When presented with the option to continue or exit, click [Exit] upon
successful completion.
5.
6.
Proceed to upgrade the Master Server Node database to the current version
of OnGuard Enterprise 2010, followed by upgrading the Regional Server
Nodes as well.
Click the Windows Start button, navigate to Programs > OnGuard 2010
and select Database Setup.
2.
3.
b.
Click [Continue].
4.
5.
Proceed to now upgrade your Regional Server Nodes to the current version,
and click [Exit] upon successful completion.
revision 1 159
Note:
Remember that the Master Server Node and all Regional Server Nodes must
be updated to OnGuard 2010 Enterprise and their databases must be
upgraded before proceeding.
6.
Run the IntelligentVideo Database Upgrade Utility on any node that has an
IntelligentVideo Server configured on it. The tool is located in the Digital
Video > IntelligentVideo DB Upgrade folder on the Supplemental
Materials disc. For more information, refer to the readme.htm file located in
the same directory.
2.
On the User DSN, System DSN, or File DSN tab select any SQL Server data
source used by OnGuard and click [Configure].
3.
Make note of the name, description, and server configurations of the data
source. Click [Cancel].
4.
5.
6.
Select the SQL Server Native Client 10.0 driver and click [Finish].
7.
Enter the name, description, and server as it was entered in the data source
you deleted and that you made note of in step 3. The name must be entered
exactly as it was or the data source will not work properly. Click [Next].
8.
Finish entering the configurations for the data source. When complete, click
[Finish].
9.
A summary of the data source will appear. Click [OK] to complete the
creation of the data source.
10. Repeat steps 1-9 for each SQL Server data source used by OnGuard on the
User DSN, System DSN, and File DSN tabs.
160 revision 1
1.
Verify that the Master Server Node and all Regional Server Nodes have the
same database version.
2.
Start Replicator on all Regional Server Nodes. To do this, click the Windows
Start button, navigate to Programs > OnGuard 2010, and select
Replicator.
revision 1 161
162 revision 1
Enterprise System
Administration
Warning
1.
2.
DO NOT RESTORE any Master, Regional Server, or Distributed ID database! This will
likely corrupt the entire multiple server Enterprise due to the interaction between each
database. DO NOT RESTORE any database without first contacting Lenel.
The administrator of the system must decide how often and at which time(s) each
of these tasks shall be performed. Some general points to keep in mind when
making these decisions are:
revision 1 165
166 revision 1
Check the results of backups. The results of your backup process should be
verified on a daily basis to ensure there is a current backup to use for disaster
recovery.
2.
Using the SQL Server Enterprise Manager, expand the Regional Server
Nodes database by clicking the + next to its name in the Server
Manager tree.
3.
You will see various output in the Messages display search for any
reported errors. For more information on the dbcc command, see SQL
Server Books Online.
Check the Size of the SQL Server database(s). On at least a weekly basis,
the size of the database should be monitored:
Using the SQL Server Enterprise Manager, expand the Regional Server
Nodes server by clicking the + next to its name in the Server
Manager tree.
Click on the Space Allocated hotlink menu item at the top of the right
window containing database information.
Verify that BOTH the database and the transaction logs are not growing
to unusual sizes. If these values are growing larger than what you
expect, this may indicate that replication may be failing or some other
serious problem may be occurring.
revision 1 167
Note:
The size of the log files can also be viewed on the Enterprise System
Diagnostic Tool form in Replication Administration, which is displayed by
selecting the Enterprise System Diagnostic Tool option from the
Administration menu.
4.
Run the Replication Administration program and log into the desired
database.
b.
Warning
168 revision 1
b.
Select the desired Regional Server Node in the Enterprise Tree, and
proceed to click Enterprise Transactions under Available Views.
c.
d.
Once you have addressed the failure, retry the transaction so that it
becomes a To do transaction and gets processed accordingly the next
time Replicator runs.
It is imperative that this task be done on a daily basis. If this task is neglected for even a
week, failed transactions could build up and will cause your Enterprise systems
performance to deteriorate.
2.
3.
4.
a.
Run the Replication Administration program and log into the Regional
Server Nodes database.
b.
Select the Regional Server Node in the Enterprise Tree, and proceed to
click Hardware Transactions in Available Views.
Make sure the timestamp of the next transaction for the Log Record
Transaction is not much older than the last time the Replicator
executed the Upload Events, User task. (This date is usually
about the same as or after the date the Replicator task last executed.
You can check the last time the Replicator executed the task by
clicking the Replicator Schedule tab.)
Make sure the timestamp of the next transaction for the Hardware
is not much older than the last time the Replicator executed the
Upload Events, User task. (This date is usually about the same as
or after the date the Replicator task last executed. You can check the
last time the Replicator executed the task by clicking the
Replicator Schedule tab.)
If you need information or details about what has occurred during Enterprise
operations, you can view the information in the following four text file logs:
Log name
Description
Replicator.log
ReplicatorSys.log
System download
ReplicatorUpDown.log
ReplicatorUpLog.log
5.
When everything is running fine, the above log files will continue to grow to
an infinitely large size. You should purge these files periodically to prevent
them from occupying too much space on your hard drive. After the files have
been purged, they will automatically be recreated.
revision 1 169
170 revision 1
Monthly
Check all text file log sizes under the installation directory logs folder and
purge as necessary
Monitor replication
Under Replication Schedule, check the start, end, and next start times to
make sure that Replicator is running normally
Under Hardware, check to make sure that the hardware, user, and event
are being updated every time Replicator runs
Under Enterprise, check all failed transactions and make sure that the
To-Dos are being replicated
Repair and maintain all failed transactions in a timely manner
Monthly
revision 1 171
172 revision 1
Check all text file log sizes under the installation directory logs folder and
purge as necessary
Appendices
Appendix A:
Note:
Click the Start button, then select All Programs > OnGuard 2010 >
Configuration Editor.
You must show hidden files and folders to see the application.config file.
2.
3.
Using Notepad to open the application.config file and edit the desired
settings.
revision 1 175
Note:
Note:
Note:
If using the Configuration Editor utility: These settings are found in the
ConnectionString section of the App Settings sub-tab. To change it, select
[Edit] next to the ConnectionString field.
Initial Catalog: This specifies the name of the database. If you installed
OnGuard, you specified this name during the installation. By default,
this is AccessControl.
If using the Configuration Editor utility: These settings are found in their
corresponding sections of the App Settings sub-tab. To change them, edit
their field text.
SchemaOwner: The default is dbo for SQL, and Lenel for Oracle.
If using the Configuration Editor utility: The Error Log settings are found on
the Listeners sub-tab. To edit them, edit their corresponding field text.
Filename: Specifies the filename where the log messages are written.
176 revision 1
Text is used for logs that need more details including a stack trace
(usually for error messages).
Error specifies that only errors will be written to the log file
4.
Save and close the application.config file. To save using the Configuration
Editor utility, navigate to File > Save.
ConnectionString
ConnectionString is used to point to the correct database location. There must be
only one uncommented ConnectionString entry in the application.config file.
By default, the line looks like this:
<add key=ConnectionString value=Data
Source=COMPUTER1-DT; Integrated Security=SSPI; Initial
Catalog=AccessControl></add>
The parameters for ConnectionString include the following:
Data Source
Data Source specifies the name of the computer that hosts the database. If the
database resides on the same computer where Database Setup will be run from
you can use the name of your computer.
Integrated Security
Integrated Security specifies how to authenticate with the database. This is done
by indicating integrated authentication or by providing credentials.
For SQL Server users to use integrated authentication (single sign-on), the
Integrated Security setting should be the following:
Integrated Security=SSPI
For Oracle users to use integrated authentication (single sign-on), the Integrated
Security setting should be the following:
revision 1 177
Integrated Security=True
If Lenel credentials for authentication with the database are stored in the
application.config file then Integrated Security should be set to No. You must
also specify the user name and password. In this case, the modified
ConnectionString line would resemble the following:
<add key=ConnectionString value=Data Source=COMPUTER1-DT;
Integrated Security=No; User ID=LENEL; Password=<password>; Initial
Catalog=AccessControl></add>
Substitute the Lenel user password for <password>.
Initial Catalog
Initial Catalog is the name of the database. If you installed OnGuard, you
specified this name during the installation. By default, this is AccessControl.
DatabaseType
The Database Type specifies the type of database that will be used with the
OnGuard software. By default, the line resembles the following:
<add key=DatabaseType value=SqlServer></add>
Lnl.LicenseSystem.Client.Host
Lnl.LicenseSystem.Client.Host is used to specify the host name of the machine
running the License Server.
By default, the line looks like this:
<add key="Lnl.LicenseSystem.Client.Host" value="COMPUTER1-DT"></add>
Lnl.LicenseSystem.Client.Port
Lnl.LicenseSystem.Client.Port is used to specify the port the License Server is
listening on (8189 is the default).
By default, the line looks like this:
<add key="Lnl.LicenseSystem.Client.Port" value="8189"></add>
SRConnectionString
SRConnectionString is used to specify the path to where the .mdb file is installed.
By default, the line looks like this:
<add key=SRConnectionString value=Provider=Microsoft.Jet.OLEDB.4.0;
Data Source=C:\Program Files\OnGuard\DBSetup\SR.mdb></add>
178 revision 1
Data Source
The path specified in the Data Source must be consistent with where OnGuard is
installed on the system.
SchemaOwner
SchemaOwner is used to specify the path to where the .mdb file is installed.
By default, the line looks like this:
<add key=SchemaOwner value=dbo></add>
For SQL Server, the default setting is dbo.
For Oracle, the default setting is lenel.
Error Log
The error log path is specified in the application.config file as well. It must be
set to the path where the logs directory was installed. It is specified in the
following line:
<add filename=C:\Program Files\OnGuard\logs\LnlLogError.log
name=StandardLog output=file severity=error type=text></add>
The default error log file for the browser-based client applications is
C:\Program Files\OnGuard\logs\LnlLogError.log. The LnlLogError.log
file is separate from the log file that the traditional OnGuard applications write
to, which is LenelError.log.
revision 1 179
Appendix B:
2.
During the installation you are prompted to choose the system type. Select
Custom.
3.
You will be prompted with the custom setup screen. Choose which features
to install.
4.
Custom Features
The following features are only available with a custom OnGuard installation.
Application Server
This feature installs the Application Server components into your IIS Web server
structure in order to serve Web versions of Area Access Manager, VideoViewer,
Visitor Management, and Visitor Administration. This feature is only supported
on systems running IIS.
Additional steps are required for the configuration of the Application Server. For
more information, refer to Chapter 11: Configuring the Web Application Server
on page 103.
revision 1 181
182 revision 1
Appendix C:
2.
The Communication Server will start. There is no visual indication that the
Communication Server is running, but the Lnlcomsrvr.exe process will be
listed in the Task Manager on the Processes tab.
Warning
1.
Click the Windows Start button, point to Settings, then click Control Panel.
2.
3.
4.
5.
6.
On the General tab in the Startup type drop-down list, select Automatic.
7.
Click [Start].
8.
Click [OK]
Running the Communication Server as a Windows service has some advantages in that the
service is started automatically upon computer boot-up. For the Communication Server,
there MUST be a SYSTEM DSN named LENEL that points to the access control
database. This should occur automatically during OnGuard installation. If for some reason
it doesnt, an error message will be displayed.
WITHOUT A LENEL SYSTEM DSN, THE SERVICE WILL NOT BE ABLE TO USE
THE DATABASE. THIS MEANS THAT THE ACCESS CONTROL SERVER WILL
NOT BE ABLE TO PERFORM A FULL DATABASE DOWNLOAD TO THE ACCESS
PANELS IN THE EVENT OF A POWER OR ACCESS PANEL FAILURE.
revision 1 183
Warning
184 revision 1
The Communication Server can be run only as a Service OR a program, but not as both
simultaneously. If you are running the Communication Server as a Windows service, DO
NOT also run it as a program. If you are running the Communication Server as a Windows
service, you can run it as a program temporarily by highlighting the LS Communication
Server entry in the Services window and clicking [Stop].
Appendix D:
Important:
There are two ways that the License Server can be run on a server running
Windows: as a regular application, or as a Windows service.
The License Server can also be run as a regular application. This means that
the License Server must be started on the server manually, as you would any
other application.
Host: this should be set to the name of the machine running the License
Server
Port: this should be set to the number of the port the License Server is
listening on -- use 8189, which is the default value. If you accepted the
default, it was written into the ACS.INI file. If you entered a different
revision 1 185
7KH/LFHQVH6HUYHU
setting, it was written into both the ACS.INI file AND the
OnGuard\LicenseServerConfig\Server.Properties file. This file is only
created during the install if the port setting was changed. If you want to
change the port setting in the ACS.INI file after the installation (either to a
new setting or back to 8189), then you must also change it in the
Server.Properties file.
Important:
2.
Change to the directory that contains the License Server executable. This is
the directory where you installed OnGuard, which is C:\Program
Files\OnGuard by default.
3.
Run the command LicenseServer -interactive. This will start the License
Server.
4.
Click the Windows Start button, then select Programs > OnGuard 2010 >
License Server.
2.
The License Server will start. There is no visual indication that the License
Server is running, but the LicenseServer.exe process will be listed in the
Task Manager on the Processes tab.
186 revision 1
1.
2.
3.
4.
5.
Appendix E:
Region A
(Parent)
Region B
Region C
(Child)
(Child)
To monitor hardware and events from both Region B and Region C, you would
log into the parent Region for both (Region A). This process is the same for any
number of levels; the login is to the mutual parent of all of the Regions that you
wish to monitor.
Since the Master Server Node can now host hardware, logging into the Master
Server will now allow you to monitor all Regions within a single Alarm
Monitoring instance. The old Multi-Region Alarm Monitoring option allowed
multiple instances of Alarm Monitoring to be run on a single computer. This
feature will still exist for those who want to use this method of monitoring
multiple connections but the name has been updated to better reflect
functionality.
Additional useful notes:
revision 1 187
Alarm Replication
Default alarms do not replicate.
User defined (custom) default alarms (no specific hardware defined)
are not replicated throughout the Enterprise. For example, customize
Door Forced Open for a priority of = 60, will not replicate.
Device specific custom alarms (associated with hardware) are replicated
throughout the Enterprise.
For example, Door Forced Open AT THE FRONT DOOR for a priority
of = 255, will replicate.
For example, Configure Door Forced Open at the front door to activate a
siren at the door. Even if this alarm is acknowledged at a different Region,
the siren at the correct door will activate.
If I log into the Monitor Zone at Region C, you will only see hardware in
the Zone for Region C.
If Region C has children whose devices were also included in the Monitor
Zone, you would also see those.
In conclusion, when you log into a Monitor Zone, you only see hardware
that your Regional Server Node is aware of. Since hardware does not
replicate down, you would never see hardware from a level above yours
or from a Regional Server Node which would need to replicate to you
through a top-level node.
188 revision 1
revision 1 189
190 revision 1
Appendix F:
Important:
Before running the Universal Time Conversion Utility you should create a
backup of your database. For more information, refer to Chapter 4: Database
Backup and Restoration in the Upgrade Guide.
Important:
Due to limitations regarding data collected during Daylight Saving Time, the
Universal Time Conversion Utility cannot be guaranteed to be 100%
accurate for those dates that fall within Daylight Saving Time. Any
inaccuracies, however, should not cause any problems for your system.
The purpose of the Universal Time Conversion (UTC) Utility is to collect nonUTC dates and times that are contained in reports and convert them to use the
new standard UTC time.
Converting reports to use UTC Time allows users in multiple time zones to see
the same data but in their local time.
The conversion process should be the last step in the upgrade process. If you do
not run the utility then data collected in prior versions of OnGuard will not
display the correct time until the conversion is completed.
The setup process for the UTC Utility occurs after your system and database has
been completely upgraded and after any replication has been completed.
If you restore any archive prior to when the UTC Utility was first run, you will
have to run the utility again.
Make sure that all of your regional node information has been uploaded to
the master node.
Once replication is complete you must run the UTC utility on the master node
and then perform a system download to the regional nodes.
On the regional nodes you can configure the linkage server and default system
time zone after the system download is complete. If user replication is enabled,
revision 1 191
all user time zone data must be collected at the master node and downloaded to
the regional nodes. If user replication is not enabled, you can configure the user
time zones on the regional nodes as well.
Click the Start button, then select All Programs > OnGuard 2010 >
Universal Time Conversion Utility. The Universal Time Conversion
Utility starts.
2.
3.
On the Welcome screen, read the warning regarding database backups and
select a radio button for your response. If you have created a backup, click
[Next]. To begin the conversion process.
4.
On the System screen, use the drop-down to select the World Time Zone that
will be used as the default time zone in the system. Click [Next].
5.
If you have a Linkage Server host configured, then, on the Linkage Server
screen, select the World Time Zone that will be used by the items associated
with the Linkage Server and click [Next]. You will only see the Linkage
Server screen if your system has the Linkage Server host configured. Click
[Next].
6.
If you have segmented system then, on the Segments screen, choose the
World Time Zone that will be used for the segments.
7.
On the Workstations screen, select the World Time Zone that will be used for
each of the systems workstations. The options are:
Use the system world time zone for all workstations - sets the World
Time Zone on all workstations to match the one set as the default
System World Time Zone.
Use the associated segment world time zone for all workstations sets the World Time Zone on all workstations to match the one set on the
segment.
Click [Next].
8.
On the Controllers screen, select the World Time Zone that you intend to
associate with each of the systems controllers. You may be asked to restart
the communication server before the changes take effect. Click [Next].
9.
If you have a segmented system then proceed to step 10. If you do not have a
segmented system then proceed to step 12.
10. On the Multi-segmented Users screen, select the World Time Zone to
associate with multi-segmented system users. Optionally you can use the
Find User field to search for a specific system user to change. You can also
use the check box to assign the system world time zone to all users. Click
[Next].
11. On the Single Segment Users screen, select the World Time Zone that you
intend to associate with each of the single-segmented system users. These
include the administrator, badge operator, system account, and user. You can
192 revision 1
also use the check boxes to assign the system or segment world time zone to
all users.
Optionally you can use the Find User field to search for a specific system
user to change. You can also use the segment drop-down
to associate users with the time zone associated with a specific segment.
Click [Next].
12. (For non-segmented systems only) On the Users screen, select the World
Time Zone that you intend to associate each of the systems users with.
These include the administrator, badge operator, system account, and user.
You can also use the check box to assign the system World Time Zone to all
users.
Optionally you can use the Find User field to search for a specific system
user to change. Click [Next].
13. On the Save screen, the collected data is saved to the database. Select
whether you would like to run the conversion process now or at a later time.
If you choose to run the conversion process immediately, click [Next].
Otherwise, click [Close].
Optionally, you can generate a report of the collected World Time Zone data
by clicking [Generate Report]. This report is exported as a Comma
Separated Value (CSV) file which is best opened in Microsoft Excel.
14. On the Conversion screen, click [Close] once the conversion process has
completed.
revision 1 193
194 revision 1
Index
A
About accounts ................................................. 151
About this user guide .......................................... 19
Accounts
about .......................................................... 151
ADMIN...................................................... 147
Lenel .......................................................... 147
SA .............................................................. 147
table of accounts ........................................ 147
ACS.INI file
License Server settings .............................. 185
Replicator settings ..................................... 135
Administrative tasks for servers
masters and regions.................................... 167
check backups..................................... 167
check SQL Server database ................ 167
maintain Replicator transactions ........ 168
regions........................................................ 168
check the results of Replicator execution
on the master ........................ 169
check the results of the Replicator
execution on all regions ....... 168
ensure Hardware transaction and log
related data are being
processed .............................. 169
Application server
custom installation ..................................... 181
Application.config ............................................ 175
file settings................................................. 177
modifying................................................... 175
Attach
hardware key................................................ 86
Authentication................................................... 108
B
Backup all databases ......................................... 157
Before installing an Enterprise master or region
server............................................................ 21
Benefits of an Enterprise system ........................ 17
Browser-based clients
configuration.............................................. 111
user permissions......................................... 111
Browser-based reports ...................................... 108
C
Change
database password ..................................... 149
Lenel account password............................. 150
revision 1 195
Index
196 revision 1
O
ODBC DSN connections .................................... 22
OnGuard............................................................ 147
install ........................................................... 83
installing on Oracle 10g client..................... 66
installing on Oracle 10g server .................... 58
installing on Oracle 11g client..................... 80
new install.................................................... 83
set up OnGuard database ............................. 88
Open architecture technology ............................. 17
Oracle 10g client
configure software ....................................... 63
install OnGuard software............................. 66
install software............................................. 63
Oracle 10g server
configure the Lenel database ....................... 45
create the Lenel user .................................... 58
install OnGuard............................................ 58
install software............................................. 44
installing ...................................................... 41
run Database Setup ...................................... 61
run the Net Configuration Assistant ............ 51
software configuration overview ................. 42
verify that the system works ........................ 56
Oracle 11g client
configure software ....................................... 79
install OnGuard software............................. 80
install software............................................. 79
Oracle 11g server
configure the Lenel database ....................... 71
create the Lenel user .................................... 75
install OnGuard............................................ 75
install software............................................. 70
installing ...................................................... 67
run Database Setup ...................................... 77
run the Net Configuration Assistant ............ 74
software configuration overview ................. 68
verify that the system works ........................ 75
Overview of Enterprise ....................................... 15
Overview of ODBC DSN connections ............... 22
P
Parallel port dongle ............................................. 86
Password change
inform administrators of the password
change................................................. 152
write down ................................................. 152
Passwords
case sensitivity ........................................... 148
change database password ......................... 147
change Lenel account password ................ 150
change the database password ................... 149
change the SYSTEM account password using
revision 1 197
Index
198 revision 1
revision 1 199