Security Center Administrator Guide 5.2
Copyright notice © 2013 Genetec Inc. All rights reserved. Genetec Inc. distributes this document with software that includes an end-user license agreement and is furnished under license and may be used only in accordance with the terms of the license agreement. The contents of this document are protected under copyright law. The contents of this guide are furnished for informational use only and are subject to change without notice. Genetec Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this guide. This publication may not be copied, modified, or reproduced in any form or for any purpose, nor can any derivative works be created therefrom without Genetec Inc.’s prior written consent. Genetec Inc. reserves the right to revise and improve its products as it sees fit. This document describes the state of a product at the time of document’s last revision, and may not reflect the product at all times in the future. In no event shall Genetec Inc. be liable to any person or entity with respect to any loss or damage that is incidental to or consequential upon the instructions found in this document or the computer software and hardware products described herein. The use of this document is subject to the disclaimer of liability found in the end-user license agreement. "Genetec", "Omnicast", "Synergis", "Synergis Master Controller", "AutoVu", "Federation", "Stratocast", the Genetec stylized "G", and the Omnicast, Synergis, AutoVu and Stratocast logos are trademarks of Genetec Inc., either registered or pending registration in several jurisdictions. "Security Center", "Security Center Mobile", "Plan Manager", "Stratocast" and the Security Center logo are trademarks of Genetec Inc. Other trade names used in this document may be trademarks or registered trademarks of the manufacturers or vendors of the respective products. All specifications are subject to change without notice.
Document information Document title: Security Center Administrator Guide 5.2 Document number: EN.500.003-V5.2.C1(1) Document update date: April 19, 2013 You can send your comments, corrections, and suggestions about this guide to
[email protected].
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
ii
About this guide This guide provides the information you need to set up and configure your Security Center system. It explains the basic settings you must configure before your system can be used, as well as other settings you'll need to change such as adding additional users and resources (servers) to your system. This guide also provides the conceptual information and instructions on how to build and configure your Security Center video-surveillance, access control, and license plate recognition (LPR) systems. A reference section is included that provides information about each window and tab, and the related settings in the Config Tool. Last-minute updates can be found in the Security Center Release Notes. This guide is written for users who need to configure and manage Security Center. You should be familiar with the following concepts and systems:
• • • • • •
Microsoft Windows administration Installation, configuration, and use of Microsoft SQL Server 2008 Video surveillance concepts Access control concepts Vehicle law enforcement and parking enforcement concepts Wiring of access control equipment such as door controllers and input/output modules
Notes and notices This section explains how the following notes and notices are used in this guide:
• • • •
Tip. Suggests how to apply the information in a topic or step. Note. Explains a special case, or expands on an important point. Important. Points out critical information concerning a topic or step. Caution. Indicates that an action or step can cause loss of data, security problems, or performance issues.
• Warning. Indicates that an action or step can result in physical harm, or cause damage to hardware.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
iii
Contents About this guide .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. iii
Part I: Introduction to Security Center Chapter 1: Welcome to Security Center What is Security Center? .
.
.
.
.
Common/Core features
.
.
.
.
.
.
.
.
.
.
.
.
.
3
.
.
.
.
.
.
.
.
.
.
.
.
.
4
Omnicast – Video surveillance features .
.
.
.
.
.
.
.
.
.
.
.
.
4
Synergis – Access control features .
.
.
.
.
.
.
.
.
.
.
.
.
4
AutoVu – License plate recognition (LPR) features .
.
.
.
.
.
.
.
.
.
5
.
.
.
.
.
.
.
.
.
.
.
.
.
.
6
About Security Center components.
.
.
.
.
.
.
.
.
.
.
.
.
.
6
What is Genetec Server?
.
.
.
.
.
.
.
.
.
.
.
.
.
7
Architecture overview.
.
. .
.
.
.
.
Chapter 2: Getting started with Config Tool Connecting to Security Center Log on .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
9 9
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Change your password .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 10
Log off .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 10
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 10
Differences between Config Tool 5.1 and 5.2 .
.
.
.
.
.
.
.
.
.
.
. 11
.
. 13
.
.
.
.
.
.
.
.
Close the application
.
.
.
.
.
.
.
.
.
.
.
.
.
How Config Tool is organized .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 13
Home page overview
.
.
.
.
.
.
.
.
.
.
.
.
.
. 14
Administration task workspace overview
.
.
.
.
.
.
.
.
.
.
.
. 16
Maintenance task workspace overview .
.
.
.
.
.
.
.
.
.
.
.
. 19
Config Tool interface tour .
. .
.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
iv
Chapter 3: Working with tasks Adding a task .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 22
Create a new task
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 22
Load a saved task
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 23
Working with your current tasks .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 24
Task list commands .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 24
Close the current task
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 25
Reordering tasks
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 25
Save a task .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 26
Send a task to another workstation .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 27
Change the taskbar position .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 27
Set the taskbar to auto-hide .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 27
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 30
Export and print your report .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 31
Chapter 4: Working with reports Generate a report .
.
.
Export your report .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 31
Print your report
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 31
.
Customize the report pane .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 32
Resize columns .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 32
Select columns .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 32
Change the column order
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 33
Part II: Security Center administration Chapter 5: Basic principles about entities Entities as basic building blocks
.
.
.
.
.
.
.
.
.
.
.
.
.
. 36
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 37
Create an entity manually
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 37
Common entity attributes .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 38
Entities created automatically by the system . Using geographical locations
Configuring entities
.
.
.
.
.
.
.
.
.
.
.
.
. 39
.
.
.
.
.
.
.
.
.
.
.
.
. 40
Further readings on entity configuration
.
.
.
.
.
.
.
.
.
.
.
. 40
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
.
.
v
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 42
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 42
Search for entities by name .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 43
Search for entities using the Search tool.
.
.
.
.
.
.
.
.
.
.
.
. 43
.
.
.
.
.
.
.
.
.
.
.
. 45
Searching for tasks and entities Search for a task
Delete an entity
.
.
.
.
.
.
.
.
.
Chapter 6: Common administrative tasks .
.
.
.
.
.
.
.
.
.
.
.
. 47
Add an expansion server to your system
.
.
.
.
.
.
.
.
.
.
.
. 47
Managing servers .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 48
Managing roles.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 49
Diagnose role problems
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 51
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 52
Common database settings .
.
.
Managing servers and roles
.
Managing databases .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 52
Where should the database be hosted? .
.
.
.
.
.
.
.
.
.
.
.
. 53
Move a database to a different computer
.
.
.
.
.
.
.
.
.
.
.
. 53
Connect roles to a remote database server .
.
.
.
.
.
.
.
.
.
.
. 54
Create a database .
.
.
.
.
.
.
.
.
.
.
.
. 55
View information about a role’s database
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 56
Turn on role database notifications .
.
.
.
.
.
.
.
.
.
.
.
.
. 57
Back up your role database .
.
.
.
.
.
.
.
.
.
.
.
.
. 57
.
.
.
.
Restore your role database .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 58
Delete a database .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 59
Configuring Security Center for high availability.
.
.
.
.
.
.
.
.
.
. 60
Configuring role failover .
.
.
.
.
.
.
.
.
.
. 61
.
. .
.
.
.
.
.
How role failover works in Security Center .
.
.
.
.
.
.
.
.
.
.
. 61
Which roles support failover
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 62
Configure failover for roles .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 64
Troubleshooting failover
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 65
.
.
.
.
.
.
.
.
.
. 66
How Directory failover and load balancing works .
.
.
.
.
.
.
.
.
. 66
.
Configuring Directory failover and load balancing
Directory failover and load balancing prerequisites .
.
.
.
.
.
.
.
.
. 67
Add a server to the Directory failover list
.
.
.
.
.
.
.
.
.
.
.
. 68
Modify the license for all servers
.
.
.
.
.
.
.
.
.
.
.
. 68
Change the order of the Directory servers .
.
.
.
.
.
.
.
.
.
.
. 69
.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
.
vi
Manually switch the main server
.
.
.
.
.
.
.
.
.
.
. 69
Remove a server from the Directory failover list .
.
.
.
.
.
.
.
.
.
. 70
Bypass default load balancing
.
.
.
.
.
.
.
.
.
. 70
.
. .
. .
. .
.
Configuring Directory database failover .
.
.
.
.
.
.
.
.
.
.
.
. 71
How Directory database failover works .
.
.
.
.
.
.
.
.
.
.
.
. 71
Configure database failover through backup and restore .
.
.
.
.
.
.
.
. 72
Configure database failover through mirroring .
.
.
.
.
.
.
.
.
.
. 74
Monitoring your system’s health .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 75
About the Health Monitor role .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 75
Configuring the Health Monitor.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 76
Monitoring your system’s health using maintenance tasks
.
.
.
.
.
.
.
. 81
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 82
What is the Network view? .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 82
Purpose of the Network view
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 82
Creating network entities
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 83
Managing the Logical view .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 85
About the Logical view .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 85
Configuring the Logical view
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 86
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 89
Introduction to software security
.
.
.
.
.
.
.
.
.
.
.
.
.
. 89
Defining partitions .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 90
Defining users .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 93
Defining user groups
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 96
Managing the Network view
Managing software security
Configuring user privileges .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 99
Using privilege templates
.
.
.
.
.
.
.
.
.
.
.
.
.
.
101
.
.
.
.
.
.
.
.
.
.
.
102
.
Importing users from an Active Directory Automating system behavior . Using schedules .
.
.
.
.
.
.
.
.
.
.
.
.
.
103
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
103
Using event-to-actions .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
106
Using scheduled tasks
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
109
Using macros
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
110
.
Managing alarms . What is an alarm?
.
.
. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
111
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
111
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
vii
Create an alarm
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 112
Testing alarms .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 112
Trigger alarms manually
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 113
Trigger alarms automatically using event-to-actions Responding to alarms .
.
.
.
.
.
.
.
.
. 113
.
.
.
.
.
.
.
.
.
.
.
.
. 115
Investigating current and past alarms .
.
.
.
.
.
.
.
.
.
.
.
. 116
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 117
What are threat levels for? .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 117
Differences between threat levels and alarms
.
.
.
.
.
.
.
.
.
.
. 117
Create a threat level
Managing threat levels
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 119
Configuring threat level actions
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 121
Actions exclusive to threat levels
.
.
.
.
.
.
.
.
.
.
.
.
.
. 122
Threat level limitations .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 122
Threat level scenarios .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 123
Threat level related tasks
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 127
Federating remote systems
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 128
Types of federations
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 128
What are federated entities?
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 128
Federating Omnicast systems .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 131
Federating Security Center systems .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 133
Advanced settings for large federations .
.
.
.
.
.
.
.
.
.
.
.
. 134
.
.
.
.
.
.
.
.
.
.
.
.
. 136
Why use custom fields?.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 136
Add a custom field .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 136
Add a custom data type.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 138
Modify a custom data type .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 139
Integrating with Windows Active Directory .
.
.
.
.
.
.
.
.
.
.
. 140
Defining custom fields and data types
What is Active Directory integration? .
.
.
.
.
.
.
.
.
.
.
.
. 140
What are the benefits of AD integration?
.
.
.
.
.
.
.
.
.
.
.
. 140
How does Active Directory integration work? .
.
.
.
.
.
.
.
.
.
. 141
How does synchronization work? .
.
.
.
.
.
.
.
.
.
. 142
What information can be synchronized with the AD? .
.
.
.
.
.
.
.
. 142
Import security groups from an Active Directory
.
.
.
.
.
.
.
. 143
Select which cardholder fields to synchronize with the AD .
.
.
.
.
.
.
. 146
Mapping the credential card format to an AD attribute .
.
.
.
.
.
.
. 147
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
.
.
.
.
.
.
viii
Map custom fields to synchronize with the AD .
.
.
.
.
.
.
.
.
.
Resolve conflicts due to imported entities Modifying imported users .
148
.
.
.
.
.
.
.
.
.
.
.
149
.
.
.
.
.
.
.
.
.
.
.
.
.
.
151
Modifying imported cardholders
.
.
.
.
.
.
.
.
.
.
.
.
.
151
Logging on with an Active Directory user
.
.
.
.
.
.
.
.
.
.
.
153
.
.
.
.
.
.
.
.
.
.
.
155
How are intrusion detection panels represented in Security Center? .
.
.
.
.
155
What does the Intrusion Manager role do? . Enroll an intrusion panel
.
Managing intrusion panels
.
.
.
.
.
.
.
.
.
.
.
.
.
156
.
.
.
.
.
.
.
.
.
.
.
.
156
Edit intrusion detection unit peripherals.
.
.
.
.
.
.
.
.
.
.
.
158
Create an intrusion detection area .
.
.
.
.
.
.
.
.
.
.
.
.
159
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
160
What is IO linking? .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
160
What is a zone? .
.
.
Managing zones
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
160
About zone management roles .
.
.
.
.
.
.
.
.
.
.
.
.
.
161
Creating zones .
.
.
.
.
.
.
.
.
.
.
.
.
.
161
Which type of zone works best for me? .
.
.
.
.
.
.
.
.
.
.
.
163
Supporting cross-platform development .
.
.
.
.
.
.
.
.
.
.
.
164
What does the Web-based SDK role do? .
.
.
.
.
.
.
.
.
.
.
.
164
Using the Web-based SDK . Creating tile plugins
. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
164
.
.
.
.
.
.
.
.
.
.
.
.
.
.
165
Create a tile plugin that links to a Web site .
.
.
.
.
.
.
.
.
.
.
165
Create a tile plugin that links to a map file
.
.
.
.
.
.
.
.
.
.
.
165
Chapter 7: Troubleshooting Viewing system messages .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
168
Viewing system health events .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
170
Viewing the health status and availability of entities .
.
.
.
.
.
.
.
.
171
System status task .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
172
Monitoring the status of your system .
.
.
.
.
.
.
.
.
.
.
.
.
177
Troubleshooting entity states .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
179
.
.
.
.
.
.
.
.
.
.
.
.
.
.
180
Finding out who made changes on the system .
.
.
.
.
.
.
.
.
.
.
181
Diagnosing entities
.
.
.
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
ix
Investigating user related activity on the system . Viewing properties of units in your system
.
.
.
.
.
.
.
.
.
.
.
. 182
.
.
.
.
.
.
.
.
.
. 184
Part III: Omnicast IP video surveillance Chapter 8: Deploying Omnicast .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 187
What are the Omnicast entities? .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 188
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 190
Omnicast deployment prerequisites
.
.
.
.
.
.
.
.
.
.
.
.
. 190
Omnicast deployment procedure .
.
.
.
.
.
.
.
.
.
.
.
.
. 191
What is Omnicast?
.
.
.
Omnicast deployment process
Configuring the Archiver role
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 193
What is the Archiver? .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 193
Configure the Archiver .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 193
Adding video units to your system .
.
.
.
.
.
.
.
.
.
.
.
.
. 194
Configuring video units for trickling
.
.
.
.
.
.
.
.
.
.
.
.
. 197
Configuring the Media Router role
.
.
.
.
.
.
.
.
.
.
.
.
.
. 202
What is the Media Router? .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 202
Configure the Media Router
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 202
Beware of RTSP port conflict
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 203
Configuring the Auxiliary Archiver role .
.
.
.
.
.
.
.
.
.
.
.
. 204
What is the Auxiliary Archiver?
.
.
.
.
.
.
.
.
.
.
.
.
.
. 204
Configure the Auxiliary Archiver .
.
.
.
.
.
.
.
.
.
.
.
.
. 206
Associate cameras to the Auxiliary Archiver
.
.
.
.
.
.
.
.
.
.
. 207
Remove a camera from the Auxiliary Archiver .
.
.
.
.
.
.
.
.
.
. 208
Move the Auxiliary Archiver to a different server
.
.
.
.
.
.
.
.
.
. 208
.
.
.
.
.
.
.
.
.
.
. 209
Recommended camera configuration process .
.
.
.
.
.
.
.
.
.
. 209
Configuring video streams .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 210
Configure visual tracking .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 212
Test the video quality of your camera .
.
.
.
.
.
.
.
.
.
.
.
. 213
Configuring cameras .
.
Configure PTZ motors .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 214
Creating camera sequences .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 218
Configuring analog monitors .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 220
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
x
Configure analog monitors .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
220
Testing your analog monitor configuration .
.
.
.
.
.
.
.
.
.
.
222
Chapter 9: Managing Omnicast Managing video archives .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
224
What constitutes a video archive?
.
.
.
.
.
.
.
.
.
.
.
.
.
224
Managing the archive storage
.
.
.
.
.
.
.
.
.
.
.
.
.
.
225
Protecting your video archives .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
227
Protecting your video archive against storage failure .
.
.
.
.
.
.
.
.
227
Protecting your video archive against hardware failure .
.
.
.
.
.
.
.
227
Protecting video archive against routine cleanup.
.
.
.
.
.
.
.
.
.
229
Protecting video archive against tampering .
.
.
.
.
.
.
.
.
.
.
229
Protecting video files .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
231
Viewing properties of video files .
.
.
.
.
.
.
.
.
.
.
.
.
.
233
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
234
Diagnosing video streams .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
235
Troubleshooting video units that are offline .
.
.
.
.
.
.
.
.
.
.
236
.
.
.
.
.
.
.
.
.
.
237
Diagnosing “Impossible to establish video session with the server” errors.
.
.
.
239
Troubleshooting no playback video available .
Replace video units
.
.
Diagnosing “Waiting for signal” errors
.
.
.
.
.
.
.
.
.
.
.
.
240
Troubleshooting cameras that are not recording .
.
.
.
.
.
.
.
.
.
241
Troubleshooting video units that cannot be added
.
.
.
.
.
.
.
.
.
244
Troubleshooting video units that cannot be deleted
.
.
.
.
.
.
.
.
.
247
Solving H.264 video stream issues .
.
.
.
.
.
.
.
.
.
.
.
.
.
248
Investigating Archiver events .
.
.
.
.
.
.
.
.
.
.
.
.
.
249
.
Part IV: Synergis IP access control Chapter 10: Deploying Synergis What is Synergis? .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
252
How does Synergis work?
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
252
What are Synergis entities? .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
253
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
xi
Uniqueness of the Synergis model . Synergis deployment process .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 254
.
.
.
.
.
.
.
.
.
.
.
.
.
. 256
Synergis deployment prerequisites .
.
.
.
.
.
.
.
.
.
.
.
.
. 256
Synergis deployment procedure
.
.
.
.
.
.
.
.
.
.
.
.
.
. 257
Configuring the Access Manager role .
.
.
.
.
.
.
.
.
.
.
.
.
. 260
Configure the Access Manager role .
.
.
.
.
.
.
.
.
.
.
.
.
. 260
Add the unit manufacturer extensions .
.
.
.
.
.
.
.
.
.
.
.
. 261
Adding access control units to your system .
.
.
.
.
.
.
.
.
.
.
. 261
Configuring access control units .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 267
Understanding unit synchronization
.
.
.
.
.
.
.
.
.
.
.
.
. 267
Synergis Master Controller’s unique characteristics .
.
.
.
.
.
.
.
.
. 267
.
.
.
.
.
.
.
.
.
.
.
.
.
. 268
Wiring doors to access control units
.
.
.
.
.
.
.
.
.
.
.
.
. 268
Create and configure your doors
.
.
.
.
.
.
.
.
.
.
.
.
.
. 268
Configuring a buzzer .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 269
Configuring readerless doors using Input/Output modules .
.
.
.
.
.
.
. 269
Associate cameras to doors .
.
.
.
.
.
.
.
.
. 270
Using the Walkthrough wizard
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 271
Why use the Walkthrough wizard? .
.
.
.
.
.
.
.
.
.
.
.
.
. 271
Assigning doors to access control units using the Walkthrough Wizard .
.
.
.
. 272
Configuring doors
.
Configuring elevators .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 274
Hardware for elevator control and floor tracking
.
.
.
.
.
.
.
.
.
. 274
Configuring elevator floors .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 275
Create an elevator .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 275
Configuring secured areas
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 278
Create an area .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 278
Add members to an area
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 279
Configure doors for an area
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 279
Configure antipassback.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 280
Configure interlock
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 280
Configuring access rules .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 281
Create and configure access rules .
.
.
.
.
.
.
.
.
.
.
.
.
. 281
Configuring cardholders and cardholder groups .
.
.
.
.
.
.
.
.
.
. 283
.
.
.
.
.
.
.
.
.
. 283
Create a cardholder in Config Tool . gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
.
.
.
xii
Create a cardholder group in Config Tool
.
.
.
.
.
.
.
.
.
.
About the maximum cardholder picture file size .
.
.
.
.
.
.
.
.
.
284
Import cardholders from a flat file .
.
.
.
.
.
.
.
.
.
.
284
Importing cardholders from an Active Directory
.
.
.
.
.
.
.
.
.
284
Managing cardholders in Security Desk . .
.
.
284
.
.
.
.
.
.
.
.
.
.
.
284
.
.
.
.
.
.
.
.
.
.
.
.
.
285
Create a credential in Config Tool .
.
.
.
.
.
.
.
.
.
.
.
.
285
Import credentials from a flat file
.
.
Configuring credentials
.
.
.
.
.
.
.
.
.
.
.
.
.
287
Importing credentials from an Active Directory .
.
.
.
.
.
.
.
.
.
.
287
Enrolling credentials from Security Desk
.
.
.
.
.
.
.
.
.
.
.
287
Using custom card formats .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
287
Defining badge templates .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
289
Testing your configuration
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
294
.
.
.
.
.
.
.
.
.
.
.
.
.
.
296
What is global cardholder management?
.
.
.
.
.
.
.
.
.
.
.
296
How does global cardholder management work? Rules and restrictions regarding GCM .
Chapter 11: Managing Synergis Managing global cardholders .
.
.
.
.
.
.
.
.
.
296
.
.
.
.
.
.
.
.
.
.
.
301
Configuring global cardholder management .
.
.
.
.
.
.
.
.
.
.
303
Operating on global entities .
.
.
.
.
.
.
.
.
.
.
.
.
.
305
Viewing access control health events .
.
.
.
.
.
.
.
.
.
.
.
.
308
Investigating access control unit events
.
.
.
.
.
.
.
.
.
.
.
.
309
Viewing IO configuration of access control units .
.
.
.
.
.
.
.
.
.
310
.
.
.
.
.
.
.
.
.
.
311
Replacing HID VertX 1000 units with SMC units .
.
.
.
.
.
.
.
.
.
312
Troubleshoot HID discovery and enrollment .
.
.
.
.
.
.
.
.
.
.
314
Common discovery and enrollment issues .
.
.
.
.
.
.
.
.
.
.
314
HID unit cannot be found with the discovery tool
.
.
.
.
.
.
.
.
.
315
HID unit enrollment issues .
.
.
.
.
.
.
.
.
.
315
Finding out which entities are affected by access rules .
.
.
.
.
.
.
.
.
317
Viewing properties of cardholder group members.
.
.
.
.
.
.
.
.
.
318
Viewing credential properties of cardholders .
.
.
.
.
.
.
.
.
.
319
Replace access control units
.
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
.
.
.
.
.
.
.
.
.
.
.
xiii
.
.
.
.
.
.
.
.
.
.
.
. 320
.
.
.
.
.
.
.
.
.
.
.
.
. 321
Troubleshooting cardholder access rights.
.
.
.
.
.
.
.
.
.
.
.
. 322
Diagnosing cardholder access rights based on credentials
.
.
.
.
.
.
.
. 323
Finding out who is granted access to doors and elevators .
.
.
.
.
.
.
.
. 324
Finding out who is granted/denied access at access points
.
.
.
.
.
.
.
. 325
Troubleshoot door issues .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 326
Request to exit events .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 326
Credential issues
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 326
Resolution of reader issues .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 327
.
.
.
.
.
.
.
. 332
How the Access troubleshooter tool works Troubleshooting access points
.
.
.
.
Part V: AutoVu IP license plate recognition Chapter 12: Deploying AutoVu
Part VI: Config Tool reference Chapter 13: Entity types Common configuration tabs .
.
.
.
.
.
.
.
Identity
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 332
Cameras
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 334
Custom fields .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 335
Location
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 336
Access control unit
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 337
Properties (SMC) .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 338
Properties (HID)
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 340
Portal (SMC) .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 343
Network (HID).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 344
Peripherals .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 345
Health .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 346
Synchronization
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 347
.
. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 349
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 350
Access rule
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
xiv
Alarm .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
351
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
352
Advanced
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
354
.
Analog monitor
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
357
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
358
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
360
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
361
Members
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
363
Access rules .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
364
Badge template.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
365
Badge designer .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
366
Camera (video encoder)
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
368
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
369
Area
.
Video
.
.
.
.
Recording .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
378
Motion detection
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
379
Color
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
387
Visual tracking .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
388
Hardware
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
389
Camera sequence .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
393
.
. .
Cameras
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
394
Cardholder.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
395
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
396
Picture .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
397
.
Cardholder group .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
398
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
399
Cash register
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
400
Credential .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
401
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
402
Badge template .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
403
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
404
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
405
Unlock schedules
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
406
Hardware
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
408
Door
.
.
.
.
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
xv
Access rules
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 409
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 410
Floors .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 411
Access .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 412
Advanced .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 413
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 414
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 415
Advanced .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 418
Intrusion detection area .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 421
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 422
Intrusion detection unit .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 423
Elevator
Hotlist.
.
Properties .
.
.
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 424
Peripherals .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 425
LPR unit .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 426
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 427
Macro .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 429
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 430
Default execution context .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 431
Monitor group
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 432
Monitors .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 433
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 434
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 435
Output behavior .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 437
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 438
Overtime rule .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 439
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 440
Parking lot .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 442
Parking facility
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 444
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 445
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 447
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 448
Accepted users .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 449
Network .
Partition .
Patroller .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 450
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 451
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
xvi
Permit .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
453
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
454
Permit restriction .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
457
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
458
Parking lot .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
460
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
461
Public task . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
462
Schedule
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
463
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
464
Role
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
465
Using the ordinal pattern
Setting the time range
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
468
Scheduled task .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
469
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
470
Server .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
471
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
472
Server Admin
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
473
Directory tab
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
473
Genetec Server tab .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
476
Tile plugin .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
480
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
481
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
482
User
.
.
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
483
Workspace .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
485
Security .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
486
Privileges
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
488
User group .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
489
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
490
Security .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
491
Privileges
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
493
Video unit .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
494
Identity .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
495
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
496
Peripherals .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
498
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
xvii
Zone (hardware) .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 502
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 503
Arming
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 504
Zone (virtual) .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 506
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 507
Arming
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 508
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 511
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 512
Extensions .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 513
Resources .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 514
Active Directory .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 516
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 517
Links .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 518
Resources .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 520
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 521
Camera recording .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 522
Trickling
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 524
.
Chapter 14: Role types Access Manager
Archiver .
. .
.
.
Extensions .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 528
Resources .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 533
Auxiliary Archiver
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 543
Camera recording .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 544
Cameras
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 546
Resources .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 547
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 551
Configuring the Directory role .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 551
Managing the Directory role
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 551
Directory .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 552
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 553
Database failover .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 554
Directory Manager Directory servers
Global Cardholder Synchronizer .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 557
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 558
Resources .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 559
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
xviii
Health Monitor
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
561
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
562
.
.
.
560
Intrusion Manager .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
563
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
564
Extensions .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
565
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
566
LPR Manager .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
567
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
568
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
584
Media Router .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
585
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
586
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
588
Omnicast Federation .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
590
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
591
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
592
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
593
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
594
Point of Sale
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
595
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
596
Cash registers
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
597
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
598
Report Manager
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
599
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
599
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
600
Security Center Federation
Identity .
Plugin .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
601
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
602
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
603
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
604
Web-based SDK
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
605
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
606
Resources
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
607
Identity .
.
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
xix
Zone Manager.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 608
Properties .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 609
Resources .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 610
Chapter 15: Administration tasks .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 612
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 613
Network view .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 615
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 617
Alarms
.
Logical view Security
.
.
.
System
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 618
General settings
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 618
Custom fields .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 619
Events .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 622
Actions.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 624
Logical ID .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 625
User password settings .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 626
Activity trails .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 627
Audio .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 628
Threat levels
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 629
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 630
Access control .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 632
Roles and units .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 633
General settings
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 634
Intrusion detection
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 636
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 638
Roles and units .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 639
General settings
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 640
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 649
Video .
LPR
.
Plugins
.
.
.
.
.
Chapter 16: Tools and utilities Security Desk .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 651
Access troubleshooter .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 652
Unit discovery tool
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 653
Unit replacement .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 654
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
xx
Move unit .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
655
Moving units
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
655
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
657
Sample import scenario .
.
.
.
.
Import tool
.
.
.
.
.
.
.
.
.
.
.
657
Fields that can be imported from a CSV file .
.
.
.
.
.
.
.
.
.
.
662
About entity creations and updates .
.
.
.
.
.
.
.
.
.
.
.
.
666
Replacing old credentials
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
666
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
668
Using the copy configuration tool
.
.
.
.
.
.
.
.
.
.
.
.
.
668
.
.
.
.
.
.
.
.
.
.
.
.
.
.
670
Defining custom card formats .
.
.
.
.
.
.
.
.
.
.
.
.
.
670
Deleting a custom card format .
.
.
.
.
.
.
.
.
.
.
.
.
.
677
.
.
.
.
.
.
.
.
.
.
.
.
.
678
Copy configuration tool
.
Custom card format editor
Options dialog box.
.
General options .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
679
Keyboard shortcuts .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
681
Visual options .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
683
User interaction options.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
685
Video options .
. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
688
Performance options
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
689
Date and time options .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
690
External devices .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
691
Adding shortcuts to external tools .
.
.
.
.
.
.
.
.
.
.
.
.
.
692
.
.
Chapter 17: User privileges Application privileges .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
695
General privileges .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
696
Administrative privileges .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
697
.
Logical entities .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
697
Physical entities
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
697
Schedule Management .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
700
Access control management
.
.
.
.
.
.
.
.
.
.
.
.
.
.
701
Alarm management
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
703
LPR management .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
703
genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)
xxi
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 704
Action privileges .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 708
Task privileges
Chapter 18: Reporting task reference Query filters .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 712
Report pane columns .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 723
Chapter 19: Events and actions in Security Center .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 745
Action types .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 758
Event types
Chapter 20: Keyboard shortcuts in Config Tool .
.
.
.
.
.
.
.
.
.
. 765
Viewing license information from Config Tool .
.
.
.
.
.
.
.
.
.
. 769
Viewing license information from Server Admin .
.
.
.
.
.
.
.
.
.
. 770
Default keyboard shortcuts
.
.
.
.
.
Part VII: Appendices Appendix A: License options
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 771
Security Center license options .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 771
License option descriptions Synergis license options
. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 772
Omnicast license options .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 773
AutoVu license options.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 774
Mobile license options .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 774
Certificate license options .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 775
Appendix B: Default Security Center ports Common communication ports .
.
.
.
.
.
.
.
.
.
.
.
.
.
. 777
AutoVu-specific ports.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 778
Synergis-specific ports
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 779
Omnicast-specific ports .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 780
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
xxii
Appendix C: HID reference .
.
.
.
.
.
.
.
. 782
Refer to HID’s documentation for initial hardware setup
.
.
.
.
.
.
.
. 782
Network configuration
.
.
.
.
Using the HID Discovery GUI utility .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 783
.
.
.
.
.
.
.
.
.
.
.
.
. 784
Special considerations when configuring HID units .
.
.
.
.
.
.
.
.
. 785
.
HID initial configurations
.
.
For HID V1000 units .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 785
Other HID hardware
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 785
HID factory default input settings .
.
.
.
.
.
.
.
.
.
.
.
.
. 785
Modify input configurations
.
.
.
.
.
.
.
.
.
.
.
.
. 786
Interpreting the Power and Comm LEDs on an HID unit
.
.
.
.
.
.
.
. 787
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 788
Supported access control software and hardware
.
.
.
.
.
.
.
.
.
. 788
.
.
.
.
.
.
.
.
.
. 791
About offline, mixed, and online modes of operation
.
.
.
.
.
.
.
.
. 791
Supported modes of operation per unit type
Supported features and models
.
.
Access control unit modes of operation .
. .
. .
.
.
.
.
.
.
.
.
.
. 791
Access control unit configuration.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 799
General versus dedicated inputs
.
.
.
.
.
.
.
.
.
.
.
.
.
. 799
Configuring a door with reader
.
.
.
.
.
.
.
.
.
.
.
.
.
. 799
Configuring a door with two door sensors .
.
.
.
.
.
.
.
.
.
.
. 799
Wiring diagrams .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 800
HID Edge reader & Edge Plus .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 800
HID VertX V1000 .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 801
HID VertX V2000 .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. 802
How Bosch intrusion panel integration works
.
.
.
.
.
.
.
.
.
.
. 804
How Galaxy Dimension control panel integration works .
.
.
.
.
.
.
.
. 806
Appendix D: Bosch reference
Appendix E: Honeywell reference
Glossary
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.807
Index
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.847
.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
xxiii
Part I Introduction to Security Center Take a tour of Security Center and learn the basics of using the user interface. This part includes the following chapters: •
Chapter 1, “Welcome to Security Center” on page 2
•
Chapter 2, “Getting started with Config Tool” on page 8
•
Chapter 3, “Working with tasks” on page 21
•
Chapter 4, “Working with reports” on page 29
1 Welcome to Security Center This section includes the following topics:
• "What is Security Center?" on page 3 • "Architecture overview" on page 6
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
2
What is Security Center?
What is Security Center? Security Center is the unified security platform that seamlessly blends Genetec's IP security and safety systems within a single innovative solution. The systems unified under Security Center include Genetec's Omnicast IP video surveillance, Synergis IP access control, and AutoVu IP license plate recognition system. The Security Center unified security platform provides:
• One platform controlling and managing video/access/LPR edge devices. • One user interface for monitoring, reporting, and managing events and alarms for video • •
surveillance, access control, and LPR - Security Desk. One user interface for configuring video surveillance, access control, and LPR - Config Tool. Unified live video viewing with video searches and video playback.
Security Center features are divided into four main categories:
• • • •
Common/Core features Omnicast – Video surveillance features Synergis – Access control features AutoVu – License plate recognition (LPR) features
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
3
What is Security Center?
Common/Core features • • • • • • • • •
Alarm management Zone management Federation Intrusion panel integration Report management Schedule and scheduled task management User and user group management Windows Active Directory integration Programmable automated system behavior
Omnicast – Video surveillance features • • • • • • • • • • • • •
Full camera configuration and management (new in 5.2) View live and playback video from all cameras Full PTZ control using the PC or CCTV keyboard, or on screen using the mouse Digital zoom Motion detection Bookmark any important scene to ease future video archive search and retrieval Save and print video snapshots Search video by alarm, bookmark, event, motion, or date and time View all cameras on independent or synchronized timelines Visual tracking: follow individuals or moving objects across different cameras Export video in the Genetec G64 format, or a public ASF format Protect video against accidental deletion Protect video against tampering by using watermarks
Synergis – Access control features • • • • • •
Cardholder management Credential management Visitor management Door management Access rule management People counting
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
4
What is Security Center?
AutoVu – License plate recognition (LPR) features • • • • •
Fixed and mobile (with Patroller) LPR solution management Automatic identification of stolen (or scofflaw) vehicles Enforcement of city parking regulations (not involving permits) Enforcement of parking lot regulations (involving permits) License plate inventory in large parking facilities
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
5
Architecture overview
Architecture overview This section provides an overview of the components in a Security Center system. The setup and configuration of these components are explained later in this guide. This section includes the following topics:
• "About Security Center components" on page 6 • "What is Genetec Server?" on page 7
About Security Center components Security Center’s architecture is based on a client/server model, where all system functions are handled by a pool of server computers distributed over an IP network. Every Security Center system must have its own pool of servers. Their number can range from a single machine for a small system to hundreds of machines for a large scale system.
NOTE The icons colored in blue represent the computers where Security Center server and client
components are installed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
6
Architecture overview
What is Genetec Server? Genetec Server is the Windows service you must install on every computer that you want included in the pool of servers available for Security Center to use. Every server is a generic computing resource capable of taking on any role (set of functions) you assign to it. You can increase the computing power of your Security Center system at any time by adding more servers to your pool of resources.
What is the main server? The main server is the only server on your system that hosts the Directory role. The Directory is the role that gives your system its identity. All other servers on the system must connect to the main server in order to be part of the same system. You can have only one main server on any Security Center system.
What is an expansion server An expansion server is any computer other than the main server that you add to your system to increase its total computing power. An expansion server must connect to the main server and can host any role in Security Center, except the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.
What is a role? A role is a software module that performs a specific job within Security Center. For example, you can assign roles for archiving video, for controlling a group of units, or for synchronizing Security Center users with your corporate directory service. You create and configure roles using Config Tool. You can assign one or more roles to a single server, or assign multiple servers to the same role to provide load balancing and failover. For more information, see "How role failover works in Security Center" on page 61. For each role you create, you can specify its parameters. After you’ve configured a role, you can move it to any server on your system (for example, one with a faster processor or more disk space) without having to install any additional software on that server. For a list of role types available in Security Center and what they are used for, see "Role types" on page 510.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
7
2 Getting started with Config Tool This section provides you with basic knowledge about Config Tool, the main application an administrator needs to configure Security Center. Once you’ve learned the basic concepts described in this section, you can refer to the "Config Tool reference" on page 330 for specific information on Config Tool topics. This section includes the following topics:
• "Connecting to Security Center" on page 9 • "Differences between Config Tool 5.1 and 5.2" on page 11 • "Config Tool interface tour" on page 13
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
8
Connecting to Security Center
Connecting to Security Center This section describes how to connect to Security Center. This section includes the following topics:
• • • •
"Log on" on page 9 "Change your password" on page 10 "Log off " on page 10 "Close the application" on page 10
Log on Before you begin: You need your username, password, and Directory name. 1 To open Config Tool, click Start > All Programs > Genetec Security Center 5.2 > Config Tool.
2 In the Logon dialog box, enter the required information. If you have just installed Security Center, log on with the default administrative user Admin with a blank password. The Directory name is the name or IP address of your main server. If you are running Config Tool on your main server, you can leave the Directory field blank. 3 Click Log on. The Home page appears. For more information, see "Home page overview" on page 14. After you are done: Change the Admin user’s password if it hasn’t been changed yet. IMPORTANT If active directory integration has been set up by your system administrator, and you
are connecting over a VPN connection, you must clear the Use Windows credentials check box and type your username in the format DOMAIN\Username. NOTE More logon options are available when an Active Directory is integrated to Security Center. For more information, see "Logging on with an Active Directory user" on page 153.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
9
Connecting to Security Center
Change your password Best practice: It is recommended to change your password regularly. 1 From the Home page, click About. 2 In the About page, click Change password. The Change password dialog box appears.
3 Enter your old password, then enter your new password twice. 4 Click OK.
Log off You can log off from Security Center without closing Config Tool. Logging off disconnects you from the Directory. Use this command when you plan to log on again using a different username and password.
• From the Home page, click Log off.
Close the application 1 In the upper-right corner of the Config Tool window, click Exit (
).
If you have unsaved tasks in your workspace, you are prompted to save them. 2 Click Save to automatically load the same task list the next time you open Config Tool.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
10
Differences between Config Tool 5.1 and 5.2
Differences between Config Tool 5.1 and 5.2 The following table highlights the differences between Config Tool 5.1 and 5.2. Item
Config Tool 5.1
Config Tool 5.2
Home page
Access the Home page by clicking the Home button.
Access the Home page by clicking the Home tab.
Favorites
Favorite items displayed in the Favorites tab in the Home page.
Favorite items listed in the Tasks tab in the Home page.
Recently used
Recent items displayed in the Recently used tab in the Home page.
Recent items listed in the Tasks tab in the Home page.
Private/public tasks
Private and public tasks are saved in the Saved tasks tab in the Home page.
Private and public tasks are saved as separate tabs in the Home page.
License options
All license options are displayed in the About page.
Some license options displayed in the About page can be turned on or off.
Task organization
Tasks in the Tasks tab listed by task category (Administration, Operation, and Maintenance), and solution type (access control, video, intrusion investigation, and LPR).
Tasks in the Tasks tab listed by task category (Administration, Operation, and Maintenance). The solution types are indicated by a colored line under the task icons; red for access control, green for video, and yellow for LPR.
Notification tray
Can hide some of the notification tray items.
All notification tray items can be shown or hidden.
Selector
Selector contains different tabs, such as Logical view and Query tab.
The Logical view and Query tab are displayed, but the selector is not indicated in the user interface.
Report commands
Report commands grouped in the Report tab (export and print report) in Maintenance tasks.
Report commands found at the top of the report pane (export and print report) in Maintenance tasks.
Select columns
Select which columns to display from the Report tab in Maintenance tasks.
Select which columns to display by right-clicking a column heading in the report pane in Maintenance tasks.
Configuring alarm entities
Alarm entity configuration pages found in the System task
Alarm entity configuration pages found in the new Alarms task.
Credential enrollment task
Allows you to enroll credentials.
Renamed to Credential management task. Allows you to enroll credentials, create and assign credentials, and respond to credential card printing requests.
Cardholder management
Three tabs for configuring cardholders: Identity, Credentials, and Access rules.
Two tabs for configuring cardholders: Identity and Access rules. Credentials tab is merged into the Identity tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
11
Differences between Config Tool 5.1 and 5.2
Item
Config Tool 5.1
Config Tool 5.2
Access control unit configuration report
Access control maintenance report, where you can view the configuration of access control units in your system.
Renamed to Hardware inventory report. A general maintenance report, where you can view the configuration of access control, video, intrusion detection, and LPR units in your system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
12
Config Tool interface tour
Config Tool interface tour This section describes the main components of the Config Tool user interface. This section includes the following topics:
• • • •
"How Config Tool is organized" on page 13 "Home page overview" on page 14 "Administration task workspace overview" on page 16 "Maintenance task workspace overview" on page 19
How Config Tool is organized Config Tool is organized by tasks. All tasks can be customized, and multiple tasks can be carried out simultaneously. You might not see all the tasks and commands described in this guide, depending on your license options and user privileges. There are user privileges for each Config Tool task, and for many commands in Config Tool. Tasks in the Home page are organized into three categories:
• Administration. Administration tasks used to create and configure the entities required to model your system.
• Operation. Tasks related to day-to-day Security Center operations. • Maintenance. Tasks related to maintenance and troubleshooting. Under each major category, the tasks are further divided as follows:
• Common tasks. Tasks that are shared by all three Security Center software modules. These tasks are always available regardless of which modules are supported by your software license.
• Access control. Tasks related to access control. Access control tasks are displayed with a red line under their icons. They are only available if Synergis is supported by your software license.
• Intrusion detection. Tasks that let you manage intrusion detection areas and units. • LPR. Tasks related to license plate recognition. LPR tasks are displayed with a yellow line under their icons. They are only available if AutoVu is supported by your software license.
• Video. Tasks related to video management. Video tasks are displayed with a green line under their icons. They are only available if Omnicast is supported by your software license.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
13
Config Tool interface tour
Home page overview This section describes the Home page, and key components of the Config Tool user interface. The Home page is the main page in Config Tool. You can open the Home page by clicking Home ( ). It is also shown if the task list is empty. A
B
C
D
E F G H I J K L M
N
A
Home tab
• Click to show or hide the Home page.Right-click for a list of commands (for example, save the workspace, close tasks, and so on).
B
Current tasks
Lists the tasks you currently have open and are working on. • Click a task tab to switch to that task. • Right-click a tab for a list of commands. See "Working with your current tasks" on page 24.
C
Notification tray
Displays important information about your system. Hold your mouse pointer over an icon to view system information, or double-click the icon to perform an action. You can choose which icons to show in the notification bar from the Options dialog box. See "Notification tray" on page 684.
D
List all tasks
Click to view a list of all open tasks. This button only appears if the task tabs take up the width of the taskbar.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
14
Config Tool interface tour
E
Search box
Type the name of the task, tool, or entity you are looking for. All tasks, tools or entities containing that text in their category, name, or description, are shown.
F
Tasks
Lists your recent items, favorites, and all the task types that are available to you. Select a task to open from this tab.
G
Private/ public tasks
Click to view the saved tasks that are available to you. • Private tasks. Tasks that you saved that are only available to you. • Public tasks. Tasks that you or someone else saved that are available to the general public. To save a private or public task, see "Save a task" on page 26.
H
Tools
Click to view the tools that you can start directly from your Home page. The Tools page is divided into two sections: • Tools. This section shows the standard Security Center tools. • External tools. This section shows the shortcuts to external tools and applications. See "Adding shortcuts to external tools" on page 692.
I
Options
Click to configure Config Tool options. See "Options dialog box" on page 678.
J
About
Click to view information regarding your Security Center software, such as your license, SMA, and software version. From the About page, you can also view the following: • Help. Click to open the online help. • Change password. Click to change your password. See "Change your password" on page 10. • Contact us. Click to visit GTAP or the GTAP forum. You need an Internet connection to visit these Web sites. See "Technical support" on page 869. • Installed components. Click to view the name and version of all installed software components (DLLs). • Copyright. Click to display software copyright information. For information about your software license, see "License options" on page 768.
K
Log off
Click to log off without exiting the application.
L
Favorites
Right-click any task or tool to add or remove it from your Favorites list. You can also drag a task into your favorites list. Tasks listed in favorites no longer appear in the Recent items list.
M
Recent items
Lists your recently opened tasks and tools.
N
Browse tasks
Click to view all the tasks available to you. Click a task icon to open the task. If it is a single-instance task, it will open. If you can have multiple instances of the task, you are required to type a name for the task. If the task has multiple entity views, you need to select an entity. See also, "Adding a task" on page 22.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
15
Config Tool interface tour
Administration task workspace overview Administration tasks used to create and configure the entities required to model your system. This section takes you on a tour of the administration task layout, and describes the common elements of most administration tasks. The Security task was used as an example. You can open the Security task by typing its name in the Search box on the Home page. For more information about administration tasks, see "Administration tasks" on page 611.
A B C D E F
G
H
I
A
Entity views
You’ll typically find one view for each entity type managed by the task.
B
Entity filter
Enter a string in this field and type Enter to filter the entities in the browser by name. Click Apply a custom filer ( ) to hand pick the entities you want to show in the browser.
C
Entity history
Use these buttons to browse through recently used entities within this task.
D
Entity browser
Click an entity in the browser to show its settings on the right.
E
Current entity
The icon and name of the selected entity is displayed here.
F
Configuration tabs
The entity settings are grouped by tabs. For more information about the configuration tabs for each entity type, see "Entity types" on page 331.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
16
Config Tool interface tour
G
Configuration page
This area displays the entity settings under the selected configuration tab.
H
Apply/cancel changes
You must Cancel or Apply any change you make on the current page before you can move to a different page.
I
Contextual commands
Commands pertaining to the selected entity are displayed in the toolbar at the bottom of the workspace. See "Contextual command toolbar" on page 17.
Contextual command toolbar The commands pertaining to the selected entity in the browser are displayed at the bottom of the task workspace, in the contextual toolbar. The following table describes them all in alphabetical order. Icon
Command
Applies to
Description
Activate role
All roles
Activates the selected role.
Add a cardholder
Access rules and cardholder groups
Creates a cardholder and assigns it to the selected entity.
Add a credential
Cardholders
Creates a credential and adds it to the selected cardholder.
Add an entity
All entities
See "Create an entity manually" on page 37.
Assign to new door
Access control units
Creates a door and assigns it to the selected access control unit.
Audit trails
All entities
Creates an Audit trails task for the selected entity. See "Finding out who made changes on the system" on page 181.
Conflict resolution
Active Directory role
Opens the Active Directory conflict resolution dialog box. See "Resolve conflicts due to imported entities" on page 149.
Copy configuration tool
All entities
See "Copy configuration tool" on page 668.
Create an access rule
Areas, doors, elevators
Creates an access rule and assigns it to the selected entity.
Deactivate role
All roles
Deactivates the selected role.
Delete
All entities
Deletes the selected entity from the system. Discovered entities can only be deleted when they are inactive.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
17
Config Tool interface tour
Icon
Command
Applies to
Description
Diagnose
All roles, and some entities
Performs a diagnosis on the selected role or entity.
Enable maintenance mode
Roles and physical devices
Set a role or a physical device in maintenance mode so its down time will not affect its availability calculation by the Health Monitor. See "Set an entity in maintenance mode" on page 80.
Health statistics
Roles and physical devices
Creates a Health statistics task for the selected entity. See "Viewing the health status and availability of entities" on page 171.
Identify
Video units
Flashes an LED on the selected unit to help locate it on a rack.
Live video
Cameras
Opens a dialog box showing live video from the selected camera. See "Test the video quality of your camera" on page 213.
Move unit
Access control and video units
Opens the Move unit tool, where you can move units from one manager to another. See "Move unit" on page 655.
Ping
Video units
Pings the video unit to check if you can communicate with it. This is helpful for troubleshooting purposes.
Print badge
Cardholders and credentials
Allows you to select a badge template and print a badge for the selected cardholder or credential.
Reboot
Video and access control units
Restarts the selected unit.
Run macro
Macros
Runs the selected macro. See "Using macros" on page 110.
Trigger alarm
Alarms
Triggers the selected alarm so it can be viewed in Security Desk. See "Testing alarms" on page 112.
Unit discovery tool
Access control and video units
Opens the Unit discovery tool, where you can find IP units connected to your network. See "Unit discovery tool" on page 653.
Unit’s Web page
Video units
Opens a browser to configure the unit using the Web page hosted on the unit.
Walkthrough wizard
Cardholders
A tool that enrolls doors into Synergis in bulk, by having a cardholder present his credential at the doors to be enrolled. See "Using the Walkthrough wizard" on page 271.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
18
Config Tool interface tour
Maintenance task workspace overview Maintenance tasks are where you generate customized queries on the entities, activities, and events in your Security Center system for maintenance and troubleshooting purposes. This section takes you on a tour of the maintenance task layout, and describes the common elements of most maintenance tasks. The Access rule configuration task was used as an example. You can open the Access rule configuration task by typing its name in the Search box on the Home page. A B C D
E
F A
Number of results
Displays the number of returned results. A warning is issued when your query returns too many rows. If this happens, adjust your query filters to reduce the number of results.
B
Query filters
Use the filters in the query tab to set up your query. Click on a filter heading to turn it on ( ) or off. Invalid filters display as Warning or Error. Hover your mouse over the filter to view the reason it is invalid. For a list of query filters available in Security Desk, see "Query filters" on page 712.
C
Export/print report
Click to export or print your report once it is generated. See "Generate a report" on page 30.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
19
Config Tool interface tour
D
Select columns
Right-click a column heading to select which columns to display. For a list of report columns available in Security Desk, see "Report pane columns" on page 723.
E
Report pane
View the results of your report. Drag an item from the list to a tile in the canvas, or right-click an item in the list to view more options associated with that item, if applicable.
F
Generate report
Click to run the report. This button is disabled if you have not selected any query filters, or when you have invalid filters. While the query is running, this button changes to Cancel. Click on Cancel to interrupt the query.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
20
3 Working with tasks This section includes the following topics:
• "Adding a task" on page 22 • "Working with your current tasks" on page 24
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
21
Adding a task There are two ways you can add tasks to your workspace:
• "Create a new task" on page 22 • "Load a saved task" on page 23
Create a new task 1 From the Home page, do one of the following:
Type the task name in the Search box.
Click the Tasks tab, and then click Browse all tasks.
2 Click the task. 3 Depending on the task type you select, do one of the following:
If only one instance of the task is allowed, the new task is created. Single-instance tasks cannot be renamed. (Only Administration tasks) If the task contains more than one entity view, select a view to configure. This option is only available for administration tasks. Tasks that allow you to configure more than one entity are indicated with a plus sign on the task icon.
If more than one instance of the task is allowed, you are prompted to provide a task name. Enter the task name, and click Create.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
22
Adding a task
NOTE This behavior can be changed in the User interaction tab in the Options dialog box. For more information, see "User interaction options" on page 685.
The new task is added to your task list.
Load a saved task You can load tasks that you have previously saved as private or public tasks.
• Private tasks. Tasks that you saved that are only available to you. • Public tasks. Tasks that you or someone else saved that are available to the general public. 1 From the Home page, click the Private tasks or Public tasks page. 2 Click a task. The task you select opens.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
23
Working with your current tasks This section includes the following topics:
• • • • • • •
"Task list commands" on page 24 "Close the current task" on page 25 "Reordering tasks" on page 25 "Save a task" on page 26 "Send a task to another workstation" on page 27 "Change the taskbar position" on page 27 "Set the taskbar to auto-hide" on page 27
Task list commands You can edit and work with your current tasks by right-clicking any tab in the task list.
Command
Description
Rename task
Click to rename the selected task. Only tasks that accept multiple instances can be renamed. You can also select the task tab, and then click F2 to rename the task.
Save
Click to save any changes you made to a previously saved task.
Save as
Click to save the task under a different name and scope (private or public). See "Save a task" on page 26.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
24
Working with your current tasks
Command
Description
Send
Click to send the selected task to another Security Desk user or workstation. See "Send a task to another workstation" on page 27.
Close task
Click to close the selected task. See also "Close the current task" on page 25.
Close all tasks
Click to close all tasks in your current task list.
Close all other tasks
Click to close all tasks in your current task list, except the selected task.
Add to Favorites
Click to add the selected task to your Favorites list on the Home page.
Remove from Favorites
Click to remove the selected task from your Favorites list on the Home page.
Save workspace
Click to save the current task list and workspace. The same tasks and workspace layout loads automatically the next time you log on to Security Desk with the same username. If you make changes to a task and save the workspace again, the previous configuration is lost. See also "Save a task" on page 26.
Sort by name
Click to reorder the tasks in alphabetical order from left to right. See "Reordering tasks" on page 25.
Tiles only
Click to hide the selector pane, the event pane, and the dashboard. Only the canvas tiles and task list are visible. This option is mainly used for the Monitoring task.
Full screen
Click to display the Security Desk window in full screen mode.
Close the current task • On the task tab, click
.
Reordering tasks This section includes the following topics:
• "Sort tasks by name" on page 25 • "Reorder tasks manually" on page 26 Sort tasks by name You can automatically reorder the tasks in the task list by name.
• Right-click anywhere on the task list, and select Sort by name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
25
Working with your current tasks
Reorder tasks manually You can choose the task position in the task list manually.
• Click and hold a task tab, and drag it to the desired position in the list.
Save a task You can save your tasks permanently in either the private task list that only you can access, or in the public task list that everyone can access. The benefits for doing so are:
• You can delete your task from your active task list and reload it when you need it. • Public tasks can be shared with other users. • Public tasks can be used as a report template with the Email a report action. The task characteristics that are saved are:
• The filter settings used by the task query. • The report layout (choice and order of columns in the report). • The canvas layout and the entities displayed in each tile. NOTE The query results are not saved as part of the task definition. Only the query filters are saved. The results are regenerated every time you run the query.
To save a task in a permanent list: 1 Do one of the following:
Right-click the task tab, and click Save as.
Use the CTRL+T keyboard shortcut.
NOTE A reporting task can be saved only when the query is fully qualified. You know that
your query is valid when the Generate report button in the Query tab is activated. 2 In the dialog box that appears, select the list you want to save your task to:
Private tasks. The task can only be accessed by you. Enter a name for the saved task, or select an existing one to overwrite it.
Public tasks. Anyone can reuse your task. Enter a name for the saved task or select an existing one to overwrite it, and select the Partition that the task should belong to. The partition ensures that only certain users can view or modify this task.
3 (Optional) Rename the saved task. TIP The saved task name should be descriptive. For example, a saved monitoring task that displays your parking lot cameras might be saved with the name Parking Lot - Monitoring. A saved investigation task that queries for video bookmarks added over the last day might be saved as Today’s Bookmarks.
4 Click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
26
Working with your current tasks
Send a task to another workstation You can send your current tasks to another Security Desk user on another workstation. This could be helpful if you’ve selected specific cameras to monitor and you want to share the task with someone else. Or, perhaps you’ve configured the query filters for a certain investigation task, and you want somebody else to run the same report. 1 Open the task you want to send. 2 (Optional) Configure the task. EXAMPLE Modify the tile layout, display certain cameras, configure query filters, add
entities to be monitored, etc. 3 Right-click the task tab, and then click Send. The Send task dialog box opens. 4 Click
.
5 Depending on whether you want to send the task to a user or a workstation, set the UserMonitor toggle switch to the appropriate type of recipient. 6 Select your recipient. 7 (Optional) If you are sending the task to a user, write a message in the Message field. 8 Click Send. The recipient receives a pop up message explaining that someone has sent them a task. They are prompted to accept the task before it loads in their Security Desk.
Change the taskbar position You can configure the taskbar to appear on any edge of the Security Desk window. 1 From the Home page, click Options. 2 In the Options dialog box, click the Visual tab. For more information, see "Visual options" on page 683. 3 From the Taskbar position drop-down list, select the edge where you want the taskbar to appear. 4 Click Save.
Set the taskbar to auto-hide You can configure the taskbar to appear only when the mouse cursor hovers over the edge where the taskbar is located. 1 From the Home page, click Options. 2 In the Options dialog box, click the Visual tab. For more information, see "Visual options" on page 683.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
27
Working with your current tasks
3 Select the Auto-hide the taskbar option. NOTE This option hides both the taskbar and the notification tray. See "Notification tray" on page 684.
4 Click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
28
4 Working with reports This section includes the following topics:
• "Generate a report" on page 30 • "Export and print your report" on page 31 • "Customize the report pane" on page 32
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
29
Generate a report
Generate a report To generate a report for any task, you need to set the query filters, and then run the query. After you generate the report, you can work with your results. 1 Select an existing reporting task, or create a new one. See "Adding a task" on page 22. 2 Use the filters to create a customized search. 3 Click Generate report to run the query. If there are invalid filters, the Generate report button is unavailable. If your query returned too many results, you receive a warning message. Fine tune your query and run it again. The query results are displayed in the report pane. NOTE The maximum number of report results you can receive in Config Tool is 10, 000. By
default the maximum number of results is 2000. This value can be changed from the Options dialog box. See "Performance options" on page 689. 4 (Optional) Customize your query results. You can select the columns you want to show in your report, change the width and order of the columns, and sort the rows. See "Customize the report pane" on page 32. 5 Work with the query results. Depending on the items in the query results, you can print the report, or save the report as an Excel or PDF document. See "Export and print your report" on page 31. 6 Save the report as a template. Save the reporting task (query filters and report layout) as a report template that can be used with the Email a report action.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
30
Export and print your report
Export and print your report This section includes the following topics:
• "Export your report" on page 31 • "Print your report" on page 31
Export your report In every reporting task, you can export your report once it is generated. 1 At the top of the report pane, click
Export report.
The Save report as dialog box appears.
2 Select the file format. You must select CSV, Excel, or PDF file format. If you choose CSV format, you must also specify where the attached files, such as cardholder pictures or license plate images, are to be saved. 3 Select the destination file name. 4 Click Save.
Print your report In every reporting task, you can print your report once it is generated. 1 At the top of the report pane, click
Print report.
The Report preview dialog box appears.
• Click Print (
) in the preview window, and select a printer.
You can also export the report as a Microsoft Excel, Word, or Adobe PDF document.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
31
Customize the report pane
Customize the report pane Once you have generated your report, you can customize how the results are displayed in the report pane, such as re-ordering the rows and columns, choosing which columns to display, and so on. This section includes the following topics:
• "Resize columns" on page 32 • "Select columns" on page 32 • "Change the column order" on page 33
Resize columns You can change the column width in the report pane in any task.
• Click between two column headings and drag the separator to the right or to the left.
Select columns You can choose which columns to show or hide in the report pane. 1 In the report pane, right-click on a column heading, and then click Select columns (
).
A dialog box showing all available columns for your report appears.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
32
Customize the report pane
2 Select the columns you want to show, and clear the columns you want to hide.
3 To change the column order of appearance, use the
and
arrows.
4 Click OK. 5 (Optional) To save your column selection, right-click in the taskbar, and then click Save workspace.
Change the column order You can change the column order in the report pane in any task. 1 Click and hold a column heading in the report pane, and drag it to the desired position. 2 Repeat for all the columns you want to move.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
33
Part II Security Center administration Learn about administration tasks for configuring your system. This part includes the following chapters: •
Chapter 6, “Common administrative tasks” on page 46
5 Basic principles about entities This section includes the following topics:
• • • •
"Entities as basic building blocks" on page 36 "Configuring entities" on page 37 "Searching for tasks and entities" on page 42 "Delete an entity" on page 45
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
35
Entities as basic building blocks
Entities as basic building blocks Everything that requires configuration in Security Center is represented by an entity. Entities are the basic building blocks of Security Center. An entity can represent a physical device, such as a camera or a door, or an abstract concept, such as an alarm, a schedule, a user, or a software module. Configuring your system is about creating and configuring the entities required to model your system. For more information about the Administration tasks you can use to configure the entities in your system, see Chapter 15, “Administration tasks” on page 611.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
36
Configuring entities
Configuring entities As the basic building blocks of Security Center, most entities must be created manually. Other entities, such as those representing hardware devices connected to your system, must be discovered by Security Center. This section includes the following topics:
• • • • •
"Create an entity manually" on page 37 "Common entity attributes" on page 38 "Entities created automatically by the system" on page 39 "Using geographical locations" on page 40 "Further readings on entity configuration" on page 40
Create an entity manually All entities are manually created by specialized entity creation wizards in Config Tool. All the administration tasks allow you to create every entity type. The difference is how quickly you can get to the wizard you want. Every administration task is designed to favor a certain family of entities, so it is helpful to know them well. 1 From the Home page in Config Tool, open the administration task that is most appropriate for the type of entity you want to create. 2 At the bottom of the task workspace, click Add an entity ( has.
) or whatever name this button
If this button has an entity type name, it will immediately open the corresponding entity creation wizard. If not, you’ll need to click a few more times to find the entity type you want to create. 3 Follow the steps in the entity creation wizard to guide you through the creation process. Most wizards start with a first step called Basic information. For more information, see "Common entity attributes" on page 38. After you are done: Most wizards only help you create the entity. You might need to perform more configuration work before the entity is usable. For more information, see "Further readings on entity configuration" on page 40.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
37
Configuring entities
Common entity attributes During the entity creation process, you must always go through a step (usually the first step) called Basic information. The following screenshot is for a user entity.
You will be asked to enter the following information:
• Entity name. This name identifies the entity everywhere in the Config Tool. You can create two entities with the same name (except for user entities), but it is not recommended. In some cases, a default entity name is created for you, but you can override it.
• Entity description. Optional information regarding the entity. • Partition. Partitions are logical groupings used to control the visibility of certain entities by certain users on the system. Only users with permission to use a partition can see the entities placed in that partition. You have the following choices:
Existing partition. Allows you to select an existing partition from a drop-down list. Selecting Public partition makes the entity visible to everyone on the system.
New partition. Allows you to create a partition before placing the new entity in it. System partition. Puts the new entity in the System partition. Only administrators can view and modify entities belonging to the System partition.
TIP If you are not planning to divide your system into partitions, it is better to leave everything in the Public partition rather than the System partition. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
38
Configuring entities
For more information on partitions, see "Defining partitions" on page 90.
Entities created automatically by the system Not all entities in the system are created manually. Some are discovered by the system, while others support both automatic and manual creation. As a general rule, the system requires a live connection to a hardware device before the entity representing it can be created. The following table lists the special cases: Icon
Entity type
Automatic creation
Manual creation
Server
Always.
Not supported.
Network
Adding a new server automatically creates a new network.
Supported, but generally not required.
Access control unit
Only for units that support automatic discovery. See "What is automatic discovery?" on page 196.
Supported, but requires a live connection to the unit.
Video unit
Only for units that support automatic discovery. See "What is automatic discovery?" on page 196.
Supported, but requires a live connection to the unit.
Camera (video encoder)
Always. Camera (or video encoder) entities are created when the encoding video units are added to your system.
Not supported.
Analog monitor
Always. Analog monitor (or video decoder) entities are created when the decoding video units are added to your system.
Not supported.
LPR unit
• Fixed LPR units are discovered by the LPR Manager roles. • Mobile LPR units (mounted on patrol vehicles) are added when the Patroller entities are added.
Supported for fixed LPR units, but generally not required.
Patroller
Always.
Not supported.
Intrusion detection unit
Never.
Supported, but requires a live connection to the intrusion panel.
Intrusion detection area
Created by the Intrusion Manager role when the intrusion panel is enrolled.
Supported only if the Intrusion Manager cannot read the area configurations from the unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
39
Configuring entities
Using geographical locations The geographical location (latitude, longitude) of the entity has several different uses. For example, for video units, it is used for the automatic calculation of the time the sun rises and sets on a given date. For fixed LPR units that are not equipped with a GPS receiver, the geographical location is used to plot the LPR events (reads and hits) associated with the LPR unit on the map in Security Desk. To set the latitude and longitude: 1 In the Location tab of an entity, click Select. A map window appears. 2 Navigate to the location of your entity on the map. You can click and drag to zoom in, zoom out, and pan. 3 Click Select in the map window. The cursor changes to a cross. 4 Click on the desired location on the map. A red pushpin appears on the map. 5 Click OK. The latitude and longitude fields are filled with the coordinates of the location you clicked on the map. For more information, see "Location" on page 336.
Further readings on entity configuration Entity configuration is the biggest part of a system administrator’s job. Depending on the type of system you have, your configuration strategy might be quite different. The following chapters deal with general configuration strategies:
• • • •
"Common administrative tasks" on page 46 "Deploying Omnicast" on page 186 "Deploying Synergis" on page 251 "Deploying AutoVu" on page 329
Regarding the specific settings available for each entity type, please refer to the following chapters under Part V – Config Tool reference.
• "Entity types" on page 331 • "Role types" on page 510 Finally, a number of tools are available through the Config Tool’s Home page Tools menu that are specifically geared towards entity configuration. They are:
• "Copy configuration tool" on page 668 • "Going through the import steps" on page 658 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
40
Configuring entities
• "Unit discovery tool" on page 653 • "Unit replacement" on page 654 • "Move unit" on page 655
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
41
Searching for tasks and entities
Searching for tasks and entities If you cannot find the tasks, tools, or entities you need, there are three ways you can search for them in Config Tool:
• "Search for a task" on page 42 • "Search for entities by name" on page 43 • "Search for entities using the Search tool" on page 43
Search for a task The easiest way to find a task or tool is to use the search from Config Tool’s Home page. 1 From the Home page, type in the Search box. All tasks, tools, and entities in your system whose name or description contains your search text appear in the Home page.
2 Click a task or a tool to open it, or click an entity to jump to that entity’s configuration page. 3 Click Clear filter (
) to stop filtering your tasks.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
42
Searching for tasks and entities
Search for entities by name If you cannot find the entity you need in a task, you can use the name search to reduce the number of entities listed in the selector. 1 In the Search box in the selector, type the entity name you are searching for. 2 Click Search (
).
Only entities with names containing the text you entered are listed. 3 Click Clear filter (
) to stop using the search filter.
Search for entities using the Search tool In many Config Tool tasks, you can apply a set of filters to find the entities you need using the Search tool. The filters available depend on the task you are using. For example, in the Health history task, you can filters entities by name, description, entity type, and partition. 1 In the Search box in the selector, click Apply a custom filter (
).
The Search window opens. 2 Use the filters to specify your search criteria.
To turn on a filter, click on the filter heading. Active filters are shown with a green LED ( ). To turn off a filter (
), click on the filter heading.
NOTE Invalid filters are shown in red. You can point to the
icon to see why the filter is
invalid. 3 Click Search (
).
The search results appear on the right. The total number of results is displayed at the bottom of the list. 4 (Optional) Click Select columns (
) to choose which columns to display in the result list.
5 Select the entities you want.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
43
Searching for tasks and entities
TIP Hold the CTRL key for multiple selections. Click pages of results.
and
to scroll through multiple
6 Click Select. Only the entities you selected appear in the selector. 7 Click Clear filter (
) to stop using the search filter.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
44
Delete an entity
Delete an entity You can delete entities that you have manually created, and those that were discovered automatically by the system. Before you begin: If the entity was automatically discovered, it must be offline or inactive (shown in red) before you can delete it. 1 Select the entity in the Logical view. 2 In the contextual command toolbar, click Delete (
).
3 In the confirmation dialog box that appears, click Delete.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
45
6 Common administrative tasks This section explains the basic tasks required to configure Security Center. This section includes the following topics:
• • • • • • • • • • • • • • • • • • • •
"Managing servers and roles" on page 47 "Managing databases" on page 52 "Configuring Security Center for high availability" on page 60 "Configuring role failover" on page 61 "Configuring Directory failover and load balancing" on page 66 "Configuring Directory database failover" on page 71 "Monitoring your system’s health" on page 75 "Managing the Network view" on page 82 "Managing the Logical view" on page 85 "Managing software security" on page 89 "Automating system behavior" on page 103 "Managing alarms" on page 111 "Managing threat levels" on page 117 "Federating remote systems" on page 128 "Defining custom fields and data types" on page 136 "Integrating with Windows Active Directory" on page 140 "Managing intrusion panels" on page 155 "Managing zones" on page 160 "Supporting cross-platform development" on page 164 "Creating tile plugins" on page 165
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
46
Managing servers and roles
Managing servers and roles Every Security Center system requires its own pool of servers to run the system’s functions. As system administrator, you must ensure that enough computing power is available for your system to carry out its required load. For more information, see "Architecture overview" on page 6. This section includes the following topics:
• • • •
"Add an expansion server to your system" on page 47 "Managing servers" on page 48 "Managing roles" on page 49 "Diagnose role problems" on page 51
Add an expansion server to your system You can add expansion servers to your system at any time to increase the total computing power of your system. 1 Install Genetec Server on the computer that you want to add to the server pool. Genetec Server is installed as part of Security Center Server. For more information, see “Install an expansion server” in the Security Center Installation and Upgrade Guide. 2 Connect that computer to the Security Center’s main server. The main server is the one that hosts the Directory role. This is done with the Server Admin through a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. 3 Open Config Tool on any workstation. 4 From the Home page, open the Network view task. The server you just added should appear in the network tree. The name of the server entity should match the domain name of the server. 5 Select the new server entity, and click the Properties tab. If the server is used as the proxy server for a private network protected by a firewall, set its Public address and Port as configured by your IT department. For more information, see Server – "Properties" on page 472. 6 Click Apply. The new server is now ready to take on any role you wish to assign to it.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
47
Managing servers and roles
Managing servers After Genetec Server is installed on a machine, you can change its password and other settings using Server Admin. Server Admin is a Web application running on every machine where the Genetec Server service is installed. It allows you to change the settings of that particular server. For more information, see Server – "Server Admin" on page 473.
Open Server Admin using Internet Explorer You can access Server Admin on any server in your system using Microsoft Internet Explorer, which allows you to fully configure that server. Before you begin: You need to know the server’s DNS name or IP address, the Web server port, and the server password in order to log on to that server using Server Admin. The server password is specified during Security Center Server installation. For more information, see the Security Center Installation and Upgrade Guide. 1 Do one of the following:
In the address bar of your Web browser, type http://machine:port/Genetec, where machine is the DNS name or the IP address of your server, and port is the Web server port specified during Security Center Server installation. You can omit the Web server port if you are using the default value (80).
If connecting to Server Admin from the local host, then double-click the Genetec Server Admin icon in the Genetec Security Center 5.2 program folder.
A dialog box requesting a password appears. 2 Enter the server password, and click Log on. The Genetec Security Center Server Admin page appears in your browser. After you are done: Configure the server. See "Server Admin" on page 473.
Open Server Admin using Config Tool You can access Server Admin on any server in your system using Config Tool, without requiring a server password or port number. When you open Server Admin from Config Tool, you cannot upgrade or restore the Directory database. Before you begin: You need to know the server password in order to log on to that server using Server Admin. The server password is specified during Security Center Server installation. For more information, see the Security Center Installation and Upgrade Guide. 1 From the Home page in Config Tool, open the Network view task. 2 Select the server you want to configure, and click the Server Admin tab. 3 Click Log on. The Genetec Security Center Server Admin page appears in the Server Admin tab. After you are done: Configure the server. See "Server Admin" on page 473. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
48
Managing servers and roles
Convert a main server to an expansion server When a computer comes pre-installed with Security Center, the Main server configuration is always used by default. You might need to convert a main server to an expansion server since only one main server is allowed per system. Before you begin: Make sure you have another main server to connect to before you decommission your current main server. For more information, see “Install Security Center on a main server” in the Security Center Installation and Upgrade Guide. 1 Log on to Server Admin on your computer using a Web browser (Internet Explorer). For this operation, using the Config Tool won’t work. For more information, see "Open Server Admin using Internet Explorer" on page 48. 2 In the Server Admin page, click the Genetec Server tab. 3 Scroll to the end of the browser page and click Deactivate Directory. This operation will restart Genetec Server. 4 Log on again to Server Admin. This time, the Directory tab should not appear. 5 Scroll to the section labelled Main server connection, and configure the name and password of the main server it is supposed to connect to.
6 Click Apply.
Managing roles What is a role? A role is an entity in Security Center that defines the following:
• A specific set of functions (role type) that should be performed by the system, such as the management of video units and associated video archives.
• A specific set of parameters (role settings) within which the system should operate, such as the retention period for the video archives, or the database the system should use.
• The servers that should be hosting (running) this role. After a role has been defined, it can be moved from one server to another without requiring changes on the server or additional software installed. The process might cause a short pause in the role’s operations.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
49
Managing servers and roles
Some roles can spawn subprocesses (called agents) and execute them simultaneously on multiple servers for greater scalability.
Create a role entity Create roles to add or extend the functionality of your system. For more information about the role types available in Security Center, see "Role types" on page 510. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, click Add an entity (
), and select a role type.
3 From the Server drop-down list, select the server assigned to this role. 4 Select the database server database, and click Next. For the Database server, the path you indicate is relative to the selected server. 5 Enter the Basic information for this role, and click Next. For more information, see "Common entity attributes" on page 38. 6 Confirm the information displayed on the Creation summary page. 7 Click Create, and click Close. The new role entity is created. 8 Select the role’s Resources tab to configure the role server and database.
To use a different database than the default, see "Create a database" on page 55.
To switch the role to a different server, see "Move a role to a different server" on page 50.
To ensure the availability of the role in case of hardware failure, see "Configure failover for roles" on page 64.
9 Configure other role properties if necessary. For more information, see "Role types" on page 510. 10 Click Apply. The new role should be active and running. If not, see "Diagnose role problems" on page 51.
Move a role to a different server Before you begin: Make sure you have another server configured and ready to accept a new role. For more information, see "Add an expansion server to your system" on page 47. NOTE The following procedure does not apply to the Archiver role.
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to modify. 3 Click the Resources tab. 4 If the role requires a database, do one of the following:
If the database resides on a third computer, you have nothing to change.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
50
Managing servers and roles
If the database is empty, you can create it anywhere you want. See "Create a database" on page 55. If the database contains data and is residing on the current server, you need to move the database to the new server or to a third computer. See "Move a database to a different computer" on page 53.
5 Under the Servers list, click Add an item (
).
A dialog box appears with all available servers on your system. Select the substitute server and click Add. ).
6 Select the current server in the Servers list, and click Delete ( 7 Click Apply. The role now runs on the new server.
Deactivate a role A role can be deactivated for maintenance purposes. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to deactivate. 3 In the Contextual commands toolbar, click Deactivate role (
).
The role turns red (inactive) in the browser. TIP To reactivate the role, click Activate (
) in the Contextual commands toolbar.
Diagnose role problems A role that is not properly configured is displayed in yellow in the Role view. The diagnostic tool can help you troubleshoot your problem. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to troubleshoot. 3 In the Contextual commands toolbar, click Diagnose (
).
A troubleshooting window opens, showing the results from the diagnostic test performed on the selected role. Click Refresh ( ) to rerun the tests. 4 Click Close to end the diagnosis.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
51
Managing databases
Managing databases Most roles require a database to store the data they collect. Managing those databases is an important part of the system administrator’s responsibilities. This section includes the following topics:
• • • • • • • • • •
"Common database settings" on page 52 "Where should the database be hosted?" on page 53 "Move a database to a different computer" on page 53 "Connect roles to a remote database server" on page 54 "Create a database" on page 55 "View information about a role’s database" on page 56 "Turn on role database notifications" on page 57 "Back up your role database" on page 57 "Restore your role database" on page 58 "Delete a database" on page 59
Common database settings All roles requiring a database have a group of settings related to that database in the role’s Resources tab, as illustrated below.
From this group of settings, you can check the current status of the database, and perform the following maintenance functions: Button
Command
For more information
Create a database
See "Create a database" on page 55.
Delete the database
See "Delete a database" on page 59.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
52
Managing databases
Button
Command
For more information
Database info
See "View information about a role’s database" on page 56.
Notifications
See "Turn on role database notifications" on page 57.
Resolve conflicts
See "Resolve conflicts for Access Manager roles" on page 515.
Database backup
See "Back up your role database" on page 57.
Where should the database be hosted? By default, the role’s database is hosted on the same server that hosts the role. This is shown in the role’s Resources tab by the value(local)\SQLEXPRESS in the Database server field. If you plan to change the server hosting the role, or add secondary servers for failover, the database must be hosted on a different computer. For information about setting up a remote database server, see "Move a database to a different computer" on page 53 and "Connect roles to a remote database server" on page 54. NOTE The computer hosting the database server does not have to be a Security Center server (meaning a computer where Genetec Server service is installed), unless you are configuring Directory database failover using the backup and restore method.
Move a database to a different computer If you want to change the server hosting a role, or add secondary servers for failover, you must host the role’s database on a different computer. NOTE This procedure is not necessary for the Archiver role. For Archiver roles, it is recommended to host the database locally.
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role whose database you want to relocate. 3 In the Contextual commands toolbar, click Deactivate role (
).
4 Click the Resources tab. 5 Back up the current database. See "Back up your role database" on page 57. TIP Since the backup folder is relative to the current server, it might be a good idea to select a network location that can be reached by any server on your system.
6 (Optional) Delete the current database. See "Delete a database" on page 59. 7 Create the database on the new machine. See "Create a database" on page 55. 8 Restore the backed up content to the new database. See "Restore your role database" on page 58. 9 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
53
Managing databases
10 In the Contextual commands toolbar, click Activate (
).
Connect roles to a remote database server If a role’s database is hosted on a different computer than the role, you must configure the remote database server (SQL Server) to accept connection requests from the role. 1 On the computer hosting SQL Server, open the TCP port 1433 on Windows Firewall. 2 Enable remote connection on your SQL Server instance. a Open Microsoft SQL Server Management Studio and connect to the database server used by Security Center. b In the Microsoft SQL Server Management Studio window, right-click the database server ( ) in the Object Explorer, and select Properties. c In the Server Properties window, select the Connections page. d Under the section Remote server connections, select the option Allow remote connections to this server. e Click OK and close Microsoft SQL Server Management Studio. 3 Make your SQL Server instance visible from the SQL Server Browsers installed on other computers on your network. a Open Microsoft Management Console Services (services.msc). b Start the service named SQL Server Browser. c Right click the SQL Server Broswer server, and click Properties. d In the General tab, from the Startup type drop-down list, select Automatic. This SQL Server instance is now available from the Database server drop-down list of any role’s Resources tab in Config Tool. 4 Enable Named Pipes and TCP/IP protocols on your SQL Server instance. a Open SQL Server Configuration Manager. b Expand the SQL Server Network Configuration section, and select the protocols for your database server instance (for example, Protocols for SQLEXPRESS). c Right-click the Named Pipes and TCP/IP protocols, and set the status to Enabled.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
54
Managing databases
d Close SQL Server Configuration Manager. 5 Restart your SQL Server instance to enable the settings you have changed. a Open Microsoft Management Console Services (services.msc). b Right-click the SQL Server instance service (for example SQL Server (SQLEXPRESS)), and click Restart. 6 On every server that hosts your Security Center roles, change the logon user of the Genetec Server service to a local Windows administrator account, so the server can access the SQL Server instance you just modified. a Open Microsoft Management Console Services (services.msc). b Right-click the Genetec Server service, and click Properties. c In the Log on tab, select the This account option, and type an administrator Account name and Password. d Click Apply > OK. 7 On every server that might be used to host your Security Center roles, change the logon user of the SQL Server service to a local Windows administrator account, so the server can access the SQL Server instance you just modified. a Open SQL Server Configuration Manager. b Click SQL Server Services. c Right-click the SQL Server service, and click Properties. d In the Log on tab, select the This account option, and type an administrator Account name and Password. e Click Apply > OK.
Create a database You might need to create a new database, overwrite the default database assigned to your role by the system, or select a different database prepared by your company’s DBA group if you plan on using a dedicated database server. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, select a role, and click the Resources tab 3 From the Database server drop-down list, type or select the name of the database server. The value (local)\SQLEXPRESS corresponds to Microsoft SQL Server 2008 Express Edition that was installed by default with Genetec Security Center Server. To specify a database server on a different server than the one hosting the role, enter the name of that remote server. 4 From the Database drop-down list, type or select the name of the database. The same database server can manage multiple database instances. 5 Click the Create a database command. 6 Specify the database creation options. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
55
Managing databases
CAUTION If you select the Overwrite existing database option, all current content of the
selected database is lost. If you need to create a backup first, see "Back up your role database" on page 57. 7 Click OK. The database creation starts. A window appears, showing the progress of this action. You can close this window, and review the history of all database actions later on by selecting Database actions from the View menu. 8 Wait until you see Database status indicating Connected. 9 (Optional) See "Turn on role database notifications" on page 57. 10 Click Apply. The Status of the Database status field should indicate Connected.
View information about a role’s database You can view information about a role’s database, such as the database and database server versions, how much disk space is available, the number of archived events, and so on. The database information provided varies depending on the role. You might be asked to provide information on a role’s database when you contact Technical support. To view a role’s database information: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Database info (
).
The following information can be displayed, depending on the role:
Database server version. Software version of the database server.
Database version. Schema version of the role’s database.
Approximate number of events. (Also called Approximate number of archived events and Event count) Number of events that are stored in the role’s database. Source count (Archiver and Auxiliary Archiver only). Number of video sources (cameras) that have archives.
Video file count (Archiver and Auxiliary Archiver only). Number of video files.
Size on disk. Size of the Database files.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
56
Managing databases
Turn on role database notifications You can configure the role to send you an e-mail notification when the database space is running low. Before you begin: To make sure that the email notification is sent, configure the SMTP and Watchdog settings on the server hosting the role. See "Server Admin" on page 473. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Notifications (
).
4 In the dialog box that opens, set the following options:
Disk space. Sends a notification when the remaining free space falls below a certain threshold (in GB). Database usage. Sends a notification when the used space reaches a certain percentage. This option is only for the Express edition of SQL Server, whose database size is limited to 4 GB for the 2005 version, and 10 GB for 2008 R2. If you are using a full edition of SQL Server, this option has no effect.
5 Click OK.
Back up your role database You can protect the data in a role’s database by regularly backing up the database. The backup file is created with the file extension BAK. The name of the file is the database name, followed by “_ManualBackup_”, followed by the current date (mm-dd-yyyy). Best practice: Always back up your databases before an upgrade. To backup your role database: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore (
).
The Backup/Restore dialog box appears. 4 In the Backup/Restore dialog box, beside the Backup folder field, click Select folder ( and select the folder where you want to save the backup file.
),
NOTE The path is relative to the server hosting the role, not to the workstation where you are
running Config Tool. 5 Click Backup now. A backup file is created in the backup folder.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
57
Managing databases
Setting up an automatic backup For extra protection, configure the database backup to be performed periodically. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore (
).
4 In the Backup/Restore dialog box, switch the Enable automatic backup option to ON. 5 Select the day and time to perform the backup (every day or once a week). TIP It is a good idea to stagger the backup operations if several different databases need to be
backed up on the same machine. 6 Specify how many backup files you want to keep. NOTE The backup files you create manually are not counted in that number.
7 Click OK > Apply. The automatic backup starts at the next scheduled date and time.
Restore your role database You can restore an old database Before you begin: Back up the current database before you restore an old database. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore (
).
The backup and restore dialog box appears. 4 In the Backup/Restore dialog box, beside the Restore folder field, click Select folder ( and select the backup file you want to restore.
),
NOTE The path is relative to the server hosting the role, not to the workstation where you are
running Config Tool. 5 Click Restore now. The current content of the database is replaced by the content restored from the backup file.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
58
Managing databases
Delete a database To free up disk space, delete databases you no longer use. 1 From the Database drop-down list in the Resources tab of a role, select the database you want to delete. NOTE This does not need to be your current database.
2 Click Delete the database (
).
CAUTION A confirmation dialog box appears. If you continue, the database is permanently deleted. Clicking Cancel in the Config Tool toolbar will not restore it!
3 Click Delete in the confirmation dialog box. The database instance is permanently deleted. 4 Do one of the following:
If a database is already created for your role, click Cancel in the Config Tool toolbar. If there was no database created for your role, create a new database. See "Create a database" on page 55.
5 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
59
Configuring Security Center for high availability
Configuring Security Center for high availability To ensure that there is uninterrupted access and data protection for your system, Security Center offers the following high availability features:
• Directory failover. Ensure that the Directory role is still available if its primary server fails (see "Configuring Directory failover and load balancing" on page 66). The Directory role handles failover for all other roles, so it is important that the Directory role is available at all times.
• Directory load balancing. A benefit of Directory failover. The Directory can run simultaneously on up to 5 servers to share the workload of the Directory role. All servers that are set up for Directory failover are automatically used for load balancing.
• Database failover (only for Directory role). Protect the Directory database, using one of the following methods:
Backup and restore. Regularly backup your database, and restore it if a failover occurs. Microsoft SQL Server Database Mirroring. The database instances are kept in synch by Microsoft SQL Server.
For more information, see "Configuring Directory database failover" on page 71.
• Archiver failover. Ensure that the Archiver role and the video archives are still available if the Archiver’s primary server fails (see "Protecting your video archive against hardware failure" on page 227).
• Other role failover. Ensure that other roles in your system are still available if their primary server fails (see "Configuring role failover" on page 61). If the role database must be protected, you should consider one of the following third party solutions: SQL Server Clustering or Database Mirroring.
• NEC ExpressCluster X LAN. Third party solution for roles that do not support failover. For more information, see Security Center Installation Guide for NEC Cluster. Click here for the most recent version of this document.
• Windows 2008 Server failover cluster. Third party solution for roles that do not support failover. For more information, see Security Center Installation Guide for Windows Cluster. Click here for the most recent version of this document. Other ways you can ensure high availability are to detect problems early, and prevent those problems from reoccurring. For more information, see "Monitoring your system’s health" on page 75.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
60
Configuring role failover
Configuring role failover This section explains what role failover is, and how to configure it. This section includes the following topics:
• • • •
"How role failover works in Security Center" on page 61 "Which roles support failover" on page 62 "Configure failover for roles" on page 64 "Troubleshooting failover" on page 65
How role failover works in Security Center Role failover is a backup operational mode where a role is transferred from its primary server to a standby server if the primary server becomes unavailable, either through failure or scheduled down time. Role failover is managed by the Directory role.
• Primary server. Server that normally hosts a role for it to work on the system. • Secondary server. Standby servers that are assigned to a role to keep it running in case the primary server becomes unavailable. There is no limit to the number of secondary servers you can assign to most roles. However, the more servers you add, the less cost-effective it might be for you. The secondary server for one role can be the primary server for another role, provided that both servers have enough resources (CPU, memory, disk space, and network bandwidth) to handle the combined load of both roles in case of a failover. IMPORTANT Security Center does not handle database failover, except for the Directory role. Besides performing regular backups of your database, one solution you might consider to protect your data is to use SQL Server Clustering or Database Mirroring.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
61
Configuring role failover
Before failover, a role is hosted on the primary server, and connects to a database server hosted on a third computer. When the primary server fails, the role automatically fails over to the secondary server and reconnects to the same database server. Before failover Primary server (hosting the role)
After failover Primary server (failed)
Secondary server (on standby)
Secondary server (hosting the role)
Fails over Role
Role
Database server
Database server
Which roles support failover The following table lists which Security Center roles support failover, the failover approach they use, and any special constraints they might have. Role
Supports failover
Exceptions
Access Manager
Yes, configured
Only supported with Synergis Master Controller (SMC). For more information, see the Synergis Master Controller Configuration Guide.
Active Directory
Yes
Archiver
Yes
Auxiliary Archiver
No. It ensures that video archives are still available if the main Archiver fails.
Directory
Yes
Directory Manager
No. It manages the Directory failover and load balancing.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Can only have one secondary server. Each server requires a separate database, hosted locally, or on another computer. See "About Archiver failover" on page 227.
Can run simultaneously on up to five servers. Also supports Directory database failover. See "Configuring Directory failover and load balancing" on page 66.
62
Configuring role failover
Role
Supports failover
Global cardholder synchronizer
Yes
Health Monitor
Yes
Intrusion Manager
Yes
Only when the intrusion panels are connected using IP. Failover is not supported if the intrusion panels are connected using serial ports.
LPR Manager
Yes
Extra resources must be shared between the primary and secondary servers. The Root folder of the role must point to a UNC location that all servers have access to. File paths of hotlist and permit entities must be entered as a UNC location accessible to all servers. Also, the WatermarkEncryptionParameters.xml file located in the installation folder of the primary server must be copied to the secondary servers.
Media Router
Yes
The primary and secondary servers can each have a separate database, hosted locally, or on another computer.
Omnicast Federation
Yes
Plugin
Yes
Point of sale
Yes
Report Manager
Yes
Security Center Federation
Yes
Web-based SDK
Yes
Zone Manager
Yes
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Exceptions
63
Configuring role failover
Configure failover for roles To configure failover for roles on your system, you must select secondary servers to be on standby in case the primary server hosting the role becomes unavailable. Before you begin: For roles that require a database (except for the Archiver), the database must be hosted on a different computer than the primary and secondary servers, and all the servers must be able to communicate with the database server. See "Move a database to a different computer" on page 53 and "Connect roles to a remote database server" on page 54. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to configure failover for. 3 Click the Resources tab where the role’s primary server is listed. 4 Under the Servers list, click Add an item (
).
A dialog box listing all remaining servers on your system not assigned to the role appears. 5 Select the server you want to add as a secondary server, and click Add. The secondary server is added below the primary server. The green LED indicates which server is currently hosting the role. The order of appearance of the servers in the list corresponds to the order they are picked if a failover occurs. When the primary server fails, the role automatically switches to the next server in the list.
6 After a failover occurs, if you want the primary server to take control of the role once it is restored, select the Force execution on highest priority server option. By default, the role remains on the secondary server after a failover occurs to minimize system disruptions. 7 Click Apply. 8 To make the new server the primary server: a Select it in the list, and click
to move it to the top of the list.
b Select the Force execution on highest priority server option, and click Apply. After a few seconds, the green LED moves to the new server, indicating that it is now the one hosting the role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
64
Configuring role failover
Troubleshooting failover If you encounter problems when trying to configure failover for your system. check the following:
• Make sure the correct ports are open on your network. See "Default Security Center ports" on page 776.
• Make sure your database connections are configured properly, and that the servers being used for failover can communicate with the database server. See "Connect roles to a remote database server" on page 54.
• Make sure the database path is correct in the Server Admin. See Server Admin - "Database" on page 474.
• Make sure the Genetec Server and SQL Server services are running under a local Windows administrator user account. See "Connect roles to a remote database server" on page 54.
• (Directory database failover using Backup/Restore method only) Make sure that the user account has access read/write access to the backup folder.
• (Directory database failover using Backup/Restore method only) Make sure that the Genetec server is installed on the remote database server. For more information about installing expansion servers, see “Install an expansion server” in the Security Center Installation and Upgrade Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
65
Configuring Directory failover and load balancing
Configuring Directory failover and load balancing This section explains what Directory failover is, what load balancing is, and how to configure it. This section includes the following topics:
• • • • • • • •
"How Directory failover and load balancing works" on page 66 "Directory failover and load balancing prerequisites" on page 67 "Add a server to the Directory failover list" on page 68 "Modify the license for all servers" on page 68 "Change the order of the Directory servers" on page 69 "Manually switch the main server" on page 69 "Remove a server from the Directory failover list" on page 70 "Bypass default load balancing" on page 70
How Directory failover and load balancing works The Directory service is available as long as its two components are available:
• Directory role. Manages your system configuration, and handles failover for all other roles. • Directory database. Stores your system configuration. The Directory Manager role handles Directory failover and load balancing for your system. It manages failover for the Directory role and Directory database independently, allowing you to have separate lists of servers assigned to host the two components. These two lists of servers can overlap or be completely separate. NOTE There can only be one Directory Manager role in your system. It is created automatically when your software license supports multiple Directory servers.
Differences between Directory servers and the main server To configure Directory failover and load balancing, you must know the difference between Directory servers and the main server.
• Directory server. Servers assigned to host the Directory role. The Directory role can run on five Directory servers simultaneously for load balancing. They distribute the workload for credential authentication, software license enforcement, Directory database report queries, and so on. Users can log on to Security Center through any of the Directory servers. By default, the Directory Manager redirects the connection requests across all Directory servers in a round robin fashion. To change this behavior, see "Bypass default load balancing" on page 70.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
66
Configuring Directory failover and load balancing
• Main server. The main Directory server in your system (
). It has full read/write access to the Directory database. If your system is configured for Directory failover and load balancing, the additional Directory servers ( ) only have read access to the database.
When a Directory server fails, only the client applications connected to Security Center through that server must reconnect. If the main server fails, then all clients on the system must reconnect, and the responsibility of being the main server is passed down to the next Directory server in the failover list.
Directory failover and load balancing prerequisites Before you can configure the Directory for failover and load balancing, make sure you have the following:
• Your Security Center license must support multiple Directory servers. If you need to update your license, see “Activate license” in the Security Center Installation and Upgrade Guide. NOTE The Directory Manager (
) role is created automatically in Config Tool when your license supports multiple Directory servers.
• Your System ID and Password, found in the Security Center License Information document. • •
Genetec Technical Assistance sends you this document when you purchase the product. All servers you plan to use as Directory servers must be up and running as expansion servers. For more information about installing expansion servers, see “Install an expansion server” in the Security Center Installation and Upgrade Guide. For all the expansion servers you plan to use as Directory servers, make sure their general properties configured in Server Admin are the same as those of the main server. This ensure that your data, such as the alarm retention period and so on, is stored for the same amount of time. For information about configuring Directory properties in the Server Admin, see "Server Admin" on page 473.
• The Directory database must be hosted on a remote computer from the Directory servers. •
See "Move a database to a different computer" on page 53. The database server must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
67
Configuring Directory failover and load balancing
Add a server to the Directory failover list You can convert up to five expansion servers into Directory servers to be used for load balancing and failover. IMPORTANT Do not try to add a server to the Directory failover list by activating the Directory
on that expansion server with Server Admin. This action disconnects the server from your current system and transforms it into the main server of a new system. Before you begin: Read "Directory failover and load balancing prerequisites" on page 67. 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager ( 4 Click Add an item (
), and then click the Directory servers tab.
).
5 In the dialog box that appears, select the server you want to add, its connection port (default=5500), and click Add. The server is added to the failover list. 6 To add more Directory servers, repeat Step 4 and Step 5. You can add up to five Directory servers. The order of appearance of the servers in the list corresponds to the order they are picked if a failover occurs. If the main server fails, the role switches to the next server in the list, and that server becomes the main server. 7 Update your license to include the servers you’ve just promoted to Directory Servers. For more information, see "Modify the license for all servers" on page 68. 8 Click Apply. The expansion servers are converted into Directory servers and the updated license is applied to all Directory servers in the list. Client applications and roles on expansion servers can connect to Security Center using any of the Directory servers.
Modify the license for all servers You must update your Security Center license every time you make a change to the list of servers assigned to host the Directory role. 1 In the Directory servers tab, click Modify license for all servers. The following dialog box appears. 2 In the License management dialog box, update your license in one of the following ways:
Web activation. (Recommended) Activate your license via Internet. In the dialog box that appears, enter your System ID and Password and click Activate.
Manual activation. Update and activate Security Center manually using license file. For more information, see "Manual license activation" in the Security Center Installation and Upgrade Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
68
Configuring Directory failover and load balancing
Change the order of the Directory servers The first server in the Directory server list is your default main server. After a Directory failover, the next server in the list becomes the new main server ( ).To minimize the number of system disruptions (disconnection and re-connection), the responsibility is not automatically transferred back to the original main server once it is back online. You can change this behavior in the Directory servers tab. To change the order of the servers in the Directory failover list: 1 In the Directory servers tab, select a server in the list. 2 Click Up (
) or Down (
) to move the Directory servers up or down in the list.
3 To force the first server in the failover list as the main server whenever it is available, select Force the first server in the list to be the main server option. By default, the role remains on the Directory server that becomes the main server when failover occurs. 4 Click Apply.
Manually switch the main server If necessary, you can manually assign any server in the Directory failover list to be the main server. For example, when maintenance work needs to be done on the current main server. 1 In the Directory servers tab, select a server. 2 Click Activate main server (
).
3 Click Continue. All client applications and roles are disconnected, the main server switches to the Directory server you selected, and all applications and roles reconnect.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
69
Configuring Directory failover and load balancing
Remove a server from the Directory failover list IMPORTANT Do not try to remove a server from the Directory failover list by deactivating the Directory on that server with Server Admin. Your change will not last because the Directory Manager will change it back to a Directory server.
1 From the Home page in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager (
), and then click the Directory servers tab.
4 Select the server you want to remove, and click Remove the item (
).
5 Repeat Step 4 if necessary. 6 Update your license to exclude the servers you’ve just removed. For more information, see "Modify the license for all servers" on page 68. 7 Click Apply. The removed servers are reverted to the status of expansion servers, and the updated license is applied to all remaining Directory servers. Users can no longer connect to the system using the servers that have been removed. Clients connected to Security Center through these servers are disconnected, and reconnected to the remaining Directory servers.
Bypass default load balancing When you have more than one Directory server on your system, load balancing is automatically in effect. This means that the Directory Manager systematically redirects a logon request to the next Directory server in the list based on the previous one being used. If connection redirection is not desirable, for example when the client is on a remote LAN, you can bypass this behavior for that specific workstation by selecting the Prevent connection redirection to different Directory servers option in the Options dialog box. For more information, see "General options" on page 679.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
70
Configuring Directory database failover
Configuring Directory database failover This section explains what Directory database failover is, and how to configure it using the backup and restore method, or database mirroring. This section includes the following topics:
• "How Directory database failover works" on page 71 • "Configure database failover through backup and restore" on page 72 • "Configure database failover through mirroring" on page 74
How Directory database failover works Two database failover modes are supported for the Directory:
• Backup and restore. The Directory Manager protects the Directory database by regularly backing up the master database instance (source copy). During a failover, the latest backups are restored to the backup database that’s next in line. Two schedules can be defined: one for full backups, and another for differential backups.
• Mirroring. Database failover is taken care of by Microsoft SQL Server and is transparent to Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover. The following table compares the differences between the two database failover modes. Backup and restore (Directory Manager)
Mirroring (Microsoft SQL Server)
Multiple backup instances of the Directory database are kept relatively in synch with its master instance via regular backups performed by the Directory Manager role.
A single copy (the mirror instance) of the Directory database is kept perfectly in synch with the master copy (or principal instance) using SQL Server database mirroring.
The failover database can only be as up to date as the most recent backup.
The failover database is an exact copy of the principal database.
Changes made while the Directory is connected to the backup database are lost when the Directory switches back to the master database.
Changes can be made to the Directory database at any time without ever losing data.
Both master and backup databases must be hosted on Security Center servers.
The principal and mirror database instances can be hosted on any computer.
Can work with SQL Server Express edition which is free.
Requires SQL Server 2008 Standard Edition or better with the mirroring feature.
Recommended when the entity configurations are not frequently updated.
Recommended when entity configurations are frequently updated, such as for cardholder and visitor management.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
71
Configuring Directory database failover
Backup and restore (Directory Manager)
Mirroring (Microsoft SQL Server)
Causes a temporary disconnection of all client applications and roles while the database failover is in progress.
No client application disconnection during failover.
Database failover is handled by the Directory Manager role.
Database failover is executed by a separate Witness server running on SQL Server Express (optional but highly recommended) or it has to be manually detected and executed by the database administrator.
Configure database failover through backup and restore You can configure Directory database failover using the backup and restore method. For more information about the backup and restore options in the Database failover tab of the Directory Manager role, see "Backup and restore" on page 554. Before you begin:
• Your Security Center license must support multiple Directory servers. If you need to update your license, see “Activate license” in the Security Center Installation and Upgrade Guide. NOTE The Directory Manager (
) role is created automatically in Config Tool when your license supports multiple Directory servers.
• The database servers must be running on remote computers from the Directory servers. See • •
"Move a database to a different computer" on page 53. All database servers must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54. All database instances must be the same version, and an expansion server must be installed on each database server. For more information about installing expansion servers, see “Install an expansion server” in the Security Center Installation and Upgrade Guide.
What you should know IMPORTANT Changes made to the system configuration while you were operating from the backup database are not automatically restored to the master database when it is restored to active service.
• To preserve the changes made to your system configuration while you were operating from
•
the backup database, you must restore the latest contingency backup (created in the ContingencyBackups subfolder under the restore folder) to your master database before reactivating it. To avoid losing the configuration changes made while you were operating from the backup database, you can transform the backup database into your master database. To do this, select it from the database failover list to move it to the top of the list. However, keep in
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
72
Configuring Directory database failover
mind that your backup database is only as up to date as the most recent backup before the failover took place. To configure database failover through backup and restore: 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager (
), then the Database failover tab.
4 Switch the Use database failover option to ON. 5 Select Backup and restore for Failover mode. 6 Click Add an item (
).
7 In the dialog box that appears, specify the Security Center server, the database server, the database instance, and the folder where the backup files should be copied.
You can assign as many backup databases as you want. However, the more backup databases you have, the longer it takes to back up the Directory database content. 8 Click OK. The new backup database instance is added. NOTE The server flagged as (Master) is the one currently hosting the database. The green
LED (
) indicates the database that is currently active (not necessarily the master).
9 Repeat Step 6 to Step 8 if necessary. 10 To force all Directory servers to reconnect to the master database once it is back online after a failover, select the Automatically reconnect to master database option. CAUTION Switching the active database causes a short service disruption, and all changes made to the system configuration while the master database was offline are lost. Use this option only if you are ready to lose the changes made to the system configuration while you were operating from the backup database.
11 Under Master backup, specify the frequency at which the full backup and the differential backup should be generated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
73
Configuring Directory database failover
A differential backup only contains the database transactions made since the previous backup, so it is much faster to generate than a full backup. Frequent differential backups ensure that your backup database is most up to date when you fail over, but might take longer to restore. 12 Click Apply. After you are done: IMPORTANT Once the Backup and restore failover mode is enabled, all subsequent changes to the master database from Server Admin (restoring a previous backup for example) must immediately be followed by a full manual backup executed from Config Tool. Failing to do so causes your master and backup databases to become out of synch and the database failover mechanism to no longer work. See "Back up your role database" on page 57.
Configure database failover through mirroring You can configure Directory database failover using the mirroring method. For more information about the options in the Database failover tab of the Directory Manager role, see "Mirroring" on page 556. Before you begin:
• The Principal database server, the Mirror database server, and the Witness server (optional •
but highly recommended) must be configured. For the configuration of SQL Server for mirroring, please refer to Microsoft SQL Server Database Mirroring documentation. Your Security Center license must support multiple Directory servers. If you need to update your license, see “Activate license” in the Security Center Installation and Upgrade Guide. NOTE The Directory Manager (
) role is created automatically in Config Tool when your license supports multiple Directory servers.
• The database servers must be running on remote computers from the Directory servers. • All database servers must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54. To configure database failover through mirroring: 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select Directory Manager (
), then the Database failover tab.
4 Switch the Use database failover option to ON, and select the Mirroring option. The database you’re currently connected to is the Principal database. 5 Under Mirror database, enter the database server name of the Mirror database. 6 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
74
Monitoring your system’s health
Monitoring your system’s health Health monitoring refers to a set of tools to monitor your Security Center system's health. The goal is to detect health issues early enough to avoid more serious problems in the future. Health monitoring also provides you with the information to identify the root cause of various health problems so that they can be prevented from occurring again. This section includes the following topics:
• "About the Health Monitor role" on page 75 • "Configuring the Health Monitor" on page 76 • "Monitoring your system’s health using maintenance tasks" on page 81
About the Health Monitor role The Health Monitor role is created at system installation and cannot be deleted. It monitors the health of entities such as servers, roles, units, and client applications. The following table gives you some examples of health events that can be monitored: Entity
Health event
Description
Access control unit
Synchronization failed
Server and access control unit cannot synchronize databases.
Archiver
RTP packet loss high
Packet loss ratio is greater than 10% over 5 seconds.
Video unit
Connection to unit lost
Server cannot connect to video unit.
Media router
Role stopped unexpectedly
Media router is unavailable and the cause is unknown to the system.
Patroller
Offload failed
Autovu Patroller offload unsuccessful.
Security Desk
Application stopped unexpectedly
Security Desk application failed.
You can choose which health events to monitor and keep them in a database which enables you to generate health history and statistics reports.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
75
Monitoring your system’s health
Configuring the Health Monitor The Health Monitor role is configured to watch all health events by default. This section includes the following topics:
• • • • •
"Initial Health Monitor setup" on page 76 "Health event definitions" on page 77 "Configure health events to monitor" on page 79 "Set an entity in maintenance mode" on page 80 "Change the firing threshold of a health event" on page 80
Initial Health Monitor setup Best practice: The process of setting up and configuring a system can generate many health events. It is normal that health errors and warnings are produced during this time. After initial setup is complete, you should reset the health monitoring database to its initial, clean, state. To reset the Health Monitor database to its default state: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Health Monitor role. 3 Click the Resources tab. 4 Click Delete the database (
).
5 When prompted if you want to delete this database, click Delete. The Database actions window opens.
6 When you see confirmation that the database has been deleted, click Clear finished, then click Close. 7 In the Contextual commands toolbar, click Deactivate role ( gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
). 76
Monitoring your system’s health
8 Click Activate role (
).
After 15-30 seconds, a new HealthMonitor database should be created in the Health monitor role’s Resources tab. The health errors and warnings generated during the setup are deleted. As a result, all health statistics are reset.
Health event definitions
• The table below lists the health events by their error number and indicates their severity level, Information ( Error number
), Warning (
), or Error (
).
Health event
Severity
1
Archiving started
Information
2
Archiving stopped
Error
3
Application connected
Information
4
Application disconnected by user
Information
5
Application disconnected unexpectedly
Warning
6
Application started
Information
7
Application stopped by user
Information
8
Application stopped unexpectedly
Warning
9
Connection restored
Information
10
Connection failed
Error
11
Connection to unit restored
Information
12
Connection to unit lost
Error
13
Connection to unit stopped by user
Information
14
Database automatic backup restored
Information
15
Database automatic backup failed
Error
16
Database recovered
Information
17
Database lost
Error
18
CPU usage normal
Information
19
CPU usage high
Warning
20
Memory usage normal
Information
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
77
Monitoring your system’s health
Error number
Health event
Severity
21
Memory usage high
Warning
22
Database space normal
Information
23
Database space low
Warning
24
Patroller offload restored
Information
25
Patroller offload failed
Error
26
Patroller online
Information
27
Patroller offline
Information
28
Point of Sale database recovered
Information
29
Point of Sale database lost
Error
30
Role started
Information
31
Role stopped unexpectedly
Error
32
Role stopped by user
Information
33
RTP packet loss normal
Information
34
RTP packet loss high
Warning
35
Server started
Information
36
Server stopped by user
Information
37
Server stopped unexpectedly
Error
38
Synchronization recovered
Information
39
Synchronization failed
Warning
40
Video signal recovered
Information
41
Video signal lost
Error
42
Disk access restored
Information
43
Disk access unauthorized
Warning
44
Alarm trigger rate normal
Information
45
Alarm trigger rate high
Warning
46
Directory started
Information
47
Directory stopped unexpectedly
Error
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
78
Monitoring your system’s health
Error number
Health event
Severity
48
Directory stopped by user
Information
49
Remaining archive disk space normal
Information
50
Remaining archive disk space low
Warning
51
Live server monitoring restored
Information
52
Live server monitoring failed
Error
53
Directory failover: Main database recovered
Information
54
Directory failover: Main database lost
Error
55
Database restore succeeded
Information
56
Database restore failed
Error
Configure health events to monitor You can configure the Health Monitor role to ignore certain health events, and change how it generates some health events. NOTE If you want to ignore all health events, deactivate the Health Monitor role. If you want to
temporarily ignore an entity’s health events because you are performing maintenance work on it, set it to maintenance mode. See "Set an entity in maintenance mode" on page 80. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Health Monitor role. 3 Click the Properties tab. 4 Under Events to monitor, select or clear the desired events. Expand the list as necessary. Most health events come in pairs, such as Database lost and Database recovered. They can only be selected or ignored together. IMPORTANT Clearing a health event in the monitoring list does not remove it from the Health history query filter, but it could make some of the health statistics calculations impossible.
Some events allow you to adjust the thresholds used to generate the event. For example, the default configuration is set so that any server who’s CPU runs higher than 80% for a period of 10 seconds will generate a CPU usage high health event. See "Change the firing threshold of a health event" on page 80. 5 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
79
Monitoring your system’s health
Set an entity in maintenance mode Downtime spent in maintenance mode is considered Expected down-time and is not used in the health statistics availability percentage calculations. Only Unexpected down-time is used when calculating availability. Most entities and roles can be set to maintenance mode through their own contextual toolbar ( Enable maintenance mode). For client applications, the maintenance mode must be set from the Health Monitor’s Properties tab. 1 Switch the Client app. maintenance mode option to ON. 2 Click Apply. NOTES
• Setting something in Maintenance mode does not stop the health events. Rather, it •
downgrades all health events to informational only. When you set Security Center Federation roles or Omnicast Federation roles in maintenance mode, you might need to press F5 to refresh the roles’ icons in the Logical view.
Change the firing threshold of a health event 1 Select the desired event to be modified.
2 Click Edit (
) on the selected line or at the bottom of the list.
The event details window opens. 3 Adjust the values as required. 4 Click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
80
Monitoring your system’s health
5 Repeat with another event if necessary.
Monitoring your system’s health using maintenance tasks To help you monitor the health of your system, there are two maintenance tasks in Config Tool:
• Health history. View system health events (errors, warnings, issues) related to selected entities. For more information, see "Viewing system health events" on page 170.
• Health statistics. Monitor the overall health of your system. By monitoring the health and availability of certain resources such as server roles, video units, door controllers, intrusion detection panels, and so on, you can identify instabilities, and possibly prevent critical system failures. For more information, see "Viewing the health status and availability of entities" on page 171.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
81
Managing the Network view
Managing the Network view This section includes the following topics:
• "What is the Network view?" on page 82 • "Purpose of the Network view" on page 82 • "Creating network entities" on page 83
What is the Network view? Your network infrastructure is illustrated in the entity browser of the Network view task. The browser gives you a simple representation of your system’s network infrastructure by showing you the networks ( ) and the servers ( ) found in your system. The main server hosting the Directory role is shown with a different icon ( ).
Purpose of the Network view Network view is the only place in Config Tool where you can configure the entities that represent the networks and servers used by your Security Center system. An accurate representation plays a critical role in the proper operation of your system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
82
Managing the Network view
Creating network entities This section includes the following topics:
• • • •
"When do I need to configure the Network view?" on page 83 "How network entities are created" on page 83 "What is the Default network?" on page 83 "Create a network manually" on page 84
When do I need to configure the Network view? You need to configure the Network view when:
• Your system spreads across multiple networks. • You allow users to connect to your main server over the Internet. How network entities are created Network entities are created automatically by the system. After installing Security Center on your main server, you’ll have two network entities on your system. The Default network is at the root of the network tree, and attached to it is a second network entity that corresponds to your company’s network (where your main server is located).
After that, more network entities are added to your system when you add new servers belonging to different networks. You can also add new networks manually, rename them, and change their initial configuration. You can also move networks and servers around in the network tree.
What is the Default network? The Default network is the root node on the network tree. Its video transmission capabilities are set to Unicast TCP, which is the characteristic shared by all IP networks. You cannot delete the Default network entity.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
83
Managing the Network view
Create a network manually You can manually create network entities as needed. 1 From the Home page in Config Tool, open the Network view task. 2 If you are creating a subnet, select the parent network in the network tree. 3 Click Network (
).
The network creation wizard appears. 4 Enter the Basic information. See "Common entity attributes" on page 38. 5 Click Create, and click Close. A new network entity is attached below the selected one in the network tree. 6 Click the Properties tab, and configure the new network’s characteristics. See Network – "Properties" on page 435. 7 If there are servers that belong to the new network, move them under the network in the network tree using drag-and-drop.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
84
Managing the Logical view
Managing the Logical view This section includes the following topics:
• "About the Logical view" on page 85 • "Configuring the Logical view" on page 86
About the Logical view You can find and view all the entities in your system quickly, using the logical view. The entities in the logical view are organized in a hierarchy (or entity tree) according to their logical relationships with areas ( ). For example, the doors leading to an area, and other devices located within the area, such as cameras, are shown as “child entities” of that area (below that area in the hierarchy). The changes you make to the Logical view in Config Tool are also displayed in Security Desk. A B C D
E
F
G
H
I
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
85
Managing the Logical view
A
Search box
Type in the Search box to find the entities containing that text in their category, name, or description. See "Searching for tasks and entities" on page 42.
B
System entity
At the root of the hierarchy is the system entity ( hosts the Directory role.
C
Additional commands
Right-click an entity in the Logical view to use additional commands, such as adding or deleting entities, diagnosing the selected entity, launching a report on the selected entity, or refreshing the Logical view.
D
Area entity
Area entities ( grouping.
E
Yellow entity
Whenever an entity name is displayed in yellow, it means that there is a problem with the settings.
F
Rename entity
Press F2 to rename the selected local entity. NOTE You cannot edit names of federated entities.
G
Arrow icons
Click the arrows in the Logical view to show or hide child entities.
H
Red entity
Indicates that the entity is offline and the server cannot connect to it, or the server is offline.
I
Federated entity
All entities imported from federated systems are shown with a yellow arrow superimposed on the regular entity icon ( ). They are called federated entities.
), which is the server that
) can represent a concept or physical location. It is a logical
Configuring the Logical view The structure of the Logical view is configured in Config Tool. As the system administrator, you should create a structure that is easy for everyone to understand and to navigate. For more information about the Logical view task, see "Logical view" on page 613. This section includes the following topics:
• • • • •
"Add a new area to the Logical view" on page 86 "Move entities around in the Logical view" on page 87 "Rename entities in the Logical view" on page 87 "Copy entities in the Logical view" on page 87 "Delete an entity from the Logical view" on page 88
Add a new area to the Logical view You can add new areas anywhere in the Logical view hierarchy. 1 From the Home page in Config Tool, open the Logical view task. 2 Click the system entity (
) or an area entity (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
).
86
Managing the Logical view
3 In the Contextual commands toolbar, click Add an entity (
), and then click Area.
The new area is added under the selected entity. 4 Type a name for the area, and press ENTER. After you are done: Configure the new area. For information about area properties, see "Area" on page 360.
Move entities around in the Logical view You can re-organize the entities in Logical view by dragging them to another area. You can also select multiple entities at once and drag them to another area.
• Do one of the following in the Logical view:
Select an area or another entity, and then drag it to another area.
Hold the SHIFT key, select multiple entities, and then drag them to another area.
The selected entities are now a child entities of that area (below that area in the hierarchy).
Rename entities in the Logical view You can rename local entities from the Logical view. NOTE You cannot edit federated entities.
• Select an entity in the Logical view, press F2, rename the entity, and press ENTER. Copy entities in the Logical view You can create multiple copies of the same entity under areas in the Logical view.
• Hold the CTRL key, click the entity you want to copy, and then drag the entity into another area. A copy of the entity is created under the area. If you copied an area under another area, all its child entities (entities below that area) are also copied.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
87
Managing the Logical view
Delete an entity from the Logical view You can delete an entity or the selected copy. Before you begin: If an entity cannot be deleted, the Delete button does not appear. 1 Select an entity in the Logical view. 2 In the Contextual commands toolbar, click Delete. A confirmation dialog box appears. 3 The next step depends on whether you have more than one copy of the entity in the tree.
If it is the only copy of that entity in the tree, click Delete. If more than one copy of the entity exists, make the choice to delete them all or only the selected copy.
If you deleted an area that has child entities, those child entities are also deleted.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
88
Managing software security
Managing software security This section includes the following topics:
• • • • • • •
"Introduction to software security" on page 89 "Defining partitions" on page 90 "Defining users" on page 93 "Defining user groups" on page 96 "Configuring user privileges" on page 99 "Using privilege templates" on page 101 "Importing users from an Active Directory" on page 102
Introduction to software security While Security Center protects your company's assets (buildings, equipment, important data collected in the fields, etc), your job as a system administrator is to protect the Security Center software against illegal access and wrongful usage. There are three questions you should ask:
• Who uses the system? • What do they use it for? • What parts of the system are they allowed to access? How is software security configured? The software security of your system is modelled by three entity types:
• User. The user entity represents a person who needs to use Security Center applications to do their job. Each user is identified by a username and a password. What the user is allowed to do on the system is defined by their privileges, and the partitions they have access to.
• User group. The user group entity defines the common attributes shared by a group of users, such as their privileges and other security attributes. A user who is a member of a user group automatically inherits the characteristics of that group. This mechanism simplifies the configuration process because it eliminates the tedious task of configuring users individually.
• Partition. A partition is a grouping of entities for security or management purposes, so that only certain users on the system have the right to access the entities belonging to that partition. This concept eliminates the tedious task of creating one-to-one relationships between users and the entities they are allowed to access. If a user does not have the right to a partition, that partition and everything in it are invisible to that user.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
89
Managing software security
Recommended configuration sequence Best practice: It is best practice to define your security partitions first when setting up your system. As you add new entities to model your system, you can create them directly in the partition where they belong. 1 Define partitions first. Identify the parts of your system that are relatively independent of each other, and create a partition for each. For example, if your system covers multiple sites, and if the security staff at each site work independently of the other sites, then create a partition for each site. For more information, see "Defining partitions" on page 90. 2 Define user groups before users. Identify the groups of users who share the same roles and responsibilities, and create a user group for each. For example, all security operators can form one group, and all investigators can form another group. If, within each group, you have subgroups working on different partitions, define a user group to represent each subgroup, and add them as members of the larger group. Each individual subgroup can then be assigned to their corresponding partitions. For more information, see "Defining user groups" on page 96. 3 Define users last. Define the individual users and add them as members of the user groups you already created, trying to add them as members of the smallest group. A user can belong to multiple user groups. Let each user entity inherit everything from the parent user group, resorting to individual configurations only for exceptions. For more information, see "Defining users" on page 93. Related topics:
• "Importing users from an Active Directory" on page 102
Defining partitions This section includes the following topics:
• • • • • • • •
"Why use partitions?" on page 91 "What constitutes a partition?" on page 91 "Who is a partition manager?" on page 91 "Differences between Public and System partitions" on page 91 "Create a partition" on page 91 "Add members to a partition" on page 92 "Add accepted users to a partition" on page 92 "Promote a user to partition manager" on page 93
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
90
Managing software security
• "Nesting partitions" on page 93 Why use partitions? Partitions are used to divide a large system into smaller subsystems. This has two benefits:
• Reduces the scope of what a user can access for security reasons. In a multi-site system, it •
might be undesirable for the security team of one site to be able to see or interfere with the activities of a security team on another site. Reduces the scope of a user’s work to make it more manageable. If a user is only concerned with one part of the system (one site in a multi-site system), it is better for that person not to be distracted by the entities they have nothing to do with.
What constitutes a partition? Each partition is defined by the following lists:
• List of members. Entities that belong to the partition (areas, doors, cameras, etc.). • List of accepted users. Users and user groups that have the right to access the entities contained in the partition. The type of user access varies according to the user privileges. A new set of privileges that override the user's basic privileges, can be defined on the partition level.
Who is a partition manager? A partition manager is an accepted user of a partition who has full administrative rights over that partition and its members. A partition manager can add and remove members from the partition, as well as modify and delete the entities contained in the partition.
Differences between Public and System partitions By default, two partitions are created in Security Center. These two partitions cannot be deleted or renamed, but the administrator can change their contents (member entities).
• Public partition. This partition has the unique characteristic that all its members are visible to all users on the system. NOTE This does not mean that every user is automatically an accepted user of the Public
partition. Only partition managers who have been explicitly configured as accepted users can exercise their administrative privileges over the members of the Public partition.
• System partition. This is a hidden partition. This partition has the unique characteristic that its members are only visible to the administrative users (Admin user and members of the Administrators user group).
Create a partition 1 From the Home page in Config Tool, open the Security task. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
91
Managing software security
2 Click the Partitions view, and click Partition (
).
3 In the partition creation wizard, enter the Basic information. See "Common entity attributes" on page 38. All partitions are created by default in the System partition. Selecting an existing partition will create the new partition as its subordinate. For more information, see "Nesting partitions" on page 93. 4 Click Create, and click Close. An empty partition is created. 5 Define the content of the partition. See "Add members to a partition" on page 92. TIP You can also place the new entities you create directly into the partition.
6 Define who has permission to access the entities contained in the partition. See "Add accepted users to a partition" on page 92. NOTE You might have to perform this step later if the users have not yet been created.
7 (Optional) Name an accepted user as partition manager. See "Promote a user to partition manager" on page 93.
Add members to a partition NOTE An entity cannot be placed in more than three partitions.
1 Click the Properties tab of a partition entity. 2 At the bottom of the Properties tab, click Add (
).
3 Select the entities you want to add, and click Select. The selected entities are added to the Members list. You do not have to click Apply. 4 Repeat the previous steps as needed. For more information about partition properties, see "Properties" on page 448.
Add accepted users to a partition 1 Click the Accepted users tab of a partition entity. 2 At the bottom of the Accepted users tab, click Add (
).
3 Select the users and user groups you want to add, and click Select. The selected entities appear in the list. 4 Repeat the previous steps as needed. 5 Click Apply. For information about the Accepted users tab for partition entities, see "Accepted users" on page 449.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
92
Managing software security
Promote a user to partition manager A partition manager has full administrative rights over the partition and its members. 1 Click the Accepted users tab of a partition entity. 2 Select the Partition manager option next to the user or user group you want to promote. 3 Click Apply.
Nesting partitions By default, partitions are created at the top level and can be nested if required.
The red arrows illustrate the following:
• When using the Config Tool, accepted users of a partition can see all entities that belong to •
that partition and its subordinates. When using the Security Desk, accepted users of a partition can monitor all entities that belong to that partition and its subordinates.
Defining users This section includes the following topics:
• • • • •
"How are users represented?" on page 93 "What are Admin and Service users?" on page 94 "Create a user" on page 94 "Add a user as a member of a user group" on page 95 "Force Security Desk to run in full screen mode" on page 95
How are users represented? A user is anyone who can use Security Center applications. To log on to the system, that person needs a username and a password.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
93
Managing software security
What a person can do on the system is restricted by their user attributes:
• Privileges. Limits the types of activities the user can perform on the system. See "Configuring user privileges" on page 99.
• Partitions. Limits the entities on which the user can exercise their privileges. See "Defining partitions" on page 90. A user can be a member of one or more user groups, from which it inherits most of its attributes.
What are Admin and Service users? The following users are created by default and cannot be deleted or renamed.
• Admin. This user has full administrative rights to configure Security Center. A person logged on as Admin can change, modify, and delete any entity in Security Center.
• Service . This is a hidden user account reserved exclusively for the Genetec Server service. A person cannot use this account to connect to Security Center.
Create a user 1 From the Home page in Config Tool, open the Security task. 2 Click the Users view, and click User (
).
3 In the user creation wizard, enter the Basic information. See "Common entity attributes" on page 38. NOTE The entity name is also the username, therefore, it must be unique.
4 Select partition rights for the user. a Select Give this user administrative rights over the partition to make the user a manager of the partition you selected. b Select Give this user access to the partition to make the user an accepted user of the partition you selected. See "What constitutes a partition?" on page 91. 5 Click Next. 6 Enter the User information, and click Next. See "Using privilege templates" on page 101. 7 Click Create, and click Close. The new user account is created. 8 (Optional) Configure the user’s membership in user groups. See "Add a user as a member of a user group" on page 95. 9 Click the Properties tab, type the person’s email address, and click Apply. 10 Click the Security tab, configure the security properties, and click Apply. See "Security" on page 486. 11 Click the Privileges tab, define the user privileges, and click Apply. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
94
Managing software security
See "Privileges" on page 488 and "Force Security Desk to run in full screen mode" on page 95. 12 Click the Workspace tab, define the user’s Security Desk workspace, and click Apply. See "Workspace" on page 485.
Add a user as a member of a user group A user who is a member of a user group inherits all the attributes of that group. 1 Click the Identity tab of the user entity. 2 In the Relationships section, click User groups. 3 Click Insert an item (
), select one or more parent user groups, and click Select.
4 Click Apply.
Force Security Desk to run in full screen mode If a user’s job is to focus on monitoring live video, you can force Security Desk to run in full screen mode and prevent the user from switching to windowed mode. You can force the full screen operation on a user or a workstation. To force full screen operation on a user: 1 From the Home page in Config Tool, open the Security task. 2 Click the Users view, select a user, then click the Privileges tab. 3 Expand the Application privileges, and the Security Desk privileges. 4 Deny the privilege Change client views to that user. For information, see "Privileges" on page 488 and "Application privileges" on page 695. 5 Click Apply. Security Desk will always run in full screen mode for that user. The Restore Down command and the F11 key (switch between full screen and windowed mode) are disabled.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
95
Managing software security
To force full screen operation on a workstation: 1 On the workstation, open the Security Desk Properties dialog box. 2 Select the Shortcut tab, and add the option /forcefullscreen (or /ff) to the end of the string found in Target.
3 Click Apply. The next time a user starts Security Desk using this shortcut, the application will start in full screen mode. The Restore Down commands and the F11 key (switch between full screen and windowed mode) are disabled. NOTE Locking Security Desk in full screen mode does not prevent the user from minimizing the
Security Desk window with ALT+ESC or to switch to another application with ALT+TAB.
Defining user groups This section includes the following topics:
• • • •
"Why do I need to create user groups?" on page 97 "What is the Administrators user group?" on page 97 "Create a user group" on page 97 "Make a user group a subordinate of another user group" on page 98
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
96
Managing software security
Why do I need to create user groups? User groups serve to group users with common attributes (such as privileges) together so those attributes only need to be defined once. A user group can also be a member of another user group.
What is the Administrators user group? The Administrators user group is a system entity that is created upon installation. It cannot be deleted or renamed. Members of this user group have the same administrative rights as the Admin user, and their rights cannot be revoked. Best practice: For reasons of traceability, rather than letting everyone use the same Admin account, it is best to create a separate user account for each administrator.
Create a user group 1 From the Home page in Config Tool, open the Security task. 2 Click the User groups view, and click User group (
).
3 In the user group creation wizard, enter the Basic information. See "Common entity attributes" on page 38. 4 Select partition rights for the user. a Select Give this user group administrative rights over the partition to make every member of this user group, a manager of the partition you selected. b Select Give this user group access to the partition to make every member of this user group an accepted user of the partition you selected. See "What constitutes a partition?" on page 91. 5 Click Next, enter the User group information, and click Next. See "Using privilege templates" on page 101. 6 Click Create, and click Close. The new user group is created. 7 (Optional) Make this user group a subordinate of another user group. See "Make a user group a subordinate of another user group" on page 98. 8 (Optional) Click the Properties tab, type the group’s email address, and click Apply. 9 (Optional) Click the Security tab, configure the security properties, and click Apply. See "Security" on page 491. 10 (Optional) Click the Privileges tab, define user privileges, and click Apply. See "Privileges" on page 493.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
97
Managing software security
Make a user group a subordinate of another user group A group that is subordinate to a another user group inherits all the attributes of that group. 1 Click the Identity tab of the user group entity. 2 In the Relationships section, click Parent user groups. 3 Click Insert an item (
), select one or more parent user groups, and click Select.
4 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
98
Managing software security
Configuring user privileges This section includes the following topics:
• • • • • • •
"What are user privileges?" on page 99 "How are privileges granted to users?" on page 99 "About privilege hierarchy" on page 99 "About privilege inheritance" on page 100 "Differences between Basic and Partition privileges" on page 101 "About privilege templates" on page 101 "What are the privilege templates?" on page 101
What are user privileges? Privileges are applied to users and user groups to control which operations they are allowed to perform in Security Center, independently of what entities they can access, and within the constraints set by the software license. Privileges in Security Center are divided into the following groups:
• • • • •
Application privileges. Grant access to the Security Center applications. General privileges. Grant access to the generic Security Center features. Administrative privileges. Grant access to system entity configuration in Config Tool. Task privileges. Control accessibility to the various Security Desk tasks. Action privileges. Control the actions that can be performed on the system entities.
For a complete list and definition of all privileges, see "User privileges" on page 694.
How are privileges granted to users? Each privilege can be granted explicitly to a user or inherited from a user group. Each privilege can be granted with one of these settings:
• Allow. The privilege is granted to the user. • Deny. The privilege is denied to the user. • Undefined. This privilege must be inherited from a parent user group. If the user is not a member of any group, or if the privilege is also undefined to the parent user group, then the privilege is denied.
About privilege hierarchy Privileges are organized in a hierarchy, with the following behavior:
• For a child privilege to be allowed, the parent privilege must be allowed. • If a parent privilege is denied, all child privileges are denied. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
99
Managing software security
• A child privilege can be denied when the parent privilege is allowed. About privilege inheritance Privilege settings can be inherited from user groups and replaced at the member (user or user group) level according to the following rules:
• A privilege that is undefined at the group level can be allowed or denied at the member level. A privilege that is allowed at the group level can be denied at the member level.
• • A privilege that is denied at the group level is automatically denied at the member level. • When a user is a member of multiple user groups, the user inherits the most restrictive privilege settings from its parents. This means that Deny overrules Allow, and Allow overrules Undefined. There are exceptions to the above rules:
• Administrator status. The Admin user, and members of the Administrators user group, have a special status that grants them full administrative rights. These users can configure the Security Center as they see fit; they can view and modify all entities in all partitions. The Admin user and the Administrators user group are created at installation and cannot be deleted or renamed.
• Partition manager status. A user or user group assigned to a partition can be given the status of Partition manager over that partition. This special status confers full administrative rights over the entities contained in that partition. It supersedes all privileges configured at the partition level for that user. A partition manager can add, modify, and delete all entities within their partition, including the users and user groups. Unlike users with the administrator status, the Application, General, and Task privileges can be denied to a partition manager.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
100
Managing software security
Differences between Basic and Partition privileges The Basic privileges of a user (or user group) are the end results of the privileges inherited from their parent user groups, plus the ones explicitly allowed/denied to the user. When a user is given access to a partition, their Basic privileges are applied by default to the partition. Later, an administrator or a partition manager can overwrite the privileges a user has over a specific partition. For example, a user can be allowed to configure alarms in partition A, but not in partition B. This means that a user can have a different set of privileges for each partition they have access to. Only Administrative and Action privileges, plus the privileges over public tasks, can be overwritten at the partition level.
Using privilege templates This section includes the following topics:
• "About privilege templates" on page 101 • "What are the privilege templates?" on page 101 About privilege templates Privilege templates are predefined privilege configurations, based on standard security personnel profiles, that you can apply to users and user groups to simplify the creation process. Once applied, you can fine tune the privileges manually. Privilege templates are only available when creating a user or user group. You cannot rename, modify, or delete the privilege templates. However, you can freely modify the privilege settings after they are applied to a user or user group. The best way to use privilege templates is to create one user group for each template if necessary. After your model user groups are created, users can inherit privileges from them.
What are the privilege templates? Security Center provides the following privilege templates:
• Reporting. This template only grants the privileges to run Security Desk and to execute the most basic reporting tasks, excluding those for AutoVu LPR. A user with this set of privileges alone cannot view any video, control any physical devices, or report incidents.
• Operator. This template is for security operators who need to monitor real time events in the system. It grants them the privileges to use the Monitoring task, view video, manage visitors, credentials, and badge templates, add bookmarks and incidents, save snapshots, unlock doors, and so on.
• Investigator. This template is for investigators. It grants the privileges to use the Monitoring task, view video, control PTZ cameras, record and export video, add bookmarks and incidents, use investigation tasks, manage alarms and visitors, override door unlock schedules, save tasks, and so on.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
101
Managing software security
• Supervisor. This template is for people who have supervisory responsibilities. It grants the same privileges as the Investigator template, plus the privileges to use maintenance tasks, manage cardholders and credentials, modify custom fields, set threat levels, block cameras, and perform people counting.
• Provisioning. This template is for the system installer. It grants almost all configuration privileges, with only a few exceptions (managing roles, macros, users, user groups, custom events, activity trails, threat levels, and audio files).
• Basic AutoVu Operator. This template is for security operators using AutoVu LPR. It grants them privileges to use LPR tasks, configure LPR entities, create LPR rules, monitor LPR events, and so on.
Importing users from an Active Directory Users and user groups can be created by importing them from your corporate directory service. For more information, see "Integrating with Windows Active Directory" on page 140.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
102
Automating system behavior
Automating system behavior Security Center offers you many ways to automate the system’s behavior. This section includes the following topics:
• • • •
"Using schedules" on page 103 "Using event-to-actions" on page 106 "Using scheduled tasks" on page 109 "Using macros" on page 110
Using schedules Schedules are useful in Security Center to dynamically control the behavior and settings of the system based on timetables. This section includes the following topics:
• • • • • •
"What is a schedule?" on page 103 "What is the default schedule?" on page 104 "Warning about time zones" on page 104 "What is a twilight schedule?" on page 104 "Create a schedule" on page 105 "Resolving schedule conflicts" on page 105
What is a schedule? The schedule entity ( ) defines a set of time constraints that can be applied to many situations, such as when a user can log on to the system, when video from a surveillance camera should be recorded, or when access should be granted to a secured area. Each time constraint is characterized by two sets of properties:
• Date coverage. Defines a date pattern, or specific dates to be covered by the schedule.
Daily. Defines a pattern that repeats every day. Weekly. Defines a pattern that repeats every week. Each day of the week can have a different time coverage. Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date pattern can have a different time coverage. For example, on July 1st every year, on the first Sunday of every month, or on the last Friday of October every year.
Specific. Defines a list of specific dates in the future. Each date can have a different time coverage. This setting is ideal for special events that occur only once. Time coverage. Defines which time periods apply during a 24-hour day.
•
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
103
Automating system behavior
All day. Covers the entire day. Range. Covers one or multiple distinct time periods within the day. For example, from 9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m.
Daytime. From sunrise to sunset. Only supported by twilight schedules.
Nighttime. From sunset to sunrise. Only supported by twilight schedules.
For more information on Daytime and Nighttime settings, see "What is a twilight schedule?" on page 104.
What is the default schedule? When Security Center Directory is installed, a schedule named Always is created by default. This schedule has a 24/7 coverage, and cannot be renamed, modified, nor deleted. This schedule has the lowest priority in terms of schedule conflict resolution. For more information, see "Resolving schedule conflicts" on page 105.
Warning about time zones The time of day for a schedule is based on the local time zone set in each individual context where it is applied. For example, if the schedule is used to set continuous video recording from 9 a.m. to 5 p.m., whether the video unit is in Tokyo or London, the recording will occur on schedule according to the local time. This is due to every video unit having a time zone setting, to control video settings and recordings relative to the unit’s local time. For more information, see "Location" on page 336. When a schedule is applied to an entity that has no time zone settings, such as the logon schedule for a user, the local time is taken from the server hosting the Directory role.
What is a twilight schedule? A twilight schedule ( ) is a special type of schedule that covers either daytime or nighttime. These special time coverages vary according to the day of the year. The calculation of the time of day when the sun rises and sets is based on a geographical location (latitude and longitude). Twilight schedules are designed for situations where the sunlight has an impact on the system’s operation, such as video settings and recording. Some typical uses of the twilight schedules are:
• To record video only during daytime. • To boost the video encoder’s sensitivity after sunset. • To disable motion detection during twilight. Twilight schedules have the following restrictions:
• Cannot be used in any situation involving access control entities. • Requires that the entity it applies to has a geographical location setting, such as video units •
and LPR units. See "Using geographical locations" on page 40. The Weekly option for date coverage is not available.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
104
Automating system behavior
• The All day and Range options for time coverage are not available. • Twilight schedules are not visible in contexts where they are not applicable. For more information, see "Date coverage" on page 103.
Create a schedule Schedules must be created in advance if you plan to use them in any settings. 1 From the Home page in Config Tool, open the System task. 2 Click the Schedules view, and click Schedule (
).
3 In the schedule creation wizard, enter the Basic information, and click Next. For more information, see "Common entity attributes" on page 38. 4 In the Schedule information page, select one of the following:
Select Standard schedule if you want to be able to use this schedule in all situations.
Select Twilight schedule if you specifically need Daytime or Nighttime coverage.
CAUTION The schedule type cannot be changed after the entity is created. For more information, see "What is a twilight schedule?" on page 104.
5 Click Close. A default daily schedule is created. 6 Click the Properties tab to configure the desired date and time coverage. For more information, see Schedule – "Properties" on page 464. 7 Click Apply.
Resolving schedule conflicts You might have a scheduling conflict when two overlapping schedules are applied to the same function. For example, two schedules applied to the recording of the same camera. Security Center can resolve some of these conflicts by giving priority to the most specific (or restrictive) schedule. The specificity of a schedule is determined by its date coverage option. The following lists the date coverage options in decreasing order of priority: 1 Specific (Runs only once. Highest priority) 2 Ordinal (Repeats on a monthly or yearly basis) 3 Weekly (Repeats every week) 4 Daily (Repeats every day) 5 Always (The default schedule. Has the lowest priority) CAUTION When two overlapping schedules with the same priority level are applied to the same
function, you have an unresolved conflict. An Entity warning is raised by the system, and the entity with the faulty configuration is displayed in yellow in the entity browser. For more information, see "Viewing system messages" on page 168. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
105
Automating system behavior
Using event-to-actions An event-to-action is the coupling of an action to an event, to confer automatic and intelligent behavior to the system. This section includes the following topics:
• • • • •
"What is an event?" on page 106 "What is a custom event?" on page 106 "What is an action?" on page 106 "Create an event-to-action" on page 107 "Search for event-to-actions" on page 108
What is an event? Security Center uses events to record activity on the system. The types of events generated by Security Center vary from entity to entity. For instance: Access denied to a cardholder, Signal lost on a camera, License plate matched to a hotlist, and so on. Some of the ways you can make use of system events are the following:
• View them in Security Desk in real-time. • Have the system record them in event logs for viewing and analysis at a later time. • Configure the system to take action automatically by associating actions to various types of events, such as triggering an alarm, or sending a message. This is called an event-to-action. This is the most powerful and versatile method for handling events. For more information, see "Actions" on page 624. Events can arise from many sources, such as recording started by a user on a camera, a door being left open for too long, or an attempt to use a stolen credential. For a complete list of the predefined event types in Security Center, see "Event types" on page 745.
What is a custom event? In addition to the predefined event types, you can also define custom events to precisely represent each of the various combinations of input signals received from different units on your system. For more information, see "Managing zones" on page 160 and "Custom events" on page 623.
What is an action? An action is a user-programmable function that can be triggered as an automatic response to an event (door held open for too long, or object left unattended) or executed according to a specific time table.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
106
Automating system behavior
For a complete list of the predefined action types in Security Center, see "Action types" on page 758. For other action usages, see "Using scheduled tasks" on page 109.
Create an event-to-action 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Actions page. For more information, see "Actions" on page 624. 3 Click Add an item (
).
4 In the Entity type page, select the type of the source entity and click Next. The source entity is the entity to which the event is attached. 5 In the Source page, select the source entity and click Next. Enter a search string if necessary. Only entities corresponding to the selected type are listed. 6 In the Event page, select an event type and a schedule, and click Next. Only events pertaining to the selected entity type are listed. The schedule determines when the event should occur in order to trigger the action. For example, you might want to sound an alarm only when a window is opened during the weekend. By default, Always is selected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
107
Automating system behavior
7 In the Action page, select an action type and configure its parameters.
The Next button becomes enabled only when all the arguments required by the selected action type are properly configured. For a full description of all action types you can choose from, see "Action types" on page 758. 8 Click Next. The Creation summary page appears. 9 Verify that all information is correct, click Create, and click Close. If the information is incorrect, click Back and fix the errors. The new event-to-action is added to the list of system actions. For more information, see "Actions" on page 624.
Search for event-to-actions You can search for an event-to-action by any combination of source entity (name and type), event type, and action type. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Actions page. 3 Click Advanced search (
) to show search filters.
Entity name. Search for source entity names starting with the search string.
Entity type. Select a specific source entity type (default=All).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
108
Automating system behavior
Event. Select a specific event type (default=All).
Action. Select a specific action type (default=All).
4 Use the action buttons at the bottom of the page to fix or delete the unwanted event-toactions. For more information, see "Actions" on page 624.
Using scheduled tasks This section includes the following topics:
• "What is a scheduled task?" on page 109 • "Comparison between scheduled tasks and event-to-actions" on page 109 • "Create a scheduled task" on page 109 What is a scheduled task? A scheduled task is an entity that defines an action that executes automatically on a specific date and time, or according to a recurring schedule.
Comparison between scheduled tasks and event-to-actions The similarities between the two concepts are:
• Both have access to the same set of actions. • Both use recurring schedules. The differences between the two concepts are:
• • • •
A scheduled task is saved as an entity, an event-to-action is not. A scheduled task is triggered on schedule, not on event. A scheduled task can be turned on and off. The scheduling options are different:
Once. Executed once at a specific date and time.
Every minute. Executed every minute.
Hourly. Executed at a specific minute of every hour.
Daily. Executed at a specific time every day.
Weekly. Executed at a specific time on selected days of the week
On startup. Executed on system startup.
Interval. Executed at regular intervals that can be days, hours, minutes, or seconds.
Create a scheduled task This sample procedure creates a scheduled task that synchronizes an Active Directory role. 1 From the Home page in Config Tool, open the System task. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
109
Automating system behavior
2 Click the Scheduled tasks view, and click Scheduled task (
).
A new scheduled task entity appears in the Logical view. 3 Type a name for the scheduled task, and press ENTER. 4 Click the Properties tab. For more information, see Scheduled task – "Properties" on page 470. 5 Set the Status switch to Active. 6 Set the desired Recurrence pattern. a Click on the drop-down list and select Weekly. b Set the desired start time on the scheduled dates. c Select the days of the week when the action is to be executed. 7 Select the type of action to be executed. Additional parameters might be required based on the selected action. For our example, scroll down and click Trigger synchronization, then select the Active Directory role that needs to be synchronized. 8 Click Apply.
Using macros This section includes the following topics:
• "What is a macro?" on page 110 • "Creating macros" on page 110 What is a macro? You can write programs in C# using Security Center SDK to add custom functionality to your system. These programs are loaded into Security Center as macro entities. If you need help to develop custom macros, contact Genetec Professional Services through your sales representative for a quote, or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com.
Creating macros You can write your C# programs with an external text editor, or use the text editor found in Config Tool. For more information, see Macro – "Properties" on page 430.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
110
Managing alarms
Managing alarms This section includes the following topics:
• • • • • •
"What is an alarm?" on page 111 "Create an alarm" on page 112 "Testing alarms" on page 112 "Trigger alarms manually" on page 113 "Trigger alarms automatically using event-to-actions" on page 113 "Responding to alarms" on page 115
What is an alarm? An alarm entity describes a particular trouble situation in Security Center (intrusion, broken window, door forced open, and so on) that requires immediate attention. The basic properties of an alarm are:
• Name. Alarm name. • Priority. Priority of the alarm (1-255), based on the urgency of the situation. Higher priority alarms are displayed first in Security Desk.
• Recipients. Users who are notified when the alarm occurs, and are responsible for responding to the alarm situation. Recipients can be notified all at once, or one after another in a sequence.
• Attached entities. Entities that help describe the alarm situation (for example, cameras, area, doors, and so on). When the alarm is received in Security Desk, the attached entities can be displayed one after another in a sequence or all at once in the canvas, to help you review the situation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
111
Managing alarms
Create an alarm You create alarms from the Alarms task in Config Tool. 1 From the Home page in Config Tool, open the Alarms task. 2 Click the Alarms view, and click Alarm ( A new alarm entity (
).
) appears in the Logical view.
3 Type a name for the alarm, and press ENTER. Best practice: Provide a name best describes the situation, so it is easy to determine what happened when the alarm is triggered. 4 Click the Properties tab, configure the essential properties, and click Apply. For more information, see "Properties" on page 352. 5 Click the Advanced tab, configure the advanced settings, and click Apply. For more information, see "Advanced" on page 354. After you are done: Test the alarm you just created. See "Testing alarms" on page 112.
Testing alarms The simplest way to test an alarm is to trigger it manually from Config Tool, and make sure you receive it in Security Desk. Before you begin: Log on to Security Desk as one of the alarm recipients. 1 From the Home page in Config Tool, open the Alarms task. 2 Click the Alarms view, and select the alarm to test. 3 In the Contextual commands toolbar, click Trigger alarm (
).
The triggered alarm should appear in the Security Desk notification tray, and in the alarm list in the Alarm monitoring task. The Alarm monitoring task opens automatically if Security Desk is configured open the task when an alarm is triggered. To set this behavior, see “Customizing alarm behavior” in the Security Desk User Guide. If the Alarm monitoring task does not open automatically, doubleclick the alarm icon in the Security Desk notification tray to open it.
Troubleshooting alarms If you do not receive an alarm, check the following:
• Is the alarm schedule preventing you from triggering the alarm at this moment? • Does the alarm recipient have the correct privileges to receive alarms (Alarm monitoring and Acknowledge alarms)? gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
112
Managing alarms
Trigger alarms manually When you observe a trouble situation happening in Security Center, you can manually trigger an alarm. To trigger an alarm manually:
• Do one of the following:
In the Alarms task in Config Tool, select an alarm, and then in the Contextual commands toolbar, click Trigger alarm ( ). In the notification tray in Security Desk, click Hot actions ( Trigger alarm ( ), select an alarm, and then click OK.
) > Manual action. Click
In the Alarm monitoring task in Security Desk, click Trigger alarm ( alarm, and click Trigger alarm.
), select an
Trigger alarms automatically using event-to-actions You can configure events that occur to trigger alarms, using event-to-actions. This is the most common way alarms are triggered. NOTE If an alarm is triggered and displayed in the canvas and the triggering event is caused by
an entity that is associated with cameras (for example a door), then the associated cameras are displayed in the canvas before the entities attached to the alarm. For more information, see Alarm – Properties – "Attached entities" on page 353. For more information about creating event-to-actions, see "Using event-to-actions" on page 106. To trigger an alarm automatically: 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view. 3 Click the Actions tab, and click
.
4 In the Entity type page, select an entity type, and click Next. The source entity is the entity that the event is attached to. 5 In the Source page, select the source entity and click Next. 6 In the Event page, select an event type Only events related to the selected entity type are listed. For a list of events available in Security Center, see "Event types" on page 745. 7 Select a schedule, and click Next. The schedule determines when the event will trigger the action. For example, you might want to trigger an alarm only when a window is opened during the weekend. By default, Always is selected. 8 In the Action page, select Trigger alarm. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
113
Managing alarms
9 From the Alarm drop-down list, select an alarm to trigger. 10 (Optional) From the Acknowledgement condition drop-down list, select an event that must be triggered before the alarm can be acknowledged. This option is only available when you select some source event types. For a list of event types that could require an acknowledgement condition to be cleared before the alarm can be acknowledged, see "Event types that could require an acknowledgement conditions" on page 114. 11 To require a user to acknowledge the alarm after the acknowledgement condition is cleared, select the User acknowledgement required option. If you clear this option, the alarm is automatically acknowledged when the acknowledgement condition is cleared. 12 Click Next > Create > Close.
Event types that could require an acknowledgement conditions For some event-to-actions that trigger alarms, you can configure them so that a second event must be triggered before the triggered alarm can be acknowledged. The second event is the acknowledgement condition. The following is a list of event types that allow you to select an acknowledgement condition that must be cleared before the alarm can be acknowledged. Source event type
Entity type
Acknowledgement condition
AC fail
Access control unit, Intrusion detection unit
AC fail input normal
Application lost
Roles
Application online
Asset offline
Asset
Asset online
Asset online
Asset
Asset offline
Battery fail
Access control unit, Intrusion detection unit
Battery fail input normal
Door forced open
Door
Door closed
Door opened
Door
Door closed
Door opened too long
Door
Door closed
Hardware tamper
Access control unit, Intrusion detection unit, Zone (hardware)
Input normal
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
114
Managing alarms
Source event type
Entity type
Acknowledgement condition
Intrusion detection area alarm activated
Intrusion detection area
• • • •
Intrusion detection area input bypass activated
Intrusion detection area
Input bypass deactivated
Manual station activated
Door
Manual station reverted to normal state
Signal lost
Camera
Signal recovered
Unit lost
Access control unit, Intrusion detection unit, LPR unit, Video unit
Unit online
Zone armed/ disarmeda
Zone
• Zone state normal • Zone state active
Disarmed (not ready) Disarmed (ready to arm) Master armed Perimeter armed
a. Events that are associated with the normal, active, and trouble states of a zone can also be configured with an acknowledgement condition. For more information about zone states, see "Properties" on page 503.
Responding to alarms You respond to active alarms from the Alarm monitoring task in Security Desk. When you receive an alarm, you can snooze the alarm, forward it to a colleague, or acknowledge it. The alarm can also be automatically acknowledged after a period of time, if it is configured that way. For alarms with an acknowledgement condition, the process is a bit different. Before the acknowledgement condition is cleared, you can investigate the alarm to let other users know you have seen it, and are taking care of it. You can only acknowledge the alarm after the acknowledgement condition is cleared. The alarm can also be automatically acknowledged by the system after the acknowledgement condition is cleared, if it is configured that way. EXAMPLE A Unit lost event occurs, which triggers an alarm with an acknowledgement
condition of Unit online. Before the unit comes back online, the alarm can be snoozed, forwarded, investigated, or an administrator can forcibly acknowledge it. After the event Unit online occurs, the alarm can be acknowledged. NOTE Administrators can force all local alarms to be acknowledged at any time, even if the acknowledgement condition is not cleared.
For more information on acknowledging alarms, see “Acknowledging alarms” in the Security Desk User Guide. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
115
Managing alarms
Investigating current and past alarms You can search for and examine current and past alarms, using the Alarm report task in Security Desk. For more information about using the Alarm report task, see “Investigating current and past alarms” in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
116
Managing threat levels
Managing threat levels This section includes the following topics:
• • • • • • • •
"What are threat levels for?" on page 117 "Differences between threat levels and alarms" on page 117 "Create a threat level" on page 119 "Configuring threat level actions" on page 121 "Actions exclusive to threat levels" on page 122 "Threat level limitations" on page 122 "Threat level scenarios" on page 123 "Threat level related tasks" on page 127
What are threat levels for? A threat is a potentially dangerous situation, such as a fire or a shooting, that requires immediate response from the system and the security personnel. A threat could affect only one area or the entire system. As the Security Center administrator, you define threat levels to help the security personnel deal promptly with threatening situations. Each threat level is characterized by a name and a color, and associated to two lists of actions that the system executes automatically, one when the threat level is set, and another one when the threat level is cleared. The full range of Security Center actions is at your disposal to dictate the behavior of the system, plus some actions that are unique to threat levels, such as denying certain cardholders access to areas in your system, or forcing certain users to log off from the system. Threat levels are set by Security Desk operators when a situation calls for such an action. The operator must have the Set threat level privilege. The operator can set a threat level on an area or on the entire system (includes all areas). For more information on dealing with threats from an operator’s perspective, see “Set threat levels” in the Security Desk User Guide.
Differences between threat levels and alarms The following table highlights the differences between threat levels and alarms. For more information on alarms, see "Managing alarms" on page 111. Characteristics
Alarm
Threat level
Purpose
Deals with localized events, such as a forced entry or an object being left unattended in a public area.
Deals with widespread events affecting an whole area or the entire system, such as a fire or a shooting.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
117
Managing threat levels
Characteristics
Alarm
Threat level
Configuration privileges
• Config Tool • Add/delete alarms • Modify alarms
Only administrative users can configure threat levels.
Activation
Typically triggered by an event-toaction. Can also be triggered by a manual action.
Typically set manually by a Security Desk operator. Can also be set by an event-to-action.
System response on activation
Recording starts automatically on cameras associated to the alarm.
The threat level activation action list is automatically executed.
Notification method
The alarm icon turns red in the Security Desk notification tray. Depending on your Security Desk configuration, the Alarm monitoring task might be brought to the foreground.
The threat level icon turns red in the Security Desk notification tray. When a threat level is set at the system level, the background of Security Desk turns to the color of the threat level.
Who gets the notification?
Security Desk users configured as alarm recipients.
All Security Desk users.
Event ranking
Alarms are ranked according to their priority level (1=highest, 255=lowest). Higher priority alarms are displayed first. When the priority level is the same, the most recent is displayed first.
Threat levels are independent of each other. Only one threat level can be set on an area at any given time. The last threat level set overrides the previous one.
Deactivation
A Security Desk user (alarm recipient) must acknowledge the alarm. Alarms can also be automatically acknowledged by the system after a specified delay or when the acknowledgment condition is met.
A Security Desk user must manually clear the threat level or set a different threat level. A threat level can also be automatically cleared using an event-toaction (Set threat level to None).
System response on deactivation
The acknowledged alarm is removed from all active alarm list (Alarm monitoring task in Security Desk).
The threat level deactivation action list is automatically executed.
Related events
• • • • • •
• Threat level set • Threat level cleared
Alarm triggered Alarm being investigated Alarm condition cleared Alarm acknowledged Alarm acknowledged (Alternate) Alarm forcibly acknowledged
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
118
Managing threat levels
Characteristics
Alarm
Threat level
Operator privileges
• • • • • • •
Security Desk (Application) Alarm monitoring (Task) Alarm report (Task) Trigger alarms (Action) Snooze alarms (Action) Forward alarms (Action) Acknowledge alarms (Action) NOTE Only administrative users can forcibly acknowledge alarms.
• Security Desk (Application) • Set threat level (Action) The same privilege is used for both setting and clearing threat levels. To clear a threat level is to set it to None. NOTE The threat level activation and deactivation actions are carried out by the system, independently of the operator’s privileges.
Exclusive actions
None.
• Set minimum security clearance • Set minimum user level • Set reader mode For more information, see "Actions exclusive to threat levels" on page 122.
Create a threat level Only administrative users can configure threat levels. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view and select the Threat levels page. For a description of this page, see "Threat levels" on page 629. 3 At the bottom of the threat level list, click Add an item (
).
The Threat level configuration dialog box appears. 4 Enter the Name, Description, Logical ID (optional), and Color of the threat level. Make sure you choose a distinctive color for each threat level. The threat level color is used to color the Security Desk background when the threat level is set at the system level. 5 Configure the threat level Activation actions. These actions are executed by the system when the threat level is set, independently of the privileges and permissions of the user who set the threat level. For information on what actions you can configure, see "Configuring threat level actions" on page 121 and "Actions exclusive to threat levels" on page 122. 6 Configure the threat level Deactivation actions. These actions are executed by the system when the threat level is cleared or overwritten by another one, independently of the privileges and permissions of the user who cleared the threat level. CAUTION The system does not automatically revert the configuration back to what it was before the threat level was set. You need to explicitly configure the deactivation actions to take care of that. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
119
Managing threat levels
7 Click OK to close the configuration dialog box. A new threat level (
) appears in the threat level list.
8 Click Apply. After you are done: Do the following:
• Grant Set threat level privilege to all users who need to set threat levels. NOTE For users who need to set system threat levels, they must be accepted users of the
Public partition. For more information, see "Action privileges" on page 708.
• (Optional) Configure additional threat level activation and deactivation actions for specific areas. For more information, see "Threat levels" on page 362.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
120
Managing threat levels
Configuring threat level actions Actions in Security Center typically affect a single target entity (see "Action types" on page 758). However, when actions are used to configure threat levels, the scope of many of them can be extended to all entities found under the area where the threat level is set that match the type of the target entity. For example, the action Start recording normally applies to a specific camera. If you select All entities for the Camera argument, recording will start on all cameras found under the area where the threat level is set.
NOTE If you select a specific entity for your action, the action will be applied to the selected entity regardless whether the entity is found under the area where the threat level is set or not.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
121
Managing threat levels
Actions exclusive to threat levels The following actions are unique to threat level configuration. Action name
Target entity
Description
Set minimum security clearance
area (Location)
Sets the minimum security clearance level required from cardholders to access the area on top of the restrictions imposed by the access rules. Additional parameter: • Security clearance. The minimum security clearance level required for the selected area. (0=highest level, 99=lowest level or no special clearance required). NOTE The security clearance is only visible to administrative users. This action only works with door controllers that support this feature. The range of supported values might vary, depending on the access control hardware.
Set minimum user level
N/A
Logs out users with a lower user level than the one you specify when a threat level is set, and prevents them from logging back on. Additional parameter: • User level. The minimum user level (1=highest level, 254=lowest level) required to log on to the system, or to stay logged on to the system. NOTE This action is only executed when the threat level is set of the system level. If the user setting the threat level has a user level below the required minimum, that user will be logged off the system the moment the threat level is set.
Set reader mode
area, door (Location)
Sets the reader mode for accessing doors. Additional parameter: • Reader mode. Select whether access is granted using Card and PIN, or Card or PIN, for the selected areas. NOTE This action only works with door controllers and readers that support this feature.
Threat level limitations The following limitations apply when using the threat level feature:
• Threat levels work independently of partitions. Therefore, a threat level set at the system •
level by the users of one partition might affect the entities belonging to another partition, if the actions have a generic scope (applied to All entities). Threat levels cannot be applied to federated areas.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
122
Managing threat levels
Threat level scenarios The following scenarios serve to illustrate the use of threat levels.
• "Scenario #1: Fire" on page 123 • "Scenario #2: Gunman" on page 125 Related topics:
• “Set threat levels” in the Security Desk User Guide • “Clear threat levels” in the Security Desk User Guide Scenario #1: Fire In case a fire breaks out, we want the system to respond immediately with the following actions:
• Sound the fire alarm NOTE For the sake of illustration. Not a recommended practice.
• Unlock all doors to let people evacuate NOTE For the sake of illustration. Not a recommended practice.
• Log off all low priority users to free as much resources (especially network bandwidth) as •
possible for high priority users to manage the current threat. Record the entire evacuation process at high video quality for as long as it lasts.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
123
Managing threat levels
The threat level configured to handle a fire could be as follows:
When an operator sets this threat level, the following actions are executed by the system:
• Trigger output. Sounds the fire alarm by sending the Fire alarm output behavior to the output pin Building Exit - Output-1, assuming that this is where the alarm bell is connected.
• Set the door maintenance mode. Sets all doors within the area where the threat level is set to maintenance mode, effectively unlocking all of them for an indefinite period of time. This is better than using the Unlock door explicitly action which only unlocks the doors for a few seconds.
• Set minimum user level. Immediately logs off all users with a user level lower than 1, basically every one that is not an administrator, encouraging them to leave their desk at once, as well as stopping all unnecessary activity on the network, so the administrators can have as much bandwidth as possible at their disposal to deal with the situation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
124
Managing threat levels
NOTE This action is only executed if the threat level is set at the system level. So if the fire is
limited to one area, we do not want to log off everyone from the system.
• Override with event recording quality. Boosts the recording quality of all cameras within the area where the threat level is set to event recording quality. For more information, see "Boost quality on event recording" on page 376.
• Start recording. Starts recording on all cameras within the area where the threat level is set for an infinite duration, or until it the Stop recording command is issued. When an operator clears this threat level, the following actions are executed by the system:
• Trigger output. Stops the fire alarm by sending the Normal output behavior to the output pin Building Exit - Output-1.
• Set the door maintenance mode. Turns off the maintenance mode on all doors within the area where the threat level is set. This effectively restores all doors to their normal behavior.
• Set minimum user level. Resets the minimum user level to 254 (the lowest value), allowing all users to log back on.
• Recording quality as standard configuration. Restores the standard recording quality on all cameras within the area where the threat level is set.
• Stop recording. Stops recording on all cameras within the area where the threat level is set. This action will not stop the recording on cameras that are on a continuous recording schedule.
Scenario #2: Gunman In case a gunman or a shooter is spotted, we want the system to respond immediately with the following actions:
• • • •
Block access to where the gunman/shooter is from innocent bystanders. Record the shooting incident in high quality video as evidence in court. Protect the video recordings of the whole event against accidental deletion. Block the sensitive video footage from the public eye in case some of the video streams are shown on public web sites.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
125
Managing threat levels
The threat level configured to handle a gunman/shooter could be as follows:
When an operator sets this threat level, the following actions are executed by the system:
• Set minimum security clearance. Prevents the cardholders who have a security clearance lower than 5 (between 6-99) from entering the area where the gunman is, and hopefully, preventing the gunman from getting out. NOTE This configuration assumes that only armed security personnel have a clearance level higher than 5 (between 0-5), and that security operators continue to monitor all exits and can manually unlock doors to let the innocent people out.
• Override with event recording quality. Boosts the recording quality of all cameras within the area where the threat level is set to event recording quality. For more information, see "Boost quality on event recording" on page 376.
• Start recording. Starts recording on all cameras within the area where the threat level is set for an infinite duration, or until it the Stop recording command is issued. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
126
Managing threat levels
• Start applying video protection. Starts protecting the videos recorded from the cameras within the area where the threat level is set, from now until the Stop applying video protection command is issued, for an unlimited period of time.
• Block and unblock video. Block all users with a user level lower than 5 from viewing the video from the cameras within the area where the threat level is set, from now until the video blocking is explicitly stopped, for an unlimited period of time. NOTE This configuration assumes that all security personnel has a user level higher than 5
and can continue to monitor the scene. When an operator clears this threat level, the following actions are executed by the system:
• Set minimum security clearance. Restore normal access to the area to all cardholders by setting the security clearance to 99 (the lowest level).
• Recording quality as standard configuration. Restores the standard recording quality on all cameras within the area where the threat level is set.
• Stop recording. Stops recording on all cameras within the area where the threat level is set after 30 seconds. This action will not stop the recording on cameras that are on a continuous recording schedule.
• Stop applying video protection. Stops protecting the videos recorded from the cameras within the area where the threat level is set, after one minute.
• Block and unblock video. Unblock all cameras within the area where the threat level is set. The video recorded during the time when the threat level was active will remain blocked for playback to the users whose user level is lower than 5.
Threat level related tasks You can monitor threat level related activities with the following maintenance tasks:
• System status. Use this task to monitor the threat level and security clearance set on each areas. See "Monitoring the status of your system" on page 177.
• Activity trails. Use this task to find out when threat levels have been set and cleared, and who did it. See "Investigating user related activity on the system" on page 182.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
127
Federating remote systems
Federating remote systems The Federation™ is a virtual system formed by joining multiple independent Genetec IP security systems together. The purpose of the Federation is to allow the users on your local system to view and control the entities belonging to independent remote systems as if they were on your local system. This section includes the following topics:
• • • • •
"Types of federations" on page 128 "What are federated entities?" on page 128 "Federating Omnicast systems" on page 131 "Federating Security Center systems" on page 133 "Advanced settings for large federations" on page 134
Types of federations Security Center can join (or federate) Omnicast 4.x systems and other Security Center systems into a large federation. The system that joins other systems together is called the Federation host. Security Center does this by creating a specific federation role for each system it needs to unify. Two types of federation roles are available:
• Omnicast Federation. Federates an Omnicast 4.x system so that its cameras and events can be used in your local system. For more information, see "Federating Omnicast systems" on page 131.
• Security Center Federation. Federates an independent Security Center system so that its entities can be used in your local system. For more information, see "Federating Security Center systems" on page 133.
What are federated entities? Federated entities are entities imported from remote independent systems. They do not belong to your local system. You can view and manipulate them in your local system, but you cannot change their native settings.
Identification of federated entities Federated entities are easily identifiable by the yellow arrow that is superimposed on their entity icon. The following are some examples of federated entities:
• • •
– Federated area entity (they are called sites in Omnicast) – Federated alarm entity – Federated fixed camera entity
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
128
Federating remote systems
• • • • • • • •
– Federated dome camera entity – Federated camera sequence entity – Federated virtual camera entity (Omnicast only) – Federated cash register entity – Federated door entity (Security Center only) – Federated elevator entity (Security Center only) – Federated cardholder entity (Security Center only) – Federated credential entity (Security Center only)
Using federated entities You can perform the following operations on federated entities in Security Desk:
• • • •
View live or playback video from federated cameras. Add bookmarks, start/stop recording, and export video from federated cameras. Control the PTZ on federated dome cameras (except PTZ locking). Switch cameras on CCTV matrices via virtual cameras federated from Omnicast 4.x. For more information, see "Federating Omnicast systems" on page 131.
• View, start/stop cycling, pack/unpack federated camera sequences. For more information, see "Limitations with Omnicast Federation" on page 131.
• Receive, acknowledge, snooze, forward, start/stop cycling, pack/unpack federated alarms. For more information, see "Exceptions regarding federated alarms" on page 130 and "Limitations with Omnicast Federation" on page 131.
• • • •
View and control federated tile plugins. Lock/unlock federated doors. Arm/disarm federated intrusion detection areas. Arm/disarm federated zones.
Can federated entities be configured locally? Most federated entity properties cannot be changed on your local system, but you can use the federated entities to configure your local entities.
• You cannot change their name and description. • You cannot change any attributes that inherently defines the entity. This includes most •
properties defined in the entity configuration tabs, although you can view them. You can assign a logical ID to each federated entity. The logical ID is a local attribute associated with the federated entity to uniquely identify it within the Federation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
129
Federating remote systems
• You can choose what events you want to receive from the federated system. Based on these events, you can define event-to-actions for the federated entities. The actions can either be executed on the Federation host or on the federated system. You can view their activity and audit trail reports in the Reporting tab.
• • You can control the visibility of the federated entities to your local users via partitions. • You can configure the visual tracking for cameras federated from Omnicast systems. • You can use them in the configuration of local entities, such as attaching federated cameras to local entities, or use them to define local alarms and camera sequences.
Exceptions regarding federated alarms Not all alarm properties are federated. Most properties pertaining to the alarm display in Security Desk must be configured locally on the Federation host. The exceptions for federated alarms are the following:
• The alarm schedule follows the original configuration of the remote system. Since schedule •
entities are not federated, the default schedule Always is shown instead. Alarm priority:
Omnicast: Original value is not federated. You can redefine it (default=1) locally on the Federation host.
Security Center: Original value is federated and cannot be modified. Reactivation threshold is an inherent property of the alarm and cannot be modified.
• • Entity cycling is a local property to the Federation host. You can change its setting and it will not affect the federated system. Automatic acknowledgement is an inherent property of the alarm and cannot be modified.
• • Create an incident on acknowledgement is a local property to the Federation host. You can change its setting and it will not affect the federated system. Automatic video recording is an inherent property of the alarm and cannot be modified.
• • Protect recorded video is an inherent property of the alarm and cannot be modified. • Video display is a local property to the Federation host. You can change its setting and it will not affect the federated system.
• Alarm procedure (URL):
Omnicast: Original value is not federated. You can redefine it locally on the Federation host.
Security Center: Original value is federated and cannot be modified. Attached entities are federated as far as they are federated entities. The list is an inherent property of the alarm and cannot be modified. Alarm recipients must always be configured locally for the Federation host.
• •
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
130
Federating remote systems
Related topics:
• "Alarm" on page 351
Federating Omnicast systems The Omnicast Federation role acts as a proxy between your local clients and the remote Omnicast system they need to connect to. For the exact versions of Omnicast 4.x systems supported in this release, see the Security Center Release Notes.
Limitations with Omnicast Federation Federating an Omnicast system has the following limitations:
• Alarms are federated, but the alarm priority and the alarm procedure must be configured • •
locally on the Federation host. For more information, see "Exceptions regarding federated alarms" on page 130. Some playback capabilities are not supported on federated cameras. Smooth reverse playback is not available and the rewind speed is limited to -10x, -20x, -40x, and -100x. Camera sequences are federated, but they behave as a single camera on the Federation host. This means that the users on the Federation host cannot unpack nor stop the camera cycling on camera sequences ( ) federated from Omnicast.
• Sites ( ) are federated as areas ( ) in Security Center. • Sites with a Map (URL) property ( ) are federated as areas (
) with a Web page tile
plugin attached.
Configure an Omnicast federation Before you begin: The Omnicast Compatibility Pack corresponding to the version of the Omnicast system you plan to federate must first be installed on the server where the federation role is to be hosted, and on the client workstation where Config Tool is running. The same Compatibility pack must also be installed on all secondary servers you plan to assign to the federation role, and all Security Desk workstations viewing the federated cameras. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view. 3 Click Add an entity (
), and click Omnicast Federation.
4 From the Server drop-down list, select the primary server for this role. NOTE The Compatibility pack corresponding to the Omnicast system you wish to federate
must be pre-installed on that server. 5 In the Directory field, enter the name of the Omnicast Gateway connecting you to the remote Omnicast system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
131
Federating remote systems
6 In the next two fields, enter the username and password that the federation role is going to use to log on to the remote Omnicast system. The rights and privileges of that user determine what your local users will be able to see and do on the federated remote system. 7 From the Version drop-down list, select the version of the remote Omnicast system. This drop-down list only shows the Omnicast versions for which a compatibility pack is installed. 8 In the Federated events section, select the types of event that you want to receive on the your local system, and click Next. Events are necessary if you plan to monitor the federated entities in Security Desk, or to configure event-to-actions for the federated entities. 9 Click Next. 10 Enter the Basic information for this role, and click Next. All federated entities are created in the partition you select. 11 Confirm the information displayed on the Creation summary page. 12 Click Create, and click Close. The new federation role (
) is created.
13 If you plan to host more than 40 Omnicast Federation roles on the same server, you need to assign a different role group to every 40 roles you create. For more information, see "Advanced settings for large federations" on page 134. 14 Click the Properties tab, and finalize the role configuration. For more information, see "Properties" on page 592. 15 Open the Logical view task in Config Tool. You should see the new federation role ( ) in the Logical view. Expand this entity to see all the federated entities imported by this role. The entity hierarchy corresponds to the Logical view on the federated remote system. For more information, see "Omnicast Federation" on page 590.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
132
Federating remote systems
Federating Security Center systems The Security Center Federation role acts as a proxy between your local clients and the remote Security Center system they need to connect to. For the exact version of Security Center systems supported by the release you have, see the Security Center Release Notes. 1 From the Home page in Config Tool, open the System task. 2 Click Add an entity (
), and click Security Center Federation.
3 From the Server drop-down list, select the primary server for this role. 4 In the Directory field, enter the Directory server name of the remote Security Center system. 5 In the next two fields, enter the username and password that the federation role is going to use to log on to the remote Security Center system, and click Next. The rights and privileges of that user determine what your local users will be able to see and do on the federated remote system. 6 Click Next. 7 Enter the Basic information for this role, and click Next. All federated entities are created in the partition you select. 8 Confirm the information displayed on the Creation summary page. 9 Click Create, and click Close. The new federation role (
) is created.
10 If you plan to host more than 100 Security Center Federation roles on the same server, you need to assign a different role group to every 100 roles you create. For more information, see "Advanced settings for large federations" on page 134. 11 Click the Properties tab, and complete the role configuration. For more information, see "Properties" on page 603. 12 Open the Logical view task in Config Tool. You should see the new federation role ( ) in the Logical view. Expand this entity to see all the federated entities imported by this role. The entity hierarchy corresponds to the Logical view on the federated remote system. For more information, see "Security Center Federation" on page 601.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
133
Federating remote systems
Advanced settings for large federations On a large scale deployment, Security Center can federate thousands of independent remote systems. However, there are hardware and software limitations you need to consider. The number of federation roles you can host on a single server depends on the following:
• Type of federation roles you are hosting. • Number of federation roles you are hosting. • Type of computer running Genetec Server.
Low capacity: Intel Core 2 Duo 3.0 GHz, 2 GB RAM
Medium capacity: Dual Core Intel Xeon 2.66 GHz, 4 GB RAM
High capacity: Quad Core Intel® Xeon®, 2.00 GHz, 4 GB of RAM
What is a role group? When a large number of federation roles are hosted on the same server, they need to be divided into multiple role groups. All roles belonging to the same role group are executed by the same process on the same machine. There is a limit to the number of roles a single process can handle. The following table helps determine how many role groups you need on your server. NOTE These calculations assume that each federated system (either an Omnicast system or a Security Center system) has 150 cameras. Role type
Number of federation roles supported on a single server
Single role group (Any hardware profile)
Multiple role groups (Low and Medium capacity hardware profiles)
Multiple role groups (High capacity hardware profile)
Omnicast Federation
40
Contact Genetec Technical Assistance (see "Technical support" on page 869)
100
Security Center Federation
100
Contact Genetec Technical Assistance (see "Technical support" on page 869)
500
EXAMPLES
• A single role group can have up to 40 Omnicast Federation roles. Therefore, a high capacity
•
computer hosting 100 Omnicast Federation roles requires three separate role groups, divided as follows: 30 roles on the first group, 30 roles on the second group, and 40 roles on the third group. A single role group can have up to 100 Security Center Federation roles. Therefore, a high capacity computer hosting 500 Security Center Federation roles requires five separate role groups.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
134
Federating remote systems
Configure the role group You need to configure the role group for federation roles only when you have a large number of roles to host on the same server. 1 From the Home page in Config Tool, open the System task. 2 Click the Role view, and select the role entity to configure. 3 Click the Identity tab. 4 In the Name field, type Ctrl+Shift+A. The Advanced settings appear at the bottom of the tab. 5 Change the Role group if necessary. To determine how many roles you can put in the same group, see "What is a role group?" on page 134. 6 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
135
Defining custom fields and data types
Defining custom fields and data types This section includes the following topics:
• • • •
"Why use custom fields?" on page 136 "Add a custom field" on page 136 "Add a custom data type" on page 138 "Modify a custom data type" on page 139
Why use custom fields? Custom fields can be added to some types of entities. These fields can be used to collect additional information. For example, you can add gender, home phone number, and cellphone as custom fields on a user entity. Custom fields are also useful for holding additional information when users and cardholders are imported from your company’s Active Directory. For more information, see "Integrating with Windows Active Directory" on page 140. Custom fields can be of any type and you can define them yourself. Once added, the custom field is available in all database reports and queries. When custom fields contain private information, you can restrict their access to contain groups of users.
Add a custom field Before you begin: A custom field can be based on a standard data type or a custom data type. Custom data types must be created beforehand if they are to be used to create custom fields. For more information, see "Add a custom data type" on page 138. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Custom fields page. For more information, see "Custom fields" on page 619.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
136
Defining custom fields and data types
3 Click
at the bottom of the custom field list.
The Add custom field dialog box appears.
4 From the Entity type drop-down list, select the entity type. 5 From the Data type drop-down list, select the data type for this field. Both standard and custom data types are listed. The standard data types are:
Text. Alphanumeric text.
Numeric. Integers in the range -2147483648 to 2147483647.
Decimal. Real numbers from -1E28 to 1E28.
Date. Gregorian calendar date and time.
Boolean. Boolean data, represented by a check box.
Image. Image file. The supported formats are: bmp, jpg, gif, and png.
Entity. Security Center entity. Users will have to use the Search tool to set the value for this type of field. See "Search for entities using the Search tool" on page 43.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
137
Defining custom fields and data types
6 In the Name field, type the name for this custom field. 7 (Optional) In Default value field, type or select the default value for this field. 8 Depending on the selected data type, the following additional options appear:
Mandatory. Select it if this custom field cannot be empty.
Value must be unique. Select it if the value of this custom field must be unique.
NOTE The unique value option can only be enforced after the field is created. To enforce this
option, you must first make sure that all entities in your system have a distinct value for this custom field, then come back to this tab to apply the unique value option to it. 9 (Optional) Under the Layout section, type the Group name, and select the Priority from the drop-down list. These two attributes are used when displaying the field in the Custom fields tab of associated entity. The group name is used as the group heading, and the priority dictates the display order of the field within the group. 10 (Optional) Under the Security section, click to add users and user groups that will be able to see this custom field. By default, only administrative users can see a custom field. 11 Click Save and close. The new custom field is available in the Custom fields tab of the selected entity type and can be used in reports. For an example, see Common configuration tabs – "Custom fields" on page 335.
Add a custom data type Custom data types define a list of values based on a standard data type. Custom data types appear in a drop-down list in the Custom fields tab of the entity’s configuration page. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Custom fields page. 3 Click the Custom data types tab. For more information, see System – General settings – "Custom data types" on page 621. 4 Click
at the bottom of the custom data type list.
The custom data type creation wizard appears. 5 In the Edit custom data type page, enter the Name, Description, and Type for your custom data type, and click Next. 6 In the Data entry page, enter a value in the Value field and click
.
The entered value is added to the enumerated list. 7 Repeat Step 6 to define all possible values for this data type. 8 When you are finished, click Next, Next, and Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
138
Defining custom fields and data types
Modify a custom data type Before you begin: You can modify a custom data type even after it is being used in a custom field. For instance:
• You can rename a custom data type. • You can add new values to the custom data type. • You can delete a value as long as it is not used as the default value for a custom field. If you delete a value that is already being used by an entity, the value of that custom field for that entity is replaced by its default value. But there are restrictions:
• You cannot change the standard data type on which the custom data type is based. • Modifying a value is equivalent to deleting the old value and adding a new value. NOTE Suppose you have a custom data type with the possible values of A, B, and C, and a
custom field based on this custom data type with A as its default value. If you change the value C to D in the custom data type, the entities using the value C for this custom field will not see their values change to D, but to A (the default value). To modify a custom data type:
• Select it in the Custom data types tab, click
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
, and follow the wizard.
139
Integrating with Windows Active Directory
Integrating with Windows Active Directory This section includes the following topics:
• • • • • • • • • • • • •
"What is Active Directory integration?" on page 140 "What are the benefits of AD integration?" on page 140 "How does Active Directory integration work?" on page 141 "What information can be synchronized with the AD?" on page 142 "How does synchronization work?" on page 142 "Import security groups from an Active Directory" on page 143 "Select which cardholder fields to synchronize with the AD" on page 146 "Mapping the credential card format to an AD attribute" on page 147 "Map custom fields to synchronize with the AD" on page 148 "Resolve conflicts due to imported entities" on page 149 "Modifying imported users" on page 151 "Modifying imported cardholders" on page 151 "Logging on with an Active Directory user" on page 153
What is Active Directory integration? The integration of Windows Active Directory (AD) into Security Center allows you to manage all personnel security information from a single location, whether it is for logical security (IT) or for physical security (control access to physical locations). You can import security groups from an AD into Security Center as user groups and/or cardholder groups. Members can be imported as users and/or cardholders. Both standard and custom attributes can be imported from the AD. Most imported fields can only be modified within the AD and are read-only in Security Center. You can import entities from more than one AD if necessary. For example, from Security Center, you can manage access to a facility shared by multiple companies, such as an office building. As system administrator, you can import users and/or cardholders from their individual Active Directories, and manage them in separate partitions.
What are the benefits of AD integration? Having a centralized security information management system provides many benefits.
• Less data entry means fewer errors and better control during initial Security Center setup, since users and cardholders can be imported from an existing AD.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
140
Integrating with Windows Active Directory
• Consistency and better security since all shared information is entered only once.
A new user account added to an imported security group automatically adds a new user and/or cardholder in Security Center.
A user account that is disabled in the AD automatically disables the corresponding user and/or cardholder in Security Center. Single logon capability for synchronized Security Center users.
•
Users logged on to Windows do not have to log on to Security Center.
How does Active Directory integration work? To import users and/or cardholders from one or more ADs, you need to create an Active Directory role for each AD. The Active Directory role connects your Security Center system to an Active Directory server, and imports users and/or cardholders from selected security groups. Imported entities are identified in Security Center by a yellow arrow ( ) superimposed on the regular entity icon. Through a process called synchronization, the Active Directory role also keeps all imported entities up-to-date with changes made on the AD. Another function of the Active Directory role is to pass the logon credentials of imported users to the AD service for validation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
141
Integrating with Windows Active Directory
How does synchronization work? All imported entities are synchronized with their source by the Active Directory role. Most of the attributes imported from the AD are read-only in Security Center, except for a few cardholder properties (see "Modifying imported users" on page 151 and "Modifying imported cardholders" on page 151). Imported entities cannot be deleted unless they are deleted from the AD. CAUTION If you move a security account from a synchronized AD security group to one that is not synchronized, it is as though the account ceases to exist in Security Center. The Active Directory role deletes the corresponding entities (users and/or cardholders) from Security Center the next time it synchronizes with the AD.
Synchronization is always initiated from Security Center. There are two ways that you can start synchronization:
• Manually. Synchronization is performed when you explicitly request it. This is the default setting. The advantage of this approach is that you have perfect control over when you want the synchronization to be done.
• On schedule. The imported groups are synchronized using a scheduled task. For more information, see "Using scheduled tasks" on page 109.
What information can be synchronized with the AD? Both standard and custom Security Center fields can be imported from the AD, and kept synchronized with the AD. You can choose which user group, user, cardholder group, and cardholder fields to import from the AD in the Links tab of the Active Directory role. The standard attributes you can import from the AD are:
• User group
Name
Description
Email address User
•
Username
Password
Description
Membership in the imported user group
First name
Last name
Email address
Account status: Active or Inactive
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
142
Integrating with Windows Active Directory
• Cardholder group
Name
Description
Email address Cardholder
•
Cardholder name
Description
Membership in the imported cardholder group
First name
Last name
Email address
Partition
Cardholder picture
Profile status: Active or Inactive
Card data
Card format
Card number
Credential name
Credential partition
Credential status
Facility code
Additional attributes are imported from the AD by mapping them to Security Center custom fields. The Active Directory role keeps all imported fields synchronized with the AD. See "Map custom fields to synchronize with the AD" on page 148.
Import security groups from an Active Directory When you import an AD security group, you must import all members of that group. If you only want to import a subset of its members, for example, only Security Center users, then you need to define a new AD security group with only the members you wish to import. IMPORTANT
• If multiple AD’s are to be integrated into Security Center, they must all belong to different •
domains. If you have servers in your system that are still running an older version of Security Center, you should upgrade them to the current version before using them to host a new Active Directory role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
143
Integrating with Windows Active Directory
To import security groups: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, then click Add an entity (
) and select Active Directory.
3 In the Specific info page, do the following: a From the Server drop-down list, select the server where this role will be hosted. b In the Active Directory field, enter the hostname or the IP address of the AD server. NOTE If encrypted communication is used, the default port is 636. If you selected a different port, you need to append it to the AD server name, separated by a colon (‘:’),
c Specify how you want the role to connect to the AD server. With both choices, you must have read access to the selected AD service.
Use the Windows credentials assigned to the Genetec Server service running on the server hosting the Active Directory role. Specify a different set of Windows credentials (username, password).
4 In the Basic information page, enter the name, description, and partition where the Active Directory role will be created. For more information, see "Common entity attributes" on page 38. 5 Click Next, Create, and Close. A new Active Directory role ( the AD server.
) is created. Wait a few seconds for the role to connect to
6 In the Properties tab, select the AD security groups to import. NOTE There are two types of groups in Windows Active Directory: distribution groups and
security groups. Security Center can only synchronize with security groups. a Click Add an item (
).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
144
Integrating with Windows Active Directory
b Select the security groups to add to your Active Directory role. Use one of these two methods:
(Recommended) Type text in Find Active Directory groups, and click
.
If the text you entered matches a single group, it is automatically added to the Selected groups list. If the text you entered matches multiple group names, a second dialog box will appear listing all the group names that match the text you entered. Select the ones you want, and click OK to add them to the Selected groups list.
Under the Selected groups list, click (
).
The Active Directory members dialog box appears. Select a security group, and click OK. Only security groups can be synchronized. If you selected an item that is not a security group, the OK button remains disabled. NOTE The names shown in that dialog box are display names. Security Center only synchronizes the account names because they are guaranteed to be unique. Typically, the display names and the account names are the same. The only way to tell them apart is that the display names contain spaces.
c Repeat the previous step as often as necessary until all security groups you wish to synchronize with the AD are listed in Selected groups, then click OK. The selected groups are listed under Synchronized groups in the Properties tab. For more information about the Properties tab, see Active Directory – "Properties" on page 517. 7 For each of the synchronized groups, specify how you want to import them.
You have the following options:
As user group. Select this option to import the synchronized group as user group, and the group members as users. Create user on first logon. This is the default option, and it creates an empty user group. User entities will only be created when someone tries to log on with it. It avoids having to create all user entities at once, which can freeze up the system. If you clear this option, all user entities will be created at the same time as a user group.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
145
Integrating with Windows Active Directory
As cardholder group. Select this option to import the synchronized group as cardholder group, and the group members as cardholders. There is no delayed creation for cardholders. All synchronized cardholders are created at once. Import credentials. Select this option to import the credential information of the synchronized cardholders
8 If you are importing the AD security group as cardholder group, select which cardholder fields you want to synchronize with the AD. See "Select which cardholder fields to synchronize with the AD" on page 146. 9 (Optional) "Map custom fields to synchronize with the AD" on page 148. 10 Click Apply, and then click Synchronize now (
).
All synchronized groups and their members are imported as Security Center entities according to your specifications, with a yellow arrow ( ) superimposed on their icon. After you are done: Some additional configuration might be required, depending on what you synchronized with the AD:
• If you already had entities configured in your system, you might need to resolve some • • •
conflicts due to the import. See "Resolve conflicts due to imported entities" on page 149. (Optional) Configure the imported user groups with proper privileges and security options so when new user entities are created, they can automatically inherit those properties from their parent user group. For more information, see "Defining user groups" on page 96. (Optional) Configure the imported cardholders and cardholder groups. For more information, see "Configuring cardholders and cardholder groups" on page 283. (Optional) Create a scheduled task to synchronize imported entities with the AD on a regular basis. For more information, see "Create a scheduled task" on page 109. After you create a scheduled task, the warning message No scheduled task exists to synchronize this role disappears from the Properties tab.
Select which cardholder fields to synchronize with the AD Before synchronizing with the AD, you need to select which cardholder attributes you want to import from the AD by mapping them to Security Center fields in the Links tab of the Active Directory role. The mapping can be different for each Active Directory role in your system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
146
Integrating with Windows Active Directory
To map AD attributes to cardholder fields: 1 From the Links tab of the Active Directory role, click Add an item (
).
2 Select a Security Center cardholder field and an AD attribute, and then click OK. IMPORTANT The data type of the Security Center field must match that of the AD attribute: text with text, decimal with decimal, date with date, and so on. The Security Center image data type must be mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG image.
The new mapping appears in the Links tab. For more information about the Links tab, see "Links" on page 518. 3 Repeat the previous steps as needed. 4 If you are importing cardholder credential fields, do the following in the Links tab:
From the Card format drop-down list, select the default card format to use for the imported cardholder credentials when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential card format to an AD attribute" on page 147. From the Badge template drop-down list, select a default badge template to use for the imported cardholder credentials.
5 Click Apply. The mapped cardholder fields are displayed in the Links tab. When you synchronize with the AD, most of them are read-only.
Mapping the credential card format to an AD attribute If you decide to map the credential Card format property to an AD attribute, that attribute must contain either a numeric value (for standard card formats) or the exact card format name (text).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
147
Integrating with Windows Active Directory
The following table shows you the numeric value and the text value corresponding to each of the standard card formats supported by Security Center, and their descriptions. Number
Format name (Text)
Facility code range
Card number range
0
Standard 26 bits
0 to 255
0 to 65 535
1
HID H10306 34 Bits
0 to 65 535
0 to 65 535 (also known as “Card ID Numbers”)
2
HID H10302 37 Bits
Not required
0 to 34 359 738 367
3
HID H10304 37 Bits
0 to 65 535
0 to 524 287
4
HID Corporate 1000
0 to 4095 (also known as “Company ID Code”
0 to 1 048 575 (also known as “Card ID Numbers”)
For custom card formats, you must use the exact spelling used to create the custom card format. For more information, see "Custom card format editor" on page 670.
Map custom fields to synchronize with the AD In addition to default attributes, you can import other attributes from the AD by mapping them to Security Center custom fields. The custom field mapping can be different for each Active Directory role in your system. Before you begin:
• The workstation where Config Tool is running must be on the same network domain as the • •
AD server. The custom fields that will receive data from the AD must be defined beforehand. For more information, see "Defining custom fields and data types" on page 136. No more than 32 custom fields can be mapped to the AD.
To map custom fields, do the following: 1 From the Links tab of the Active Directory role, click Add an item (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
).
148
Integrating with Windows Active Directory
2 Select the custom field and the AD attribute, and then click OK. IMPORTANT The data type of the custom field must match that of the AD attribute: text with text, decimal with decimal, date with date, etc. The Security Center image data type must be mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG image.
The new mapping appears in the Links tab. For more information about the Links tab, see "Links" on page 518. 3 Repeat the previous steps as needed. 4 Click Apply. The mapped custom fields are displayed in the Links tab. When you synchronize with the AD, they are read-only.
Resolve conflicts due to imported entities Conflict resolution might be necessary if you have existing entities (users and/or cardholders) in your database prior to importing entities from the AD. When a synchronized entity has the same name as a local entity, the Active Directory role sees it as a potential conflict. You can use the Conflict resolution tool to merge local entities with synchronized ones, by copying the nonsynchronized fields from the local entity to the synchronized entity ( ). The relationships the local entity had with other entities in the system are also copied. When the merge is complete, the local entity is deleted, eliminating duplicate entities. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Active Directory role ( 3 In the Contextual command bar, click Conflict resolution (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
) from the entity browser. ).
149
Integrating with Windows Active Directory
The Active Directory conflict resolution dialog box appears. All synchronized entities are listed to the left. The ones that conflict with a local entity are flagged in green.
4 Select a conflicting entity from the Synchronized entities list. All local entities that can be merged with the imported entity are listed to the right. Do one of the following:
Select No selection if you do not wish to merge it with a local entity.
Select the local entity to be merged with the imported entity.
5 Repeat the previous step for all synchronized entities flagged in green. 6 Click Finish to save the conflict resolution decisions to a file on disk. The default file name is Conflict_Manifest.data. Be sure to save the file to a location that can be accessed from your main server and all servers hosting the Access Manager role. 7 (Optional) If you have user conflicts to resolve, apply the conflict manifest to your Directory database. a Connect to the Server Admin of your main server with a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. b In the Directory tab, under the Database group, click Resolve conflicts (
).
c In the dialog box that appear, browse to the Conflict_Manifest.data file. d Click Resolve conflicts, then click Back up. The conflict resolution status is shown in a independent dialog box. 8 (Optional) If you have cardholder conflicts to resolve, apply the conflict manifest to your Directory database and your Access Manager database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
150
Integrating with Windows Active Directory
a Select your Access Manager role from the Roles view of the System task. b Click the Resources tab, and click Resolve conflicts (
).
c In the dialog box that appears, browse to the Conflict_Manifest.data file. d Click Resolve conflicts, then click Back up. The conflict resolution status is shown in a independent dialog box. After conflict resolution, all synchronized entities that are merged with a local entity inherit their local properties, and all merged local entities are deleted.
Modifying imported users If you have users that are imported from an Active Directory, you can set the user’s status to inactive. The user becomes desynchronized from the AD until you activate the user again. 1 From the Home page in Config Tool, open the Security task. 2 Select an imported user (
), and click the Properties tab.
3 Set the User status option to Inactive.
• Click Apply. The user is no longer synchronized with the AD. It will only become synchronized again once you set the user’s status to Active.
Modifying imported cardholders If you have cardholders that are imported from an Active Directory, there are a few cardholder properties that you can modify in Security Center, such as the cardholder’s status or their picture. This section includes the following topics:
• "Assign pictures to imported cardholders" on page 151 • "Assign temporary cards to imported cardholders" on page 152 • "Modify the status of imported cardholders" on page 152 Assign pictures to imported cardholders You can assign a picture to the imported cardholder from Security Center, and then synchronize the picture with the Active Directory. 1 From the Cardholder management task, assign a picture to the cardholder. For more information, see “Assign a picture to the cardholder” in the Security Desk User Guide. 2 From the Home page, open the System task. 3 Select the Active Directory role, and then click the Links tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
151
Integrating with Windows Active Directory
4 Select the Upload pictures to Active Directory option. 5 Click Apply. 6 Click the Properties tab, and then click Synchronize now. NOTE If Security Center synchronizes with the AD based on a scheduled task, then the next
time the synchronization occurs, the new cardholder picture is synchronized with the AD.
Assign temporary cards to imported cardholders If an imported cardholder forgets or loses their card, you can assign them a temporary card in the Cardholder management task. When you assign them a temporary card, their credential becomes greyed out in Config Tool until the card is returned. For more information about assigning or returning temporary cards, see “Assign a temporary card to a cardholder” in the Security Desk User Guide.
Modify the status of imported cardholders You can modify the status and expiration date of an imported cardholder in Security Center. The cardholder becomes desynchronized from the AD. 1 From the Home page in Config Tool, open the Access control task. 2 Select an imported cardholder (
), and click the Properties tab.
3 In the Status section, move the slider from Keep synchronized to Override.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
152
Integrating with Windows Active Directory
4 Set the cardholder’s status and expiration date:
Status. Set the cardholder status to Active or Inactive. If the cardholder status is inactive, then the credentials assigned to the cardholder do not work, and the cardholder does not have access to any area.
Activation. Displays the current date.
Expiration. Set the cardholder to expire Never, on a specific date, or after a specified number of days after the first use. Click Apply.
•
The cardholder is no longer synchronized with the AD. It will only become synchronized again once you set the cardholder’s status to Keep synchronized.
Logging on with an Active Directory user This section includes the following topics:
• "Log on with Windows credentials" on page 153 • "Log on in an multiple AD integration scenario" on page 153 Log on with Windows credentials When you’re signed on to Windows using an account that happens to be synchronized with Security Center, you can log on to Security Center without having to retype your username and password.
• In the Security Center logon dialog box, select the option Use Windows credentials and click Log on.
Log on in an multiple AD integration scenario If multiple ADs are integrated into your system, you must to specify the Windows domain name with your username (for example genetec\dtsiang) when you log on to Security Center
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
153
Integrating with Windows Active Directory
using the basic authentication method. This is to let Security Center know which AD service to call for the validation of your credentials.
TIP If you are already signed on to Windows using the account that is synchronized to your Security Center user, then use the single logon option instead. For more information, see "Log on with Windows credentials" on page 153.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
154
Managing intrusion panels
Managing intrusion panels Intrusion panels (also known as alarm panels) can be integrated to Security Center for centralized monitoring, control, and reporting. This allows you to monitor the status of each zone in real time, generate detailed activity reports and arm/disarm zones (or partitions) defined on those intrusion panels through Security Desk. This section includes the following topics:
• • • • •
"How are intrusion detection panels represented in Security Center?" on page 155 "What does the Intrusion Manager role do?" on page 156 "Enroll an intrusion panel" on page 156 "Edit intrusion detection unit peripherals" on page 158 "Create an intrusion detection area" on page 159
How are intrusion detection panels represented in Security Center? Intrusion detection panels and other intrusion detection concepts are represented in Security Center by the following entity types:
• Intrusion detection unit. Represents an intrusion panel that is monitored and controlled by Security Center. Each intrusion panel can control multiple zones (or group of sensors). For more information, see "Intrusion detection unit" on page 423.
• Intrusion detection area. Corresponds to an area (also known as a partition or zone) configured on an intrusion panel. Intrusion detection areas are monitored in Security Desk. Users can perform the following actions on these areas:
Master arm. Arming an intrusion detection area so that all sensors attributed to the area set off the alarm if triggered. Some manufacturers call this arming mode “Away arming”. Perimeter arm. Arming an intrusion detection area so that only sensors attributed to the perimeter of that area set off the alarm. Other sensors such as motion sensors inside that area will be ignored.
Disarm. Tells the intrusion panel to ignore all sensors attributed to this area. If an alarm is set off by this area, disarming it also turns the alarm off. For more information, see "Intrusion detection area" on page 421.
For a list of intrusion detection panels supported in Security Center, see the Security Center Release Notes.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
155
Managing intrusion panels
What does the Intrusion Manager role do? The Intrusion Manager role is responsible for the integration of intrusion panels with Security Center. It listens to the events reported by the intrusion panels, provides live reports to Security Desk, and logs the events in a database for future reporting. The Intrusion Manager also relays user commands to intrusion panels such as arm/disarm intrusion detection areas, and triggering panel outputs through event-to-actions.
Creating an Intrusion Manager role The Intrusion Manager role is not created by default. For instructions on how to create a role, see "Create a role entity" on page 50. Best practice: It is recommended to run the intrusion panels and Intrusion Manager role on a secure network to prevent hackers from attempting to control the intrusion panels from outside by sniffing your network.
Limitations of the Intrusion Manager role For purposes of failover, the Intrusion Manager can be assigned to more than one server. However, if your intrusion panel is directly connected to your server via a serial port, failover is not supported. For more information, see"Configure failover for roles" on page 64.
Enroll an intrusion panel Before you begin: The Intrusion Manager role responsible for the intrusion panel must be created first. If the intrusion panel is going to be controlled via serial port, it should be connected to the server hosting the Intrusion Manager role. For additional information, see:
• "How Bosch intrusion panel integration works" on page 804 • "How Galaxy Dimension control panel integration works" on page 806 Enrolling an intrusion panel allows you to monitor and control its areas (or zones, or partitions) from Security Desk. 1 From the Home page in Config Tool, open the Intrusion detection task. 2 In the Contextual commands toolbar, click Add an entity (
) > Intrusion detection unit.
3 In the intrusion detection unit creation wizard, enter the Basic information for this unit, and click Next. 4 From the Intrusion Manager drop-down list, select the role that will be managing this unit. 5 From the Unit type drop-down list, select the unit manufacturer. 6 From the Interface type drop-down list, select IPv4 or Serial.
If you selected IPv4, type the IP address and port numbers that are configured on the unit. If you selected Serial, type the COM port used to connect the unit to Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
156
Managing intrusion panels
NOTE The choice of interface type cannot be changed after the entity has been created. If you choose to use the serial interface, the Intrusion Manager will not support failover.
7 Click Next. 8 Click Create, and click Close. A new intrusion detection unit entity is created. For certain types of intrusion panels (such as Bosch), the Intrusion Manager automatically creates intrusion detection areas (also known as zones or partitions) configured on the panel for you. These entities appear in the Logical view. 9 Click the Properties tab, and configure the unit specific settings. For more information, see "Properties" on page 424. 10 Click the Peripherals tab, and assign logical names, IDs, and descriptions to the input and output devices controlled by the unit. This is also where you define whether the input is an interior or perimeter input and its normal contact state. For more information, see "Edit intrusion detection unit peripherals" on page 158. 11 Configure the intrusion detection areas controlled by this unit. a If the intrusion detection areas are automatically created by the Intrusion Manager, they are found under the root of the Logical view task. For more information, see "Intrusion detection area" on page 421. b If the Intrusion Manager did not create the intrusion detection areas automatically, you’ll need to create them manually. For more information, see "Create an intrusion detection area" on page 159.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
157
Managing intrusion panels
Edit intrusion detection unit peripherals You can assign a meaningful name, a logical ID, and a description to each device connected to the intrusion detection unit, so you can easily identify those devices in Security Center. Depending on the configuration of your physical intrusion unit, you might also need to define the inputs as Perimeter or Interior, as well as the normal contact state (open or closed). WARNING The configuration of Interior versus Perimeter inputs must be set if the physical intrusion panel itself has been configured to differentiate between interior and perimeter inputs. NOTE The physical name of the device can only be changed on the panel itself.
1 In the Peripherals tab of an intrusion detection unit entity, select a device in the list. 2 Click
.
3 In the dialog box that appears, enter the Name, Logical ID, and Description for that device. 4 Set the Input type to either Perimeter or Interior (if the physical intrusion unit is configured as such) 5 Set the Contact type as either Normally open or Normally closed. 6 Click OK
7 Repeat Step 1 to Step 3 as necessary. 8 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
158
Managing intrusion panels
Create an intrusion detection area Before you begin: Intrusion detection unit must be enrolled before you can create areas. If the intrusion detection areas weren’t automatically created after the intrusion detection unit was enrolled, you’ll have to create the areas manually. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity detection area.
> Show all > Intrusion
3 In the intrusion detection area creation wizard, enter the Basic information for this area, and click Next. 4 From the Intrusion detection unit drop-down list, select the unit on which this area is defined. 5 Under Intrusion detection area unique ID, enter the ID or name of the area as it is configured on the intrusion panel. 6 Click Next, Create, then Close. A new intrusion detection area entity is created. For more information, see "Intrusion detection area" on page 421.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
159
Managing zones
Managing zones The concept of a zone is borrowed from the world of alarm panels, in which electric inputs are associated with zones to trigger specific alarms. This section includes the following topics:
• • • • •
"What is IO linking?" on page 160 "What is a zone?" on page 160 "About zone management roles" on page 161 "Creating zones" on page 161 "Which type of zone works best for me?" on page 163
What is IO linking? IO linking is the control of specific output relays based on the combined result of a specific set of electric inputs. Each input can be connected to a specific monitoring device, such as a motion sensor, a smoke detector, a door or window contact, and so on. EXAMPLE A standard application is the linking of a glass break sensor on a window connected
to an input pin on a unit that sounds a buzzer (via an output relay) when that window is shattered.
What is a zone? The concept of IO linking is represented by the zone entity in Security Center. Since everything is controlled by software, a zone entity can do a lot more than just IO linking. The idea of using inputs to trigger output relays is expanded to trigger events. Using the eventto-action mechanism, these events can in turn be used to trigger alarms, send emails, start camera recording, and so on. Therefore, in Security Center, a zone is used to monitor a set of inputs in order to trigger events based on their combined states. These events can be used to trigger output relays or trigger other actions on the system. TIP You can define custom events to correspond to each of the special input combinations. For more information, see "What is a custom event?" on page 106.
When do I arm and disarm a zone? The event triggers associated with a zone can be activated all at once by arming the zone, or deactivated all at once, by disarming it. A zone can be armed by software (using an action command or according to a schedule), or via hardware (for units that support this feature).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
160
Managing zones
What is a hardware zone? A hardware zone is a subtype of the zone entity where the IO linking is done by hardware. This entity type called simply zone in Synergis 2.x and in Security Center 3 and 4. A hardware zone is controlled by a single access control unit. Hardware zones cannot be armed or disarmed from Security Desk or via software commands. However, once an access control unit has been configured via Security Center, it can make decisions on its own without being connected to or controlled by Security Center.
What is a virtual zone? A virtual zone is a subtype of the zone entity where the IO linking is done by software. The input and output devices are linked by software, and can belong to different units of different types, such as video units and intrusion detection units. A virtual zone is controlled by the Zone Manager role and can only work online. This means that the units whose inputs and outputs are linked via the zone must be in constant communication with Security Center for the zone to work. Because virtual zones are solely controlled by software, you can use Security Desk to arm/ disarm a virtual zone, and use the Arm zone and Disarm zone actions in those contexts where those actions are permitted in Security Center.
About zone management roles Zones are managed by two different types of roles in Security Center. Before creating a zone, you must first ensure that the appropriate role is created and configured.
• Hardware zones are managed by the Access Manager role. The Access Manager is created by default when Synergis is enabled in your software license. For more information, see "Configuring the Access Manager role" on page 260.
• Virtual zones are managed by the Zone Manager role. The Zone Manager is not created by default. For instructions on how to create a role, see "Create a role entity" on page 50. For information on its specific settings, see "Zone Manager" on page 608.
Creating zones The creation procedures for a hardware zone and a virtual zone are different. Once the zone has been created, you cannot change its type.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
161
Managing zones
Create a hardware zone Before you begin: The access control unit used to control the zone must be added to your system and managed by an Access Manager role. A hardware zone allows you to program the IO linking behavior on an access control unit so it can operate on its own even when the unit is not connected to the Access Manager. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity
, and click Zone.
3 In the zone creation wizard, enter the Basic information for this zone, and click Next. 4 In the Zone information page, click Zone. 5 From the dialog box, select the access control unit for this zone and click OK. 6 Click Create, and click Close. A new hardware zone entity is created. 7 Click the Properties tab, and configure how inputs are to be evaluated. For more information, see "Properties" on page 503. 8 Click the Arming tab, and configure how this zone should be armed. For more information, see "Arming" on page 504. 9 Click the Cameras tab, and configure any zone monitoring camera. For more information, see "Cameras" on page 334. After you are done: Try out your zone and verify the generated events with the Zone activities report. For more information about the Zone activities report, see the Security Desk User Guide.
Create a virtual zone Before you begin: The Zone Manager role responsible for the zone must be created. A virtual zone allows you to turn monitoring on/off the various input devices (sensors, switches, and so on) on your system via Security Desk and to use them to trigger events. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity
, and click Zone.
3 In the zone creation wizard, enter the Basic information for this zone and click Next. 4 In the Zone information page, click Virtual zone. If you have multiple Zone Manager roles, you are prompted to select one. 5 Click Create, and click Close. A new virtual zone entity is created. 6 Click the Properties tab, and configure how inputs are to be evaluated. For more information, see"Properties" on page 507. 7 Click the Arming tab, and configure its arming schedule and delays.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
162
Managing zones
For more information, see "Arming" on page 508. 8 Click the Cameras tab and configure any zone monitoring camera. For more information, see "Cameras" on page 334. After you are done: Arm your zone in Security Desk and test your configuration. For more information, see zone-related tasks in Genetec Security Desk User Guide.
Which type of zone works best for me? Hardware zones are recommended when quick response and offline operations are crucial for your security system. In all other situations, virtual zones offer the same functionality but with greater flexibility. The table below will help you make you decide. Table 6-1: Differences between hardware and virtual zones Characteristics
Hardware zone
Virtual zone
Role
Access Manager
Zone Manager
IO linking (inputs)
All inputs must be from the same access control unit
Can combine inputs from any unit of any type
IO linking (outputs)
All outputs must be from the same unit as the inputs
Can trigger outputs on any unit of any type
Operation mode
Offline and mixed mode
Online mode only
Arm/disarm via Security Desk
No
Yes
Arm/disarm via actions
No
Yes
Arm/disarm via key switch
Yes (the key switch must be wired to an input pin on the same access control unit)
No
Arm/disarm on schedule
Yes (only one schedule at a time, and cannot be combined with the key switch approach)
Yes (multiple schedules can be specified)
Trigger other actions
Yes (only in mixed mode)
Yes
Zone activity report
Yes
Yes
Recommended when
The unit is sometimes dis connected from the system
Zone arming/disarming needs to be controlled via software
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
163
Supporting cross-platform development
Supporting cross-platform development Security Center supports cross-platform development. This section includes the following topics:
• "What does the Web-based SDK role do?" on page 164 • "Using the Web-based SDK" on page 164
What does the Web-based SDK role do? The Web-based SDK role exposes the Security Center SDK methods and objects as Web services so developers on platforms other than Windows (for example Linux) can write custom programs to interact with Security Center. For more information, see "Web-based SDK" on page 605.
Using the Web-based SDK Genetec Professional Services can help you develop the custom solution you need. To find out more, contact your sales representative, or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
164
Creating tile plugins
Creating tile plugins You can create a tile plugin that links to a Web site or a map file (a compiled .dll file), that you can view and interact with in Security Desk. This section includes the following topics:
• "Create a tile plugin that links to a Web site" on page 165 • "Create a tile plugin that links to a map file" on page 165
Create a tile plugin that links to a Web site You can create a tile plugin that links to a Web site that contains a map, which you can interact with when the tile plugin is displayed in Security Desk. For more information about tile plugins, see "Tile plugin" on page 480. 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (
) > Tile plugin.
3 In the Creating a tile plugin wizard, enter the entity name and description. 4 If there are partitions in your system, select the partition the tile plugin is a member of, and click Next. For more information, see "Partition" on page 447. 5 In the Tile plugin information page, select Web site. 6 Click Next > Close. The tile plugin appears in the Logical view with a Web site icon (
).
7 Select the tile plugin, and click the Properties tab. 8 In the Web page option, type a Web address. TIP Select a URL that can be reached from all Security Desk workstations.
9 Click Apply.
Create a tile plugin that links to a map file You can create a tile plugin that links to a .dll or .xaml file that contains a map, which you can interact with when the tile plugin is displayed in Security Desk. Before you begin: The map file must be created and located on your local computer. For more information about how to map files are created, see "Tile plugin" on page 480. 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (
) > Tile plugin.
3 In the Creating a tile plugin wizard, enter the entity name and description.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
165
Creating tile plugins
4 If there are partitions in your system, select the partition the tile plugin is a member of, and click Next. For more information, see "Partition" on page 447. 5 In the Tile plugin information page, select Tile plugin. 6 In Windows, select the .dll file that the tile plugin will link to, and click Open. 7 Click Next > Close. The tile plugin appears in the Logical view with the default tile plugin icon (
).
8 Select the tile plugin, and click the Properties tab. 9 To select another map file, click Modify, and select another .dll file. 10 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
166
7 Troubleshooting This part explains how to maintain and troubleshoot your Security Center system, such as verifying your system configurations, monitoring the health of your system, troubleshooting entity states, and so on. NOTE For specific tasks related to video or access control maintenance and troubleshooting, see Chapter 9, “Managing Omnicast” on page 223 and Chapter 11, “Managing Synergis” on page 295.
This section includes the following topics:
• • • • • • • • • •
"Viewing system messages" on page 168 "Viewing system health events" on page 170 "Monitoring the status of your system" on page 177 "System status task" on page 172 "Monitoring the status of your system" on page 177 "Troubleshooting entity states" on page 179 "Diagnosing entities" on page 180 "Finding out who made changes on the system" on page 181 "Investigating user related activity on the system" on page 182 "Viewing properties of units in your system" on page 184
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
167
Viewing system messages
Viewing system messages If you receive messages from the system, you can review them from the notification tray, and diagnose the trouble entities. You can receive three types of messages from the system:
• • •
Health issues Warnings Messages
NOTE System messages are not the same as health events related to entities. Health events can be health issues, but health issues are not necessarily health events. For more information about health events, see "Viewing system health events" on page 170.
For more information about diagnosing trouble entities, see "Diagnose role problems" on page 51. To view system messages: 1 In the notification tray, double-click the System messages (
) icon.
2 In the Health issues tab of the Notifications dialog box, do one of the following:
From the Sort by drop-down list, select how to display the health issues. You can sort them alphabetically by health event type, event timestamp, machine (computer name), or source (entity name). Click an entity to open its configuration pages, to diagnose the entity. Click in a row to launch a Health history task (see "Viewing system health events" on page 170). Click Refresh to update the content displayed in the Health issues tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
168
Viewing system messages
3 In the Warnings (
) tab, do one of the following:
Click an entity to open its configuration pages in Config Tool. Click Details ( ) to open the diagnostic window, which provides additional details about the warning. From this window you can save the warning as a text file, or click Refresh to rerun the diagnostic tests.
4 In the Messages (
) tab, select a message, and do one of the following:
Click Copy to clipboard to copy the selected message to the clipboard.
Click clear to delete the selected messages.
Click Clear all to clear all messages.
5 Click
to close the Notification dialog box.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
169
Viewing system health events
Viewing system health events You can view system health events related to selected entities within a specified time range, using the Health history report. What you should know There are three severity levels of health events:
• • •
Health errors Warnings Information
Almost every entity in your system can generate health events. You can choose which health events to monitor by configuring the Health monitor role in Config Tool. For information, see "Configure health events to monitor" on page 79. NOTE Health events also appear in the notification tray as system messages ( in real time (see "Viewing system messages" on page 168).
) as they occur
To view system health events related to an entity: 1 From the Home page, open the Health history task. 2 Set up the query filters for your report (see "Query filters" on page 712). 3 To include current health events in the report, click the Show current health events heading. When the heading is enabled, it appears as On
.
4 Click Generate report. The health events of the selected entities are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. EXAMPLE If an entity is experiencing issues, you can search for past health events that have
occurred in relation to that entity. If you want to search if there were critical errors that happened in the system during the last week, you can filter you search only for errors, and set a time range.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
170
Viewing the health status and availability of entities
Viewing the health status and availability of entities You can monitor the overall health of your system, using the Health statistics report. What you should know By monitoring the health and availability of certain resources such as server roles, video units, door controllers, intrusion detection panels, and so on, you can identify instabilities, and even prevent critical system failures. One of the important fields in the Health statistics report is the Availability of a given entity. Availability is expressed as a percentage. To view the health status and availability of an entity: 1 From the Home page, open the Health statistics task. 2 Generate your report (see "Generate a report" on page 30). The health statistics for the selected entities are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. If health statistics could not be calculated for a given role or entity, the reason is shown in the Calculation status column of the report pane:
One or more events used to calculate availability are currently disabled. The system administrator needs to select which health events to monitor in the Config Tool. For more information, see Health monitor - "Properties" on page 561. One or more servers from the system are offline. The server hosting the selected role is offline, therefore, the health statistics cannot be calculated for the role.
EXAMPLE A door controller called Gym was down four times over the last week, producing
90.72% availability. From the report results, you can see that this door controller is a potential concern, and have a maintenance crew come and look at the door.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
171
System status task
System status task Use the System status task to monitor the current status of different types of entities and investigate health issues they might have. The following figure shows the System status task. For information about monitoring the system status, see "Monitoring the status of your system" on page 177.
A B
C D
E A
Entity types you can monitor.
B
Type of issues that you can monitor.
C
The entity statuses are listed in the report pane.
D
Print the report, export the report, or select which columns to display. For more information, see "Working with reports" on page 29, and "Report pane columns" on page 723.
E
Entity-specific commands.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
172
System status task
System status task columns In the System status task, you can monitor the current status of different types of entities and investigate the health issues that they might have. The following table lists the columns that are displayed for each entity type in the Monitor dropdown list. Entity
Columns
Description
Access control units
Entity
Unit name
Health
Online, Offline, or Warning
IP address
IP address of the unit
Sync
Synchronization status
AC fail
Yes () or No (blank)
Battery fail
Yes () or No (blank)
Firmware
Firmware version of the unit
Tampered
Indicates whether the unit has been tampered with Yes () or No (blank)
Entity
Analog monitor name
Logical path
List of all parent areas, starting from the system entity. If the analog monitor has multiple parent areas, “*\” is shown as the path.
Health
Online, Offline, or Warning
Connected entity
Name of the cameras currently displayed in the analog monitor
Entity
Type of application (Config Tool or Security Desk)
Source
Machine it is running on
Username
Name of the user who is connected
Version
Software version of the client application
Analog monitors
Applications
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
173
System status task
Entity
Columns
Description
Areas
Entity
Area name
Logical path
List of all parent areas, starting from the system entity
Health
Online, Offline, or Warning
Threat level
Indicates if a threat level is currently activated on the selected area, along with the threat level name. If no threat level is set, the column is blank.
Security clearance
(Only visible to administrative users) Indicates the minimum security clearance level required from cardholders to access this area, on top of the restrictions imposed by the access rules
People count
Working () or Not working (blank)
Antipassback
Hard, Soft, or None (no antipassback)
Interlock
Working () or Not working (blank)
Priority
Interlock input priority: Lockdown or Override
Tampered
Indicates whether a unit in the area has been tampered with. Yes () or No (blank)
Entity
Camera name
Logical path
List of all parent areas, starting from the system entity. If a camera has multiple parent areas, “*\” is shown as the path.
Health
Online, Offline, or Warning
Recording
Recording state
Analog signal
Lost, Available, or Unknown (IP cameras)
Blocked
Indicates if the camera is currently blocked from some users. Blocked (), or not blocked (blank)
Entity
Door name
Logical path
List of all parent areas, starting from the system entity
Health
Online, Offline, or Warning
Open
Open (
Lock
Locked (
Cameras
Doors
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
) or closed (
)
) or unlocked (
)
174
System status task
Entity
Columns
Description
Elevators
Entity
Elevator name
Logical path
List of all parent areas, starting from the system entity
Health
Online, Offline, or Warning
Entity type
Icon representing the entity type
Entity
Entity name
Source
For a local entity, shows the server it is running on. For a federated entity, shows the federation role name
Logical path
List of all parent areas, starting from the system entity
Health
Online, Offline, or Warning
Entity
Intrusion detection area name
Logical path
List of all parent areas, starting from the system entity
Health
Online, Offline, or Warning
Arming state
Master arm, Perimeter arm, Ready to arm, Arming, Disarmed, Disarmed (input trouble), or Armed (Alarm active)
Bypass
Active/inactive (represented by an icon)
Alarm active
Active/inactive (represented by an icon)
Entity
Intrusion detection unit name
Health
Online, Offline, or Warning
AC fail
Yes () or No (blank)
Battery fail
Yes () or No (blank)
Tamper
Yes () or No (blank)
Entity
Macro name
Start time
Time the macro was started
Instigator
Name of the user who started the macro
Health issues
Intrusion detection areas
Intrusion detection units
Macros
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
175
System status task
Entity
Columns
Description
Roles
Entity
Role name
Health
Online, Offline, or Warning
Current server
Name of server currently hosting the role
Servers
List of servers assigned to host this role
Version
Software version of role
Status
Activated (
Route
Route name, showing the two networks it joins
Current configuration
Unicast TCP, Unicast UDP, or Multicast
Detected capabilities
Unicast TCP, Unicast UDP, or Multicast
Status
OK, or warning message stating the reason of the problem
Entity
Server name
Health
Online, Offline, or Warning
Roles
Roles assigned to this server
Entity
Zone name
Logical path
List of all parent areas, starting from the system entity
Health
Online, Offline, or Warning
State
Normal, Active, or Trouble
Armed
Indicates if the zone is armed or not
Routes
Servers
Zones
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
) or Deactivated (
)
176
Monitoring the status of your system
Monitoring the status of your system You can monitor the current status of different types of entities, and investigate health issues they might have, using the System status report. To monitor the status of your system: 1 From the Home page, open the System status task. 2 From the Monitor drop-down list, select one of the following:
Access control units
Analog monitors
Applications (only administrators)
Areas
Cameras
Cash registers
Doors
Elevators
Health issues
Intrusion detection area
Intrusion detection units (only administrators)
Macros (only administrators)
Roles (only administrators)
Routes (only administrators)
Servers (only administrators)
Zones
3 If required, select an area in the Selector. 4 To search for entities within nested areas, select the Search member entities option. The related entities, roles, applications, and items are listed in the report pane. For information about the status columns that are available for each entity, see "System status task" on page 172. 5 (Optional) Do one of the following:
To launch a Health history report, click health events" on page 170. To diagnose the selected entity, click on page 180.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
. For more information, see "Viewing system . For more information, see "Diagnosing entities"
177
Monitoring the status of your system
To print the report, click
To save the report, click
. .
EXAMPLE If you have a camera that is not working, you can select the camera entity to
investigate why it is offline. If an entity has a health issue, you can launch the Health history task and generate a report to investigate further, or diagnose the entity from the System status task.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
178
Troubleshooting entity states
Troubleshooting entity states Entity icons and labels can appear in several different colors in the Logical view: Color
Entity state
White
The entity is online, and the server can connect to it.
Red
The entity is offline, and the server cannot connect to it.
Yellow
The entity is in the warning state. The server can connect, there are problems.
Entity warnings usually appear because of invalid configurations.When it comes to cameras, there are two specific conditions that can cause the camera to fall into a yellow warning state:
• Multiple recording schedules (that are in conflict) have been applied to the same camera. • A transmission lost event has occurred. This means that the Archiver is still connected to the camera, but it has not received any video packets for more than 5 seconds. To fix these issues, try the following:
• Change the conflicting schedules, see "Resolving schedule conflicts" on page 105. • Diagnose the Archiver role (see "Diagnosing entities" on page 180).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
179
Diagnosing entities
Diagnosing entities You can diagnose entities, roles, and applications using the diagnostic tool. What you should know An entity or role that is not properly configured is displayed in yellow. An entity that is offline is displayed in red. The diagnostic tool can help you troubleshoot your problem. For more information about troubleshooting entity states, see "Troubleshooting entity states" on page 179. To diagnose an entity: 1 From the Home page, open the System status task. 2 From the Monitor drop-down list, select the entity type you want to diagnose. 3 If required, select an area in the Selector. 4 To include entities within nested areas, select the Search member entities option. The related entities are listed in the report pane. 5 Select a trouble entity, and click Diagnose (
).
A troubleshooting window opens, showing the results from the diagnostic test performed on the selected entity. 6 To rerun the test, click Refresh. 7 To save the results of the test, click Save. 8 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
180
Finding out who made changes on the system
Finding out who made changes on the system You can find out who made configuration changes on the system, and for which entities, using the Audit trails report. To find out who made configuration changes on the system: 1 From the Home page, open the Audit trails task. 2 Generate your report (see "Generate a report" on page 30). The description of the changes to the selected entities, and who made those modifications, are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. EXAMPLE If you see that the properties of an entity have changed, and you must find out who
made those changes, you can select that entity. If you requested an update for an entity (for example, the privileges for a user), you can check to see if you the changes have been made from Config Tool.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
181
Investigating user related activity on the system
Investigating user related activity on the system You can view all user activity related to video, access control, and LPR, using the Activity trails report. To investigate user related activity on the system: 1 From the Home page, open the Activity trails task. 2 In the Query tab, select the activities you want to investigate. The activities you can investigate are:
Analog monitor connection/disconnection. Who connected to or disconnected from an analog monitor. Application update. Who updated a client application, such as Patroller, Web Client, Security Desk, and so on, or a Sharp unit.
Badge printing. Who printed a credential badge.
Connect to remote Security Desk. Who connected to a remote Security Desk workstation.
Credential request. Who requested a credential badge to be printed, and why.
Credential request cancelled/completed. Who completed or cancelled a credential badge print request. Disconnect from remote Security Desk. Who connected to a remote Security Desk workstation.
Enable/disable visual tracking. Who enabled or disabled visual tracking in a tile.
Export/generate report. Who exported/generated which reports.
Hotlist editor. Who loaded a hotlist or permit list, or added, deleted, or edited entries within the list.
Hotlist filtering. The LPR Manager role which has hotlist filtering enabled.
Live streaming started/stopped. Which camera was displayed.
Playback. Which recording was played.
Playback bookmark deleted/modified. Who deleted/modified which bookmarks.
Print hit report - photo evidence. Who printed evidence.
Print report. Who printed a report.
PTZ command. What did the user do with the PTZ.
Snapshot printed/saved. Who printed or saved a snapshot.
Threat level set/reset. Who activated/deactivated a threat level, and on which area or system.
User logon/logoff. Who logged on or off of which Security Center client application.
Video export. What did the user export and where did they save it.
Video unit identified/rebooted. Who tried to identified/rebooted a unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
182
Investigating user related activity on the system
3 Set up the other query filters for the report (see "Query filters" on page 712). 4 Click Generate report. The activity results are listed in the report pane. EXAMPLE You can find out who played back which video recordings, who blocked a camera,
who activated a threat level, who requested a credential badge to be printed, who used the Hotlist and permit editor task, or who enabled hotlist filtering.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
183
Viewing properties of units in your system
Viewing properties of units in your system You can view the properties of video, access control, intrusion detection, and LPR units in your system, using the Hardware inventory report. What you should know At a glance, you have a list of all the units that are part of your system, and can see their information, such as their unit type, manufacturer, model, IP address, and so on. For example, this is helpful to see what firmware version a unit has, and determine if it needs to be upgraded. To view the properties of units in your system: 1 From the Home page, open the Hardware inventory task. 2 Generate your report (see "Generate a report" on page 30). The unit properties are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
184
Part III Omnicast IP video surveillance Learn how to set up, configure, and manage your Omnicast system in Security Center. This part includes the following chapters: •
Chapter 8, “Deploying Omnicast” on page 186
•
Chapter 9, “Managing Omnicast” on page 223
8 Deploying Omnicast This section explains how to set up your video surveillance system for the first time. This section includes the following topics:
• • • • • • • •
"What is Omnicast?" on page 187 "What are the Omnicast entities?" on page 188 "Omnicast deployment process" on page 190 "Configuring the Archiver role" on page 193 "Configuring the Media Router role" on page 202 "Configuring the Auxiliary Archiver role" on page 204 "Configuring cameras" on page 209 "Configuring analog monitors" on page 220
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
186
What is Omnicast?
What is Omnicast? Omnicast™ is the IP video surveillance component of Security Center. Omnicast provides seamless management of digital video, audio, and metadata across IP networks. Omnicast main features are as follows:
• • • • • • • • • • •
View live and playback video from all cameras View up to 64 video streams side-by-side on a single workstation View all cameras on independent timelines or on synchronized timelines Full PTZ control, using a PC or CCTV keyboard, or on screen using the mouse Digital zoom on all cameras Motion detection on all cameras Visual tracking: follow individuals or moving objects across different cameras Search video by bookmark, motion, or date and time Export video in proprietary G64 format or public ASF format Protect video against accidental deletion Protect video against tampering by using watermarks
Omnicast also provides video support for events tracked by other systems unified under Security Center.
• • • •
Enhance all event reporting with playback video Enhance alarm monitoring (core feature) with live video Enhance intrusion detection (core feature) with live video Enhance access control system (Synergis) with live video
Video verification: compare cardholder picture with live video
Consolidate all access events with video Enhance LPR system with live video
•
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
187
What are the Omnicast entities?
What are the Omnicast entities? The Omnicast video surveillance system uses the following entity types. Icon
Entity
Description
Archiver (role)
Role that controls the video units and manages the video archive. See "Archiver" on page 521.
Auxiliary Archiver (role)
Role that supplements the video archive produced by the Archiver. It is capable of archiving any camera on the system. See "Auxiliary Archiver" on page 543.
Media Router (role)
Role that takes care of the routing of all audio and video streams on the network. See "Media Router" on page 585.
Network
Network (with specific streaming capabilities) that the Media Router takes into account while making routing decisions. See "Network" on page 434.
Server
Server on your network. Used to host the roles needed on your system. See "Server" on page 471.
Area
Logical grouping of cameras and camera sequences. See "Area" on page 360.
Analog monitor
Represent a physical analog monitor connected to a video decoder. See "Analog monitor" on page 357.
Camera
A single video source on the system. Might support audio. See "Camera (video encoder)" on page 368.
Camera (PTZ enabled)
PTZ camera or dome camera. See "Camera (video encoder)" on page 368.
Camera sequence
A pre-arranged order for the display of video sequences in a rotating fashion within a single tile in Security Desk. See "Camera sequence" on page 393.
Monitor group
Group of analog monitors sharing common characteristics. See "Monitor group" on page 432.
Schedule
Date and time range. Might support daytime and nighttime. See "Schedule" on page 463.
Video unit
IP unit incorporating one or more video encoders. See "Video unit" on page 494.
Partition
Group of entities on the system visible only to a group of users. See "Partition" on page 447.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
188
What are the Omnicast entities?
Icon
Entity
Description
User
Individual who uses Security Center applications. See "User" on page 482.
User group
Group of users sharing common characteristics. See "User group" on page 489.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
189
Omnicast deployment process
Omnicast deployment process This section includes the following topics:
• "Omnicast deployment prerequisites" on page 190 • "Omnicast deployment procedure" on page 191
Omnicast deployment prerequisites Before you deploy Omnicast, you must have the following ready:
A network diagram showing all public and private networks used within your organization, their IP address range, their video transmission capabilities (Multicast, Unicast UDP, and Unicast TCP). For public networks, you also need the name and public IP address of their proxy servers. TIP Ask your IT department for this information.
All ports used by Security Center for communication and video streaming must be open and redirected for firewall and NAT purposes. For more information, see "Default Security Center ports" on page 776.
All video equipment (video units, fixed and PTZ cameras) must be installed and connected on your company’s IP network, with the following information:
Manufacturer, model, and IP address of each video unit
Login credentials (username and password) if applicable
Communication protocol used (HTTP or HTTPS)
TIP A site map (floor plans) showing where the cameras are located would be helpful.
If you have cameras connected to a conventional CCTV matrix (hardware matrix in Omnicast), you need the following:
An Omnicast 4.x system to manage the video encoders connected to the CCTV matrix outputs. For information on how to integrate hardware matrices with Omnicast, see “Hardware Matrix” in the Omnicast Administrator Guide.
To federate Omnicast 4.x system in Security Center. For more information, see "Federating Omnicast systems" on page 131. Security Center software components installed:
Security Center Server software installed on your main server. The main server is the computer hosting the Directory role.
Optionally, Security Center Server software installed on expansion servers. An expansion server is any other server on the system that does not host the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
190
Omnicast deployment process
Security Center Client software installed on at least one workstation.
For software installation, see Security Center Installation and Upgrade Guide.
(Optional) A list of user groups operating independently of each other. Identify user groups that will work independently on different parts of the system.
A list of all known users with their names and responsibilities. To save configuration time, identify users who have the same roles and responsibilities.
Omnicast deployment procedure The table below summarizes a typical Omnicast deployment. Phase
Description
See
1
Read the things you need to know and do before deploying your Omnicast system.
"Omnicast deployment prerequisites" on page 190.
2
Use the Admin account on Config Tool to connect to your system.
"Connecting to Security Center" on page 9.
3
Change the Admin account’s password to protect your system.
"Change your password" on page 10.
4
Create a partition for each independent user group. By first defining the partitions, you won’t have to move entities around after you’ve created them.
"Defining partitions" on page 90.
5
Configure the Logical view (the tree structure). The Logical view lets you organize the entities from an end-user’s perspective.
"Managing the Logical view" on page 85.
6
Set up the default Archiver role.
"Configuring the Archiver role" on page 193.
7
(Optional) Configure your networking environment.
"Managing the Network view" on page 82.
8
(Optional) Set up additional Archiver roles if necessary.
"Configuring the Archiver role" on page 193.
9
(Optional) Configure the Media Router role.
"Configuring the Media Router role" on page 202.
10
(Optional) Configure Auxiliary Archiver roles.
"Configuring the Auxiliary Archiver role" on page 204.
11
(Optional) Define custom fields for your system entities as needed.
"Custom fields" on page 619.
12
Create the users and user groups.
"Defining user groups" on page 96 and "Defining users" on page 93.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
191
Omnicast deployment process
Phase
Description
See
13
(Optional) Federate remote Omnicast systems if necessary.
"Federating remote systems" on page 128.
14
(Optional) Configure the alarms.
"Managing alarms" on page 111.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
192
Configuring the Archiver role
Configuring the Archiver role This section includes the following topics:
• • • •
"What is the Archiver?" on page 193 "Configure the Archiver" on page 193 "Adding video units to your system" on page 194 "Configuring video units for trickling" on page 197
What is the Archiver? The Archiver role is responsible for the discovery, control, and status polling of video units. All communications between the system and video units are established through this role. All events generated by the units (motion, video analytics) are forwarded by the Archiver to the concerned parties on the system. The Archiver also manages the video archive and performs motion detection on video units that do not support this feature.
Configure the Archiver When Omnicast is enabled in your license, an Archiver role is created by default and assigned to the main server. You must complete its configuration before it can be fully operational. 1 From the Home page in Config Tool, open the Video task. 2 Select the Archiver role entity to configure. 3 Click the Resources tab, and configure the server, database, and disk storage required to run this Archiver. For more information, see Archiver – "Resources" on page 533. 4 Click the Camera recording tab, and configure the default recording settings for all cameras controlled by this Archiver. For more information, see Archiver – "Camera recording" on page 522. TIP If you are using multiple disk groups, you might want to temporarily set the recording mode to off, then re-enable it at the end of the process to avoid creating the video files on the wrong disk group. For more information, see "Archive storage settings" on page 536.
5 Add the video units that you want this Archiver to control. For more information, see "Adding video units to your system" on page 194. 6 Click the Extensions tab, and complete the configuration of the extensions created in the previous step if necessary. For more information, see Archiver – "Extensions" on page 528. 7 If you are using multiple disk groups for archiving, see "Optimizing access to your storage devices" on page 226. 8 Configure the cameras associated with the video units you just added. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
193
Configuring the Archiver role
For more information, see "Configuring cameras" on page 209. 9 If recording is performed on the edge units, see "Configuring video units for trickling" on page 197. After you are done: If you have a large system, you can distribute the load by adding more Archiver roles and hosting them on separate on separate servers. To add more Archivers, see "Create a role entity" on page 50.
Adding video units to your system This section includes the following topics:
• "Add video units manually" on page 194 • "What is automatic discovery?" on page 196 • "Add video units using the Unit discovery tool" on page 196 Add video units manually Before you begin: You must know the manufacturer, the product type (model or series), the IP address, and the login credentials (username and password) for the units you plan to add. 1 From the Home page in Config Tool, open the Video task. 2 Click the Role view, and select the Archiver role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
194
Configuring the Archiver role
3 In the Contextual commands toolbar, click Add an entity(
) > video unit.
The Manual add dialog box appears (the following screenshot is just a sample).
4 If you have multiple Archiver roles, select the Archiver role from the Archiver drop-down list. 5 Select the unit’s manufacturer and product type. 6 Enter the IP address and HTTP port of the unit. Use a range of IP addresses to add multiple units in a single operation. TIP If you do not know your unit’s IP address, use the Unit discovery tool instead. For more
information, see "Add video units using the Unit discovery tool" on page 196. 7 Select which credentials the Archiver should use to connect to the unit.
Default login . Use the default login credentials defined in the manufacturer’s extension for this Archiver. If the extension has not yet been defined, blank credentials are used. Specific. Enter the specific login credentials used by this unit. This can be changed to Use default login later during video unit configuration.
8 Complete all other settings as-necessary, and click Add. If the manufacturer’s extension does not exist, it will be created for you. For more information, see Archiver – "Extensions" on page 528.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
195
Configuring the Archiver role
NOTE If the manufacturer supports automatic discovery, all other units present on your system that share the same discovery port will automatically be added to the same Archiver in addition to those being added manually. For more information, see "What is automatic discovery?" on page 196.
9 Refresh the Role view. The newly added video units appear under the selected Archiver entity. 10 (Optional) Select the video units, and change their default settings if necessary. For more information, see Entity configuration – "Video unit" on page 494. If you are having trouble adding the video unit, see "Troubleshooting video units that cannot be added" on page 244.
What is automatic discovery? Automatic discovery is the process by which video units on a network are automatically discovered by an Archiver role. This is done by broadcasting a discovery request on the discovery port and waiting for all listening units to respond with a package that contains connection information about the unit. The Archiver uses this information to automatically configure the connection to the unit and enable communication. NOTE Only a few unit manufacturers, such as ACTi, Bosch, and Verint, support this feature.
Add video units using the Unit discovery tool The Unit discovery tool helps you find video units on your network when you do not know their IP addresses. For a complete description of this tool, see "Unit discovery tool" on page 653. To perform a unit search with the Unit discovery tool: 1 From the Home page, click Tools > Unit discovery tool. 2 Click the Manufacturers button. The Configure manufacturer’s extensions dialog box appears. 3 In the Video tab, click Add an item (
).
4 In the Add manufacturers dialog box, select the manufacturers you need, and click Add. The Add manufacturers dialog box closes. 5 One by one, configure the discovery settings for each of the manufacturers found in the left pane (be as specific as you can), then click Save. The Configure manufacturer’s extensions dialog box closes.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
196
Configuring the Archiver role
6 Click Start discovery. The tool starts to list all units discovered on your network, using the discovery parameters you set for each manufacturer. You can stop the discovery process at any time.
NOTE If the discovery is based on the Axis extension, units from other manufacturers might
also be discovered because UPnP and Zero config are also used as well in the discovery process. 7 Select a unit in the list to display its information in the right-hand pane.
If you provided the correct login credentials, you will be able to add the unit to your system by clicking the Add unit ( ) button found below the unit information. If the login credentials are incorrect, you can still try to add the unit using the Manual add dialog box and providing the correct credentials:
Click Manual add (
), and select Video unit.
Configuring video units for trickling This section includes the following topics:
• • • • •
"What is trickling?" on page 198 "Trickling limitations" on page 198 "Enable edge recording on a camera" on page 198 "Configure cameras for trickling" on page 200 "Start and stop trickling manually" on page 201
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
197
Configuring the Archiver role
What is trickling? Trickling is the process of transferring data in small amounts. Applied to the video world, it refers to situations where the video is recorded on the unit itself (edge recording), and that the recordings are only transferred to the Archiver at a specific or pre-determined time. There are many scenarios where video trickling is used:
• Remote site connected to a central site with limited bandwidth. Typically, a server would be deployed at the remote site to host the recording. But with video trickling, it is possible to go server-less and download the video on demand.
• Systems with large camera deployments but limited network bandwidth. Recording is entirely done on the edge units. No video, or only low quality video is streamed live on the network. Security Center records specific events (analytics, motion, bookmarks, alarms). Video is downloaded to the Archiver only outside of peak hours, and for the periods corresponding to the recorded events.
• City wide surveillance using edge recording cameras. Cameras are always recording. Client can view live video when requested. Recordings are only downloaded on demand for investigation purposes, or outside of peak hours. A successful trickling setup must include the following:
• Cameras configured for edge recording. The recording can be continuous or triggered by specific events (inputs, motion, analytics, etc.).
• Security Center must be configured to download video from these cameras, either periodically, when a connection is established between the Archiver and the unit, or when a user explicitly requests it.
Trickling limitations The following limitations apply when using the trickling feature:
• It is not possible to trickle video sequences that occurred on a unit prior to the last video time frame stored on the Archiver for that unit. For example, If the last frame trickled for a unit is ‘9/30/2011 3:44:40', and you try to trickle video between 3:40:00 and 3:50:00, only video between 3:44:40 and 3:50:00 will be trickled and stored in the Archiver.
Enable edge recording on a camera Before you begin: Only cameras/video units capable of edge recording can be configured for trickling. However, not all units capable of edge recording are supported for trickling. To find out which edge devices are currently supported, contact Genetec Technical Assistance at http:// gtap.genetec.com. Edge recording can only be enabled from the unit’s Web page. 1 From the Home page in Config Tool, open the Video task. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
198
Configuring the Archiver role
2 From the entity browser, select the video unit you wish to configure. 3 Click Unit’s Web page (
) in the contextual command bar.
4 In the Web browser window that appears, follow the instructions from the unit’s manufacturer to enable recording on that unit. 5 Close the Web browser window when you’re done. NOTE Some unit manufacturers support edge recording on a separate device from the video units, such as an iSCSI drive managed by Bosch VRM (Video Recording Manager). In this case, the VRM settings must be configured in the Archiver’s extension for the manufacturer that supports it.
To configure a Bosch VRM: 1 From the Home page in Config Tool, open the Video task. 2 From the entity browser, select the Archiver that is managing the Bosch cameras. 3 Select the Extensions tab, and select the installed Bosch extension.
4 Under the VRM section, click Add an item (
).
For more information, see Archiver – Extensions – "Bosch VRM settings" on page 531. 5 In the dialog box that appears, enter the IP address of the VRM, and the logon credentials, then click Save.
6 Click the Playback mode drop-down list and select one of the following:
iSCSI
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
199
Configuring the Archiver role
TCP redirection via VRM
UPD redirection via VRM
Select the data transport method according to the configuration of your Bosch VRM. 7 Click Apply.
Configure cameras for trickling Before you begin: All cameras selected for trickling must have edge recording enabled. See "Enable edge recording on a camera" on page 198. 1 From the Home page in Config Tool, open the Video task. 2 From the entity browser, select the Archiver that is managing the camera. 3 Select the Trickling tab. For more information, see "Trickling" on page 524. 4 Click Add an item (
), select the camera and click Add.
IMPORTANT Only cameras with edge recording capability are listed. Once a camera is
selected for trickling, recording on the Archiver is stopped. This however does not affect the recording on Auxiliary Archivers. 5 For each camera selected for trickling, select
On connection. To configure the camera to start trickling upon connection to the network. This option is recommended for cameras connected to mobile units that regularly move in and out of Wi-Fi coverage. On schedule. To configure the camera to start trickling on schedule. This option is recommended for fixed cameras with poor network bandwidth. Trickling can then be scheduled for a time when the network demand is the lowest.
6 (Optional) If trickling on schedule is selected, define when it should happen. 7 Configure the type of video data you want to be trickled. NOTE If you do not set any filter, all available video stored on the unit will be trickled.
Time interval. Select this filter to trickle video segments recorded during a specific period of time. You can specify a specific time range or a relative time range (last n days, hours, minutes). Playback requests. Select this filter to trickle video segments that were played back from the camera. Motions. Select this option to trickle video segments that span between a Motion on and Motion off event. This option applies to unit motion detection only. Bookmarks. Select this option to trickle video segments that contain bookmarks. Unit offline. Select this filter to trickle video segments that span between a Unit lost and a Unit discovered event. Video analytics. Select this filter to trickle video segments that contain video analytics events. Alarms. Select this filter to trickle video segments that contain alarm events.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
200
Configuring the Archiver role
Input triggers. Select this filter to trickle video segments that contain input events.
8 Configure the general trickling behavior. The behavior settings are:
Time buffer when downloading events. The time buffers apply to event-based trickling. Specify how many seconds of video should be trickled before and after the event occurred. For example, if you selected the Motion filter, these settings indicate how many seconds are trickled before the Motion on event occurred, and how many seconds are trickled after the Motion off event. Delay after connection. Use this setting to specify how long (in seconds) the Archiver will wait to determine if a unit is truly online before trickling. For example, if your cameras are set to trickle on connection and you have an unstable network where your cameras frequently go on and offline, this setting is useful to prevent trickling from repeatedly starting and stopping. Simultaneous downloads. Use this setting to specify how many cameras can trickle at the same time. This setting is useful if you have a limited network and do not want too many downloads to occur simultaneously.
9 Click Apply.
Start and stop trickling manually Trickling can be started and stopped manually from the Trickling status dialog box. For more information, see "Trickling status" on page 525. 1 Click Trickling status (
) found at the bottom of the camera list.
2 In the dialog box that appears, select one or more cameras and click:
to start trickling for the selected cameras
to stop trickling for the selected cameras
to start trickling for all cameras
to stop trickling for all cameras
NOTE A camera that has just been added to the trickled camera list does not appear in this
dialog box until you have clicked Start trickling for all cameras (
) once.
3 Click Close when you have finished.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
201
Configuring the Media Router role
Configuring the Media Router role This section includes the following topics:
• "What is the Media Router?" on page 202 • "Configure the Media Router" on page 202 • "Beware of RTSP port conflict" on page 203
What is the Media Router? The Media Router is the central role that handles all stream requests (audio and video) on the system. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (Security Desk or SDK clients). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks, and servers).
Configure the Media Router When Omnicast is enabled by your license, the Media Router role is created by default and hosted on the main server. The default setup is usually all you need, unless you have a complex system involving multiple private networks. 1 From the Home page in Config Tool, open the Video task. 2 From the Logical view, select the Media Router role. 3 Click the Resources tab, and change the role’s primary server or add a standby server if necessary. For more information, see "Move a role to a different server" on page 50. 4 Click the Properties tab. 5 Change the start multicast address and port settings if necessary. You’ll need to change the default settings only if they conflict with other applications on your system. For more information, see Media Router – "Properties" on page 586. 6 Add or change the redirector configurations. Redirectors are servers assigned to host redirector agents. A redirector agent is a software module created by the Media Router to redirect data streams from one IP endpoint to another. The Media Router automatically creates a redirector agent on every server assigned to an Archiver role. You might have to create redirector agents on additional servers if you need to reach clients located on remote networks. To avoid overloading a redirector server or the network bandwidth between the two endpoints, you can limit the number of live and playback streams that the server can redirect. For more information, see Media Router – "Redirectors" on page 586. 7 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
202
Configuring the Media Router role
Beware of RTSP port conflict The Media Router role has a default RTSP port of 554, its redirectors have a default RTSP port of 560, and an Archiver role has a default RTSP port of 555. These ports must be unique on the same server. If multiple Archiver roles are created on the same server, they must all have a different RTSP port. Otherwise, the role entity will turn yellow and an Entity warning event will be generated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
203
Configuring the Auxiliary Archiver role
Configuring the Auxiliary Archiver role This section includes the following topics:
• • • • •
"What is the Auxiliary Archiver?" on page 204 "Configure the Auxiliary Archiver" on page 206 "Associate cameras to the Auxiliary Archiver" on page 207 "Remove a camera from the Auxiliary Archiver" on page 208 "Move the Auxiliary Archiver to a different server" on page 208
What is the Auxiliary Archiver? This section includes the following topics:
• • • •
"Purpose of the Auxiliary Archiver" on page 204 "When do I need Auxiliary Archivers?" on page 204 "Auxiliary Archiver limitations" on page 205 "Differences between the Archiver and the Auxiliary Archiver" on page 205
Purpose of the Auxiliary Archiver The purpose of the Auxiliary Archiver roles is to supplement the video archive produced by the Archiver roles. Unlike the Archiver, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it is free to archive any camera in the system, including cameras federated from other Security Center systems. The Auxiliary Archiver must depend on the Archiver to communicate with the video units. If the Archiver isn’t running, the Auxiliary Archiver will not be able to archive the cameras it controls.
When do I need Auxiliary Archivers? The Auxiliary Archiver offers you the flexibility to create a different set of archives than the one created by the Archiver. The auxiliary archives can use different video quality settings and different recording schedules. The following are some sample scenarios where you would need Auxiliary Archivers.
• You need to create a high resolution off-site (outside your corporate LAN) copy of your video archive for selected cameras. In this scenario, you would run the Auxiliary Archiver from a secured location, probably on a server located in a separate building with large storage capabilities. The Auxiliary Archiver would record high quality video streams from specific cameras using different recording settings (mode, schedules, etc.) than the Archiver. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
204
Configuring the Auxiliary Archiver role
• You need to create a lower quality copy of your video archive to keep for a longer period of •
time. In this scenario, you would record the low quality video stream with the Auxiliary Archiver and set a longer retention period. You need to record more cameras (offering different viewing angles) during off-hours when there are no guards on duty. In this scenario, you would configure an Auxiliary Archiver to continuously archive during off hours those cameras that are not archived by the regular Archiver, while the regular Archiver continues to archive
Auxiliary Archiver limitations The Auxiliary Archiver cannot archive cameras federated from Omnicast 4.x systems, whether directly via an Omnicast Federation role or indirectly via the federation of a remote Security Center system that federates an Omnicast 4.x system. The archiving of federated Security Center native cameras is supported.
Differences between the Archiver and the Auxiliary Archiver The following table highlights the differences between these two roles. Characteristics
Archiver role
Auxiliary Archiver role
Automatic unit discovery
Yes (on units that support it).
No.
Command and control of cameras/video units
Yes.
No (relies on the Archiver role).
Command encryption via secure protocols (such as HTTPS and SSL)
Yes (on units that support it).
Not applicable.
Recorded cameras
A camera can only be associated to one Archiver role.
A given camera can be associated to multiple Auxiliary Archivers.
Can only record cameras with which it has a direct connection (usually on the same LAN).
Can record any camera on the system, including federated cameras (but only from Security Center systems).
Recording settings
Each camera has the option to follow the default role settings or its own custom settings.
Each camera has the option to follow the default role settings or its own custom settings.
Recorded video stream
Can only record the stream designated for Recording.
Can record any video stream of your choice.
Manual recording
Yes, when Manual recording schedules are in effect.
No (although Manual recording schedules can be configured).
Event logging in database
Yes. The events can be searched and viewed with the Archiver events video maintenance task.
Yes. The events can be searched and viewed with the Archiver events video maintenance task.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
205
Configuring the Auxiliary Archiver role
Characteristics
Archiver role
Auxiliary Archiver role
Event logging to a flat file
Yes. Found in ArchiverLogs folder.
No.
Database backup and restore
Yes (video files are not included).
Yes (video files are not included).
Failover support
Yes. One secondary server can be added to the Archiver role.
Not applicable.
Multiple copies of the video archive
Yes, via redundant archiving, but the master and redundant copies are identical, because they use the same recording settings.
Yes. Each Auxiliary Archiver produces a different set of video archive that follows its unique recording settings.
Video file protection
Yes.
Yes.
Video watermarking
Yes.
Yes.
Configure the Auxiliary Archiver The Auxiliary Archiver role is not created by default. You need to create it manually. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and then click Add an entity (
) > Auxiliary Archiver.
3 In the Specific info page, do the following: a From the Server drop-down list, select the server where this role will be hosted b Enter the Data server name for the video archive database. A default data server, called (local)\SQLEXPRESS, is installed on every computer where Genetec Server is installed. You can use it or use another data server on your network. c Enter the Database name of the video archive database. CAUTION The default name is AuxiliaryArchiver. If the selected server is already hosting
another instance of Auxiliary Archiver, you must choose a different name. Otherwise, the new role will corrupt the existing database! TIP As a way to prevent unfortunate accidents, Genetec recommends you use a different database name for every instance of Auxiliary Archiver, regardless of whether there is a conflict or not.
d Click Next. 4 In the Basic information page, enter the name, description, and partition where the Auxiliary Archiver role will be created. For more information, see "Common entity attributes" on page 38.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
206
Configuring the Auxiliary Archiver role
5 Click Next, Create, and Close. A new Auxiliary Archiver role ( ) is created. Wait a few seconds for the role to create the database on the selected data server. 6 Select the Resources tab, and configure the server, database, and disk storage required to run this Auxiliary Archiver. NOTE Every newly created Auxiliary Archiver is assigned the default value of 558 for its RTSP port. This port value must be unique for all archiving roles hosted on the same machine. For more information, see Auxiliary Archiver – "Resources" on page 547.
7 Select the Camera recording tab, and configure the default recording settings for all cameras recorded by this Auxiliary Archiver. For more information, see Auxiliary Archiver – "Camera recording" on page 544. TIP If you are using multiple disk groups, you can temporarily set the recording mode to off, then re-enable it at the end of the process to avoid having video files created on the wrong disk group.
8 Select the Cameras tab, and configure the cameras you want to archive. For more information, see "Associate cameras to the Auxiliary Archiver" on page 207. 9 If you are using multiple disk groups for archiving, see "Optimizing access to your storage devices" on page 226.
Associate cameras to the Auxiliary Archiver Before you begin: You can add any camera visible in your system to an Auxiliary Archiver, except the ones federated from Omnicast 4.x systems. 1 From the Auxiliary Archiver’s Cameras tab, click Add an item (
).
2 In the dialog box that appears, select the cameras you want and click OK. NOTE It takes a few seconds for the selected cameras to be added. If the role is unable to add
a camera in the given time, a failed status will be indicated for a few seconds, and the camera will be removed. 3 Click Apply. 4 To override the default recording settings on a camera: a Select the camera from the list and click Jump to (
).
The camera configuration page is selected. b From the Recording tab of the camera, select the tab that corresponds to the current Auxiliary Archiver. For more information, see Camera – "Recording" on page 378. c Select Custom settings under Recording settings, and make the necessary changes. d Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
207
Configuring the Auxiliary Archiver role
Remove a camera from the Auxiliary Archiver Before you begin: Removing a camera from the Auxiliary Archiver instantly deletes the associated video archive from the Auxiliary Archiver’s database. 1 From the Cameras tab, select a camera and click Delete the item (
).
CAUTION There is no undo if you proceed through the next step!
2 In the confirmation dialog box that appears, click Delete. All records of this camera’s video archive are deleted from the role’s database. 3 In the second confirmation dialog box, do one of the following:
Click No if you want to keep the video files on disk. This allows you to play the video files with the Video file player in Security Desk, but you will no longer be able to query the video archive with the Archives task.
Click Yes if you do not want to keep the video files.
Move the Auxiliary Archiver to a different server Before you begin: You should not move your Auxiliary Archiver to a different server unless both the database and the video storage are configured on a separate machine.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
208
Configuring cameras
Configuring cameras Camera (or video encoder) entities are automatically created when the video units they are part of are added to your system. Although Security Center provides workable default settings, we recommend that you carefully go through the configuration of each entity in order to achieve optimal performance. TIP You can save a significant amount of time by copying the settings of one camera to all similar cameras. For more information, see "Copy configuration tool" on page 668.
This section includes the following topics:
• • • • • •
"Recommended camera configuration process" on page 209 "Configuring video streams" on page 210 "Configure visual tracking" on page 212 "Test the video quality of your camera" on page 213 "Configure PTZ motors" on page 214 "Creating camera sequences" on page 218
Recommended camera configuration process 1 From the Home page in Config Tool, open the Video task. 2 In the Logical view, select a camera. 3 Click the Video tab and configure the video streams that the encoder should generate. For more information, see "Configuring video streams" on page 210. 4 Configure specific recording settings for this camera for each archiving role it is assigned to. If you do not configure specific settings for the camera, it follows the recording settings for the archiving roles (Archiver and Auxiliary Archivers). For more information, see Camera – "Recording" on page 378. NOTE If a camera has been added to an Archiver’s trickling list, its recording can only be
configured using its web page. For more information, see "Trickling" on page 524. 5 (Optional) Motion detection can be performed by the Archiver or by the unit, on the entire video image (default) or only on certain areas (motion zones). For more information, see Camera – "Motion detection" on page 379. 6 (Optional) The camera’s video attributes (brightness, contrast, hue, saturation) can be adjusted to account for different times of the day. For more information, see Camera – "Color" on page 387. 7 (Optional) Visual tracking, the ability for Security Desk users to switch to an adjacent camera’s view by clicking on certain areas of the video image in the tile, can be configured for all fixed cameras.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
209
Configuring cameras
For more information, see Camera – "Visual tracking" on page 388, and "Configure visual tracking" on page 212. 8 (Optional) Hardware devices such as PTZ motors, microphones and speakers can be manually associated with the current camera if they are not built-in on the same unit. For more information, see Camera – "Hardware" on page 389. 9 Test the settings you have configured so far: video quality, color and brightness, PTZ controls, etc. For more information, see "Test the video quality of your camera" on page 213. 10 (Optional) Configure any necessary event-to-action behaviors for this camera. For more information, see "Using event-to-actions" on page 106. 11 (Optional) Copy the settings you just configured from this camera to other similar cameras on your system if applicable. For more information, see "Copy configuration tool" on page 668. 12 Repeat the same process for all other cameras on your system.
Configuring video streams Most video encoders can generate multiple video streams from the same video source. You must carefully evaluate how you plan to use each of them (for live viewing or for recording) and what are the optimum video quality settings for each. This section includes the following topics:
• "How video stream settings are organized" on page 210 • "Automatic stream selection" on page 211 • "Boosting recording quality on special events" on page 212 How video stream settings are organized Video stream settings for a video encoder are nested in the following way:
• Each video encoder can generate one or more video streams. • Each video stream is described by the following settings:
Video quality. Video quality is defined by a host of parameters such as image resolution, bit rate, frame rate, and so on, that can vary depending on the manufacturer. The video quality can have multiple configurations based on different schedules. For example, lower resolution might be required for regular hours when there is a lot of activity in the office, while higher resolution might be used after closing time when less human surveillance is available.
Stream usage. The stream usage defines the purpose of the stream. You can select from the following options:
Live – Default stream used for viewing live video in Security Desk.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
210
Configuring cameras
Recording – Stream recorded by the Archiver for future investigation. The quality of the recording stream can be temporarily boosted when the recording is triggered by certain types of events. For more information, see "Boosting recording quality on special events" on page 212.
Remote – Stream used for live viewing when the bandwidth is limited. Low resolution – Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. High resolution – Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large.
A stream can be assigned all, some, or none of the usage options. A stream that has no usage is not generated by the video encoder.
Network settings. Specific connection type and multicast address can be configured for each stream based on its usage and your network configuration.
For more information on stream configuration, see Camera – "Video" on page 369.
Automatic stream selection Displaying high resolution video requires a lot of CPU power. In order to display the maximum number of live video streams simultaneously in Security Desk, CPU use should be optimized. Security Desk can be configured to base its decisions on which video stream to display on the size of the selected viewing tile. A higher resolution stream is used when the selected tile is large enough to show the difference. Security Desk can also dynamically change the displayed video stream when the user resizes the application window or changes the tile pattern. In order to make these stream selection decisions, Security Desk has to rely on what the administrator assigned to the following stream usage options:
• Low resolution • Live • High resolution Security Desk chooses the most suitable video stream for display based on the current size of the viewing tile. The best choice would be the stream with an image resolution equal to, or lower than, the display area of the tile. The video stream selection also changes dynamically when the user resizes the application window, or changes the tile pattern. When Automatic mode is selected as the default viewing stream in Security Desk, the High resolution stream is always used when a tile is maximized, or when the digital zoom is in use. Security Desk uses a higher resolution stream only if it would make a visual difference to the human user. For this reason, when configuring the video quality of the individual streams, make sure the Live stream has a better resolution than the Low resolution stream, and that the High resolution stream has a better resolution than the Live stream. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
211
Configuring cameras
For more information on how the default live stream is configured in Security Desk, see “Default live stream” in Genetec Security Desk User Guide.
Boosting recording quality on special events On a typical system, the video stream used for recording is often of a lesser quality (lower frame rate or lower image resolution) than the stream used for live viewing. The purpose is to save storage space. However, when important events occur, a higher quality recording is often required to provide adequate support for future investigations. To address this need, Security Center offers the following video encoder options:
• Boost quality on manual recording. Temporarily boosts video quality when the recording is started manually by a user. The actions that trigger manual recording are as follows:
The Record button (
) is clicked by a Security Desk user
The Add a bookmark button ( ) is clicked by a Security Desk user Boost quality on event recording. Temporarily boosts video quality when the recording is triggered by a system event.
•
The events that qualify as event recording are as follows:
The Start recording action was executed
The recording was triggered by an alarm
The recording was triggered by motion
For more about how to configure these options, see:
• "Boost quality on manual recording" on page 376 • "Boost quality on event recording" on page 376
Configure visual tracking To configure visual tracking is to define on-video controls (colored shapes) for a camera. 1 From the Home page in Config Tool, open the Logical view task. 2 Select a camera from the entity tree and click the Visual tracking tab. 3 Select one of the drawing tools, Rectangle or Ellipse, and draw a shape over the live video displayed to the right. You can resize, position, and rotate the shape with the mouse, or use the Size and Position parameters. 4 Select the fill color and opacity for the shape. Setting the opacity at 60 percent is usually a good tradeoff between transparency and visibility. You can also set a border color and a border thickness.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
212
Configuring cameras
5 From the camera tree located under the drawing tools, drag and drop the camera you want to switch to onto the colored shape. The camera name appears in the Entities box. You can associate multiple cameras to the same shape. If more than one camera is to be associated with the same on-video control, the operator must explicitly select a camera before making the switch instead of just clicking on the colored shape. 6 Add as many on-video controls as necessary. 7 Click Apply.
Test the video quality of your camera After configuring your cameras, you should always test the video quality to make sure it works properly. 1 From the Home page in Config Tool, open the Video task. 2 Do one of the following:
Double-click the camera you want to test.
Select the camera, and then in the Contextual commands toolbar, click Live video (
).
The Live video dialog box appears and shows you live statistics about the video stream that is coming from the video encoder. For a PTZ camera, see "Configure PTZ motors" on page 214.
3 If you have configured multiple video streams, click the Stream drop-down list to select a different stream to view. For more information, see "Configuring video streams" on page 210. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
213
Configuring cameras
4 If you have configured separate High resolution and Low resolution streams, select Automatic as your stream option, and resize the Live video dialog box to test the automatic stream selection. For more information, see "Automatic stream selection" on page 211. 5 If you are experiencing streaming problems, click Show diagnostic information to display diagnostic information as a transparent overlay on the video.
Click Copy to clipboard to capture that information to send it to "Technical support" on page 869. Click Close to hide the diagnostic information.
Configure PTZ motors If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor separately before you can control it in Security Desk. Some PTZ motors support additional commands:
• Zoom-box. Zoom in on an area by drawing a box on the video image using your mouse. This works like the digital zoom for fixed cameras.
• Center-on-click. Center the camera on a point of the video image with a single click. When these two commands are enabled, they replace the normal pan, tilt, and zoom commands when controlling the PTZ in Security Desk. To configure PTZ motors: 1 From the Home page in Config Tool, open the Video task. 2 Select the camera, and click the Hardware tab. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
214
Configuring cameras
3 Switch the PTZ option to ON. 4 From the Protocol drop-down list, select the protocol used by the PTZ motor. 5 Beside the Protocol field, click options.
to set the Idle delay, Idle command, and Lock delay
For more information about these options, see "Hardware" on page 389. 6 From the Serial port drop-down list, select the serial port used to control the PTZ motor. 7 In the PTZ address box, select the number that identifies the PTZ motor on the serial port. This number is important because it is possible to connect more than one PTZ motor on the same serial port. This number must correspond to the dip switch settings on the PTZ hardware. 8 To enable the enhanced PTZ commands (zoom-box and center-on-click), switch the Enhanced PTZ option to ON, and calibrate the PTZ coordinates. For information about how to calibrate the PTZ, see "Calibrate the PTZ coordinates" on page 215. NOTE Not all cameras require PTZ calibration. For example, Axis cameras do not require
calibration. 9 Click Apply. After you are done: To test the PTZ controls, do the following: a From the Logical view, do one of the following:
Double-click the camera you want to test. Select the camera, and then in the Contextual commands toolbar, click Live video ( ).
b In the Live video dialog box, test the PTZ controls in the video image. c Use the PTZ widget to control the camera. For a list of commands in the PTZ widget, see "PTZ widget" on page 217.
Calibrate the PTZ coordinates For most cameras, you need to calibrate the limits of the PTZ movement in order to use the zoom-box and center-on-click commands properly in Security Desk. To calibrate the PTZ coordinates for zoom-box and center-on-click: 1 From the Home page in Config Tool, open the Video task. 2 Select the camera, and click the Hardware tab. 3 Next to the Enhanced PTZ option, click Calibrate. 4 To set the PTZ coordinates automatically, click Calibration assistant, and follow the onscreen instructions. 5 To set the PTZ coordinates manually, move the PTZ motor around in the live video image, and enter the corresponding values on the right: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
215
Configuring cameras
Max zoom factor. Zoom in to the maximum level you want Security Desk users to reach, and enter the Zoom value from the Coordinates section. Horizontal field of view. Enter the horizontal field of view specified by the camera manufacturer. If you do not have this information, zoom out until the Zoom value indicates 1x, and estimate the angle of the horizontal field of view from the image you see on screen. Vertical field of view. Enter the vertical field of view specified by the camera manufacturer. If you do not have this information, zoom out until the Zoom value indicates 1x, and estimate the angle of the vertical field of view from the image you see on screen. Minimum pan angle. Turn the camera to the left-most position of the area under surveillance, and enter the Pan value from the Coordinates section. Maximum pan angle. Turn the camera to the right-most position of the area under surveillance, and enter the Pan value read from the Coordinates section. Minimum tilt angle. Turn the camera to the bottommost position of the area under surveillance, and enter the Tilt value read from the Coordinates section. Maximum tilt angle. Turn the camera to the topmost position of the area under surveillance, and enter the Tilt value read from the Coordinates section.
6 If you want to flip the camera image at any point, select one of the following from the Flip camera drop-down list:
Minimum tilt. Flips the camera image when the PTZ motor reaches the minimum tilt coordinate. Maximum tilt. Flips the camera image when the PTZ motor reaches the maximum tilt coordinate.
7 If you see that the Minimum pan angle value is higher than the Maximum pan angle value, select the Invert pan axis option. 8 If you see that the Minimum tilt angle value is higher than the Maximum tilt angle value, select the Invert tilt axis option. After you are done: Test the zoom-box and center-on-click commands from a Security Desk tile. If needed, adjust the calibration, and test the PTZ camera again. NOTE Every time you change a parameter, you must remove the camera from the tile and drag
it back to the tile for your changes to take effect.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
216
Configuring cameras
PTZ widget The PTZ widget is used to perform pan, tilt, and zoom operations on the displayed PTZ-enabled camera ( ). IMPORTANT Not all PTZ cameras support all PTZ commands. If one or more of the PTZ buttons are greyed out, it means that the PTZ camera you are working with does not support that command.
A B C D
E F G
A
Eight direction arrows for PTZ motor control
B
Adjust speed of the PTZ motor
C
Zoom in and zoom out commands (+ and -)
D
Quick access buttons for the first eight presets
E
Choice of preset slot (drop-down menu)
F
Choice of pattern/tour slot (drop-down menu)
G
Choice of auxiliary command slot (drop-down menu) Lock control of the PTZ motor Toggle the PTZ Advanced mode menu Manual focus control (focus near) Manual focus control (focus far) Manual iris control (open iris)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
217
Configuring cameras
Manual iris control (close iris) Go to PTZ home (default) position Flip PTZ motor 180 degrees Open PTZ’s menu (analog domes only) Use specific commands (specific to that model camera) Go to preset position Save preset position Rename a preset, pattern, or auxiliary Start PTZ pattern (tour). Click any preset or PTZ button to stop the pattern. Record PTZ pattern (tour) Start PTZ auxiliary command (e.g. wiper blade) Stop PTZ auxiliary command
Creating camera sequences You can group fixed, PTZ-enabled, and federated cameras into a camera sequence, so they are displayed one after another in a rotating fashion in Security Desk tiles. For more information about camera sequences, see "Camera sequence" on page 393. To create a camera sequence: 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity ( A new camera sequence entity (
) > Camera sequence.
) appears in the Logical view.
3 Type a name for the camera sequence, and press ENTER. 4 Click the Cameras tab, and click Add an item (
).
5 From the Camera drop-down list, select a camera to be part of the sequence. 6 In the Dwell time box, set the amount the time the camera is displayed when cycling through the sequence. 7 From the PTZ command drop-down list, choose what action the PTZ camera will perform when it is displayed in the sequence. This option is only for PTZ-enabled cameras.
Preset. Move the PTZ camera to a preset position.
Position. Start a PTZ pattern.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
218
Configuring cameras
8 From the PTZ auxiliary drop-down list, configure the switch number and the state to set it to. This option is only for PTZ-enabled cameras that support auxiliary switches. 9 Click Save > Apply. 10 To add another camera to the sequence, repeat steps Step 4 to Step 9. 11 To change the order of the cameras in the sequence, use the
and
buttons.
12 To remove a camera from the sequence, select the camera, and click Remove the item (
).
13 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
219
Configuring analog monitors
Configuring analog monitors Analog monitor entities are automatically created when the video decoding units they are connected to are added to your system. Although Security Center provides workable default settings, we recommend that you configure each analog monitor in order to achieve optimal performance. This section includes the following topics:
• "Configure analog monitors" on page 220 • "Testing your analog monitor configuration" on page 222
Configure analog monitors This is the recommended process for configuring analog monitors on your system. 1 Add a video decoding unit to your system. For information about adding units to your system, see "Adding video units to your system" on page 194. Analog monitors that are connected to the video decoding unit are automatically created as analog monitor entities. 2 Configure the analog monitor properties. a In the Video task, select an analog monitor to configure. b Click the Properties tab. c Configure the video settings, network settings, and the hardware connected to the analog monitor. For information about analog monitor properties, see "Analog monitor" on page 357.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
220
Configuring analog monitors
d Repeat Step a to Step c for each analog monitor connected to the decoder. 3 To receive alarms on your physical analog monitors, do the following: a In the Alarms task, click the Monitor groups view. b Click
Monitor group.
c Type a name for your monitor group. d Select the monitor group, and click the Monitors tab. e At the bottom of the page, click group, and then click OK.
, select the analog monitors to be part of the monitor
You can select multiple analog monitors by holding the SHIFT or CTRL keys. IMPORTANT The order of analog monitors in the list is important. If you add more than
one analog monitor to a monitor group, the first analog monitor in the list will receive the highest priority alarm, the second analog monitor will receive the second highest priority alarm, and so on. The last analog monitor in the monitor group list will receive all the other alarms. f Click Apply. g In the Alarms task, click the Alarms view. h Select an alarm, and then click the Properties tab. i In the Recipients section, click alarm, and then click OK.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
, select the monitor groups to be recipients of the
221
Configuring analog monitors
j Click Apply. Analog monitors that are part of the monitor group are now recipients of the alarm. When the alarm is triggered, the video associated with the alarm is shown on the physical analog monitor. NOTE High priority alarms do not replace lower priority alarms that are displayed on the
analog monitor. For more information about viewing video or receiving alarms in analog monitors in Security Desk, see “Viewing video in an analog monitor” in the Security Desk User Guide.
Testing your analog monitor configuration After configuring your analog monitors, you should always test to make sure you can view video on the analog monitors. To test your configuration:
• Display an analog monitor in a canvas tile in Security Desk, and then add a supported camera to the tile. Supported cameras must be from the same manufacturer as the decoder, and use the same video format. For more information about using analog monitors in Security Desk, see “Viewing video in an analog monitor” in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
222
9 Managing Omnicast This section explains advanced configuration techniques, and describes how to keep your video surveillance system reliable, protected, and running smoothly. This section includes the following topics:
• • • • • • • • • • • • • • •
"Managing video archives" on page 224 "Protecting your video archives" on page 227 "Protecting video files" on page 231 "Viewing properties of video files" on page 233 "Replace video units" on page 234 "Diagnosing video streams" on page 235 "Troubleshooting video units that are offline" on page 236 "Diagnosing “Waiting for signal” errors" on page 237 "Diagnosing “Impossible to establish video session with the server” errors" on page 239 "Troubleshooting no playback video available" on page 240 "Troubleshooting cameras that are not recording" on page 241 "Troubleshooting video units that cannot be added" on page 244 "Troubleshooting video units that cannot be deleted" on page 247 "Solving H.264 video stream issues" on page 248 "Investigating Archiver events" on page 249
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
223
Managing video archives
Managing video archives The video archives managed by the Archiver roles are the most important assets produced by your video surveillance system. They incorporate all the video (and audio) information recorded by your system. This section includes the following topics:
• "What constitutes a video archive?" on page 224 • "Managing the archive storage" on page 225
What constitutes a video archive? Each Archiver is responsible for its own video archive for the cameras it controls. The video archive is divided into two parts:
• The archive database • The archive storage The archive database Each Archiver role maintains an archive database. It keeps four types of information:
• Catalog of the recorded video footage. • Events associated with the recorded video footage, such as motion detected, bookmarks, and occasionally metadata (in the future).
• Events describing the recording activities, such as when recording started and stopped, and •
what triggered the event. Events related to the archiving process, such as Disk load is over 80%, and Cannot write to any drive.
The archive storage The Archiver role does not keep the actual video footage in the database. Instead, it is kept on disk, in small files with a G64 extension, called video files. Each video file contains one or many discrete short sequences of video. The location of these files and the description of the video sequences they contain (camera, beginning and end of sequence) are kept in the catalog managed by the Archiver. For information on how to configure the archive database and storage for an Archiver role, see Archiver – "Resources" on page 533.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
224
Managing video archives
Managing the archive storage Managing the archive storage involves the following tasks:
• • • •
Estimating how much storage you need Configuring automatic disk cleanup Optimizing access to your storage devices Monitoring the storage usage
Estimating how much storage you need The storage requirements must be evaluated for each Archiver role, since they can control different numbers of cameras. The storage requirement is affected by the following factors:
• The number of cameras that need archiving. • The number of days you need to keep the archive online. See "Configuring automatic disk cleanup" on page 225.
• The percentage of recording time. The percentage of recording time depends on the selected archiving mode. Recording can be configured for different times during the day as continuous, triggered by motion and user request, only upon user request, or off. For information on how to configure the recording mode, see Archiver – "Recording modes" on page 522.
• Frame rate. The higher the frame rate, the more storage space the recording will require. For information on configuring the recording frame rate, see Camera – "Video" on page 369.
• Image resolution. The higher the image resolution, the more storage space the recording will require. The image resolution is determined by the video data format in effect. For a description of the available video data format, see Camera – "Video" on page 369.
• The expected percentage of movement. Instead of the whole image for every single frame, most video encoding schemes compress data by storing only the image changes between consecutive frames. Therefore, recording a scene that is in constant movement requires a lot more storage than recording a quiet scene. TIP Checking the disk usage statistics regularly is the best way to estimate future disk space requirements, and allows you to make adjustments in a timely manner. See Archiver – "Archiver statistics" on page 538.
Configuring automatic disk cleanup The Archiver uses two methods to free up storage space for new video files:
• The first method is to delete the oldest video files when running out of disk space. This is the simplest method if the video footage from all cameras is of equal importance, and if you gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
225
Managing video archives
•
wish to keep as much footage as possible. This method maximizes disk usage. For information on how to configure this option, see Archiver – "Advanced settings" on page 532. The second method is to specify for each camera the number of days the recorded footage needs to be kept online. When the that timer period expires, the video is automatically deleted, even if disk space has not run out. This method allows you to keep more important video footage for a longer period of time. For information on how to set this option, see Camera – "Recording" on page 378.
The Archiver can also be instructed not to delete any video files. In this case, archiving stops when disk space runs out.
Optimizing access to your storage devices The main bottleneck on the Archiver is disk throughput. The Archiver has a way to alleviate this problem by simultaneously writing to multiple disks. This optimization is achieved by spreading the video archive over several disk groups. Each disk group must correspond to a separate disk controller. By splitting the video archive from different cameras over different disk groups, you can effectively attain the maximum throughput in terms of disk access. To distribute the archiving cameras over multiple disk groups: 1 From the Role view in Config Tool, select the Archiver entity. 2 Select the Resources tab. 3 Create a new disk group. See Archiver – "Archive storage settings" on page 536. 4 Click Camera distribution (
).
5 Using the dialog box that appears, distribute the cameras between the disk groups by selecting them one at a time and moving them with the arrow buttons. 6 Click Close > Apply.
Monitoring the storage usage Given the importance of your video archive, you should monitor disk usage so archiving does not get interrupted inadvertently. There are many ways to monitor disk usage:
• Program event-to-action behaviors to alert you when the Archiver is running out of disk •
space or has stopped archiving. For more information, see "Using event-to-actions" on page 106. Regularly check the Archiver statistics. See Archiver – "Archiver statistics" on page 538.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
226
Protecting your video archives
Protecting your video archives This section discusses how to enhance the security of your video archives. This section includes the following topics:
• • • •
"Protecting your video archive against storage failure" on page 227 "Protecting your video archive against hardware failure" on page 227 "Protecting video archive against routine cleanup" on page 229 "Protecting video archive against tampering" on page 229
Protecting your video archive against storage failure The best protection for your video archive is regular backups.
Backing up your video archive You need to back up both the archive database and the video files at the same time. The video files must be backed up manually, and in their entirety (by default, everything under the VideoArchives folder), and must correspond to the catalog stored in the archive database. For information on how to backup the database, see "Back up your role database" on page 57.
Restoring your video archive You need to restore the video files to the VCDexact same location where they were originally stored. If you are restoring the files to a different server, the relative path to the video files root folder (by default VideoArchives) from the new server must be the same as the path from the old server. Otherwise, the Archiver role will not be able to find them. For information on how to restore the database, see "Restore your role database" on page 58.
Protecting your video archive against hardware failure When the server hosting the Archiver role fails, two main functions of your video system are disabled. First, you lose control over the live video (viewing cameras, controlling the PTZ camera, archiving, etc.), because it is the Archiver that controls the video units. Second, you lose access to your archived video, because it can only be accessed through the Archiver that created it. This is true even if your database server is not the same computer as the one that failed.
About Archiver failover Failover can counter the first problem posed by hardware failure. Adding a secondary server to your Archiver role effectively minimizes the down time over the live video. For Archiver failover, the following conditions apply: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
227
Protecting your video archives
• Only one primary server and one secondary server can be assigned to an Archiver role. • The primary and secondary servers must each have their own database, hosted locally, or on another computer.
• To make sure that the video archived by the primary server is still available if it fails to the secondary server, you must turn on redundant archiving. This ensures that the primary and secondary servers can archive video at the same time, and that they each manage their own copy of the video archive. NOTE You can set up redundant archiving on all cameras managed by the Archiver role, or protect just a few important cameras. For more information, see Archiver – "Camera recording" on page 522.
An alternative solution to protecting your video archives is to use Auxiliary Archivers. For more information, see "Configuring the Auxiliary Archiver role" on page 204.
Careful load planning for failover Depending on the archiving load of the Archiver role (meaning the number of cameras it is archiving and the video quality for each), the additional load it places on its secondary server as a result of a failover can affect that server’s ability to perform. This happens when the failover archiving load added to the existing archiving load of the secondary server exceeds the archiving capability of that server. Additional roles hosted on the secondary server can also affect its archiving capability. When selecting a server as a secondary server for an Archiver role, consider the following:
• How much spare power does the secondary server have? If the secondary server has other functions, it is unlikely be able to absorb the full load of another server. NOTE Based on recent benchmarks, a high-end server dedicated to video archiving cannot handle more than 300 Mbps of data or 300 cameras, whichever comes first. TIP To alleviate the failover load on a server, Genetec recommends defining multiple Archiver roles with fewer video units each. They can all share the same primary server, but should all fail over to different secondary servers.
• How long is a typical failover expected to last? The longer a failover lasts, the more additional disk space you need to reserve for archiving. For more information, see "Estimating how much storage you need" on page 225.
• Is some video less important? The command and control of the video units uses much less resources compared to video archiving. Any server can handle a lot more video units if it is only required to take care of the command and control function over them. If video archiving is not equally important on all cameras, you can entrust all important cameras to one Archiver role and give it a higher archiving priority than the rest. That way, if multiple Archiver roles happen to fail over to the same server at the same time, archiving gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
228
Protecting your video archives
will be maintained for the important cameras. For more information, see "Configure standby archiving priorities" on page 535.
Archiver failover limitation The failover process might take 15 to 30 seconds. During that time, no video will be recorded. Live video viewing will not be affected by the Archiver failover. However, if a user adds a bookmark during that small time window, no bookmark will be added, because the Archiver role is not ready to accept the command, and no operation failure will be reported in Security Desk.
Protecting video archive against routine cleanup By default, video files are not kept indefinitely. Old video files can be deleted by the Archiver to make space for new video, or they can be deleted simply because their time has expired. See "Configuring automatic disk cleanup" on page 225. If important video footage needs to be kept beyond its normal retention period, you can protect it temporarily, or indefinitely. See "Protecting video files" on page 231. CAUTION Too many protected video files on a disk can waste valuable storage space for new video files. To make sure this does not happen, regularly check the percentage of protected video files on each disk (see Archiver – "Protected video file statistics" on page 539). TIP An alternative to protecting video files is to export the desired video sequence to a different location. See “Exporting video” in the Security Desk User Guide.
Protecting video archive against tampering When video evidence is to be used in court, its integrity is of paramount importance. Watermarking is the Security Center way of proving that video has not been altered. Video watermarking is the process of adding a digital signature to every recorded video frame to ensure its authenticity. If anyone later tries to make changes to the video (add, delete, or modify a frame or a section of the video), the signatures will no longer match, proving that the video has been tampered with. In other words, if a video sequence passes the watermark test, it is faithful to the original. To enable video watermarking on an Archiver: 1 From the Home page in Config Tool, open the System task. 2 Click the Role view, and select the Archiver entity. 3 Click the Resources tab, and click Advanced settings. See Archiver – "Advanced settings" on page 532. 4 Switch the Video watermarking option to ON, and click OK. 5 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
229
Protecting your video archives
Set up a custom encryption key You can generate your own encryption key and ask the Archiver to use it. 1 Run the program called EncryptionKeyGenerator.exe found in the Security CenterSecurity Center Server installation folder. The program will generate two 1 kB files named fingerprint.bin and private.bin. The first file contains a random 20 Byte initial fingerprint used for the encryption. The second file contains an RSA 248-bit encryption key. These two files will be different every time the program is executed. 2 Keep a copy of these files in a safe place. 3 Place another copy of these files in the Security Center Server installation folder. 4 From the Home page in Config Tool, open the System task. 5 Click the Role view, and select the Archiver entity. 6 To restart the role, click Deactivate, and then Activate in the Contextual commands toolbar.. The next time the Archiver records video to disk, the video files will be watermarked, and the fingerprint will be encrypted using the new encryption key. IMPORTANT If you assign a second server to the Archiver role, it must use the same custom encryption files. This means you must place a copy of the encryption files in the Security Center Server installation folder of the second server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
230
Protecting video files
Protecting video files You can protect video files from being automatically deleted by the system when the Archiver’s disk space becomes full. What you should know You might protect a larger segment than what you select because the Archiver cannot protect partial files. "Protecting your video archives" on page 227. To protect a video file: 1 From the Home page, open the Archive storage details task 2 Generate your report (see "Generate a report" on page 30). The video files associated with the selected cameras are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 From the report pane, select the video file to protect, and then click Protect (
).
NOTE To select multiple video files, hold the CTRL or SHIFT keys.
4 In the Start and End columns in the Protect archives dialog box, set the time range of the video file to protect.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
231
Protecting video files
5 Select how long to protect the video file for, from one of the following options:
Indefinitely. No end date. You must remove the protection status manually by selecting the video file in the report pane, and then clicking Unprotect ( ). NOTE When you unprotect a video file, it is not immediately deleted. You have 24 hours to change your mind (see "Archive storage settings" on page 548).
For x days. The video file is protected for the number of days that you select.
Until. The video file is protected until the date that you select.
6 Click Protect. The video file is protected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
232
Viewing properties of video files
Viewing properties of video files You can find the of video files used to store video archives from cameras, and view the properties of the video files (file name, start and end time, file size, protection status, and so on), using the Archive storage details report. You can also change the protection status of the video files. To view the properties of a video file: 1 From the Home page, open the Archive storage details task. 2 Generate your report (see "Generate a report" on page 30). The video files associated with the selected cameras are listed in the report pane, along with their file properties. For information about the report columns available, see "Report pane columns" on page 723. 3 To view a video sequence in a tile, double-click or drag a video file from the report pane to the canvas. The selected sequence immediately starts playing. After you finish
• To export an important video archive, select the item in the report pane, and then click •
Export video ( ). For more information, see “Exporting video” in the Security Desk User Guide. To remove a video file from the database, select the item in the report pane, and then click
•
Delete ( ). To protect an important video archive from automatic deletion, select the item in the report pane, and then click Protect ( page 231.
). For more information, see "Protecting video files" on
EXAMPLE If you protected an important video file, you can search for that camera, see when
the protection status is going to end, and extend the amount of time, if needed. Also, if the video file is not yet protected, you can protect it.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
233
Replace video units
Replace video units If a video unit fails and is offline in Security Center (red in the Logical view), you can replace the unit with a compatible one. This process copies the video archives and event logs associated with the old unit to the new one, so that the video archives are not lost. IMPORTANT You need to copy over the configuration settings to the new video unit and all the cameras it controls before replacing the unit using the Unit replacement tool.
Before you begin: The new video unit must be the same brand and model as the old one, or you will receive the following error message: Units’ extension does not match. 1 Add a new video unit to the Archiver controlling the old unit. For information about adding a video unit, see "Adding video units to your system" on page 194. 2 Copy the configuration settings of the old video unit to the new video unit, using the Copy configuration tool. See "Copy configuration tool" on page 668. 3 Copy the configuration settings of the cameras controlled by the old video unit to the new cameras, using the Copy configuration tool. See "Copy configuration tool" on page 668. 4 Click the Home tab, and then click Tools > Unit replacement tool. 5 In the Unit type option, select Cameras. 6 Select the Old and the New cameras. For more information about searching for entities, see "Search for entities using the Search tool" on page 43. 7 Click Swap. The video archives and event logs of the old video unit are copied to the new one. 8 Verify that the video archives are now associated with the new video unit. a Open Security Desk. b From the Home page, open the Archives task. c Select a camera that is controlled by the new video unit. All days that include video archives for the selected camera are listed in the All available tab. d Click Generate report. 9 Once everything is verified, return to the Config Tool Video task. 10 In the Logical view, right-click the old unit, and click Delete (
).
11 In the confirmation dialog box that opens, click Continue.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
234
Diagnosing video streams
Diagnosing video streams In Security Desk, you can diagnose the status of video streams displayed in the canvas. What you should know This can help you determine if there is a potential problem with the video stream, the Archiver, the redirection to Security Desk, and so on. To diagnose a video stream: 1 In Security Desk, display a camera in a tile. 2 Press CTRL+SHIFT+D. Diagnostic information about the video stream is overlaid in the tile. Click OK to view additional information. 3 Review the video stream connections.
Archiver. The connection status from the camera to the Archiver role.
Redirector. The connection status from Archiver role to the redirector.
Media player. The connection status from the redirector to your Security Desk workstation.
4 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
235
Troubleshooting video units that are offline
Troubleshooting video units that are offline When the camera is red in the Logical view, it means that it is offline, or the communication with the Archiver role has been lost. What you should know When a unit is offline in Security Center, it usually coincides with a Unit lost event in Security Desk. This could be caused by an unstable network connection, or issues with the unit itself. To troubleshoot why a unit is offline: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping (
).
If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.
2 Open the unit’s Web page by typing its IP address in a Web browser. 3 Reboot the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Reboot (
).
4 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. You’ll need a username and password to log on to GTAP. 5 Restart the Archiver role controlling the unit. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Deactivate role (
).
c In the confirmation dialog box that opens, click Continue. The Archiver turns red. d At the bottom of the Video task, click Activate role (
).
6 If the video unit is still offline, contact technical support. See "Technical support" on page 869.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
236
Diagnosing “Waiting for signal” errors
Diagnosing “Waiting for signal” errors When you see a Waiting for signal message in a tile, it means that Security Desk is trying to connect to the Archiver. What you should know Some of the reasons you could get the waiting signal are the following:
• The network is slow. • There is some sort of block due to your port connections. • The video stream was dropped while it was being redirected to Security Desk. Wait to see if the camera connects. If the Waiting for signal message persists, you can try to diagnose the connection. To diagnose a Waiting for signal error: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping (
).
If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.
2 Open the unit’s Web page by typing its IP address in a Web browser. 3 Change the video unit’s connection type to the Archiver. a In Video task in Config Tool, select the red camera. b Click the Video tab. c From the Connection type drop-down list in the Network settings section, select a different connection type. d Click Apply. 4 Try viewing playback video from the camera. a In the Archives task in Security Desk, select the camera. b Select the most recent video archive available, and then click Generate report. c Once the report is generated, try to view the video from the archive.
If you can view the video, continue with Step 5. If you cannot view any video, contact technical support (see "Technical support" on page 869).
5 If you have an expansion server on your system running the Archiver role, try to view video from the expansion server. a Open Security Desk on the expansion server. b In the Monitoring task, drag the camera from the Logical view to a tile in the canvas. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
237
Diagnosing “Waiting for signal” errors
If you can view video, it might be a problem with the redirection from the Media Router to your Security Desk. Continue with Step 6. If you cannot view any video, contact technical support (see "Technical support" on page 869).
6 Make sure the correct ports are open on your network. For a list of default ports that are used in Security Center, see “Default Security Center ports” in the Security Center Administrator Guide. 7 Make sure your networks are configured properly. a In the Network view task in Config Tool, select a network. b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet mask, routes, and so on). c Change the network settings if needed, and then click Apply. d Repeat Step a and Step b for all the networks on your system. For more information about configuring network settings, see “Network view” in the Security Center Administrator Guide. 8 Force Security Desk to use a different connection type. a In the Home page in Security Desk, click Options. The Options dialog box opens. b Click the General page. c In the Network options section, next to the Network option, select Specific. d From the drop-down list, select a different network, and then click Save. e Restart Security Desk. f If changing the network connection does not work, repeat Step a to Step e to test using other networks. 9 If you still cannot view video, or the tile displaying the camera still says Waiting for signal, contact technical support (see "Technical support" on page 869).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
238
Diagnosing “Impossible to establish video session with the server” errors
Diagnosing “Impossible to establish video session with the server” errors If you receive an Error: Impossible to establish the video session with the server message, you can try to determine the cause. What you should know The Error: Impossible to establish video session with the server message could show up for multiple reasons. There could be a problem with your server, the Media Router role, the Federation role, the Archiver role, or the video unit itself. To diagnose an Impossible to establish video session with the server error: 1 Make sure your server is running. 2 Make sure the Archiver role is online. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Diagnose (
).
c If there are issues, try to fix them. 3 If you are trying to view a federated camera, make sure the Security Center Federation role or the Omnicast Federation role is online. a In the System task in Config Tool, click the Roles view. b Select the Federation role, and at the bottom of the task, click Diagnose (
).
c If there are issues, try to fix them. 4 If you are trying to view a federated camera, make sure the server of the federated Security Center system is online. 5 It might be a connection problem with the Media router. Make sure the Media Router role is online. a In the System task in Config Tool, click the Roles view. b Select the Media Router role, and at the bottom of the task, click Diagnose (
).
c If there are issues, try to fix them. 6 Restart the Media Router role. a In the System task in Config Tool, click the Roles view. b Select the Media Router role, and at the bottom of the task, click Deactivate role (
).
c In the confirmation dialog box that opens, click Continue. The Media Router turns red. d At the bottom of the System task, click Activate role (
).
7 Check if the video unit is offline (see "Troubleshooting video units that are offline" on page 236).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
239
Troubleshooting no playback video available
Troubleshooting no playback video available If you cannot view playback video or video archives in Security Desk, you can try to troubleshoot the issue. To troubleshoot why you cannot view playback video: 1 Try viewing live video from the camera. a In the Monitoring task in Security Desk, drag the camera from the Logical view to a tile in the canvas.
If you can view live video, continue with Step 2. If you cannot view any video, see the following troubleshooting section: "Troubleshooting video units that are offline" on page 236.
2 Try viewing playback video from the Archives task. a In the Archives task in Security Desk, select a camera. b Search for video archives at different dates and times, and then click Generate report. c Once the report is generated, try to view video from the archives. d Repeat Step a to Step c with other cameras.
If you can view the video from some of the video archives, go to Step 3.
If you cannot view any video, go to Step 4.
3 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. You’ll need a username and password to log on to GTAP. 4 Try viewing playback video from the Archives task on another Security Desk, and on the server where the Archiver role is running (follow the substeps in Step 2).
If you can view video, it might be a problem with the redirection from the Media Router to your Security Desk. Continue with Step 5. If you cannot view any video, contact technical support (see "Technical support" on page 869).
5 Make sure the correct ports are open on your network. For a list of default ports that are used in Security Center, see "Default Security Center ports" on page 776. 6 If you still cannot view playback video, contact technical support (see "Technical support" on page 869).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
240
Troubleshooting cameras that are not recording
Troubleshooting cameras that are not recording If you cannot record video, you can try to determine the cause of the issue. What you should know If you can view live video from a camera but cannot record video, it might be due to the recording mode of the camera, the Archiving schedule, the Archiver role database, or even your CPU usage. Some of the ways you can tell if the camera is not recording are the following:
• If you are viewing live video, the recording status of the camera is indicated in the lowerright corner of the tile. If the status indicates
, the camera is currently not recording.
• You are trying to view playback video, but there is no video available for the date and time you selected, and you know that there should be. To troubleshoot why a camera is not recording: 1 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. You’ll need a username and password to log on to GTAP. 2 Verify the camera recording type. a In the Video task in Config Tool, select the red camera. b Click the Recording tab.
If the Recording settings option is set to Custom settings, check that all the recording settings are correct, and then click Apply. If the Recording settings option is set to Inherit from Archiver, continue with Step c.
c In the Video task, select the Archiver. d Click the Camera recording tab. e In the Recording modes section, make sure the Archiver is set to record on the right Schedule, and that the recording Mode is not set to Off. 3 If the camera recording mode is set to On motion/manual, make sure the motion detection settings are configured properly. a In the Video task in Config Tool, select the red camera. b Click the Motion detection tab. c Verify the motion detection settings. Fore more information, see “Motion detection” in the Security Center Administrator Guide. 4 Check the status of the Archiver role database. a In the Video task in Config Tool, select the Archiver. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
241
Troubleshooting cameras that are not recording
b Click the Resources tab.
If the Archiver database status is Connected, go to Step 5.
If the Archiver database status is Disconnected, or Unavailable, continue with Step c.
c Click Create a database (
).
CAUTION Do not overwrite the existing database, or your video archives will be deleted. NOTE When you create a new database, the video archives from the old database are no longer included in Security Center searches, and will not be deleted by automatic database cleanups.
If the camera can record using the new Archiver database, you can continue to use the new database. If the camera is still not recording, revert back to the original database, and continue with Step 5.
5 Check how much disk space is available for archiving. a In the Video task in Config Tool, select the Archiver. b Click the Resources tab. c In the disk information table, make sure the Min. free space value is at least 0.2% of the Total size value. The Min. free space is the minimum amount of free space that the Archiver must leave untouched on the disk. d If the Min. free space value is less than 0.2% of the Total size, click on the value, and then increase it. 6 Check for Archiving stopped and Recording stopped events that occurred on your system. In Windows on the server where the Archiver role is running, open the .log files, located in C:\ArchiverLogs. If there are Archiving stopped or Recording stopped events in the Entry type column, restart the Genetec Server service. a Open your Windows Control Panel. b Click Administrative Tools > Services. c Click the Genetec Server service, and then click Restart. 7 Check for Transmission lost and RTP packet lost events that occurred on your system. In Windows on the server where the Archiver role is running, open the .log files, located in C:\ArchiverLogs.
If there are many Transmission lost and RTP packet lost events in the Entry type column, then it might be a CPU usage or network issue. Continue with Step 8. If there are not many Transmission lost and RTP packet lost events, go to Step 9.
8 Check your CPU usage. a Right-click in the Windows taskbar.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
242
Troubleshooting cameras that are not recording
The Windows Task Manager opens. b Click the Performance tab, and make sure the CPU Usage is not over 60%. If the CPU usage is over 60%, restart the server, and consider adding more CPU to the server. c Click the Networking tab, and make sure the network Link speed is not over 300 Mbps. 9 If you are only experiencing recording problems with one video unit, try the following: a In the Video task in Config Tool, right-click on the red video unit, and then click Delete. b In the confirmation dialog box that opens, choose if you want to keep the video archives from the unit. The video unit is removed from the Archiver. c Add the video unit. For more information about adding units in Security Center, see the Security Center Administrator Guide. 10 If you still cannot record video on the camera, contact technical support (see "Technical support" on page 869).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
243
Troubleshooting video units that cannot be added
Troubleshooting video units that cannot be added If you are having trouble adding a video unit to an Archiver, you can try to determine the cause of the issue. What you should know When you cannot add a video unit, it might be due to network issues, user credential issues, and so on. Best practice: Log on to Config Tool as an administrator. To troubleshoot why a video unit cannot be added: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping (
).
If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.
2 Open the unit’s Web page by typing its IP address in a Web browser. 3 Reboot the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Reboot (
).
4 Try adding the unit again. 5 Make sure that you have a free camera connection in your Security Center license. a From the Home page in Config Tool, click the About page, and click the Omnicast tab. b In the Number of cameras license option, make sure there is a camera connection still available. 6 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. You’ll need a username and password to log on to GTAP. 7 Make sure you are using the correct credentials when trying to add the unit. For some manufacturers, you have to set the default credentials from the Archiver Extensions tab. a From the Video task in Config Tool, select the Archiver to which you are trying to add the video unit. b Click the Extensions tab. c To add the extension for the video unit, click Add an item ( type, and click Add. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
), select the extension
244
Troubleshooting video units that cannot be added
d Select the extension. e In the Default logon section, enter the username and password for the unit. 8 Make sure the Archiver is connected to the correct database. a In the Video task in Config Tool, select the Archiver. b Click the Resources tab.
If the Archiver database status is Connected, go to Step 9.
If the Archiver database status is Disconnected, or Unavailable, continue with Step c.
c Click Create a database (
).
CAUTION Do not overwrite the existing database, or your video archives will be deleted. NOTE When you create a new database, the video archives from the old database are no longer included in Security Center searches, and will not be deleted by automatic database cleanups.
9 Make sure the Media Router is connected to the correct database. NOTE If the camera was previously added in Security Center and the IP address or name was
changed, you can also re-create the Media Router database. a In the Video task in Config Tool, select the Media Router. b Click the Resources tab.
If the Media Router database status is Connected, go to Step 10.
If the Media Router status is Disconnected, or Unavailable, continue with Step c.
c Click Create a database (
).
10 Try adding the unit with the firewall turned off. For information about how to disable Windows firewall, see KBA00596: “Recommended Windows Firewall Settings” on GTAP, at https://gtap.genetec.com/Library/ KnowledgeBaseArticle.aspx?kbid=596. IMPORTANT Do not turn off the firewall permanently. Reactivate it after your tests are
complete. 11 Make sure your networks are configured properly. a In the Network view task in Config Tool, select a network. b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet mask, routes, and so on). c Change the network settings if needed, and then click Apply. d Repeat Step a to Step c for all the networks on your system. For more information about configuring network settings, see “Network view” in the Security Center Administrator Guide. 12 Make sure the Archiver, Media Router, and all redirectors are using the correct NICs (network interface cards). a From the System task in Config Tool, click the Roles view. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
245
Troubleshooting video units that cannot be added
b Select the Archiver role, and click the Resources tab. c From the Network card drop-down list, select the appropriate NIC. d In the Logical view, select the Media Router role, and click the Resources tab. e Under the Servers section, click Advanced (
).
f Select the appropriate Network card for each server, and click Apply. g Click the Properties tab. h Select a Redirector, and click Edit the item (
).
i From the Multicast interface drop-down list, select the appropriate NIC. j Repeat Step h and Step i for each redirector. 13 Try adding the unit. 14 Verify the NICs priority in Windows. a In Windows, click Start > Run, and type ncpa.cpl. The Network Connections window opens. b Click the Advanced menu above and select Advanced Settings. c Note which NIC on your server is configured as network priority one (at the top of the Connections list), and which is configured as priority two. d If needed, use the arrow buttons on the right side to move the different connections up and down in the list. 15 Try adding the unit. 16 Make sure the Media Router role is online. a In the System task in Config Tool, select the Media Router role. b At the bottom of the System task, click Diagnose (
).
c If there are issues, try to fix them. 17 Make sure the Archiver role is online. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Diagnose (
).
c If there are issues, try to fix them. 18 If you still cannot add the video unit, contact technical support (see "Technical support" on page 869).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
246
Troubleshooting video units that cannot be deleted
Troubleshooting video units that cannot be deleted If you cannot delete a video unit from Security Center, you can temporarily deactivate the Archiver. To delete a video unit: 1 In the Video task in Config Tool, select the Archiver. 2 At the bottom of the Video task, click Deactivate role (
).
3 In the confirmation dialog box that opens, click Continue. The Archiver and all video units controlled by the role turn red. 4 Select the video unit, and at the bottom of the Video task, click Delete (
).
5 Select the Archiver, and at the bottom of the Video task, click Activate role (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
).
247
Solving H.264 video stream issues
Solving H.264 video stream issues If you are having problems viewing H.264 video streams, you can disable the AVCodec_ErrorRecognition advanced Archiver role setting. To solve H.264 video stream issues: 1 From the Video task in Config Tool, select the Archiver to configure. 2 Click the Resources tab. 3 At the bottom of the Resources tab, click Advanced settings. 4 Click Additional settings. 5 In the Additional settings dialog box, click Add an item (
).
6 In the Name column, type AVCodec_ErrorRecognition. 7 In the Value column, type 0. 8 Click Close. 9 In the Advanced settings dialog box, click OK. 10 In the Resources tab, click Apply. 11 When you are asked to restart the Archiver, click Yes.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
248
Investigating Archiver events
Investigating Archiver events You can search for events related to Archiver roles, using the Archiver events report. What you should know You can check the status of an Archiver by selecting it, setting a time range of a week, and making sure there are no critical events in the report. You can also troubleshoot an Archiver by searching for important events, such as Disk load is over 80% or Cannot write to any drive, and see when those events occurred. To investigate Archiver events: 1 From the Home page, open the Archiver events task. 2 Generate your report (see "Generate a report" on page 30). The Archiver events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
249
Part IV Synergis IP access control Learn how to set up, configure, and manage your Synergis system in Security Center. This part includes the following chapters: •
Chapter 10, “Deploying Synergis” on page 251
•
Chapter 11, “Managing Synergis” on page 295
10 Deploying Synergis This section explains how to set up your access control system for the first time. This section includes the following topics:
• • • • • • • • • • • • •
"What is Synergis?" on page 252 "Synergis deployment process" on page 256 "Configuring the Access Manager role" on page 260 "Configuring access control units" on page 267 "Configuring doors" on page 268 "Using the Walkthrough wizard" on page 271 "Configuring elevators" on page 274 "Configuring secured areas" on page 278 "Configuring access rules" on page 281 "Configuring cardholders and cardholder groups" on page 283 "Configuring credentials" on page 285 "Defining badge templates" on page 289 "Testing your configuration" on page 294
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
251
What is Synergis?
What is Synergis? Synergis™ is Security Center’s IP access control system. From access control reader to client workstation, Synergis provides end-to-end IP connectivity. Synergis integrates a variety of access control capabilities including, but not limited to, badge design, visitor management, elevator control, zone monitoring and more. Synergis was designed with an open and distributed architecture. Build your system with new IP readers or use what you already have. Integrate your access control system with other thirdparty systems, like intrusion or building management, and distribute Synergis server components on many different network computers to optimize bandwidth and workload. Synergis Enterprise supports an unrestricted number of doors, controllers and client workstations. You can grow your system one door at a time or scale your system across multiple buildings using the Federation feature.
How does Synergis work? Synergis architecture is based on the server role known as the Access Manager, which controls the physical door controllers.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
252
What is Synergis?
The following provides a general description of how Synergis architecture works:
• System configurations are saved by the Directory role. • The Directory pushes configurations to the Access Manager. • Access Manager communicates directly with the physical door controllers (called access control units) over TCP/IP.
• Access Manager pushes schedules, cardholder information, and access rules to the door • •
controllers. When a cardholder presents their credential to a reader, the controller refers to the access rule to determine whether the user should be granted or denied access. Once controllers have synchronized with the Access Manager, they can operate autonomously, even if they lose the network connection to the Access Manager.
With additional configuration, a cardholder can belong to a cardholder group, a door can be part of an area, and there can be multiple schedules and rules pushed to a unit.
What are Synergis entities? The Synergis access control system uses the following entity types: Icon
Entity
Description
Access Manager (role)
Role that manages the door controllers on the system. See "Access Manager" on page 511.
Access control unit
Door controller (to which a reader is attached). See "Access control unit" on page 337.
Access rule
Logic used to determine whether to grant access or not. See "Uniqueness of the Synergis model" on page 254 and "Access rule" on page 349.
Area
Simple grouping of doors and elevator floors or secured area with full access control behavior, including antipassback and interlock. See "Area" on page 360.
Badge template
Custom-designed printing template for user credentials. See "Badge template" on page 365.
Cardholder
Individual who possesses a credential. See "Cardholder" on page 395.
Cardholder group
Group of cardholders sharing common characteristics. See "Cardholder group" on page 398.
Credential
Claim of identity (card, PIN, biometric scan, etc). See "Credential" on page 401.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
253
What is Synergis?
Icon
Entity
Description
Door
Physical barrier controlled by an access control unit. See "Door" on page 404.
Elevator
A single elevator cabin. See "Elevator" on page 410.
Schedule
Date and time range. See "Schedule" on page 463.
Partition
Group of entities on the system visible only to a group of users. See "Partition" on page 447.
User
Individual who uses Security Center applications. See "User" on page 482.
User group
Group of users sharing common characteristics. See "User group" on page 489.
Uniqueness of the Synergis model Synergis is different from other solutions. Unlike other products, Synergis does not use “Clearance codes” or “Access levels” to grant or deny access. Instead, the basic logic used by Synergis to grant or deny access is defined by the access rule. The biggest difference between an access rule approach and an access level approach is that access rules are applied to doors, while access levels are applied to persons. Access rules tell a door who can pass through, and when, while an access level defines where and when someone can gain access. An access rule is a simple entity that contains the three W’s:
• Who? (cardholder or cardholder group) • What? (grant or deny access) • When? (schedule) Notice that Synergis does not grant access to a card/credential. Rather, access is granted, or denied based on the cardholders themselves.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
254
What is Synergis?
This subtle, but fundamental shift in the applied logic has a significant benefit in managing lost and stolen cards. The access rules that have been pushed to the door controllers do not have to be modified. If you associate a new credential with a cardholder, the old rule is still valid.
A B
C
A
When? (Schedule)
B
What? (Grant or deny access)
C
Who? (Cardholders and/or cardholder groups)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
255
Synergis deployment process
Synergis deployment process This section includes the following topics:
• "Synergis deployment prerequisites" on page 256 • "Synergis deployment procedure" on page 257
Synergis deployment prerequisites Before you begin: Before you deploy Synergis, you must have the following ready:
A network diagram showing all public and private networks used within your organization, and their IP address ranges. For public networks, you also need the name and public IP address of their proxy servers. TIP Ask your IT department for this information.
Security Center software installed.
Security Center Server software installed on your main server. The main server is the computer hosting the Directory role.
Optionally, Security Center Server software installed on expansion servers. An expansion server is any other server on the system that does not host the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.
At least one Access Manager role created on your system.
Security Center Client software installed on at least one workstation.
For instructions on software installation, see the Security Center Installation and Upgrade Guide.
A list of partitions (if any). Partitions are used to segregate the system into more manageable
subsystems. This is especially important in a multi-tenant environment. If, for example, you are installing one large system in a shopping center or, office tower, you might want to give local administration privileges to the tenants. By using partitions, you can group the tenants so that they can only see and manage the contents of their store or office, but not the others. All access control units (IP door controllers and/or IP readers) installed and connected together on your company’s IP network, with the following information:
Manufacturer, model, and IP address of each door controller.
Login credentials (username and password).
Which door/gate/elevator is each controller connected to.
Are the doors card-in/card-out or, card-in/REX-out?
Which inputs and outputs are connected to the door monitor/REX/lock/other?
TIP A site map or floor plan showing door, controller and reader locations would be very helpful. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
256
Synergis deployment process
A list of door groupings to create areas for purposes of people-counting. A list of all known cardholders (and cardholder groups where applicable). TIP For a large installation, cardholders can be imported from a text file or from a Windows Active Directory. For more information, see "Import cardholders from a flat file" on page 284, and "Importing cardholders from an Active Directory" on page 284.
A list of available credentials. Facility codes and card numbers. A list (and details) of all required schedules (office hours, holidays, etc.).
A list (and details) of all required access rules (who is allowed where and when). A list of all known users with their names and responsibilities. TIP To save configuration time, identify users who have the same roles and responsibilities. NOTE Users are not cardholders. Users are persons who access the software. Cardholders are
persons who have physical access to the monitored site.
(Optional) Identify user groups that will work independently on different parts of the system (partitions). NOTE If Omnicast video will be integrated, you will also need:
A cross-reference list indicating which cameras should be associated with which doors.
Synergis deployment procedure A Security Center system can be deployed with access control only (Synergis alone), or access control with video integration (Synergis with Omnicast). This section describes both options. NOTE The system can be setup and deployed in almost any order you want.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
257
Synergis deployment process
Deploying Synergis alone The table below summarizes a typical Synergis deployment. Phase
Description
See
1
Make sure you have everything listed in the prerequisites section.
"Synergis deployment prerequisites" on page 256.
2
Connect to your system with Config Tool using the Admin account.
"Connecting to Security Center" on page 9.
3
Change the Admin account’s password to protect your system.
"Change your password" on page 10.
4
Create a partition for each independent user group. By first defining the partitions, you won’t have to move entities around after you’ve created them.
"Defining partitions" on page 90.
5
Configure the Logical view (the tree structure). The Logical view lets you organize the entities: areas, doors, elevators, and zones, from an enduser’s perspective.
"Managing the Logical view" on page 85.
6
Configure your Access Manager roles.
"Configuring the Access Manager role" on page 260.
7
(Optional) Define custom fields for your system entities as needed.
"Custom fields" on page 619.
8
Discover and enroll the access control units in the system. The Access Manager role needs to “see” the door controllers over the IP network.
"Adding access control units to your system" on page 261.
9
Configure the newly enrolled access control units and the interface modules attached to them.
"Configuring access control units" on page 267.
10
Create doors and configure the wiring of the readers, sensors, locks, and son on, to the access control units.
"Configuring doors" on page 268.
11
(Optional) Create elevators and configure the wiring of the cabin reader and floor buttons to their access control units.
"Configuring elevators" on page 274.
12
Configure the secured areas (antipassback or interlock) and their perimeter doors.
"Configuring secured areas" on page 278.
13
Create schedules (open/closed hours and holidays).
"Using schedules" on page 103.
14
Create access rules. Link rules to doors and schedules.
"Configuring access rules" on page 281.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
258
Synergis deployment process
Phase
Description
See
15
Create cardholders and (optional) cardholder groups. Link to access rules.
"Configuring cardholders and cardholder groups" on page 283.
16
Create credentials.
"Configuring credentials" on page 285.
17
(Optional) Create badge templates.
"Defining badge templates" on page 289.
18
Test your configuration.
"Testing your configuration" on page 294.
19
Create the users and user groups.
"Defining users" on page 93 and "Defining user groups" on page 96.
20
(Optional) Create alarms.
"Managing alarms" on page 111.
21
(Optional) Create threat levels.
"Managing threat levels" on page 117.
Deploying Synergis with Omnicast If no Omnicast system is available, please refer to "Omnicast deployment process" on page 190. Once an Omnicast system is available, integrating Omnicast’s video functionality into Synergis is relatively straightforward. It does not matter whether the Omnicast or Synergis system is set up first. Cameras can be linked to doors at any time. If both Omnicast Archiver and Synergis Access Manager are found on the same Security Center system:
• Associate Synergis doors to Omnicast cameras. See "Associate cameras to doors" on page 270. If the Omnicast Archiver and the Synergis Access Manager are found on different Security Center systems:
• Federate the Omnicast cameras with the Synergis system. See "Federating remote systems" on page 128.
• Associate Synergis doors with the federated Omnicast cameras. See "Associate cameras to doors" on page 270.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
259
Configuring the Access Manager role
Configuring the Access Manager role The Access Manager role manages and monitors access control units on the system. The role validates all access activities when the units are online. Upon receiving a request from a unit, the Access Manager checks the access rules and schedules to decide whether the door or elevator floor can be accessed. It then sends a command to the controller to unlock the door or enable an elevator floor button. It also logs the access control events in the database for access control investigation and maintenance reports. All events generated by the units (access granted, access denied, door open, etc.) are forwarded by the Access Manager, through the Directory, to the concerned parties on the system. This section includes the following topics:
• "Configure the Access Manager role" on page 260 • "Add the unit manufacturer extensions" on page 261 • "Adding access control units to your system" on page 261
Configure the Access Manager role When Synergis is enabled by your license, an Access Manager role is created by default and hosted on the main server. You must configure it before it can be fully operational. 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view, and select the Access Manager role. 3 Click the Resources tab, and configure the database required to run this Access Manager. For more information, see "Resources" on page 514. 4 Click the Properties tab, and configure the default retention period for door activity. The retention period defines how long (in days) a door event like “access granted”, or “access denied” remains in the SQL database. NOTE If you’re using the SQL Express 2008 R2 database engine (included with the Security
Center installation files), the database size limitation is 10 GB. A door event uses (on average) 200 Bytes in the database. If you configure the Access Manager to retain door events indefinitely, it will eventually hit the 10 GB limitation and the database engine will stop. 5 Add the manufacturer extensions for the unit types this Access Manager is to manage. For more information, see "Add the unit manufacturer extensions" on page 261. 6 Add the access control units you want this Access Manager to manage. For more information, see "Adding access control units to your system" on page 261. After you are done: If you need more than one Access Manager role on your system, now is the time to add more Access Manager roles and host them on separate servers. To add a new Access Manager role, see "Add an expansion server to your system" on page 47 and "Create a role entity" on page 50.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
260
Configuring the Access Manager role
Add the unit manufacturer extensions The manufacturer extensions are manufacturer specific settings that enable the Access Manager to communicate with the access control units. You need to add these extensions manually. Security Center supports the following unit types:
• Synergis Master Controller. Synergis Master Controller (SMC) is Genetec’s access control unit that supports a variety of interface modules from third-party manufactures, such as HID, Mercury Security, STid, DDS, and more.
• HID controllers. The HID controllers include the legacy VertX controllers (V1000 and V2000), the VertX EVO controllers, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see “Supported HID units” in the Security Center Release Notes. To add a manufacturer extension to the Access Manager: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view, select the Access Manager, and click the Extensions tab. For more information, see "Extensions" on page 513. 3 At the bottom of the extensions list (empty at the beginning), click Add an item (
).
4 In the Add extensions dialog box, select the extension types you need and click Add. If you only selected HID VertX, the procedure ends here. 5 Click the SMC extension you just added. 6 At the bottom of the Discovery Ports list, click Add an item (
).
7 In the Discovery port dialog box, enter the port number configured for your SMC units and click Create. The port number must match the discovery port configured on your SMC units. The default value is 2000. Do not change the default value unless it is reserved by your IT department for a different purpose. 8 Click Apply (
) to save your changes.
Adding access control units to your system Before you begin: "Add the unit manufacturer extensions" on page 261. This section only covers adding HID units. For adding SMC units, see “Enrolling the SMC unit in Security Center” the Synergis Master Controller Configuration Guide. This section includes the following topics:
• "Add an HID unit manually" on page 262 • "Add access control units using the Unit discovery tool" on page 265.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
261
Configuring the Access Manager role
Add an HID unit manually Before you begin: You must know the IP address, and the login credentials (username and password) of the HID units you plan to add. This is often achieved by using the HID discovery utility known as the Discovery GUI. The Discovery GUI can be downloaded from HIDglobal.com, or found in the Security Center 5.2 installation package, at: \Tools\Access\HID VertX\Discovery Tool\. The Discovery GUI is used for the initial network discovery and IP configuration of HID VertX controllers.
This utility will scan a local network and report which HID units were found. You can then apply the unit’s IP configuration, password, etc. Once the access control units are online and you have their IP addresses and passwords, you can then add the units manually in the Config Tool. To add an HID unit manually in Security Center: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view. 3 Click Add an entity (
) > Access control unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
262
Configuring the Access Manager role
From the Network endpoint drop-down list in the Unit information tab, select the Access Manager that will manage the unit.
4 Click Unit type and select HID VertX. 5 Enter the IP address of the HID unit. NOTE If the server hosting the Access Manager is behind a NAT, and the access control unit is not, you must click on the More button and specify the server’s IP address.
6 Enter the Username and Password. NOTE The default username/password is root/pass.
7 Click Next. 8 Select a Partition where the access control unit should be added.
If no partitions were created, select the default Public partition. If there are partitions in your system, select the partition that will include the door(s), schedule(s), rule(s) cardholder(s) linked to this specific door controller.
For more information, see "Partition" on page 447, and "How is software security configured?" on page 89. 9 Click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
263
Configuring the Access Manager role
10 Review the Creation summary, and click Create. The Access Manager attempts to connect to the unit, and enrolls it in your system. Once the process has been successfully completed, a confirmation message appears.
11 Click close. Your newly created access control unit appears under the Access Manager it was assigned to in the Roles and units view. NOTE It might take another minute or two before the unit can be used. It will undergo (automatic) synchronization. This process involves the Access Manager sending schedules, access rules, and cardholder information to the unit. The unit will save the information locally so that it can operate even if the Access Manager is unavailable.
For more information, see "Synchronization" on page 347. After you are done: To confirm whether the unit has successfully synchronized with Access Manager: 1 From the Roles and units view, select the access control unit that was just added. 2 Click the Synchronization tab, and check the date/time stamp of the Last update.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
264
Configuring the Access Manager role
Add access control units using the Unit discovery tool The Unit discovery tool helps you find access control units on your network when you do not know their IP addresses. NOTE For a complete description of this tool, see "Unit discovery tool" on page 653.
To perform a unit search with the Unit discovery tool: 1 From the Home page, click Tools > Unit discovery tool. 2 In the Unit discovery dialog box, click the Manufacturers button. 3 In the Configure manufacturer’s extensions dialog box, click the Access control tab, and click Add an item ( ). 4 Select the manufacturers you need, and click Add. 5 Click Save. 6 Click Start discovery (
).
The units discovered on your network are listed. Newly discovered entities are displayed with a yellow star. You can stop the discovery process at any time. NOTE UPnP and Zero config protocols are also used for the discovery process. This means
that IP cameras supporting UPnP and Zero config might also be discovered during the scan.
7 To filter out the entities already enrolled in your system, click Investigation ( bottom of the dialog box, and click Show only new units.
) at the
8 Select a unit from the list, and do one of the following:
To add the unit to your system, click Add unit (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
) below the unit information. 265
Configuring the Access Manager role
This only works if you provided the correct login credentials.
To change the discovery port of the unit, click Change discovery port (
).
If the login credentials are incorrect, click Manual add ( ) > Access control unit to add the unit manually, and provide the correct login credentials. See "Add an HID unit manually" on page 262.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
266
Configuring access control units
Configuring access control units Once you have successfully enrolled your access control units in the system, you will find them in the Access control task under the Access Manager that manages them. Each access control unit starts with a default configuration. For a description of all the configurable properties, see "Access control unit" on page 337. TIP If your access control units share many settings in common, you can configure a first one and copy the common part of its configuration to all the rest to save time. For more information, see "Copy configuration tool" on page 668.
This section includes the following topics:
• "Understanding unit synchronization" on page 267 • "Synergis Master Controller’s unique characteristics" on page 267
Understanding unit synchronization The logic used to decide whether a door should be locked or unlocked is processed by the access control unit. This means that units must synchronize with the Access Manager to receive the latest access rules, schedules, credentials, and so on. The unit’s synchronization mode can be configured or modified under the access control unit’s Synchronization tab in Config Tool (see "Synchronization" on page 347). Three different synchronization modes are supported by Security Center:
• Automatically. This is the recommended setting. Any configuration change is sent to the access control unit 15 seconds after the change is saved by the Config Tool, Web Client or Security Desk. Only configurations that affect that particular unit are sent.
• On schedule. The unit is synchronized according to a schedule. For continued offline or mixed mode operation, make sure the scheduled synchronization time never falls after the date and time shown for Expiration date. If in doubt, set the synchronization mode to Automatically.
• Manual only. The unit is only synchronized when you click the Synchronize now button. Make sure you synchronize the unit before the date and time shown for Expiration date.
Synergis Master Controller’s unique characteristics Some noteworthy characteristics of the SMC unit is that it’s synchronized data never expire because it understands the scheduling scheme used in Security Center. For a complete list of SMC supported features and limitations, see the Synergis Master Controller Configuration Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
267
Configuring doors
Configuring doors In Security Center, a door entity refers to any physical barrier that can be controlled by an access control unit. Often, a door will represent a physical door, but it can also represent a gate or a turnstile. This section includes the following topics:
• • • • •
"Wiring doors to access control units" on page 268 "Create and configure your doors" on page 268 "Configuring a buzzer" on page 269 "Configuring readerless doors using Input/Output modules" on page 269 "Associate cameras to doors" on page 270
Wiring doors to access control units For information on wiring doors to SMC units, refer to the Synergis Master Controller Hardware Installation Guide. For information on wiring doors to HID VertX units, refer to the wiring diagrams found in the appendix of this guide. See "Wiring diagrams" on page 800. The diagrams are also available in PDF format in the Security Center 5.2 installation package, located at: \Documentation\Controllers\HID VertX\Wiring and Installation Guidelines\. Best practice: It is best practice to have an electrician verify the functionality between all door sensors and actuators.
Create and configure your doors Once the physical wiring between the access control unit and the door is complete, you need to create and configure the door in the Config Tool. There are three basic door configurations:
• Card in/Card Out - 2 readers are required • Card In/REX Out - 1 reader is required • Readerless doors - No readers are required To create a door in Security Center: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (
) > Door.
3 In the Creating a door wizard, enter the door name and description. 4 If there are partitions in your system, select the partition in which the door will be created, and click Next. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
268
Configuring doors
5 In the Door information page, assign names to the door sides (Inside/Outside, Secure/ Non-secure, Entrance/Exit, East/West). 6 To associate the door with the access control unit it is wired to, select a unit from the Access control unit drop-down list. 7 Review the Creation summary to make sure the configuration page matches the physical wiring done at the door. 8 Click Create and Close. For more information, see "Door" on page 404. After you are done:
• To link an access rule to your door, see "Access rules" on page 409 • To attach cameras to your door, see "Associate cameras to doors" on page 270 • To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on page 408.
Configuring a buzzer You can assign an access control unit output to sound a buzzer. This output is governed by the action Sound buzzer and Silence buzzer. Use the event-to-action mechanism for this. For example, the buzzer output can be used to prompt someone to shut a door when it is being held open. With an event-to-action, you associate the event Door open too long to trigger the action Sound buzzer. Then associate the event Door closed to trigger the action Silence buzzer. NOTE Buzzer does not refer to the reader’s beeper, but an external buzzer that is wired to an output relay on the access control unit.
For more information, see "Using event-to-actions" on page 106.
Configuring readerless doors using Input/Output modules If a reader is not required for a door configuration, HID input and output modules (V200 and V300) can be used to control the REX, door sensor, and lock. Some examples of where readerless doors might be used could include:
• Fire exits - Locked from the outside, with a push-bar to open the door from the inside using a REX.
• Stadiums/Theatres/Arenas - Everyone must enter through the ticket booth but once the event is finished, many exits become available to decrease congestion at the main entrance. NOTES
• No access rules need to be linked to the readerless door. For more information, see "Access •
rules" on page 409. An unlock schedule can be assigned to the readerless door. For more information, see "Unlock schedules" on page 406.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
269
Configuring doors
Associate cameras to doors If a door entity is linked to a camera in Security Center, an access control event triggered at that door (door forced, access denied) will cause the camera’s video feed to be displayed in a Security Desk tile. If there are multiple cameras associated with that door, by default the cameras linked to the outside of that door will be displayed in a Security Desk monitoring tile. Multiple cameras associated with a single door (composite entities) can be cycled or unpacked in the Security Desk. For more information, see “Unpacking/packing tiles” in the Security Desk User Guide. To monitor doors with cameras, your Security Center must have one of the following configurations:
• An Archiver role with available cameras. For more information, see "Archiver" on page 521.
• An Omnicast Federation role to connect to an external Omnicast system. For more information, see "Omnicast Federation" on page 590.
• A Security Center Federation role to connect to an external Security Center system with cameras. For more information, see "Security Center Federation" on page 601. To link cameras to your doors: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the door entity to configure, and click the Hardware tab. 3 Below door side (A), click Associate a camera (
).
4 From the Camera drop-down list, select a camera. If the camera has a PTZ motor, you can also include the PTZ preset number to ensure that the camera points towards the door. 5 To add another camera to the door side, click Associate a camera (
) again.
6 Repeat Step 3 and Step 4 for door side (B). 7 Click Apply.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
270
Using the Walkthrough wizard
Using the Walkthrough wizard The Walkthrough wizard tool simplifies the configuration of newly installed access control units by associating them with doors. You to simply walk through the newly installed doors, presenting your credential to each reader along the way. These access requests are recorded in real-time and stored. Once all the access points are recorded, you use the wizard to associate each access point with a door. Only units that are not yet associated with a door can be configured with this wizard. This section includes the following topics:
• "Why use the Walkthrough wizard?" on page 271 • "Assigning doors to access control units using the Walkthrough Wizard" on page 272
Why use the Walkthrough wizard? Imagine that you have just installed 10 new access control units.
You discover them with the HID Discovery GUI and configure their IP addresses.
You wire them to the doors.
You then enroll them with the Config Tool and they become part of your Security Center/Synergis system. You begin creating doors in the Config Tool’s Logical view.
And now, the challenge is to remember which controller is physically wired to which door.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
271
Using the Walkthrough wizard
Assigning doors to access control units using the Walkthrough Wizard Assign door names to access points by using the Walkthrough wizard and presenting your card to different readers around your site. TIP This task is accomplished faster with two people. One walking through the doors and presenting a credential while the other monitors which reader just picked up the card. A pair of walkie-talkies or cell phones can be helpful.
To launch the walkthrough wizard: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholders view, and select the cardholder that corresponds to the credential you’ll be using for the wizard. 3 In the contextual commands toolbar, click Walkthrough wizard (
).
4 In the Door walkthrough wizard, select a walkthrough mode, and click Next.
Real time. Credential reads are shown in real-time. If the building is large, this mode is best used with two installers. One installer runs the Config Tool, while the other walks around swiping the credential on the readers for the newly installed units. Reporting. Installation is done in two steps with one person. First you walk through the building in a pre-defined circuit, swiping the credential on readers for newly installed units. Security Center records these credential reads. Then you associate the list of discovered units to newly created doors. For this mode you set a time period during which the mode is active. Mixed mode. A combination of both real time and reporting mode.
5 Begin your walkthrough by presenting your card at each reader. As you present your card at each reader, the Walkthrough wizard notes which controller picked up the card read. In the Device discovery tab, all the access points that read your card are listed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
272
Using the Walkthrough wizard
6 Select a reading, assign a Door name, and click Next.
7 Review the Creation summary. 8 If the configuration looks correct, click Create. Your newly configured doors can now be found in the Config Tool’s Logical view. After you are done:
• To link an access rule to your door, see "Access rules" on page 409 • To attach cameras to your door, see "Associate cameras to doors" on page 270 • To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on page 408.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
273
Configuring elevators
Configuring elevators The elevator entity controls access to the floors of a building. When a cardholder uses a credential, the floor buttons to access those floors for which that cardholder is authorized, are enabled. This is achieved by controlling an output relay to enable the floor button. Floor tacking records the floor buttons pressed. It is achieved by monitoring inputs. This permits tracking reports for elevator usage in the Security Desk. For information about a unit’s limitations with this feature, see the Security Center Release Notes. This section includes the following topics:
• "Hardware for elevator control and floor tracking" on page 274 • "Configuring elevator floors" on page 275
Hardware for elevator control and floor tracking To control access, this entity relies on a single access control unit that must be associated with an elevator. IMPORTANT To configure an elevator, make sure you have an access control unit dedicated to the control of an individual elevator cab. In other words, the access control unit assigned to elevator control cannot be used for any other purpose.
You will require the following:
A reader in the elevator cab.
Outputs that close relay contacts to enable the floor buttons.
Inputs that record the floor buttons that have been selected (only necessary when the floor tracking is required).
The following hardware supports elevator control and floor tracking. Access control unit
Number of outputs for elevator control
Number of inputs for floor tracking
HID VertX V2000 reader interface/ network gateway
4
6 (including AC Fail and Bat Fail inputs)
HID iCLASS Edge device
2
2
HID VertX V1000 network gateway (in addition to a V100, up to 31 modules (V200 and V300) can be connected):
Not supported
Not supported
HID VertX V100 reader interface module
4
4 (including AC Fail and Bat Fail inputs)
HID VertX V200 input module
2
18 (including AC Fail and Bat Fail inputs)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
274
Configuring elevators
Access control unit
Number of outputs for elevator control
Number of inputs for floor tracking
HID VertX V300 output module (latching outputs)
12
4 (including AC Fail and Bat Fail inputs)
Configuring elevator floors To configure elevator floors: 1 Install the reader in the elevator cab and wire it to the access control unit. 2 Wire the outputs for elevator control. The output relay state can be inverted according to your regulatory requirements. This setting will affect how you wire the units. For more information, see "Configure the elevator relay settings" on page 276. For an HID unit see "HID VertX elevator control" on page 794 After you are done: Once wired, the input for each floor must be configured.
Create an elevator To create an elevator in the Config Tool: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (
) > Elevator.
3 In the elevator creation wizard, enter the elevator name and description. 4 If there are partitions in your system, select the partition where the elevator will be created, and click Next. 5 Enter the number of elevator floors, and click Create. The default floor entities are created. 6 To change a floor name, select the floor. 7 Make adjustments if necessary, and click Next. 8 Review the creation summary, and click Create and Close. The new elevator appears in the Logical view’s entity tree with its floors. It initially appears in red until it is fully configured.
9 From the Logical view, select the elevator, and click the Advanced tab. 10 Configure the elevator relay settings. See "Configure the elevator relay settings" on page 276.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
275
Configuring elevators
11 Click the Floors tab, and assign the access control unit to be used for the elevator, the reader, the outputs that enable the selection for a floor, and the cameras monitoring the elevator. For more information, see "Configure the elevator floors" on page 276. 12 Click the Access tab, and configure the access rules applied to the elevator floors, and scheduled periods when the elevator floors should be configured for free access (no credentials required). After you are done: You can configure event-to-actions based on events regarding this elevator. See "Using event-to-actions" on page 106.
Configure the elevator relay settings The elevator Advanced tab can be used to configure the elevator control unit relay settings. The following settings change the relay behavior for elevator control:
• Grant time. This value indicates for how long the elevator floor button will be enabled after the access granted event has been generated.
• Free access when the output relay is:
Normal. Floor access is enabled when the access control unit output relay is deenergized. This means that a power loss results in free access to the floor. Active. Floor access is enabled when the access control unit output relay is energized. This mean that a power loss results in floor access being denied.
NOTE The access control unit relay output wiring must be made according to these settings (use the appropriate NO or NC relay contacts on the units).
Configure the elevator floors The elevator Floors tab allows you to configure the physical wiring relationships between the access control unit and the elevator floors, and select cameras used to monitor this elevator in Security Desk. To configure the elevator floors: 1 Select the Floors tab of the elevator entity. 2 From Preferred unit drop-down list, select a unit to filter the inputs and outputs displayed on this screen. This greatly simplifies the selection of inputs and outputs since there are so many of them in the system. 3 From the Elevator cab reader drop-down list, assign the reader input. 4 To change the elevator cab’s reader settings, then click
.
The configuration dialog box is displayed to allow you to change the following:
Type of reader (Wiegand vs. Clock & Data; Card only vs. Card and PIN)
Set card and PIN mode with the schedule and access timeout.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
276
Configuring elevators
5 Under Floors, use the following buttons to add elevator floors or change their configuration:
To add an elevator floor, click
.
To delete the selected elevator floor, click
To move the selected elevator floor up, click
To move the selected elevator floor down, click
To modify the selected elevator floor, click
. . .
.
6 From the Push button relay drop-down list, assign elevator floors to outputs. 7 From the Floor tracking drop-down list, assign elevator floors to floor tracking inputs. NOTE On an access control unit dedicated to elevator control, all inputs can be used for floor
tracking except for the door monitor inputs. 8 Click Apply.
Associate rules, unlock schedules, and cameras to elevators Just like a door, elevator control requires access rules to determine who will be granted access, where and when. And, you can assign an unlock schedule to permit free access based on a schedule, as well as assigning cameras to monitor the elevator events.
• In the elevator’s Access tab, assign access rules to your elevator to determine which cardholders can access which floors, and assign schedules to allow free access during certain times of the day. For more information, see "Access" on page 412.
• In the Floors tab, link cameras to your elevator for monitoring. For more information, see "Floors" on page 411.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
277
Configuring secured areas
Configuring secured areas An area represents a group of entities. In the context of access control, this would typically be a group of doors, and perhaps alarm inputs. An secure area consists of perimeter entities (doors) and, optionally, captive entities. Areas are required for:
• Antipassback • Interlock • People counting NOTE A secured area can be configured with either antipassback or interlock functionality, but never both.
This section includes the following topics:
• • • • •
"Create an area" on page 278 "Add members to an area" on page 279 "Configure doors for an area" on page 279 "Configure antipassback" on page 280 "Configure interlock" on page 280
Create an area To create a secured area: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (
) > Area.
A new area appears in the Logical view. 3 Type a name for the area, and press ENTER. For more information, see "Area" on page 360.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
278
Configuring secured areas
Add members to an area Entities such as cameras, zones, sub-areas, elevators, and tile plugins can be added as members of an area. You can also add doors as area members. See "Configure doors for an area" on page 279. To add members to an area, do one of the following:
• Click •
at the bottom of the Members tab of the area entity, and use the Search tool that appears. For more information, see "Search for entities using the Search tool" on page 43. Use drag-and-drop to move or copy entities in the Logical view. For more information, see "Configuring the Logical view" on page 86.
Configure doors for an area A door can be configured as Captive or Perimeter for an area. Perimeter doors are used to enter and exit an area, and help to control access. By correctly setting the door sides, people counting and antipassback are properly tracked. A door’s Entrance and Exit sides are relative to the area being configured. NOTE Access rules configured for an area only apply to perimeter doors.
1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Members tab. 3 Click Add an item (
) at the bottom of the page.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
279
Configuring secured areas
4 Select the doors you want as members, and click Select. 5 In the Doors section of the Members tab, set the doors as perimeter or captive doors.
For doors that represent entry or exit from the area, set the slider to Perimeter.
For doors that are found within the area, set the slider to Captive.
6 To swap the door sides, beside the door, click the Swap door side button. 7 Click Apply.
Configure antipassback Once your area has been created, and it contains at least 1 perimeter door, antipassback can be applied to your area. Please note that for areas made up of multiple doors, the antipassback logic will be applied to the perimeter doors but not the captive doors. To configure antipassback for your area: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Properties tab. 3 Set the Antipassback properties to ON, and Interlock properties to OFF. 4 Set the Type, Timeout, and Strict fields as required by your installation. For more information about these fields, see "Antipassback properties" on page 361. IMPORTANT All doors participating in an antipassback area must be controlled by the same
unit. 5 Click Apply.
Configure interlock An interlock (also known as mantrap or airlock) is the logic applied to a group of doors stipulating that only one door can be open at any given time. This would typically be used in a passageway with at least two doors. The cardholder unlocks the first door, enters the passageway, but cannot unlock the second door until the first door has closed. To configure your area with interlock functionality: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Properties tab. 3 Set the Interlock properties to ON, and the Antipassback properties to OFF. 4 Assign an access control unit’s input to activate either Override mode or Lockdown mode. 5 Click Apply. For more information about these fields, see "Properties" on page 361.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
280
Configuring access rules
Configuring access rules An access rule is the access control logic that grants or denies access to a cardholder. This section includes the following topics:
• "Create and configure access rules" on page 281
Create and configure access rules To create and configure an access rule: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Access rules view, and click Access rule (
).
3 Assign a name and description to the access rule. TIP It is best practice to assign descriptive names to your rules so that when your system accumulates many rules, it is clear from their names what they do.
Eg. “Rule_Area or Door name_Schedule name”. 4 If there are partitions in your system, select the partition in which the door will be created, and click Next. For more information, see "Partition" on page 447. 5 Select a schedule of when you want your rule to be active. The default is Always. For more information, see "Schedule" on page 463. 6 Click Next. 7 Review the Creation summary and click Create. 8 Select the access rule, and click the Properties tab. 9 Select a schedule, and grant access or deny access depending on your needs. TIP Usually schedules are used to grant access through a door.
10 At the bottom of the page, click the add cardholders ( cardholders, or cardholder groups to your rule.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
) button to add individual
281
Configuring access rules
TIP It is recommended to add cardholder groups rather than cardholders, as this becomes much more manageable in large systems as new people arrive, and former people leave.
11 Click Apply. After you are done: Now that your access rule has been configured, you need to assign it to specific doors, or areas for the rule to be applied and to control physical access. Related topics:
• "Access rules" on page 364, for areas • "Access rules" on page 409, for doors
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
282
Configuring cardholders and cardholder groups
Configuring cardholders and cardholder groups Cardholders and cardholder groups are the Who in an access rule. While both individual cardholders and cardholder groups are supported, cardholders and access rules are much easier to manage when cardholders are members of cardholder groups. This section includes the following topics:
• • • • • •
"Create a cardholder in Config Tool" on page 283 "Create a cardholder group in Config Tool" on page 284 "About the maximum cardholder picture file size" on page 284 "Import cardholders from a flat file" on page 284 "Importing cardholders from an Active Directory" on page 284 "Managing cardholders in Security Desk" on page 284
Create a cardholder in Config Tool Cardholders can be created either through the Cardholder creation wizard (explained here) or with the Cardholder management task. For more information on the latter, see “Cardholders” in the Security Desk User Guide. To create a new cardholder: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholders view, and click Cardholder (
).
3 Assign a first name and last name to your cardholder, then click Next. 4 In the Basic information page, assign a name, and a description to the cardholder entity. 5 If there are partitions in your system, select the partition in which the cardholder will be recognized, and click Next. For more information, see "Partition" on page 447. 6 If custom fields have been created for cardholders, fill in the custom fields, and click Next For more information, see "Custom fields" on page 335. 7 Choose to create the cardholder’s credential now, or later on, and click Next.
If you selected Create the credential for this cardholder now, continue with Step 8.
If you selected Delay the creation of the credential for this cardholder, go to Step 9.
8 Choose whether to create the credential manually, or automatically and create their credential, and click Next. For more information, see "Create a credential in Config Tool" on page 285. 9 Review the Creation summary and click Create and Close. For more information, see "Cardholder" on page 395. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
283
Configuring cardholders and cardholder groups
Create a cardholder group in Config Tool To create a new cardholder group: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholder groups view, and click Cardholder group (
).
A new cardholder group appears in the Logical view. 3 Type a name for the group, and press ENTER. 4 Click the Properties tab of the cardholder group, and click at the bottom of the page to add individual cardholders or cardholder groups to your new group. For more information, see "Cardholder group" on page 398.
About the maximum cardholder picture file size If cardholders’ pictures are used, they are also stored in the configuration database. Imported cardholder pictures will be reduced to the maximum cardholder picture size. For more information, see Access control – General settings – "Maximum picture file size" on page 635.
Import cardholders from a flat file Cardholders can be created by importing a text file containing all cardholder information, using the Import tool. It is often useful in large organizations where many cardholders or cards need to be created automatically. The Import tool can be found in the Config Tool’s Tools menu. For more information, see "Import tool" on page 657.
Importing cardholders from an Active Directory Cardholders and cardholder groups can be created by importing them from Windows Active Directory (AD). If somebody already has a valid Windows user profile on the Windows domain, their cardholder profile can be created automatically. For more information, see "Import security groups from an Active Directory" on page 143.
Managing cardholders in Security Desk You can create, delete, and modify cardholders (such as change their group membership, partition access, credential, employee photo, and so on), using the Cardholder management task. For more information, see “Cardholders” in the Security Desk User Guide. NOTE The cardholder management task does not offer cardholder group management.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
284
Configuring credentials
Configuring credentials Credentials are used by Security Center to identify who is requesting access through a secured access point. For access control to be operational, every cardholder must possess at least one credential. These are typically (but not exclusively) access control cards. For more information, see "Credential" on page 401. This section includes the following topics:
• • • • •
"Create a credential in Config Tool" on page 285 "Import credentials from a flat file" on page 287 "Importing credentials from an Active Directory" on page 287 "Enrolling credentials from Security Desk" on page 287 "Using custom card formats" on page 287
Create a credential in Config Tool Before assigning a credential to a cardholder, the credential must first be created and enrolled in the system. NOTE Credentials can be enrolled either through the Credential creation wizard (explained here)
or with the Credential management task. For more information on the latter, see “Credentials” in the Security Desk User Guide. To create a new credential: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Credentials view, and click Credential (
).
3 In the credential creation wizard, select manual or automatic credential creation. and click Next.
Manual credential creation. Involves entering the access control card number and facility code manually with your PC keyboard. Automatic credential creation. Involves presenting the card to a reader upon which it will be recognized by the system.
4 Assign a name, and a description to the credential. TIP Typically, a credential will be named “CardholderName’s credential” (eg. Mike Walker’s
credential). The alternative is to assign the card number (printed on the face of the card) as the credential name. If a lost card is found, it can then be searched for quickly with this number. 5 If there are partitions in your system, select the partition in which the credential will be recognized, and click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
285
Configuring credentials
For more information, see "Partition" on page 447. 6 In the Credential assignment page, assign the credential to a cardholder immediately, or create the credential but delay assigning it to a cardholder until later on.
If you selected Assign credential later on, click Next. If you selected Assign credential now, choose a cardholder from the Cardholder dropdown list, and click Next.
7 Do one of the following:
If you initially chose Manual credential creation, select the credential type, and go to Step 12.
Card: Set the Card format, the Facility code and the Card number.
PIN: Set the Code for the PIN.
If you initially chose Automatic credential creation, present the cards at a reader, and continue with Step 8.
8 In the Enrollment device section, select whether you will present the cards to a USB reader connected to your local workstation, or to a door reader from the drop-down list. 9 If you selected Door as the enrollment device, select an Access point. 10 Present the cards at the reader and you should see the card’s value appear. 11 To enroll the card, select a card and click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
286
Configuring credentials
TIP You can select multiple cards and enroll them at once by holding the CTRL key.
If the card has already been enrolled in the system, instead of seeing the card’s value, you will see a message appear stating that “The last discovered credential was discarded because it already exists.” 12 If any custom fields have been created for credential properties, you are prompted to enter the custom field information. For more information, see "Custom fields" on page 335. 13 Review the Creation summary, and click Create and Close.
Import credentials from a flat file Credentials can be created by importing a text file containing all credential information, using the Import tool. It is often useful in large organizations where many cardholder cards need to be created automatically. The Import tool can be found in the Config Tool’s Tools menu. For more information, see "Import tool" on page 657.
Importing credentials from an Active Directory Cardholder credentials can be created by importing them from Windows Active Directory (AD). If somebody already has a valid Windows user profile on the Windows domain, their cardholder credential can be created automatically. For more information, see "Import security groups from an Active Directory" on page 143.
Enrolling credentials from Security Desk Credentials can also be enrolled using the Credential management task. For more information, see “Credentials” in the Security Desk User Guide.
Using custom card formats Security Center allows you to define custom card formats. Custom card formats allow you to add new formats to Synergis with specific card data fields, in addition to the standard formats supported by default. (Eg. the standard 26-bit Wiegand format).
Benefits of custom card formats Creating custom card formats has the following benefits:
• Ability to manually enroll a new card using a standard workstation keyboard, whereas a •
card with an unknown format can only be enrolled using a card reader. Ability to view the card number in the Config Tool and the Security Desk, whereas data for unknown card formats cannot be displayed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
287
Configuring credentials
• Ability to import cards using custom formats with the Import tool. For more information, •
see "Import tool" on page 657. Ability to enroll cards manually in bulk, without a card reader, using the Credential management task. For more information, see “Credential management” in the Genetec Security Desk User Guide.
Custom card formats are defined in Config Tool under the System entity. For more information, see Access control – General settings – "Custom card formats" on page 635.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
288
Defining badge templates
Defining badge templates Badge templates are Synergis entities used to design customized printing templates for access control cards. You might, for example, want a company logo, a background image, employee photo, or a custom color printed on the access control cards. A badge template can include fields from the configuration database so that the correct name, cardholder photo, and so on, will appear on each card. To create a new badge template: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Badge template view, and click Badge template (
).
A new badge template appears in the Logical view. 3 Type a name to your badge template, and press ENTER. 4 In the Identity tab, type a description for the badge template. 5 In the Relationships section, select the partition where you want the badge template to be placed (if applicable). For more information about partitions, see "Partition" on page 447. 6 Click Apply. 7 Click the Badge designer tab. 8 To select the size of the access control cards you want to print, click Properties (
).
9 In the Format dialog box, select a card size and orientation:
CR70
CR80
CR90
CR100
To create custom card size, click click OK.
, enter the card name, width, and length, and then
Orientation. Select Landscape or Portrait orientation type.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
289
Defining badge templates
10 Click OK.
Once the card size/format has been chosen, you can design the actual printing template. 11 In the Tools section, select a tool, and then click on the template to use it. There are six graphical tools you can use to edit the template:
Select tool. Use to click and select an object on the template.
Rectangle tool. Use to draw a square/rectangle on the template.
Ellipsis tool. Use to draw circles/ovals on the template.
Text tool. Use to insert text on to the template.
Image tool. Use to insert a picture on to the template. You can insert cardholder pictures, a background image for the card, and so on. Barcode tool. Use to insert barcodes on to the template.
12 If you added an image to the template, select the image to edit it using the options in the Image and Color and border sections. In the Image section, choose whether the image displayed on the badge uses a cardholder picture or an image from a file, and whether the image should be stretched or not.
Display the cardholder’s picture. Dynamic cardholder picture that changes, depending on which cardholder credential you are printing. This image field links to the value Cardholder picture in the configuration database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
290
Defining badge templates
TIP If a cardholder’s picture was taken in front of a chroma key screen, you can make the picture background transparent. This is helpful if you are creating a badge template that has an image in the background.
Select a picture from disk. Static image selected from a file.
In the Color and border section, you can use the following tools:
Fill. Use to modify the fill color of an inserted object like a square or oval.
Border. Use to modify the border color of an inserted object.
Opacity. Use to modify the opacity of an inserted object.
Border thickness. Use to modify the thickness of the inserted object’s border
13 If you added text to the template, select the text to edit it using the options in the Text section. You can add dynamic cardholder fields, the date and/or time, or type specific text that will be static on the template. You can also edit the text, the text color, and the text alignment. 14 If you added a barcode to the template, right-click the barcode, and then click Properties to edit it. The data on the barcode can be static, or use dynamic credential properties.
15 In the Size and position section, select where the text, image, or barcode is located on the badge, and its width and height. 16 Click Apply. There are also other buttons available to help you edit the template:
• • • •
Import (
). Import a badge template to use.
Export (
). Save your badge template.
Cut ( Copy (
). Delete the selected item on the badge template. ). Copy the selected item on the badge template.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
291
Defining badge templates
• Paste ( ) . Paste the copied item onto the badge template. • Send to back ( ). Send the selected item to the background of the badge template. This is option is helpful if you want to have a background image on the badge.
• Bring to front (
). Bring the selected item to the foreground of the badge template.
Here is a sample badge template with objects already inserted:
• Two different images have been inserted. One is dynamic, and the other is static:
The dynamic cardholder picture appears on the front of the card.
The static image appears on the back of the card. It is the company logo that is displayed on every card. Three dynamic text fields have been inserted:
•
{Firstname} {lastname} appears on the front of the card. The text printed will be taken from the configuration database and we will see first name, (space), last name. {Firstname} {lastname} appears on the back of the card. This is the same as the name field on the front except with a smaller font size. {Cardholder.Department} Custom field that was created for the cardholder entity.
• A barcode has been inserted, containing dynamic data. It displays the credential name, using the barcode type Code 39.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
292
Defining badge templates
To see a print preview of what the printed cards will look like using this template: 1 In the Access control task, click the Credentials view. 2 Select the credential that you want to preview with a badge template, and then click the Badge template tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
293
Testing your configuration
Testing your configuration One of the more useful tools available to test you configurations, or to use as a troubleshooting tool is the Access troubleshooter. It can be found in the Tools menu of both the Config Tool and Security Desk. The basic access control logic defined by a rule is quite simple: Who can pass through this door, and when? If only one rule and one schedule exists, it is a very simple notion to understand. The challenge is that in a large system, you will start to accumulate multiple schedules (Office hours/ Office closed/Holidays/Weekends/Special events). You might also accumulate multiple areas, and an area can contain multiple sub-areas. Cardholders can belong to multiple cardholder groups. As we accumulate entities and configurations, the basic logic applied at a door can become more difficult to predict. The Access troubleshooter is a tool that allows you to identify a door, a cardholder, and a date/ time. It then runs through the logic determined by the access rule(s), and displays the result. For more information, see "Access troubleshooter" on page 652.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
294
11 Managing Synergis This section explains advanced configuration techniques, and describes how to keep your access control system reliable, protected, and running smoothly. This section includes the following topics:
• • • • • • • • • • • • • • • • •
"Managing global cardholders" on page 296 "Viewing access control health events" on page 308 "Investigating access control unit events" on page 309 "Viewing IO configuration of access control units" on page 310 "Replace access control units" on page 311 "Replacing HID VertX 1000 units with SMC units" on page 312 "Troubleshoot HID discovery and enrollment" on page 314 "Finding out which entities are affected by access rules" on page 317 "Viewing properties of cardholder group members" on page 318 "Viewing credential properties of cardholders" on page 319 "How the Access troubleshooter tool works" on page 320 "Troubleshooting access points" on page 321 "Troubleshooting cardholder access rights" on page 322 "Diagnosing cardholder access rights based on credentials" on page 323 "Finding out who is granted access to doors and elevators" on page 324 "Finding out who is granted/denied access at access points" on page 325 "Troubleshoot door issues" on page 326
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
295
Managing global cardholders
Managing global cardholders This section includes the following topics:
• • • • •
"What is global cardholder management?" on page 296 "How does global cardholder management work?" on page 296 "Rules and restrictions regarding GCM" on page 301 "Configuring global cardholder management" on page 303 "Operating on global entities" on page 305
What is global cardholder management? Global cardholder management (GCM) is used to synchronize cardholders between independent Security Center installations. It allows you to have a central repository of cardholder information for your entire organization, whether this information is managed from a central office or by individual regional offices. With global cardholder management, you can:
• Create global cardholders from a central location (for example your head office) and • • •
synchronize them at remote Security Center systems that operate independently of the central system and of each other. Allow local Security Center administrators to decide what global cardholders can or cannot access at their local facilities. Allow local Security Center administrators make changes to global cardholders and their related entities, and propagate these changes to other sharing parties. Allow local system administrators keep exclusive ownership of their local cardholders and related entities, while sharing global cardholders with other systems.
Practically speaking, an organization that has multiple Security Center systems deployed at different locations can have these independent installations share information with a centralized human resource management system. Each local office continues to manage the employees working at their local office, such as maintaining the employee profile, photo ID, credentials, etc. For employees that need to travel from site to site, that same information can be shared among all sites within the organization.
How does global cardholder management work? This section includes the following topics:
• "Architecture overview" on page 297 • "What is the sharing host?" on page 297 • "What is the sharing guest?" on page 298 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
296
Managing global cardholders
• "What is the Global Cardholder Synchronizer?" on page 298 • "Differences between Federation and GCM" on page 299 • "Differences between Active Directory integration and GCM" on page 300 Architecture overview In order to share cardholders across multiple independent Security Center systems, one of the system must act as the sharing host, while the others act as sharing guests.
What is the sharing host? The sharing host is the Security Center system you choose to initiate the sharing process. You do this by creating a global partition on that system. All cardholders, cardholder groups, credentials, and badge templates which are members of the global partition automatically become available for sharing. Other types of entities can be part of the global partition, but will not be visible to the sharing guests.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
297
Managing global cardholders
The sharing host owns the master copy of the global partition and the entities that are in it. All changes made by the sharing guests to the content of the global partition must first be validated by the sharing host before they are propagated to other sharing parties. The global partition is like a central database, the sharing host is like the database server, while the sharing guests are like the database clients. There is no limit to the number of global partitions a host system can share.
What is the sharing guest? The sharing guest is a Security Center system that participates in the sharing process. This is achieved by creating a Global Cardholder Synchronizer (GCS) role on that system, and using it to connect the sharing guest to the sharing host. As the sharing guest administrator, you can decide which partitions shared by the host are of interest to your system. The GCS role then creates a copy of the selected shared partitions and entities on your local system. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. The shared entities are visually identified with a green icon ( ) superimposed over the regular entity icon. You can assign local access rules and credentials to global cardholders to grant them access to your local areas, doors, and elevators. You can add, modify, and delete entities from the global partition. However, what you can actually do is dependent on the rights of the user representing the GCS role on the sharing host. All changes made to global entities on the guest system must be validated on the host system. All modifications rejected on the host system are also rejected on your local system.
What is the Global Cardholder Synchronizer? The Global Cardholder Synchronizer (GCS) is the role running on the sharing guest (the remote system) that ensures the two-way synchronization of the shared cardholders and their related entities between the sharing guest and the sharing host. The host-to-guest synchronization can be performed in three different ways:
• In real time. The guest system is updated immediately when changes are made on the host system.
• On demand. The guest system is synchronized only when it is requested by a user. • On schedule. The guest system is synchronized on schedule via a scheduled task. For more information, see "Using scheduled tasks" on page 109. The guest-to-host synchronization is always performed immediately by the GCS role because all changes to the shared partitions must be validated by the host system before they can be accepted by the guest system. The host system processes the change requests on a first come first served basis.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
298
Managing global cardholders
Differences between Federation and GCM The following table highlights the differences between Federation and global cardholder management in their attempts to share cardholders and other information. Federation (applied to access control)
Global Cardholder Management (GCM)
Purpose: Central activity/event monitoring
Purpose: Sharing of a central configuration
Allows an organization to monitor from a central location (federation host), the access control events and activities at independent remote locations (federated sites).
Allows an organization to share the common configuration of access control entities, hosted at a central location (sharing host), with independent remote locations (sharing guests).
The federation host uses the Security Center Federation role to connect to the remote sites.
The remote sites use the Global Cardholder Synchronizer role to connect to the sharing host.
Entities created at remote sites are federated at the central system.
Entities created at the central system are shared at the remote sites.
The federation host can observe, but cannot change anything on the remote sites.
The remote site can add, modify, and delete the entities that are shared by the host with all other remote sites (two-way synchronization).
A federated site has no visibility on what is going on at the federation host or other federated sites.
All sharing guests have the same read/write access to all shared (global) entities, while maintaining full ownership of the local entities.
Almost all entities that generate events can be federated (monitored).
Only cardholders, cardholder groups, credentials, and badge templates can be shared.
Custom fields are not federated.
All custom fields and data types are shared.
A federated cardholder can be granted access to the facility managed by the federation host, but not the reverse.
A global cardholder can be granted access to all facilities participating in the sharing.
Best practice: Federation and GCM are best used together on the same system to complement each other. For more information, see "Rules concerning federation and global entities" on page 302.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
299
Managing global cardholders
Differences between Active Directory integration and GCM The following table highlights the differences between Active Directory integration and global cardholder management in their attempts to centralize cardholder information management. Active Directory integration
Global Cardholder Management (GCM)
Purpose: Centralized employee (users and cardholders) security management
Purpose: Centralized employee (cardholders) security management
Allows an organization to manage the employee information from a central location, and share it with a single Security Center system (users and cardholders).
Allows an organization to manage the cardholder information from a central location, and share it with all Security Center systems within the organization.
The corporate directory service is the information source. Security Center gets the employee information from the corporate directory service.
One Security Center system acts as the information source (sharing host), and shares it with all other Security Center systems within the organization (sharing guests).
The Security Center system connects to the information source (directory service) via the Active Directory role.
The sharing guests connect to the information source (sharing host) via the Global Cardholder Synchronizer role.
Custom fields defined on the Active Directory can be linked to Security Center custom fields.
All custom fields and data types are shared.
The shared employee information can only be modified on the Active Directory. Only the cardholder picture can be loaded in Security Center and updated on the Active Directory.
The shared information can be modified by all sharing parties. The sharing host validates and propagates the changes to all sharing parties.
The source information can only be shared with one Security Center system. If multiple Security Center systems need to share the same information, they need to connect individually to the corporate directory service.
The central Security Center system can share the cardholder information with as many satellite Security Center systems as necessary.
Best practice: Active Directory integration and GCM are best used in tandem. The sharing host should be the only system that integrates with the Active Directory. This solution keeps the Active Directory protected on the corporate LAN, while the sharing host only pushes the employee information that need to be shared to the satellite systems.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
300
Managing global cardholders
Rules and restrictions regarding GCM Global cardholder management is governed by the following sets of rules:
• • • • •
"Rules concerning local and global partitions" on page 301 "Rules concerning local and global entities" on page 301 "Rules concerning global custom fields and data types" on page 302 "Rules concerning federation and global entities" on page 302 "Rules concerning Active Directory and global entities" on page 303
Rules concerning local and global partitions
• A sharing guest cannot have more than one host. Only one instance of the GCS role is allowed per system.
• A global partition cannot be modified on a sharing guest, but its members can. What the sharing guest is actually allowed to modify is subject to the privileges of user assigned to the GCS role.
• No system is allowed to share what it does not own. Two-tier sharing is not permitted. A corollary to this rule is that a local partition cannot be converted into a global partition if it contains global entities, unless it is performed on the host system.
• Adding a local entity to a global partition transfers the ownership of that entity from its •
local owner (sharing guest) to the partition owner (sharing host). Deleting a global entity on a sharing guest also deletes it on the sharing host, unless that entity also belongs to another global partition, in which case, only its membership is removed from the first partition.
Rules concerning local and global entities
• An entity is global by virtue of its membership to a global partition. This means that a cardholder does not automatically become global simply because its parent cardholder group is global.
• Local access rules can apply to local and global cardholders alike. Access rules are never shared. This ensures that local administrators always have full control over the security of their local facilities.
• Global cardholders/groups can become members of local cardholder groups. • Local cardholders/groups cannot become members of global cardholder groups. An exception to this rule is when both entities belong to the same system. In this case, the local cardholder would not be shared, although the cardholder group is.
• Both global and local credentials can be assigned to global cardholders. • Global credentials cannot be assigned to local cardholders. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
301
Managing global cardholders
• Global credentials using custom card formats can be used and edited on the sharing guest. However, the credential data would only be visible if the corresponding custom card format (XML file) is also defined on the sharing guest. For more information, see "Custom card format editor" on page 670. Best practice: It is always recommended to apply access rules to cardholder groups rather than individual cardholders. For this reason, it is recommended to share the cardholders along with their parent cardholder groups. If this is not feasible for any reason, then we recommend that you create a local cardholder group for the global cardholders.
Rules concerning global custom fields and data types
• Custom fields and data types defined for global entities are automatically shared when the global entities are shared. Global custom field and data type definitions cannot be modified on the sharing guest.
• • Global and local custom fields remain separate even when they use the same name. They • • • • •
are differentiated by their owner, which is the system that defines them. Global data types cannot be used to define local custom fields. Global entities’ custom field values can be modified on sharing guests. Global custom fields also apply to local entities, but their values stay local. Local custom fields also apply to global entities, but their values stay local. When a guest system stops sharing a global partition, all local copies of the shared global entities, and the local entities’ global custom field values are deleted.
Best practice: If you are to implement GCM within your organization, we recommended that you define all custom fields and data types for global entities on the sharing host.
Rules concerning federation and global entities
• If a sharing host also federates its sharing guest, only the local entities belonging to the •
sharing guest are federated. The entities that are shared will not be federated on the sharing host. The sharing host which also happens to be a federation host should not share the entities it federates by adding them to a global partition because it does not own the federated entities. An entity can only be shared by its rightful owner. For the federated entities to become shared, the federated system has to become a sharing guest of the federation host. This will give the federation host the rights to share any of the federated entities.
• A sharing guest which happens to federate a third system cannot share its federated entities •
with the sharing host because it is not the owner of the federated entities. If a sharing guest is federated by another system, both its local and global entities will appear as federated entities on the federation host. For more information, see "Identification of federated entities" on page 128.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
302
Managing global cardholders
Rules concerning Active Directory and global entities
• Cardholders and cardholder groups imported from an Active Directory can be added to a global partition on the sharing host.
• Cardholders and cardholder groups imported from an Active Directory that is local to the •
sharing guest cannot be added to a global partition because the Active Directory and the sharing host cannot both be owners of the shared cardholders. Global cardholders and cardholder groups imported from an Active Directory must only be modified via the directory service that owns them. CAUTION Although it is possible to modify global cardholders and cardholder groups imported from an Active Directory on the sharing guest, these changes are temporary. You will lose the changes you made when the sharing host synchronizes with the Active Directory.
Best practice: If all cardholder data entry must be centralized, the system that imports cardholders from your corporate Active Directory should act as the sharing host, and all modifications must be made using the directory service. For more information, see "Importing cardholders from an Active Directory" on page 284.
Configuring global cardholder management This section includes the following topics:
• • • •
"Global cardholder management setup prerequisites" on page 303 "Global cardholder management setup procedure" on page 304 "Configure a partition for sharing" on page 304 "Configure the Global Cardholder Synchronizer" on page 304
Global cardholder management setup prerequisites
• Decide which Security Center system is going to be your sharing host. It is typically the system running at your head office or the system that is synchronized with your corporate Active Directory. For more information, see "Differences between Active Directory integration and GCM" on page 300.
• If the sharing host is protected behind a firewall, you need to open a port to allow the GCS •
role to connect to the host system. For more information, see "Common communication ports" on page 777. Decide what types of updates the users on the guest systems are allowed to perform on the shared global partitions. You can limit their range of actions by restricting the privileges of the user representing the GCS roles on the host system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
303
Managing global cardholders
Global cardholder management setup procedure Before you begin: Read "Rules and restrictions regarding GCM" on page 301, and "Global cardholder management setup prerequisites" on page 303. 1 On the sharing host, create a global partition or change the status of a local partition to global. Create as many global partitions as necessary. For more information, see "Configure a partition for sharing" on page 304. 2 Create a user with the proper level of administrative privileges over the shared entities to be used to connect the GCS roles to the host system. You might have to create more than one user accounts if the sharing guests have different update requirements. For more information, see "Defining users" on page 93. 3 On the sharing guest: a Create a GSC role and synchronize the sharing guest with the sharing host. For more information, see "Configure the Global Cardholder Synchronizer" on page 304. b Assign local users and partition managers to shared partitions ( c Apply local access rules to shared cardholders (
).
) and cardholder groups (
).
d (Optional) Custom card formats are not shared. If you have shared credentials that use custom card formats, the credentials will work on your local system, but you will not be able to view the card data fields unless the custom card format in use is also defined on your local system. For more information, see "Custom card format editor" on page 670. e (Optional) Create a scheduled task to synchronize periodically your local system to the host. For more information, see "Using scheduled tasks" on page 109. 4 Repeat Step 3 for every sharing guest you have.
Configure a partition for sharing Entity sharing is initiated on the sharing host by setting a partition as global. Before you begin: You cannot share the Public partition. 1 From the Home page in Config Tool, open the Security task. 2 CLick the Partitions view, and select the partition you want to share. 3 CLick the Properties tab, and switch the Global partition option to ON. The partition is now visible to all GCS roles connected to this system. Only cardholders, cardholder groups, credentials, and badge templates are shared.
Configure the Global Cardholder Synchronizer You must create and configure the Global Cardholder Synchronizer (GCS) role to connect your local system to the sharing host. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and click Add an entity ( gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
) > Global Cardholder Synchronizer. 304
Managing global cardholders
3 In the Specific info page, enter the following parameters, and click Next.
Server. Server where this role will be hosted. Directory. Sharing host’s main server name. If anything else than the default connection port (5500) is used, you must explicitly indicate the port number after the Directory name, separated by a colon. For example: HostServer:5888. Username and Password. Credentials used to connect to the sharing host. The extent of what the sharing guest can do on the global partition will be limited by what this user can see and do on the sharing host. The user must have the Global Cardholder Synchronizer privilege on the sharing host in order to connect.
Synchronize automatically. Select this option to have the GCS to update the guest system immediately, every time a change is made on the host. We recommend to leave this option cleared (default) if you plan to make massive updates on the host.
4 In the Basic information page, enter the name, description, and partition where the GCS role should be created. For more information, see "Common entity attributes" on page 38. 5 Click Next, Create, and Close. A new Global Cardholder Synchronizer ( to connect to the sharing host.
) role is created. Wait a few seconds for the role
6 Click the Properties tab. The partitions shared by the host are listed under Global partitions. For more information, see "Properties" on page 558. 7 Select the partitions you want your local system to share and click Apply. 8 Click Synchronize now (
).
The GCS role will create a local copy of all shared entities on your system. This might take a while depending on how many entities you are sharing. After you are done: Configure the global entities you shared so they can be used on your local system. Also, consider setting the GCS role to synchronize automatically or to synchronize on a schedule. For more information, see "Using scheduled tasks" on page 109.
Operating on global entities A global entity is an entity that is shared across multiple independent Security Center systems by virtue of its membership to a global partition. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. This section includes the following topics:
• "Start sharing an entity" on page 306 • "Stop sharing an entity" on page 306 • "Override the cardholder synchronization" on page 307 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
305
Managing global cardholders
Start sharing an entity You share an entity by adding it to a global partition. This can be done from both the sharing host or the sharing guest. You can also create a new entity directly in a global partition. 1 From the Home page Config Tool, open the Security task. 2 Click the Partitions view, and select the global partition you want to share it from. 3 Click the Properties tab, and under the Members section, click Add (
).
4 In the Search dialog box that appears, pick the entity you want to share, and click Select. On the sharing guest, only cardholders, cardholder groups, credentials, and badge templates can be added to a global partition. 5 In the confirmation dialog box that appears, click Continue. On the sharing host, the effect of this action is immediately visible. On a sharing guest, the newly shared entity will not appear until after a synchronization is performed, unless the GCS role is configured for automatic synchronization.
Stop sharing an entity You stop sharing an entity by removing it from its global partition. This can be done from both the sharing host or the sharing guest. CAUTION Removing a shared entity from a global partition deletes it from all other systems that
might be sharing it, even from the sharing host. 1 From the Home page Config Tool, open the Security task. 2 Click the Partitions view, and select the global partition you want to share it from. 3 Click the Properties tab. 4 In the Members section, select the entity you want to stop sharing, and click Remove (
).
5 To confirm the action, click Remove. If this action is performed on a sharing guest, the entity is converted from a global to local entity. After you are done: Move the local entity to a local partition if it does not belong to any, so non administrative users can have access to it.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
306
Managing global cardholders
Override the cardholder synchronization When the connection between the GCS role and the sharing host is lost, all global entities at the sharing guest become inactive (red). This means that you can no longer make any changes to them because they cannot be validated by the sharing host. If for any reason, you urgently need to deactivate a cardholder, for instance, an employee has just been fired, you can temporarily override the synchronization. 1 From the Home page Config Tool, open the Access control task. 2 Click the Cardholders view, and select the global cardholder you need to deactivate. 3 Click the Properties tab, and switch the Status option to Override. The cardholder icon changes to properties.
. You are now free to change the cardholder’s status
4 Make the necessary changes and click Apply. After you are done: Remember to turn the synchronization back on when the connection with the sharing host is re-established.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
307
Viewing access control health events
Viewing access control health events You can view health events related to access control entities, using the Access control health history report. What you should know This report is similar to the Health history report, but the query only includes access control entities. The access control entities that can produce health events include access control units, doors, areas, and elevators. To search for access control health events: 1 From the Home page, open the Access control health history task. 2 Generate your report (see "Generate a report" on page 30). The access control health events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
308
Investigating access control unit events
Investigating access control unit events You can investigate events related to access control units, using the Access control unit events report. What you should know To view the properties of all the access control units that are part of your system, see "Viewing properties of units in your system" on page 184. To investigate access control unit events: 1 From the Home page, open the Access control unit events task. 2 Generate your report (see "Generate a report" on page 30). The access control unit events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. EXAMPLE If you want to see if any critical events happened relating to access control units in
the last week (for example, Hardware tamper), you can search for that event, and set a time range.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
309
Viewing IO configuration of access control units
Viewing IO configuration of access control units You can view the IO configurations (controlled access points, doors, and elevators) of access control units, using the IO configuration report. What you should know To view the properties of all the access control units that are part of your system, see "Viewing properties of units in your system" on page 184. To view the IO configuration of an access control unit: 1 From the Home page, open the IO configuration task. 2 Generate your report (see "Generate a report" on page 30). The input and output configurations of the selected access control units are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. EXAMPLE You can search a for a specific door, and see how the access through each door side
is configured (REX, readers, IO modules, and so on).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
310
Replace access control units
Replace access control units If an access control unit fails and is offline in Security Center ( ), you can replace the unit with a compatible one. This process copies the configuration settings, associations to doors, elevators, and zones, and event logs from the old unit, so you do not have to configure the new one. Before you begin: The new access control unit must be the same brand and model as the old one, or you will receive the following error message: Units’ extension does not match. 1 Add a new access control unit to the Access Manager controlling the old unit. For information about adding an access control unit, see "Adding access control units to your system" on page 261. 2 Temporarily deactivate the Access Manager. a In the Access control task, select the Access Manager. b In the Contextual commands toolbar, click Deactivate role (
).
c In the confirmation dialog box that opens, click Continue. The Access Manager and all the access control units controlled by the role turn red. 3 Click the Home tab, and then click Tools > Unit replacement tool. 4 In the Unit type option, select Access control units. 5 Select the Old and the New access control units. For more information about searching for entities, see "Search for entities using the Search tool" on page 43. 6 Click Swap. The configuration settings of the old access control unit are copied to the new one. 7 Click the Access control task, and select the new unit. 8 Verify that the configuration settings are all correct. 9 In the Logical view, right-click the old unit, and click Delete (
).
10 In the confirmation dialog box that opens, click Continue. 11 Right-click the Access Manager, and click Activate role (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
).
311
Replacing HID VertX 1000 units with SMC units
Replacing HID VertX 1000 units with SMC units You can replace an HID VertX 1000 access control unit with a Synergis Master Controller (SMC) unit. What you should know This procedure copies the configuration settings and associations to doors and zones from the V1000 to the SMC unit, so you do not have to configure the SMC unit. NOTES
• The access control unit events logged in the Access Manager from the V1000 are not copied. •
The events remain in the database, but you cannot search for them using the SMC unit. The following V1000 inputs and outputs are not cpoied to the SMC unit: V1000 - AC Fail, V1000 - Bat Fail, V1000 - Input 1, V1000 - Input 2, V1000 - Relay 1, and V1000 - Relay 2.
Before you begin Do the following: 1 Backup the Directory database from the Server Admin (see "Back up your role database" on page 57). 2 Physically disconnect the V1000 unit, and make sure it is offline in Security Center (
).
3 Assemble and install the SMC and its hardware components. For information, see the Synergis Master Controller Hardware Installation Guide. IMPORTANT You must set up the SMC with same interface modules that you disconnected from the V1000, or you will not be able to replace the V1000 with that SMC unit in Security Center.
4 Configure the SMC unit, and add it in Security Center. For more information, see the Synergis Master Controller Configuration Guide. To replace a VertX 1000 unit with an SMC unit: 1 From the Home page in Config Tool, click Tools > V1000 - SMC. 2 In the Connection dialog box, type your Security Center Username and Password, and then click Connect. 3 From the Offline V1000 units drop-down list in the Mapping tool, select the offline V1000 unit. 4 From the Available SMC units drop-down list, select the SMC unit to replace the old unit with. NOTE The SMC unit is only available in the list if it is configured with the same number of interface modules as the V1000.
The ports used by the V1000 and SMC unit are listed in the Channel section, and the interface modules connected to those ports are listed below.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
312
Replacing HID VertX 1000 units with SMC units
5 If the interface modules are not pointing to the correct SMC ports, you must manually map the ports in the Channel section as follows: a For the interface modules that were previously connected to port A on the V1000, type the SMC port they are physically connected to (A-D). b Repeat Step a for the interface modules that were previously connected to port B on the V1000. 6 Click Apply. The V1000 configuration settings are copied to the SMC unit. 7 Click Close. 8 Remove the V1000 unit from Security Center as follows: a From the Home page open the Access control task. b Click the Roles and units tab, and then select the offline V1000 unit. c From the bottom of the Config Tool window, click Delete (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
).
313
Troubleshoot HID discovery and enrollment
Troubleshoot HID discovery and enrollment The following section discusses the troubleshooting tips for HID units. This section includes the following topics:
• "Common discovery and enrollment issues" on page 314 • "HID unit cannot be found with the discovery tool" on page 315 • "HID unit enrollment issues" on page 315
Common discovery and enrollment issues Best practice: Use the following best practices to resolve HID unit issues common to discovery and enrollment.
• Are the computers on which the Config Tool and Access Manager are running, behind a • •
firewall? Ports 4050 TCP and 4070 UDP must be unblocked. Has the HID VertX device extension been added to the Access Manager in the Server Admin? For more information, see "Extensions" on page 513. Has the HID extension properly loaded in the Access Manager? To validate: a Open console session to the Access Manager. Open a web browser and go to the URL http://(server name or IP)/Genetec/console NOTE If you cannot connect to the console ensure that console access is enabled in the Server Admin, under the Genetec Server tab.
b Click the Commands tab at the top of the page. c Under the column User Commands on the left, expand Access Manager and click Status. d A status query will be sent to the Access Manager and the response will contain the extensions that are loaded. e Ensure that the following line is shown in the status results: HID VertX:4070 = X units.
• Is the unit set to a static IP address? If so, then the DNS must also be set, otherwise the unit
•
might have issues enrolling or connecting. In the HID Configuration GUI, set the primary and secondary DNS to the appropriate values. If you do not know your network’s DNS, set the unit’s own IP address as the primary and secondary DNS server. To access the HID Configuration GUI, point a browser to the unit’s IP address. Ensure no other application is blocking port 4070, 4050, and 20. Stop the Access Manager, and at the Microsoft Windows command prompt, run netstat -na.
To open Command Prompt:
• Click Start, click Run, type cmd, and then click OK.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
314
Troubleshoot HID discovery and enrollment
HID unit cannot be found with the discovery tool Best practice: Use the following best practices to resolve HID unit discovery issues.
• Is the Host Name in the Advanced Setup of HID VertX web page not set or has more than • • •
15 characters? If so, the unit cannot be discovered. Is the unit on the same network subnet as the PC on which the Config Tool is running? Discovery will only work within the same broadcast domain. Ensure no other application is already listening on ports 4070 and 4050. At the Microsoft Windows command prompt, run netstat -na. To open Command Prompt, click Start, click Run, type cmd, and then click OK. Ensure the firmware of the unit is up to date.
HID unit enrollment issues Symptoms of enrollment issues include:
• • • •
Unit cannot be enrolled. Unit is enrolled but its icon remains red. Unit connects and disconnects continuously. Unit begins enrolling and fails at 67%
Best practice: Use the following best practices to resolve HID unit enrollment issues.
• Can you ping (check connectivity) and telnet (check credential) the unit from the machine running the Access Manager? Proceed as follows: a Ping the unit. At the Microsoft Windows command prompt, run ping w.x.y.z (w, x, y, and z is the IP address of the unit). To open the Command Prompt, click Start, click Run, type ping w.x.y.z, and then click OK. A report is generated. It should show that no packets were lost. b Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z.
•
• • •
Login to the unit. If the login is successful, there is connectivity to the unit. Is the unit on the same network subnet as the PC on which the Access Manager is running? If not, you can enroll this unit manually as long as you know its IP address. (The unit must be set to use a static IP address.) For more information, see "Add an HID unit manually" on page 262. Is the unit firmware up to date? Is the interface board firmware up to date? The required firmware version is shown in the Security Center Release Notes. Verify the network card binding and database configuration for the Access Manager is correctly set. For more information, see "Configuring the Access Manager role" on page 260 and "Access Manager" on page 511. Is the Access Manager behind a NAT? If so you must specify the translated host address for the Access Manager. For more information, see "Add an HID unit manually" on page 262.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
315
Troubleshoot HID discovery and enrollment
• Verify that no other Access Manager is currently connected to the HID unit. i Stop your Access Manager. (Config Tool > Role View > Deactivate) ii Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z (w, x, y, and z is the IP address of the unit). To open the Command Prompt, click Start, click Run, type telnet w.x.y.z, and then click OK. iii Login to the unit. (Default: user=root / password =pass) iv At the prompt, type netstat -na. A list of network connections is shown. There should be no one connected to port 4050.
• Verify that any HID units (and connected interfaces) are wired to not generate tamper or
•
door held open alarms, access granted or access denied events. Tamper and door held open alarms will trigger repeatedly. Upon connection, any such alarms and events have to be downloaded from the unit which can slow-down the enrollment process. Symptoms of this is the unit is difficult to enroll, the unit connects and disconnects, or the unit beeps. The last solution is to upgrade the unit’s firmware. Refer to the Security Center Release notes for a list of supported firmware versions or, contact Genetec Technical Assistance. For more information, see "Technical support" on page 869.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
316
Finding out which entities are affected by access rules
Finding out which entities are affected by access rules You can find out which entities and access points are affected by a given access rule, using the Access rule configuration report. What you should know In the report results, you can see the members of the access rule, such as the cardholders, doors, and the associated schedule. This helps you determine if you must add or remove entities, or adjust the schedule. For more information about modifying the members of an access rule, see "Configuring access rules" on page 281. To find out which entities are affected by an access rule: 1 From the Home page, open the Access rule configuration task. 2 In the Query tab, select the access rule to investigate. For more information, see "Searching for tasks and entities" on page 42. 3 In the Expand cardholder groups option, select Enable to list the members of the affected cardholder groups in the report instead of the cardholder groups themselves. 4 In the Include perimeter entities option, select Enable to include the perimeter entities of the affected areas in the report. 5 Click Generate report. The entities and access points affected by this access rule are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
317
Viewing properties of cardholder group members
Viewing properties of cardholder group members You can find out the members of a cardholder group, and view any associated cardholder properties (first name, last name, picture, status, custom properties, and so on) of the cardholders, using the Cardholder configuration task. What you should know You can search for a specific cardholder group to see which cardholders are members of that group. You also can search for expired or inactive cardholders so see if there are any in your system. To view the properties of cardholder group members: 1 From the Home page, open the Cardholder configuration task. 2 Generate your report (see "Generate a report" on page 30). The cardholders that are members of the selected cardholder groups are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
.
318
Viewing credential properties of cardholders
Viewing credential properties of cardholders You can view credential properties (status, assigned cardholder, card format, credential code, custom properties, and so on) of cardholders, using the Credential configuration report. To view the credential properties of a cardholder: 1 From the Home page, open the Credential configuration task. 2 Generate your report (see "Generate a report" on page 30). The credential properties the selected cardholder are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click
.
EXAMPLE If you requested a credential for a cardholder, and want to see if it was activated, you can search for that cardholder. The Credential status column indicates if the credential is in the Requested or Active state. You can also see if there are any credentials currently listed as lost or stolen.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
319
How the Access troubleshooter tool works
How the Access troubleshooter tool works You can detect and diagnose access configuration problems, using the Access troubleshooter tool. The Access troubleshooter allows you to:
• Find out who has the right to pass through an access point at a given date and time. • Find out which access points a cardholder is allowed to use at a given date and time. • Find out why a given cardholder can, or cannot use an access point at a given date and time. The Access troubleshooter is most accurate when examining an event that just occurred. When using the troubleshooter to investigate a past event (denied access, for example), keep in mind that the configurations might have changed since the event occurred. The troubleshooter does not take past settings into consideration. It only evaluates a situation based on the current settings.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
320
Troubleshooting access points
Troubleshooting access points You can find out who has the right to pass through a door side (or elevator floor) at a given date and time, using the Door troubleshooter tab in the Access troubleshooter tool. What you should know The door troubleshooter does not examine each cardholder’s credentials. You can further diagnose the cardholder’s access rights by clicking the Access diagnosis ( ) tab (see "Diagnosing cardholder access rights based on credentials" on page 323). To troubleshoot an access point: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Door troubleshooter tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. Only access rules are evaluated based on the specified date and time. 4 Select the access point that you want the troubleshooter to examine:
If you select a door, specify a door side.
If you select an elevator, specify a floor.
5 Click Go. The active cardholders who have the rights to use the selected access point at the specified time, based on the current access rules, are listed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
321
Troubleshooting cardholder access rights
Troubleshooting cardholder access rights You can find out which access points a cardholder is allowed to use at a given date and time, using the Cardholder troubleshooter tab in the Access troubleshooter tool. What you should know The cardholder troubleshooter does not examine each cardholder’s credentials. You can further diagnose the cardholder’s access rights by clicking the Access diagnosis ( ) tab (see "Diagnosing cardholder access rights based on credentials" on page 323). To troubleshoot a cardholder’s access rights: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Cardholder troubleshooter tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. Only access rules are evaluated based on the specified date and time. 4 Select the cardholder that you want the troubleshooter to examine. Instead of a cardholder, you can also select a credential or a visitor. NOTE The entities that are currently inactive are greyed out.
5 Click Go. The access points that the selected cardholder (or visitor) has the right to use at the specified time, based on the current access rules, are listed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
322
Diagnosing cardholder access rights based on credentials
Diagnosing cardholder access rights based on credentials You can diagnose why a cardholder with a given credential can, or cannot access a given door or elevator, at a given date and time, using the Access diagnosis tab in the Access troubleshooter tool. To diagnose a cardholder’s access rights based on their credential: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Access diagnosis tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. 4 Select the cardholder you want to examine. Instead of a cardholder, you can also select a credential or a visitor. 5 If the selected cardholder has more than one credential, specify the one you want to examine. 6 Select an access point to examine.
If you select a door, specify a door side.
If you select an elevator, specify a floor.
7 Click Go. The troubleshooter produces a diagnosis based on the current system configuration, taking into consideration the access rules, and both the cardholder’s and the credential’s activation and expiration dates.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
323
Finding out who is granted access to doors and elevators
Finding out who is granted access to doors and elevators You can verify which cardholders are granted access to a particular door side or elevator floor at a specific date and time, using the Door troubleshooter report. What you should know This report is helpful, because it allows you to see what the configuration of a door or elevator is, and determine if their properties must be adjusted. For more information about troubleshooting your access control configurations, see "Troubleshooting access points" on page 321. For more information about modifying the properties of a door or elevator, see "Configuring doors" on page 268 and "Configuring elevators" on page 274. To find out who is granted access to a door or elevator: 1 From the Home page, open the Door troubleshooter task. 2 In the Query tab, select a date and time range for the report. 3 Select a door or elevator you want to investigate. For more information, see "Searching for tasks and entities" on page 42. 4 From the Access point drop-down list, select the access point (door side or elevator floor) you want to verify. 5 Click Generate report. All cardholders who can go through the selected access point at the specified time are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
324
Finding out who is granted/denied access at access points
Finding out who is granted/denied access at access points You can find out which cardholders are currently granted or denied access to selected areas, doors, and elevators, using the Cardholder access rights report. What you should know This report is helpful, because it allows you to see where a cardholder can go, and when, and determine if their access rule properties must be adjusted. For information about modifying a cardholder’s access rights, see “Assigning access rules to cardholders” in the Security Desk User Guide. TIP Perform your query on one access point at a time, so your report is more specific.
To find out who is granted/denied access at an access point: 1 From the Home page, open the Cardholder access rights task. 2 Generate your report (see "Generate a report" on page 30). The cardholders associated with the selected access point through an access rule are listed in the report pane. The results indicate if the cardholder is granted or denied access, and by which access rule. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
.
325
Troubleshoot door issues
Troubleshoot door issues The following section discusses the troubleshooting tips for doors. This section includes the following topics:
• "Request to exit events" on page 326 • "Credential issues" on page 326 • "Resolution of reader issues" on page 327
Request to exit events Issue: The logs for a door shows far too many request to exit events for the actual amount of door activity. Description: Sometimes a request to exit event is triggered when people are entering an area. This door is equipped with an automatic request to exit device (based on a motion detection sensor). Solution: Depending on the quality of the automatic request to exit device and how it is installed, the device will trigger on any activity near the door. The Security Center has filters in the Door, Properties tab that you can configure to reduce the number of false request to exit events.
For more information, see "Properties" on page 405.
Credential issues Issue: A credential does not work at a door or elevator, and the reason is unclear. Description: For a credential to be granted access at a given door side or to an elevator floor, a number of conditions have to be met. For example:
• The credential’s profile must be enabled • The credential must be associated to a cardholder • The cardholder’s profile must be enabled
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
326
Troubleshoot door issues
• There must be at least one access rule that specifically grants access for that cardholder or the cardholder’s cardholder group. If these settings are not correct, access will be denied. Solution: The easiest way to determine what is the reason for denied access is to use the Access troubleshooter. For more information, see "Access troubleshooter" on page 652.
Resolution of reader issues Best practice: Use the following best practices to resolve reader issues.
• Ensure you are using the right type of card technology for the reader. For example, some readers are multi-technology (can read 125 kHz and 13.56 MHz cards), other readers can read only one card type. Is the card defective? Try another card.
• • Is the reader installed too close to another one? Readers emit an electromagnetic field that •
can interfere with other readers located nearby. Test this by disconnecting the power to one reader and see if the other reader starts to operate correctly. Are you using the proper cable for the reader (see the reader and unit documentation for the maximum cable length and type)? Test this by connecting a spare reader directly to the unit with a short cable. If it works, change the cable.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
327
Part V AutoVu IP license plate recognition Learn how to set up, configure, and manage your AutoVu system in Security Center. This part includes the following chapters: •
Chapter 12, “Deploying AutoVu” on page 329
12 Deploying AutoVu AutoVu deployment is explained in a separate document, the AutoVu Handbook. Click the link below to open the most recent version of the AutoVu Handbook: http://downloads.genetec.com/SecurityCenter/5.2/SLA/AutoVu/EN.AutoVu Handbook 5.2 LA.pdf
Why have a separate document for AutoVu? Although you configure many AutoVu settings from Security Center Config Tool, to fully deploy an AutoVu system, you’ll need to configure settings in multiple applications. For example, if you’re deploying a mobile AutoVu system, you’ll need to configure settings in Security Center Config Tool, Patroller Config Tool, and the Sharp Portal. AutoVu deployment also includes a hardware installation process. For example, to install a SharpX camera on a vehicle, you might be required to drill into the vehicle’s roof, remove the vehicle’s headliner, and so on. The purpose of the AutoVu Handbook is to provide you with a complete source of information about how to install and configure an AutoVu system. It explains everything from installing the hardware, to installing the Patroller application, to configuring the Sharp unit software. You’ll still need to refer to the Security Center Administrator Guide from time to time, because the AutoVu Handbook does not explain how to administer your Security Center system. For example, for information on how to manage partitions, databases, users and user groups, and so on, you’ll need to refer to the Security Center Administrator Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
329
Part VI Config Tool reference Learn about the entities, role types, tools, and utilities used in Config Tool. This part includes the following chapters: •
Chapter 13, “Entity types” on page 331
•
Chapter 14, “Role types” on page 510
•
Chapter 15, “Administration tasks” on page 611
•
Chapter 16, “Tools and utilities” on page 650
•
Chapter 17, “User privileges” on page 694
•
Chapter 18, “Reporting task reference” on page 711
•
Chapter 19, “Events and actions in Security Center” on page 744
•
Chapter 19, “Keyboard shortcuts in Config Tool” on page 764
13 Entity types This section lists all Security Center entity types in alphabetical order. Each entity type is covered with a general description of its purpose and usage. The sub-sections describe each entity type’s configuration tabs and the settings they contain. This section includes the following topics:
• • • • • • • • • • • • • • • • • • • •
"Common configuration tabs" on page 332 "Access control unit" on page 337 "Access rule" on page 349 "Alarm" on page 351 "Analog monitor" on page 357 "Area" on page 360 "Badge template" on page 365 "Camera (video encoder)" on page 368 "Camera sequence" on page 393 "Cardholder" on page 395 "Cardholder group" on page 398 "Cash register" on page 400 "Credential" on page 401 "Door" on page 404 "Elevator" on page 410 "Hotlist" on page 414 "Intrusion detection area" on page 421 "Intrusion detection unit" on page 423 "LPR unit" on page 426 "Macro" on page 429
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
• • • • • • • • • • • • • • • • • • • •
"Monitor group" on page 432 "Network" on page 434 "Output behavior" on page 437 "Overtime rule" on page 439 "Parking facility" on page 444 "Partition" on page 447 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457 "Public task" on page 461 "Role" on page 462 "Schedule" on page 463 "Scheduled task" on page 469 "Server" on page 471 "Tile plugin" on page 480 "User" on page 482 "User group" on page 489 "Video unit" on page 494 "Zone (hardware)" on page 502 "Zone (virtual)" on page 506
331
Common configuration tabs
Common configuration tabs Some of the configuration tabs are commonly used by the majority of Security Center entities. The following tabs are covered in this section: Identity
Name, description, logical ID, and relationships of the selected entity with other entities in the system.
Cameras
Cameras associated to the selected entity.
Custom fields
Custom fields for the selected entity.
Location
Time zone and geographical location for the selected entity.
Identity The Identity tab provides descriptive information on the entity and lets you jump to the configuration page of related entities. The sample screen shot below is that of a camera entity.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
332
Common configuration tabs
Standard information All entity types share the following standard attributes:
• Type. Entity type. • Name. Entity’s given name. The entity name is editable, except in the following cases:
Server entities. The entity name corresponds to the machine name and cannot be changed.
Federated entities. The entity name belongs to the original system and cannot be changed on the federation. Description. Optional descriptive text.
• • Logical ID. Logical IDs are unique numbers assigned to entities for ease of reference in the system (mainly for CCTV keyboard operations).
NOTE A logical ID must be unique across all entities of the same group. Entity types that are likely to be referenced within the same context are put in the same group. For example, cameras and public tasks belong to the same functional group, therefore, a camera and a public task may not have the same logical ID, but a camera and a camera sequence may. TIP You can view and edit the logical IDs of all entities in the system from one place. For more information, see System – General settings – "Logical ID" on page 625 in the Security Center Administrator Guide.
• Relationships. List of relationships between this entity and other entities on the system. You can use the command buttons found at the bottom of the relationship list to manage the relationships of this entity with other entities in the system.
Select a relationship group, and click
to add a new relationship.
Select a related entity, and click
to remove the relationship.
Select a related entity, and click
to jump to its configuration page.
Specific information Certain entity types may show additional information in this tab. For example, see Video unit – "Identity" on page 495.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
333
Common configuration tabs
Cameras The Cameras tab allows you to associate cameras to the entity so that when it is viewed in Security Desk, the cameras are displayed instead of the entity icon. The sample screen shot below is that of a virtual zone entity.
From this tab you can perform the following actions:
• To add a camera, click . • To remove the selected camera, click
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
.
334
Common configuration tabs
Custom fields The Custom fields tab lets you view and modify the custom fields defined for this entity. The sample screen shot below is that of a cardholder entity.
In the above example, five custom fields have been defined for the cardholder entity, separated in two groups:
• Employee information
Hire date
Department
Office extension
• Personal information
Gender
Home number
Cellphone number (flagged as mandatory)
For information on defining custom fields, see System– General settings – "Custom fields" on page 619.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
335
Common configuration tabs
Location The Location tab provides information regarding the time zone and the geographical location of the entity. The sample screen shot below is that of a video unit entity.
Time zone The time zone is used to display the entity events in the entity’s local time zone. In Security Center, all times are stored in UTC in the databases, but are displayed according to the local time zone of the entities. The local time of the entity is displayed below the time zone selection.
Location The geographical location (latitude, longitude) of the entity has several different uses:
• For video units, it is used for the automatic calculation of the time the sun rises and sets on
•
a given date. A typical application is for the system to record video only during daytime (for cameras placed outside), or to adjust the brightness of the camera based on daytime and nighttime. For more information, see "Schedule" on page 463. For fixed LPR units that are not equipped with a GPS receiver, the geographical location is used to plot the LPR events (reads and hits) associated to the LPR unit on the map in Security Desk. For more information, see Hits and Reads investigation tasks in the Genetec Security Desk User Guide.
For more information, see "Using geographical locations" on page 40.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
336
Access control unit
Access control unit The access control unit entity represents an access control device, such as Synergis Master Controller (SMC) or an HID VertX controller, that communicates directly with the Access Manager over an IP network. Access control units usually control other slave units (or interface modules) such as the HID VertX V100 and V200, and the Mercury MR50 and MR52, which are connected to door sensors and readers. For SMC, the interface modules can come from various manufacturers. For more information, see the documentation on Synergis Master Controller that is available from the GTAP Documents page. System: Synergis IP access control Task: Access control – Roles and units Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties (SMC) Connection settings and other parameters that cannot be configured using the SMC portal. Properties (HID)
Specific information about the HID unit and configuration of its subpanels.
Portal (SMC)
Connection to the web configuration interface (Controller Portal) of the SMC unit.
Network (HID)
Connection parameters used by the Access Manager to communicate with the HID unit.
Peripherals
Configuration of the IO pins according to the features supported by the hardware. Applies to both SMC and HID units.
Health
Unit’s health status. Applies to both SMC and HID units.
Synchronization
Synchronization mode and command button allowing you to synchronize this unit with its Access Manager. Applies to both SMC and HID units.
Custom fields
Custom field values for this unit.
Location
Time zone and geographical location of this unit.
Related topics:
• • • •
"Access Manager" on page 511 "Door" on page 404 "Elevator" on page 410 "Zone (hardware)" on page 502
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
337
Access control unit
Properties (SMC) The SMC unit’s Properties tab allows you to update the connection parameters after the unit has been discovered, such as the logon credentials.
Connection settings The connection settings are correctly initialized at the time the SMC unit is enrolled in your system. Do not change these settings unless you changed them on the SMC using Controller Portal after the unit has been enrolled, or a Genetec representative instructs you to do so.
• Web address. Web address for contacting Controller Portal. • Username/Password. Logon username and password. • Using DHCP. Do not change this parameter unless asked by a Genetec Technical Support representative. This parameter is reset every time the Access Manager reconnects to the SMC unit.
• Ignore web proxy. Select this option to instruct the Access Manager to ignore the Proxy Server settings on the server currently hosting the role. Clear this option to instruct the Access Manager to follow the Proxy Server settings. (Default=cleared). NOTE For an HID unit, the equivalent settings are found in the Network tab (see "Network
(HID)" on page 344).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
338
Access control unit
Discovered properties Current settings returned by the SMC units. Click Upgrade to upgrade the SMC firmware. It is equivalent to the Firmware upgrade function found in the SMC Portal. See "Check and upgrade the SMC firmware" in the Synergis Master Controller Configuration Guide.
General settings The following settings cannot be set through the SMC Portal. The settings here are pushed from Security Center to SMC during unit synchronization.
• Mixed mode. Clear this option to set the SMC to operate in online mode (Default=mixed mode). NOTE If the connection to Access Manager is lost while in online mode, SMC will revert back to mixed mode.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
339
Access control unit
Properties (HID) The Properties tab for HID shows specific information about the HID unit and allows you to configure its inputs, outputs, and subpanels (V100, V200, V300 if connected).
Unit information This section shows the firmware version, model name, and serial number of the unit.
General settings
• Mixed mode. HID units always operate in mixed mode. • Monitor AC Fail. The AC fail input is being used to monitor AC failures or some other general purpose.
• Monitor battery fail. The Battery fail input is being used to monitor the backup battery or some other general purpose.
Additional settings In this section, you configure the unit’s inputs and outputs according to how they are used.
• Program version. The interface firmware revision number. • EEPROM version. The interface EEPROM revision number. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
340
Access control unit
• Door behavior. This must be set to match the door’s configuration:
Set Card-in / Card-out if the door has two readers; Wire the door lock to the Strike Relay (Out 1) output and wire all door hardware to the Reader 1 side of the unit. The Strike Relay (Out 3) is available for any other use (for example, for a zone). Set Card-in / REX-out if the door has one reader on one side, and a REX on the other side. In this case, the unit can control two such doors:
Wire the first door with Reader 1 side of the unit and use Strike Relay (Out 1) to control the door lock. Wire the second door with Reader 2 side of the unit and use Strike Relay (Out 3) to control the door lock.
With an Edge device unit, this option is unavailable (it is Card-in / REX-out). NOTE This configuration must correspond to the hardware assignments you make for the
door configuration. For more information, see "Hardware" on page 408.
• Debounce. The amount of time an input can be in a changed state (for example, from active to inactive) before the state change is reported. Electrical switches often cause temporarily unstable signals when changing states, possibly confusing the logical circuitry. Debouncing is used to filter out unstable signals by ignoring all state changes that are shorter than a certain period of time (in milliseconds).
• Contact type / Supervision mode. Sets the normal state of the input contact and its supervision mode. There are four preset configurations, and a custom one:
Preset: Normally closed / Not supervised.
Preset: Normally open / Not supervised.
Preset: Normally closed / 4-state supervised.
Preset: Normally open / 4-state supervised.
Custom. Allows you to set your custom range of values for Active and Normal input states.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
341
Access control unit
• Minimum time (Action). Applies when the relay is being used as part of a zone (either hardware or virtual). It establishes the minimum number of seconds the relay stays close when triggered by an event (for example Request to exit).
• Minimum time (Access grant). Applies when the relay is actually being used to control a locking device. The normal configuration is to open the lock when access is granted and to close the lock immediately after the door opens (Minimum time = 0). There are certain situations where the normal configuration would cause the door to be locked too soon (absence of a door sensor, or double doors). In those situations, a Minimum time must be set on the strike relay to keep the door unlocked after the system detects that the door has been opened (typically for the same duration as the Access grant time set on the door).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
342
Access control unit
Portal (SMC) The SMC unit’s Portal tab allows you to connect to the SMC’s web-based interface (Controller Portal) for its configuration and maintenance.
Controller Portal allows you to perform the following tasks:
• • • • • • • • • • •
Change the security password required to log on to the SMC unit. Configure the network settings on the SMC unit so it works on your system. Configure SMC to accept connections from specific Access Manager servers. Configure the properties of the interface modules attached to the SMC unit. Configure the access control behavior for SMC, in both online and offline modes. View the activity logs stored on the SMC unit. Test and diagnose the interface module connections to the SMC unit. View and export the SMC status and configuration. Upgrade the SMC firmware. Restart the SMC hardware or software. Update security clearance levels assigned to Security Center areas manually on the SMC unit when the connection to the Access Manager is lost.
For more information on what you can do through the Controller Portal, see the Synergis Master Controller Configuration Guide. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
343
Access control unit
Network (HID) The HID unit’s Network tab allows you to configure the connection parameters for the Access Manager to communicate with the unit. These settings are correctly initialized at the time the HID unit is added to your system. Do not change these settings unless you changed them on the unit using the HID Discovery GUI after the unit has been enrolled, or a Genetec representative instructs you to do so.
Connection parameters
• Username/password. Username and password used to log on to the HID unit. • Use translated host address. Must be selected when there is a NAT router between the unit and it’s Access Manager. The NAT router’s IP address that is visible from the unit would be set here.
• Obtain network settings dynamically (DHCP). Select this option if the HID unit will be assigned it’s IP configuration by a DHCP server.
• Use these static settings. Select this option and configure the IP address, Gateway and Subnet mask manually if the access control unit will use a fixed IP address (recommended). NOTE The equivalent settings for an SMC unit are configured through the SMC portal (see
"Portal (SMC)" on page 343).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
344
Access control unit
Peripherals The Peripherals tab allows you to give meaningful names to IO devices controlled by the unit so they are easier to identify. Additionally, you can assign a logical ID for each IO device.
Rename a device To edit a unit’s logical name, select a device’s logical name (eg. V200 [02] Relay 1) and type over its existing name to something more meaningful (eg. V200 [02] - Door Bell). The (abc) button and (id) button at the bottom of the page can also be used to apply a logical name or logical ID number to one of the device peripherals.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
345
Access control unit
Health The Health tab displays the memory usage on the unit.
Usage You can monitor a unit’s health and status:
• Number of credentials. Indicates the number of credentials stored on the unit versus the total number of credentials the unit can store, based on the available memory and the average number of bytes per credential.
• Main memory. Available memory on the unit. This information is only available to HID VertX units. For SMC units, a different set of information is available through the System status page in Controller Portal (see “Viewing and exporting system information” in the Synergis Master Controller Configuration Guide).
• Secondary memory. Available secondary memory on the unit. This information is only available to HID VertX units.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
346
Access control unit
Synchronization The Synchronization tab allows you to configure the type of synchronization you want between the unit and its Access Manager.
A unit must be synchronized with the Access Manager database to allow it to work in offline or mixed mode. For synchronization, the Access Manager knows a unit’s capacity, and fills it with as much information as possible so that the unit is optimized to run when it is offline, or in mixed mode. Synchronization management handles credential and IO linking rules. This can be set according to your needs. See "About unit synchronization modes" on page 348. This tab shows you the following information about this process:
• Last update. Indicates the day and time of the last successful synchronization with the unit. • Expiration date. Indicates the day and time when the unit will no longer be capable of fully functioning in offline or mixed mode. This is due to the limited scheduling capability of the access control unit. You will need to synchronize before the expiration date to ensure that the unit will work in offline or mixed mode. The scheduling limit varies depending on the unit type:
HID VertX units expire after one year. Past the expiration date, the unit stops working. SMC units never expire because they fully support the scheduling schemes used in Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
347
Access control unit
IMPORTANT Any synchronization errors are displayed in yellow. Pay attention to these errors to avoid any disruption in the operation. For example, HID VertX units are limited to 65,000 credentials. Exceeding this limit causes the synchronization to fail and the unit to be reset.
About unit synchronization modes Security Center supports the following unit synchronization modes for credentials:
• Automatically. This is the recommended setting. Any configuration change is sent to the access control unit 15 seconds after the change is saved by the Config Tool, Web Client or Security Desk. Only configurations that affect that particular unit are sent.
• On schedule. The unit is synchronized according to a schedule. For continued offline or mixed mode operation, make sure the scheduled synchronization time never falls after the date and time shown for Expiration date. If in doubt, set the synchronization mode to Automatically.
• Manual only. The unit is only synchronized when you click the Synchronize now button. Make sure you synchronize the unit before the date and time shown for Expiration date.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
348
Access rule
Access rule The access rule entity defines the access control logic which grants or denies passage to a cardholder through an access point, based on a schedule.
System: Synergis IP access control Task: Access control – Access rules Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Type of rule and to who and when this rule applies.
Custom fields
Custom field values for this rule.
Related topics:
• Area – "Access rules" on page 364 • "Access Manager" on page 511
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
349
Access rule
Properties The Properties page of an access rule links the 3 W’s: The “Who”, “When” and “What”. For example, “All Employees”, “Office Hours”, and “Access Granted”.
• Schedule. Choose when this access rule is active. • When the schedule is active . Select whether to grant or deny access from cardholders. • Cardholders affected by this rule. Select the cardholders affected by this rule. NOTE An access rule is not operational until it is associated to a door, elevator, or area.
Related topics:
• For information about creating access rules for areas, see "Access rules" on page 364. • For information about creating access rules for doors, see "Access rules" on page 409.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
350
Alarm
Alarm The alarm entity describes a particular trouble situation that requires immediate attention, and how it should be handled in Security Center. Namely, its priority, what entities (usually cameras and doors) best describe it, who should be notified, how it should be displayed to the user, and so on. System: General Task: Alarms – Alarms Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Essential alarm priorities: priority, recipients, broadcast mode, and attached entities.
Advanced
Optional alarm properties: reactivation threshold, alarm procedure, schedule, automatic acknowledgement, and video display and recording options.
Custom fields
Custom field values for this alarm.
Related topics:
• "Managing alarms" on page 111 • "Testing alarms" on page 112
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
351
Alarm
Properties The Properties tab allows you to define the essential alarm properties.
Priority In Security Desk, alarms are displayed in the Alarm monitoring task by order of priority (this is evaluated every time a new alarm is received). The highest priority alarm is displayed in tile #1, followed by the second highest in tile #2, and so on. When two alarms have the same priority value, priority is given to the newest one. When a new alarm is received in Security Desk with a priority level identical or higher than the current alarms displayed, it pushes the other alarms down the tile list. When an alarm is acknowledged in Security Desk, it frees a tile for lower priority alarms to move up.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
352
Alarm
Recipients An alarm recipient is either a user, user group, or analog monitor group. They receive the alarms in Security Desk. IMPORTANT Make sure all the alarm recipients have the privilege to acknowledge alarms.
Broadcast mode There are two ways alarm recipients can be notified:
• All at once. (Default) All recipients are notified at the same time, immediately after the alarm is triggered.
• Sequential. The recipients are notified individually, each after a specified delay (in seconds) calculated from the time the alarm is triggered. If the recipient is a user group, all members of the user group are notified at the same time.
Attached entities The attached entities are what visually describe the alarm situation. The alarm entity has the characteristics of a composite entity. When displayed in Security Desk, you can cycle through all displayable entities (cameras, tile plugins, and so on) within the display tile, or unpack the alarm to display them all at once. For more information, see “Unpack/pack tile content” in the Security Desk User Guide. When a composite entity is attached to an alarm, the entities that compose it are also attached to the alarm. For example, if a door entity is attached to the alarm, the cameras associated to the door are also attached to the alarm.
Entity cycling Entity cycling is a Security Desk feature that automatically rotates the display of a composite entity through its components within a display tile, displaying each entity for an equal amount of time. For more information, see “Entity cycling” in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
353
Alarm
When entity cycling is turned on in Security Desk, the order of the attached entities in the list is the order they will be displayed in Security Desk. NOTE When the alarm is triggered by an event, the entity that caused the event is also attached to the alarm. That entity will be displayed first when the alarm is displayed.
Advanced The Advanced settings tab allows you to configure the optional alarm properties.
Reactivation threshold The minimum time Security Center needs to wait after triggering this alarm once, before it can trigger it again. This option serves to prevent the system from repeatedly triggering the same alarm while it is awaiting to be resolved.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
354
Alarm
Alarm procedure (URL) Use this option to set the URL or the Web page address corresponding to the alarm procedure. This feature is used to provide alarm handling instructions to the operators. The Web page is displayed when the user clicks Show alarm procedure ( ) in the alarm widget in Security Desk.
NOTE The alarm procedure is also displayed as part of the entities attached to the alarm in Security Desk when entity cycling is turned on.
Schedule The schedule defines when this alarm is in operation. This means that outside the periods defined by this schedule, triggering this alarm would have no effect.
Automatic acknowledgment Turn this option on (default=off) to let the system automatically acknowledge this alarm if no one acknowledges it before the specified time (in seconds). This option is recommended for lowpriority alarms that serve to alert the security operator, but do not require any action.
Create an incident on acknowledgement Turn this option on (default=off) to prompt the Security Desk user to report an incident every time they acknowledge an alarm. NOTE Turning this option on turns the automatic acknowledgement off.
Video display option If cameras are attached to an alarm, you can choose to display live video (default) or playback video when the alarm is triggered. If you choose to display playback video, you must specify the playback pre-trigger time, which is the number of seconds to go back in time before starting the playback, from the time the alarm is triggered.
NOTE Make sure that the recording buffer is equal to, or longer than the pre-trigger time you need for your alarm display. For more information, see "Time to record before an event" on page 523. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
355
Alarm
Automatic video recording When cameras are attached to the alarm, the Archiver automatically records the video for a minimum duration specified in seconds. The recording buffer configured for each camera ensures that whatever happened a few seconds before the alarm was triggered will also be recorded (see "Time to record before an event" on page 523). The recording buffer plus the alarm recording duration is called the guaranteed recording span. This behavior ensures that video recordings will be available for future alarm investigations whenever cameras are attached to this alarm. Turn this option off (default=on) if recording video for the alarm is not necessary. NOTE If the alarm is triggered from a camera event (for example Object removed), the camera that caused the event is automatically attached to the alarm, and therefore, will also be recorded if this option is turned on. IMPORTANT All recordings are ultimately subject to the archiving schedules in place. If recording is disabled at the time the alarm is triggered, no video is recorded. For more information, see "Recording modes" on page 522.
Protect recorded video Turn this option on (default=off) to protect the video recordings associated to this alarm (see "Automatic video recording" on page 356) for the specified number of days. For more information on video protection, see "Protecting video archive against routine cleanup" on page 229. Related topics:
• "Testing alarms" on page 112
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
356
Analog monitor
Analog monitor The analog monitor entity represents a physical monitor that displays video from an analog source, such as a video decoder or an analog camera. A video decoder is a device that converts a digital video stream into analog signals (NTSC or PAL) for display on an analog monitor. The video decoder is one of the many devices found on a video decoding unit. A video decoding unit can have multiple video decoders, each connected to an analog monitor. Each video decoder found on a video decoding unit is represented by an analog monitor entity in Security Center. System: Omnicast IP video surveillance Task: Video - Analog monitor Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
General behavior of the analog monitor.
Related topics:
• "Monitor group" on page 432 • "Video unit" on page 494
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
357
Analog monitor
Properties The Properties tab lets you configure the video stream usage (or function) and specific network settings for the analog monitor.
Video The video section contains various settings that affect the quality the video.
• Stream usage. Select the video stream to use for cameras displayed in the analog monitor. This option is only available for decoders capable of generating multiple video streams. The stream usage options are the following:
Live. Default stream used for viewing live video in Security Desk.
Recording. Stream recorded by the Archiver for future investigation.
Remote. Stream used for viewing video when the bandwidth is limited.
Low resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. See "Automatic stream selection" on page 211.
High resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large. See "Automatic stream selection" on page 211. Analog format. Select NTSC (National Television System Committee) or PAL (Phase Alternating Line) analog format for the video signal. PAL format generally streams video at a lower frame rate, but at a higher resolution.
•
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
358
Analog monitor
• Display camera name. Turn this option ON if you want the camera name to be shown when it is displayed in the analog monitor in a tile.
Network settings The Network settings section allows you to configure the desired connection type used by the video decoder.
• UDP port. Port number used when the connection type is unicast UDP. If the encoder supports multiple video streams, this parameter is different for each stream.
• Connection type. Defines how communication is established between the Archiver and the unit for sending or receiving video streams. Each device on the same unit could support different connection types.
Best available. Lets the Archiver select the best available connection type for the stream. The best available types rank in this order, according to availability: Multicast, UDP, and TCP. When the stream is requested for recording only, multicast is removed from the list, so the best available types start with UDP. Multicast. Communication between a single sender and multiple receivers on a network. This is the preferred connection type. In this mode, multiple users in multiple locations can receive the same video transmission simultaneously from a same source, using the bandwidth only once. Most video units are capable of multicast transmissions. UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted using the RTP protocol. TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the broad sense. For some types of cameras, the Archiver establishes a TCP connection to the unit and receives the stream in a proprietary protocol. For others, the stream is sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by the unit. The Archiver has to convert the stream to the RTP protocol to be archived or retransmitted to the system.
Hardware The Hardware section allows you to associate other hardware devices (PTZ motor, Speaker, Microphone, and so on) to this analog monitor. When the decoder is added to the system, all hardware devices belonging to the same unit are configured by default. You can manually associate the analog monitor to other devices, according to how they are physically connected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
359
Area
Area The area entity, in its most generic use, represents a concept or a physical location (room, floor, building, site, and so on) used for the logical grouping of entities in the system. When Synergis is enabled in your license, an area entity can also be used to configure a secured area with access rules and access control behavior. System: General, Synergis (if secured areas are to be created) Task: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Antipassback and interlock properties for this area (Synergis only).
Members
Child entities of this area.
Access rules
Access rules applied to this area (Synergis only).
Custom fields
Custom field values for this area.
Related topics:
• • • •
"Managing threat levels" on page 117 "Managing the Logical view" on page 85 "Configuring secured areas" on page 278 "Configuring access rules" on page 281
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
360
Area
Properties The Properties tab allows you define the optional area properties. Some these properties might not be visible depending on your license option settings.
Antipassback properties Antipassback is the access restriction placed on a secured area that prevents the same cardholder from entering an area they have not yet exited, and vice-versa.
• Status. Set the antipassback feature to ON or OFF. • Type. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
361
Area
Soft. Soft antipassback only logs the passback events in the database. It does not restrict the door from being unlocked due to a passback event.
Hard. Hard antipassback logs an entry in the database and prevents the door from being unlocked due to a passback event. Timeout. Set how many minutes until the passback event is automatically “forgiven”.
• • Strict. When turned ON, antipassback logic is applied in both directions on the area.
Cardholders that never left an area cannot enter, and cardholders that never entered cannot leave. Otherwise, the default is OFF and antipassback logic is only applied in one direction. Cardholders who never left an area cannot enter. When a hard antipassback event is triggered, it must be “forgiven” for the cardholder to unlock the door. It might be forgiven automatically due to a timeout value having been configured. Otherwise, the passback event can be forgiven by an authorized user with the Security Desk Monitoring task. For more information, see “Monitoring access events – About antipassback” in the Security Desk User Guide. CAUTION HID units support antipassback or interlock, but not both simultaneously.
Interlock properties Security Center supports the interlocking of the perimeter doors for an area by allowing only one perimeter door to be open at one time. It is important that the door sensors detect when a door can be opened.
• Status. Set the interlock properties feature to ON or OFF. When it’s status is set to ON, only one member door of the area can be open at any given time. To open a door, all others must be closed.
• Priority. An interlock override or lockdown button can be associated to this interlock. • Override / Lockdown. Select an input to be used as a trigger for override or lockdown mode. CAUTION HID units support antipassback or interlock but not both simultaneously.
Threat levels This section is only visible to administrative users, and if the Threat level license option is enabled. You can configure specific actions to be executed by the system when a threat level is activated or deactivated for this area. For more information, see "Managing threat levels" on page 117.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
362
Area
Members The Members tab shows the child entities of the area, grouped by entity type.
Areas are used as entity groupings in the Logical view. The area represented in the above sample screen shot would appear as the following in an entity tree.
For more information about adding members to an area, see "Add members to an area" on page 279.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
363
Area
Access rules The Access rules tab is only necessary if you are configuring a secured area. This tab is only visible when Synergis is enabled in your license.
You assign one or more existing access rules that allow authorized cardholders to gain access to the area. For more information, see "Configuring access rules" on page 281.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
364
Badge template
Badge template The badge template entity is used to configure a printing template for badges.
System: Synergis IP access control Task: Access control – Badge templates Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Badge designer
Tools allowing you to design new badge templates.
Related topics:
• "Cardholder" on page 395 • "Credential" on page 401 • "Defining badge templates" on page 289
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
365
Badge template
Badge designer The Badge designer is a tool that allows you to design and modify badge templates.
In the Badge designer, there are different tools you can use to edit a template:
• In the Tools section, there are six graphical tools you can use to edit the template:
Select tool. Use to click and select an object on the template.
Rectangle tool. Use to draw a square/rectangle on the template.
Ellipsis tool. Use to draw circles/ovals on the template.
Text tool. Use to insert text on to the template.
Image tool. Use to insert a picture on to the template.
Barcode tool. Use to insert barcodes on to the template.
Select a tool, and click on the template to use it.
• In the Image section, you can choose whether the image displayed on the badge uses a • •
cardholder picture or an image from a file, and whether the image should be stretched or not. In the Text section, you can add cardholder fields, as well as edit the text, the text color, and the text alignment. In the Color and border section, the following options are available:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
366
Badge template
Fill. Use to modify the fill color of an inserted object like a square or oval.
Border. Use to modify the border color of an inserted object.
Opacity. Use to modify the opacity of an inserted object.
Border thickness. Use to modify the thickness of the inserted object’s border In the Size and position section, you can choose where the text or image is located on the badge, and its width and height.
•
• Properties (
). Opens the Format dialog box, where you can select from the following card sizes and orientation:
• • • • • •
CR70
CR80
CR90
CR100
Custom card size
Orientation. You can choose Landscape or Portrait orientation.
Import (
). Import a badge template to use.
Export (
). Save your badge template.
Cut (
). Delete the selected item on the badge template.
Copy (
). Copy the selected item on the badge template.
Paste (
) . Paste the copied item onto the badge template.
Send to back ( ). Send the selected item to the background of the badge template. This is option is helpful if you want to have a background image on the badge.
• Bring to front (
). Bring the selected item to the foreground of the badge template.
For more information about creating badge templates, see "Defining badge templates" on page 289.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
367
Camera (video encoder)
Camera (video encoder) The camera entity represents a single video source on your system. The video source can be an IP camera or an analog camera connected to a video encoder. A video encoder is the device that converts an analog video source to a digital format using a standard compression algorithm (H.264, MPEG4, or M-JPEG). The video encoder is one of the many devices found on a video unit. Each video encoder can generate one or multiple video streams using different compression schemes and formats for different usages. In the case of an IP camera, the camera and the video encoder form an inseparable unit. Because of the intimate relationship between the camera and the video encoder, the two terms are often used interchangeably. System: Omnicast IP video surveillance Views: Video – Units (under Archiver) Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Video
Video stream configuration (usage and quality) based on schedules. Not available for federated cameras.
Recording
Video recording settings. Can be inherited from the archiving roles or customized for each camera. Not available for federated cameras.
Motion detection
Motion detection configuration based on schedules. Can be performed on the video unit (certain models only) or on the Archiver. Not available for federated cameras.
Color
Video attribute (brightness, contrast, hue, and saturation) adjustments based on schedules. Not available for federated cameras.
Visual tracking
Visual tracking is a feature in Security Desk that allows you to follow an individual or moving object across different cameras all within the same display tile. This tab is only available for fixed cameras.
Hardware
Hardware configuration such as PTZ protocol, links to audio devices, and unit specific video settings. Not available for federated cameras.
Custom fields
Custom field values for this camera.
Related topics:
• "Configuring cameras" on page 209 • "Camera sequence" on page 393 • "Video unit" on page 494 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
368
Camera (video encoder)
• "Archiver" on page 521 • "Media Router" on page 585
Video The Video tab allows you to define multiple video quality (resolution, frame rate, and so on) configurations for each video stream generated by your video encoder. For each stream, you can also specify its usage (or function) and specific network settings.
This section includes the following topics:
• • • • •
"Video quality" on page 370 "Stream usage" on page 373 "Network settings" on page 374 "Boost quality on manual recording" on page 376 "Boost quality on event recording" on page 376
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
369
Camera (video encoder)
Video quality Video quality refers to the various settings (image resolution, bit rate, frame rate, and so on) that affect the quality the video. Multiple video quality configurations can be defined for the same stream on different schedules. The list below describes all possible settings pertaining to video quality. These settings vary from one manufacturer to another. No single manufacturer supports them all. NOTE For any setting not covered in this section, refer to the manufacturer’s documentation.
• Resolution. Data format and image resolution. The available choices depend on the type of video unit you have. NOTE On certain models of video units that support a large number of video feeds (4 to 12), some high resolution formats might be disabled when you enable all the video streams, because the unit cannot handle all the streams at high resolutions.
• Quality. Video quality depends on a combination of settings. Config Tool proposes a list of predefined configurations for you to choose from. To adjust each of them individually, select Custom from the Quality drop-down list.
• Bit rate. Sets the maximum bandwidth (kbps) allowed for this encoder. See also "Advanced bit rate settings" on page 372.
• Frame rate. This slider sets the number of frames per second (fps). A high frame rate (10 fps or more) produces fluid video and is essential for accurate motion detection. However, increasing the frame rate also sends more information over the network, and therefore, requires more bandwidth.
• Image quality. This slider affects the image quality (the higher the value, the better the quality). Higher image quality requires more bandwidth, which might compromise the frame rate. When bandwidth is limited, you should consider the following:
To retain very good image quality, restrict the number of images per second (lower frame rate).
To transmit more images per second at a high frame rate, lower the image quality. The encoder will always try to maintain each quality setting. However, if bandwidth is limited, the encoder might reduce the frame rate in favor of the image quality.
• Automatic settings. Certain models of encoders (such as Bosch) let you select this option instead of setting your own value for image quality. To set the image quality manually, you have to select Custom in the Quality drop-down list.
• Key frame interval. A key frame is a frame that contains a complete image by itself as opposed to a usual frame that only holds information that changed compared to the previous frame. You would need a higher key frame rate to recover more rapidly from cumulative errors in the video when the network is less reliable. Frequent key frames require a higher bandwidth. You can specify the key frame interval in seconds (1 to 20) or by frames (based on the frame rate). gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
370
Camera (video encoder)
• Recording frame rate. The purpose of this setting is to save storage space by recording the video at a frame rate lower than the one used for viewing. This setting only reduces the storage usage, not the bandwidth usage. Setting the Recording frame rate to anything other than All frames locks the Key frame interval.
• Profile and level. Used only for MPEG-4 streams, the profile determines the tools available when generating the stream (for example, interlace, or B frames), and the level limits the resource usage (for example, max bit rate).
• Video object type. The Video Object Type (VOT) to use for the MPEG-4 streams. The available choices are governed by the choice of Profile and Level.
• GOP structure. Stands for Group Of Picture structure. It is possible to configure up to four types of GOP structures:
I. Stands for Intra frame structure. Meaning only Intra (key frame) frames are sent. This is primarily for using an external multiplexer. IP. Stands for Intra and Predicted frame structure. This setting results in the lowest possible video delay. IPB. Stands for Intra and Predicted and Bidirectional frame structure. This setting enables the user to have a higher quality and a higher delay.
IPBB. Stands for Intra and Predicted and Bidirectional and Bidirectional frame structure. This setting enables the highest quality and a highest delay. GOP length. Stands for Group Of Picture length. With this value, it is possible to change the distance (number of frames) between the intra-frames in the MPEG-2 video stream.
•
• Streaming type. Select between VES (video elementary stream), which sends only video information, or PRG (program stream), which sends both video and audio information.
• Input filter mode. This drop-down list lets you select a noise filter to apply to the video signal before it is encoded. It has four settings: None, Low, Medium, and High. NOTE Removing noise from the video signal also reduces the sharpness of the image. If the
video signal is relatively clean, do not apply any filter (None). The higher the filter level, the more blurry the video image becomes. Keeping a sharp image creates more pixels to encode, which uses more bandwidth. This is why on some video units the default is set to Medium.
• Bit rate control. This option lets the encoder automatically lower the bit rate when one of the decoders is reporting transmission errors (dropped packets). This usually happens when there is a lot of motion on the camera. The encoder drops the bit rate as low as necessary to let all decoders receive an error free transmission. When the motion subsides, the encoder gradually increases the bit rate until it reaches the configured maximum limit. The trade-off between low bit rate and transmission errors is that with a low bit rate, the image stays crisp but the video might appear jerky, while with transmission errors, the image contains noises, but the video stays fluid.
• Compression mode. Select between SM4, Verint's proprietary version of MPEG-4 compression, or ISO, the standard MPEG-4 compression.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
371
Camera (video encoder)
Advanced bit rate settings Certain types of video units (such as Axis) allow you to set the maximum bit rate at the unit level (see Video unit – "Properties" on page 496). In this case, there is an additional drop-down list (bit rate mode) for your bit rate setting.
You have two values to choose from for the bit rate mode:
• Variable. Variable bit rate (VBR) adjusts the bit rate according to the complexity of the images in the video. This uses a lot of bandwidth when there is a lot of activity in the image and less bandwidth when the monitored area is quiet.
• Constant. Constant bit rate (CBR) allows you to set a fixed target bit rate that will consume a predictable amount of bandwidth, which will not change, whatever happens in the image. This requires you to set another parameter, the Bit rate priority.
Bit rate priority If you choose to maintain a constant bit rate, the encoder might not be able to keep both the frame rate and the image quality at their set values when the activity in the image increases.
The Bit rate priority lets you configure which aspect of video quality you wish to favor when you are forced to make a compromise.
• Frame rate. Maintains the frame rate at the expense of the image quality. • Image quality. Maintains the image quality at the expense of the frame rate. • None. Lowers both the frame rate and the image quality to maintain the bit rate.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
372
Camera (video encoder)
Stream usage The Stream usage options are only available for encoders capable of generating multiple video streams. It allows you to specify the usage (or function) of each stream.
The stream usage options are the following:
• • • •
Live. Default stream used for viewing live video in Security Desk. Recording. Stream recorded by the Archiver for future investigation. Remote. Stream used for viewing video when the bandwidth is limited. Low resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. See "Automatic stream selection" on page 211.
• High resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large. See "Automatic stream selection" on page 211. NOTE Every stream usage must be covered by a stream, but not every stream needs to be assigned a usage. The streams that have no usage assigned are simply not generated, which conserves CPU on the unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
373
Camera (video encoder)
Network settings The Network settings options allow you to configure the desired connection type used by the video encoder.
The network settings are the following:
• UDP port. Port number used when the connection type is unicast UDP. If the encoder supports multiple video streams, this parameter is different for each stream.
• Connection type. Defines how communication is established between the Archiver and the unit for sending or receiving video streams. Each device on the same unit could support different connection types.
Best available. Lets the Archiver select the best available connection type for the stream. The best available types rank in this order, according to availability: Multicast, UDP, TCP, RTSP over HTTP, and RTSP over TCP. When the stream is requested for recording only, multicast is removed from the list, so the best available types start with UDP. Unicast UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted using the RTP protocol. Unicast TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the broad sense. For some types of cameras, the Archiver establishes a TCP connection to the unit and receives the stream in a proprietary protocol. For others, the stream is
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
374
Camera (video encoder)
sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by the unit. The Archiver has to convert the stream to the RTP protocol to be archived or retransmitted to the system.
RTSP stream over HTTP. This is a special case of TCP connection. The Archiver uses the RTSP protocol to request the stream through an HTTP tunnel. The stream is sent back through this tunnel using the RTP protocol. This connection type is used to minimize the number of ports needed to communicate with a unit. It is usually the best way to request the stream when the unit is behind a NAT or firewall, because requests sent to HTTP ports are easily redirected through them. RTSP stream over TCP. This is another special case of TCP connection. The Archiver uses the RTSP protocol to request the stream in TCP. The request is sent to the RTSP port of the unit.
Same as unit. Special case for Panasonic units. The connection type is the same for all streams of the unit. When present, it is the only connection type supported. The real connection type must be set in the specific configuration page of the unit. Multicast address. The multicast address and port number are assigned automatically by the system when the video unit is discovered. Each video encoder is assigned a different multicast address with a fixed port number. If the encoder is capable of generating multiple video streams, then a multicast address should be assigned to each stream. This is the most efficient configuration.
•
Normally, you do not need to be concerned with the multicast addresses. However, if you are short of multicast addresses (certain switches are limited to 128), you can use the same multicast address on multiple encoders, and assign a different port number to each. This solution is less efficient than using a different address for each encoder, because it will cause more traffic than is necessary on the network. NOTE All multicast addresses must be between the range 224.0.1.0 and 239.255.255.255. For these changes to take effect, you must restart the unit. To do so, select the unit in the Roles view task, and click the Reboot ( ) button in the Contextual commands toolbar.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
375
Camera (video encoder)
Boost quality on manual recording The Boost quality on manual recording option is only available for the recording stream. It allows you to configure a sudden boost of quality when the recording is started manually by a user.
The actions that trigger manual recording are as follows:
• The Record button ( ) is clicked by a Security Desk user. • The Add a bookmark button ( ) is clicked by a Security Desk user. See also "Common boost quality settings" on page 376.
Boost quality on event recording The Boost quality on event recording option is only available for the recording stream. It allows you to configure a sudden boost of quality when the recording is triggered by a system event. The events that qualify as event recording are as follows:
• The Start recording action was executed. • The recording was triggered by an alarm. • The recording was triggered by motion. See also "Common boost quality settings" on page 376.
Common boost quality settings This section describes the common behavior of the two Boost quality options.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
376
Camera (video encoder)
The boosted quality settings you can configure are the same as the ones described in the section "Video quality" on page 370. When both sets of events are triggered, the event recording settings have priority over the manual recording settings. The duration of the quality boost depends on the type of event and the duration configured in the Recording tab of the camera. For more information, see Camera – "Recording" on page 378. The ON/OFF switch tells the system whether the video quality should be boosted every time the triggering events occur (ON), or only on demand (OFF). When boost on demand is selected (switch=OFF):
• You can demand the boost quality settings to be applied explicitly by executing one of the following actions:
Override with manual recording quality.
Override with event recording quality.
• Once the boost quality settings are applied through an action, they have precedence over any other settings currently in effect. To return to the normal settings, you must execute the following action:
Recording quality as standard configuration.
For more information about executing actions, see "Using event-to-actions" on page 106.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
377
Camera (video encoder)
Recording The Recording tab allows you to customize the recording settings on each individual camera instead of following the archiving role settings.
If the camera is associated to additional Auxiliary Archiver roles, roles, you’ll find one group of settings for each archiving role the camera is associated to. For each recording configuration, the camera can follow the settings inherited from the role or use its own custom settings. For more information on the rest of the recording settings related to:
• An Archiver, see "Camera recording" on page 522. • An Auxiliary Archiver, see "Camera recording" on page 544.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
378
Camera (video encoder)
Motion detection The Motion detection tab allows you to define multiple motion detection configurations for your camera. Each configuration is based on a different schedule.
What is a motion detection configuration? A motion detection configuration is a group of settings that specify how motion is detected on a camera, and when these settings are applied (based on a schedule). Every camera has a default motion detection configuration based on the Always schedule. The default motion detection configuration can be modified but not deleted. The motion detection settings are as follows:
• Motion detection. Turns motion detection ON or OFF for the time periods covered by the schedule.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
379
Camera (video encoder)
• Detection is done on. Specifies whether motion detection is performed on the Archiver (always available), or on the video unit (not all units support this feature). See also "Limitations with motion detection on unit" on page 385.
• Sensitivity. Controls how much difference must be detected in a block between two consecutive frames before it is highlighted as a motion block (see "Motion block" on page 380). With the sensibility set to the maximum (100%), the slightest variation in an image block is detected as motion. Lowering the sensitivity reduces the number of motion blocks detected in the video. Only set the sensitivity lower than 100% if your equipment is prone to generate noise. TIP A plain image, such as viewing an empty wall, is more prone to generate noise than an image containing a lot of detail.
You can also set the sensitivity value automatically (see "Automatically set motion detection sensitivity" on page 381). See also "Advanced H.264 motion detection" on page 382.
• Consecutive frame hits. A frame where the number of motion blocks reaches the Motion on threshold is called a hit. Setting this parameter higher than 1 helps avoid false motion detection hits, such as from video noise in a single frame. This setting ensures that positive motion detection is only reported when a hit is observed over a certain number of consecutive frames. When enough consecutive hits have been observed, the first hit in the series is marked as the beginning of motion.
• Motion zones. Defines where on the video image motion should be detected. Up to six different motion zones can be defined per configuration. For the purpose of motion detection, the video image is divided into a large number of blocks (1,320 for NTSC encoding standard and 1,584 for PAL). Each of these blocks can be individually turned on/off for motion detection. A block where motion detection is turned on is represented by a semi-transparent blue square overlay on the video image. See "Drawing tools for motion zones" on page 383.
Motion block A block is called a motion block when motion is detected in it. There is positive motion in a video image when the area covered by the block detects motion in two consecutive video frames. The number of motion blocks detected represents the amount of motion. A motion block is represented by a semi-transparent green square overlay on the video image.
What constitutes a positive motion detection? Simply seeing motion blocks on the video does not necessarily mean that the system will generate a motion related event. It could simply be noise. To determine when motion actually started (Motion on event) and when it stopped (Motion off event), two more parameters must be configured on top of the Sensitivity and Consecutive frame hits:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
380
Camera (video encoder)
• Motion on threshold. Indicates the minimum number of motion blocks that must be detected before the motion is significant enough to be reported. Together with the Consecutive frame hits, a positive motion detection is made.
• Motion off threshold. In the same way the Motion on threshold detects the beginning of motion, the Motion off threshold detects the end of motion. Motion is considered stopped when the number of motion blocks drops below the Motion off threshold for at least 5 seconds. CAUTION Light reflections on windows, switching lights on/off, and light level changes caused by cloud movement can cause undesirable responses from the motion detection algorithm, and thereby generate false alarms. Carry out a number of tests for different day and night conditions to ensure correct interpretation of the video images. For surveillance of indoor areas, ensure there is a consistent lighting of the areas during the day and at night. Uniform surfaces without contrast can trigger false alarms even with uniform lighting.
Automatically set motion detection sensitivity You can determine what constitutes positive motion detection by automatically setting the sensitivity value. Before you begin: Make sure there is no motion in the camera’s field of view (0 motion blocks). NOTE If your camera is located outdoors, the accuracy of this test might be affected due to wind, moving trees, and so on.
To automatically set the motion detection sensitivity:
• In the camera’s Motion detection tab, select one of the following options from the Auto calibrate drop-down list:
Current zone. Calibrate the sensitivity for motion detected in the currently selected motion zone on the video image. All zones. Calibrate the sensitivity for motion detected in all the motion zones on the video image. All motion. Calibrate the sensitivity for motion detected on the whole video image.
Different sensitivity values are tested to find the highest value without detecting motion in the image. This test accounts for any unwanted background noise that your camera may pick up and consider as motion.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
381
Camera (video encoder)
Advanced H.264 motion detection When an H.264 stream is selected as the recording stream, the Advanced settings button is available after the Sensitivity slider. Click this button to open the H.264 advanced motion detection settings dialog box where you can refine your motion detection settings for an H.264 stream.
Choose a Preset from the drop-down menu:
• Custom. Allows you to customize your settings using the available sliders. • Vector emphasis. Sets motion detection based on the difference in motion vector values (movement) between consecutive frames.
• Luma emphasis. Sets motion detection based on the difference in luma values (brightness) between consecutive frames. Depending on your unit, the Vector and Luma emphasis presets might not provide desirable results. If you find you are getting too many, or too few motion events, choose Custom from the Preset list and adjust the following slider values until you achieve desirable results. Values range between 0 and 100. The higher the value, the more motion is detected.
• Luma weight. Sets motion detection based on the difference in luma values (brightness) between consecutive frames.
• Chroma weight. Sets motion detection based on the difference in chroma (color) values between consecutive frames.
• Vectors weight. Sets motion detection based on the difference in vector values (movement) between consecutive frames.
• Macroblocks weight. Sets motion detection based on the presence of intra-macroblocks in your frame. This setting is useful when you notice motion detection indicators on still frames. For example, some units generate frames completely comprised of intramacroblocks as a new reference point. When this happens, you will see motion detection blocks covering your whole image. Setting the Macroblocks weight to 0 helps prevent this from happening. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
382
Camera (video encoder)
TIP Test your new settings with the View all motion mode.
Drawing tools for motion zones You draw the motion zone using the following drawing tools: Icon
Tool name
Description
Pen
Draws motion detection blocks one at a time.
Eraser
Erases the motion detection blocks one at a time.
Rectangle
Draws a group of motion detection blocks.
Fill
Covers the entire image with motion detection blocks.
Clear
Clears all motion detection blocks.
Invert
Interchanges the area with motion detection blocks with the area without.
Learning mode
Lets the computer analyze what is typical motion in the image. When typical motion occurs, the motion detection blocks in the affected areas are turned off, so it can be ignored.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
383
Camera (video encoder)
Testing motion detection settings After modifying the motion detection settings for a camera, always test your new settings to make sure that you get the expected results. You can always test your settings in Config Tool whether the motion detection is performed on the Archiver or on the unit. However, the test might not be completely accurate when the motion detection is performed on the unit. See "Limitations with motion detection on unit" on page 385. You have three motion test modes to choose from:
• Test zone. The motion zone is displayed as blue overlays. The motion blocks are displayed as green overlays. The number of motion blocks is updated in real time. When the number of motion blocks reaches the Motion threshold, it is displayed in red.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
384
Camera (video encoder)
• Test all zones. In this mode, all motion zones are displayed at once, with the number of motion blocks in each displayed separately.
• View all motion. In this mode, the entire video image is tested for motion. All motion anywhere on the image is displayed as motion blocks (green overlays). The total number of motion blocks is updated in real time. Use this mode to test the sensitivity setting for this camera.
Limitations with motion detection on unit When motion detection is performed on the unit, not all motion detection settings are taken into consideration. The following list some of the known limitations:
• Not all units support multiple motion detection zones. When switching motion detection •
from Archiver to Unit, the existing zone configurations not supported by the unit will be lost. The unit might not interpret the Sensitivity parameter the same way as the Archiver. Therefore, when testing your motion zones, the results might not be accurately reflected in Config Tool. The Motion search task in Security Desk is not supported.
• • In most cases, the motion indicators (green bars) are not shown in the timeline during playback.
NOTE Axis cameras however are exceptions. They do show the motion indicators in the
timeline during playback when motion detection is performed on the unit. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
385
Camera (video encoder)
Motion related events The default events related to motion detection generated by the system are as follows:
• Motion on. At the beginning of the motion period. • Motion off. At the end of the motion period. You can silence these events or replace them with the custom events of your choice using the Motion events dialog box (click the Events button to open it).
TIP One reason why you would want to use custom events is when you are using multiple motion zones. Each zone can be configured to detect motion in a different area of the camera’s field of view and generate different events. Having different events allows you to program different actions to respond to different situations.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
386
Camera (video encoder)
Color The Color tab allows you to adjust the video attributes such as brightness, contrast, hue, and saturation, based on different schedules.
Click the Add schedule button to add an new color configuration. Click the Load default button to reset all parameters to their default values. TIP A typical use of this feature is to automatically control the brightness and contrast based on ambient light. For more information, see "What is a twilight schedule?" on page 104.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
387
Camera (video encoder)
Visual tracking Visual tracking is a Security Desk feature that allows you to follow an individual or moving object across different cameras and all within the same display tile. For more information, see “Using visual tracking” in Genetec Security Desk User Guide. The Visual tracking tab is where you configure this feature.
How visual tracking works When visual tracking is turned on, semi-transparent overlays (colored shapes drawn over the video) appear in the tile showing that camera. Each overlay corresponds to one or more adjacent cameras. Simply click the overlay to switch to an adjacent camera. Video from the camera you switched to is displayed within the same tile. For more information, see "Configure visual tracking" on page 212.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
388
Camera (video encoder)
Hardware The Hardware tab allows you to associate other hardware devices (PTZ motor, Speaker, Microphone, and so on) to this camera and configure specific hardware settings.
When the unit is initially added to the system, all hardware devices belonging to the same unit are configured by default. You can manually associate your camera to other devices, according to how they are physically connected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
389
Camera (video encoder)
PTZ configuration If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor separately before you can control it in Security Desk. When you turn the PTZ switch on, additional settings appear.
• Protocol. Protocol used by the PTZ motor. • Serial port. Serial port used to control the PTZ motor. Click
to set the Idle delay, Idle command, and Lock delay parameters.
• Enhanced PTZ. Turn this option on to enable the zoom-box and center-on-click PTZ commands. For more information, see "Configure PTZ motors" on page 214.
• Calibrate. Click to calibrate the PTZ. See "Calibrate the PTZ coordinates" on page 215. NOTE Not all cameras require PTZ calibration.
• PTZ address. Number identifying the selected PTZ motor on the serial port. This number is important because it is possible to connect more than one PTZ motor on the same serial port. This number must correspond to the dip switch settings on the PTZ hardware.
Idle delay The idle delay is used in two ways:
• The idle delay defines the period of inactivity after which the PTZ is considered idle. When a user starts moving the PTZ when it is idle, the PTZ activated event is generated. When the idle delay expires, the PTZ stopped event is generated. As long as there are users who continue to move the PTZ, the countdown timer continuously restarts.
• The same idle delay value is also used specifically for the zoom operation on a PTZ. Whenever a user starts to zoom the PTZ, the PTZ zoom by user event is generated. After the last zoom operation, when the idle delay expires, the PTZ zoom by user stopped event is generated. For a particular user, idle delay delineates a single zoom activity. A user who zooms several times, with each zoom activity taking place less than 120 seconds after the previous one, will generate only one PTZ zoom by user event, assuming the idle delay is 120 seconds. Then, if another user performs a zoom on the same PTZ before the idle delay has expired, the PTZ zoom by user event is again generated, logged to the second user, and the countdown timer
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
390
Camera (video encoder)
is restarted. Note that in this case, the PTZ zoom by user stopped event is only generated after the Idle delay has expired, and logged to the second user. NOTE The PTZ activated and PTZ stopped events cannot be triggered by a programmed PTZ
action. The PTZ zoom by user and PTZ zoom by user stopped events cannot be generated due to automated PTZ functions such as presets or patterns, or by a programmed PTZ action.
Idle command When the PTZ becomes idle (after the idle delay expires and the PTZ stopped or PTZ zoom by user stopped event is generated), this option determines the next action of the PTZ.
• None. The PTZ remains idle until a user starts controlling it. • Preset. The PTZ moves to a preset position when it becomes idle. • Pattern. The PTZ motor starts a PTZ pattern when it becomes idle. Lock delay When a user controls an idle PTZ, the PTZ becomes implicitly locked for that user. The implicit PTZ lock prevents two users from fighting for the control of the same PTZ. The implicit lock lasts Idle delay + Lock delay seconds after the user has stopped using the PTZ. After this period, the PTZ automatically unlocks.
Speaker and microphone Even if the unit your camera belongs to does not support audio, you can still link your camera with audio devices (speaker and microphone) found on other units.
Camera tampering Select this option to let Security Center process Camera tampering events issued by the unit. This setting is only available if the video unit is capable of detecting camera tampering. Typically, any dysfunction that prevents the original scene from being viewed properly can by treated as an attempt to tamper with the camera. This can be a partial or complete obstruction of the camera view, a sudden change of the field of view, or a loss of focus. You can control the sensitivity of the unit’s alarm notification mechanism by specifying the Minimum duration that a dysfunction must last before the unit issues a Camera tampering event. Select the Alarm for dark images option if total obstructions are to be considered as dysfunctions.
Audio alarm Select this option to let Security Center process audio alarms issued by the unit as Audio alarm events. This setting is only available if the video unit is capable of raising audio alarms.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
391
Camera (video encoder)
NOTE The Alarm level sets the value used to trigger audio alarms on the unit. A unit can be configured to issue audio alarms when the sound level rises above or falls below the set value. The alarm level can be set in the range 0-100%, where 0% is the most sensitive and 100% the least sensitive.
Image rotation Use this setting to correct the orientation of the image when the camera is mounted upside down or at a 90 degree angle. The rotation options might vary depending on the model of the camera.
Lens type Use this setting to select the lens type for cameras with interchangeable lenses. Depending on the selected lens type, you might have additional settings to configure, such as dewarping a fish-eye lens. For more information, see the Security Center Video Unit Configuration Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
392
Camera sequence
Camera sequence The camera sequence entity defines a list of cameras that are displayed one after another in a rotating fashion within a single tile in Security Desk. When displayed in a Security Desk, the camera sequence can be paused (stop cycling) and unpacked (showing all cameras at the same time). The cameras composing the sequence can be fixed, PTZ enabled, or federated. Each camera is given a preset amount of display time. Dome cameras can be configured to point to a preset position, to run a pattern, or to turn on/off an auxiliary switch. System: Omnicast IP video surveillance Views: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Cameras
Configuration of the cameras composing the sequence.
Custom fields
Custom field values for this camera sequence.
Related topics:
• "Camera (video encoder)" on page 368 • "Creating camera sequences" on page 218 • “Viewing a camera sequence” in the Security Desk User Guide
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
393
Camera sequence
Cameras The Cameras tab allows you to configure the cameras composing the camera sequence. The order of the cameras in the list is the order they will be displayed in Security Desk. For information about creating camera sequences, see "Creating camera sequences" on page 218.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
394
Cardholder
Cardholder The cardholder entity represents a person who can enter and exit secured areas using their credentials (typically access cards), and whose activities can be tracked.
System: Synergis IP access control Task: Access control – Cardholders Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Cardholder’s personal information and status.
Picture
Cardholder’s picture.
Custom fields
Custom field values for this cardholder.
Related topics:
• "Badge template" on page 365 • "Cardholder group" on page 398 • "Credential" on page 401
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
395
Cardholder
Properties The Properties tab shows the cardholder’s personal information and status. Additional information might be found in the Custom fields tab. For information about configuring cardholders, see “Cardholder management” in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
396
Cardholder
Picture The Picture tab allows you to assign a picture to the cardholder. For information about editing cardholder pictures, see “Assign a picture to the cardholder” in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
397
Cardholder group
Cardholder group The cardholder group entity is used to configure the common access rights and properties of a group of cardholders.
System: Synergis IP access control Task: Access control – Cardholder groups Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Cardholder group properties and members.
Custom fields
Custom field values for this cardholder group.
Related topics:
• "Cardholder" on page 395
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
398
Cardholder group
Properties The Properties tab lets you view and configure the members of this cardholder group, and configure their common properties. Additional information might be found in the Custom fields tab.
• Group available for visitors. Set this to ON if this group will be used for visitors • Email address. Set an email address here for automated actions associated to the group • Security clearance. (Only visible to administrative users) Set the security clearance level for the cardholder group. A cardholder group’s security clearance level determines their access to areas when a minimum security clearance level is required on areas by setting a threat level in Security Center. For more information, see "Set minimum security clearance" on page 122. Level 0 is the highest clearance level, with the most privileges.
Inherited from parent cardholder groups. The cardholder group’s security clearance level is inherited from their parent cardholder group. When multiple parent cardholder groups exist, the highest clearance level is inherited.
Specific. Set a specific security clearance level for the cardholder group. Cardholders. Define the cardholder group members using the and buttons. Both individual cardholders and other cardholder groups can be members.
•
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
399
Cash register
Cash register The cash register entity represents a single cash register (or terminal) in a point of sale (POS) system. Cash register entities are created by the Point of Sale role. They identify the transaction data imported by the Point of Sale role from an external POS system. Security Center can link Omnicast cameras to cash registers to provide video support to help security officers in their investigations. For more information, see “Transactions” in the Security Desk User Guide. IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin must be enabled on the machine where Security Desk is installed. For more information, see “Enable Point-of-Sale plugin” in the Security Center Installation and Upgrade Guide.
System: General Task: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Cameras
Cameras used to monitor this cash register in Security Desk.
Custom fields
Custom field values for this cash register.
Location
Time zone and geographical location for this cash register.
Related topics:
• "Point of Sale" on page 595 • “Transactions” in the Security Desk User Guide
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
400
Credential
Credential The credential entity represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time. Credentials are really “claims of identity”. A credential distinguishes one cardholder from another.
System: Synergis IP access control Task: Access control – Credentials Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Credential information and status.
Badge template
Default badge template associated to this credential.
Custom fields
Custom field values for this credential.
Related topics:
• "Badge template" on page 365 • "Cardholder" on page 395
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
401
Credential
Properties The Properties tab lets you configure the credential information and status. Additional information might be found in the Custom fields tab.
Credential information This section identifies the details of the credential itself. If the credential is an access control card, the format, facility code and card number will be shown.
• Cardholder. Displays the cardholder this credential is associated with. The cardholder can be changed if required.
State This section shows whether the credential status is active or Inactive/Lost/Stolen/Expired. It also displays the date and time when the credential was attributed to this state. Expiration - An expiration date/time can be set here so the credential expires automatically on a certain date and time.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
402
Credential
Badge template The Badge template tab defines the default badge template associated to this credential.
The badge template tab allows you to preview what the credential will look like when printed using any specific badge template. You can also print the card credential.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
403
Door
Door The door entity represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides named by default “A” and “B”. Each side is an access point (entrance or exit) to a secured area.
System: Synergis IP access control Task: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
General behavior of the door.
Unlock schedules
Scheduled periods when the door should not be used for secured access.
Hardware
Physical wiring configuration of the door to access control units and associations to monitoring cameras.
Access rules
Access rules applied to this door.
Custom fields
Custom field values for this door.
Related topics:
• • • •
"Access control unit" on page 337 "Access rule" on page 349 "Area" on page 360 "Elevator" on page 410
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
404
Door
Properties The Properties tab allows you to configure the general behavior of the door.
• Standard grant time. Amount of time the door is unlocked after an access granted event is generated.
• Access time. Amount of time the cardholder has to cross the entry sensor, in addition to the Standard grant time. If no entry is detected during this time, a No entry detected event is generated. This option is only supported when your door is configured with an entry sensor. EXAMPLE If the Standard grant time is 5 seconds, and the Access time is 5 seconds, the
cardholder has a total of 10 seconds to cross the entry sensor of the door.
• Extended grant time. For cardholders with the property “extended grant time” turned on, the amount of time the door is unlocked after access is granted.
• Extended access time. For cardholders with the property “extended grant time” turned on, the amount of time the cardholder has to cross the entry sensor, in addition to the Extended grant time. If no entry is detected during this time, a No entry detected event is generated. This option is only supported when your door is configured with an entry sensor. EXAMPLE If the Extended grant time is 10 seconds, and the Extended Access time is 10
seconds, the cardholder has a total of 20 seconds to cross the entry sensor of the door.
• Trigger a ‘door open too long’ event. The event ‘door open too long’ will be generated after this duration. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
405
Door
• Ignore ‘door forced open’ events. Ignore ‘door forced open’ events. • Unlocked for maintenance. Door is unlocked, and possibly pinned open for maintenance purposes. Do not generate the normal events when in maintenance-mode. The values in the Request to exit section are generally used to decrease the number of false Request to exit events at a door.
• Time to ignore ‘Request to exit’ after granted access. Ignore any requests to exits for this long after access has been granted.
• Unlock on request to exit. Set to ON if a REX is being used, and you want to automatically grant the request to exit.
• Ignore ‘Request to exit’ events while door is open. Do not generate REX when door is open.
• Time to ignore ‘Request to exit’ after door closure. Once the door has closed, wait this long before generating any more Request to exit events.
Unlock schedules Unlock schedules represent scheduled periods when the door should not be used for secured access. It is unlocked, and no access rules are in effect.
A typical use of an unlock schedule might be:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
406
Door
The main door of the office should be unlocked from 9:00 AM-12:00 PM, locked from 12:00 PM - 1:00 PM, and unlocked again from 1:00 PM - 6:00 PM.
• Click the add button below Unlock schedules to apply free access periods. • Click the add button below Exceptions to unlock schedules to apply “controlled access” periods.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
407
Door
Hardware The Hardware tab allows you to configure the physical wiring relationships between the access control unit and the door, and associate cameras to door sides.
Match each one of these functions to correspond with the physical wiring done on the controller and door. EXAMPLE The physical door has the following installed: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
408
Door
• • • • •
A reader wired on door side A A REX wired on door side B A strike relay on the door lock A door sensor An auxiliary relay wired to a buzzer
In Config Tool, the door entity must have Card-In/REX out configuration. Door side A can be named Entry, and door-side B can be named Exit.
Access rules The Access rules tab displays the access rules applied to this door.
In the example above, we can see that an access rule called Employees only is applied to the Entry side of the door but no rule is applied to the Exit side because of a Request to exit device.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
409
Elevator
Elevator The elevator entity provides access control properties to elevators. For an elevator, each floor is considered an entry point for the area corresponding to that floor. CAUTION To configure an elevator, make sure you have an access control unit dedicated to the control of an individual elevator cab. In other words, the access control unit used for elevator control cannot be shared for any other purpose.
System: Synergis IP access control Task: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Floors
Physical wiring relationships between the access control unit and the elevator floors, and cameras used to monitor this elevator in Security Desk.
Access
Access rules applied to the elevator floors, and scheduled periods when the elevator floors should not be used for secured access.
Advanced
Advanced behavior of the elevator.
Custom fields
Custom field values for this elevator.
Related topics:
• • • •
"Access control unit" on page 337 "Access rule" on page 349 "Area" on page 360 "Door" on page 404
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
410
Elevator
Floors The Floors tab allows you to configure the physical wiring relationships between the access control unit and the elevator floors, and select cameras used to monitor this elevator in Security Desk.
• • • •
Preferred unit. Assign an access control unit to manage this elevator cab’s panel. Elevator cab reader. Assign a reader interface to be used inside the elevator cab. Camera. Select a camera to monitor this elevator in Security Desk. Floors. Assign push button relays and inputs to the elevator floor buttons.
Push button relay. Assign output relays to the different elevator floor buttons. Access granted events cause an output relay to close, which enables the button-push to request a certain floor. Floor tracking. (Optional) Assign inputs to elevator floor buttons. When you assign inputs, Security Center can take note of which floor button was pushed.
The floor configurations can be added, deleted, or modified with the add buttons at the bottom of the page.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
, delete
, and
411
Elevator
Access The Access tab lets you configure the access rules applied to each of the elevator floor, and determine when access to floors is controlled and when free access to elevator floors is available.
• Access rules. Select access rules to determine which floor buttons are enabled, when, and for which cardholders. Different access rules can be applied to different floors, or applied to all floors. In the example above, the access rule Weekdays applies to all floors.
• Exceptions. Determine if there are any exceptions to the access rule you set.
Schedule. Select a schedule when the exception applies.
Floor. Select which floors the exception applies to.
Mode. Select whether access to the elevator floor is free or controlled during the exception schedule. In the example above, controlled access is used when the office is closed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
412
Elevator
Advanced The Advanced tab lets you configure the advanced behavior of this elevator.
• Grant time. This value indicates for how long the elevator floor button will be enabled after the access granted event has been generated.
• Free access when the output relay is:
Normal. Floor access is enabled when the access control unit output relay is deenergized. This means that a power loss results in free access to the floor. Active. Floor access is enabled when the access control unit output relay is energized. This mean that a power loss results in floor access being denied.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
413
Hotlist
Hotlist The hotlist entity defines a list of wanted vehicles. Each vehicle in the list is identified by a license plate number, the license plate issuing state (or province, or country), and the reason why the vehicle is wanted (for example, Stolen, Wanted felon, Amber alert, VIP, and so on). Additional vehicle information can include the model, the color, and the vehicle identification number (VIN). Hotlists are used by both the AutoVu Patroller and the AutoVu LPR Manager role to check against license plates captured by LPR units to identify vehicles of interest. The hotlist entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include overtime, permit, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a plate read matches a plate on a hotlist, it is called a hotlist hit. System: AutoVu IP license plate recognition Task: LPR – Hotlists Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Configure the basic parameters of the hotlist, including: assigning priority to a hotlist, and the location and attributes of the hotlist data file.
Advanced
Configure the advanced parameters of the hotlist, including: assigning color, sound, email address for notifications, and enabling hotlist and permit editor support.
Custom fields
Custom field values for this hotlist.
Related topics:
• "LPR Manager" on page 567 • "LPR unit" on page 426
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
414
Hotlist
Properties The Properties tab is where you configure the basic properties of the hotlist (hotlist priority, hotlist path, attributes, and so on). These settings tell Security Center how to parse the hotlist file into the format required by the Patroller and the LPR Manager to identify plates read by Sharp units. For more information on how to configure hotlists, see “Configuring hotlists” in the AutoVu Handbook.
• Priority. Choose a hotlist priority. Zero (0) is the highest priority setting and 100 is the lowest priority setting. This setting is used to resolve conflicts when a plate read matches more than one hotlist, in which case the hotlist with the highest priority is displayed first in the list of hotlist matches.
• Hotlist path. Type the path or browse to the hotlist text file. Every hotlist entity in Security Center must be associated with a text file containing the actual hotlist data; that is, license plate numbers and other related vehicle information. The associated text file is typically created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files). The source text file can be located on the LPR Manager computer’s local drive (for example, the C drive), or on a network drive that is accessible from the LPR Manager computer. If you start typing a path to a network drive, the Username and Password fields appear and you’ll need to type the username and password to access the network drive.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
415
Hotlist
• Use delimiters. Tells Security Center that the fields in the hotlist file are of variable length and indicates the character used to separate each field in the file. By default, Use delimiters is set to On, and the delimiter specified is a semi-colon (;). If your hotlist file is made up of fixed length fields, set Use delimiters to Off. Security Center supports the following delimiters:
Colon (:)
Comma (,)
Semi-colon (;)
Tab (Tab)
If your hotlist file uses Tab as a delimiter (i.e. the “Tab” key on your keyboard), type the word “TAB” as the delimiter character. IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use more than one Tab space to align columns in your hotlist file or Security Center may not be able to parse the hotlist.
• Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and permit editor task. IMPORTANT Please note the following about the Hotlist and permit editor:
A user must be granted the privilege to use the Hotlist and permit editor.
Only the first 100,000 rows of a hotlist are loaded into the Hotlist and permit editor.
If an error occurs while the hotlist is being loaded, the loading process is cancelled and an error message is displayed. However, you will not lose any of the data loaded before the error occurred, and you can still edit the data loaded into the editor. Attributes. Tells Security Center the name and order of the fields in the source text file. From the Attributes area, you can add, delete, or edit the data fields (attributes). Security Center includes the following default attributes:
•
Category. (Mandatory field) Reason why a license plate number is wanted. For example: Scofflaw, Stolen, Amber alert, Wanted felon, and so on. When a hit occurs, this field is displayed on the hit screen in Patroller and Security Desk. PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate. Patroller uses the PlateNumber to match against a plate read. When a hit occurs, this field is displayed on the hit screen in Patroller and Security Desk. PlateNumber. (Mandatory field) The license plate number.
The following fields are shown by default, but are optional. If there is no start or end date for the hotlist, you can delete these fields, or simply leave them blank.
EffectiveDate. Date at which the hotlist starts to be effective.
ExpiryDate. Date after which the hotlist is no longer valid.
IMPORTANT Please note the following about hotlist attributes.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
416
Hotlist
The hotlist text file must include Category, PlateState, and PlateNumber fields. For this reason, these fields already appear in the attribute list and cannot be deleted from the list. There cannot be any spaces within an attribute name.
You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber. Add ( ) or Edit ( ) a hotlist attribute. Configure the following:
•
Name. Name of the field. It may contain spaces. Only the three compulsory fields, Category, PlateState and PlateNumber cannot be renamed. Value. The default value is interpreted differently depending on whether delimiters are used or not.
If delimeters are in use, the default value is written into this field. Fields already populated will be overwritten. If delimeters are not in use, and if the field is empty, the default value is written into this field. Fields already populated will not be overwritten.
Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if you add a mandatory attribute called CarColor, the column for CarColor in the source file must have text in it. Fixed length. This option is enabled only if you chose to use fixed length data fields. Indicate the start position of the field in the file record and its length. The position of the first character is zero (0). Date format. Specify a time format if the field contains a date or time value. All standard date and time format strings used in Windows are accepted. If nothing is specified, the default time format is “yyyy-MM-dd”. Translate. You can apply an optional transformation to the values read from the data file. Use this feature to shorten certain values to save space on the Patroller or to enforce spelling consistency.
For example, the following is what you may find in a variable field length data file using a semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, CarMake, and CarColor. AMBER;QC;DEF228;TOYOTA COROLLA;GREEN STOLEN;QC;345ABG;HONDA CIVIC;BLUE STOLEN;QC;067MMK;FORD MUSTANG;YELLOW STOLEN;QC;244KVF;LEXUS IS350;SILVER
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
417
Hotlist
Advanced The Advanced tab is where you configure the advanced properties of the hotlist (the color, sound, download frequency, and so on). These properties are not required for all hotlists, but allow you to customize certain hotlists for specific scenarios. For more information on how to configure hotlists, see “Configuring hotlists” in the AutoVu Handbook.
• Color. Assigns a color to a hotlist. When you choose a color, the map symbol that marks the location of the hotlist hit in Security Desk and Patroller, as well of the Hotlist Hit and Review Hits screen in Patroller, appears in that color.
• Use wildcards. Indicates that the hotlist contains wildcards (partial license plate numbers). You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber. Wildcard hotlists are used in situations where witnesses did not see, or cannot remember a complete license plate number. This allows the officer to potentially intercept vehicles associated with a crime, which otherwise would not have been detected using standard hotlists. Best practice: If using a wildcard hotlist, use the following best practices:
Do not use more than one wildcard hotlist per Patroller. By default, hotlists are applied at the LPR Manager level. Use only one wildcard hotlist per LPR manager role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
418
Hotlist
Limit the number of entries to 100 plates.
NOTE If using wildcard hotlists, please note the following:
An asterisk (*) in the data file indicates a wildcard. Only the PlateNumber field accepts wildcard characters. If the asterisk is found in any other field, it is considered as a normal character. The PlateNumber field is limited to two wildcard characters. If you select Use wildcards, Patroller ignores all hotlist entries that do not contain a wildcard, or that contain more than two wildcard characters. It is the number of wildcards in the PlateNumber field, and not the location of the wildcard, that determines how many mismatched characters are allowed before a match can occur. The position of the wildcards cannot be enforced because, typically, when witnesses report a partial plate number, they do not remember the position of the characters they missed. The sequence of the normal characters in the PlateNumber is respected, such that the three patterns “S*K3*7”, “**SK37”, and “SK37**” are equivalent. EXAMPLE If a wildcard hotlist contains the PlateNumber entry S*K3*7:
Plate reads NSK357 and ASDK37 will generate a hit because both reads have no more than two mismatched characters (in red) and the sequence “SK37” is respected. Plate read SUKA357, will not generate a hit because it contains three mismatched characters (in red).
Plate read SKU573 read will not generate a hit because the sequence of characters SK37 is not found in the read. Covert. Set the hotlist to a covert hotlist. When you choose this setting, Patroller users are not alerted when a hit occurs. Only users with sufficient privileges can view covert hits in Security Desk.
•
• Email address. Set hotlist email notifications. When the hotlist you’re configuring generates a hit, Security Center sends an email to the address you specify. IMPORTANT For this feature to work, the SMTP configuration must be set up in the Server
Admin and the Email notification option must switched to ON in the Config Tool’s LPR Manager Properties tab.
• Sound file. This indicates which sound Patroller should play when a hotlist hit occurs. If you leave this field blank, Patroller plays its default sounds. The path (you must include the filename) indicates the file’s location on the Patroller in-vehicle computer. You can copy sound files to the in-vehicle computer manually, or use the Security Center updater service to push new sound files to Patroller as you would a hotfix. Only .wav files are supported.
• Override privacy for emails. Bypasses any privacy settings you applied at the Directory level (see "Applications" on page 640), and sends an email with real LPR data to the Email address you specified for this particular hotlist.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
419
Hotlist
• Disable periodic transfer. Turns off periodic transfer of hotlist modifications to the Patroller computer. When this setting is off, hotlist changes are only downloaded to Patroller when the user logs on to the application. This option requires a wireless connection between Patroller and Security Center.
• Enable transfer on modification. Transfer hotlist modifications to Patroller as soon as they occur. For example, you can use this option on a hotlist to force Patroller to query for changes more frequently than the periodic transfer period (which applies to all hotlists). This can be useful for Amber alerts because they can be added to a specific hotlist and sent to a Patroller almost immediately. This option requires a continuous wireless connection between Patroller and Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
420
Intrusion detection area
Intrusion detection area An intrusion detection area entity corresponds to an area (also known as zone or partition, depending on the manufacturer) that is configured on an intrusion panel (also known as alarm panel). Intrusion detection areas might be automatically created by the Intrusion Manager when the intrusion panels on which they are configured are enrolled to your system. Intrusion detection areas are not configurable for the most part, except for the cameras assigned to them for monitoring purposes in Security Desk and the event-toactions. They are automatically updated when the zones they correspond to are updated on the intrusion panels. System: General – Intrusion management Task: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Shows the properties of the intrusion detection area as it is configured on the intrusion detection unit.
Cameras
Cameras used to monitor this intrusion detection area in Security Desk.
Custom fields
Custom field values for this intrusion detection area.
Related topics:
• • • •
"Enroll an intrusion panel" on page 156 "Create an intrusion detection area" on page 159 "Intrusion Manager" on page 563 "Intrusion detection unit" on page 423
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
421
Intrusion detection area
Properties The Properties tab shows the properties of the intrusion detection area as configured on the intrusion detection unit.
NOTE This page is read-only for zones configured on Bosch units.
Property description
• Physical name. Name of the intrusion detection area (sometimes called zone or partition) as it is configured on the physical intrusion panel. Changing the entity name of the intrusion detection area will not change its physical name.
• Intrusion detection unit. Entity name of the intrusion detection unit (intrusion panel) where this area is configured.
• Devices. Name and description of the inputs defining this intrusion detection area. TIP You can assign meaningful names to input and output devices of the intrusion detection unit from the unit’s Peripherals tab. For more information, see "Edit intrusion detection unit peripherals" on page 158.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
422
Intrusion detection unit
Intrusion detection unit The intrusion detection unit entity represents a physical intrusion panel that is monitored and controlled by Security Center. An intrusion panel (also known as alarm panel) is a wall-mounted unit where the alarm sensors (motion sensors, smoke detectors, door sensors, and so on) and wiring of the intrusion alarms are connected and managed. System: General – Intrusion management Task: Intrusion detection – Units Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Hardware specific settings for this unit.
Peripherals
List of all peripheral devices connected to the unit.
Custom fields
Custom field values for this intrusion detection unit.
Location
Time zone and geographical location of this unit.
NOTE Security Center currently supports both Bosch GV2/GV3 series and Honeywell Galaxy Dimension intrusion panels. Only the configuration of Bosch intrusion panels is described in this manual. For the configuration of Honeywell intrusion units in Security Center, see the Honeywell Galaxy Control Panel Integration User Guide, found in the Documentation\Controllers folder of your Security Center installation package.
Related topics:
• "Enroll an intrusion panel" on page 156 • "Intrusion Manager" on page 563 • "Intrusion detection area" on page 421
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
423
Intrusion detection unit
Properties The Properties tab allows you to configure the hardware-specific options for this unit.
• Clear logs after download is completed. Select this option to erase the log from the intrusion panel once it is downloaded to Security Center. NOTE You might not want Security Center to erase the logs on the intrusion panel if the panel
is also monitored by a central monitoring station.
• Interface type. The interface type cannot be changed after the entity is created. If you need to change the interface type, you need to delete the entity and re-create it. For more information, see "Enroll an intrusion panel" on page 156. For the serial interface, you can change the port number. For the IPv4 interface, you can change the IP address of the intrusion panel and its connection port.
• Clock synchronization. Select Automatic synchronization if you want the clock on the intrusion panel to be synchronized with Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
424
Intrusion detection unit
Peripherals The Peripherals tab lists all peripherals (inputs pins and output relays) connected to the intrusion detection unit. For more information about editing intrusion detection unit peripherals, see "Edit intrusion detection unit peripherals" on page 158.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
425
LPR unit
LPR unit An LPR unit is an IP-based license plate recognition (LPR) device. An LPR device converts license plate numbers cropped from camera images into a database searchable format. Typically, an LPR unit includes two cameras: an LPR camera that produces high resolution close-up images of license plates; and a context camera that produces a wide-angle color image of the license plate and the vehicle. AutoVu Sharp is the LPR unit used in Security Center AutoVu solutions. The Sharp includes license plate capturing and processing components, as well as digital video processing functions, enclosed in a ruggedized casing. Sharps can be deployed in mobile and fixed installations. A mobile installation is where the Sharp is mounted on a vehicle and is integrated into AutoVu Patroller (the in-vehicle software of the AutoVu LPR system), which in turn is integrated into Security Center. A fixed installation is where the Sharp is mounted in a fixed location, such as on a pole, and integrated directly into Security Center. The LPR Manager automatically detects Sharps on the network and adds them to the Security Center system. It detects mobile Sharps through the AutoVu Patroller system they are connected to. It detects fixed Sharps directly through the Security Center discovery port. System: AutoVu IP license plate recognition Task: Role view (under the LPR Manager roles and Patrollers) Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Unit properties such as manufacturer, model, firmware version, network settings, and authentication password.
Custom fields
Custom field values for this LPR unit.
Location
Time zone and geographical location of this unit.
Related topics:
• "LPR Manager" on page 567 • "Patroller" on page 450
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
426
LPR unit
Properties The Properties tab displays hardware and software information about the Sharp unit, such as the IP address and port being using. You can also associate a specific hotlist to the Sharp, or link the LPR camera in the Sharp to an Omnicast camera, or the Sharp's own context camera.
• Properties. Displays hardware and software information about the Sharp unit:
IP address. IP address of the Sharp unit.
Port. Port used by the LPR Manager to communicate with the Sharp unit.
Version. AutoVu PlateReaderServer software version running on the unit.
Type. Unit hardware version.
Serial number. Unit factory installed serial number.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
427
LPR unit
• Applications. Displays which Updater service and Firmware versions are running on the Sharp.
• Devices. Link the LPR camera to an Omnicast camera. • File association. Select how the Sharp behaves with hotlists:
Inherit from LPR Manager role. The Sharp uses the hotlists associated with its parent LPR Manager. This is the default setting. Specific. Associate specific hotlists with the Sharp unit. This allows you to create Eventto-actions in Security Desk that trigger on that specific hotlist. For example, if you’re using the Sharp to allow access to a parking lot, you would put the vehicle plates on a hotlist, and then associate that hotlist to the Sharp.
NOTE To reboot a fixed Sharp, click the Reboot button found on the Contextual command toolbar at the bottom of the Config Tool window. If the Reboot button is not visible, log on to the ’s Configuration page, and then select Accept remote reboot requests.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
428
Macro
Macro The macro entity encapsulates a C# program that adds custom functionalities to Security Center. Macros can be executed either manually or automatically. When automated, it is loaded as a background process and executes when a set of conditions are met.
System: General Task: System – Macros Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Features a basic text editor allows you to view and edit your C# code.
Default execution context
Default values for the context variables declared in the macro body. The default execution context is used when the macro is run from the Common tasks area.
Related topics:
• "Using macros" on page 110 • "Tile plugin" on page 480 • "Monitoring the status of your system" on page 177
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
429
Macro
Properties The Properties tab provides a basic text editor for you to write your C# code.
Import from file Click this button to import the source code from a file.
Checking syntax Click this button to validate the C# code. If errors are found in the code, they are listed in a dialog box with the line and column numbers where they are found. NOTE Security Center prevents a macro that has errors from being saved. If a macro has errors,
and you change tabs, it is rolled back to its last error free version.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
430
Macro
Default execution context The Default execution context tab shows the context variables defined in your macro.
About the execution context You can provide input parameters to your macro by declaring mutators. Such mutators must be public. Their type must be one of the following:
• • • •
System.Boolean System.String System.Int32 System.Guid
By declaring mutators, your macro will have an execution context that can be configured in the Default execution context tab. If a macro is run without specifying an execution context, the default execution context is used. This is always the case when a macro is launched from the Contextual commands toolbar in Config Tool. The default execution context can be overridden by specifying your own context.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
431
Monitor group
Monitor group The monitor group entity is used to configure the properties of a group of analog monitors.
System: General Task: Alarms - Monitor groups Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Monitors
General behavior of the analog monitor.
Related topics:
• "Analog monitor" on page 357 • "Managing alarms" on page 111
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
432
Monitor group
Monitors The Monitors tab lets you add multiple analog monitors to the monitor group. Later, when you create alarms, you can add a monitor group and its members as a recipient of the alarm. See "Configuring analog monitors" on page 220. IMPORTANT The order of analog monitors in the monitor group list is important. If you add more than one analog monitor to the monitor group, the first analog monitor in this list will receive the highest priority alarm, the second analog monitor will receive the second highest priority alarm, and so on. The last analog monitor in this list will receive all the other alarms.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
433
Network
Network Network entities are used to capture the characteristics of the networks used by your system so that proper stream routing decisions can be made. Unless your entire system runs from a single private network without communicating with the outside world, you must configure at least one network entity other than the Default network to describe your networking environment. System: General, and more specifically for Omnicast Task: Network view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Network characteristics and routing information.
Related topics:
• "Managing the Network view" on page 82 • "Server" on page 471 • "Media Router" on page 585
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
434
Network
Properties The Properties tab defines the network characteristics and routing information.
Capabilities Data transmission capabilities. This setting is only used by Omnicast for streaming live video on the network. Always select the largest set of capabilities if your network supports them.
• Unicast TCP. Unicast (one-to-one) communication using TCP protocol is the most common mode of communication. It is supported by all IP networks, but it is also the least efficient method for transmitting video.
• Unicast UDP. Unicast (one-to-one) communication using UDP protocol. Because UDP is a connectionless protocol, it works better for live video transmission. When the network traffic is busy, UDP is much less likely to cause choppy video then TCP. A network that supports unicast UDP necessarily supports unicast TCP.
• Multicast. Multicast is the most efficient transmission method for live video. It allows a video stream to be transmitted once over the network to be received by as many destinations as necessary. The gain could be very significant if there are many destinations. A network supporting multicast necessarily supports unicast UDP and unicast TCP. NOTE Multicast requires specialized routers and switches. Make sure you confirm this with
your IT department before setting the capabilities to multicast.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
435
Network
IPv4 address IPv4 has two display modes.
• Subnet display. This mode displays the IPv4 subnet mask as four bytes.
• CIDR block display. The Classless Inter-Domain Routing (CDIR) mode displays the IPv4 subnet mask as a number of bits.
Click
to select the preferred display mode.
IPv6 address Version 6 IP address prefix for your network.
Your network must support IPv6 and you must enable the option Use IPv6 on all your servers. For more information, see "Network" on page 476.
Proxy server You only need to specify the proxy server when Network Address Translation (NAT) is used between your configured networks. The proxy server must be a server known to your system and must have a public port and address configured on your firewall. For more information, see Server – "Properties" on page 472.
Routes Routes are defined by default between every two networks on your system. The route capabilities are limited by the smallest capability set of the two end points. For example, if one end is capable of multicast and the other end is only capable of unicast UDP, the capabilities of the route between these two end points cannot be more than unicast UDP. If the connection between the two end points (for example VPN) only supports unicast TCP, you might have to limit the capabilities of a route even further. You need to delete a route if no direct connection exists between two networks.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
436
Output behavior
Output behavior The output behavior entity defines a custom output signal format such as a pulse with a delay and duration. Output behaviors are used to control output relays that are not being used to control door locks.
System: Synergis IP access control Task: System – Output behaviors Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Output signal pattern.
Related topics:
• • • •
"Access control unit" on page 337 "Video unit" on page 494 "Zone (hardware)" on page 502 "Zone (virtual)" on page 506
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
437
Output behavior
Properties The Properties tab lets your configure the output signal pattern.
Some examples of output behaviors can include controlling a parking gate, flashing a light in the warehouse, and so on. In the image above, the behavior for an output relay is configured to open and close the circuit 10 times over a 10 second period.
• Output type. Choose state, pulse or periodic. State sets the circuit’s state to open or closed, Pulse sets a pulse to be generated, and Periodic sets a cyclic output to be generated.
• Delay. The delay before the pulse or periodic output is generated. • Duration. The duration (in milliseconds) of the pulse. • Infinite. Select this checkbox if the periodic behavior should continue until it is told to stop by another output behavior.
• Duty cycle. The ratio of the output signal pattern pulse width divided by the period. • Period. The time for one complete cycle of the output signal pattern. Output behaviors can be triggered by automatic event-to-action relationships, manually through hot actions in Security Desk, or through IO linking.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
438
Overtime rule
Overtime rule The overtime rule entity specifies time limits of parking within a restricted area (a single parking space, a city district, or both sides of a city block). It also specifies the maximum number of overtime violations enforceable within a single day. The overtime entity is downloaded to Patroller. In Patroller, an overtime hit occurs when the time between two plate reads of the same plate is beyond the time limit specified in the overtime rule. For example, your overtime rule specifies a four hour parking limit within a city district. The Patroller operator does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator then does a second pass through the district at 1:05 P.M. If a plate was read during the first and second pass, Patroller will generate an overtime hit. The overtime rule is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include hotlist, permit, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a pair of plate reads (same plate read at two different times) violates an overtime rule, it is called an overtime hit. System: AutoVu IP license plate recognition Task: LPR – Overtime rules Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
The parking regulations enforced by this entity.
Parking lot
The parking zone where this entity is enforced.
Custom fields
Custom field values for this overtime rule.
Related topics:
• • • •
"Hotlist" on page 414 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
439
Overtime rule
Properties The Properties tab is used to configure the parking regulations enforced by this overtime rule. For more information on how to configure overtime rules, see “Configuring overtime rules in Security Center” in the AutoVu Handbook.
• Color. Assign a color to the overtime rule. When you select the overtime rule in Patroller, the plate reads on the map, and the hit screen, are displayed in this color.
• Vehicle parking position. Each Patroller has two sets of calibrated parameters for the optimal reading of wheel images, based on the parking position of the vehicles: Parallel or Angled (45-degree). This setting tells the Patroller which set of parameters to use. NOTE This setting applies to AutoVu Patroller City Parking Enforcement with wheel imaging applications.
• Long term overtime. Use this option for long term parking; that is, where vehicles can park in the same spot for over 24 hours. When Long term overtime is selected, the parking time limit is specified in days (2 to 5 days). IMPORTANT You can only have one long term overtime rule per Directory.
This option automatically sets the parking regulation to same position, meaning the vehicle has parked overtime when it stays in the same parking space beyond the parking time limit set for such parking space.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
440
Overtime rule
NOTE This setting applies to AutoVu Patroller City Parking Enforcement with or without
wheel imaging. Wheel imaging is recommended if you plan to use this rule to detect vehicles parked long term so that you can distinguish between someone who parks in the same position and a vehicle which has been abandoned.
• Parking enforcement. Select the type of restricted parking area that applies to the time limit: a single parking spot, a district within a city, or both sides of a city block.
Same position. A vehicle is parked overtime if it parks in the same spot beyond the time limit specified. For example, your overtime rule specifies a one hour parking limit for a single parking space. The Patroller operator does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator does a second pass at 10:05 A.M. If Patroller reads the same plate in the same spot both times, it results in an overtime hit. IMPORTANT For this feature to work, Patroller needs GPS capability.
District. A vehicle is parked overtime if it is parked anywhere within a city district (a geographical area) beyond the specified time limit. For example, your overtime rule specifies a four hour parking limit within a city district. The Patroller user does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator does a second pass through the district at 1:05 P.M. If Patroller reads the same plate in the same district both times, it results in an overtime hit.
Block face (2 sides). A vehicle is parked overtime if it is parked on both sides of a road between two intersections beyond the specified time limit. For example, your overtime rule specifies a 1hour parking limit within a city block face.The Patroller operator does a first pass through the block face at 9:00 A.M. collecting license plate reads. The operator does a second pass down the block at 10:05 A.M. If Patroller reads the same plate in the same block face both times, it results in an overtime hit. Regulation. Defines the parking time limit, when it is to be enforced, the grace period to be granted, and how many times it can be enforced within a single day. You can add, delete, and modify a parking regulation. To add a regulation, click , and do the following.
•
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
441
Overtime rule
Time limit. The parking time limit in hours and minutes. Grace period. Time beyond the parking time limit during which overtime violation is waived. For example, Patroller will generate an overtime hit on a plate when time between the capture of the same plate exceeds the Time limit plus the Grace period. Applicable days. Days of the week when the time limit is enforced. You can select a weekly time frame from the drop-down list: Always (7 days), Weekdays (Monday to Friday), Weekends (Saturday and Sunday), and Custom. To create a custom time frame, click on the days. Applicable hours. Select when the time limit is enforced. You can choose All day or Time range. To define a time range, click in the date picker field, and use the text field or the graphical clock to specify the time.
About multiple overtime violations You can add multiple parking regulations to an Overtime rule to specify the maximum number of citations that can be issued to the same vehicle for the same offence. For example, let’s say your overtime rule has two separate parking regulations defined (of differing time limits if required). If a vehicle exceeds the first parking time limit an overtime hit occurs. If the same vehicle remains parked and subsequently exceeds the second parking time limit, a second overtime hit occurs. If the same vehicle still remains parked a third overtime hit will not occur. By default, Patroller keeps reads associated to an overtime rule for 12 hours. Therefore, if the next day the vehicle is still in the same spot, and exceeds the parking time limit, an overtime hit will occur. To change the reset time of overtime rules, see the Patroller Config Tool setting LinkReadPersistenceDuration.
Parking lot The Parking lot tab defines the parking zone where this parking rule must be enforced. The Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of spaces in the lot, and then draw a polygon on top of the map to represent the physical parking lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in that area. For more information on how this information is being used, see “Zone occupancy report” in Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
442
Overtime rule
NOTE This applies only to AutoVu Patroller University Parking applications.
You can add multiple lots to a map.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
443
Parking facility
Parking facility The Parking facility entity defines a large open parking area or a parking garage as a number of sectors and rows for the purpose of tracking the location of vehicles inside that parking facility. It is used in the AutoVu Mobile License Plate Inventory (MLPI) application. The license plate inventory is the list of vehicles present in a parking facility within a given time period. Before AutoVu MLPI units (mobile Patrollers and handheld devices) can collect license plates for the inventory, you must define their collection route as a sequence of sectors and rows configured in the parking facility. The sector and row where a license plate is read represents the location of the vehicle inside the parking facility. Security Center collects license plate reads from the MLPI units and creates an inventory for the current date. Using Security Desk, you can find where a vehicle is parked (sector and row) and how long it has been parked there in the current inventory. You can also compare two inventories on different dates to view the vehicle movements (vehicles that were arrived, moved, or left). System: AutoVu IP license plate recognition Task: LPR – Parking facilities Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Assigns an LPR Manager to this entity and configures its sectors and rows.
Custom fields
Custom field values for this parking facility.
Related topics:
• "Patroller" on page 450
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
444
Parking facility
Properties The Properties tab is used to assign an LPR Manager to the parking facility and configure its sectors and rows for the license plate collection route. For more information on how to configure parking facilities, see “Configuring parking facilities” in the AutoVu Handbook.
• AutoVu LPR Manager. Select the LPR Manager responsible for creating and managing the license plate inventory for this parking facility. Only offloads from MLPI Patrollers managed by the same LPR Manager are used to build the inventory for this parking facility. An MLPI Patroller offload can include the vehicle inventory for multiple parking facilities, but only the reads tagged for this parking facility are used to build the inventory. IMPORTANT Make sure to set a Read retention period for the LPR Manager (see "General settings" on page 569) that is long enough for the period of time you want to keep your inventories.
• Configuration. List of sectors, rows, and space count of the parking facility. The parking space of a parking facility is divided into sectors (or levels in the case of a parking garage) for ease of reference. Each sector contains x number of rows, and each row contains x number of spaces. You can configure Patroller to trigger an alarm (sound or warning message) if the reads collected during your sweep of a row exceed the space count for that row. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
445
Parking facility
• Route. License plate collection route to be followed by the MLPI units responsible for collecting the license plates for the inventory. The route is downloaded by the Patrollers and handheld devices assigned to this parking facility. Only one route may be defined per parking facility, but each MLPI device can start its sweeping round at a different point in the route. The route forms a closed circuit. New sectors and rows are added to the end of the route by default. You can change the order of sector-rows in the route using the and buttons.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
446
Partition
Partition The partition entity defines a set of entities that are only visible to a specific group of users. For example, a partition could include all doors, elevators, and cameras in one building. Partitions eliminate the tedious task of creating one-to-one relationships between users and the entities they are allowed to see in the system. If a user has no rights to a partition, that partition and everything it contains are invisible to that user. System: General Task: Security – Partitions Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Defines the members (content) of the partition.
Accepted users
Defines the users who can see the content of the partition.
Related topics:
• • • •
"Managing software security" on page 89 "Defining partitions" on page 90 "User" on page 482 "User group" on page 489
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
447
Partition
Properties The Properties tab allows you to view and manage partition content.
From this tab, you can do the following:
• To share this partition with other independent Security Center systems, switch Global •
partition to ON. For more information, see "Configure a partition for sharing" on page 304. To search for an entity in the members list, use the name filter or the custom filter. For more information, see "Searching for tasks and entities" on page 42.
• To add members to the partition, click
. For more information, see "Add members to a partition" on page 92. To remove the selected entities from the partition membership, click .
• • To jump to the configuration page of the selected entity, click . • To filter the members by entity type, use the Show drop-down list. Related topics:
• "Managing global cardholders" on page 296
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
448
Partition
Accepted users The Accepted users tab allows you to view and configure who can access the content of the partition, and designate some of them as partition managers.
From this tab, you can do the following:
• To show only users, only user groups, or both, use the Entity type scroll-down list. • To add accepted users to the partition, click . For more information, see "Add accepted •
users to a partition" on page 92. To promote the selected user or user group to the status of partition manager, click the Partition manager checkbox NOTE All administrators are by default managers of all partitions. This is shown by the
checkbox selected but greyed out. For more information, see "Who is a partition manager?" on page 91.
• To remove all access rights over the partition from the selected users and user groups, Click .
• To jump to the configuration page of the selected entity, click
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
.
449
Patroller
Patroller A Patroller entity represents the in-vehicle software that runs on board a mobile data computer (MDC). It verifies license plates captured by LPR units mounted on the vehicle against lists of vehicles of interest and vehicles with permits. It also collects data for time-limited parking enforcement. The Patroller interface alerts users of license plates matching the above rules so that immediate action can be taken.
System: AutoVu IP license plate recognition Task: Logical view, or LPR – Units (under LPR Manager) Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Assigns an LPR Manager to this entity and configures its sectors and rows.
Custom fields
Custom field values for this Patroller.
Location
Time zone and geographical location of this unit.
Related topics:
• "LPR unit" on page 426
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
450
Patroller
Properties The Properties tab displays information about the computer hosting the Patroller entity (you cannot edit the Patroller properties). You can also configure sound management, acknowledgment buffer settings, and a hit delay for the Patroller unit. TIP Use the Copy configuration tool to copy these settings to another Patroller entity.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
451
Patroller
• Properties. Lists the properties of the Patroller in-vehicle computer.
IP address. IP address of the Patroller computer.
Version. Version number of the Patroller application.
Type. Patroller installation type(s).
Serial number. Serial number of the Patroller.
Machine name. Name of the Patroller computer.
• File association. Select how the Patroller behaves with hotlists and/or permit lists:
Inherit from LPR Manager role. Patroller uses the hotlists and permit lists associated with its parent LPR Manager. This is the default setting.
Specific. Associate specific hotlists or permit lists with the Patroller unit rather than the LPR Manager. If you later want to move the Patroller entity to another LPR Manager on your system, the hotlist or permit list will follow. Sound management. Configure Patroller to play a sound when reading a plate and/or generating a hit, and choose whether sounds should be played even when Patroller is minimized.
•
Play sound on hit. Plays a sound when Patroller generates a hit.
Play sound on read. Plays a sound when Patroller reads a plate.
Play sounds even when minimized. Play sounds even if the Patroller window is minimized. Acknowledgment buffer. Specify a buffer restriction that limits how many hits can remain unacknowledged (not accepted or rejected) before Patroller starts automatically rejecting all subsequent hits. You can also choose (by priority) which hotlists should comply with this restriction.
•
Reject count. How many unacknowledged hits are allowed.
Reject priority. When you create a hotlist entity, you can specify a priority for that hotlist. This setting tells Patroller which hotlist(s) should comply with the buffer restriction. Hotlist. Specify the Duplicate hotlist hit delay that tells Patroller to disregard multiple hits on the same plate for the duration of the delay. For example, if you set a delay of 10 minutes, no matter how many times Patroller reads the same plate during those 10 minutes, it will generate only one hit (assuming the plate is on a hotlist).
•
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
452
Permit
Permit The Permit entity defines a single parking permit holder list. Each permit holder is characterized by a Category (whose value is the same as the name of the Permit entity), a license plate number, a license issuing state (or province, or country), an optional permit validity range (effective date and expiry date), and an optional Permit ID. Permits are used by AutoVu Patrollers configured for either city or university parking enforcement. The permit entity belongs to a family of methods used by AutoVu to identify vehicles of interest, called hit rules. Other types of hit rules include hotlist, overtime, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a read fails to match any permit loaded in the Patroller, it generates a permit hit. System: AutoVu IP license plate recognition Task: LPR – Permits Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Configuring the parsing of the source permit data file for this entity.
Custom fields
Custom field values for this permit.
Related topics:
• • • •
"Hotlist" on page 414 "Patroller" on page 450 "Overtime rule" on page 439 "Permit restriction" on page 457
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
453
Permit
Properties The permit Properties tab is used to configure the parsing of the source permit data file. For more information on how to configure permits, see “Configuring permits and permit restrictions in Security Center” in the AutoVu Handbook.
• Path. Type the path or browse to the permit text file. Every permit entity in Security Center must be associated with a text file containing the actual permit data; that is, license plate numbers and other related vehicle information. The associated text file is typically created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files). The source text file can be located on the LPR Manager computer’s local drive (for example, the C drive), or on a network drive that is accessible from the LPR Manager computer. If you start typing a path to a network drive, the Username and Password fields appear and you’ll need to type the username and password to access the network drive.
• Use delimiters. Tells Security Center that the fields in the permit list file are of variable length and indicates the character used to separate each field in the file. By default, Use delimiters is set to On, and the delimiter specified is a semi-colon (;). If your permit list file is made up of fixed length fields, set Use delimiters to Off. Security Center supports the following delimiters:
Colon (:)
Comma (,)
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
454
Permit
Semi-colon (;)
Tab (Tab)
If your permit list file uses Tab as a delimiter (i.e. the “Tab” key on your keyboard), type the word “Tab” as the delimiter character. IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use more than one Tab space to align columns in your file or Security Center may not be able to parse the permit list.
• Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and permit editor task. IMPORTANT Please note the following about the Hotlist and permit editor:
A user must be granted the privilege to use the Hotlist and permit editor.
Only the first 100,000 rows of a list are loaded into the Hotlist and permit editor.
If an error occurs while the hotlist is being loaded, the loading process is cancelled and an error message is displayed. However, you will not lose any of the data loaded before the error occurred, and you can still edit the data loaded into the editor. Attributes. Tells Security Center the name and order of the fields (attributes) in the source text file. You can add, delete, or edit the fields.
•
IMPORTANT There cannot be any spaces within an attribute name.
Category. (Mandatory field) The name of the parking permit. This field in the permit list’s source text file must match the permit entity name for the entry to be downloaded to Patroller. This field allows you to use one permit list for several permit entities on your system, provided you create permit entities for each permit category in your permit list. EXAMPLE Here is a simple permit list with three different permit categories (Students,
Faculty, and Maintenance). Students;QC;DEF228;2012-01-31;2012-05-31;PermitID_1 Category field
Faculty;QC;345ABG;2012-01-31;2012-07-25;PermitID_2 Maintenance;QC;244KVF;2012-01-31;2012-03-31;PermitID_3
You can use this same permit list for three different permit entities. Create a Students permit entity, a Faculty permit entity, and a Maintenance permit entity, and then point all of them to the same source text file. Security Center will extract the license plates (and related information) whose category is the same as the name of the permit entity. IMPORTANT The permit entity name must match the category name exactly.
PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate.
PlateNumber. (Mandatory field) The license plate number.
The following fields are shown by default, but are optional. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
455
Permit
EffectiveDate. Date from which the particular permit on the list starts to be effective.
ExpiryDate. Date after which the particular permit on the list is no longer valid.
PermitID. (University Parking Enforcement only) Used when multiple entries in a permit list share the same permit (e.g. car pool permits). Can be used to identify the number of the permit issued to the vehicle whose license plate is identified in PlateNumber. In the case of shared permits, normally up to four separate vehicles would all have the same permit number. Add ( ) or Edit ( ) a permit attribute. Configure the following:
•
Name. Only the three compulsory fields, Category, PlateState, and PlateNumber cannot be renamed. Names may contain spaces. Value. The default value is interpreted differently depending on whether delimiters are used or not.
If delimiters are in use, the default value is written into this field. Fields already populated will be overwritten. If delimiters are not in use, and if the field is empty, the default value is written into this field. Fields already populated will not be overwritten.
Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if you add a mandatory attribute called CarColor, the column for CarColor in the source file must have text in it. Fixed length. This option is enabled only if you chose to use fixed length data fields. Indicate the start position of the field in the file record and its length. The position of the first character is zero (0). Date format. Specify a time format if the field contains a date or time value. All standard date and time format strings used in Windows are accepted. If nothing is specified, the default time format is “yyyy-MM-dd”. For example, the following is what you may find in a variable field length data file using a semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, EffectiveDate, ExpiryDate, and PermitID. MyPermit;QC;DEF228;2012-01-31;2012-05-31;PermitID_1 MyPermit;QC;345ABG;2012-01-31;2012-07-25;PermitID_2 MyPermit;QC;067MMK;2012-03-31;2012-09-11;PermitID_1 MyPermit;QC;244KVF;2012-01-31;2012-03-31;PermitID_3
Translate. You can apply an optional transformation to the values read from the data file. Use this feature to shorten certain values to save space on the Patroller or to enforce spelling consistency.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
456
Permit restriction
Permit restriction The permit restriction entity defines where and when permit holders can park. Different time restrictions can be applied to different permits. For example, a permit restriction may limit the parking in zone A from Monday to Wednesday for permit P1 holders, and from Thursday to Sunday for permit P2 holders. Permit restrictions are used by AutoVu Patrollers configured for University Parking Enforcement. The permit restriction entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include hotlist, overtime, and permit. When a plate read matches a hit rule, it is called a hit. When a plate read matches a permit restriction, it generates a permit hit. Additionally, a shared permit hit occurs when two plates sharing the same permit ID are read in the same parking zone within a specific time period. System: AutoVu IP license plate recognition Task: LPR – Permit restrictions Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
The parking restrictions applied to this entity.
Parking lot
The parking zone where this entity is enforced.
Custom fields
Custom field values for this permit restriction.
Related topics:
• "Overtime rule" on page 439 • "Patroller" on page 450 • "Permit" on page 453
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
457
Permit restriction
Properties The Properties tab is used to configure the restrictions for the individual permits that apply to the parking zone represented by the rule. For more information on how to configure permit restrictions, see “Configuring permits and permit restrictions in Security Center” in the AutoVu Handbook.
• Color. Color used to represent the permit restriction in Security Desk. In Patroller, permit restrictions are always green for regular permit hits, or blue for shared permit hits. A read is displayed as a triangular-shaped icon in the selected color on the map, when an permit restriction is in effect. When a read violates one of the restrictions, the icon is encircled with a red ring. It indicates a permit hit.
• List of restrictions. Define the time restrictions for the different permits associated to a parking zone. Each time restriction is described by the following attributes:
Permits. Select the permits the time restriction applies to:
Everyone. Parking is available to everyone, regardless of whether they have a permit or not. No restriction is enforced during the specified time period. No permit. Only vehicles without permits can park. For example, you can use this type of restriction to reserve a zone for visitors parking. A plate read that matches any of the permits downloaded to the Patroller raises a hit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
458
Permit restriction
All permits. Only vehicles with a permit can park. A plate read that does not match any of the permits downloaded to the Patroller raises a hit. Specific permits. Only vehicles having one or more of the specified permits can park. A plate read that does not match any of the specified permits raises a hit.
When multiple time restrictions apply at a given time, conflicts are resolved by evaluating the restrictions in the following order: 1. Everyone, 2. No permit, 3. All permits, 4. Specific permits. Moreover, a hit is raised when a matched permit is not valid (either not yet effective or already expired).
Days. Days of the week when parking is allowed.
Hours. Time during the day when parking is allowed.
Validity. Dates when parking is allowed. Choose All year or select a specific time span using the date picker.
NOTE The date span must be longer than one day.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
459
Permit restriction
Parking lot The Parking lot tab defines the parking zone where this parking rule must be enforced. The Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of spaces in the lot, and then draw a polygon on top of the map to represent the physical parking lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in that area. For more information on how this information is being used, see “Zone occupancy report” in Genetec Security Desk User Guide. NOTE This applies only to AutoVu Patroller University Parking applications.
You can add multiple lots to a map.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
460
Public task
Public task The public task entity represents a saved Security Desk task that can be shared among multiple Security Desk users. Public tasks can only be created from Security Desk.
System: All systems Task: Role view Identity
Name and description of this public task. Use the relationships list to manage the visibility of this public task through partitions.
Related topics:
• “Getting started – Save a task” in Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
461
Role
Role The role entity corresponds to a set of functions within Security Center, such as archiving video or managing access control units, and defines the parameters within which these functions must be carried out. Roles must be hosted by servers. Multiple roles can be hosted on a single server, and multiple servers can be assigned to perform the same role, either as a standby, or for load balancing purposes. System: All systems Task: System – Roles Every role type has its particular configuration tabs. The following are the most common ones found in roles. Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Specific properties of the role. See "Role types" on page 510.
Resources
Servers and database assigned to this role.
Extensions
Roles are often required to control hardware devices (units).
NOTE The Directory role is an exception. The Directory role can only be configured using Server Admin. For more information, see "Server Admin" on page 473.
Related topics:
• • • •
"Managing servers and roles" on page 47 "Configuring role failover" on page 61 "Server" on page 471 "Role types" on page 510
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
462
Schedule
Schedule The schedule entity defines a set of time constraints that can be applied to many situations, such as when a user is allowed to log on to the system, when video from a surveillance camera should be recorded, or when access should be granted to a secured area. Each time constraint is defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed range, daytime, and nighttime). There are two subtypes of schedules:
• Standard schedule (
). This type of schedule can be used in all situations. Its only limitation is that it does not support daytime or nighttime coverage.
• Twilight schedule ( ). This type of schedule supports both daytime and nighttime coverages, but cannot be used in all situations. Its primary function is to control video related behaviors. Twilight schedules are not visible in contexts where they are not applicable. System: General Task: System – Schedules Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Time constraints defining this schedule.
Custom fields
Custom field values for this schedule.
Related topics:
• "Using schedules" on page 103 • "Resolving schedule conflicts" on page 105
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
463
Schedule
Properties The Properties tab lets you configure the time constraints that define the schedule.
Date coverage The date coverage defines a date pattern or specific dates to be covered by the schedule.
• Daily. Defines a pattern that repeats every day. • Weekly. Defines a pattern that repeats every week. Each day of the week can have a different time coverage. This option is not available for twilight schedules. For more information, see "Weekly time range" on page 466.
• Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date pattern can have a different time coverage. For example, on July 1st every year, on the first Sunday of every month, or on the last Friday of October every year. For more information, see "Using the ordinal pattern" on page 468.
• Specific. Defines a list of specific dates in the future. Each date can have a different time coverage. This option is ideal for special events that occur only once.
Time coverage The time coverage defines which time periods apply during a 24-hour day.
• All day. Covers the entire day. This option is not available for twilight schedules. • Range. Covers one or multiple discrete time periods within the day. For example, from 9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m. This option is not available for twilight schedules. For more information, see "Setting the time range" on page 465.
• Daytime. Covers from sunrise to sunset. This option is only available for twilight schedules. For more information, see "Twilight coverage" on page 467.
• Nighttime. Covers from sunset to sunrise. This option is only available for twilight schedules. For more information, see "Twilight coverage" on page 467.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
464
Schedule
Setting the time range Time ranges are shown as colored blocks on a time grid. Each block represents either 15 minutes or one minute, depending on the selected time resolution. Left-click the mouse to select, and the right-click the mouse to remove a selection. To select or remove a contiguous block of time, click and drag.
Daily time range The following example shows a daily schedule covering the period from 6 p.m. to 6 a.m. every day. The time grid shows a 24-hour day in blocks of 15 minutes.
To switch to high resolution mode (each block represents 1 minute), click the
Eye button.
While you are in this mode, use the arrow buttons to scroll in the 24 hour time line. To switch back, click the Eye button again.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
465
Schedule
Weekly time range The following example shows a weekly schedule covering a period from 9 a.m. to 5 p.m., from Monday to Friday, with a half-hour break between 12:15 p.m. and 12:45 p.m.
The Weekly date pattern is not available for twilight schedules. TIP You can configure something equivalent to the Weekly pattern using the Ordinal pattern. The following example shows a schedule that covers the daytime of every Monday of the year.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
466
Schedule
Time range for specific dates When you use the Ordinal or Specific date pattern, the time range covers up to three days: the day before, the current day, and the day after. The following example shows a specific schedule covering July 1st 2011 from 9 p.m. the day before to 3 a.m. the day after.
While configuring multiple dates in the schedule (Ordinal or Specific), you can use a different time coverage for each day covered by the schedule.
Twilight coverage The Daytime and Nighttime options are only available for twilight schedules. The following example shows a daily schedule using a Daytime coverage. The time coverage starts 10 minutes after the sun rises and ends 10 minutes before the sun sets.
NOTE You can offset the sunrise and sunset times by up to 3 hours, in both directions.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
467
Schedule
Using the ordinal pattern The Ordinal date pattern allows you to configure time coverages that repeat on specific days of a month or a year. You can define as many dates as necessary within a single schedule entity.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
468
Scheduled task
Scheduled task The scheduled task entity defines a command (or action) in Security Center that must be executed automatically, at a specific time, or repetitively on a recurring schedule.
System: General Task: System – Scheduled tasks Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Details about the scheduled task, recurrence pattern and action to be executed.
Related topics:
• "Using scheduled tasks" on page 109 • "Using event-to-actions" on page 106
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
469
Scheduled task
Properties The Properties tab is where you configure the scheduled task’s behavior.
The schedule task properties are:
• Status. Allows you to turn the scheduled task on or off. • Recurrence.
Once. Executed once at a specific date and time.
Every minute. Executed every minute.
Hourly. Executed at a specific minute of every hour.
Daily. Executed at a specific time every day.
Weekly. Executed at a specific time on selected days of the week.
On startup. Executed on system startup.
Interval. Executed at regular intervals that can be days, hours, minutes, or seconds. Action. Action to be executed on schedule. For more information, see "Action types" on page 758.
•
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
470
Server
Server The server entity represents a generic computing resource capable of taking on any role (group of functions) you assign it. Server entities are not created manually on the system. Instead, Security Center automatically creates a server entity when the Security Center Server software (Genetec Server service) is installed on a machine, and that machine is connected to the main server of your system (the server hosting the Directory role). System: General Task: Network view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Public address and port of the server.
Server Admin
Embedded browser to access to the Web Server Admin page.
Related topics:
• • • • •
"Managing servers and roles" on page 47 "Configuring role failover" on page 61 "Managing the Network view" on page 82 "Network" on page 434 "Role" on page 462
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
471
Server
Properties The Properties tab shows the server’s private IP addresses, and allows you to specify a public address and a port number. These last two settings are necessary only if the server acts as the proxy server for a private network.
Servers with multiple network interface cards If your server is equipped with more than one network interface card (NIC), all private IP addresses corresponding to the NICs are listed. IMPORTANT Make sure the first address found in the server’s private address list matches the IPv4 properties of the network entity the server belongs to.
For more information, see Network – "Properties" on page 435. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
472
Server
Server Admin The Server Admin tab lets you log on to the Server Admin Web page of the server. It also allows you to view and change the configuration of the server. For more information, see "Managing servers" on page 48.
The Server Admin page contains one or two tabs:
• Directory. Settings pertaining to the configuration of the Directory role. This tab is only present on the main server. For more information, see "Directory tab" on page 473.
• Genetec Server. Local settings pertaining to configuration of the Genetec Server service. For more information, see "Genetec Server tab" on page 476. NOTE Depending on whether you are viewing Server Admin from the Config Tool or from a Web browser, the options are not exactly the same, because Config Tool needs to stay connected to the Directory. For all purposes, the Web browser (Internet Explorer) is a better way to connect to Server Admin.
Directory tab The Directory tab is only available on the main server hosting the Directory role. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
473
Server
Directory status Shows the status of the Directory role. Allows you to start, stop, and restart the Directory.
Database Configuration of the Directory database. The Directory database contains all system and entity configurations, the incident reports, and the alarm history.
The management of the Directory database is similar to the management of any role database. For more information, see "Managing databases" on page 52. NOTE If you are accessing Server Admin from Config Tool, you won’t have access to the database commands such as create and delete database, resolve conflicts, and restore database, because you cannot change the Directory database while being connected to it. IMPORTANT When database failover is enabled, you must manually perform a full backup every time you make a change to the Directory database from Server Admin. For more information, see "Configure database failover through backup and restore" on page 72. NOTE The Show actions progress ( ) button does the same thing the Database actions monitoring dialog box found in the Config Tool’s Home page, Tools view.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
474
Server
License Security Center license status and information.
Click License information to display your license options or to modify your license. For more information, see "License options" on page 768.
General properties General properties of the Directory.
• Secure communication. Select this option to encrypt all communications between the Directory role and all client applications (Config Tool and Security Desk) on the system.
• Incoming connection port. Port used by client applications such as Security Desk and Config Tool to log on to your system. If you decide to change its default value (5500), the next time a user tries to log on to your system, they will have to add the port number to Directory name in the Logon dialog box, separated by a colon “:”.
• Keep incidents. Specify how long the incident reports are kept in the Directory database. • Keep audit trails. Specify how long the entity configuration history is kept in the Directory database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
475
Server
• Keep alarms. Specify how long the alarm history is kept in the Directory database.
Genetec Server tab The Genetec Server tab is available on all servers, with only minor differences between the main server and the expansion servers.
Authentication Use this section to change the password and HTTP port used to log on to the Server Admin on this server. These parameters correspond respectively to the Server password and the Web server port specified during Genetec Security Center Server installation.
If you decide to change the HTTP port from its default value (80), the next time someone needs to log on to this Server Admin from a Web browser, they will have to specify the port number in the URL as follows: “http://machine:port/Genetec” instead of “http://machine/Genetec”. Select the Local machine only option to accept logon requests only when they come from the local machine.
Network Use this section to configure the network card and the TPC listening port used by Genetec Server.
Select Use IPv6 if your network supports it. IPv6 is only supported for video streaming. The Listening TCP port is used by Genetec Server to listen to commands received from the main server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
476
Server
Main server connection This section is only found on the Genetec Server tab of expansion servers. Use this section to configure the connection parameters to the main server.
Enter the DNS name or the IP address of the main server, and the password required to connect to the main server. The password must match the password configured in the Authentication section of the main server.
Console Use this section to enable/disable the debug console used by technical support engineers.
Specify a password to prevent anyone from accessing the console if necessary.
SMTP Use this section to configure the SMTP server responsible to handle email messages in Security Center.
• Mail server. DNS name or IP address of your SMTP mail server. • SMTP server port. The server port is usually 25, though your mail server might use a different port.
• “From” email address. Email address shown as the sender of the email.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
477
Server
Watchdog Use this section to configure the Genetec Watchdog service. The role of the Watchdog is to ensure that the Genetec Server service is always running.
The Watchdog can be configured to send email notifications to a list of recipients for the following types of events: Error, Warning, and Information.
Activate Directory button The Activate Directory button is only found on expansion servers. It allows you to convert the expansion server to the main server (the one hosting the Directory role).
WARNING This operation restarts Genetec Server. The next time you log on to Server Admin, you’ll have to use a Web Browser by entering “http://machine/Genetec” in the address bar, where machine is the DNS name or the IP address of your server. Using the Config Tool will no longer work.
You will also have to activate the software license on this newly converted main server. For more information, see the Security Center Installation and Upgrade Guide. If you have other expansion servers on the system, you will need to reconfigure them to connect to this one. See also "Deactivate Directory button" on page 479.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
478
Server
Deactivate Directory button This button is only found on the main server (the one hosting the Directory role). It allows you to convert the main server to an expansion server. NOTE You cannot deactivate the Directory from the Config Tool.
WARNING This operation restarts Genetec Server. You will have to log on again to Server Admin, and connect this expansion server to a main server. You’ll have to use a Web Browser, by entering “http://machine/Genetec” in the address bar, where machine is the DNS name or the IP address of your server. Using the Config Tool will no longer work. See also "Activate Directory button" on page 478.
Related topics:
• "Convert a main server to an expansion server" on page 49
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
479
Tile plugin
Tile plugin The tile plugin entity represents either a Web site ( ) or an interactive .dll or .xaml file ( ) that contains a map or floor plan. There are no default map files included with Security Center for tile plugins. Map files must be created using Genetec Plan Manager, or provided through an SDK developed by Genetec’s Custom Development Solutions team or a third party. For information about Plan Manager, see the Plan Manager User Guide, available from the GTAP Documents page. For information about Genetec’c Custom Development Solutions team, contact your sales representative. When a tile plugin is displayed in Security Desk, you can view and interact with the Web site or map file, such as viewing live video from cameras, changing the lock state of doors, and so on. When a tile plugin is attached to (is a member of) an area entity, it is automatically displayed in Security Desk instead of the area icon when the area is dragged to a tile. System: General Task: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Links the tile plugin to a Web page or a .dll file.
Custom fields
Custom field values for this tile plugin.
Related topics:
• "Area" on page 360 • "Macro" on page 429
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
480
Tile plugin
Properties The Properties tab lets you link the tile plugin entity to a Web site or a .dll file. For more information, see "Create a tile plugin that links to a Web site" on page 165 or "Create a tile plugin that links to a map file" on page 165.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
481
User
User The user entity identifies a person who can use Security Center applications and defines the rights and privileges that person has on the system. Each user is assigned a username and a password, which are that person’s credentials to log on to the system. While the user privileges limit the range of activities a user can perform on the system, the partitions limit the range of entities the user can exercise his/her privileges on. A user can be a member of one or more user groups. Users can inherit the privileges and the access rights from their parent user groups. System: General Task: Security – Users Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
User’s general profile.
Workspace
User’s default Security Desk workspace configuration.
Security
User’s security profile.
Privileges
User’s privileges.
Custom fields
Custom field values for this user.
Related topics:
• • • • •
"Defining users" on page 93 "Importing users from an Active Directory" on page 102 "Partition" on page 447 "User group" on page 489 "User privileges" on page 694
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
482
User
Properties The Properties tab lets you configure the user’s general profile.
First name, last name, email address The personal information of the user can be imported from your company’s directory service. TIP The email address can be used to send emails or to email reports to the user via Send an email and Email a report actions.
User status Use this switch to activate or deactivate the user profile. A user cannot log on when their profile is deactivated. Deactivating a user’s profile while the user is logged on will immediately log off the user.
Password Administrators and users that have the Change own password user privilege can change their password.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
483
User
Password expiration You can configure a user’s password to expire after a certain number of days. The system automatically warns users whose password is expiring soon, and gives them a chance to set a new password immediately. You can set the password expiry notification period to between 0 and 30 days. If you see that your password is going to expire soon, but do not have the Change own password user privilege, contact your administrator so they can change your password.
Password change required You can configure Patroller and/or Security Desk to require a password change the next time the user tries to log on. Users must have the proper privilege to change their own passwords.
Limit concurrent logons You can limit the number of different workstations a user can log on at the same time. This limit only applies to Security Desk. Config Tool is not restricted by this setting.
User logon schedule You can restrict the user logon according to schedules. A schedule can either be used to allow user logon or to block user logon. When multiple schedules are being used, the schedule conflict rules apply. When two schedules with the same priority level overlap, the blocking schedule has priority over the allowing schedule. Related topics:
• "Resolving schedule conflicts" on page 105 • "Using event-to-actions" on page 106
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
484
User
Workspace The Workspace tab lets you configure the user’s Security Desk workspace.
List of active tasks This list shows the tasks found in the user’s active task list. Users can save their task list using the Save workspace (Ctrl+Shift+S) command found in the Security Desk command menu.
Hot actions This list shows the hot actions mapped to the PC keyboard function keys (Ctrl+F1 through Ctrl+F12) when this user is logged on to Security Center via Security Desk. The user configures his hot actions via the Monitoring task. For more information, see “Working with hot actions and alarms” in the Security Desk User Guide.
Additional settings Turn on the switch Automatically start task cycling on logon so the next time the user logs on via Security Desk, task cycling will start automatically. TIP To prevent users from stopping the task cycling once the Security Desk is open, deny them
the Start/stop task cycling privilege. There are many more privileges that are designed to help the users focus on their tasks. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
485
User
Security The Security tab lets you configure the user’s security profile.
User level User levels affect three things in Security Center:
• They determine which user has priority over the PTZ controls of a camera when two or more users are trying to take control of the same camera at the same time. Priority is always given to the highest level user (1=highest). If two competing users have the same user level, it is decided on a first come first served basis. Once a user gains control over a PTZ camera, it is locked by that user. This means no other users can take control of that camera unless they have a higher user level. The control over the PTZ camera is automatically relinquished after 5 seconds of inactivity.
• They determine which users are logged out of the system when a threat level is set. For
•
example, if you configure a threat level to trigger the Set minimum user level action, when the threat level is set, users with a lower user level than the one you specified are logged out. For more information about configuring threat levels, see "Managing threat levels" on page 117. They determine which users can continue viewing a video stream when a camera is blocked in Security Desk. When you block a camera, users that have a lower user level than the one you specified can no longer view the video stream.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
486
User
For more information about blocking cameras, see “Blocking/unblocking cameras” in the Security Desk User Guide. Level 1 is the highest user level, with the most privileges. The user level can be inherited from a parent user group. If the user has multiple parents, the highest user level will be inherited. If the user has no parent, the lowest user level (254) will be inherited.
Archive viewing limitation This parameter serves to restrict the user's ability to view archived video to the last n days. This limitation can be inherited from a parent user group. If the user has multiple parents, the most restrictive limitation will be inherited. If the user has no parent, no restriction will be imposed.
Remotely control This section lists the Security Desk workstations that this user is allowed to control remotely in order to display entities. This list applies to both the Security Desk workstations you can connect to and control using the Remote task in Security Desk, and the Security Desk monitors that you can control using a CCTV keyboard. NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want to display. The Security Desk workstation monitors available on your system are listed in the Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.
You can specify which workstation can be controlled using one of following methods:
• User. Any Security Desk workstation where that user is logged on can be remotely controlled.
• User group. Any Security Desk workstation where a member of that user group is logged on can be remotely controlled.
• Application. The specified workstation (COMPUTER - SecurityDesk) can be remotely controlled, regardless of who is logged on. For more information, see “Remote monitoring” and “Connecting to remote Security Desks” in the Security Desk User Guide.
Logon supervisor of This section lists the users whose logons are supervised by this current user. This means that when a user in this list needs to log on to the system, the current user must also provide his/her username and password in order to complete the logon. A user can have more than one logon supervisor. For more information, see “Connecting to Security Center – Log on with supervision” in the Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
487
User
Privileges The Privileges tab lets you view and configure the user’s privileges.
Set of privileges Use this drop-down list to select the set of privileges to view and edit. A user can have many sets of privileges. Each user has the Basic privileges set, plus one for every partition he/she is an accepted user of. Regarding access to entities contained in that partition, partition privileges supercede basic privileges.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
488
User group
User group The user group entity describes a group of Security Center users who share common properties and privileges. By becoming a member of a user group, a user automatically inherits all the properties of that group. This approach simplifies the configuration of users on large systems. A user can be a member of multiple user groups. User groups can also be nested. System: General Task: Security – User groups Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
User group’s common email address and members.
Security
User group’s security attributes than can be inherited by its members.
Privileges
Privileges that can be inherited by the group members.
Custom fields
Custom field values for this user group.
Related topics:
• • • •
"Defining user groups" on page 96 "Partition" on page 447 "User" on page 482 "User privileges" on page 694
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
489
User group
Properties The Properties tab lets you view and configure the members of the user group.
Email address The email address you set for a user group should be a group address that is used by all members of the group. This information can be imported from your company’s directory service.
Members List of user group members. The members inherit by default the rights to partitions and the privileges of the user group. The email address can be used to send emails or to email reports to users via Send an email and Email a report actions. Related topics:
• "Importing users from an Active Directory" on page 102
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
490
User group
Security The Security tab lets you configure common security attributes for the group members.
Security attributes can be inherited by the members of the user group, and can themselves be inherited from other user groups.
User level User levels affect three things in Security Center:
• They determine which user has priority over the PTZ controls of a camera when two or more users are trying to take control of the same camera at the same time. Priority is always given to the highest level user (1=highest). If two competing users have the same user level, it is decided on a first come first served basis. Once a user gains control over a PTZ camera, it is locked by that user. This means no other users can take control of that camera unless they have a higher user level. The control over the PTZ camera is automatically relinquished after 5 seconds of inactivity.
• They determine which users are logged out of the system when a threat level is set. For example, if you configure a threat level to trigger the Set minimum user level action, when the threat level is set, users with a lower user level than the one you specified are logged out. For more information about configuring threat levels, see "Managing threat levels" on page 117.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
491
User group
• They determine which users can continue viewing a video stream when a camera is blocked in Security Desk. When you block a camera, users that have a lower user level than the one you specified can no longer view the video stream. For more information about blocking cameras, see “Blocking/unblocking cameras” in the Security Desk User Guide. Level 1 is the highest user level, with the most privileges. The user level can be inherited from a parent user group. If the user group has multiple parents, the highest user level will be inherited. If the user group has no parent, the lowest user level (254) will be inherited.
Archive viewing limitation This parameter serves to restrict this user group members’ ability to view archived video to the last n days.
Remotely control This section lists the Security Desk workstations that the members of this user group are allowed to control remotely in order to display entities. This list applies to both the Security Desk workstations you can connect to and control using the Remote task in Security Desk, and the Security Desk monitors that you can control using a CCTV keyboard. NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want to display. The Security Desk workstation monitors available on your system are listed in the Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.
You can specify which workstation can be controlled using one of following methods:
• User. Any Security Desk workstation where that user is logged on can be remotely controlled.
• User group. Any Security Desk workstation where a member of that user group is logged on can be remotely controlled.
• Application. The specified workstation (COMPUTER - SecurityDesk) can be remotely controlled, regardless of who is logged on. For more information, see “Remote monitoring” and “Connecting to remote Security Desks” in the Security Desk User Guide.
Logon supervisor of This section lists the users whose logons are supervised by the members of this user group. This means that when users from this list need to log on to the system, any member of this user group can help them complete their logon.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
492
User group
Privileges The Privileges tab lets you view and configure the user group’s privileges.
The privileges of a user group are inherited by its members, and can themselves be inherited from other user groups.
Set of privileges Use this drop-down list to select the set of privileges to view and edit. A user group might have many sets of privileges. Every one has the Basic privileges set, plus one for every partition the group is an accepted user of. Regarding access to entities contained in that partition, partition privileges supercede basic privileges.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
493
Video unit
Video unit The video unit entity represents a video encoding or decoding device capable of communicating over an IP network, and incorporating either video encoders or video decoders. They come in a wide variety of brands and models. Some support audio, and others support wireless communication. The high-end encoding models come with their own recording and video analytics capabilities. Video units are created manually or automatically by the Archiver if the unit supports automatic discovery. System: Omnicast IP video surveillance Task: Video – Units Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Information required by the Archiver to connect to this video unit and other data transmission properties.
Peripherals
List of all peripheral devices found on the unit that you can configure.
Custom fields
Custom field values for this video unit.
Location
Time zone and geographical location of this video unit.
Related topics:
• "Adding video units to your system" on page 194 • "Camera (video encoder)" on page 368 • "Archiver" on page 521
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
494
Video unit
Identity The Identity tab of a video unit entity includes an additional section on hardware-specific information. a
Standard information The top section of the video unit’s Identity tab is the same as that of all entities. For more information, see "Identity" on page 332.
Specific information The bottom section of the Identity tab displays hardware specific information, such as the manufacturer, model, firmware version, and whether audio or SSL (Secure Socket Layer protocol) are supported.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
495
Video unit
Upgrade the unit firmware You can upgrade the firmware on your video unit directly from Config Tool.
• Click
Upgrade, and from the file browser, select the firmware file (bin) to apply.
Properties The Properties tab lets you configure the information required by the Archiver to connect to this unit and other data transmission properties. These settings vary from one manufacturer to another. Additional options might be available, depending on the unit type. The sample screen shot below is that of an Axis 210A unit.
IP address
• Obtain network settings dynamically (DHCP). Select this option to have the IP address assigned dynamically by your DHCP (Dynamic Host Configuration Protocol) server. NOTE Do not use this option unless your DHCP server is configured to always assign the
same IP address to the same device. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
496
Video unit
• Specific settings. Select this option to enter a fixed address. This is the IP address you entered when you initially created the video unit entity. You need to enter the following fields:
Local IP. Fixed IP address. Subnet mask. The subnet mask tells the unit which peripherals it can communicate with directly. Anything that does not belong to the same subnet must go through the Gateway. Gateway. IP address of the gateway. It must be on the same subnet as the unit.
Command port The command port is the port used by the Archiver to connect to the video unit. The command port is sometimes called the HTTP port by some manufacturers.
Discovery port The discovery port is used for automatic discovery (see "What is automatic discovery?" on page 196). Not all manufacturers supports this feature. On Verint units, both the command port and discovery port are replaced by a single port called the VSIP port.
Authentication Credentials used by the Archiver to connect to the video unit.
• Default login. Select this option for the Archiver to use the credentials defined in the unit manufacturer’s extension.
• Specific. Select this option for the Archiver to use specific credentials to connect to this unit. The fields you need to fill in depend on the unit’s manufacturer.
Use secure communication Enable this option to use HTTPS communication instead of HTTP (default).
Bit rate Use this option to limit the maximum bit rate allowed for this unit. Setting a limit to the bit rate helps prevent one unit from using up all the bandwidth available on the network.
Enable UPnP Enable this option to use the UPnP (Universal Plug and Play) protocol. Disable UPnP if you do not want the unit to be discovered by other Windows applications. This option is disabled by default.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
497
Video unit
Peripherals The Peripherals tab lists all peripherals devices (input/output pins, audio encoder/decoder) found on the unit that are not explicitly shown as entities, such as the either video encoders or video decoders.
Logical ID and Description To every peripheral device found on a video unit, you can assign:
• Name. Logical name. It is the same as the Physical name by default. • Logical ID. Logical identifier. • Description. Description of the device. To change the settings of a peripheral device:
• Select a peripheral from the list and click Edit the item (
).
Output pin settings For the output pin, you can also configure the default mode.
• Normally open • Normally closed
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
498
Video unit
Speaker properties You can change the default settings of the speaker (audio decoder device).
The speaker settings are as follows:
• Volume. Desired volume level (0 to mute, 100 equals maximum volume). • UPD port. Port number used when the connection type is unicast UDP. • Connection type. Connection type that should be used between the unit and the Archiver for this audio decoder.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
499
Video unit
Microphone properties You can change the default settings of the microphone (audio encoder device).
The microphone settings are as follows:
• Data format. Audio compression format. • Input type. Type of input source.
Line in. Used for pre-amplified source. Mic in. Use this if the microphone is directly connected to the unit. In this case, the signal is amplified by the hardware.
Internal. Use microphones integrated to the unit. Sensitivity. Desired amplification level (default=68). The lower the level, the less sensitive the microphone is to ambient noise, but the recording level will also be lower.
•
• UPD port. Port number used when the connection type is unicast UDP. • Connection type. Connection type that should be used between the unit and the Archiver •
for this audio encoder. Multicast address. The multicast address and port number are assigned automatically by the system when the video unit is discovered. Each audio encoder is assigned a different multicast address with a fixed port number. This is the most efficient configuration.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
500
Video unit
Normally, you do not need to be concerned with the multicast addresses. However, if you are short of multicast addresses (certain switches are limited to 128), you can use the same multicast address on multiple encoders, and assign a different port number to each. This solution is less efficient than using a different address for each encoder because it will cause more traffic than necessary on the network. All multicast addresses must be between the range 224.0.1.0 and 239.255.255.255. For these changes to take effect, you must restart the unit. To do so, select the unit in the Roles view task, and click the Reboot ( ) button in the Contextual commands toolbar.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
501
Zone (hardware)
Zone (hardware) The zone entity monitors a set of inputs to trigger events based on their combined states. These events can be used to control output relays (see IO linking) or trigger other actions (see event-to-action). A zone can be armed (triggers activated), or disarmed (triggers deactivated) using a key switch, a software command, or on a schedule. A hardware zone (called zone in Synergis 2 and Security Center 3 and 4) is a subtype of the zone entity where the IO linking is done by hardware. A hardware zone is controlled by a single access control unit and only works in mixed and offline mode. A hardware zone cannot be armed or disarmed from Security Desk. System: Synergis IP access control Task: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Input pins defining this zone and how they are evaluated. For a hardware zone, all input pins must be from the same access control unit.
Arming
Arming source used for this zone and arming behavior configuration. A hardware zone can only be armed via a key switch or on schedule.
Cameras
Cameras used to monitor this zone in Security Desk.
Custom fields
Custom field values for this zone.
Related topics:
• • • •
"Managing zones" on page 160 "Access control unit" on page 337 "Access Manager" on page 511 "Zone (virtual)" on page 506
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
502
Zone (hardware)
Properties The Properties tab lets you configure the input pins that define this zone and how they are evaluated.
Access control unit A hardware zone must be controlled by a single access control unit. All input pins and output relays configured for this zone must belong to the same unit.
Combining the inputs to evaluate the zone state The purpose of a zone is to trigger specific events based on the combined state of the individually selected inputs. The possible input states are as follows:
• Normal (interpreted as 0) • Active (interpreted as 1) • Trouble You evaluate the zone state by applying the AND or OR logical operator on the selected inputs. The zone is considered to be in the Trouble state when one of the selected input is in the Trouble state. The Trouble state supersedes any other state.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
503
Zone (hardware)
CAUTION Certain types of input, such as Door Monitor on an HID VertX unit, can only be used for their designated purpose. Other inputs, such as AC Fail and Bat Fail, must be configured for general purpose before they can be used for IO linking. If you use a specific purpose input as general purpose, your configuration will not work. For more information, see "Properties (HID)" on page 340.
Associated events Use this section to associate each zone state to an event of your choice. Select None if a zone state should be ignored. These events are only triggered when the zone is armed.
Reactivation threshold Set the time period during which the same event should not be re-triggered.
Arming The Arming tab lets you configure the arming source of your zone and its arming behavior.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
504
Zone (hardware)
Arming source A hardware zone can only be armed using a key switch or on a schedule. NOTE You cannot arm or disarm a hardware zone in Security Desk, or by using a software command (event-to-action).
To configure arming via a key switch: Before you begin: The input pin must belong to the access control unit selected in the Properties tab for this to work.
• Slide the Arming source to the Input pin position and select the input that is wired to the key switch. To configure arming on schedule: Before you begin: A schedule corresponding to the period when the zone should be armed must be defined in your system.
• Slide the Arming source to the Schedule position and select the desired schedule. Delays You can configure optional delays that give you time to leave the premises after arming the zone, and time to disarm the zone after tripping a sensor.
• Arming delay. Turn on this option to set a delay before the event triggers become active after arming the system.
• Entry delay. Turn on this option to set a delay before triggering the events when an sensor is tripped. This option allows you to disarm the zone before triggering the output relays.
Countdown buzzer You can optionally assign an output relay to activate a countdown buzzer to match the arming delay. This option is not available when the arming is done on schedule. NOTE For this feature to work, the output relay must belong to the access control unit selected in the Properties tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
505
Zone (virtual)
Zone (virtual) The zone entity monitors a set of inputs to trigger events based on their combined states. These events can be used to control output relays (see IO linking) or trigger other actions (see event-to-action). A zone can be armed (triggers activated), or disarmed (triggers deactivated) using a key switch, a software command, or on a schedule. A virtual zone is a subtype of the zone entity where the IO linking is done by software. A virtual zone is controlled by the Zone Manager and only works online. It can be armed and disarmed from Security Desk. System: General Task: Logical view Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
Input pins defining this zone and how they are evaluated. For a virtual zone, the inputs and outputs from different units of different types can be used for IO linking.
Arming
Automatic arming schedules. A virtual zone can be armed and disarmed via Security Desk or via event-to-action. An explicit arm or disarm command always takes precedence over the arming schedule.
Cameras
Cameras used to monitor this zone in Security Desk.
Custom fields
Custom field values for this zone.
Related topics:
• "Managing zones" on page 160 • "Zone (hardware)" on page 502 • "Zone Manager" on page 608
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
506
Zone (virtual)
Properties The Properties tab lets you configure the input pins that define this zone and how they are evaluated.
Zone Manager A virtual zone must be controlled by a Zone Manager role. Because a virtual zone is software controlled, it works only in online mode. For more information, see "Zone Manager" on page 608.
Combining the inputs to evaluate the zone state The purpose of a zone is to trigger specific events based on the combined state of the individually selected inputs. The input pins can belong to different units of different types. The possible input states are as follows:
• Normal (interpreted as 0) • Active (interpreted as 1) • Trouble (only if the selected unit models support this feature) You evaluate the zone state by applying the AND or OR logical operator on the selected inputs. The zone is considered to be in the Trouble state when one of the selected input is in the Trouble state. The Trouble state supersedes any other state.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
507
Zone (virtual)
Associated events Use this section to associate each zone state to an event of your choice. Select None if a zone state should be ignored. These events are only triggered when the zone is armed.
Reactivation threshold Set the time period during which the same event should not be re-triggered.
Arming The Arming tab lets you configure the arming source of your zone and its arming behavior.
Arming source A virtual zone can be armed at any time by a Security Desk operator, or by the Arm zone action. Arming schedules are optional and are only necessary if you want the zone to be armed automatically at a certain time. An armed virtual zone can be disarmed at any time by a Security Desk user, or by the Disarm zone action triggered by an event.
Delays You can configure optional delays that give you time to leave the premises after arming the zone, and time to disarm the zone after tripping a sensor. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
508
Zone (virtual)
• Arming delay. Turn on this option to set a delay before the event triggers become active after arming the system.
• Entry delay. Turn on this option to set a delay before triggering the events when an sensor is tripped. This option allows you to disarm the zone before triggering the output relays.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
509
14 Role types This section lists all Security Center role types in alphabetical order. Each role type is covered with a general description of its purpose and usage. The sub-sections describe each role type’s configuration tabs and the settings they contain. This section includes the following topics:
• • • • • • • • • • • • • • • • • •
"Access Manager" on page 511 "Active Directory" on page 516 "Archiver" on page 521 "Auxiliary Archiver" on page 543 "Directory" on page 551 "Directory Manager" on page 552 "Global Cardholder Synchronizer" on page 557 "Health Monitor" on page 560 "Intrusion Manager" on page 563 "LPR Manager" on page 567 "Media Router" on page 585 "Omnicast Federation" on page 590 "Plugin" on page 594 "Point of Sale" on page 595 "Report Manager" on page 599 "Security Center Federation" on page 601 "Web-based SDK" on page 605 "Zone Manager" on page 608
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
510
Access Manager
Access Manager The Access Manager role manages and monitors access control units on the system. The role validates all access activities when the units are online. Upon receiving a request from a unit, the Access Manager checks the access rules and schedules to decide whether the door or elevator floor can be accessed. It then sends a command to the controller to unlock the door or enable an elevator floor button. It also logs the access control events in the database for access control investigation and maintenance reports. Multiple instances of this role can be created on the system. System: Synergis IP access control Task: Access control – Roles and units, or System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Database retention period for access control events.
Extensions
Manufacturer specific settings for connecting to access control units that this Access Manager should communicate with.
Resources
Servers and database configuration for this role.
Related topics:
• • • • •
"Configuring the Access Manager role" on page 260 "Access control unit" on page 337 "Door" on page 404 "Elevator" on page 410 "Zone (hardware)" on page 502
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
511
Access Manager
Properties The Properties tab lets you configure the retention period of the access control events in the database.
Keep events Access control events are logged by the Access Manager for access control related activity and maintenance reports. You can decide for how long you want to keep them before they are purged from the Access Manager database. Related topics:
• "Finding out who is granted access to doors and elevators" on page 324
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
512
Access Manager
Extensions The Extensions tab allows you to configure the manufacturer-specific settings for connecting to access control units that this role should communicate with.
Security Center supports two types of access control units:
• Genetec SMC. For Synergis Master Controller (SMC) units. You also need to add at least one discovery port (default=2000) to the extension. The discovery port configured for the extension must match the value configured on the SMC units. For more information, see the Synergis Master Controller Configuration Guide.
• HID VertX. For all HID controllers, including the legacy VertX models (V1000 and V2000), the VertX EVO, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see “Supported HID units” in the Security Center Release Notes.
Advanced settings The advanced settings are reserved for use by Genetec’s Technical Assistance Center. Please do not be concerned with these settings.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
513
Access Manager
Resources The Resources tab allows you to configure the servers and database assigned to this role.
Servers All server management principles are the same for the Access Manager role as with any other role. For more information, see "Managing servers and roles" on page 47. IMPORTANT The Access Manager failover works only when the role is exclusively connected to SMC units. Additional configurations are required on the SMC units for the failover to work. For more information, see “Configure the SMC unit for Access Manager failover” in the Synergis Master Controller Configuration Guide. The Access Manager failover does not work with HID VertX units because these units cannot handle the change of server IP address, should the Access Manager role fail over to a different server.
Database All database management principles are the same for the Access Manager role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
514
Access Manager
Resolve conflicts for Access Manager roles If you generated a conflict resolution file (Conflict_Manifest.data) after importing cardholders and cardholder groups from an Active Directory, you need to apply these conflict resolution decisions to your Access Manager database. 1 Click Resolve conflicts (
) found in the Database section.
The following dialog box appears.
2 Enter the path to the conflict resolution file using the browse button. 3 Click Resolve conflicts. You’ll be prompted to create a safety backup before updating your database. 4 Click Backup. 5 The backup and the conflict resolution updates will be performed in a single step.
6 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
515
Active Directory
Active Directory The Active Directory role imports users, user groups, cardholders, and cardholder groups from your corporate directory service (Windows Active Directory), and keeps them synchronized. Multiple instances of this role can be created on the system.
System: General, Synergis (if cardholder groups are to be imported) Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Connection parameters to the Windows Active Directory and list of security groups to be imported as Security Center entities.
Links
Mapping between AD fields and Security Center custom fields.
Resources
Servers and failover configuration for this role.
Related topics:
• • • • •
"Integrating with Windows Active Directory" on page 140 "Cardholder" on page 395 "Cardholder group" on page 398 "User" on page 482 "User group" on page 489
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
516
Active Directory
Properties Defines all the parameters within which this Active Directory role is supposed to operate. For more information, see "Import security groups from an Active Directory" on page 143.
• Connection status. Connection status between the role and the corporate AD. • Status. Shows what the role is doing. Idle is the normal status. If there is a problem, an error message is displayed.
• Active Directory. Hostname or IP address of the corporate AD server.
Use Windows credentials. You can use the Windows credentials used for running the Genetec Server service, or specify a different set of Windows usernames and passwords. In both cases, the credentials you specify must give you read and write access to the specified corporate AD. Use SSL connection. Select this option to encrypt LDAP (Lightweight Directory Access Protocol) network traffic. LDAP is the protocol used for communication between the Active Directory role and the AD. The default port used for encrypted communication is 636. If you use a different port, you need to specify it explicitly by appending the port number after the AD server name, separated by a colon (‘:’).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
517
Active Directory
• Partition. Default partition where the entities synchronized with the corporate AD will be created if the partition is not mapped to an AD attribute.
• Synchronized groups. List of all AD security groups imported as user groups, cardholder groups, or both. For information on how to add to this list, see "Import security groups from an Active Directory" on page 143.
• No scheduled task exists to synchronize this role. This warning message appears if you have not configured a scheduled task to automatically handle synchronization with the corporate AD. For more information, see "Create a scheduled task" on page 109.
• Synchronize now. Click this button to perform an instant synchronization. You should always re-synchronize after making changes to the synchronized groups.
Links The Links tab allows you to map AD attributes to Security Center fields.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
518
Active Directory
• Cardholder. Map AD attributes to Security Center cardholder fields. See "Select which cardholder fields to synchronize with the AD" on page 146.
• Maximum picture file size. If you are importing cardholder pictures from the AD, specify the maximum size of the imported picture.
• Upload pictures to Active Directory. Select this option if you want the pictures you assign to imported cardholders from Security Center to be synchronized to the AD.
• Card format. Select the default card format to use for the imported cardholder credentials when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential card format to an AD attribute" on page 147.
• Badge template. Select a default badge template to use for the imported cardholder credentials.
• Custom fields. Map additional AD to Security Center custom fields. See "Map custom fields to synchronize with the AD" on page 148. Related topics:
• "Defining custom fields and data types" on page 136
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
519
Active Directory
Resources The Resources tab allows you to configure the servers. The Active Directory role does not require a database.
Servers All server management principles are the same for the Active Directory role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
520
Archiver
Archiver The Archiver role is responsible for the discovery, control, and status polling of video units. All communications between the system and the video units are established through this role. All events generated by the units (motion, video analytics) are forwarded by the Archiver to the concerned parties on the system. The Archiver also manages the video archive, and performs motion detection on units that do not support this feature. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Tasks: Video – Units, or System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Camera recording
Default recording settings for all cameras controlled by this role.
Trickling
Data transfer configuration for edge recording units.
Extensions
Manufacturer specific settings for connecting to video units that this Archiver should communicate with.
Resources
Servers, databases, disk storage, and failover configuration for this role.
Related topics:
• • • • •
"Configuring the Archiver role" on page 193 "Managing video archives" on page 224 "Video unit" on page 494 "Auxiliary Archiver" on page 543 "Media Router" on page 585
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
521
Archiver
Camera recording The Camera recording tab lets you configure the default recording settings applied to all cameras controlled by this Archiver role. The default settings can be superseded by the recording settings of each individual camera. For more information, see Camera – "Recording" on page 378.
Recording modes The Archiver can apply different recording modes at different times. Recording mode
Description
Off
Recording is off ( ). This mode prevents recording from taking place, not even when an alarm is triggered.
Continuous
Records continuously. Recording cannot be stopped by the user (
On motion/Manual
Records when recording is triggered by an action (such as Start recording, Add bookmark, or Trigger alarm), via motion detection, or manually by a user. In this mode, the Record button in Security Desk appears grey ( ) when the Archiver is not recording, red when it is recording but can be stopped by the user ( ), or red with lock ( ) when it is recording but cannot be stopped by the user (on motion or alarm recording).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
).
522
Archiver
Recording mode
Description
Manual
Same as On motion/Manual. The only difference is that motion will not trigger any recording.
CAUTION Recording schedules of the same type cannot overlap, regardless of the recording mode configured for each. When a scheduling conflict exists, the Archiver and the video units are displayed in yellow in the entity browser and will issue entity warning messages. For more information, see "Resolving schedule conflicts" on page 105.
Other recording options Option
Description
Record audio
Turn this option on to record audio along with video. A microphone entity must be attached to this camera entity for this option to work. For more information, see Camera – "Hardware" on page 389.
Automatic cleanup
Turn this option on to delete the recorded video after a certain number of days, regardless whether the archiving storage is full or not. For more information, see Archiver – "Advanced settings" on page 541.
Redundant archiving
Turn this option on to allow both primary and secondary servers to archive video at the same time. This setting is effective only if failover is configured. For more information, see Archiver – "Server configurations" on page 534.
Time to record before an event
Duration of the recording buffer. This buffer is saved whenever the recording starts, ensuring that whatever prompted the recording is also captured on video.
Time to record after a motion
Recording duration when recording is triggered by motion detection. For more information, see Camera – "Motion detection" on page 379. During this period, the recording cannot be stopped by the user.
Default manual recording length
Recording duration when recording is started by a user. The user can stop the recording any time before the duration expires. This value is also used by the Start recording action, when the default recording length is selected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
523
Archiver
Trickling The Trickling tab allows you to configure the transfer of video that was recorded on a video unit to the Archiver. You can define when and what type of data is transferred. IMPORTANT To be able to trickle with a camera/video unit, you must first configure your unit to record video using the unit’s Web page. For more information, see "Enable edge recording on a camera" on page 198.
Camera list The camera list shows all the cameras that are set to record on the edge and perform trickling. It allows you to specify whether or not you want the units to trickle on connection or on a schedule, and supplies information about the trickling process. You can configure the same trickling settings for all cameras in the list, or configure settings for specific cameras. To add cameras to the camera list: 1 (Optional) To add a camera group, click Add group.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
524
Archiver
If you have a large system, it is a good idea to create groups of cameras, so you can configure the trickling download settings for each group separately. 2 To add cameras, click Add an item. 3 From the drop-down list, select a camera group to add the cameras to. 4 Select the cameras, and then click OK. Hole CTRL or SHIFT to select multiple cameras. 5 For each camera group, or for each specific camera, specify whether or not you want the units to trickle on connection or on a schedule:
On connection. Select this option for the camera to start to trickle upon connection to the network. On schedule. Select this option for the camera to trickle based on the schedule defined in the Trickling schedule section.
Trickling status The Trickling status dialog box allows you to start and stop trickling manually, and shows you the latest trickling status. Click at the bottom of the camera list to open it.
NOTE A camera that has just been added to the trickled camera list does not appear in this dialog
box until you have clicked Start trickling for all cameras (
) once.
• Camera. Edge recording camera selected for trickling. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
525
Archiver
• Last trickling request. Date and time of the last trickling request for the camera. • Last recorded frame. Date and time of the last video frame recorded by the Archiver. • Status. Lists the trickling status for the camera. The status can be one of the following:
No video. There is no video recorded on the camera that is available to trickle for the filters specified in the Trickling filter section. For example, if you specify an alarm filter, the camera might have generated an alarm event, however it did not record any video for it. No events. There are no events recorded on the camera that correspond to the filters specified in the Trickling filter section. For example, if you specify a motion filter, but there were no motion events generated by the camera, there are no events to trickle.
Started. Trickling has started.
Completed. Trickling was successfully completed.
Pending. Trickling will start as soon as a spot opens in the download queue. The spots available depend on what is specified in the Simultaneous downloads setting.
Incomplete. Something occurred during the trickling process that prevented the transfer from being completed.
Trickling schedule Use the Trickle every setting to define a schedule for when you want video to be trickled. You can specify the amount of days, hours, and the time. If you’ve set all cameras to always trickle on connection, ignore this setting.
Trickling filter Use these settings to specify what type of video data you want to be trickled. Multiple filters can be selected at the same time and all video that corresponds to the filters will be trickled. NOTE If you do not set any filter, all available video stored on the unit will be trickled.
• Time interval. Select this filter to trickle video segments recorded during a specific period of time. You can specify a specific time range or a relative time range (last n days, hours, minutes).
• Playback requests. Select this filter to trickle video segments that were played back from the camera.
• Motions. Select this option to trickle video segments that span between a Motion on and Motion off event. This option applies to unit motion detection only.
• Bookmarks. Select this option to trickle video segments that contain bookmarks. • Unit offline. Select this filter to trickle video segments that span between a Unit lost and a Unit discovered event.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
526
Archiver
• Video analytics. Select this filter to trickle video segments that contain video analytics events.
• Alarms. Select this filter to trickle video segments that contain alarm events. • Input triggers. Select this filter to trickle video segments that contain input events. Trickling behavior Use these settings to specify how trickling is to be done.
• Time buffer when downloading events. The time buffers apply to event-based trickling. Specify how many seconds of video should be trickled before and after the event occurred. For example, if you selected the Motion filter, these settings indicate how many seconds are trickled before the Motion on event occurred, and how many seconds are trickled after the Motion off event.
• Delay after connection. Use this setting to specify how long (in seconds) the Archiver will wait to determine if a unit is truly online before trickling. For example, if your cameras are set to trickle on connection and you have an unstable network where your cameras frequently go on and offline, this setting is useful to prevent trickling from repeatedly starting and stopping.
• Simultaneous downloads. Use this setting to specify how many cameras can trickle at the same time. If you created camera groups, you can specify how many cameras can trickle at the same time per camera group. This setting is useful if you have a limited network and do not want too many downloads to occur simultaneously.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
527
Archiver
Extensions The Extensions tab lets you configure the common connection parameters shared by the video units controlled by this Archiver. The manufacturer extensions are created automatically when you add a unit to the Archiver (see "Add video units manually" on page 194).
This section includes the following topics:
• • • • • • • •
"General settings" on page 528 "Discovery settings" on page 529 "Default logon" on page 530 "Notification settings" on page 530 "Bosch VRM settings" on page 531 "Verint specific settings" on page 531 "Advanced settings" on page 532 "NTP settings" on page 532
General settings
• Transaction timeout. Time to wait for a response before resending a command to the unit. A unit is considered lost after three failed attempts. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
528
Archiver
• Command port. Port used by the Archiver to send commands to the Bosch units. This field cannot be changed.
• RSTP port. RTSP (Real Time Streaming Protocol) port used by the Archiver to request video from the units that support this protocol. CAUTION If you have multiple Archiver roles on the system controlling different groups of video units, then each Archiver must use a different RTSP port.
• VSIP port. (Verint only) Port used for automatic discovery. All units that should be controlled through the same Verint extension must be configured with the same VSIP port. The Verint extensions configured for the same Archiver must all have different discovery ports. For more information, see "What is automatic discovery?" on page 196.
Discovery settings The following sample screenshot shows the discovery settings of a Bosch unit.
• Discovery port. Automatic discovery port. If multiple instances of the same type of extension are configured for the same Archiver, they must all use a different discovery port. (ACTi) Corresponds to the Search server port 1 in the ACTi video server settings. (Bosch) All units that should be controlled through the same Bosch extension must be configured with the same discovery port. NOTE If you decide to change the Discovery port after the units are discovered, you’ll need to create a new extension with the new discovery port and delete the old one. If the units are not automatically discovered, you’ll have to add them manually. For more information, see "Add video units manually" on page 194.
• Discovery reply port. (ACTi and Interlogix) Corresponds to the Search server port 2 in the ACTi video server settings.
• Unicast period. Period whereby the extension repeats its connection tests using unicast to determine whether each unit is still active in the system.
• Multicast period. Period whereby the extension attempts to discover new units using multicast. This option can be disabled. The IP address that follows is the standard multicast IP address used by Omnicast. Change it only if it is already used for something else.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
529
Archiver
• Broadcast period. Period whereby the extension attempts to discover new units using broadcast. This option can be disabled.
Default logon Certain types of units can be protected against fraudulent access by a username and a password. The logon credentials can be defined individually for each unit or for all units using the same manufacturer extension. The following sample screenshot shows the default logon settings of an Axis unit.
• Username. Certain types of units (such as Axis) require a username. • Password. Certain types of units (such as Bosch) only requires a password. • Use HTTPS. Select this option to use Hypertext Transfer Protocol Secure for added security.
Notification settings The following sample screenshot shows the notification settings of an Interlogix unit.
• TCP notification port. (Panasonic and Interlogix) Port used by the Archiver role to receive notification messages from the units. When an event occurs, such as Signal lost or Signal recovered, the unit will initiate a TCP connection with the Archiver and send the notification through this port.
• Notification channel. (Interlogix only) When multiple Archiver roles are configured to listen to the same units, such as in a failover list, each archiver must be identified with a different notification channel (1 to 8). This parameter can be ignored when you are only using one archiver. For multiple Archiver roles, the following rules must be followed:
All Archiver roles that can potentially control the same units must be configured with the same TCP notification port.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
530
Archiver
All Archiver roles must use a different notification channel.
Bosch VRM settings The VRM settings are exclusive to Bosch VRM (Video Recording Manager). The latter allows you to query and play back video from Bosch cameras that are managed by a Bosch VRM. Multiple Bosch extensions can use the same VRM.
If you add more than one VRM to the list, you can use the move up ( ) and move down ( ) buttons to move a VRM up or down in the list. By default, the Archiver will use the first VRM in the list for queries and archived video. If the first VRM is not available, the Archiver will use the next VRM in the list.
Verint specific settings The following settings are only found on Verint units.
• Show all available video streams as separate cameras. (Verint only) Omnicast supports encoders that generate multiple video streams from the same video source. When such a unit is discovered, the Archiver creates a video encoder with multiple streaming alternatives. For more information, see Camera – "Stream usage" on page 373. With Verint units, you have the choice to represent every video stream as a separate camera. If this is the desired behavior, select this option. NOTE This option requires a camera connection license for each stream. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
531
Archiver
• SSL settings. SSL (Secure Sockets Layer) is a protocol used to secure applications that need to communicate over a network. Security Center supports SSL on all message transmissions between the Archiver and the units, with the exception of the video streams, because the data volume would be prohibitive. The purpose for using SSL in Security Center is to prevent malicious attacks, not to stop eavesdropping. Select Enforce SSL only if SSL must be enforced on all units controlled by this Archiver. If this option is cleared, the Archiver will only use SSL to communicate with the units on which SSL is enabled.
Advanced settings The advanced settings are reserved for use by Genetec’s Technical Assistance Center. Please do not be concerned with these settings.
NTP settings Use the NTP settings to synchronize the time between the units that support NTP (Network Time Protocol) and the NTP server. Keeping the units’ time synchronized is particularly important for units that handle video archiving themselves. The following parameters must be set:
• NTP server. Specify the NTP server name. • NTP port. Specify the NTP server port number • Poll timeout. Specify in minutes how often you want the time on the units to be checked to ensure that they are properly synched with the NTP server. For example, if 60 seconds is entered, the time will be verified every 60 seconds.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
532
Archiver
Resources The Resources tab lets you assign servers, databases, and disk storage to this Archiver role.
This section includes the following topics:
• • • • • • • •
"Server configurations" on page 534 "Configure standby archiving priorities" on page 535 "Archive database settings" on page 536 "Archive storage settings" on page 536 "Network card settings" on page 538 "Archiver statistics" on page 538 "Protected video file statistics" on page 539 "Archiving camera details" on page 540
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
533
Archiver
• "Advanced settings" on page 541 Server configurations The Archiver role supports up to two servers for failover. The two servers assigned to the Archiver must be configured separately from each other, and must have their own database and storage system for keeping the video archive. For more information, see "Protecting your video archive against hardware failure" on page 227. To add the secondary server: Before you begin: You cannot add a secondary server if the Archiver role has already two servers assigned. See also "Careful load planning for failover" on page 228. 1 Click the tab labelled Add server (
).
2 From the dialog box that appears, select the desired server and click Add. The Add server tab becomes the secondary server tab.
3 From the secondary server tab, configure the following:
"Archive database settings" on page 536
"Archive storage settings" on page 536
"Network card settings" on page 538
4 If the secondary server is also on standby for other Archiver roles, then you might have to adjust their standby archiving priorities. See "Configure standby archiving priorities" on page 535. 5 Click Apply. To switch the primary and secondary servers around: Before you begin: You must have two servers assigned to the Archiver role. It is best to choose a time when the Archiver is not archiving to perform this operation. 1 Click Failover (
) at the bottom of the Resources tab.
A dialog box appears, showing both servers assigned to this Archiver role. 2 Select one of the server in the list and click
or
to move it up or down the list.
3 Click OK to close the Failover dialog box. The two server tabs switch places.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
534
Archiver
4 (Optional) If the primary server that became the secondary server also hosts other Archiver roles, then you might have to adjust their standby archiving priorities. For more information, see "Configure standby archiving priorities" on page 535. 5 Click Apply. CAUTION If the Archiver was archiving video, you will lose a few seconds of recording while the switch is taking place.
Configure standby archiving priorities A same server can be designated as the standby server of multiple Archiver roles. Should all Archiver roles fail over to the same server at the same time, their combined load might be too much for the server to handle. One way to avoid overloading a server is to assign a lower archiving priority to the roles of lesser importance in case a competition occurs. 1 Click Failover (
) at the bottom of the Archiver’s Resources tab.
2 In the Failover dialog box that appears, click Standby archiving priorities. 3 From the dialog box that appears, select a server from the Server drop-down list.
All Archiver roles that rely on this server as their primary or secondary server are listed. The archiving priority can only be set when the server is used as a standby. For roles that rely on the server as their primary server, the archiving priority is implicitly locked at 1 (the highest). 4 Set the priority of the roles as you see fit, and click Save. NOTE The archiving priority is a setting specific to each Archiver role on each server. When
the archiving priority has never been set, its default value is 1. 5 Repeat Step 3 and Step 4 as necessary to configure all servers hosting Archiver roles on your system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
535
Archiver
NOTE At any point in time on a given server, only the Archiver roles with the highest archiving
priority will be able to archive, be it 1 or 100. The archiving priority only affects archiving. Having a lower archiving priority does not stop a failed over Archiver role from performing its command and control functions.
Archive database settings The archive database stores the catalog of the recorded video footage, and the events related to them and the archiving process. The default database name is Archiver. IMPORTANT A separate database must be configured for each server assigned to the role. Because of this requirement, the archive database is often hosted locally on each server. When two or more Archiver roles are hosted on the same server, be sure to assign to each of them a different database instead of using the default one. For more information, see "Server configurations" on page 534.
The configuration of the Archiver database is the same as that of any other role on the system. For more information, see "Managing databases" on page 52.
Archive storage settings The actual video footage is not kept in the database, but on disk, in video files. Each video file might contain several short discrete video sequences, and uses the G64 file extension. The size limit of the video files is configured in the Advanced settings dialog box. For more information, see "Advanced settings" on page 541. Just like the archive database, the archive file storage is also specific to each server. Both local drives and network drives can be used to store video. All local drives found on the host server are listed by default and grouped under Default Disk Group.
Disk space cannot be allocated in advance for archiving purpose. Instead, the Archiver is allowed to use the available disk space up to a certain limit which is defined by the minimum free space that must be left on each disk. The information displayed on each disk are as follows:
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
536
Archiver
• Disk base path. Root folder on the disk where all video files are located. The default value is VideoArchives. Click on the name to change it to a different folder. IMPORTANT You must make sure that the service user running the Archiver role has write access to all the archive root folders assigned to the role. The Config Tool cannot verify this information on behalf of the Archiver.
• Min. free space. Minimum free space that the Archiver must leave untouched on the disk. Click on this value to change it.
• Free space. Actual free space remaining on disk. • Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk minus the minimum free space. CAUTION There is nothing to prevent other applications from using up the disk space set aside for the Archiver. For this reason, we recommend that you assign a disk that is not shared with other applications to this role. In the case where multiple Archivers share the same server, use a separate disk for each.
• Total size. Total capacity of the disk. The archive storage configuration commands are as follows: Button
Command
Description
Add network location
You can only add network drives to your archive storage. All local drives on the host server are listed by default. You can exclude them from being used by the Archiver by clearing the checkbox in front of each disk.
Add disk group
A disk group is a logical storage unit used by the Archiver to improve the overall disk throughput. See "Optimizing access to your storage devices" on page 226. Click the Up and Down arrows to move the selected disk from one group to another.
Delete
Deletes the selected disk or disk group. You cannot leave a disk group without any disk associated to it.
Camera distribution
This button appears only if you have more than one disk group defined. See "Optimizing access to your storage devices" on page 226.
Refresh the drive information
Refreshes the drive information.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
537
Archiver
Network card settings For every server assigned to this Archiver role, you must specify:
• Network card. Network card used to communicate with all video units. • RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests. When multiple archiving roles are hosted on the same server, this value must be unique for each one. The default value is 555. Additionally the value configured must not duplicate any of those used for the Media Router role, its redirector agent, or any Auxiliary Archiver hosted on the same server.
• Telnet port. Port used to listen to the Telnet Console connection requests for debugging purposes. When you change this value, you need to deactivate and reactivate the Archiver role for the change to take effect.
Archiver statistics The Statistics dialog box appears when you click the Statistics ( ) button. It provides all sorts of useful information regarding the archive storage, and the rate at which it is being filled up. If nothing is displayed, click .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
538
Archiver
The available statistics are as follows:
• List of assigned disks. Snapshot of the disk statistics the last time a refresh was made. TIP Click to view the percentage of protected video files on the selected disk. For more information, see "Protected video file statistics" on page 539.
• Average disk usage. Average space used per day (first line) and average space used per camera per day (second line).
• Estimated remaining recording time. Number of days, hours, and minutes of recording time left based on the average disk usage and the current load.
• Active cameras. Number of cameras that are currently active. • Archiving cameras. Number of cameras for which archiving is enabled. TIP Click See details to view the recording state of each individual camera. For more information, see "Archiving camera details" on page 540.
• Archiving span. Time bracket within which video archives can be found. • Worst case bandwidth. This number gives you the worst-case scenario on the total bandwidth requirement if all the cameras are at the peak of their archiving demands.
Protected video file statistics Too many protected video files on a disk can take away valuable storage space for new video files. To make sure this does not happen, regularly check the percentage of protected video files on each disk.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
539
Archiver
The orange slice represents the proportion of video files that the user has decided to unprotect. When a user decides to manually remove the protection on a video file, the Archiver waits 24 hours before actually removing the protection, giving the user enough time to change his/her mind if necessary. During this reprieve, the status is said to be Protection ending. Instead of checking the Protected video files statistics, you can also configure an event-to-action to alert you on the event Protection threshold exceeded. For more information, see "Using eventto-actions" on page 106.
Archiving camera details The Archiving cameras dialog box displays the statistics for each individual camera based on the information collected the last time you clicked .
This report lets you verify whether each encoder is currently streaming video (and audio) and whether the Archiver is currently recording these data. The possible Recording states are as follows: Recording state
Description
Recording off
Recording is enabled but the Archiver is currently not recording. If you suspect a problem, the Description column might give you a clue. The possible causes are as follows: • Database lost. • Disks full. • Cannot write to any drive.
Recording on
Recording was started by a user.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
540
Archiver
Recording state
Description
Recording on (locked by system)
Recording is currently controlled by the Archiver (following an On Motion or Continuous schedule).
Recording off (locked by system)
Recording is currently disabled on this camera by a schedule.
Recording about to stop
Recording was started by a user and is about to stop (within the last 30 seconds of recording).
Advanced settings The advanced settings are independent of the server hosting the Archiver role.
Advanced settings
Description
Video watermarking
Turn this option on to protect your video archive against tampering. For more information, see "Protecting video archive against tampering" on page 229.
Delete oldest files when disks are full
Turn this option on to recycle the archive storage (the default mode), meaning that the oldest files are deleted to make space for new files when all the disks within a disk group are full. TIP Another way to manage the archiving space is to set individual archive retention periods for each camera (Automatic cleanup option in each camera’s Recording tab). This method allows you to keep the more important data for a longer period of time by purging less important video first.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
541
Archiver
Advanced settings
Description
Enable edge playback requests
Turn this option on only if the Archiver controls units configured for edge recording. This option is turned off by default to prevent sending playback requests to units that are not recording.
Protected video threshold
This is a safety threshold used to limit the amount of space that protected video files are allowed to occupy on disks. Protected video files are files that will not be deleted by normal archive cleanup procedures. When this threshold is exceeded, the Archiver will generate the Protected video threshold exceeded event once every 15 minutes for as long as the condition is true, but will not delete any video file that is already protected.
Video files
These two settings are used to control the size of the video files created by the Archiver: • Maximum length. Limits the length of video sequence contained in each file. The video length is the time span between the first video frame and the last video frame stored in a file. • Maximum size. Limits the size of the video file in MB. The Archiver will start saving the video to a new video file when either one of these conditions is met.
Additional settings
These additional settings are reserved for use by Genetec’s Technical Assistance personnel. Please do not be concerned with these settings.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
542
Auxiliary Archiver
Auxiliary Archiver The Auxiliary Archiver role supplements the video archive produced by the Archiver role. Unlike the latter, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it is free to archive any camera in the system, including the federated ones. The Auxiliary Archiver must depend on the Archiver to communicate with the video units. If an Archiver is not running, the Auxiliary Archiver would not be able to archive the cameras it controls. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Tasks: Video – Units, or System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Camera recording
Default recording settings for all cameras archived by this role.
Cameras
Cameras recorded by this Auxiliary Archiver.
Resources
Server, database, and disk storage configuration for this role.
Related topics:
• • • •
"Configuring the Auxiliary Archiver role" on page 204 "Camera (video encoder)" on page 368 "Managing video archives" on page 224 "Archiver" on page 521
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
543
Auxiliary Archiver
Camera recording The Camera recording tab lets you configure the default recording settings applied to all cameras associated to this Auxiliary Archiver. The default settings can be superseded by the recording settings of each individual camera. For more information, see Camera – "Recording" on page 378.
Video stream Use this drop-down list to select the default video stream that the Auxiliary Archiver should record for each camera. The video streams are configured for each individual camera. For more information, see "Configuring video streams" on page 210.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
544
Auxiliary Archiver
Recording modes The Auxiliary Archiver can apply different recording modes at different times. Recording mode
Description
Off
Recording is off ( ). This mode prevents recording from taking place, not even when an alarm is triggered.
Continuous
Records continuously. Recording cannot be stopped by the user (
On motion/Manual
Records when recording is triggered by an action (such as Start recording, Add bookmark, or Trigger alarm), or via motion detection.
).
Note: Manual recording is not supported by Auxiliary Archivers. Manual
Manual recording is not supported by Auxiliary Archivers. This schedule would have no effect.
CAUTION Recording schedules of the same type cannot overlap, regardless of the recording mode configured for each. When a scheduling conflict exists, the Auxiliary Archiver and the cameras are displayed in yellow in the entity browser and will issue entity warning messages. For more information, see "Resolving schedule conflicts" on page 105.
Other recording options Option
Description
Record audio
Turn this option on to record audio along with video. A microphone entity must be attached to this camera entity for this option to work. For more information, see Camera – "Hardware" on page 389.
Automatic cleanup
Turn this option on to delete the recorded video after a certain number of days, regardless whether the archiving storage is full or not. For more information, see Auxiliary Archiver – "Advanced settings" on page 550.
Time to record before an event
Duration of the recording buffer. This buffer is saved whenever the recording starts, ensuring that whatever prompted the recording is also captured on video.
Time to record after a motion
Recording duration when recording is triggered by motion detection. For more information, see Camera – "Motion detection" on page 379. During this period, the recording cannot be stopped by the user.
Default manual recording length
Recording duration when recording is started by a user. The user can stop the recording any time before the duration expires. This value is also used by the Start recording action, when the default recording length is selected.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
545
Auxiliary Archiver
Cameras The Cameras tab lets you select the cameras archived by this role. The Auxiliary Archiver can record any camera on your system, except those that are federated from an Omnicast 4.x system.
Related topics:
• "Associate cameras to the Auxiliary Archiver" on page 207 • "Remove a camera from the Auxiliary Archiver" on page 208
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
546
Auxiliary Archiver
Resources The Resources tab lets you configure the server, the database, and the disk storage for this Auxiliary Archiver role.
This section includes the following topics:
• • • • • • • •
"Genetec Server" on page 548 "Network settings" on page 548 "Archive database settings" on page 548 "Archive storage settings" on page 548 "Archiver statistics" on page 550 "Protected video file statistics" on page 550 "Archiving camera details" on page 550 "Advanced settings" on page 550
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
547
Auxiliary Archiver
Genetec Server Failover is not supported for the Auxiliary Archiver role. You can only select one server at a time. For more information, see "Move the Auxiliary Archiver to a different server" on page 208.
Network settings Additional network settings can be configured by clicking the
button:
• Network card. Network card used to communicate with all video units. • RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests. When multiple archiving roles are hosted on the same server, this value must be unique for each one. The default value is 555 for the Archiver and 558 for the Auxiliary Archiver. Additionally the value configured must not duplicate any of those used for the Media Router role or its redirector agent hosted on the same server.
Archive database settings The archive database stores the catalog of the recorded video footage, and the events related to them and the archiving process. The default database name is AuxiliaryArchiver. The configuration of the Auxiliary Archiver database is the same as that of any other role on the system. For more information, see "Managing databases" on page 52.
Archive storage settings The actual video footage is not kept in the database, but on disk, in video files. Each video file might contain several short discrete video sequences, and uses the G64 file extension. The size limit of the video files is configured in the Advanced settings dialog box. For more information, see "Advanced settings" on page 550. Both local drives and network drives can be used to store video. All local drives found on the host server are listed by default and grouped under Default Disk Group.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
548
Auxiliary Archiver
Disk space cannot be allocated in advance for archiving purpose. Instead, the Auxiliary Archiver is allowed to use the available disk space up to a certain limit which is defined by the minimum free space that must be left on each disk. The information displayed on each disk are as follows:
• Disk base path. Root folder on the disk where all video files are located. The default value is AuxiliaryArchives. Click on the name to change it to a different folder. IMPORTANT You must make sure that the service user running the Auxiliary Archiver role
has write access to all the archive root folders assigned to the role. The Config Tool cannot verify this information on behalf of the Auxiliary Archiver.
• Min. free space. Minimum free space that the Auxiliary Archiver must leave untouched on the disk. Click on this value to change it.
• Free space. Actual free space remaining on disk. • Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk minus the minimum free space. CAUTION There is nothing to prevent other applications from using up the disk space set aside for the Auxiliary Archiver. For this reason, we recommend that you assign a disk that is not shared with other applications to this role. In the case where multiple archivers share the same server, use a separate disk for each.
• Total size. Total capacity of the disk. The archive storage configuration commands are as follows: Button
Command
Description
Add network location
You can only add network drives to your archive storage. All local drives on the host server are listed by default. You can exclude them from being used by the Auxiliary Archiver by clearing the checkbox in front of each disk.
Add disk group
A disk group is a logical storage unit used by the Auxiliary Archiver to improve the overall disk throughput. See "Optimizing access to your storage devices" on page 226. Click the Up and Down arrows to move the selected disk from one group to another.
Delete
Deletes the selected disk or disk group. You cannot leave a disk group without any disk associated to it.
Camera distribution
This button appears only if you have more than one disk group defined. See "Optimizing access to your storage devices" on page 226.
Refresh the drive information
Refreshes the drive information.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
549
Auxiliary Archiver
Archiver statistics The Statistics dialog box appears when you click the Statistics ( ) button. It works the same way as for the Archiver role. For more information, see Archiver – Resources – "Archiver statistics" on page 538.
Protected video file statistics The Protected video file statistics dialog box of the Auxiliary Archiver works the same way as for the Archiver role. For more information, see Archiver – Resources – "Protected video file statistics" on page 539.
Archiving camera details The Archiving cameras dialog box displays the statistics for each individual camera based on the information collected the last time you clicked . It works the same way as for the Archiver role. For more information, see Archiver – Resources – "Archiving camera details" on page 540.
Advanced settings The Auxiliary Archiver’s advanced settings work the same way as the Archiver. For more information, see Archiver – Resources – "Advanced settings" on page 532.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
550
Directory
Directory The Directory is the main role that identifies your Security Center system. It manages all entity configurations and system wide settings in Security Center. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server, and must be set up first. All other servers you add in Security Center are called expansion servers, and must connect to the main server to be part of the same system. The main functions of the Directory role are:
• • • • • • • • •
Client application connection authentication Software license enforcement Central configuration management Event management and routing Audit trail and activity trail management Alarm management and routing Incident management Scheduled task execution Macro execution
Configuring the Directory role Because the Directory role is responsible for the authentication of all client connections, it cannot be configured in the Config Tool client application. To configure the Directory role, call Server Admin from a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. Using Server Admin, you can perform the following administrative tasks:
• • • • •
Start/stop the Directory role Manage the Directory database and change the data retention periods View and modify your Security Center license View and modify the main server’s password and communication ports Convert the main server into an expansion server
Managing the Directory role In a multiple Directory server configuration, the Directory failover and load balancing is managed by the Directory Manager role. For more information, see "Configuring Directory failover and load balancing" on page 66.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
551
Directory Manager
Directory Manager The Directory Manager is the role that manages the Directory failover and load balancing in order to produce the high availability characteristics in Security Center. Only one instance of this role is permitted per system. This role is created by default when your Security Center license supports multiple Directory servers, and cannot be deleted nor deactivated. System: General Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Directory servers
Lets you configure the servers assigned to Directory failover and load balancing.
Database failover
Lets you configure the failover of the Directory database. This feature is turned off by default.
Related topics:
• • • • •
"Configuring Directory failover and load balancing" on page 66 "Managing servers and roles" on page 47 "Managing databases" on page 52 "Configuring role failover" on page 61 "Directory" on page 551
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
552
Directory Manager
Directory servers The Directory servers tab lets you configure the servers assigned to Directory failover and load balancing.
Directory failover list The list of servers assigned to Directory failover and load balancing is called the Directory failover list. To show or change the connection port assigned to each server, click Advanced (
).
The server identified with a different icon ( ) than the rest ( ) is the main server. The main server is the only Directory server that can write to the Directory database. The rest can only read from that database. Related topics:
• "Configuring Directory failover and load balancing" on page 66 • "How Directory failover and load balancing works" on page 66 • "Differences between Directory servers and the main server" on page 66
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
553
Directory Manager
Database failover The Database failover tab lets you configure the Directory database failover. When this feature is turned on, you have two options:
• "Backup and restore" on page 554 • "Mirroring" on page 556 Backup and restore The Directory Manager protects the Directory database by regularly backing up the master database instance. During a failover, the latest backups are restored to the backup database that’s next in line.
The list of databases available for failover is described as follows:
• LED ( ). Indicates the database server that is currently active. • Server. Security Center server hosting the database instance. The server that manages the master database instance is flagged as (Master).
• Database server. Database server name. The name must be accessible from all computers. Relative names, such as (local)\SQLSEXPRESS cannot be used. Always write explicitly the server’s DNS name (for example TW-WIN7-SC-5) instead of (local). gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
554
Directory Manager
IMPORTANT All database servers must be of the same version for database failover to work.
• Database name. Database instance name. • State. Database state. If there is a problem, an error message is displayed. • Last Backup/Restore time. Time of the last backup on the master database, or the last restore on the backup database.
• Folder. Local folder on the specified server where the backup files are copied. The other parameters are:
• Automatically reconnect to master database. Select this option to force all Directory servers to reconnect to the master database once it is back online after a failover. This will cause a short service disruption, and all changes made to the system configuration while the master database was offline will be lost.
• Generate full backup every. Frequency (in days) and time at which the full backup should be generated. TIP It is recommended to generate a full backup after you’ve made lots of changes to the system configuration. You can do this anytime by clicking Generate full backup. IMPORTANT After changing the master database from Server Admin (restoring a previous backup for example), always manually generate a full backup from Config Tool immediately after. Failing to do so will cause your master and backup databases to become out of synch and the database failover mechanism will no longer work.
• Generate differential backup every. Frequency (in minutes) at which the differential backup should be generated. A differential backup contains the database transactions made after the previous backup (full or differential). The differential backups are deleted only after a full backup is made. NOTE All backup activities are stopped when the active database is not the master database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
555
Directory Manager
Mirroring Database failover is handled by Microsoft SQL Server and is transparent to Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover.
NOTE The Principal and the Mirror databases must be of the same version. Should you decide to use a Database server instance name, the two instance names must be different. For more information on database mirroring, please refer to Microsoft SQL Server Database Mirroring documentation.
Related topics:
• "How Directory database failover works" on page 71 • "Configuring Directory database failover" on page 71
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
556
Global Cardholder Synchronizer
Global Cardholder Synchronizer The Global Cardholder Synchronizer (GCS) role ensures the two-way synchronization of the shared cardholders and their related entities between the local system (sharing guest), where it is hosted, and the central system (sharing host). Only a single instance of this role is permitted on each system.
System: Synergis IP access control Task: Access control – Units, or System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Connection parameters to the sharing host, shared global partitions, and synchronization option.
Resources
Servers and failover configuration for this role.
Related topics:
• "Managing global cardholders" on page 296 • "What is the Global Cardholder Synchronizer?" on page 298 • "Configure the Global Cardholder Synchronizer" on page 304
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
557
Global Cardholder Synchronizer
Properties The Properties tab lets you configure the connection parameters to the sharing host, the global partitions you want to share, and your synchronization option.
Connection parameters The Global Cardholder Synchronizer (GCS) role must stay connected to the sharing host in order to keep the local copies of the global entities synchronized with the host.
• Connection status. Indicates the current connection status. The second line shows the connection activities or when the last synchronization was performed.
• Directory. Name of a Directory server on the sharing host. If anything else than the default connection port (5500) is used, you must explicitly indicate the port number after the Directory name, separated by a colon. For example: HostServer:5888.
• Username and password. Credentials used by the GCS role to connect to the sharing host. The rights and privileges of this user determine what your local system will be able to see and share with the host system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
558
Global Cardholder Synchronizer
Global partitions List of global partitions found on the sharing host. Select the ones you wish to share.
Synchronize automatically Select this option to have the GCS role perform synchronization in real time. This means that whenever a change is made on the sharing host, either by the host itself or by another sharing guest, the change will immediately be reflected on your local system. Leaving this option unchecked allows you to synchronize manually. You must also leave the role in manual synchronization mode if you want the GCS role to synchronize periodically via a scheduled task. For more information, see "Using scheduled tasks" on page 109.
Resources The Resources tab lets you configure the servers for hosting this role. The GCS role does not require a database.
Servers All server management principles are the same for the Global Cardholder Synchronizer role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
559
Health Monitor
Health Monitor The Health Monitor is the central role that monitors system entities such as servers, roles, units, and client applications for health issues. Health events are recorded in a database for the purpose of reporting and statistical analysis. Current system errors are reported in real time in your application’s notification tray. Only one instance of this role is permitted per system. This role is created at system installation and cannot be deleted. System: General Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Health events to be monitored.
Resources
Servers, database, and failover configuration for this role.
Related topics:
• • • •
"Monitoring your system’s health" on page 75 "Configuring the Health Monitor" on page 76 "Viewing system health events" on page 170 "Viewing the health status and availability of entities" on page 171
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
560
Health Monitor
Properties The Properties tab lets you configure the health events to be monitored.
• Client app. maintenance mode. Turn this switch on to set the client applications in maintenance mode. Setting any entity in maintenance mode means that the down time will be considered Expected-down time and will not be used in the health statistics availability percentage calculations. Only Unexpected down-time is used when calculating availability. Most entities can be set in maintenance mode through their own contextual toolbar ( Enable maintenance mode). For client applications, it must be set here. NOTE Setting something in maintenance mode does not stop the health events. Rather, it
downgrades all health events to informational only.
• Events to monitor. Select which events you want the Health Monitor role to watch. IMPORTANT Clearing a health event in this list does not remove it from the Health history query filter. But, it could make some of the Health statistics calculations impossible.
Some of the events allow you to adjust the thresholds used to fire the event. For more information, see "Change the firing threshold of a health event" on page 80.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
561
Health Monitor
Resources The Resources tab allows you to configure the servers and database assigned to this role.
Servers All server management principles are the same for the Health Monitor role as with any other role. For more information, see "Managing servers and roles" on page 47.
Database All database management principles are the same for the Health Monitor role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
562
Intrusion Manager
Intrusion Manager The Intrusion Manager role is responsible for the integration of intrusion panels (or alarm panels) to Security Center. It listens to the events reported by the intrusion panels, reports them live in Security Desk, and logs them in a database for future reporting. The Intrusion Manager is also responsible to relay user commands such as arming and disarming the areas (or zones) to the controlling panel and triggering the outputs connected to the latter via event-to-actions. Multiple instances of this role can be created on the system. System: General – Intrusion detection Task: Intrusion detection – Units, or System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Database retention period for intrusion events.
Extensions
Manufacturer specific settings for connecting to intrusion detection units that this role should communicate with.
Resources
Servers, database, and failover configuration for this role.
Related topics:
• "Managing intrusion panels" on page 155 • "Intrusion detection unit" on page 423 • "Intrusion detection area" on page 421
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
563
Intrusion Manager
Properties The Properties tab lets you configure the retention period of the intrusion events in the database.
Keep events Intrusion events are logged by the Intrusion Manager for intrusion activity reports. You can decide for how long you want to keep them before they are purged from the Intrusion Manager database. Related topics:
• Intrusion detection investigation tasks in Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
564
Intrusion Manager
Extensions The intrusion unit models controlled by this Intrusion Manager role.
All supported manufacturer extensions are created by default when the role is created.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
565
Intrusion Manager
Resources The Resources tab allows you to configure the servers and database assigned to this role.
Servers All server management principles are the same for the Intrusion Manager role as with any other role. For more information, see "Managing servers and roles" on page 47. IMPORTANT The Intrusion Manager role supports failover only when the intrusion panels are connected via IP. Failover is not supported if the intrusion panels are connected via serial port. For more information, see "Configuring role failover" on page 61.
Database All database management principles are the same for the Intrusion Manager role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
566
LPR Manager
LPR Manager The LPR Manager stores all LPR data (reads, hits, images, vehicle status, GPS data, and so on) collected from the LPR units (fixed Sharps) and Patrollers that it manages into a central database for data mining and reporting. The LPR Manager is also responsible for updating fixed Sharps and Patrollers in the field with hotfixes, hotlist updates, and so on. Multiple instances of this role can be created on the system to provide scalability and partitioning. For example, different fleets of Patrollers can be managed by different LPR Managers, fixed Sharp units can be managed by different LPR Managers, and so on. System: AutoVu IP license plate recognition Tasks: LPR – Units, or System – Roles Identity
Name, description, logical ID, and relationships of this entity with other entities in the system.
Properties
General parameters within which this role should operate.
Resources
Server and database configuration for this role.
Related topics:
• • • • • • •
"Hotlist" on page 414 "LPR unit" on page 426 "Overtime rule" on page 439 "Parking facility" on page 444 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
567
LPR Manager
Properties The Properties tab is used to configure the general LPR Manager settings and optional AutoVu features. The availability of certain features depends on your Security Center license. This section includes the following topics:
• • • • • • • • • • •
"General settings" on page 569 "Live" on page 571 "File association" on page 572 "Matching" on page 573 "Reverse geocoding" on page 574 "Plate filtering" on page 574 "Email notification" on page 576 "XML import" on page 578 "XML export" on page 579 "Update provider" on page 582 "Data import" on page 583
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
568
LPR Manager
General settings Use the General settings to configure the Root folder for the LPR Manager, the user group for the Patrollers, and how long the data from the LPR Manager is kept in the database. IMPORTANT Please read the following before you configure the LPR Manager General settings.
• If you are using SQL Server Express Edition, the database might be full before the retention •
period ends. Contact GTAP to help you evaluate whether SQL Server Express meets the requirements of your AutoVu system. If your computer is hosting more than one LPR Manager, each LPR Manager must have a different root folder.
• Root folder. The main folder on the computer hosting the LPR Manager. This is where all the configuration files are created, saved, and exchanged between the LPR Manager and the Patroller units it manages. Whenever you create a new LPR Manager role, the root folder is created automatically on your computer at the location C:\Genetec\AutoVu\RootFolder. If you create multiple LPR Managers, new folders will be created for you at the same location. For example, if you have three LPR Managers created, the folders RootFolder1, RootFolder2, and RootFolder3 will be created under the folder C:\Genetec\AutoVu. The LPR Manager root folder includes the following subfolders:
ManualTransfer. Contains the configuration and data files to transfer to Patroller manually using a USB key or similar device.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
569
LPR Manager
Offload. Contains the LPR data offloaded by Patroller. Rules. Contains the delta files used by Security Center to transfer hotlist and permit list changes. Do not copy or move anything in this folder.
Updates. This folder appears when you first turn on the Update provider (see "Update provider" on page 582). It contains Security Center and Patroller hotfixes, as well as Sharp service and firmware updates. Patroller hotfixes are automatically downloaded to Patroller whenever Patroller is connected to Security Center. Mobile Sharp units are updated through Patroller, and fixed Sharp units are updated through the network. Optimize Root folder disk space. (Windows Vista or later only) Enables the use of symbolic links to reduce disk utilization when the same file is replicated in multiple folders, such as when you have large hotlists and/or permit lists associated to individual Patroller units. This reduces the Root folder’s overall disk space, and optimizes file transfer performance to the Patroller in-vehicle computer. To use this feature, the server machine must be running Windows Vista or later, otherwise hotlists and permits will be copied as usual (duplicate copies on disk). The client machine must also be running Windows Vista or later, otherwise the client won’t be able to access the files inside the root folder. After enabling this option in Security Center, you also must enable it in Windows on your server and client machines (you’ll need administrator rights). On both the server and client machines, open Windows Command Prompt, and then type the following:
•
To enable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:1
To disable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:0. User group for Patrollers. List of users (and their passwords) who are allowed to log on to the Patrollers managed by the LPR Manager. This list is downloaded to the Patrollers.
•
In Patroller Config Tool, if the Patroller Logon type is Secure name or Secure name and password, the Patroller user will be required to enter the username and password configured in Security Center. If secure logon names are in use, when a read or a hit occurs, in Security Desk you can view who was driving the vehicle.
• Database retention periods. Specify how many days of LPR-related data Security Center can query. The default is 90 days, and the maximum is 2000 days. LPR data that is older than the value(s) you specify will not appear in Security Center queries and reports (Hit reports, Read reports, and so on).
Patroller route retention period. Number of days Patroller route data (GPS positions) can be queried.
Hit retention period. Number of days hit data can be queried.
Read retention period. Number of days license plate reads can be queried.
Event retention period. Number of days the LPR events License plate read and License plate hit can be queried.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
570
LPR Manager
Live The Live settings are used to configure how data is transferred between Security Center and Patroller.
• Listening port. Port used to listen for connection requests coming from fixed Sharps and Patrollers. After the connection is established, the LPR Manager can receive live updates from the LPR units it manages.
• Sharp discovery port. Port used by the LPR Manager to find fixed Sharp units on the network. The same port number must be used in the Discovery port setting on the Sharp. IMPORTANT Each LPR Manager must use a unique discovery port.
• Send on read (fixed Sharp only). For each plate read, choose which Sharp images are sent to Security Center. These images are displayed in Security Desk when monitoring LPR events.
License plate image. Include the high resolution close-up image of the license plate along with the plate read data.
Context image. Include the wide angle context image of the vehicle along with the plate read data. Channel security. Encrypt communication between Security Center and Patroller.
•
IMPORTANT Encryption must be enabled both in the Security Center Config Tool and in
Patroller Config Tool. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
571
LPR Manager
Encrypt communication channel. Encrypt communication between Patroller and Security Center. Accept non encrypted messages. Security Center will accept incoming connections from Patrollers that do not have the encryption option enabled.
File association The File association settings specify which hotlists and permits are active and managed by the LPR Manager.
• Hotlists. A list of all the hotlists in Security Center. Choose which hotlists you want the LPR Manager to manage. The LPR Manager then sends the hotlists to the Patrollers it manages, or matches the hotlists against the reads collected from fixed Sharp units to produce hits. When you create a new hotlist, it is automatically added to this list and enabled for all the LPR Managers on your system.
• Permits. A list of all the permits in Security Center. Choose which permits the LPR Manager manages. The LPR Manager sends these permit lists to Patrollers. Only Patrollers configured for parking enforcement require permits. When you create a new permit, it is automatically added to this list and enabled for all the LPR Managers on your system. NOTE You can also associate permits to individual Patrollers, and hotlists to individual Patrollers
or Sharp units. For more information, see "Patroller" on page 450, and "LPR unit" on page 426.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
572
LPR Manager
Matching The Matching settings are used to enable matching between hotlists and fixed Sharp units. You use these settings when you want to configure event-to-actions in Security Desk that trigger on “match” or “no match” events.
• Matching. Enables matching between fixed Sharp units and hotlists. When matching is enabled, you can configure event-to-actions in Security Desk that trigger when the Sharp reads a plate that is on a hotlist you’ve activated in File association.
• Generate “No match” events. Security Center generates “no match” events when a plate is not found on a specific hotlist. You can then configure event-to-actions in Security Desk based on “No match” events. You would typically use “No match” events as part of an access control scenario. For example, you can associate a hotlist to a specific Sharp unit that is monitoring access to a parking lot or similar location. In this scenario, a Security Center event-to-action for a “License plate hit” grants the vehicle access (opens a gate, raises a barrier, and so on), and an event-to-action for a “No match” could trigger an alarm, or send an email to security personnel.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
573
LPR Manager
Reverse geocoding The Reverse geocoding feature converts the raw GPS data (longitude, latitude) from Patrollers into street addresses. The street addresses are then saved along with the reads in the LPR Manager database. NOTE You need geocoding if your Patrollers are equipped with GPS but no maps.
• Map type. Displays the map type set in the Security Center license. • (If you choose Mapinfo) MapInfo workspace. Folder where the MapInfo files (Maps.mws and associated files) are found. This folder must be on the same computer where the LPR Manager is installed.
• (If you choose Mapinfo) MapInfo version. If using MapInfo version 6 and later, you must select New.
Plate filtering The Plate filtering settings determine what to do when a hotlist or permit list is modified. The LPR Manager can detect if the new or modified lists include entries that contain invalid (nonalphanumeric) characters. You can configure the LPR Manager to either delete the invalid entries completely, or to delete only the invalid characters within the entries. You can also save logs of the filtering process to view detailed information about how many invalid entries were deleted or modified.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
574
LPR Manager
• Plate number valid characters. Select the types of characters to filter on (Latin, Arabic, or Japanese).
• Invalid plate number. Configure how the LPR Manager handles invalid records:
Modify record. (Default setting). Removes any non-alphanumeric characters from the plate number. For example, the plate number “ABC#%3” becomes “ABC3”. Remove record. Deletes the entry from the list entirely.
• Logging. Select Log filtering in, and then specify where you want the log file to be saved. The destination folder you choose must be accessible to the computer hosting the LPR Manager role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
575
LPR Manager
Email notification The Email notification setting turns on email notifications for hotlist hits, and lets you customize the look and contents of the email message. You can configure email notification at the hotlist level (any hit from a hotlist), or at the individual license plate level (a hit from a specific plate). For more information, see “Configuring email notifications for hotlist hits” in the AutoVu Handbook.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
576
LPR Manager
• Annotation email address. Used for email notification at the individual license plate level. Type the name of the hotlist attribute related to email notification. For example, if you added an “Email” attribute on the hotlist entity’s Properties page, type the exact same name here. The names must match exactly.
• Email components. Choose the LPR data you want to attach to the notification email, and whether to hide the license plate numbers in the message body.
License plate image. High resolution close-up images of the license plate.
Context image. A wider angle color image of the vehicle.
License plate. Replaces the read plate number, and the matched plate number in the email with asterisks (*). Log emails in. Select the check box to log hotlist hit notification emails. Type the full path to the log file.
•
• Template. Customize the email. Do any of the following:
Edit the email’s subject line or message body.
Switch between plain text and HTML.
Add formatting (bold, italics, and so on).
Right-click in the message body for a menu of quick tags that you can use to add more information to the email. Restore the default email template at any time.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
577
LPR Manager
XML import The XML import settings are used to import data from third-party applications into the LPR Manager database. When you turn this setting on, Security Center creates an XML import entity, and then associates the imported data with this entity. In Security Desk, you can then filter on the XML import entity when running hit or read reports.
• XML template file. Specify where the XML template file is located. You’ll find a default template in the Security Center installation package in Tools\LPR\XMLTemplatesSamples.
• XML data folder. Specify the folder that contains the XML data files for Security Center to import.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
578
LPR Manager
XML export The XML export settings are used to send LPR Manager reads and hits to third-party applications. Reads and hits are sent live as they occur.
• XML templates folder. Specify where the XML templates folder is located. You’ll find default templates in the Security Center installation package in Tools\LPR\XMLTemplatesSamples. There are XML templates for each type of LPR event (plate reads, hotlist hits, overtime hits, permit hits, and shared permit hits).
• XML export folder. Specify the folder that contains the XML files exported by the LPR Manager.
• Time format. Enter the time format used in the exported files. As you set the time format the information field displays what the time format will look like in the XML file. To identify the units of time, use the following notation: Notation
Description
h
Hour
m
Minute
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
579
LPR Manager
s
Second
:
Must use a colon (:) between the hour, minute, and second units.
hh,mm,ss
Display time with leading zero. For example: 03:06:03 represents 3 hours 6 minutes 3 seconds.
h,m,s
Display without leading zero. For example: 3:6:3 represents 3 hours 6 minutes 3 seconds.
tt
Include A.M. or P.M. If using a 12-hour clock, you might want to use A.M. or P.M. notation. Unit can be preceded with or without a space. For example, HH:mm:ss tt displays 17:38:42 PM.
Lowercase h
12-hour clock.
Uppercase H
24-hour clock.
• Date format. Enter the date format used in the export files. To identify the units of a date, use the following notation: Notation
Description
M
Month in numerals
MM
Month in numerals with leading zero.
MMM
Month abbreviation. For example Apr for April.
y
Year without century. For example, yy displays 11 for 2011.
yyy
Year with century. For example, yyyy displays 2011
d
Date
dd
Date with leading zero.
ddd
Day of week three letter abbreviation. For example, ddd displays Wed for Wednesday.
dddd
Day of week. For example, dddd displays Wednesday.
Delimiters
Can use space or dash (-) between units in the date.
Example
dddd MM dd, yyy displays Wednesday April 06, 2011.
• Supported XML hashtags. The following XML hashtags are supported. Each hashtag must have an opening and closing XML tag (for example, to use the tag #CONTEXT_IMAGE# you must write #CONTEXT_IMAGE# in the XML).
#ATTRIBUTES#. Generate all Read and Hit attributes.
#CONTEXT_IMAGE#. Context image (Base64-encoded JPEG).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
580
LPR Manager
#DATE_LOCAL#. Local date of the LPR event. #ELAPSED_TIME#. For an overtime hit, this tag indicates the time difference between the two plate reads (displaying the number of days is optional). #FIRST_VEHICLE#. For a shared permit hit, this tag generates the content specified in ReadTemplate.xml for the first vehicle seen. #FIRST_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute From street from the first plate read. #FIRST_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To street from the first plate read.
#HOTLIST_CATEGORY#. Category field of the hotlist that generated the hit.
#GUID#. Unique identifier of the LPR event.
#INVENTORY_LOCATION#. For MLPI installations, the location of the vehicle inventory.
#ISHIT#. This tag indicates if the LPR event is a hit.
#LATITUDE_DEGREE#. Latitude of the LPR event (in degrees).
#LATITUDE_DMS#. Latitude of the LPR event (in degrees, minutes, and seconds).
#LATITUDE_MINUTE#. Latitude of the LPR event (in minutes).
#LATITUDE_SECOND#. Latitude of the LPR event (in seconds).
#LONGITUDE_DEGREE#. Longitude of the LPR event (in degrees).
#LONGITUDE_DMS#. Longitude of the LPR event (in degrees, minutes, and seconds).
#LONGITUDE_MINUTE#. Longitude of the LPR event (in minutes).
#LONGITUDE_SECOND#. Longitude of the LPR event (in seconds).
#MATCHED_PLATE#. License plate against which the hit was generated.
#ORIGINAL#. For an overtime hit, this tag generates the content specified in ReadTemplate.xml for the first read of a given plate.
#OVERVIEW_IMAGE#. Overview image (Base64-encoded JPEG).
#PERMIT_NAME#. Name of the permit that generated the LPR event.
#PLATE_READ#. License plate as read by the Sharp.
#PLATE_IMAGE#. License plate image (Base64-encoded JPEG).
#READ#. Embed the contents of the ReadTemplate.xml inside another XML template (useful for hits). #SECOND_VEHICLE#. For a shared permit hit, this tag generates the content specified in ReadTemplate.xml for the second vehicle seen. #SECOND_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute From street from the second plate read. #SECOND_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To street from the second plate read. #SHARP_NAME#. Name of the Sharp that read the plate.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
581
LPR Manager
#STATE#. License plate's issuing state or province, if read.
#TIME_LOCAL#. Local time.
#USER_ACTION#. User action related to the LPR event.
#VEHICLE#. Same as #READ#.
#ZONE_COLOR#. Color of the zone associated to the LPR event.
#ZONE_NAME#. Name of the zone associated to the LPR event.
Update provider Turn on the Update provider to create the required sub-folder in the LPR Root folder that will receive the update files. Also, you need to specify the Listening port used for Patroller and Sharp updates. The LPR Manager will use this port to update Patrollers and Sharps with new hot fixes, hit alert sounds, hotlists, firmware and so on.
• Listening port. This is the port Security Center uses to send updates to Patrollers and connected Sharp units, as well as to fixed Sharps on the network. Make sure to use the same port number in Patroller Config Tool, and in the .
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
582
LPR Manager
Data import The Data import settings are used to import data from AutoVu 4.3 systems. The LPR Manager connects to the AutoVu Gateway 4.3 database and imports all mobile data into the LPR Manager database so that the data can be viewed with Security Desk. IMPORTANT Before you turn on Data import, configure the AutoVu Gateway database server and database name. NOTE Please note the following about importing the AutoVu Gateway 4.3 database into Security
Center:
The first time you run the migration, the LPR Manager will import everything that is in the existing Back Office database up until the retention period specified in the General settings. It takes approximately one hour for every 2.5 GB of data to transfer. For example, if you have 100 GB of data, the data import process will take approximately 40 hours. After the first batch of data is imported, the import process will resume every 12 hours. In the mean time, the old system can operate as usual. As data from the legacy system is imported into Security Center, you'll see the Patroller and LPR units appear under the LPR Manager.
For information on how to migrate to Security Center 5.0 from AutoVu 4.3, see the Security Center Installation and Upgrade Guide. Data server. Name of the data server used by the legacy AutoVu Gateway.
• • Database. Name of the legacy AutoVu Gateway database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
583
LPR Manager
Resources The Resources tab allows you to configure the servers and database assigned to this role.
Servers All server management principles are the same for the LPR Manager role as with any other Security Center role.
Database All database management principles are the same for the LPR Manager role as with any other Security Center role. NOTE When backing up (or restoring) the database to a network drive, you must manually enter the network path (for example, \\\\.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
584
Media Router
Media Router The Media Router role handles all stream (audio or video) requests on the system. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (Security Desk or SDK clients). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks and servers).
It ensures all video streams use the best route to get to their destinations, while performing any necessary transformation (for example, from unicast to multicast, or from IPv4 to IPv6). Only a single instance of this role is permitted per system. System: Omnicast IP video surveillance Tasks: Video – Units, or System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Stream redirectors, start multicast endpoint, and RTSP port.
Resources
Servers, databases, and failover configuration for this role.
Related topics:
• • • •
"Configure the Media Router" on page 202 "Network" on page 434 "Server" on page 471 "Archiver" on page 521
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
585
Media Router
Properties The Properties tab allows you to configure the stream redirectors, the start multicast endpoint, and the RTSP port for the Media Router.
Redirectors Redirectors are servers assigned to host redirector agents. A redirector agent is a software module launched by the Media Router to redirect data streams from one IP endpoint to another. The Media Router automatically creates a redirector agent on every server assigned to an Archiver role. You might have to create redirector agents on additional servers if you need to reach clients located on remote networks or to balance the redirection workload between multiple servers. Click Add an item (
) to add new redirectors or Edit an item (
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
) to modify an existing one.
586
Media Router
Both commands open the Redirector configuration dialog box.
The redirector settings are as follows:
• Server. Server selected to host the redirector agent. • Multicast interface. Network adaptor to use for streaming data in multicast mode. • Incoming UDP port range. Range of ports used by the redirector agent to send video using UDP. If the redirector agent is running behind a firewall, make sure that these ports are unlocked for inbound packets for UDP connections.
• RTSP port. Port used by the redirector agent to receive TCP commands. The same port is used to stream data using TCP. NOTE If you are configuring the redirector agent on the same server that is hosting the Media Router, the RTSP port cannot be the same as the one used by the Media Router.
• Live capacity. Use this option to limit the maximum number of live streams that this server (redirector) can redirect. This feature serves two purposes:
Avoid overloading the server with too many users trying to view video (that needs redirection) at the same time.
Avoid overloading the network with too many video streams coming from a remote site that has limited bandwidth. When the limit is reached, an error message is displayed on the client application requesting the live video that the live stream capacity is exceeded.
• Playback capacity. Same idea as Live capacity for playback streams.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
587
Media Router
Start multicast endpoint Start multicast address and port number. In multicast, all audio and video sources are streamed to different multicast addresses while using the same port number. This is because multicast switches and routers use the destination IP address to make their routing decisions. To follow the same approach, the Media Router assigns that same port number to all streaming devices (microphones and cameras), starting with the specified IP address, and incrementing it by 1 for every new devices it encounters.
RTSP port Incoming TCP command port used by the Media Router.
Resources The Resources tab allows you to configure the servers and database assigned to this role.
Servers All server management principles are the same for the Media Router role as with any other role. For more information, see "Managing servers and roles" on page 47.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
588
Media Router
Database All database management principles are the same for the Media Router role as with any other role. For more information, see "Managing databases" on page 52. NOTE The Media Router role supports failover and accepts multiple secondary servers. The exception to the rule is that its database can be local to each server. For more information, see "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
589
Omnicast Federation
Omnicast Federation The Omnicast Federation role imports entities from an remote Omnicast 4.x system so that its cameras and events can be used by your local Security Desk users. The federation role acts as a proxy between your local clients and the remote Omnicast system they need to connect to. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system. This is also where you set the value of role group for very large scale Federation deployment.
Properties
Connection parameters to the remote Omnicast system, and default video stream and of events to receive from it.
Resources
Servers and failover configuration for this role.
Related topics:
• "Federating remote systems" on page 128 • "Federating Omnicast systems" on page 131 • "Security Center Federation" on page 601
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
590
Omnicast Federation
Identity The Identity tab provides descriptive information about this role lets you jump to the configuration page of related entities. For more information, see "Identity" on page 332.
Role group The role group is an advanced setting that is necessary only if you plan on hosting more than 40 Omnicast Federation roles on the same server. For more information, see "What is a role group?" on page 134. To make this setting appear:
• Click inside the Name field and type Ctrl+Shift+A.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
591
Omnicast Federation
Properties The Properties tab allows you to configure the connection parameters to the remote Omnicast system, and the default video stream and events you wish to receive from it.
Connection parameters The top section identifies the remote Omnicast system and its connection status.
• Connection status. Shows the connection status of the federation role to the remote system. Click Reset connection at the bottom of the tab to force a reconnection.
• Directory. Name of the Omnicast Gateway connecting you to the remote Omnicast system. • Username and password. Credentials used by the federation role to log on to the remote Omnicast system. The rights and privileges of that user will determine what your local users will be able to see and do on the federated remote system.
• Version. Version of the federated Omnicast system. This drop-down list only shows the Omnicast versions for which a compatibility pack has been installed.
Received information The bottom section describes the default video stream and events you wish to receive from the federated system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
592
Omnicast Federation
Events are necessary if you plan to monitor the federated entities in Security Desk or to configure event-to-actions for the federated entities.
Resources The Resources tab lets you configure the servers for hosting this role. The federation role does not require a database.
Servers All server management principles are the same for the Omnicast Federation role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
593
Plugin
Plugin The Plugin role hosts a specific plugin. Each Plugin role instance hosts exactly one plugin of the type you select. IMPORTANT You need to install the plugin package on your client and server computers before you can create the corresponding Plugin role, and you must make sure your Security Center license has a valid certificate for the plugin you want to use.
System: General Task: Plugins – Plugins, or System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Depends on the type of plugin the role is hosting. Other tabs might appear depending on the type of plugin you have. For more information, see the corresponding Plugin User Guide.
Resources
Servers and database assigned to this role. The Plugin role supports failover. For more information, see "Configuring role failover" on page 61.
Related topics:
• "Role" on page 462 • RF Code Asset Management Plugin User Guide • OnGuard and Video Translator Plugin User Guide
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
594
Point of Sale
Point of Sale The Point of Sale role imports transaction data from an external point of sale (POS) system so that transaction reports can be generated from Security Desk for investigation purpose. The transactions are tied to the cash registers that were used to capture these transactions. Security Center can link Omnicast cameras to these cash registers, allowing users to search video sequences based on the transaction details. For more information, see “Transactions” in the Security Desk User Guide. IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin must be enabled on the machine where Security Desk is installed. For more information, see “Enable Point-of-Sale plugin” in the Security Center Installation and Upgrade Guide.
System: General Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Description of the external (third party) POS system database.
Cash registers
Cash registers corresponding to the transactions imported by this role.
Resources
Servers, database, and failover configuration for this role.
Related topics:
• "Cash register" on page 400
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
595
Point of Sale
Properties The Properties tab lets you configure how this role is to get the transaction data from the external POS system, and how long these data should be kept in Security Center.
Parameters for getting the transaction data The Point of Sale role gets its data from the external POS system by polling its database at regular intervals. The first set of parameters tells the role how to get these data.
• • • •
Database server. Database server used by the external POS system. Database. Database name used by the external POS system. Transaction header table. Table name used for transaction headers. Transaction details table. Table name used for transaction details (or transaction line items).
• Fetch transaction every. Frequency at which the role should poll the POS database for new data.
Housekeeping parameters for the saved transaction data Data fetched from the external POS database are saved to a database in Security Center. The local database where the transaction data is stored is configured in the Resources tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
596
Point of Sale
• Retention period. Number of days the transaction data should be kept locally. • Cleanup period. Frequency of the local database cleanup. • Cleanup time. Scheduled database cleanup start time.
Cash registers The Cash registers tab lets you configure the cash registers (or terminals) whose associated transactions ought to be downloaded from the external POS database (see Properties tab).
Add a cash register Add cash registers to have the Point of Sale role import their associated transactions from the external POS system. 1 Select the Point of Sale role from the System – Roles. 2 Select the Cash registers tab and click
at the bottom of the list.
3 In the Cash register properties dialog box, enter the following:
Name. Name of the cash register entity.
Description. Description of the cash register entity.
ID. External identifier (or primary key) used to identify the cash register in the external POS database.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
597
Point of Sale
Partition. Partition the created cash register entity should belong to. Click different partition from your system.
to select
4 Click Save. 5 Click Apply. The new cash register entities are created and appear in the Logical view. You can associate cameras to the cash register entities. For more information, see "Cash register" on page 400.
Resources The Resources tab allows you to configure the servers and database assigned to this role.
Servers All server management principles are the same for the Point of Sale role as with any other role. For more information, see "Managing servers and roles" on page 47.
Database All database management principles are the same for the Point of Sale role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
598
Report Manager
Report Manager The Report Manager role automates report emailing and printing based on schedules. Only one instance of this role is permitted per system. This role is created by default at system installation and hosted on your main server.
System: General Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
General parameters within which this role should operate.
Resources
Servers and failover configuration for this role.
Properties The Properties tab lets you configure the default behavior of this role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
599
Report Manager
Maximum number of results Sets the maximum number of results that can be returned by any report. This limit helps prevent a broadly defined query from freezing your computer when too many results are returned. When the query reaches the specified limit, it stops automatically with a warning message. NOTE The maximum value you can set is 10,000.
Resources The Resources tab lets you configure the servers for hosting this role. The Report Manager role does not require a database.
Servers All server management principles are the same for the Report Manager role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
600
Security Center Federation
Security Center Federation The Security Center Federation role imports entities from an remote Security Center system so that its entities and events can be used by your local Security Desk users. The federation role acts as a proxy between your local clients and the remote Security Center system they need to connect to. Multiple instances of this role can be created on the system. System: General Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system. This is also where you set the value of role group for very large scale Federation deployment.
Properties
Connection parameters to the remote Security Center system, and default video stream and of events to receive from it.
Resources
Servers and failover configuration for this role.
Related topics:
• "Federating remote systems" on page 128 • "Federating Security Center systems" on page 133 • "Omnicast Federation" on page 590
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
601
Security Center Federation
Identity The Identity tab provides descriptive information about this role lets you jump to the configuration page of related entities. For more information, see "Identity" on page 332.
Role group The role group is an advanced setting that is necessary only if you plan on hosting more than 100 Security Center Federation roles on the same server. For more information, see "What is a role group?" on page 134. To make this setting appear: Click inside the Name field and type Ctrl+Shift+A.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
602
Security Center Federation
Properties The Properties tab allows you to configure the connection parameters to the remote Security Center system, and the default video stream and events you wish to receive from it.
Connection parameters The top section identifies the remote Omnicast system and its connection status.
• Connection status. Shows the connection status of the federation role to the remote system. • Server. Name of the main server (Directory) for the remote Security Center system. • Username and password. Credentials used by the federation role to log on to the remote Security Center system. The rights and privileges of that user will determine what your local users will be able to see and do on the federated remote system.
Received information The bottom section describes the default video stream and events you wish to receive from the federated system. Events are necessary if you plan to monitor the federated entities in Security Desk or to configure event-to-actions for the federated entities.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
603
Security Center Federation
Resources The Resources tab lets you configure the servers for hosting this role. The federation role does not require a database.
Servers All server management principles are the same for the Security Center Federation role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
604
Web-based SDK
Web-based SDK The Web-based SDK role exposes the Security Center SDK methods and objects as Web services to support cross-platform development. For example, this role allows an application developed on Linux to interoperate with your Security Center system. This role mainly exist for clients who need custom development. If you have such needs, please contact Genetec Professional Services for a quote through your sales representative or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com. System: General Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
General parameters within which this role should operate.
Resources
Servers and failover configuration for this role.
Related topics:
• "Supporting cross-platform development" on page 164 • "Macro" on page 429 • "Tile plugin" on page 480
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
605
Web-based SDK
Properties The Properties tab lets you configure what the external developers need to know to use the Web services.
Port + Base URI These two parameters are used to determine the address of the Web service. For example, with Port=4590 and Base URI=WebSdk, the Web service address would be “http:/ /:4590/WebSdk/”, where is the DNS name or public IP address of the server hosting the Web-based SDK role.
Streaming port Port where events will be streamed. The user can configure the events he wants to listen to.
Use SSL connection Turn this option on (default=off) to use SSL encryption for communications with the Web service. Once this option is turned on:
• The Web service address will use https instead of http. • You need to configure the SSL settings: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
606
Web-based SDK
Certificate. Name of the certificate to use. Use the form: “CN=NameOfTheCertificate”. The certificate must be registered in Windows. You can find procedures on the Web on how to do just that. Bind certificate to port. Turn this option on (default=off) to bind the certificate to the port. This operation does the same thing as you would normally do under Windows.
Resources The Resources tab lets you configure the servers for hosting this role. The Web-based SDK does not require a database.
Servers All server management principles are the same for the Web-based SDK role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
607
Zone Manager
Zone Manager The Zone Manager role manages virtual zones and triggers events or output relays based on the inputs configured for each zone. It also logs the zone events in a database for zone activity reports. Multiple instances of this role can be created on the system.
System: General – Zone management Task: System – Roles Identity
Name, description, and relationships of this role with other entities in the system.
Properties
Database retention period for zone events.
Resources
Servers, database, and failover configuration for this role.
Related topics:
• "Managing zones" on page 160 • "Zone (virtual)" on page 506
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
608
Zone Manager
Properties The Properties tab lets you configure the retention period of the zone events in the database.
Keep events Zone events are logged by the Zone Manager for zone activity reports. You can decide for how long you want to keep them before they are purged from the Zone Manager database. Related topics:
• “Zone activities” task description in Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
609
Zone Manager
Resources The Resources tab allows you to configure the servers and database assigned to this role.
Servers All server management principles are the same for the Zone Manager role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.
Database All database management principles are the same for the Zone Manager role as with any other role. For more information, see "Managing databases" on page 52.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
610
15 Administration tasks This section lists all Security Center administration tasks in the order they appear in the Home page. Each task is covered with a short description, and when applicable, a short description for each of its configuration groupings. This section includes the following topics:
• • • • • • • • • •
"Alarms" on page 612 "Logical view" on page 613 "Network view" on page 615 "Security" on page 617 "System" on page 618 "Video" on page 630 "Access control" on page 632 "Intrusion detection" on page 636 "LPR" on page 638 "Plugins" on page 649
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
611
Alarms
Alarms The Alarms task allows you to configure alarms and analog monitor groups. System: General License option: Alarms Category: Administration The Alarms task includes the following views: Alarms
Lists all alarms in alphabetical order. For more information, see "Alarm" on page 351.
Monitor groups
Lists all monitor groups in alphabetical order. For more information, see "Monitor group" on page 432.
Related topics:
• "Administration task workspace overview" on page 16 • "Managing alarms" on page 111
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
612
Logical view
Logical view The Logical view task allows you to configure the entities visible in the Security Desk (such as areas, cameras, doors, elevators, tile plugins, intrusion detection areas, zones, and so on) and organize them according to their logical relationships. Areas are used as logical groupings for other types of entities. Each area can represent a concept or a physical location. System: General Category: Administration
A
B
C D A
Currently selected entity (Suite 400).
B
Click an entity to view its configuration.
C
Jump to the configuration page of the selected entity in the Relationships group.
D
See "Contextual command toolbar" on page 17.
Related topics:
• "Administration task workspace overview" on page 16 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
613
Logical view
• "Managing the Logical view" on page 85
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
614
Network view
Network view The Network view task allows you to configure the networks and servers in your system, and organize them according to your network topology. System: General Category: Administration
A
B
C
D A
Currently selected entity (Montreal network entity).
B
Click an entity to view its configuration.
C
Configuration pane of the selected entity.
D
See "Contextual command toolbar" on page 17.
Related topics:
• "Administration task workspace overview" on page 16 • "Managing the Network view" on page 82 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
615
Network view
• "Network" on page 434 • "Server" on page 471
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
616
Security
Security The Security task allows you to configure the entities that pertain to the software security of your system, such as users, user groups, and partitions. System: General License option: None required Category: Administration The Security task includes the following views: Users
Lists all users in alphabetical order. For more information, see "User" on page 482.
User groups
Lists all user groups in alphabetical order. For more information, see "User group" on page 489.
Partitions
Lists all partitions in alphabetical order. For more information, see "Partition" on page 447.
Related topics:
• "Administration task workspace overview" on page 16 • "Managing software security" on page 89
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
617
System
System The System task allows you to configure the system level settings as well as all system entities that are not visible in the Logical view, such as alarms, macros, schedules, and so on. System: General License option: None required Category: Administration The System task includes the following views: General settings
Lets you configure the system level settings.
Roles
List all roles in alphabetical order. For more information, see "Role" on page 462.
Schedules
Lists all schedules in alphabetical order. For more information, see "Schedule" on page 463.
Scheduled tasks
Lists all scheduled tasks in alphabetical order. For more information, see "Scheduled task" on page 469.
Macros
Lists all macros in alphabetical order. For more information, see "Macro" on page 429.
Output behaviors
Lists all output behaviors in alphabetical order. For more information, see "Output behavior" on page 437.
General settings The General settings view includes the following settings pages:
• • • • • • • •
"Custom fields" on page 619 "Events" on page 622 "Actions" on page 624 "Logical ID" on page 625 "User password settings" on page 626 "Activity trails" on page 627 "Audio" on page 628 "Threat levels" on page 629
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
618
System
Custom fields (Only visible to administrative users) The Custom fields page is where you define custom fields and custom data types for your system entities. It contains two individual tabs:
• "Custom fields" on page 619 • "Custom data types" on page 621 Custom fields The Custom fields tab lists all custom fields defined in your system and allows you to add new ones.
Each custom field is characterized by the following properties:
• Entity icon/Field name. Custom field name and the entity type using it. • Data type. Custom field data type. The default data types are:
Text. Alphanumeric text.
Numeric. Integers in the range -2147483648 to 2147483647.
Decimal. Real numbers from -1E28 to 1E28.
Date. Gregorian calendar date.
Date/Time. Gregorian calendar date and time.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
619
System
Boolean. Boolean data, represented by a check box.
Image. Image file. The supported formats are: bmp, jpg, gif, and png.
Entity. Security Center entity. Users will have to use the Search tool to set the value for this type of fields. For more information, see "Search for entities using the Search tool" on page 43. Data types can also be user defined. For more information, see "Add a custom data type" on page 138.
• Default value. (Optional) Preset default values are provided for certain data types. This column displays the default value that was selected when defining the custom field. The selected value will appear when the field is displayed in the specific entity.
• Mandatory. (Optional) A value must be provided with this type of fields otherwise the system will not accept your changes.
• Value must be unique. (Optional) Indicates a key field. This option does not apply to fields using custom data types.
• Group name/Priority. (Optional) Name the custom field is grouped under, and the field’s order of appearance within the group. For an example, see "Custom fields" on page 335. No group (1) is the default value. Custom fields that belong to no group appear first in the entity’s custom field page.
• Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom field is part of is part of a shared global entity definition. Related topics:
• "Add a custom field" on page 136 • "Managing global cardholders" on page 296
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
620
System
Custom data types The Custom data types tab lists all custom data types defined in your system and allows you to add new ones.
Each custom data type is characterized by the following properties:
• • • •
Custom data type. Name of the custom data type. Description. Optional data type description. Values. Enumeration of acceptable values (text strings) for this data type. Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom data type is part of a shared global entity definition.
Related topics:
• "Add a custom data type" on page 138 • "Modify a custom data type" on page 139 • "Managing global cardholders" on page 296
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
621
System
Events (Only visible to administrative users) The Events page allows you to define the following:
• "Event colors" on page 622 • "Custom events" on page 623 Event colors The Event colors tab allows you to assign different colors to different system events.
Event colors are used as visual cues in the Security Desk Monitoring task (event list and display tiles). For example, you can use red to indicate a critical event (someone attempted to use a stolen credential), and blue to indicate a less critical event (access granted). For more information, see “Monitoring” in the Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
622
System
Custom events The Custom events tab allows you to view and add custom events to your system.
Custom events are names and identifiers given to input events. They are used to configure custom event-to-actions. For example, for a zone entity, you can associate the state of an input (normal, active, trouble) to a custom event such as Illegal entry. This custom event can then be used in an event-to-action sequence. For more information, see "Managing zones" on page 160.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
623
System
Actions The Actions page allows you to create event-to-actions for your system, and search for the ones that have already been defined, by source entity (name and type), event type, and action type.
Event-to-action list Each row in this page corresponds to one event-to-action.
• • • •
Entity. Source entity, or the entity to which the event is attached. Event. Name of the event that would trigger the action. Action. Name of the action triggered by the event. Arguments. Information required for the action. For example, if the action is Trigger alarm, the argument is the alarm type that is triggered. Or, if the action is Send a message, the argument is the email recipient.
• Details. Additional details about the action. • Schedule. Schedule that regulates this event-to-action. Event occurring outside the time range covered by the schedule would not trigger any action. Related topics:
• "Using event-to-actions" on page 106
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
624
System
Logical ID The Logical ID page allows you to view and assign logical IDs to all entities defined in your system.
Show logical ID for Logical IDs must be unique across all entities of a same group. The different groups of entity types are listed in this drop-down list. NOTE Not all entity types can be selected by group. To view all entities, select All types.
Scroll through the pages using the
and
buttons.
To assign or change a logical ID, type in the box in the ID column. TIP You can also change the logical ID from the Identity tab of each entity’s configuration page.
For more information, see "Identity" on page 332.
Hide unassigned logical IDs Select this option to show only entities with a logical ID assigned.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
625
System
Alarm monitoring Assign a logical ID to the Alarm monitoring task in Security Desk. This allows the Security Desk user to call up the Alarm monitoring task with the keyboard. For more information, see “Alarm monitoring” in the Security Desk User Guide.
User password settings (Only visible to administrative users) The User password settings page is where you can enforce a minimum complexity on all user passwords created on your system, and to configure the advanced password expiry notification period (0 to 30 days).
NOTE The password complexity is not enforced on existing passwords.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
626
System
Activity trails (Only visible to administrative users) The Activity trails page allows you to select the types of activity (or events) to be logged for Activity trails task in Security Desk.
For more information, see "Investigating user related activity on the system" on page 182.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
627
System
Audio (Only visible to administrative users) The Audio page shows all the sound bites (.wav files) available to your system. Sound bites can be used to alert you on certain events, such as when you receive a new alarm, or to be used with the Play a sound action.
Security Center is installed with a default selection of sound bites (.wav files). You can add, delete, or rename any sound bite in the list. To add a new sound bite: 1 Click
, select a .wav file from the dialog box that appears, and click Open.
A new sound bite bearing the name of selected .wav file is added to the list. 2 (Optional) Select the new sound bite, and click 3 To listen to the new sound bite, click
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
to change its name.
.
628
System
Threat levels (Only visible to administrative users) The Threat levels page lists all threat levels configured in your system and allows you to add new ones, and to modify and delete existing ones.
Threat level list Each row in this page corresponds to one threat level.
• Threat level. Threat level name. • Description. Threat level description . • Color. Color identifying this threat level. The Security Desk background turns to this color when the threat level is set at the system level.
• Activation actions. Number of actions in the threat level activation list. These actions are executed by the system when the threat level is set.
• Deactivation actions. Number of actions in the threat level deactivation list. These actions are executed by the system when the threat level is cleared. For more information, see "Managing threat levels" on page 117.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
629
Video
Video The Video task allows you to configure the video management specific roles and the video units they control. System: Omnicast IP video surveillance License option: Omnicast Category: Administration
A B
C
D A
Selected entity (Axis PTZ).
B
Click an entity to view its configuration.
C
Configuration pane of the selected entity.
D
See "Contextual command toolbar" on page 17.
Related topics:
• "Administration task workspace overview" on page 16 • "What are the Omnicast entities?" on page 188 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
630
Video
• • • • •
"Archiver" on page 521 "Auxiliary Archiver" on page 543 "Media Router" on page 585 "Video unit" on page 494 "Camera (video encoder)" on page 368
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
631
Access control
Access control The Access control task allows you to configure the general settings for access control and the related entities such as Access Manager roles, access control units, access rules, cardholders, credentials, badge templates, and so on, that are not found in the Logical view. System: Synergis IP access control License option: Synergis Category: Administration The Access control task includes the following views: Roles and units
Shows the access control specific roles and the units they control in a hierarchy. For more information, see "Access Manager" on page 511 and "Access control unit" on page 337.
Cardholders
Lists all cardholders in alphabetical order. For more information, see "Cardholder" on page 395.
Cardholder groups
Lists all cardholder groups in alphabetical order. For more information, see "Cardholder group" on page 398.
Credentials
Lists all credentials in alphabetical order. For more information, see "Credential" on page 401.
Access rules
Lists all access rules in alphabetical order. For more information, see "Access rule" on page 349.
Badge templates
Lists all badge templates in alphabetical order. For more information, see "Badge template" on page 365.
General settings
Lets you configure the general settings pertaining to access control and to install and configure custom card formats.
Related topics:
• • • • • • • • •
"How does Synergis work?" on page 252 "Access Manager" on page 511 "Global Cardholder Synchronizer" on page 557 "Access control unit" on page 337 "Access rule" on page 349 "Badge template" on page 365 "Cardholder" on page 395 "Cardholder group" on page 398 "Credential" on page 401
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
632
Access control
Roles and units The Access control – Roles and units view shows the access control roles and the units they control in a hierarchy.
A
B
C
D A
Selected view (Roles and units).
B
Select an entity to configure.
C
Configuration pane of the selected entity.
D
See "Contextual command toolbar" on page 17.
Related topics:
• • • •
"Administration task workspace overview" on page 16 "Access Manager" on page 511 "Global Cardholder Synchronizer" on page 557 "Access control unit" on page 337
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
633
Access control
General settings The Access control – General settings view lets you configure the general settings pertaining to access control, and to install and configure custom card formats.
A
B
C
D A
Selected view (General settings).
B
List of card request reasons. See "Card request reasons" on page 635.
C
List of installed custom card formats. Click "Custom card formats" on page 635.
D
See "Contextual command toolbar" on page 17.
to open the Custom card format editor. See
Trigger event ‘Entity is expiring soon’ Cardholders and credentials can be set to expire on a certain date. Turn this option on (default=off) to have Security Center generate the Entity is expiring soon event n days before a cardholder or a credential expires. The purpose of this event is so that you can use it to trigger an action (such as Send a message) to warn someone of the upcoming expiry. NOTE Credentials associated to an expired cardholder will inherit the status of the latter (though this does not show in the configuration of any credential).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
634
Access control
Create incident before door state override Turn this option on (default=off) to prompt the Security Desk user to report an incident every time they lock or unlock a door manually, or override the unlock schedule assigned to the door. For more information, see “Manually controlling door access” and “Reporting an incident” in the Security Desk User Guide.
Card request reasons If a user does not have a printer on site, or close by when they are creating a cardholder from the Cardholder management task, they can request a credential card to be printed by another user on the system. In the Card request reasons section, you can create reasons for users to choose from to explain why they are requesting a card. For example, a common reason could be “no printer on site”.
• To add a card request reason, click . • To modify a card request reason, click . • To delete a request reason, click . For more information about requesting credentials, see “Request a credential card” in the Security Desk User Guide.
Maximum picture file size Set the maximum size of a picture file (such as a cardholder picture) saved in the Directory database. Large picture files (like the ones produced by digital cameras) can quickly use up the space in the Directory database and impact performance. When loading image files, Security Center automatically reduces the image size so their file size falls under the set limit. The default value is 20 KB. You can set this limit anywhere between 20 and 500 KB. NOTE This value is also used and modified by the Import tool. For more information, see "Import tool" on page 657.
Custom card formats Security Center allows you to define custom card formats. The custom card formats defined in your system are listed here. For more information, see "Using custom card formats" on page 287. You can add, delete, and modify custom card formats using the Custom card format editor. For more information, see Tools – "Custom card format editor" on page 670.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
635
Intrusion detection
Intrusion detection The Intrusion detection task allows you to configure the Intrusion Manager roles and the intrusion detection units they control System: Intrusion detection License option: Number of intrusion detection units > 0. Category: Administration
A B
C
D A
Selected entity (Bosh GV3).
B
Select an entity to configure.
C
Configuration pane of the selected entity.
D
See "Contextual command toolbar" on page 17.
Related topics:
• "Administration task workspace overview" on page 16 • "Managing intrusion panels" on page 155 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
636
Intrusion detection
• "Intrusion Manager" on page 563 • "Intrusion detection unit" on page 423
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
637
LPR
LPR The LPR task allows you to configure the general settings for LPR (license plate recognition) and the related entities such as LPR Manager roles, LPR units, hotlists, permits, overtime rules, and so on, that are not found in the Logical view. System: AutoVu IP license plate recognition License option: AutoVu Category: Administration The LPR task includes the following views: Roles and units
Shows the LPR Manager roles and the LPR and Patroller units they control as a hierarchy. For more information, see: • "LPR Manager" on page 567. • "LPR unit" on page 426. • "Patroller" on page 450.
Hotlists
Lists all hotlists in alphabetical order. For more information, see "Hotlist" on page 414.
Overtime rules
Lists all overtime rules in alphabetical order. For more information, see "Overtime rule" on page 439.
Parking facilities Lists all parking facilities in alphabetical order. For more information, see "Parking facility" on page 444. Permit restrictions
Lists all permit restrictions alphabetical order. For more information, see "Permit restriction" on page 457.
Permits
Lists all permits in alphabetical order. For more information, see "Permit" on page 453.
General settings
Lets your configure the general settings pertaining to license plate recognition and the generation of LPR hits.
Related topics:
• “About AutoVu” in the AutoVu Handbook.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
638
LPR
Roles and units The LPR – Roles and units view shows the LPR Manager roles and the units they control in a hierarchy.
A
B
C
D
A
Selected view (Roles and units).
B
Select an entity to configure.
C
Configuration pane of the selected entity.
D
See “Contextual command toolbar” in the Security Center Administrator Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
639
LPR
General settings The General settings view includes the following settings pages:
• • • • • •
"Applications" on page 640 "Hotlist" on page 642 "Overtime rule" on page 644 "Permit" on page 645 "Annotation fields" on page 646 "Updates" on page 647
Applications The Applications tab lets you configure how Security Desk displays maps in the Monitoring and Route playback tasks. You can also limit the number of logon attempts in Patroller, enforce Patroller privacy settings, and set the attributes a Patroller user must enter when enforcing a hit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
640
LPR
• Map type. Display-only field showing the type of map system supported by your Security Center license. The choices are Bing, MapInfo, and None.
• Color for reads. Click to select the color used to show license plate reads on maps. • Initial longitude/latitude. Set the default starting location for map view in Security Desk. You can type the coordinates in the fields or click Select and zoom in on a location and click Select. A red pushpin appears to indicate the selected position.
• Logon attempts before lockdown. You can specify the number of unsuccessful logon attempts a Patroller can make before the account is locked out. For example, if the limit is set to 3, Patroller users have three attempts to log on to Patroller with their username and password. On the fourth attempt, their accounts will be locked and they won’t be able to logon. Users with locked accounts must contact their administrators in order to have the password reset. Patroller must be connected to the Security Center server for the password to be reset.
• Privacy. You can configure Patroller to obscure plate numbers, or exclude plate, context, or wheel images from reads and hits so that the information is not stored in the LPR Manager database. These settings allow you to comply with privacy laws in your region:
License plate, context, or wheel images. When switched to On, images are not sent to Security Center or included in offloaded data.
License plate. When switched to On, the plate number text string is replaced by asterisks (*) when sent to Security Center or in the offloaded data. At the hotlist level, you have the option of overriding these privacy settings for the purpose of sending an email with real data to a specific recipient (see "Advanced" on page 418).
• Enforced hit attributes. Create text entry fields that Patroller users must enter text in when they enforce a hit. The information from the enforced hit text fields can be queried in the Security Desk hits report.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
641
LPR
Hotlist The Hotlist tab allows you to define the customized attributes, reasons, and categories that will appear in Patroller when the user adds a New wanted entry, or rejects or accepts a hit. The settings are downloaded to Patroller along with the selected hotlists when Patroller connects to Security Center. These settings are also available as filter options for hit reports in Security Desk.
• New wanted attributes. A new wanted is a hotlist item that is manually entered by the Patroller user. The new wanted attributes are attributes other than the standard ones (plate number, plate issuing state, category) that the Patroller user is asked to specify when entering a new wanted item in the Patroller. One category is pre-configured for you when you install Security Center. For more information, see “Configuring New wanted attributes and categories in the AutoVu Handbook.
• New wanted categories. List of hotlist categories that a Patroller user can pick from when entering a new wanted item. The category is the attribute that says why a license plate number is wanted in a hotlist. Several categories are pre-configured for you when you install Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
642
LPR
For more information, see “Configuring New wanted attributes and categories in the AutoVu Handbook. NOTE BOLO is an acronym for “be on the lookout”, sometimes referred to as an all-points
bulletin (APB).
• Hit reject reasons. List of reasons for rejecting hotlist hits. These values also become available as Reject reason filter options for generating hit reports in Security Desk. Several categories are pre-configured for you when you install Security Center. For more information, see “Configure hit accept and hit reject reasons” in the AutoVu Handbook.
• Hit accept reasons. Create a survey that contains information Patroller users must provide when they accept a hit. The information from the hit survey can be queried in the Security Desk Hit report. There are no pre-configured categories for this option. The category you see above is an example only. For more information, see “Configure hit accept and hit reject reasons” in the AutoVu Handbook.
• Enable “No infraction” button. Select this option to enable the No infraction button in the Patroller hit survey. This button allows the Patroller user to skip the hit survey after enforcing a hit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
643
LPR
Overtime rule The Overtime rule tab allows you to define the custom reject reasons for overtime hits. The values defined here are downloaded to Patrollers and are available as Reject reason filter options for generating hit reports in Security Desk. One category is pre-configured for you when you install Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
644
LPR
Permit The Permit tab allows you to define the custom reject reasons for permit hits, and to select the minimum elapsed time for shared permit violations (University Parking Enforcement only). The values defined here are downloaded to Patrollers and are available as Reject reason filter options for generating hit reports in Security Desk. One category is pre-configured for you when you install Security Center.
• Hit reject reasons. List of reasons for rejecting permit hits or shared permit hits. These values also become available as Reject reason filter options for generating hits reports in Security Desk.
• Maximum elapsed time for shared permit violation. This parameter defines the time period used by University Parking Enforcement Patrollers to generate shared permit hits. A shared permit hit is generated when two vehicles sharing the same permit ID are parked in the same parking zone within the specified time period. For example, let’s say you’re using the default 120 minutes (two hours), and license plates ABC123 and XYZ456 are sharing the same parking permit. If Patroller reads plate ABC123
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
645
LPR
at 9:00 A.M., and then reads plate XYZ456 at 11:01 A.M., Patroller does not raise a hit because the time exceeds the 120 minutes.
Annotation fields The Annotation fields tab allows you to define additional selectors to appear in Security Desk Reads or Hits report. To be valid, the selector must relate exactly to the information contained in the actual read or hit. EXAMPLE If you configure CarModel and CarColor as an Enforced hit attribute (see
"Applications" on page 640), the Patroller user will be asked to enter the car’s model and color when enforcing a hit, and the information will be stored with the hit. Specifying CarColor as an Annotation field will allow the values entered by the user to be displayed in a Hits report.
You can also add user custom fields to annotation fields in order to associate a user’s metadata with individual reads and hits. This allows you to query and filter for the user custom fields in Security Desk Reads and Hits reports. “Associate user custom fields with reads and hits” in the AutoVu Handbook
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
646
LPR
Updates The Updates tab allows you to update Patrollers and Sharp units with hotfixes or new sound files for hit alerts. You can also update services on Sharp units, and upgrade Sharp firmware. Before you can send updates, you need to receive the updates from Genetec and place them in the Updates folder under the LPR Root folder. For more information, see “Updating Patroller and Sharp units from Security Center” in the AutoVu Handbook.
• Collapse all. Collapses all items in the Entity field. • Expand all. Expands all items in the Entity field. • Update all. Update all units that are controlled by the currently-selected LPR Manager. This button updates only the units on the current tab. For example, if you’re on the Patroller and Sharp units tab, you’ll update all Patrollers and Sharp units on the list.
• Status. Shows the status of the update. The possible statuses are:
Not available. Updater service is not supported (for example, Sharp versions 1.5 and 2.0 with less than 512 MB RAM). Entitled. The client machine can receive the update.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
647
LPR
Synchronizing. The client machine has started synchronizing with the server. Synchronized. All update files have been successfully downloaded to the client machine. The client machine is waiting for the update to be applied. Installing. Client machine has accepted the update, and has started replacing outdated files with new files.
Installed. The new updates have successfully been applied to the client machine.
Uninstalling. The update is being removed from the client machine.
Uninstalled. The update has been successfully removed from the client machine.
Error. An error occurred in the update process. Drop folder. Opens the required folder for you to copy the update file. For example, clicking the drop folder icon for a Patroller entity opens C:\Genetec\AutoVu\RootFolder\Updates\Patroller (default location).
•
NOTE If Security Center is running on a computer that doesn’t have access to the server
computer, clicking the drop folder opens the My Documents folder on the local machine.
• Patrollers and Sharp units. Displays the Patrollers and Sharp units (fixed and mobile) that are eligible for an update.
• Update services. Displays the Sharp services that are eligible for an update. • Firmware upgrade. Displays the Sharp units that are eligible for a firmware upgrade.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
648
Plugins
Plugins The Plugins task allows you to configure plugin management roles and their related entities. Category: Administration
A B
C
D A
Currently selected entity (RF Code Asset Management Plugin).
B
Click an entity to view its configuration.
C
Configuration pane of the selected entity.
D
See "Contextual command toolbar" on page 17.
Related topics:
• "Administration task workspace overview" on page 16
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
649
16 Tools and utilities This section describes all tools and utilities available in Config Tool. They are presented in the same order as they appear in the Home page’s Tools page. NOTE The last three topics are not from the Tools page.
This section includes the following topics:
• • • • • • • • • •
"Security Desk" on page 651 "Access troubleshooter" on page 652 "Unit discovery tool" on page 653 "Unit replacement" on page 654 "Move unit" on page 655 "Import tool" on page 657 "Copy configuration tool" on page 668 "Custom card format editor" on page 670 "Options dialog box" on page 678 "Adding shortcuts to external tools" on page 692
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
650
Security Desk
Security Desk The Security Desk is the unified user interface for your Security Center system. Its user interface is designed to provide consistent operator workflow across all of the Security Center's main systems, Omnicast, Synergis, and AutoVu. Clicking on the Security Desk icon opens this application with the same credentials you are currently logged on with in Config Tool.
Security Desk tasks are organized into four main categories:
• Operation. Tasks related to the day-to-day Security Center operations. • Investigation. Tasks allowing you to query the Security Center databases, and those of federated systems, for critical information.
• Maintenance. Tasks pertaining to maintenance and troubleshooting. These tasks are also available from Config Tool. Related topics:
• Genetec Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
651
Access troubleshooter
Access troubleshooter You can detect and diagnose access configuration problems, using the Access troubleshooter tool. The Access troubleshooter allows you to:
•Find out who has the right to pass through an access point at a given date and time. See "Troubleshooting access points" on page 321.
•Find out who has the right to pass through an access point at a given •
date and time. See "Troubleshooting cardholder access rights" on page 322. Find out why a given cardholder can, or cannot use an access point at a given date and time. See "Diagnosing cardholder access rights based on credentials" on page 323.
Related topics:
• • • • • •
"Access control unit" on page 337 "Access rule" on page 349 "Cardholder" on page 395 "Cardholder group" on page 398 "Door" on page 404 "Elevator" on page 410
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
652
Unit discovery tool
Unit discovery tool The unit discovery tool is a generic tool that allows you to discover IP units connected to your network, based on their type (access control or video), manufacturer, and network properties (discovery port, IP address range, password, and so on). Once discovered, the units can be added to your system.
For information about discovering access control units when you do not know their IP address, see "Add access control units using the Unit discovery tool" on page 265. For information about discovering video units:
• "What is automatic discovery?" on page 196 • "Add video units using the Unit discovery tool" on page 196
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
653
Unit replacement
Unit replacement The unit replacement tool is used to replace a failed hardware device with a compatible one, while ensuring that the data associated to the old unit gets transferred to the new one.
You can replace access control units and video units using the Unit replacement tool.
• For information about replacing access control units, see "Replace access control units" on page 311.
• For information about replacing video units, see "Replace video units" on page 234.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
654
Move unit
Move unit Move unit is a generic tool used to move units from one manager role to another. The move preserves all unit configurations and data. After the move, the new manager immediately takes on the command and control function of the unit, while the old manager continues to manage the unit data collected before the move.
Related topics:
• "Unit replacement" on page 654
Moving units Before you begin: Please note the following:
• Video unit. The Archiver role must be on the same LAN as the video unit it controls. Unit manufacturer extensions are automatically created for the type of unit the Archiver needs to control. However, if you are using custom settings, such as custom logon credentials, you need to configure them manually on the new Archiver role. For more information, see "Archiver" on page 521.
• Intrusion detection units. The Intrusion Manager role must be on the same LAN as the intrusion detection unit it controls. Certain unit manufacturer extensions must be created and configured manually. If the intrusion panel is physically connected to a serial port on the server hosting the original role, make sure you do the same with the server hosting the new role. For more information, see "Intrusion Manager" on page 563.
• Access control units. The Access Manager role must be on the same LAN as the access control unit it controls. You must also create the unit manufacturer extension manually. For more information, see "Access Manager" on page 511.
• LPR units. The LPR Manager role must be on the same LAN as the LPR unit it controls. Also make sure that the discovery port configured on the LPR unit matches that of the new LPR Manager. For more information, see "LPR Manager" on page 567.
• Patroller units. The LPR Manager role must be able to connect through a wireless network by the Patroller it manages. The new LPR Manager must use the same settings (hotlists, permits, Patroller user groups, etc.) as the previous LPR Manager. For more information, see "LPR Manager" on page 567. You also need to reconfigure the Patroller so it will connect to the new LPR Manager (IP address and port for live connection, and update provider port). For more information, see “Patroller Config Tool reference” in the AutoVu Handbook. Once you’re done, restart the Patroller. It should be discovered by the new LPR Manager and update its hotlists and permits (if applicable).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
655
Move unit
To move units: 1 From the Home page, click Tools > Move unit. 2 From the drop-down list, select the Unit type you want to move. 3 Select the units you want to move. 4 Select the new manager role from the second drop-down list (Archiver role, Access Manager role, LPR Manager role, and so on). The new role must be different from the current role.
5 Click Move to start the process. When the operation is complete, if you made a mistake or need to move the units again, repeat Step 3 to Step 5. 6 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
656
Import tool
Import tool The Import tool is a Synergis specific tool that allows you to import cardholders, cardholder groups, and credentials from a CSV file. The CSV file must be plain text with delimiters (commas, spaces, periods, and so on) to separate the fields. The delimited fields in the text files would represent values like first name, last name, cardholder group, path and filename of employee photo, and so on. NOTE The use of this tool is limited to administrative users.
Four import scenarios are offered by this tool:
• Import credentials alone (credential name, card format, facility code and card number, status, and the partition the credential belongs to).
• Import cardholders alone (cardholder name, description, picture, email, status, custom • •
fields, and the group and partition the cardholder belongs to). Import cardholders and credentials together (in this case, the cardholder and the credential are specified on the same line and automatically linked together). Replace old credentials with new ones (see "Replacing old credentials" on page 666).
NOTE The Import tool can also be called from a scheduled task via the Import from file action.
For more information, see "Scheduled task" on page 469. Related topics:
• "Custom fields" on page 619 • "Custom card format editor" on page 670
Sample import scenario Let’s import a file containing 3 new cardholders. The sample file we will import is called EmployeeData.csv and contains the following lines: #First name,Last name,Cardholder description,Cardholder email,Picture,Cardholder group,Cardholder status,Credential name,Facility code,Card number,Credential status Abdoulai,Koffi,Market Analyst,
[email protected],C:\Data\Cardholder\Pictures\Abdoulai Koffi.png,Marketing,Yes,82968378,102,8,active Andrew,Smith,Sales Representative,
[email protected],C:\Data\Cardholder\Pictures\Andrew Smith.png,Sales,Yes,82748590,101,12,active
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
657
Import tool
Audrey,Williams,Technical Writer,
[email protected],C:\Data\Cardholder\Pictures\Audrey Williams.png,TechWriters,Yes,83748952,104,18,active This plain text file, EmployeeData.csv contains 4 rows of text. The first row is a comment line, listing the cardholder and credential fields that are included in the CSV file as a reference. The following three rows contain the fields that will be imported. You also can add additional custom fields if they have been created for cardholder or credentials in Security Center. For more information, see "Fields that can be imported from a CSV file" on page 662.
Going through the import steps 1 In the Config Tool, click Tools and select the Import tool. The Import tool window opens. 2 Enter the path to the CSV file you want to import, and click Next. The Settings page appears.
3 Set the Encoding type. This is the character encoding used by the selected CSV file. The default selection is the default encoding used on your PC. If you open the CSV file on your PC and see all the characters displayed correctly, you do not need to change the default settings. 4 Set the CSV field delimiters (Column, Decimal, Thousand). gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
658
Import tool
On first use, the tool takes the delimiter settings from Windows Regional Options (Control Panel > Region and Language > Additional settings). After the first use, the tool will remember the last delimiter settings you used. By default, Microsoft Excel also uses the field delimiters from Windows Regional Options when saving a CSV file. This can be overridden in Excel. It is recommended that you open the CSV file in WordPad to confirm the formatting delimiters obtained. When using a space as the Thousands separator, you can specify whether the space is nonbreaking or not. 5 Set where the import is to start. The first line in a CSV file is 1. You can choose to start the import at any line you want. For example, you can skip the first line and use it as column headings or a comment line. A comment line is a line with the hash character (#) in column 1. 6 (Optional) Set the maximum size for picture files. Large picture files (like the ones produced by digital cameras) can very quickly use up the configuration database and impact performance. To minimize the impact of large picture files, the Import tool automatically reduces their sizes before loading them. It does this by reducing the resolution of the image until its file size falls below the Maximum picture file size limit. The default value is taken from your access control system settings. Changing its value in the Import tool also changes your system settings. For more information, see Access control – General settings – "Maximum picture file size" on page 635. 7 Add the credential as part of the cardholder key. By default, the Import tool uses the combination of the first and last name to identify cardholders. If a cardholder already exists in the database, it is updated with the information read from the CSV file. If it does not, it is added. Using just the first and last names to differentiate cardholders might not be enough. One solution is to combine the credential information to the cardholder key. This is done by selecting the option Add credential to cardholder key. With this option, two lines from the CSV file refer to the same cardholder only if they contain the same cardholder first name, last name and credential data. NOTE This option is only applicable when both cardholders and credentials are imported
from the same CSV file. When this solution is not applicable, other cardholder information can be used to strengthen the cardholder identification. We will come to this solution in Step 14. 8 (Optional) Set the default Card format. The default card format is only used when no credential card format is specified in the CSV file or when the field identified as Card format in the CSV file is blank. 9 Select the desired Credential operation. You have two choices:
Add. This is the default option.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
659
Import tool
All credentials read from the CSV file are added as entities to your system. If a credential already exists in your database, it will be updated.
Replace. This option allows you to replace old credentials with new ones. In the Bindings page that comes next, you will find additional field options to specify the old (previous) and new credential values. For more information, see "Replacing old credentials" on page 666.
10 (Optional) Set the background transparency of the imported cardholder pictures. If the cardholder pictures you are importing were taken in front of a chroma key screen, you can make the picture background transparent. This is helpful if you created a badge template that has an image in the background. a Set the Transparency color option to ON. b Select the color of the chroma key screen the cardholder pictures were taken in front of (usually green or blue). c Set transparency percentage. 11 (Optional) Set a default Badge template for the imported cardholders. The badge templates available are ones you have already created in Config Tool. See "Defining badge templates" on page 289. 12 Click Next. The Bindings page appears.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
660
Import tool
The bindings windows displays sample data from the first row to be imported from your file. The first row to be imported is the Start line (see Step 5). 13 Bind each sample value to the database field that it should be imported to. For more information, see "Fields that can be imported from a CSV file" on page 662. If you need to skip a column in your CSV file, just leave the Binding column blank. NOTE The information read from the CSV file is used to create new entities in your system.
For entities like cardholders and credentials, a minimum amount of information is required. If the information is incomplete, you will not be able to move to the next step. For more information, see "About minimum required information" on page 664. 14 (Optional) Add more fields to the cardholder key. When you need more than the first and last name to differentiate cardholders, you can supplement the cardholder key with additional information. This is done by selecting the Key check box next to each field you want to add to the cardholder key. Not all fields can be part of the cardholder key. The check box is disabled if a field is not eligible. TIP The other method to strengthen the cardholder identification is to add the credential data to the cardholder key, as described in Step 7.
15 Click Next. The Import tool imports the contents of your CSV file into the database. A summary window will appear confirming the number of entities imported and the number of errors encountered. 16 Click
to copy and paste the contents of the report.
17 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
661
Import tool
Fields that can be imported from a CSV file The following table describes all database fields that can be imported from a CSV file. Field name
Field type
Description
Card format
Unsigned integer or string
Credential card format.You can use one of the following values: • 0 = Standard 26 bits • 1 = HID H10306 34 Bits • 2 = HID H10302 37 Bits • 3 = HID H10304 37 Bits • 4 = HID Corporate 1000 (35 Bits) To specify a custom card format, you must spell it in exactly the same way as you created it. If no card format is specified in a CSV line, the default format specified on the import settings page is used.
{Format} - Field name
See "About card facility code and numbers" on page 665
You can specify a field in a specific card format, including custom card formats. For more information, see "Custom card format editor" on page 670.
{Format} - Field name (previous value)
See "About card facility code and numbers" on page 665
Field of an old credential to replace. These “(previous value)” choices appear only if you selected Replace as Credential operation. For more information, see "Replacing old credentials" on page 666.
Cardholder
As defined by the custom field
Cardholder custom field. For more information, see "Custom field limitations" on page 665.
Cardholder group
String
Name of the cardholder group the cardholder should belong to. If the cardholder group does not exist, it will be created in the same partition as the cardholder.
Credential
As defined by the custom field
Credential custom field. For more information, see "Custom field limitations" on page 665.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
662
Import tool
Field name
Field type
Description
Credential card data
String
The card data field allows the user to fill in the data for both standard and custom card formats. When this field is specified, the facility code and the card number fields are ignored. For all standard card formats, the string must contain the facility code followed by the card number. The accepted separators are the ‘/’ and ‘|’ characters. For example “35/20508” corresponds to Facility code= 35 and Card number = 20508. For a custom card format, the data should be arranged according to the custom card format definition.
Description
String
Cardholder entity description.
Email
String
Cardholder email address.
First name
String
Cardholder first name. This field is part of the default cardholder key.
Last name
String
Cardholder last name. This field is part of the default cardholder key.
Name
String
Credential entity name. If no name is specified, the default value “Imported credential” or “Unassigned imported credential” is used.
Partition
String
Name of the partition the cardholder should belong to. If the partition does not exist, it will be created. If it is not specified, the cardholder is put in the system partition. For more information, see "Differences between Public and System partitions" on page 91.
Partition
String
Name of the partition the credential should belong to. If the partition does not exist, it will be created. If it is not specified, the credential is put in the system partition. For more information, see "Differences between Public and System partitions" on page 91.
Picture
String
Path to a cardholder picture file (bmp, jpg, gif, or png). The path must reference a file located on the local machine or on the network.
PIN
Unsigned integer
Credential corresponding to a PIN. Valid range is between 0 and 65535.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
663
Import tool
Field name
Field type
Description
Status
Boolean
Cardholder status. The following values are accepted (not case sensitive): • 1, True, Yes = Profile enabled • 0, False, No = Profile disabled
Status
String
Credential status. The following values are accepted (not case sensitive): • Active • Inactive • Lost • Stolen • Expired
About minimum required information The information found in the CSV file must be coherent or it will not be accepted by the Import tool. When required information is missing, the Next button in the Bindings page is disabled. Each type of imported entity requires a minimum amount of information. The following table describes what is required for each type of entity. Entity type
Minimum information required
Credential
You have the choice of two credential keys: • Supply all fields required by a given card format. • Supply the Credential card data. If you choose a custom card format, all fields required by your card format must be bound to a column in the CSV file. Otherwise, the CSV file will be rejected. When credential are being imported, either one of these two keys must be present. If both keys are missing values, the line will be discarded. If both keys are present, only the card data is imported.
Cardholder
The default cardholder key is the combination of the cardholder’s first and last name. One of these two fields must be bound to a CSV column if cardholders are to be imported. When cardholders are being imported, all CSV lines must have a value in at least one of these two fields. If not, the line would be discarded.
Cardholder group
Only the cardholder group name is required. Missing the cardholder group will not cause a line to be discarded.
Partition
Only the partition name is required. Missing the partition name will not cause a line to be discarded.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
664
Import tool
Custom field limitations You can import cardholder and credential custom field values from CSV files with the following limitations:
• You cannot import custom fields using the Entity data type. • Custom fields using the Date data type must be imported with the format ‘YYYY-MM-DD’. • The Import tool performance decreases as the number of custom fields per imported record increases.
• When you have a large number of custom fields per record, the number of records you can import at once might also be limited. For example, if your records contain 100 custom fields each, including a 25 KB image data field, you can only import 1000 records at a time. For more information, see "Custom fields" on page 619.
About card facility code and numbers Depending on the card format, the facility code might not be necessary. The card number is always required. The valid number range for the facility code and card number is shown in the table below. This table describes the standard card formats supported by Security Center. Additional card formats can be added with the Custom card format editor. For more information, see "Custom card format editor" on page 670. Card format
Facility code range
Card number range
Standard 26 bits
0 to 255
0 to 65 535
HID H10306 34 Bits
0 to 65 535
0 to 65 535 (also known as “Card ID Numbers”)
HID H10302 37 Bits
Not requireda
0 to 34 359 738 367
HID H10304 37 Bits
0 to 65 535
0 to 524 287
HID Corporate 1000 (35 bits)
0 to 4095 (also known as “Company ID Code”
0 to 1 048 575 (also known as “Card ID Numbers”)
a. If HID H10302 37 Bits is the only card format referenced in your CSV file, it is preferable to bind the card number to the Security Center Card data field instead of the Card number field since the facility code is not required. Because a single value is stored in the Credential card data field, no separator character is needed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
665
Import tool
About entity creations and updates Security Center supports multiple entities with the same name. If a cardholder already exists in Security Center with the same first and last name combination as one being imported, only the first matching cardholder found in the Security Center will be updated (for example, with a new description from the imported CSV file). If there are two cardholder groups with the same name (for example, created in two different partitions) and an imported cardholder is assigned to one of these cardholder groups, the cardholder will be assigned to the first cardholder group found. The same logic also applies to partitions. If the same cardholder is imported twice, each time with a different cardholder group, in the end, the cardholder will belong to both cardholder groups. Again, the same logic applies to partitions. However, the association between cardholders and credentials might be treated differently, depending on whether the credential is part of the cardholder key or not. For more information, see "Add the credential as part of the cardholder key." on page 659. EXAMPLE Suppose that the cardholder key is only composed of the cardholder’s first and last
names. The result of importing the following CSV file is the creation of a new cardholder: First name = Joe, Last name = Dalton, Email
[email protected], and with two card credentials (12/555 and 12/556). First name
Last name
Facility code
Card number
Email
Joe
Dalton
12
555
[email protected]
Joe
Dalton
12
556
[email protected]
However, if the credential is also part of the cardholder key, the same CSV file will generate two separate cardholders with the same first name, last name and email address.
Replacing old credentials Using the Import tool, you can replace old credentials (for example, if you company wishes to replace the ID cards of all its employees with new ones). Before you begin: Create a CSV file with both old and new credential values. Each line must contain both the old credential and the new credential to replace it with. 1 Start the Import tool as usual. For more information, see "Going through the import steps" on page 658. 2 In the Settings page, select Replace as Credentials operation, and click Next. 3 In the Bindings page, bind the old credential values with the fields labelled as (previous value), the new credential values with the fields not labelled as (previous value).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
666
Import tool
NOTE The old and new credential must use the same card format. If the new credentials are to be assigned to the same cardholders, they must also be specified in the CSV file, and cannot be different than the current cardholder of the old credentials.
4 Click Next. The Import tool will change the status of the old credential to Inactive, while creating the new credential as Active. If the cardholders are also imported in the same file, the new credentials will be associated to the cardholders. The result of the operation will be displayed in a summary window. 5 Click
to copy and paste the contents of the report.
6 Click Close.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
667
Copy configuration tool
Copy configuration tool The copy configuration tool helps you save configuration time by copying the settings of one entity to many others that partially share the same settings. NOTE The use of this tool is limited to administrative users.
Using the copy configuration tool When you have many similar entities to configure, you can save time by copying the settings of one entity to others of the same type using the Copy configuration tool. 1 Select the Home page overview and select Tools from the Home menu. 2 Select the Copy configuration tool. The Copy configuration tool wizard window opens.
3 Select an entity type and click Next. 4 Select the source entity you want to copy the settings from, and click Next. 5 Select the options (groups of settings) you want to copy, and click Next.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
668
Copy configuration tool
6 Select the destination: entities you want to copy the settings to, and click Next. The copying process starts. 7 Click Close when the copying process is completed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
669
Custom card format editor
Custom card format editor The custom card format editor is a Synergis-specific tool that allows you to define your own card formats. It is available from the Access control task, General settings view. NOTE This tool is only available to administrative users.
Related topics:
•"Using custom card formats" on page 287
Defining custom card formats The Custom card format editor allows you to define custom card formats manually or to import them from XML files. A
B
C D
E
F G
A
Fixed value field (indicated by the padlock
B
Card format name and description listed in the Access control task, General settings view.
C
Format used to display Credential code in reports.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
icon).
670
Custom card format editor
D
Select the card format type and length before defining the fields.
E
Field designated as the sequence generator (indicated by the plus
F
Validate the format with pre-enrolled credentials.
G
Import/export card format from XML file.
icon).
To define a new custom card format: 1 From the Home page in Config Tool, open the Access control task. 2 Select the General settings view. 3 Below Custom card formats, click (
) to open the Custom card format editor.
4 Enter the Name and Description of the custom card format. 5 Specify the Card format type and Format length.
Wiegand (8 to 128 bits)
ABA (2 to 32 characters)
6 Define the data fields that constitute the custom card format. The total length of the fields cannot exceed the format length.
For more information, see "Defining Wiegand fields" on page 672.
For more information, see "Defining ABA fields" on page 674.
7 (Optional) For Wiegand, you might have to add parity check bits to the format. For more information, see "Adding parity checks" on page 673. 8 (Optional) For Wiegand, you can designate one field as the sequence generator. The sequence generator is used in to let you enroll a range of credentials in bulk.
The field designated as the sequence generator allows you to define a range of values for bulk credential enrollment in Security Desk
For more information regarding the credential enrollment task, see “Credential enrollment” in the Security Desk User Guide. 1 (Optional) Enter the format string for printing the credential code.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
671
Custom card format editor
The credential code is the printed form of the credential data. It is an optional column that is available in most access control related reports. The Code format string tells the system how to print the credential data. To include a field in the credential code, the field name must be specified in the code format string as it is spelled in the card format field definition, between curly brackets “{ }”. The field names are case-sensitive. Any other characters in the format string that are not found between curly brackets are printed as is. For example, with the format string “{Facility}/{Card Number}”, a credential with the respective field values 230 and 7455 will be printed as “230/7455”. 2 (Optional) Validate the new custom card format with a pre-enrolled credential. Click Validate with credential, select a pre-enrolled credential from the Search tool, and click OK. 3 (Optional) Click Export to save the custom card format to an XML file. Exporting the custom card format to an XML file allows you to import that same card format definition to other Synergis systems. 4 Click OK to close the Custom card format editor dialog box. 5 Click Apply.
Defining Wiegand fields A Wiegand field is composed of a series of bits. The maximum field length is 63 bits. To add a new Wiegand field, click in the Wiegand fields section of the Custom card format editor dialog box. The following dialog appears.
The mask specifies the bits that are part of the field. The bits are named according to their respective position in the card format, starting from 0. You can enter the mask as a list of comma-separated bit positions or as a range of bit positions. For example, the mask “1,2,3,4,5,6,7,8” can also be written as “1-8” or “1-4,5-8”. Note that the order of the bits within the field is important. Therefore, “1,2,3,4” is not the same as “4,3,2,1”. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
672
Custom card format editor
As you define each field, it appears graphically in the Wiegand fields section.
NOTE The order of the fields within the format is important. It corresponds to the order that field values are read from the Credential card data when using the Import tool. For more information, see "Import cardholders from a flat file" on page 284.
Adding parity checks If you are defining a Wiegand card format, you can add parity checks to strengthen the validation of your credentials.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
673
Custom card format editor
To add a parity check: 1 Click
in the Parity checks section.
The Parity check dialog box opens.
2 Select the type of parity check (Even or Odd), the position of the Parity bit in the card format (starts at 0), and the bits that should be evaluated (Mask). The syntax of the parity check mask is the same as the data field mask, except that in this case, the order of the bits is not important. 3 Click OK. As parity checks are defined, they appear in the Parity checks list.
NOTE The order of the parity checks in the list is important. It corresponds to the order in
which the parity checks are evaluated. The mask of a subsequent parity check can include the parity bit of a previous parity check and their masks can overlap.
Defining ABA fields ABA field length is measured in characters (4 bits each). The maximum ABA field length is 18 characters, or up to the card format length, whichever comes first. The maximum ABA card format length is 32 characters or 128 bits.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
674
Custom card format editor
To add a new ABA field, click dialog box.
in the ABA fields section of the Custom card format editor
There are three types of ABA fields:
• Delimiter. This type of field specifies a delimiter character, typically used at the beginning or the end of the card format.
• Sized. This is a fixed-length field. The length is specified in characters (4 bits each). The field can contain a fixed value. The field length must be long enough to hold the fixed value.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
675
Custom card format editor
• Delimited. This is a variable length field. You must specify a maximum length (as 4-bit characters) and a delimiter character.
As you define each field, it appears graphically in the ABA fields section.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
676
Custom card format editor
NOTE The order of the fields within the format is important for two reasons:
It defines the card format. It corresponds to the order the field values are read from the Credential card data when using the Import tool. For more information, see "Import cardholders from a flat file" on page 284.
Deleting a custom card format If a custom card format is deleted from Security Center, all credentials using that format appears as ‘Unknown’, but the credentials are still granted access at the doors.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
677
Options dialog box
Options dialog box The Options dialog box lets you configure the Config Tool options on your local workstation. The settings are saved one of the following ways:
•Saved as local settings for your Windows user profile •Saved as local settings for the workstation (applies to Config Tool and Security Desk, for all users) •Saved in the Directory database for your Security Center user profile Related topics:
• "Config Tool interface tour" on page 13 The Options dialog box contains the following option tabs: Tab
Description
See "General options" on page 679.
See "Keyboard shortcuts" on page 681.
See "Visual options" on page 683.
See "User interaction options" on page 685.
See "Video options" on page 688.
See "Performance options" on page 689.
See "Date and time options" on page 690.
See "External devices" on page 691.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
678
Options dialog box
General options The General tab allows you to configure the general behavior of Config Tool.
User logon options This group of settings controls the behavior of the Logon dialog box. The settings apply to the local workstation, and affect Security Desk and Config Tool for all users. Changes you make will only take effect the next time a user starts Security Desk or Config Tool.
• Force Windows credentials. (Active Directory required). Select this option to force the use of Windows credentials for logon. For this option to work, the users who are expected to log on via this machine must be imported from an Active Directory. For more information, see "Importing users from an Active Directory" on page 102.
• Force Directory to. Restrict the access of all users to a specified Directory. • Prevent connection redirection to different Directory servers. This option is meaningful only if you are using Directory load balancing. Select this option if you want to bypass the default load balancing behavior, and only connect to the Directory specified by the user in the connection dialog box.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
679
Options dialog box
CAUTION If you use the Force Directory to option, and a mistake has been made (for example
a typo in the Directory name), the next time the user tries to log on, they might be stuck in an endless loop, unable to connect to the wrong server. The logon attempts can be stopped by clicking Cancel, but no Directory field appears to correct the misspelled Directory name.
• The solution is to cancel the logon attempts, and the hold the CTRL key and SHIFT key while clicking Log on. This will force the Directory field to be displayed.
NOTE The same keyboard and mouse-click shortcut can be used to override the Force Windows credentials option if it has been applied.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
680
Options dialog box
Network options The network settings apply to the local workstation, and affect Security Desk and Config Tool for all users.
• Network card. If your computer is equipped with more than one network card, select the one used to communicate with Security Center applications.
• Network. Config Tool can automatically detect the network your workstation is connected to. If you have trouble getting your video feeds, set this option to Specific, and manually select the network you are on.
• Incoming UDP port range. Port range used for transmitting video to your workstation using multicast or unicast UDP.
Keyboard shortcuts The Keyboard shortcuts tab allows you to define or change the keyboard shortcuts mapped to frequently used commands in Config Tool. The keyboard shortcut configuration is saved as part of your user profile and applies to Security Desk and Config Tool.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
681
Options dialog box
Assign or change a keyboard shortcut A keyboard shortcut can only be assigned to a single command. Assigning an existing keyboard shortcut to a new command removes it from the previous command. 1 In the Command column, select the command you want to assign a keyboard shortcut to. If a keyboard shortcut is already assigned to this command, you must remove it before you can assign a new one. 2 Click Add an item (
) and press the desired key combination.
If the shortcut is already assigned to another command, you will get a popup message.
Click Cancel to choose another shortcut.
Click Assign to assign the shortcut to the selected command.
3 Change another shortcut, or click Save to apply your changes.
Export your keyboard shortcut configuration You can export your keyboard shortcut configuration to an XML file and import it to another workstation. 1 At the bottom of the Keyboard shortcuts tab, click Export. 2 Select a file name in the dialog box that appears. 3 Click Save to close the file browser dialog box.
Import your keyboard shortcut configuration You can import the keyboard shortcut configuration exported from another workstation. 1 Click Import at the bottom of the Keyboard shortcuts tab. 2 Select a file name in the dialog box that appears. 3 Click Open. The file browser dialog box closes. 4 Click Save to save your changes, and close the Options dialog box.
Restore the default keyboard shortcut configuration 1 At the bottom of the Keyboard shortcuts tab, click the Restore default button. 2 Click Save to save your changes, and close the Options dialog box. For more information, see "Default keyboard shortcuts" on page 765.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
682
Options dialog box
Visual options The Visual tab allows you to configure the position of the taskbar inside the Config Tool window, and the icons displayed in the notification tray. The visual options are saved as part of your user profile and apply to Security Desk and Config Tool.
Taskbar
• Taskbar position. Select the edge (Top, Bottom, Right, Left) of the application window where you want the taskbar to be displayed. See "Home page overview" on page 14.
• Auto-hide the taskbar. Select this option to show the taskbar only when the mouse cursor hovers over the edge of the application window where the taskbar is set to appear. NOTE This option hides both the taskbar and the Notification tray.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
683
Options dialog box
Notification tray You can use the Tray options to control what to display in the notification tray.
From the drop-down list beside the icons in the Visual page of the Options dialog box, choose to Show, Hide, or Show notifications only for that item. The following table lists the notification tray icons, and what you can use them for: Icon
Name
Description
Clock
Shows the local time. Hover your mouse pointer over that area to see the current date in a tooltip. To customize the time display, see "Date and time options" on page 690.
CPU meter
Shows the CPU usage on your computer. Hover your mouse pointer over the icon to view the CPU usage percentage.
Session info
Shows the current username and Security Center Directory name. Click to toggle between the long and short display.
Volume
Shows the volume setting (0 to 100) of Config Tool. Click to adjust the volume using a slider, or to mute the volume.
Warning
Shows the number of messages (errors, warnings, and messages), and health events on your system. Double-click to open the Notifications dialog box to read and review the messages. For more information, see "Viewing system messages" on page 168. • If there are health errors, the icon turns red ( ). • If there are warnings, the icon turns yellow. • If there are only messages, the icon turns blue.
Firmware upgrade
Appears only when there are unit firmware upgrades currently under way. The upgrade count is displayed over the icon. Double-click the icon to view the details.
Database action
Appears only when there are database upgrades currently under way. The upgrade count is displayed over the icon. Double-click the icon to view the details.
Add unit status
Appears only when there are newly added units in the system. The unit count is displayed over the icon. Double-click the icon to view the details.
Card requests
Shows the number of pending requests for credential cards to be printed ( ). Double-click to open the Card requests dialog box and respond to the request. For more information, see “Respond to a card request” in the Security Desk User Guide.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
684
Options dialog box
Icon
Name
Description
Video file conversion
Shows the number of G64 files currently being converted to ASF format (
). Double-click to open the Conversion to ASF dialog box and
view the status of the conversion. When the icon changes to , the file conversion is complete. For more information, see “Convert video files to ASF” in the Security Desk User Guide. Video export
Shows the number of video sequences currently being exported ( ). Double-click to open the Export dialog box and view the status of the export. When the icon changes to , the export is complete. For more information, see “Export video” in the Security Desk User Guide.
User interaction options The User interaction tab allows you to configure the user interaction behavior in Config Tool.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
685
Options dialog box
System messages These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
• Display warning if query may take a long time to execute. Select this option if you want Config Tool to display a warning message every time you are about to execute a query that might take a long time. See the sample message below.
• Ask for a name when creating a task. Select this option if you want Config Tool to ask you for a name every time you create a task that accepts multiple instances.
• Ask for confirmation before closing a task. Select this option if you want Config Tool to ask for confirmation every time you remove a task from the interface.
UI enhancement These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
• Show logical ID. Select this option if you want the logical ID to be displayed in brackets after an entity name in the Logical view.
• Show Active Directory domain name where it is applicable. Displays username and domain name when Active Directory integration is used.
When an active task is updated When someone updates a public task you have in your active task list, Config Tool can behave one of three ways. This setting is saved as part of your user profile and applies to Security Desk and Config Tool.
• Ask user. Ask you before loading the updated task definition. • Yes. Reload without asking. • No. Never reload. Administrative tasks When you rename an entity that represents a hardware unit, such as an access control unit or a video unit, Config Tool can behave one of three ways. This settings is saved as part of your administrator user profile. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
686
Options dialog box
• Ask user. Ask you before renaming all related devices. • Yes. Rename all related devices without asking you. • No. Never rename the related devices. On application exit When you exit Config Tool, if you have unsaved changes to your active task list, Config Tool can behave one of three ways. This setting is saved as part of your user profile and applies to Security Desk and Config Tool.
• Ask user. Ask you before saving your task list. • Yes. Save without asking. • No. Never save. Advanced When you create new entities, they can automatically be added as members of a partition. This setting is saved as part of your user profile.
• From the drop-down list, select a default partition, and then click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
687
Options dialog box
Video options The Video tab allows you to configure the options related to how video is handled in Config Tool.
Advanced settings The following video settings apply to the local workstation, and affect Security Desk and Config Tool for all users. However, they mainly apply to Security Desk. NOTE After changing those settings, you need to restart Security Desk.
• Out of process media components. Select whether the video signals are decoded by an inprocess or out-of-process component.
An in-process component is an application (implemented as a .dll) that runs in the same processing space as the client application (Security Desk). The advantage of this option is that the video signals are decoded quickly. An out-of-process component is a stand-alone executable program (.exe) which resides on the local computer or a remote computer, and can be accessed by Security Desk. Since the processing is done outside of Security Desk’s memory, the advantage of this option is the increased stability and performance of the decoding.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
688
Options dialog box
• All in the same process. Selecting this option when the Out of process media components is turned ON means that regardless of the number of cameras being viewed, their video decoding are all handled by one decoding process.
• Components per process. This setting can be adjusted between 1 and 16. It refers to how many cameras can be decoded by a single decoding process. Setting this value to 1 means that each camera being displayed uses its own decoding process.
• Enable deinterlacing. Select this option to help reduce the jagged effect around straight lines during movement in interlaced video streams.
Performance options The Performance tab allows you to configure the options related to how queries are handled in Config Tool. These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Reports
• Maximum number of results. Whenever you generate a report using one of the reporting tasks, the maximum number of results that can be returned by the query is limited by the parameter you set here. This limit ensures stable performance when too many results are gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
689
Options dialog box
returned. When the query reaches the specified limit, it automatically stops with a warning message. The maximum value you can set is 2,000. TIP There is a way to bypass the limit of 2,000 results. You need to save your reporting task as a public task, and manually launch the action E-mail a report using the task you just saved as a parameter. This can be done from a scheduled task. In this case, the report is not displayed in Config Tool, and the number of results is limited to 10,000. For more information, see "Using scheduled tasks" on page 109.
Date and time options The Date and time tab allows you to configure the time display behavior on this workstation. These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
Time zone abbreviations
• Display time zone abbreviations. Select this option to add the time zone abbreviation to all time displays.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
690
Options dialog box
External devices The External devices tab allows you to enable or disable access control devices, such as USB readers, signature pads, card scanners, and so on. For example, if you disable the option to use USB readers, then when you want to present a card credential, you can only use a door, not a USB reader on someone’s desk. These settings are saved locally for your Windows user profile. Next to each external device, set the option ON or OFF, and then click Save.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
691
Adding shortcuts to external tools
Adding shortcuts to external tools You can add shortcuts to frequently used external tools and applications in the Tools page in Config Tool, by modifying the ToolsMenuExtensions.xml file. This file is located in C:\Program files (x86)\Genetec Security Center 5.2\ on a 64 bit computer, and in C:\Program files\Genetec Security Center 5.2\ on a 32 bit computer.
The original content of this file looks as follows: Notepad c:\windows\notepad.exe c:\SafetyProcedures.txt Calculator c:\windows\system32\calc.exe Paint c:\windows\system32\mspaint.exe
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
693
17 User privileges This section describes all privilege hierarchies in Security Center by category. This section includes the following topics:
• • • • •
"Application privileges" on page 695 "General privileges" on page 696 "Administrative privileges" on page 697 "Task privileges" on page 704 "Action privileges" on page 708
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
694
Application privileges
Application privileges Application privileges
• •
Config Tool. Allows the user to run Config Tool. Security Desk. Allows the user to run Security Desk.
• • • • •
grant access to the Security Center applications.
Change client views. Allows the user to change the Security Desk window size and position. Without this privilege, the user cannot log off or close Security Desk, and Security Desk stays locked in full screen mode. The Restore Down commands and the F11 key (used to switch between full screen and windowed mode) are also disabled. See also "Force Security Desk to run in full screen mode" on page 95. Change Security Desk options. Allows the user to change the Security Desk options through the Options dialog box (CTRL+O). Change tile content. Allows the user to change what is displayed in each tile. Change tile pattern. Allows the user to change the tile pattern. Change workspace. Allows the user to add and remove tasks from their active task list. The only exception to the rule is the Video file player task that does not need the user to be connected to the Directory to open. Start/Stop task cycling. Allows the user to start and stop task cycling, and to change the task dwell time. Web Client. Allows the user to use the Web Client.
Global Cardholder Synchronizer. Allows a sharing guest to log on via the Global Cardholder Synchronizer role to the local system. The local system is the sharing host. Log on using the SDK. Allows the user to run SDK applications. Mobile application. Allows a Mobile application to connect to the local system. Federation. Allows a federation role (Omnicast Federation or Security Center Federation) from the host system to connect to the local system. The local system is the one being federated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
695
General privileges
General privileges General privileges
• • • •
grant access to the generic Security Center features.
View Web pages. Allows the user to view the URL associated to tile plugins in Security Desk. Change own password. Allows the user to change their own password. Print/export reports. Allows the user to print and save reports to files. Remove entries from a report. Allows the user to remove selected entries from reports in Security Desk.
•
Report incidents. Allows the user to report the incidents in the Security Desk.
Modify reported incidents. Allows the user to modify incident reports in the Security Desk
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
696
Administrative privileges
Administrative privileges Administrative privileges Config Tool.
• • • • • •
grant access to the configuration of Security Center entities via
"Logical entities" on page 697 "Physical entities" on page 697 "Schedule Management" on page 700 "Access control management" on page 701 "Alarm management" on page 703 "LPR management" on page 703
Logical entities • View areas • View tile plugins View areas Allows the user to view area configurations.
•
Modify areas. Allows the user to modify area configurations. Add/delete areas. Allows the user to add or delete area entities.
View tile plugins Allows the user to view tile plugin configurations.
•
Modify tile plugins. Allows the user to modify tile plugin configurations.
Add/delete tile plugins. Allows the user to add or delete tile plugin entities.
Physical entities • • • • • • • • •
View access control units View analog monitors View assets View cameras View cash registers View doors View elevators View LPR units View output behaviors
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
697
Administrative privileges
• • • • • •
View Patrollers View zones View camera sequence View video units View intrusion areas View intrusion detection units
View access control units Allows the user to view access control unit configurations.
•
Initiate access control unit firmware upgrade. Allows the user to initiate access control unit firmware upgrade.
•
Modify access control units. Allows the user to modify access control unit configurations and to swap units. For more information, see Unit swap utility on page 163.
•
Add/delete access control units. Allows the user to add or delete access control units. This includes unit discovery and enrollment. For more information, see Unit discovery on page 142. Reset access control units. Allows the user to reset access control units.
View analog monitors Allows the user to view analog monitor configurations.
•
Modify analog monitors. Allows the user to modify analog monitor configurations.
View assets Allows the user to view asset configurations.
•
Modify assets. Allows the user to modify asset configurations.
Add/delete assets. Allows the user to add or delete asset entities.
View cameras Allows the user to view camera configurations.
•
Modify Cameras. Allows the user to modify camera configurations.
Analytic. Allows the user to modify edge video analytics rules and settings.
View cash registers Allows the user to view cash register configurations.
•
Modify cash registers. Allows the user to modify cash register configurations.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
698
Administrative privileges
Add/delete cash registers. Allows the user to add or delete cash register entities.
View doors Allows the user to view door configurations.
•
Modify doors. Allows the user to modify door configurations.
Add/delete doors. Allows the user to add or delete door entities.
View elevators Allows the user to view elevator configurations.
•
Modify elevators. Allows the user to modify elevator configurations.
Add/delete elevators. Allows the user to add or delete elevator entities.
View LPR units Allows the user to view LPR unit configurations.
•
Modify LPR units. Allows the user to modify LPR unit configurations.
•
Add/delete elevators. Allows the user to add or delete LPR units. Reset LPR units. Allows the user to reset LPR units.
View output behaviors Allows the user to view output behavior configurations.
•
Modify output behaviors. Allows the user to modify output behavior configurations.
Add/delete output behaviors. Allows the user to add or delete output behaviors.
View Patrollers Allows the user to view Patroller configurations.
•
Modify Patrollers. Allows the user to modify Patroller configurations.
Add/delete Patrollers. Allows the user to add or delete Patrollers.
View zones Allows the user to view zone configurations.
•
Modify zones. Allows the user to modify zone configurations.
Add/delete zones. Allows the user to add or delete zone entities.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
699
Administrative privileges
View camera sequence Allows the user to view camera sequence configurations.
•
Modify camera sequence. Allows the user to modify camera sequence configurations.
Add/delete camera sequence. Allows the user to add or delete camera sequence entities.
View video units Allows the user to view video unit configurations.
•
Initiate video units firmware upgrade. Allows the user to initiate video unit firmware upgrade.
•
Modify video units. Allows the user to modify video unit configurations.
Add/delete video units. Allows the user to add or delete video units.
View intrusion areas Allows the user to view intrusion detection area configurations.
•
Modify intrusion areas. Allows the user to modify intrusion detection area configurations.
Add/delete intrusion areas. Allows the user to add or delete intrusion detection areas.
View intrusion detection units Allows the user to view intrusion detection unit configurations.
•
Modify intrusion detection units. Allows the user to modify intrusion detection unit configurations.
Add/delete intrusion detection units. Allows the user to add or delete intrusion detection units.
Schedule Management • View scheduled tasks • View schedules View scheduled tasks Allows the user to view scheduled task configurations.
•
Modify scheduled tasks. Allows the user to modify scheduled task configurations.
Add/delete scheduled tasks. Allows the user to add or delete scheduled tasks.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
700
Administrative privileges
View schedules Allows the user to view schedule configurations.
•
Modify schedules. Allows the user to modify schedule configurations.
Add/delete schedules Allows the user to add or delete schedules.
Access control management • • • • • • •
Convert shared entities to local entities View access rules View badge templates View cardholder groups View cardholders View credentials View visitors
Convert shared entities to local entities Allows the user to convert shared global entities to local entities.
View access rules Allows the user to view access rule configurations.
•
Modify access rules. Allows the user to modify access rule configurations.
Add/delete access rules. Allows the user to add or delete access rules.
View badge templates Allows the user to view badge template configurations.
•
Modify badge templates. Allows the user to modify badge template configurations.
Add/delete badge templates. Allows the user to add or delete badge templates.
View cardholder groups Allows the user to view cardholder group configurations.
•
Modify cardholder groups. Allows the user to modify cardholder group configurations.
Add/delete cardholder groups. Allows the user to add or delete cardholder groups.
Modify custom fields. Allows the user to modify the cardholder group custom fields.
View cardholders Allows the user to view cardholder configurations. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
701
Administrative privileges
•
Modify cardholders. Allows the user to modify cardholder configurations.
Add/delete cardholders. Allows the user to add or delete cardholders. Change cardholder options. Allows the user to change the cardholder options, namely, Use extended grant time and Bypass antipassback rules. Change status. Allows the user to change the cardholder status, and activation and expiration dates. Modify credential information. Allows the user to modify the card format, facility code, card number and cardholder PIN.
Modify custom fields. Allows the user to modify the cardholder custom fields.
Modify name. Allows the user to change the cardholder name.
Take/edit picture. Allows the user to take or edit the cardholder picture.
View credentials Allows the user to view credential configurations.
•
Modify credentials. Allows the user to modify credential configurations.
Add/delete credentials. Allows the user to add or delete credentials. Change status. Allows the user to change the credential status, and activation and expiration dates. Modify cardholder/credential association. Allows the user to assign and remove credentials from a cardholder.
Modify custom fields. Allows the user to modify the credential custom fields.
Modify name. Allows the user to change the credential name.
Print badges. Allows the user to print badges.
View advanced credential info. Allows the user to view the credential information such as the Wiegand fields (facility code and card number) and PINs.
View visitors Allows the user to view visitor configurations.
•
Modify visitors. Allows the user to modify visitor configurations.
Check-in/check-out visitors. Allows the user to check-in and check-out visitors.
Modify custom fields. Allows the user to change the visitor custom fields.
Take/edit picture. Allows the user to take or edit the visitor picture.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
702
Administrative privileges
Alarm management • View alarms • View monitor groups View alarms Allows the user to view alarm configurations.
•
Modify alarms. Allows the user to modify alarm configurations.
Add/delete alarms. Allows the user to add or delete alarm entities.
View monitor groups Allows the user to view monitor group configurations.
•
Modify monitor groups. Allows the user to modify monitor group configurations.
Add/delete monitor groups. Allows the user to add or delete monitor group entities.
LPR management • View LPR rules View LPR rules Allows the user to view LPR rule configurations. These include hotlists, overtime rules, permits, permit restrictions, and parking facilities.
•
Modify LPR rules. Allows the user to modify LPR rule configurations.
Add/delete LPR rules. Allows the user to add or delete LPR rules.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
703
Task privileges
Task privileges Task privileges
control the accessibility of the Security Desk tasks.
Manage private tasks Allows the user to manage private task configurations.
View public tasks Allows the user to view public task configurations.
•
Modify public tasks. Allows the user to modify public task configurations.
Add/delete public tasks. Allows the user to add or delete public tasks.
Administration
• • • • • • •
Logical view. Allows the user to run the Logical view task. System. Allows the user to run the System task. Video management. Allows the user to run the Video task. Access control. Allows the user to run the Access control task. Intrusion detection. Allows the user to run the Intrusion detection task. LPR. Allows the user to run the LPR task. Plugins. Allows the user to run the Plugins task.
Operation
• • • • • •
• •
Monitoring. Allows the user to create/run monitoring tasks. Cardholder management. Allows the user to create/run cardholder management tasks. Visitor management. Allows the user to create/run visitor management tasks. People counting. Allows the user to create/run people counting tasks. Credential enrollment. Allows the user to create/run credential enrollment tasks. Inventory management. Allows the user to create/run the inventory management task. This privilege allows the user to create inventories, but not to modify or delete the offloaded reads. See Modify/delete LPR reads that are not part of an inventory under "Action privileges" on page 708. Hotlist and permit editor. Allows the user to create/run hotlist and permit editor tasks. Remote. Allows the user to monitor and control other Security Desk workstations and monitors using the Remote task.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
704
Task privileges
Investigation
•
Access control
Area activities. Allows the user to create/run area activity reports.
Door activities. Allows the user to create/run door activity reports.
Cardholder activities. Allows the user to create/run cardholder activity reports.
Visitor activities. Allows the user to create/run visitor activity reports.
Area presence. Allows the user to create/run area presence reports.
Time and attendance. Allows the user to create/run time and attendance reports.
Credential activities. Allows the user to create/run credential activity reports.
•
Elevator activities. Allows the user to create/run elevator activity reports. Visit details. Allows the user to create/run visitor detail reports. Asset management
Asset activities. Allows the user to create/run asset activity reports.
Asset inventory. Allows the user to create/run asset inventory reports.
•
Intrusion detection
•
Intrusion detection area activities. Allows the user to create/run intrusion detection area activity reports. Intrusion detection unit events. Allows the user to create/run intrusion detection unit event reports. LPR
Hits. Allows the user to create/run hit reports.
Reads. Allows the user to create/run read reports.
Route playback. Allows the user to create/run route playback tasks.
Inventory report. Allows the user to create/run parking facility inventory reports.
•
Credential request history. Allows the user to create/run credential request history reports.
Daily usage per Patroller. Allows the user to create/run daily usage per Patroller reports.
Logons per Patroller. Allows the user to create/run logons per Patroller report.
Reads/hits per day. Allows the user to create/run reads/hits per day reports.
Reads/hits per zone. Allows the user to create/run reads/hits per zone reports.
Zone occupancy. Allows the user to create/run zone occupancy reports. Video
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
705
Task privileges
Archives. Allows the user to create/run archive reports.
Bookmarks. Allows the user to create/run bookmark reports.
Motion search. Allows the user to create/run motion search reports.
Camera events. Allows the user to create/run camera event reports.
• • •
Forensic search. Allows the user to create/run forensic search reports. Transactions. Allows the user to create/run point of sale reports. Incidents. Allows the user to create/run incident reports. Zone activities. Allows the user to create/run zone activity reports.
Maintenance
•
Access control
•
• • • • •
Access control health history. Allows the user to create/run access control health history reports. Access control unit events. Allows the user to create/run access control unit event reports. Cardholder access rights. Allows the user to create/run cardholder access rights reports. Door troubleshooter. Allows the user to create/run Access troubleshooter reports. Access rule configuration. Allows the user to create/run access rule configuration reports. Cardholder configuration. Allows the user to create/run cardholder configuration reports. Credential configuration. Allows the user to create/run credential configuration reports. IO configuration. Allows the user to create/run IO configuration reports. Video
Archiver events. Allows the user to create/run archiver event reports.
Archive storage details. Allows the user to create/run archive storage detail reports. System status. Allows the user to create/run system status reports. Audit trails. Allows the user to create/run audit trail reports. Hardware inventory. Allows the user to create/run hardware inventory reports. Health history. Allows the user to create/run health history reports. Activity trails. Allows the user to create/run activity trail reports.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
706
Task privileges
Alarm Management
• •
Alarm monitoring. Allows the user to create/run the alarm monitoring task. Alarm report. Allows the user to create/run alarm reports.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
707
Action privileges
Action privileges Action privileges
control the actions that can be performed on the Security Center entities.
Set threat level Allows the user to manage threat level configurations.
Cameras
• • •
Audio (talk/listen). Allows the user to use the talk and listen commands. Block and Unblock video. Allows the user to block and unblock video streams from other users. Protect video from deletion. Allows the user to protect video against automatic deletion. Remove video protection. Allows the user to remove video protection.
•
View live video. Allows the user to view live video from cameras.
Digital zoom. Allows the user to use the digital zoom function.
Override video quality. Allows the user to override the video quality settings.
Record manually. Allows the user to start/stop recordings manually.
Add bookmarks. Allows the user to add bookmarks. Edit bookmark. Allows the user to edit bookmarks.
Delete bookmark. Allows the user to delete bookmarks.
Save/print snapshots. Allows the user to save/print snapshots.
PTZ motor privileges Lock PTZ. Allows the user to lock the PTZ.
Use auxiliaries. Allows the user to use the auxiliary controls.
Set auxiliaries. Allows the use to rename the auxiliaries. Use patterns. Allows the user to use the camera patterns.
Override PTZ locks. Allows the user to override PTZ locks.
Edit patterns. Allows the user to edit or rename the camera patterns.
Use specific commands. Allows the user to use the PTZ specific commands and the menu mode. Perform basic operations. Allows the user to perform basic PTZ operations. Change focus and iris settings. Allows the user to change the focus and iris settings.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
708
Action privileges
Use presets. Allows the user to use the camera presets.
Edit presets. Allows the user to edit or rename the camera presets.
View playback. Allows the user to view playback video.
Export video. Allows the user to export recorded video.
Use ASF format. Allows the user to export to ASF format.
Access Control
•
Doors
Explicitly unlock doors. Allows the user to explicitly unlock doors.
Override unlock schedules. Allows the user to override unlock schedules. Maintenance mode. Allows the user to put the door in maintenance mode.
Forgive antipassback violation. Allows the user to forgive antipassback violations.
Silence\Sound buzzer. Allows the user to silence or sound a door buzzer.
Alarms
• • • •
Acknowledge alarms. Allows the user to acknowledge alarms. Forward alarms. Allows the user to forward alarms. Snooze alarms. Allows the user to snooze alarms. Trigger alarms. Allows the user to trigger alarms.
Users
• • • • • • • •
Display entity in SD. Allows the user to display an entity in Security Desk. Email a report. Allows the user to email reports to other users. Play a sound. Allows the user to send and play sound files to other users. Send a message. Allows the user to send text messages to other users. Send an email. Allows the user to send emails to other users. Send/clear task. Allows the user to use the Send task/Clear tasks actions. Start/Stop camera sequence. Allows the use to start/stop a camera sequence. Trigger output. Allows the user to trigger output.
Macros
•
Execute Macros. Allows the user to execute macros.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
709
Action privileges
LPR reads/hits
• • •
View live covert hits. Allows the user to view live covert hits in Security Desk. Protect/unprotect LPR reads. Allows the user to protect/unprotect LPR reads and hits against automatic deletion. Modify/delete reads that are not part of an inventory. Allows the user to modify/ delete LPR reads that are not yet committed to a parking facility inventory.
Zones
•
Arm/Disarm zones. Allows the user to arm/disarm zones.
Areas
•
Reset people count. Allows the user to reset the people count.
Intrusion detection
•
Arm/Disarm intrusion detection areas. Allows the user to arm/disarm intrusion detection areas.
•
Trigger intrusion alarm. Allows the user to trigger alarms on intrusion panels.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
710
18 Reporting task reference This section lists the query filters and report pane columns available in Config Tool maintenance tasks. This section includes the following topics:
• "Query filters" on page 712 • "Report pane columns" on page 723
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
711
Query filters
Query filters Before generating a report, you must filter your query. This section lists the query filters available for each reporting task. This list is organized alphabetically by query filter. Associated application
Query filter
Associated reports
Accept reasons
• Hits
• Security Desk • Web Client
Reason selected by the Patroller user when enforcing a hit. Accept reasons are created and customized in Config Tool.
Access control units
• Access control unit events • IO configuration
• Config Tool • Security Desk
Select the access control units to investigate.
Access rule
• Access rule configuration
• Config Tool • Security Desk
Select the access rule to investigate.
Acknowledged by
• Alarm report
• Security Desk • Web Client
Users who acknowledged the alarm.
Acknowledged on
• Alarm report
• Security Desk • Web Client
Alarm acknowledgement time range. For more information, see.
Action taken
• Hits
• Security Desk • Web Client
Patroller hit actions (Accepted, Rejected, Not enforced) selected by the Patroller user. For fixed Sharps, a hit raised by the Hit Matcher module is always automatically Accepted and Enforced.
Acknowledgement type
• Alarm report
• Security Desk • Web Client
Check one of the following acknowledgement type options: • Alternate. Alarm was acknowledged by a user using the alternate mode. • Default. Alarm was acknowledged by a user, or auto-acknowledged by the system. • Forcibly. An administrator forced the alarm to be acknowledged.
Activation date
• Visit details
• Security Desk • Web Client
Time the visitor’s profile was activated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
712
Query filters
Associated application
Query filter
Associated reports
Description
Activities
• Activity trails
• Config Tool • Security Desk • Web Client
Select the activities to investigate.
• Credential request history
• Security Desk
Select which badge printing activities to investigate. • Credential request. When a user requests a badge printing job. • Credential request cancelled. When a user cancels a badge printing job. • Credential request completed. When a user prints a badge from the queue.
Advanced search
• Inventory report
• Security Desk
By default, LPR images are not displayed in the Inventory report. To view images, click Get images. NOTE To prevent performance issues, plate images are not displayed if a report includes more than a thousand rows.
Alarm priority
• Alarm report
• Security Desk
Alarm priority. NOTE All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool.
Alarms
• Alarm report
• Security Desk • Web Client
Select the types of alarms you want to investigate. Alarms can be locally defined ( or imported from federated systems ( ).
),
Annotation fields
• Hits
• Security Desk • Web Client
Patroller hit annotations used by the Patroller user. For information about creating and configuring annotation fields, see the AutoVu Handbook.
Application
• Activity trails • Audit trails
• Config Tool • Security Desk • Web Client
Which client application was used for the activity.
Archiver
• Archiver events
• Config Tool • Security Desk
Select the Archivers to investigate.
Areas
• Area activities • Area presence • Time and attendance
• Security Desk • Web Client
Select the areas to investigate. NOTE For the Time and attendance and Area presence tasks, select a fully secured area.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
713
Query filters
Associated application
Query filter
Associated reports
Cameras
• Archives • Archive storage details • Bookmarks • Camera events • Forensic search
• Config Tool • Security Desk
Cardholders
• Area activities • Cardholder activities • Credential configuration • Credential request history • Door activities • Elevator activities • Time and attendance
• Config Tool • Security Desk • Web Client
Cardholder groups
• Cardholder configuration
• Config Tool • Security Desk • Web Client
Select the cardholder groups to investigate.
Compare with
• Inventory report
• Security Desk
Compare entities with a source entity (see "Source (entity)" on page 720).
Creation time
• Incidents
• Security Desk
Incidents created/reported within the specified time range.
Credentials
• Cardholder activities • Credential activities • Credential request history • Door activities • Elevator activities
• Security Desk • Web Client
Restrict the search to certain credentials.
Custom fields
• Most reports
• Config Tool • Security Desk • Web Client
If custom fields are defined for the entity you are investigating, they can be included in this report. NOTE You might not see the custom fields filter, depending on whether your user is configured to view that custom field.
Description
• Activity trails
• Config Tool • Security Desk • Web Client
Restrict the search to entries that contain this text string.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
Select the camera to investigate.
Restrict the search to certain cardholders. NOTE If you only select the All cardholders
cardholder group in the Cardholder activities task, federated cardholders are not included. This is because All cardholders is a local cardholder group that only covers local cardholders.
714
Query filters
Associated application
Query filter
Associated reports
Devices
• IO configuration
• Config Tool • Security Desk
Select the devices to investigate.
Doors
• Door activities
• Security Desk • Web Client
Select the doors to investigate.
Doors - Areas Elevators
• Cardholder access rights • Cardholder activities • Credential activities • Visitor activities
• Config Tool • Security Desk • Web Client
Restrict the search to activities that took place at certain doors, areas, and elevators.
Door side
• Door activities
• Security Desk
Door sides are named A and B by default, but your administrator could have given them different names. This filter allows you to search by door side.
Elevators
• Elevator activities
• Security Desk
Select the elevators to investigate.
Entities
• Audit trails
• Config Tool • Security Desk • Web Client
Select the entities you want to investigate. You can filter the entities by name and by type.
Expiration date
• Visit details
• Security Desk • Web Client
Time the visitor’s profile expired.
Events
• Access control unit events • Activity trails • Archiver events • Area activities • Camera events • Cardholder activities • Credential activities • Door activities • Elevator activities • Intrusion detection area activities • Intrusion detection unit events • Visitor activities • Zone activities
• Config Tool • Security Desk • Web Client
Select the events of interest. The event types available depend on the task you are using.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
715
Query filters
Associated application
Query filter
Associated reports
Event timestamp
• Access control health history • Access control unit events • Activity trails • Archiver events • Archive storage details • Area activities • Camera events • Cardholder activities • Credential activities • Door activities • Elevator activities • Health history • Health statistics • Hits • Intrusion detection area activities • Intrusion detection unit events • Zone activities
• Config Tool • Security Desk • Web Client
Define the time range for the query. For more information, see.
First name
• Visit details
• Security Desk • Web Client
Visitor’s first name.
Health event
• Health history
• Config Tool • Security Desk • Web Client
Name of the health event.
Health severity
• Health history
• Config Tool • Security Desk • Web Client
Severity level of the health event: • Information • Warning • Error
Hit rules
• • • • •
• Security Desk • Web Client
Select the hit rules to include in the report.
Hits Reads Reads/hits per day Reads/hits per zone Zone occupancy
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
716
Query filters
Associated application
Query filter
Associated reports
Hit type
• Hits • Reads/hits per day • Reads/hits per zone
• Security Desk
Select the type of hits to include in the report: Permit, Shared permit, Overtime, and Hotlist.
Impacted
• Activity trails
• Config Tool • Security Desk • Web Client
The entities that were impacted by this activity.
Incident time
• Incidents
• Security Desk
Incidents reported within the specified time range. The incident time corresponds to the event or alarm timestamp the incident refers to. If the incident does not refer to any event or alarm, then the incident time corresponds to the creation time.
Initiator
• Activity trails
• Config Tool • Security Desk • Web Client
User responsible for the activity.
Intrusion detection areas
• Intrusion detection area activities
• Security Desk • Web Client
Select the intrusion detection areas to investigate.
Intrusion detection units
• Intrusion detection unit events
• Security Desk
Select the intrusion detection units to investigate.
Investigated by
• Alarm report
• Security Desk
Which user put the alarm into the under investigation state.
Investigated on
• Alarm report
• Security Desk
Specify a time range when the alarm was put into the under investigation state.
Last name
• Visit details
• Security Desk • Web Client
Visitor’s last name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
717
Query filters
Associated application
Query filter
Associated reports
License plate
• Hits • Inventory report • Reads
• Security Desk • Web Client
Enter a Full or Partial license plate number. If you choose Partial, a search for “AB” returns plates that have “AB” anywhere in the license plate number. If you choose Full, you can enter the full license plate number, or you can use the following wildcard characters: • Asterisk (*). Represents any number of unknown characters. Use it when searching for documents or files for which you have only partial names. For example, if you enter “ABC*” as your search term, the search might return “ABC123”, “ABC5”, “ABC002”, and so on. If you enter “*XYZ”, the search might return “1XYZ”, “245XYZ”, “00XYZ”, and so on. • Question mark (?). Represents only one unknown character. Use it when you have a list of files with very similar names, or when you are unsure of a few characters. For example, if you enter “ABC12?” as your search term, the search might return “ABC123”, “ABC127”, “ABC12P”, and so on. The question mark only covers one character, but you can enter as many question marks in a search string as you want. You can use the asterisk and the question mark anywhere in a search, and you can also use them together. NOTE License plate search does not support fuzzy matching. For example, if you are searching for a plate with ABC characters, Security Center only finds plates with the ABC characters. It does not find plates numbers with the characters A8C, ABO, or 4BC.
Location
• Inventory report • IO configuration
• Config Tool • Security Desk
• In the Inventory report task: Specify the location in the parking facility you want to view. You can select the entire facility, or specify the sectors and rows within the facility. • In the IO configuration task: Specify the areas where the devices are located.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
718
Query filters
Query filter
Associated reports
LPR units Patrollers
• • • •
Machine
Hits Reads Reads/hits per day Reads/hits per zone
Associated application
Description
• Security Desk • Web Client
Restrict the search to Patroller units (including all their fitted LPR units) and/or LPR units representing fixed Sharp cameras on the Patroller unit.
• Health history
• Config Tool • Security Desk • Web Client
Select a computer that was having health issues to investigate.
Message
• Bookmarks
• Security Desk
Enter any text you want to find in the bookmark. A blank string finds all the bookmarks.
Modified by
• Audit trails
• Config Tool • Security Desk • Web Client
User responsible for the entity modification.
Modification time
• Audit trails • Incidents
• Config Tool • Security Desk • Web Client
• In the Audit trails task: Entities modified within the specified time range. • In the Incidents task: Incidents modified within the specified time range.
Notes
• Incidents
• Security Desk
Enter text to find incidents with a description starting or containing the specified text.
Offload timestamp
• Hits • Reads
• Security Desk • Web Client
The date and time that the Patroller offloaded the reads/hits to Security Center. For more information, see.
Overtime and permit restriction
• Zone occupancy
• Security Desk
(For University Parking Enforcement only) For University Parking Enforcement, both rules have parking lots configured and each parking lot can be defined in terms of a number of parking spaces. This allows the occupancy to be estimated.
Patrollers
• Daily usage per Patroller • Logons per Patroller • Zone occupancy
• Security Desk • Web Client
Restrict the search to Patroller units (including all their fitted LPR units).
Printing users
• Credential request history
• Security Desk
Restrict the search to specific users that printed a badge.
References
• Incidents
• Security Desk
Incidents referencing all the selected entities.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
719
Query filters
Associated application
Query filter
Associated reports
Region
• Hits • Reads
• Security Desk
Specify one or more geographic regions on the map.
Reject reason
• Hits • Reads/hits per day • Reads/hits per zone
• Security Desk • Web Client
Reason selected by the Patroller user when rejecting a hit. Reject reasons are created and customized in Config Tool. NOTE This filter only affects the value in the Rejected hits column.
Requesting users
• Credential request history
• Security Desk
Restrict the search to specific users that requested to print a badge.
Rule
• Reads
• Security Desk • Web Client
Hit rule that matched the plate read.
Source (entity)
• Access control health history • Alarm report • Health history • Health statistics • Inventory report
• Config Tool • Security Desk • Web Client
Source entity of the event. In the Alarm report task, this filter represents the source entity that triggered the alarm in the case of an event-to-action, or the user who triggered the alarm manually.
Source group
• Hardware inventory • Health history • Health statistics
• Config Tool • Security Desk • Web Client
Source entity type of the event.
State
• Alarm report
• Security Desk • Web Client
Current state of the alarm. • Active. Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane. • Acknowledged. Alarm was acknowledged by a user, or auto-acknowledged by the system. • Under investigation. Alarm with an acknowledgement condition that is still active was put under investigation. • Acknowledgement required. Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
720
Query filters
Associated application
Query filter
Associated reports
Status
• Cardholder configuration • Credential configuration • Visit details
• Config Tool • Security Desk • Web Client
The status of the cardholder or visitor’s profile: • Active • Expired • Inactive In the Credential configuration task, the following statuses are also available: • Lost • Stolen
• Archive storage details
• Config Tool • Security Desk
Select the video file status you want to investigate: • Unprotected. Video files that are not protected against the Archiver’s routine cleanup. These files can be deleted once their retention period expires, or when the Archiver runs out of disk space, depending on your Archiver role settings. • Protection ending. Video files that you unprotected less than 24 hours ago. • Protected. Video files that are protected. They are not be deleted even when the disk is full. For these files, you can also specify a protection end date.
Time range
• Bookmarks • Daily usage per Patroller • Forensic search • Logons per Patroller • Reads/hits per day • Reads/hits per zone • Time and attendance • Zone occupancy
• Security Desk
The time range for the report. For more information, see.
Triggered on
• Alarm report
• Security Desk • Web Client
Alarm trigger time range.
Triggering event
• Alarm report
• Security Desk • Web Client
Events used to trigger the alarm.
Units
• Hardware inventory
• Config Tool • Security Desk
Select the access control, video, intrusion detection, and LPR units to investigate.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
721
Query filters
Associated application
Description
• Security Desk • Web Client
Select the Patroller user name, or the Patrollers’ parent user groups.
• Visitor activities
• Security Desk • Web Client
Select the visitors to investigate.
• Zone activities
• Security Desk • Web Client
Select the zones to investigate.
Query filter
Associated reports
Users
• • • • •
Visitor
Zones
Hits Logons per Patroller Reads Reads/hits per day Reads/hits per zone
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
722
Report pane columns
Report pane columns The results of your investigation or maintenance query are listed in the report pane. You can choose what information to view by showing or hiding columns in the report pane. This section lists the columns available for each reporting task. This list is organized alphabetically by column. Column
Associated reports
Associated application
Accept reasons
• Hits
• Security Desk
Reason selected by the Patroller user when enforcing a hit. Accept reasons are created and customized in Config Tool.
Access point
• Access rule configuration • Cardholder activities • Credential activities • IO configuration • Visitor activities
• Config Tool • Security Desk • Web Client
Access point involved (only applicable to areas, doors, and elevators).
Access Manager
• IO configuration
• Config Tool • Security Desk
Access Manager controlling the unit.
Access rules
• Access rule configuration
• Config Tool • Security Desk
Name of the access rule.
Acknowledged by
• Alarm report
• Security Desk • Web Client
User who acknowledged the alarm. When the alarm is acknowledge automatically by the system, Service is indicated.
Acknowledged on
• Alarm report
• Security Desk • Web Client
Time the alarm was acknowledged.
Action
• Inventory report
• Security Desk
The change in the vehicle state: added, removed, or no change.
Activation date
• Visit details
• Security Desk • Web Client
Time the visitor’s profile was activated.
Activity name
• Activity trails • Credential request history
• Config Tool • Security Desk • Web Client
Type of activity.
Address
• Hits • Reads
• Security Desk • Web Client
Location of the LPR read.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
723
Report pane columns
Column
Associated reports
Associated application
Alarm
• Alarm monitoring • Alarm report
• Security Desk • Web Client
Alarm entity name.
Algorithm ID
• Forensic search
• Security Desk
Bosch forensic value. For more information, see the manufacturer documentation.
Annotation fields
• Hits
• Security Desk • Web Client
Any annotation field defined in System > LPR Settings in the Config Tool. Shown in brackets. For information about creating and configuring annotation fields, see the AutoVu Handbook.
Archiver
• Camera events
• Security Desk
Archiver role name.
Area
• Area activities • Area presence • Time and attendance
• Security Desk • Web Client
Area name.
Arrival
• Inventory report
• Security Desk
The first time the vehicle was read. This is used to calculate the elapsed time if a vehicle is read a second time, for example the next day.
Availability
• Health statistics
• Config Tool • Security Desk • Web Client
The percentage of time available for a given entity.
Calculation status
• Health statistics
• Config Tool • Security Desk • Web Client
If health statistics area unavailable, the reason is shown here.
Camera
• Archives • Archive storage details • Bookmarks • Camera events • Forensic search • Motion search
• Config Tool • Security Desk
Camera name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
724
Report pane columns
Associated application
Column
Associated reports
Card format
• • • •
Area activities Cardholder activities Credential activities Credential configuration • Door activities • Elevator activities • Visitor activities
• Config Tool • Security Desk • Web Client
Cardholder
• Area activities • Area presence • Cardholder access rights • Cardholder activities • Cardholder configuration • Credential activities • Credential configuration • Door activities • Door troubleshooter • Elevator activities • Visitor activities
• Config Tool • Security Desk • Web Client
Cardholder activation date
• Cardholder configuration
• Config Tool • Security Desk • Web Client
Time the cardholder’s profile was activated.
Cardholder expiration date
• Cardholder configuration
• Config Tool • Security Desk • Web Client
Time the cardholder’s profile expired.
Cardholder status
• Cardholder configuration • Credential configuration
• Config Tool • Security Desk • Web Client
The cardholder’s profile status.
Check-in date
• Visit details
• Security Desk • Web Client
Time the visitor was checked in (can correspond to the arrival time).
Check-out date
• Visit details
• Security Desk • Web Client
Time the visitor was checked out (can correspond to the departure time).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
Credential card format.
Cardholder entity name. NOTE Format is First name + Last name for
European languages, and Last name + First name for Asian languages.
725
Report pane columns
Associated application
Description
• Hits • Reads • Inventory report
• Security Desk • Web Client
Wide angle color image of the vehicle captured by the context camera.
Controlling
• IO configuration
• Config Tool • Security Desk
Door controlled by the device.
Created by
• Incidents
• Security Desk
User who originally reported the incident.
Creation time
• Incidents
• Security Desk
Time the incident was reported.
Credential
• • • •
Area activities Cardholder activities Credential activities Credential configuration • Credential request history • Door activities • Elevator activities
• Config Tool • Security Desk • Web Client
Credential name used by the cardholder.
Credential activation date
• Credential configuration
• Config Tool • Security Desk
Time the cardholder’s credential was activated.
Credential code
• • • •
Area activities Cardholder activities Credential activities Credential configuration • Door activities • Elevator activities • Visitor activities
• Config Tool • Security Desk • Web Client
Facility code and card number.
Credential expiration date
• Credential configuration
• Config Tool • Security Desk
Time the cardholder’s credential expired.
Credential status
• Credential configuration
• Config Tool • Security Desk
The status of the credential.
Custom fields
• Most reports
• Config Tool • Security Desk • Web Client
If custom fields are defined for the entity you are investigating, they can be included in the report. NOTE You might not see the custom fields filter, depending on whether your user is configured to view that custom field.
Column
Associated reports
Context image
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
726
Report pane columns
Associated application
Column
Associated reports
Date
• Time and attendance • Daily usage per Patroller • Logons per Patroller • Reads/hits per day
• Security Desk • Web Client
The date. For Daily usage per Patroller and Logons per Patroller tasks, this column represents the day of the Patroller shift.
Date/time queued
• Credential request history
• Security Desk
The date and time that the badge printing job was requested.
Denied access by
• Cardholder access rights
• Config Tool • Security Desk
Access rules denying access to at least one of the selected entities to the cardholder.
Description
• • • • •
• Config Tool • Security Desk • Web Client
Event description. In the Activity trails task, this column represents the activity description. In the Audit trails task, this column represents the description of the entity modification.
Device
• Access control health history • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hits • Intrusion detection area activities • Intrusion detection unit events • IO configuration • Reads • Visitor activities
• Config Tool • Security Desk • Web Client
Device involved on the unit (reader, REX input, IO module, Strike relay, etc.). NOTE In the Intrusion detection activities task, this column is empty if the event is an input bypass.
Door
• Door activities
• Security Desk • Web Client
Door name.
Drive
• Archive storage details
• Config Tool • Security Desk
The drive on the server where the Archiver role is running.
Edited
• Inventory report
• Security Desk
Vehicle license plate and state were edited by a user in Security Desk.
Camera events Activity trails Archiver events Audit trails Health history
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
727
Report pane columns
Column
Associated reports
Associated application
Elapsed time
• Inventory report
• Security Desk
The difference between the Arrival time and the Event timestamp.
Elevator
• Elevator activities
• Security Desk
Elevator name.
Email address
• • • •
• Config Tool • Security Desk • Web Client
Cardholder’s email address.
• • • • •
Area activities Area presence Cardholder activities Cardholder configuration Credential activities Credential configuration Door activities Elevator activities Visitor activities
Description
End time
• Archives • Archive storage details • Forensic search • Motion search
• Config Tool • Security Desk
End of the time range, playback sequence, or video sequence.
Enforced hits
• Reads/hits per day • Reads/hits per zone
• Security Desk • Web Client
Number of enforced hits.
Entity
• Audit trails
• Config Tool • Security Desk • Web Client
Name of the entity affected by the modification.
Entity type
• Audit trails
• Config Tool • Security Desk • Web Client
Type of entity affected by the modification.
Error number
• Health history
• Config Tool • Security Desk
Identification number of the health error.
Expected downtime
• Health statistics
• Config Tool • Security Desk • Web Client
How many days/hours/minutes the entity has been offline or unavailable through user intent or Maintenance mode. For example, deactivating a server role, or disconnecting a client application causes expected down-time. Expected down-time is never used in the Availability percentage calculation.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
728
Report pane columns
Associated application
Column
Associated reports
Expiration date
• Visit details
• Security Desk • Web Client
Time the cardholder or visitor’s profile expired.
External instance ID
• Alarm report
• Security Desk • Web Client
Only for federated alarms. The original alarm instance ID on the federated system.
Event
• Access control health history • Access control unit events • Archiver events • Area activities • Camera events • Cardholder activities • Credential activities • Door activities • Elevator activities • Forensic search • Incidents • Intrusion detection area activities • Intrusion detection unit events • Visitor activities • Zone activities
• Config Tool • Security Desk • Web Client
Event name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
729
Report pane columns
Associated application
Column
Associated reports
Event timestamp
• Access control health history • Access control unit events • Activity trails • Archiver events • Area activities • Bookmarks • Camera events • Cardholder activities • Credential activities • Door activities • Elevator activities • Health history • Hits • Intrusion detection area activities • Intrusion detection unit events • Inventory report • Reads • Visitor activities • Zone activities
• Config Tool • Security Desk • Web Client
Date and time that the event occurred.
Event type
• Forensic search
• Security Desk
Bosch forensic value. For more information, see the manufacturer documentation.
Failures
• Health statistics
• Config Tool • Security Desk • Web Client
How many failures have occurred.
File name
• Archive storage details
• Config Tool • Security Desk
Name of the video file.
File size
• Archive storage details
• Config Tool • Security Desk
Size of the video file.
Firmware version
• Access control health history • Hardware inventory
• Config Tool • Security Desk
Firmware version installed on the unit that generated the event.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
730
Report pane columns
Associated application
Column
Associated reports
Description
First name
• Area activities • Area presence • Cardholder access rights • Cardholder activities • Cardholder configuration • Credential activities • Credential configuration • Credential request history • Door activities • Door troubleshooter • Elevator activities • Time and attendance • Visit details • Visitor activities
• Config Tool • Security Desk • Web Client
Cardholder or visitor’s first name.
Floor
• Elevator activities
• Security Desk
Elevator floor name.
From/to
• Zone occupancy
• Security Desk
Date and timestamp of read vehicles within the zone.
Granted access by
• Cardholder access rights
• Config Tool • Security Desk
Access rules granting the cardholder access to at least one of the selected entities (area, door, etc.).
Health event
• Health history
• Config Tool • Security Desk • Web Client
Name of the health event.
Hits
• Reads/hits per day • Reads/hits per zone
• Security Desk • Web Client
Number of hits. NOTE If the Hit rules and Hit type query filters
are used, this value might not be the total number of hits in the day. Icon
• Access rule configuration
• Config Tool • Security Desk
Graphical representation of the affected entity type.
ID
• Alarm monitoring • Alarm report
• Security Desk • Web Client
Alarm instance number. Uniquely identifies each alarm instance.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
731
Report pane columns
Associated application
Column
Associated reports
Impacted entity
• Activity trails
• Config Tool • Security Desk • Web Client
Which entities were impacted by this activity.
Impacted entity type
• Activity trails
• Config Tool • Security Desk • Web Client
The type of entity impacted by this activity.
Incident time
• Incidents
• Security Desk
The timestamp of the referenced alarm or event. If no event is referenced, it corresponds to the incident creation time.
Initiator
• Activity trails • Audit trails
• Config Tool • Security Desk • Web Client
• In the Activity trails task: Who performed the activity. • In the Audit trails task: Who made entity modification.
Initiator application
• Activity trails • Audit trails
• Config Tool • Security Desk • Web Client
• In the Activity trails task: The application used for this activity. • In the Audit trails task: The application used to make the change.
Initiator application version
• Activity trails • Audit trails
• Config Tool • Security Desk • Web Client
The version number of the application. This field is empty if the activity is initiated by a role entity.
Initiator machine
• Activity trails • Audit trails
• Config Tool • Security Desk • Web Client
• In the Activity trails task: Which computer the activity was performed on. • In the Audit trails task: The computer used to make the change. NOTE If the entity change was initiated from a Mobile app, this column represents the phone identification number (for example, a serial number).
Initiator type
• Activity trails • Audit trails
• Config Tool • Security Desk • Web Client
• In the Activity trails task: The type of entity that initiated the activity. • In the Audit trails task: The type of entity initiating the entity modifications.
Instances
• Daily usage per Patroller
• Security Desk • Web Client
Total number of times the Patroller application is opened during the day.
Intrusion detection area
• Intrusion detection area activities
• Security Desk • Web Client
Intrusion detection area name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
732
Report pane columns
Associated application
Column
Associated reports
Intrusion detection unit
• Intrusion detection area activities • Intrusion detection unit events
• Security Desk • Web Client
Intrusion detection unit involved.
Investigated by
• Alarm report
• Security Desk
Which user put the alarm into the under investigation state.
Investigated on
• Alarm report
• Security Desk
The timestamp when the alarm was put into the under investigation state.
IP address
• Access control health history • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hardware inventory • Health history • IO configuration • Visitor activities
• Config Tool • Security Desk • Web Client
IP address of the unit or computer that generated the event.
Last access
• Area presence
• Security Desk • Web Client
Time the cardholder entered the area.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
733
Report pane columns
Associated application
Column
Associated reports
Last name
• Area activities • Area presence • Cardholder access rights • Cardholder activities • Cardholder configuration • Credential activities • Credential configuration • Credential request history • Door activities • Door troubleshooter • Elevator activities • Time and attendance • Visit details • Visitor activities
• Config Tool • Security Desk • Web Client
Cardholder or visitor’s last name.
Latitude
• Hits • Reads
• Security Desk
The coordinates of where the LPR event occurred.
Length
• Archive storage details
• Config Tool • Security Desk
Length of the video sequence contained in the video file, in hours, minutes, and seconds.
Location
• Cardholder activities • Credential activities • Visitor activities
• Security Desk • Web Client
Location (area) where the activity took place.
Log on/Log off
• Logons per Patroller
• Security Desk • Web Client
Log on and log off timestamp.
Longest shutdown (%)
• Daily usage per Patroller
• Security Desk • Web Client
Percentage of Longest shutdown over the total number of minutes in a day.
Longest shutdown (min.)
• Daily usage per Patroller
• Security Desk • Web Client
Single longest number of minutes in a day that the Patroller application is closed.
Longest stop (%)
• Daily usage per Patroller
• Security Desk • Web Client
Percentage of longest stop time over operating time.
Longest stop (min.)
• Daily usage per Patroller
• Security Desk • Web Client
Single longest number of minutes in operating time when the vehicle is stationary.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
734
Report pane columns
Associated application
Column
Associated reports
Longitude
• Hits • Reads
• Security Desk
The coordinates of where the LPR event occurred.
Lot
• Reads • Zone occupancy
• Security Desk
Parking zone where a given parking regulation is in force.
Machine
• Health history
• Config Tool • Security Desk • Web Client
Computer where the health event occurred.
Manual capture
• Reads • Inventory report
• Security Desk • Web Client
Displays the plate number entered manually by the Patroller user.
Manually removed
• Inventory report
• Security Desk
Vehicle was removed manually (towed) from the parking facility.
Manufacturer
• Access control health history • Hardware inventory • IO configuration
• Config Tool • Security Desk
Manufacturer of the unit.
Member
• Access rule configuration
• Config Tool • Security Desk
Name of the affected entity.
Member of
• Cardholder access rights • Cardholder configuration
• Config Tool • Security Desk
All groups the cardholder belongs to.
Message
• Bookmarks
• Security Desk
Bookmark message (might be blank if no message was written).
Model
• Hardware inventory
• Config Tool • Security Desk
Model of the unit involved.
Modification time
• Audit trails • Incidents
• Config Tool • Security Desk • Web Client
• In the Audit trails task: Time the entity was last modified. • In the Incidents task: Time the incident was last modified.
Modified by
• Incidents
• Security Desk
User who last modified the incident.
MTBF
• Health statistics
• Config Tool • Security Desk • Web Client
Mean time between failures (in hours).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
735
Report pane columns
Associated application
Column
Associated reports
MTTR
• Health statistics
• Config Tool • Security Desk • Web Client
Mean time to recovery (in hours).
Not enforced hits
• Reads/hits per day • Reads/hits per zone
• Security Desk • Web Client
Number of hits that were not enforced.
Notes
• Incidents
• Security Desk
Incident description. Point to this field to see the formatted text in a tooltip.
Occurrence count
• Health history
• Config Tool • Security Desk • Web Client
Number of times this health event occurred on the selected entity.
Occurrence period
• Access control unit events • Alarm monitoring • Alarm report • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Intrusion detection area activities • Intrusion detection unit events • Visitor activities • Zone activities
• Security Desk • Web Client
Period when the event occurred.
Offload timestamp
• Hits • Reads
• Security Desk • Web Client
The date and time that the Patroller offloaded the reads/hits to Security Center.
Operating time
• Daily usage per Patroller
• Security Desk • Web Client
Total number of minutes in a day that the Patroller application is open.
Parking
• Inventory report
• Security Desk
Parking facility name.
Password
• Hardware inventory
• Config Tool • Security Desk
Strength of the password on the unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
736
Report pane columns
Associated application
Column
Associated reports
Patroller
• Hits • Reads • Inventory report
• Security Desk • Web Client
Patroller entity name. The Patroller entity name field is not populated for fixed Sharp cameras. In the Inventory report task, this column represents the Patroller entity that read the plate. If a handheld device was used, XML import is shown instead.
Percentage occupancy
• Zone occupancy
• Security Desk
Percentage of occupied places within the parking zone.
Permit name
• Reads
• Security Desk
Name of the permit list under the permit restriction.
Physical address
• Hardware inventory • Health history
• Config Tool • Security Desk
The MAC address of the equipment's network interface.
Physical name
• IO configuration
• Config Tool • Security Desk
Device name.
Picture
• Area activities • Area presence • Cardholder access rights • Cardholder activities • Cardholder configuration • Credential activities • Credential configuration • Credential request history • Door activities • Door troubleshooter • Elevator activities • Time and attendance • Visit details • Visitor activities
• Config Tool • Security Desk • Web Client
Cardholder or visitor’s picture.
PIN
• Credential configuration
• Config Tool • Security Desk
Credential PIN.
Plate image
• Hits • Reads • Inventory report
• Security Desk • Web Client
License plate image captured by the LPR camera.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
737
Report pane columns
Associated application
Column
Associated reports
Plate origin
• Hits • Reads • Inventory report
• Security Desk • Web Client
State that issued the license plate.
Plate read
• Hits • Reads • Inventory report
• Security Desk • Web Client
The license plate read generated by the Sharp unit.
Preview
• Archives
• Security Desk
Timeline showing where video is available during the selected time range.
Print reason
• Credential request history
• Security Desk
Reason why the badge printing job was requested.
Priority
• Alarm monitoring • Alarm report
• Security Desk • Web Client
Alarm priority. NOTE All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool.
Protected
• Hits • Reads
• Security Desk • Web Client
Record is not purged from the database of its parent AutoVu LPR Manager ES when the Hit Retention period (for this record) expires.
Protection status
• Archive storage details
• Config Tool • Security Desk
Protection status of the video file.
Reads
• Reads/hits per day • Reads/hits per zone
• Security Desk • Web Client
Number of license plate reads.
References
• Incidents
• Security Desk
List of entities referenced by the incident.
Reject reason
• Hits
• Security Desk • Web Client
Reason selected by the Patroller user when rejecting a hit.
Rejected hits
• Reads/hits per day • Reads/hits per zone
• Security Desk • Web Client
Number of hits that were rejected.
Requester email
• Credential request history
• Security Desk
Email address of the user who requested the badge printing job.
Role
• Hardware inventory
• Config Tool • Security Desk
Role type that manages the selected unit.
Row
• Inventory report
• Security Desk
Row name.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
738
Report pane columns
Associated application
Column
Associated reports
RTP packet lost high
• Health statistics
• Config Tool • Security Desk • Web Client
The number of Real-time Transport Protocol packets lost.
Rule
• Hits • Reads
• Security Desk • Web Client
Hit rule that matched the plate read.
Sector
• Inventory report
• Security Desk
Sector name.
Severity
• Health history
• Config Tool • Security Desk • Web Client
Severity level of the health event: • Information • Warning • Error
Side
• Door activities
• Security Desk • Web Client
Door side name.
Side-Direction
• Area activities
• Security Desk • Web Client
Entrance or exit.
Source (entity)
• Access control health history • Alarm monitoring • Alarm report • Archiver events • Archive storage details • Bookmarks • Health history • Health statistics • Incidents • Motion search
• Config Tool • Security Desk • Web Client
Source entity associated to the alarm or event. • In the Alarm monitoring and Alarm report tasks, this column represents the source entity that triggered the alarm, when the alarm is triggered by an event-to-action. It shows a username when the alarm is triggered manually. • In the video investigation tasks, this column represents the name of the system the camera belongs to. • In the Incidents task, this column is empty if the incident is not based on an alarm or event.
Source time
• Alarm monitoring • Alarm report
• Security Desk • Web Client
Time of the alarm triggering event. The only time Source time and Triggering time are different is when the event occurred while the access control unit was offline.
Spaces
• Zone occupancy
• Security Desk
Number of spaces in the parking lot.
Start time
• Archives • Archive storage details • Forensic search • Motion search
• Config Tool • Security Desk
Beginning of the time range, playback sequence, or video sequence.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
739
Report pane columns
Column
Associated reports
Associated application
State
• Alarm monitoring • Alarm report
• Security Desk • Web Client
Current state of the alarm. • Active. Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane. • Acknowledged (Default). Alarm was acknowledged using the default mode. • Acknowledged (Alternate). Alarm was acknowledged using the alternate mode. • Acknowledged (Forcibly). Alarm was forced to be acknowledged by an administrator. • Under investigation. Alarm with an acknowledgement condition that is still active was put under investigation. • Acknowledgement required. Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.
Supplemental credential
• • • • • •
• Security Desk • Web Client
A second credential is sometimes necessary. For example, when both a card and a PIN are required to access a door or elevator.
Thumbnails
• Archives • Bookmarks
• Security Desk
Thumbnail images of the recorded video during the selected time range.
Time zone
• Access control health history • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hardware inventory • Visitor activities
• Config Tool • Security Desk • Web Client
Time zone of the unit.
To/from
• Zone occupancy
• Security Desk
Date and timestamp of read vehicles within the zone.
Total shutdown (%)
• Daily usage per Patroller
• Security Desk • Web Client
Percentage of Total shutdown over the number of minutes in a day.
Area activities Cardholder activities Credential activities Door activities Elevator activities Visitor activities
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
740
Report pane columns
Column
Associated reports
Associated application
Total shutdown (min.)
• Daily usage per Patroller
• Security Desk • Web Client
Total number of minutes in a day that the Patroller application is closed. The total shutdown value plus the operating time value equals 1440 minutes.
Total stop (%)
• Daily usage per Patroller
• Security Desk • Web Client
Percentage of total stop time over operating time.
Total stop (min.)
• Daily usage per Patroller
• Security Desk • Web Client
Total number of minutes in operating time when the vehicle is stationary.
Total time
• Time and attendance
• Security Desk
Total time spent in that area on that date by the cardholder.
Track ID
• Forensic search
• Security Desk
Bosch forensic value. For more information, see the manufacturer documentation.
Triggering event
• Alarm monitoring • Alarm report
• Security Desk • Web Client
Event that triggered the alarm (if triggered through an event-to-action). Manual action is indicated when the alarm was manually triggered by a user.
Trigger time
• Alarm monitoring • Alarm report
• Security Desk • Web Client
Time the alarm was triggered in Security Center
Type
• Access rule configuration
• Config Tool • Security Desk
Affected entity type.
Unexpected downtime
• Health statistics
• Config Tool • Security Desk • Web Client
How many days/hours/minutes the entity has been offline or unavailable after not having been set in Maintenance mode. Unexpected down-time is not caused by user intent.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
741
Report pane columns
Associated application
Column
Associated reports
Unit
• Access control health history • Access control unit events • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hardware inventory • Hits • IO configuration • Reads • Visitor activities
• Config Tool • Security Desk • Web Client
Access control, video, intrusion detection, or LPR unit involved. NOTE In the Hits and Reads tasks, this query filter represents the LPR unit that read the plate and populated for a Patroller (for example, Patroller - Left, Patroller - Right, etc.), and for a fixed Sharp.
Unit type
• Access control health history • Access control unit events • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hardware inventory • IO configuration • Visitor activities
• Config Tool • Security Desk • Web Client
Type or model of unit involved.
Up-time
• Health statistics
• Config Tool • Security Desk • Web Client
How many days/hours/minutes the entity has been online and available.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
742
Report pane columns
Associated application
Column
Associated reports
User
• Credential request history • Hits • Intrusion detection area activities • Intrusion detection unit events • Logons per Patroller
• Security Desk • Web Client
Name of the user who triggered the event. The user name is empty if the event was not triggered from Security Desk. NOTE For the Hits and Logons per Patroller tasks, this query filter represents the Patroller user name.
• Hardware inventory report
• Config Tool • Security Desk
The user name used to connect to the unit.
Vehicles
• Zone occupancy
• Security Desk
Number of vehicles that were read within the zone.
Weekday
• Time and attendance
• Security Desk
Weekday corresponding to the date (see Date).
Wheel image
• Hits • Reads
• Security Desk
Image of the vehicle wheels. Used for virtual tire-chalking.
Zone
• Reads/hits per zone • Zone activities • Zone occupancy
• Security Desk • Web Client
Zone name. In the Reads/hits per zone task, this column represents the parking zone where the LPR event occurred. In the Zone occupancy task, this column represents the name of the Overtime or Permit restriction.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Description
743
19 Events and actions in Security Center This section lists all Security Center events and actions in alphabetical order. Each event and action is covered with a general description of its purpose and usage, and describes the entity it is associated with. This section includes the following topics:
• "Event types" on page 745 • "Action types" on page 758
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
744
Event types
Event types All events in Security Center are associated with a source entity, which is the main focus of the event. For more information, see "What is an event?" on page 106. Security Center supports the following event types: Event
Source entity
Description
A door of an interlock has an unlock schedule configured
door
A door that is part of an interlock configuration has an unlock schedule configured. This invalidates the interlock.
A door of an interlock is in maintenance mode
door
A door that is part of an interlock configuration is in maintenance mode. This disables the interlock.
Ability to write on a drive has been restored
Archiver role
Ability to write on a drive has been restored.
AC fail
access control unit
AC has failed.
Access denied: Antipassback violation
cardholder, door, elevator, or area
A cardholder requested access to an area that they have already entered, or requested access to leave an area that they were never in.
Access denied: Denied by access rule
cardholder, door, elevator, or area
The cardholder is denied access according to the access rule.
Access denied: Expired credential
cardholder, door, elevator, or area
An expired credential has been used.
Access denied: Inactive cardholder
cardholder, door, elevator, or area
A cardholder with an inactive profile has attempted to access a door or area.
Access denied: Inactive credential
cardholder, door, elevator, or area
A credential with an inactive profile has been used.
Access denied: Insufficient privileges
cardholder, door, elevator, or area
The cardholder is denied access because they do not have the required user level. This event only applies to the Synergis Master Controller.
Access denied: Invalid PIN
cardholder, door, elevator, or area
A card and PIN are required to enter an area, and the cardholder entered an invalid PIN.
Access denied: Lost credential
cardholder, door, elevator, or area
A credential that has been declared as lost has been used.
Access denied: No access rule assigned
cardholder, door, elevator, or area
The cardholder is denied access because they are not assigned any access rights.
Access denied: Out of schedule
cardholder, door, elevator, or area
The access rule associated with this cardholder does not apply during this date/time in the schedule.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
745
Event types
Event
Source entity
Description
Access denied: Stolen credential
cardholder, door, elevator, or area
A credential that has been declared as stolen has been used.
Access denied: Unassigned credential
cardholder, door, elevator, or area
A credential has been used that has not been assigned to a cardholder.
Access denied: Unknown credential
cardholder, door, elevator, or area
A credential has been used that is unknown in the Security Center system.
Access granted
cardholder, door, elevator, or area
Access has been granted through a door to a cardholder according to the access rules governing the door or area. For a perimeter door of an interlock: When an authorized cardholder accesses a door of an interlock, Security Center might generate an Access granted event for the door even though the door does not unlock (due to another perimeter door already being open).
Alarm acknowledged
alarm or system-wide
An alarm has been acknowledged by a user, or autoacknowledged by the system.
Alarm acknowledged (alternate)
alarm or system-wide
An alarm has been acknowledged by a user using the alternate mode.
Alarm being investigated
alarm or system-wide
An alarm with a acknowledgement condition that is still active has been put into the under investigation state.
Alarm condition cleared
alarm or system-wide
The acknowledgement condition of an alarm has been cleared.
Alarm forcibly acknowledged
alarm or system-wide
An administrative user has forced an alarm to be acknowledged.
Alarm triggered
alarm or system-wide
An alarm has been triggered.
An interlock cannot be in hard antipassback mode
area
An interlock cannot be in hard antipassback mode. This is an illegal configuration.
An interlock cannot have perimeter floors
area
An interlock cannot have perimeter floors, because elevator floors always allow free exit.
Antipassback disabled: Elevator on area perimeter
area
An elevator floor has been added to the perimeter of an area.
Antipassback disabled: Invalid settings
area
Antipassback disabled: Invalid settings.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
746
Event types
Event
Source entity
Description
Antipassback disabled: Not supported when unit is in mixed mode
area
Units have been set to mixed mode. Antipassback is available according to the unit’s operating mode. For more information about unit limitations, see the Security Center Release Notes.
Antipassback disabled: Unit is offline
area
At least one unit is in offline mode, disabling antipassback. Antipassback is available according to the unit’s operating mode. Refer to the Security Center Release Notes for more information about unit limitations.
Antipassback violation
area
An access request was made to enter an area with a credential that is already inside the area, or to exit an area with a credential that was never in the area.
Antipassback violation forgiven
area
A security operator has granted access to an individual responsible for a passback violation.
Application connected
application or external system
Directory or Access Manager has connected to the Security Center.
Application lost
application or external system
Directory or Access Manager service has been lost.
Archiving disk changed
Archiver role
The Allotted space on one of the disks assigned for archive storage for this Archiver has been used up, and the Archiver has switched to the next disk in line. The names of the previous disk and current disk are indicated in the Description field.
Archiving queue full
Archiver role
The Archiver is unable to write the video stream (packets) to disk as fast as the encoder sends it, or there is not enough CPU to process the video stream received from a camera. A problem with the Archiver database also triggers this event. The name of the camera whose packets are lost is indicated in the Description field.
Archiving stopped
Archiver role
Archiving has stopped because the disks allocated for archiving are full. This event always accompanies a Disks full event.
Audio alarm
camera
A noise has been detected by the camera.
Battery fail
access control unit
The unit battery has failed.
Block camera started
camera
A user has blocked a video stream from other users in the system.
Block camera stopped
camera
A user has unblocked a video stream from other users in the system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
747
Event types
Event
Source entity
Description
Camera not archiving
camera
The camera is on an active archiving schedule but the Archiver is not receiving the video stream.
Camera tampering
camera (video analytics)
A dysfunction has occurred, potentially due to camera tampering, resulting in a partial or complete obstruction of the camera view, a sudden change of the field of view, or a loss of focus.
Cannot write on the specified location
Archiver role
The Archiver cannot write to a specific drive. The path to the drive is indicated in the Description field.
Cannot write to any drive
Archiver role
The Archiver is unable to write to any of the disk drives. This situation can arise for the following reasons: When write accesses to shared drives are revoked. When shared drives are inaccessible. When shared drives no longer exist. When this happens, archiving is stopped. The Archiver re-evaluates the drive status every 30 seconds.
Client application rollback failed
application
Client application rollback failed.
Client application rollback succeeded
application
Client application rollback succeeded.
Client application update failed
application
Client application update failed.
Client application update succeeded
application
Client application update succeeded.
Custom event
system-wide
See System – General settings – "Custom events" on page 623.
Database lost
Any role
The connection to the role database was lost. If this event is related to a role database, it might be because the data server is down or cannot be reached by the role server. If the event is related to the Directory database, the only action you can use is Send an email, because all other actions require a working connection the Directory database.
Database recovered
Any role
The connection to the role database has been recovered.
Deadbolt locked
door, zone
The deadbolt on a door has been locked.
Deadbolt unlocked
door, zone
The deadbolt on a door has been unlocked.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
748
Event types
Event
Source entity
Description
Disk load is over 80%
Archiver role
More than 80% of the disk space allocated for archiving has been used, caused by under-evaluating the disk space required, or by another application that is taking more disk space than it should. If 100% of the allotted disk space is used, the Archiver starts to delete old archive files prematurely in order to free disk space for new archive files, starting with the oldest files.
Disks full
Archiver role
All disks allotted for archiving are full and the Archiver is unable to free disk space by deleting existing video files. This event can occur when another application has used up all the disk space reserved for Omnicast, or when the Delete oldest files when disks full option is not selected in the Server Admin. When this happens, archiving is stopped. The Archiver re-evaluates the disk space every 30 seconds.
Door closed
door
The door has closed.
Door forced open
door
The door has been forced open. This event is unavailable with a readerless door.
Door locked
door
The door has locked.
Door locked: Maintenance completed
door
The door has been taken out of maintenance mode. For more information, see Door - "Properties" on page 405.
Door manually unlocked
door
In Security Desk, a user has manually unlocked a door.
Door open too long
door
The door has been held open for too long. To enable this event, you must set the property “Trigger a ‘Door open too long’ event” in the Properties tab of a Door entity in Config Tool.
Door opened
door
The door has opened.
Door unlocked
door
The door has been unlocked.
Door unlocked: Maintenance started
door
The door has been put into maintenance mode. For more information, see Door - "Properties" on page 405.
Door warning: Unit is offline
door
The unit associated to this door has gone offline.
Doorknob in place
door
The doorknob is in place and the door is closed.
Doorknob rotated
door
The doorknob has rotated. Event related to a camera that is recording directly on the unit.
Edge storage medium failure Elevator warning: Unit is offline
elevator
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
The unit associated to this elevator has gone offline.
749
Event types
Event
Source entity
Description
Entity has expired
credential
A credential or its associated cardholder has expired (its status is now Expired).
Entity is expiring soon
credential
The Security Center generates this event to warn you that the expiry date of an entity is approaching. The number of days of advance warning provided by this event must be set.
Entity warning
system-wide
A health warning has been issued for this entity.
Entry assumed
cardholder, door, or area
A cardholder was granted access to a door, elevator, or area, and it is assumed that they entered.
Entry detected
cardholder, door, or area
A cardholder was granted access to a door, elevator, or area, and their entry is detected.
File deleted
camera
A video file associated to a camera has been deleted because the retention period has ended, or the archive storage disk was full.
First person in
area
A cardholder has entered an empty area.
Floor accessed
elevator or area
An elevator floor button has been pressed.
Glass break
input/zone
Glass has broken.
Hardware tamper
elevator or door
The tamper input on a unit has been triggered.
Health event
Health monitor role
A health event has occurred.
Interlock is not supported by the unit
access control unit
Interlock is not supported by the unit.
Interlock lockdown off
access control unit
Interlock lockdown has been turned off.
Interlock lockdown on
access control unit
Interlock lockdown has been turned on.
Interlock override off
access control unit
Interlock override is off.
Interlock override on
access control unit
Interlock override is on.
Intrusion detection area alarm activated
intrusion detection area
Intrusion detection area alarm activated.
Intrusion detection area arming
intrusion detection area
Intrusion detection area arming.
Intrusion detection area arming postponed
intrusion detection area
Intrusion detection area arming postponed.
Intrusion detection area canceled alarm
intrusion detection area
Intrusion detection area canceled alarm.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
750
Event types
Event
Source entity
Description
Intrusion detection area cancelled postponed request
intrusion detection area
Intrusion detection area cancelled postponed request.
Intrusion detection area custom event
intrusion detection area
Intrusion detection area custom event.
Intrusion detection area disarm request
intrusion detection area
Intrusion detection area disarm request.
Intrusion detection area disarmed
intrusion detection area
Intrusion detection area disarmed.
Intrusion detection area duress
intrusion detection area
Intrusion detection area duress.
Intrusion detection area entry delay activated
intrusion detection area
Intrusion detection area entry delay activated.
Intrusion detection area forced arming
intrusion detection area
Intrusion detection area forced arming.
Intrusion detection area input bypass activated
intrusion detection area
Intrusion detection area input bypass activated.
Intrusion detection area input bypass deactivated
intrusion detection area
Intrusion detection area input bypass deactivated.
Intrusion detection area input trouble
intrusion detection area
Intrusion detection area input trouble.
Intrusion detection area master arm request
intrusion detection area
Intrusion detection area master arm request.
Intrusion detection area master armed
intrusion detection area
Intrusion detection area master armed.
Intrusion detection area perimeter arm request
intrusion detection area
Intrusion detection area perimeter arm request.
Intrusion detection area perimeter armed
intrusion detection area
Intrusion detection area perimeter armed.
Intrusion detection area postponed arming request
intrusion detection area
Intrusion detection area postponed arming request.
Intrusion detection unit input bypass activated
intrusion detection unit
Intrusion detection unit input bypass activated.
Intrusion detection unit input bypass deactivated
intrusion detection unit
Intrusion detection unit input bypass deactivated.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
751
Event types
Event
Source entity
Description
Intrusion detection unit input trouble
intrusion detection unit
Intrusion detection unit input trouble.
Invalid custom encryption values
Archiver role
This warning is issued by the Archiver on startup and every 5 minutes if one of the custom encryption values (initial fingerprint or encryption key) specified in the Server Admin is invalid.
Last person out
area
The last cardholder has exited an area.
License plate in sight
LPR unit or Patroller
A complete license plate has been sighted in the camera.
License plate hit
restriction, LPR unit, or Patroller
A license plate read has been matched to a hotlist, an overtime rule, or a permit restriction.
License plate out of sight
LPR unit or Patroller
A license plate previously sighted in the camera has moved out of sight.
License plate read
LPR unit or Patroller
A license plate has been read.
License plate reading
LPR unit or Patroller
A clearer or more reliable reading of a sighted license plate is available.
Live bookmark added
camera
A user has added a bookmark to a live video. For more information about adding bookmarks, see the Genetec Security Desk User Guide.
Lock released
access control unit
Event related to a zone entity.
Lock secured
access control unit
Event related to a zone entity.
Loitering
camera (video analytics)
Loitering activity has been detected in the camera.
Macro aborted
macro
Execution of a macro has failed.
Marco completed
macro
Execution of a macro has been completed normally.
Macro started
macro
Execution of a macro has begun.
Manual station activated
door
Someone has pulled the door emergency release (manual pull station).
Manual station reverted to normal state
door
The door emergency release (manual pull station) has been restored to it normal operating position.
Motion
camera
There is motion detected.
Motion off
camera
This event is issued following a Motion on event when motion (measured in terms of number of motion blocks) has dropped below the “motion off threshold” for at least 5 seconds.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
752
Event types
Event
Source entity
Description
Motion on
camera
This event is issued when positive motion detection has been made.
Multiple units are configured for the interlock
area
All doors that are part of an interlock configuration must be controlled by the same unit.
No entry detected
cardholder, door, elevator, or area
A cardholder was granted access to a door, elevator, or area, but no entry is detected.
No match
hotlist
A vehicle has not been matched to the hotlist associated to the Sharp unit.
No RTP packet lost in the last minute
camera
The Archiver has received all the RTP packets in the last minute.
Object condition changed
camera (video analytics)
An object has suddenly changed direction or speed, such as when a person starts running or slips.
Object crossed line
camera (video analytics)
An object has crossed a predefined tripwire.
Object detected
camera (video analytics)
An object is in the camera field of view.
Object entered
camera (video analytics)
An object has entered the camera field of view.
Object exited
camera (video analytics)
An object has exited the camera field of view.
Object following route
camera (video analytics)
An object is following a predetermined route, in a specific direction.
Object left
camera (video analytics)
An object has entered and exited the camera field of view.
Object merged
camera (video analytics)
Two separate objects in the camera field of view have merged.
Object removed
camera (video analytics)
An object has been removed from the camera field of view.
Object separated
camera (video analytics)
An object within the camera field of view has separated into two objects.
Object stopped
camera (video analytics)
A moving object has stopped.
Offload failed
Patroller
An offload from Patroller to Security Center has failed.
Offload successful
Patroller
An offload from Patroller to Security Center was successful.
People count reset
area
The number of people counted in an area has been reset to 0.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
753
Event types
Event
Source entity
Description
People counting disabled: Unit is offline
area
A unit has gone offline, thus disabling people counting.
Person falling
camera (video analytics)
A person falling has been detected in the camera.
Person running
camera (video analytics)
A person running has been detected in the camera.
Person sliding
camera (video analytics)
A person sliding has been detected in the camera.
Playback bookmark added
camera
A user has added a bookmark to a recorded video. For more information about adding bookmarks, see the Genetec Security Desk User Guide.
Protection threshold exceeded
Archiver role
The Protected video threshold configured in the Server Admin is been exceeded. The percentage of disk space occupied by protected video files can be monitored from the Config Tool.
PTZ activated
camera (PTZ)
A user started using the PTZ after it has been idle. The Description field indicates the user who activated the PTZ. This event is regenerated every time a different user takes control of the PTZ, even when the PTZ is still active.
PTZ locked
camera (PTZ)
A user has tried to move the PTZ while it is being locked by another user with a higher PTZ priority. The Description field indicates the machine, application type, and user who currently holds the lock.
PTZ stopped
camera (PTZ)
The PTZ has not been manipulated by any user after a predetermined period of time. The Description field indicates the user who last used the PTZ.
PTZ zoom by user
camera (PTZ)
A user started zooming the PTZ. The Description field indicates the user who performed the zoom. Subsequent PTZ zoom by user events are generated if another user zooms the PTZ, or if the original user zooms the PTZ after the Idle delay has expired.
PTZ zoom by user stopped
camera (PTZ)
The PTZ has not been zoomed by any user after a predetermined period of time. The Description field indicates the user who last zoomed the PTZ.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
754
Event types
Event
Source entity
Description
Receiving RTP packets from multiple sources
camera
The Archiver is receiving more than one video stream for the same camera. IMPORTANT When this rare situation arises, the Archiver cannot tell which stream is the correct one simply by looking at the source IP address because of the NAT (Network Address Translation), so an arbitrary choice is made. This can result in the wrong video stream being archived. However, the source IP address and port number of both streams are indicated in the Description field, and the two sources are labeled Archived and Rejected. You can find the faulty unit that is causing this conflict.
Recording started (alarm)
camera
The recording on a camera has been started as the result of an alarm being triggered.
Recording started (continuous)
camera
The recording on a camera has been started by a continuous archiving schedule.
Recording started (external)
camera
The recording on a camera has been started by the Start recording action. This action could have been triggered by another event or executed from a macro.
Recording started (motion)
camera
The recording on a camera has been started through motion detection.
Recording started (user)
camera
The recording on a camera has been started manually by a user.
Recording stopped (alarm)
camera
The recording on a camera has stopped because the alarm recording time has elapsed.
Recording stopped (continuous)
camera
The recording on a camera has stopped because it is no longer covered by a continuous archiving schedule.
Recording stopped (external)
camera
The recording on a camera has been stopped by the Stop recording action. This action could have been triggered by another event or executed from a macro.
Recording stopped (motion)
camera
The recording on a camera has stopped because the motion has ceased.
Recording stopped (user)
camera
The recording on a camera has been stopped manually by a user.
Request to exit
door
Someone has pressed the door release button or has triggered a request to exit motion detector. The request to exit event has special filtering to make this feature compatible with motion detection request to exit hardware. Set these properties in the Config Tool > Door > Properties tab.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
755
Event types
Event
Source entity
Description
Request to exit normal
door
No request to exit is being made.
RTP packets lost
camera
There are RTP packets that the Archiver never received. This could happen if the packets have been lost on the network, or if the Archiver does not have enough CPU to process all the packets received on the network card. The Description field indicates the number of packets lost since the last time this event was issued (no more than once every minute).
Scheduled controlled access
elevator
The schedule for controlled access to elevator floors now applies.
Scheduled free access
elevator
The schedule for free access to elevator floors now applies.
Scheduled lock
door
The door unlock schedule has expired, the lock is now re-asserted (door is locked).
Scheduled unlock
door
The door lock is unlocked due to a programmed unlock schedule.
Signal lost
camera
The unit signal has been lost.
Signal recovered
camera
The unit signal has been recovered.
Synchronization completed: External system
external system
The synchronization of an external system has completed.
Synchronization error: External system
external system
The synchronization of an external system has resulted in an error.
Synchronization started: External system
external system
The synchronization of an external system has started.
Tailgating
camera (video analytics)
Two people have entered a secured area following each other very closely.
Threat level cleared
System, area
A threat level has been cleared on your system or on specific areas.
Threat level set
System, area
A threat level has been set on your system or on specific areas.
Transmission lost
camera
The Archiver is still connected to the camera, but it has not received any video packets for more than 5 seconds.
Undefined video analytics event
camera (video analytics)
A video analytics event has been issued, but it is not yet mapped to a Security Center event.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
756
Event types
Event
Source entity
Description
Unit connected
unit
The connection to a unit has been established or restored. Event related to a camera that is recording directly on the unit.
Unit failed to respond to edge video request Unit lost
unit
The connection to a unit has been lost.
Update failed
Patroller, Mobile Sharp
An update on Patroller or a Mobile Sharp unit has failed, or a file could not be synchronized on a Patroller computer.
Update installation completed
Patroller, Mobile Sharp
An update has completed on Patroller or a Mobile Sharp unit, and no reboot is required.
Update installation started
Patroller, Mobile Sharp
A user has started an updated on Patroller by clicking the “Update” icon.
Updated published
Patroller, Mobile Sharp
An update has been processed, and is ready to be deployed to Patroller.
Update uninstallation completed
Patroller, Mobile Sharp
A rollback on Patroller or a Mobile Sharp unit has completed.
Update uninstallation started
Patroller, Mobile Sharp
A user has started a rollback on Patroller by clicking the “Rollback” icon.
User logged off
user
A user has logged off of a Security Center application.
User logged on
user
A user has logged on to a Security Center application.
VRM connection attempt
The Archiver has attempted to connect to a VRM unit.
VRM connection failure
The Archiver has failed to connect to a VRM unit.
Window closed
input/zone
A physical window has closed.
Window opened
input/zone
A physical window has opened.
Zone armed
zone
A zone has been armed.
Zone disarmed
zone
A zone has been disarmed.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
757
Action types
Action types All actions in Security Center are associated with a target entity, which is the main entity affected by the action. Additional parameters are indicated in the Description column. All parameters must be configured for an action to be valid. For more information, see "Create an event-to-action" on page 107. Security Center supports the following actions: Action
Target entity
Description
Add bookmark
camera
Adds a bookmark to a camera recording. Additional parameter: • Message. Bookmark text.
Arm intrusion detection area
intrusion detection area
Arms an intrusion detection area. Additional parameters: • Mode: Either Master arm or Perimeter arm. • When. Either immediately or with a delay.
Arm zone
virtual zone
Arms a virtual zone.
Block and unblock video
camera
Blocks or unblocks a camera from other users in the system. Additional parameters: • Block/Unblock. Select whether the action will block or unblock the camera. • End. Select how long to block the video for: For. The video is blocked from users for the selected amount of time. Indefinitely. The video is blocked from users until you manually unblock it. • User level. Select a minimum user level. All users with a level lower than the one you select are blocked from viewing video.
Cancel postpone intrusion detection area arming
intrusion detection area
Cancels the postponed arming of an intrusion detection area.
Clear tasks
Security Desk (Destination)
Clears the task list in the specified Security Desk monitors. Additional parameter: • Destination. Online Security Desk application. User. All monitors of all Security Desk applications connected with the specified username. Monitor. Specific Security Desk monitor identified by a machine name and a monitor ID.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
758
Action types
Action
Target entity
Description
Disarm intrusion detection area
intrusion detection area
Disarms an intrusion detection area.
Disarm zone
virtual zone
Disarms a virtual zone.
Display a camera on an analog monitor
analog monitor
Displays a camera in an analog monitor in a canvas tile. Additional parameters: • Camera. Select which camera to display in the analog monitor. The camera must be supported by the analog monitor, and use the same video format. • Analog monitor. Select an analog monitor to display the camera in.
Display an entity in the Security Desk
users (Recipients)
Displays a list of entities in the Security Desk canvas of selected users, in terms of one entity per tile. This action is ignored if a user does not have a Monitoring task open in Security Desk. Additional parameters: • Entities. List of entities to display. Each entity is displayed in a separate tile. • Display option View in a free tile. Only use free tiles. Force display in tiles. Display in free tiles first. When there are no more free tiles, use the busy tiles following the tile ID sequence.
Email a report
users (Recipients)
Sends a report (based on a saved reporting task) as an email attachment to a list of users. Additional parameters: • Report. Public reporting task used as report template. • Format. Report format, either PDF or Excel.
Forgive antipassback violation
cardholder or cardholder group
Forgives an antipassback violation for a cardholder, or cardholder group.
Go home
dome camera
Commands the selected dome camera to go to its home position. Not all dome cameras support this feature.
Go to preset
dome camera
Commands the dome camera to go to the specified preset position. Additional parameter: • Preset. Preset position (number) to go to.
Import from file
user (Recipient)
Imports a file and sends the import results to a user. Additional parameter: • File name. Opens the Import tool window, where you can select the file that is used to import the data. For more information, see "Import tool" on page 657.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
759
Action types
Action
Target entity
Description
Override with event recording quality
camera
Sets the Boost quality on event recording to ON for the selection camera and applies the custom boost quality recording settings. Selecting this option overrides the general settings for event recording. The effect of this action lasts as long as it is not modified by another action, such as Recording quality as standard configuration, or until the Archiver restarts.
Override with manual recording quality
camera
Sets the Boost quality on manual recording to ON for the selection camera and applies the custom boost quality recording settings. Selecting this option overrides the general settings for event recording. The effect of this action lasts as long as it is not modified by another action, such as Recording quality as standard configuration, or until the Archiver restarts.
Play a sound
user or user group
Plays a sound bite in a user or user group’s Security Desk. This action is ignored if the user is not running Security Desk. Additional parameter: • Sound to play. Sound file (.wav) to play. For the user to hear the sound bite, the same sound file must be installed on the PC where Security Desk is running. The standard alert sound files that come with the installation are located in C:\Program files\Genetec Security Center 5.2\Audio.
Postpone intrusion detection area arming
intrusion detection area
Postpones the intrusion detection area arming. Additional parameters: • Arming mode: Either Master arm or Perimeter arm. • Postpone for. Set how long to postpone the arming for, in seconds. • Arming delay. Set the arming delay in seconds.
Recording quality as standard configuration
camera
Cancels the effect of the Override with manual/event recording quality actions and restores the standard recording configuration.
Reset area people count
area
Resets the people counter in an area.
Reset external system
Omnicast Federation role
Forces the Omnicast Federation role to reconnect to the remote Omnicast system.
Run a macro
macro
Starts the execution of a macro. Additional parameter: • Context: Specific value settings for the context variables.
Run a pattern
dome camera
Commands the dome camera to run the specified pattern. Additional parameter: • Pattern. Pattern number to run.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
760
Action types
Action
Target entity
Description
Send a message
user or user group (Recipient)
Sends a pop-up message to a user’s Security Desk. This action is ignored if the user is not running Security Desk. Additional parameter: • Message. Text to be to displayed in the pop-up message.
Send an email
user, user group, cardholder, cardholder group (Recipient)
Sends an email to users or cardholders. The selected user must have an email address configured, and the mail server must be properly configured for Security Center, or the action is ignored. Additional parameter: • Message. The email text to be sent to the recipient.
Send task
Security Desk (Destination)
Sends and adds a public task to a Security Desk application. Additional parameters: • Task. Public task to send. • Destination. Online Security Desk application. User. All Security Desk connected with that user. Monitor. Specific Security Desk monitor identified by a machine name and a monitor ID.
Set reader mode
cardholder, credential
(Only available when creating threat levels) Sets a reader mode for accessing doors when a threat level is set. Additional parameters: • Location. The areas where this reader mode applies when a threat level is set. • Reader mode. Select whether access is granted using a card and PIN, or card or PIN, for the selected areas.
Set the door maintenance mode
door
Sets the Unlocked for maintenance status of a door to on or off. Additional parameter: • Maintenance. Desired maintenance mode (On or Off).
Set threat level
system, area
Sets a threat level on your Security Center system, or on specific areas. Additional parameters: • Area. Select which areas to set the threat level on. Can be your entire system, or specific areas. • Threat level. Select which threat level to set.
Silence buzzer
door
Resets the Buzzer output defined for a door. This action sets the Buzzer option to None in the Hardware tab of a door in Config Tool.
Sound buzzer
door
Sets the Buzzer output defined for a door. The buzzer sound is specified under the Buzzer option in the Hardware tab of a door in Config Tool.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
761
Action types
Action
Target entity
Description
Start applying video protection
camera
Starts protecting upcoming video recordings against deletion. The protection is applied on all video files needed to store the protected video sequence. Since no video file can be partially protected, the actual length of the protected video sequence depends on the granularity of the video files. When multiple Start applying video protection actions are applied on the same video file, the longest protection period is kept. Additional parameters: • Keep protected for. Duration of the video protection. Specific. Sets the protection period in number of days. Infinite. The protection can only be removed manually from the Archive storage details task. • Protect video for next. Duration of the video to protect. Specific. Sets the duration in minutes and hours. Infinite. All future recordings are protected until the action Stop applying video protection is executed.
Start recording
camera
Starts recording on the specified camera. This action is ignored if the camera is not on an active recording schedule. Recordings started by this action cannot be stopped manually by a user. Additional parameter: • Recording duration. Sets the duration of the video recording. Default. Sets the duration to follow the value defined in Default manual recording length configured for the camera. Infinite. The recording can only be stopped by the Stop recording action. Specific. Sets the recording duration in seconds, minutes, and hours.
Stop applying video protection
camera
Stops protecting upcoming video recordings against deletion. This action does not affect the video archives that are already protected. Additional parameter: • Stop in. Sets the video protection to stop Now or in a Specific amount of time in minutes and hours.
Stop recording
camera
Stops recording on the specified camera. This action only works if the recording was started by the Start recording action. Additional parameter: • Stop in. Sets the recording to stop Now or in a Specific amount of time in seconds, minutes and hours.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
762
Action types
Action
Target entity
Description
Temporarily override unlock schedules
door
Temporarily locks or unlocks a door for a given period of time. Additional parameters: • Lock mode. Select Unlocked or Locked. For. Amount of time in minutes or hours. From/To. Date and time range to unlock the door.
Trigger alarm
alarm
Triggers an alarm. NOTE Triggering an alarm might generate additional events, depending on the alarm configuration. Additional parameters: • Acknowledgement condition. Event type that must be triggered before the alarm can be acknowledged. • User acknowledgement required. Select whether the alarm must be manually acknowledged, or if it is automatically acknowledged by the system after the acknowledgement condition is cleared.
Trigger intrusion alarm
intrusion detection area
Triggers a physical alarm on an intrusion detection area. Additional parameter: • Recipient type. Type of alarm trigger, either the intrusion detection area or a specific alarm input.
Trigger output
output pin (unit)
Triggers an output behavior on an output pin of a unit. For example, an action can be configured to trigger the output pin of a unit (controller or input/output module). Additional parameter: • Output behavior. Select the output behavior to trigger.
Trigger synchronization
role (that needs synchronization)
Starts a synchronization process on the specified role (Active Directory or Global Cardholder Synchronizer).
Unlock door explicitly
door
Temporarily unlocks a door for five seconds, or the Standard grant time configured for that door.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
763
20 Keyboard shortcuts in Config Tool Learn about the default keyboard shortcuts available in Config Tool. This section includes the following topics:
• "Default keyboard shortcuts" on page 765
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
764
Default keyboard shortcuts
Default keyboard shortcuts This table lists the default keyboard shortcuts you can use in Config Tool. This list is categorized alphabetically by command. NOTE You can change the keyboard shortcuts in the Keyboard shortcuts tab of the Options dialog
box. See "Keyboard shortcuts" on page 681. Command
Description
Shortcut
Apply changes
Apply the changes made to your current configuration tab.
CTRL+S
Exit application
Close Config Tool.
ALT+F4
Full screen
Toggle between displaying Config Tool in full screen and windows mode.
F11
Go to next page
Switch to the next Config Tool task tab.
CTRL+TAB
Go to previous page
Switch to the previous Config Tool task tab.
CTRL+SHIFT+TAB
Help
Open the online help.
F1
Home page
Go to the Home page. For more information, see "Home page overview" on page 14.
CTRL+GRAVE ACCENT (‘)
Options
Open the Options dialog box.
CTRL+O
Select columns
Select which columns to show/hide in the report pane.
CTRL+SHIFT+C
Add a bookmark
Add a bookmark to video in the selected tile (for live video only).
B
Copy statistics of the currently selected video tile
Copy the statistics of the selected tile.
CTRL+SHIFT+X
Show statistics overlay on the video tile
Show/hide the statistics summary of the video in the selected tile.
CTRL + SHIFT + A
Show status overlay on the video tile
Show/hide the status summary of the video in the selected tile.
CTRL+SHIFT+D
Go to preset
Jump to a PTZ preset you select.
SHIFT+
Pan left
Pan the PTZ camera image to the left.
LEFT ARROW
General commands
Camera commands
PTZ commands
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
765
Default keyboard shortcuts
Command
Description
Shortcut
Pan right
Pan the PTZ camera image to the right.
RIGHT ARROW
Tilt down
Tilt the PTZ camera image down.
DOWN ARROW
Tilt up
Tilt the PTZ camera image up.
UP ARROW
Zoom in
Zoom in the PTZ camera image.
Hold the PLUS SIGN (+)
Zoom out
Zoom out the PTZ camera image.
Hold the HYPHEN (-) key
Rename task
Rename the selected task.
F2
Save as
Save a task under a different name and scope (private or public).
CTRL+T
Save workspace
Save the task list so that it is automatically restored the next time you log on to the system with the same user name.
CTRL+SHIFT+S
Saved tasks
Open the Public tasks page from the Home page. For more information, see "Home page overview" on page 14.
CTRL+N
Task commands
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
766
Part VII Appendices Learn about the user privileges, event and action types, license options, and HID access control units available in Security Center. This part includes the following appendices: •
Appendix A, “License options” on page 768
•
Appendix B, “Default Security Center ports” on page 776
•
Appendix C, “HID reference” on page 781
•
Appendix D, “Bosch reference” on page 803
•
Appendix E, “Honeywell reference” on page 805
A License options This section describes all Security Center software license options, and how to view your license information. This section includes the following topics:
• "Viewing license information from Config Tool" on page 769 • "Viewing license information from Server Admin" on page 770 • "License option descriptions" on page 771
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
768
Viewing license information from Config Tool
Viewing license information from Config Tool From the Home page in Config Tool, click About.
NOTE You might not see all the tabs shown in this sample screen shot if your license does not support all the solution components.
• License. This tab tells you when your software license expires, and gives you the information you need to provide when contacting Genetec Technical Assistance Center: System ID, Package name, Service maintenance agreement (SMA) number, and so on. IMPORTANT Seven days before your license expires, you receive a warning message.
• Security Center. This tab shows all generic Security Center options. A feature is either supported or limited by a maximum use count. For the latter, the Support column shows the current use vs. the maximum allowed.
• • • • • •
Synergis. This tab is shown only if Synergis (access control) is supported. Omnicast. This tab is shown only if Omnicast (video surveillance) is supported. AutoVu. This tab is shown only if AutoVu (LPR) is supported. Mobile. This tab is shown only if Security Center Mobile is supported. Certificates. This tab lists all the supported software certificates, such as plugin certificates. Purchase order. This tab reproduces your order.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
769
Viewing license information from Server Admin
Viewing license information from Server Admin 1 Log on to your main server using Server Admin. For more information, see "Open Server Admin using Internet Explorer" on page 48. 2 Select the Directory tab, scroll to the License section, and click License information.
NOTE You might not see all the tabs shown in this sample screen shot if your license does not support all the solution components.
• Overview. This tab tells you when your software license expires and gives you the information you need to provide when contacting Genetec Technical Assistance Center: System ID, Package name, Service maintenance agreement (SMA) number, and so on.
• Security Center. This tab shows all generic Security Center options. A feature is either supported or limited by a maximum use count.
• • • • •
Synergis. This tab is shown only if Synergis (access control) is supported. Omnicast. This tab is shown only if Omnicast (video surveillance) is supported. AutoVu. This tab is shown only if AutoVu (LPR) is supported. Mobile devices. This tab is shown only if Security Center Mobile is supported. Certificates. This tab lists all the supported software certificates, such as plugin certificates.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
770
License option descriptions
License option descriptions This section describes the meaning of all Security Center license options. A feature is either supported or limited by a maximum use count. For the latter, only the Config Tool shows the current use vs. the maximum allowed. TIP Some options feature an On/Off switch. If you do not use that option in your system, turn the switch OFF to simplify the user interface.
This section includes the following topics:
• • • • • •
"Security Center license options" on page 771 "Synergis license options" on page 772 "Omnicast license options" on page 773 "AutoVu license options" on page 774 "Mobile license options" on page 774 "Certificate license options" on page 775
Security Center license options This section describes the generic Security Center license options.
• Macros. Allows you to create macros in your system. For more information, see "Using macros" on page 110.
• Threat level. Allows you to create threat levels in Config Tool, as well as set threat levels in Security Desk.
• Remote Security Desk. Allows you to remotely monitor and control other Security Desk workstations and monitors, using the Remote task on your local Security Desk.
• Alarms. Allows you to create and manage alarms in Config Tool, and use the Alarm monitoring and Alarm report tasks in Security Desk.
• Hot actions. Allows you to trigger hot actions in Security Desk. • Audio. Allows you to configure sounds bites on your system in Config Tool, and use them in event-to-actions.
• Partitions. Allows you to configure and use partitions in Security Center. • Intrusion detection. Allows you to configure intrusion detection entities in Config Tool, as well as monitor intrusion detection entities in Security Desk.
• Time zone. Allows you to configure the unit time zone when a Location property tab is displayed, as in video unit configuration for example.
• Automatic email notifications. Allows you to set up an email server for email notifications, including:
Receiving email notifications from the Watchdog.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
771
License option descriptions
Using Send an email and Email a report actions.
• Web SDK. Allows you to create Web-based SDK roles. For more information, see "Supporting cross-platform development" on page 164.
• Plan Manager Basic. Allows you to use Plan Manager in Basic mode. For more information about Plan Manager, see the Plan Manager User Guide.
• Plan Manager Standard. Allows you to use Plan Manager in Standard mode. For more information about Plan Manager, see the Plan Manager User Guide.
• Plan Manager Advanced. Allows you to use the Advanced configuration of Plan Manager in Advanced mode. For more information about Plan Manager, see the Plan Manager User Guide.
• Number of custom fields. Maximum number of custom fields that you are allowed to define. For more information, see System – General settings – "Custom fields" on page 619.
• Number of federated systems. Maximum number of federated systems allowed, counting both Omnicast 4.x and Security Center systems. For more information, see "Federating remote systems" on page 128.
• Number of Security Desk connections. Maximum number of simultaneous Security Desk connections allowed on your system.
• Number of Active Directories. Maximum number of Active Directory domains that can be synchronized with your system. For more information, see "Importing users from an Active Directory" on page 102.
• Number of additional Directory servers. Maximum number of Directory servers you can have in addition to your main server to set up a high availability system. For more information, see "Configuring Directory failover and load balancing" on page 66.
• Number of intrusion detection units. Maximum number of intrusion panels supported on your system. For more information, see "Managing intrusion panels" on page 155.
• Number of input pins. Maximum number of input pins that can be configured for doors, elevators, and zones.
• Number of output pins. Maximum number of input pins that can be configured can be configured for doors, elevators, and zones.
• Number of cash registers. Maximum number of cash registers that you can import from an external point of sale system. For more information, see "Point of Sale" on page 595.
Synergis license options This section describes the Synergis access control license options.
• Card requests. Allows users to request card credentials to be printed by other users on the system. Also allows you to create request reasons in Config Tool.
• Import Tool. Allows you to import cardholders and credentials from a flat file. For more information, see "Import tool" on page 657.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
772
License option descriptions
• Antipassback. Allows you to configure areas with antipassback restrictions. For more information, see "Configure antipassback" on page 280.
• • • • •
People counting. Allows you to use the People counting task in Security Desk. Badge template. Allows you to define badge templates in your system. USB enrollment reader. Allows you to detect and use USB readers on your system. Visitors. Allows you to use the Visitor management task in Security Desk. Number of cardholders and visitors. Maximum number of cardholders and visitors allowed on your system, including those imported from Active Directories. For more information, see "Configuring cardholders and cardholder groups" on page 283.
• Number of readers. Maximum number of readers that can be configured for doors and elevators on your system.
• Number of Access Managers. Maximum number of Access Manager roles that can be created on your system. For more information, see "Configuring the Access Manager role" on page 260.
• Number of Global Cardholder Synchronizers. Number of Global Cardholder Synchronizer roles allowed on your system. For more information, see "Managing global cardholders" on page 296.
Omnicast license options This section describes the Omnicast video surveillance license options.
• Number of cameras. Maximum number of cameras allowed on your system. Both cameras managed locally by your system and those federated from remote systems are counted.
• Number of OVReady cameras. Maximum number of OVReady cameras (with video analytics capabilities) allowed on your system.
• Number of panoramic cameras. Number of panoramic cameras allowed on your system. • Number of DVR inputs. Number of video inputs from DVRs (digital video recorders) allowed on your system.
• Number of analog monitors. Maximum number of analog monitors allowed on your system.
• Number of Auxiliary Archivers. Number of Auxiliary Archiver roles allowed on your system. For more information, see "Configuring the Auxiliary Archiver role" on page 204.
• Audio. Allows your system to stream audio and enables all audio features on your system. • Forensic search. Enables the Forensic search task in Security Desk. • Trickling. Enables data to be transferred in small amounts at specific or pre-determined time from the edge-recording units to the Archiver. For more information, see "Configuring video units for trickling" on page 197.
• Camera blocking. Allows you to block video from other users on the system. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
773
License option descriptions
AutoVu license options This section describes the AutoVu LPR license options.
• • • •
Security Desk map. Type of map engine supported in Security Desk: Bing or MapInfo. Geocoder. Type of map engine used by the LPR Manager for geocoding: Bing or MapInfo. Microsoft Bing license expiration date. Bing license expiration date. Data import. Allows data to be imported from AutoVu 4.3 systems. For more information, see "Data import" on page 583.
• XML import. Allows you to import data from third-party applications. For more information, see "XML import" on page 578.
• Number of LPR Managers. Maximum number of LPRManager roles allowed on your system.
• Number of fixed Sharp units. Maximum number of fixed Sharp units allowed on your system.
• Number of Patrollers - Law Enforcement. Maximum number of Patrollers configured for Law Enforcement allowed on your system.
• Number of Patrollers - City Parking Enforcement. Maximum number of Patrollers configured for City Parking Enforcement allowed on your system.
• Number of Patrollers - University Parking Enforcement. Maximum number of Patrollers configured for University Parking Enforcement allowed on your system.
• Number of Patrollers - MLPI. Maximum number of Patrollers configured for Mobile License Plate Inventory allowed on your system.
• Number of Patrollers equipped with maps. Maximum number of Patrollers equipped with maps allowed on your system.
Mobile license options This section describes the Genetec Security Center Mobile license options.
• Number of mobile device servers. Maximum number of Mobile Servers allowed on your system.
• Number of mobile devices. Maximum number of simultaneous Mobile app connections allowed on your system.
• Number of Web Clients. Maximum number of Web Client connections allowed on your system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
774
License option descriptions
Certificate license options This section describes the certificate license options. Each certificate is identified by an application/plugin name and the publisher name. The option specifies the maximum number of simultaneous connections from each type of application on your system.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
775
B Default Security Center ports This section describes all default ports used by Security Center. Make sure these ports are open and redirected for firewall and network address translation purposes. This section includes the following topics:
• • • •
"Common communication ports" on page 777 "AutoVu-specific ports" on page 778 "Synergis-specific ports" on page 779 "Omnicast-specific ports" on page 780
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
776
Common communication ports
Common communication ports The following table lists the default network ports used by Security Center applications. Computer
Inbound
Main server
TCP 5500
Outbound
Port usage
Directory connection requests
Expansion servers
TCP 5500
Directory connection requests
Client workstations
TCP 5500
Directory connection requests
TCP 4502
Communication between servers
All servers (hosting any role)
TCP 4502
Intrusion Manager
TCP 3001
HTTP 80
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Connection via Server Admin TCP 3001
Bosch intrusion panels
777
AutoVu-specific ports
AutoVu-specific ports The following table lists the default network ports used by Security Center/AutoVu applications. Computer
Inbound
LPR Manager
Outbound
Port usage
UDP 5000
Fixed Sharp unit discovery
TCP 8731
Fixed Sharp units and Patrollers
TCP 8832
Patroller hotfix requests
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
778
Synergis-specific ports
Synergis-specific ports The following table lists the default network ports used by Security Center/Synergis applications. Computer
Inbound
Outbound
Port usage
Access Manager
UDP/TCP 4070
UDP/TCP 4070
HID VertX controllers
TCP 20
TCP 21, 23
HID VertX controllers
TCP 4050
HID VertX controllers
For information about HID hardware setup, see "Refer to HID’s documentation for initial hardware setup" on page 782.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
779
Omnicast-specific ports
Omnicast-specific ports The following table lists the default network ports used by Security Center/Omnicast applications. Computer
Inbound
Archiver
TCP 555 UDP 15000–16000
Outbound
Live and playback stream requests UDP 15000–16000
TCP & UDP UDP 47806
Port usage
Live unicast streams (audio & video) Vendor specific ports for events and unit discovery
UDP 47806
Live audio & video multicast streams
TCP 554 or HTTP 80
Typical port used to request video from a unit
Telnet 5602
Telnet Console connection requests
Auxiliary Archiver
TCP 558
Playback stream requests
Media Router
TCP 554
Live and playback stream requests
Redirector
TCP 560
Live and playback stream requests
UDP 8000–12000
Live audio & video unicast streams
UDP 47806
Security Desk & Config Tool
UDP 47806
Live audio & video multicast streams
TCP 555
Communication with Archiver
UDP 6000–6500
Live audio & video unicast streams
UDP 47806
Live multicast video streams
UDP 47807
Live multicast audio streams TCP 554–560
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Live and playback audio/video requests
780
C HID reference This section describes additional information concerning the setup and configuration of HID access control units. This section includes the following topics:
• • • • • • • • •
"Network configuration" on page 782 "Using the HID Discovery GUI utility" on page 783 "HID initial configurations" on page 784 "Special considerations when configuring HID units" on page 785 "Interpreting the Power and Comm LEDs on an HID unit" on page 787 "Supported features and models" on page 788 "Access control unit modes of operation" on page 791 "Access control unit configuration" on page 799 "Wiring diagrams" on page 800
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
781
Network configuration
Network configuration HID VertX (V1000, V2000), and Edge devices are IP devices that can acquire their network address automatically when your network has a DHCP server (the default). They can also be configured with static addresses (recommended).
Refer to HID’s documentation for initial hardware setup HID device documentation can be found in the Documentation\Controllers folder of your Security Center installation package:
• HID VertX
HID VertX OEM Quick Installation Guide V100, V200, V300, V1000, and V2000 for configuration information.
HID VertX Install Wiring Diagram Example for wiring examples. HID Edge device
•
HID EdgeReader Wiring Instructions for wiring examples.
HID documentation can also be downloaded from www.HIDglobal.com. The discovery port of an HID unit is fixed at 4070. Once it is discovered, the unit is assigned to an Access Manager that uses the ports shown in the following table to control it. Computer
Inbound
Outbound
Port usage
Access Manager
UDP/TCP 4070
UDP/TCP 4070
HID VertX controllers
TCP 20
TCP 21, 23
HID VertX controllers
TCP 4050
HID VertX controllers
The initial discovery can be performed with either the Security Center’s Unit Discovery Tool (see "Unit discovery tool" on page 653), or with the HID Discovery GUI. NOTE The Security Center’s Unit Discovery Tool does not let you assign or modify the IP configuration of an HID unit. If you do not have a DHCP server on your network, or if you want to modify the initial IP configuration of the HID unit, this should be done with the HID Discovery GUI. It can be downloaded from http://www.hidglobal.com/downloads/ DiscoveryClient.zip.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
782
Using the HID Discovery GUI utility
Using the HID Discovery GUI utility The HID Discovery GUI utility is a Windows application designed to scan a local network and report what HID devices are found. Typically, is used to perform the initial discovery and apply IP configurations to your HID hardware before enrolling them into your Security Center system. To use the HID Discovery GUI: 1 Launch the utility. The HID Discovery GUI can be found in your Windows Start menu > All Programs > VertX Toolbox > Discovery GUI. 2 When the application launches, it immediately scans the local network.
The following columns are displayed:
Type. HID device model. MAC Address. MAC address of the device’s network interface (also used as serial number). Host Name. Name assigned to the device (by default, same as “Type”).
3 To cause the unit’s LED to blink so it can be identified, click the Blink ON button. 4 To go to the unit’s configuration Web page, click the Configure Unit hyperlink. 5 To re-scan the network to find HID devices, click the Refresh
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
button.
783
HID initial configurations
HID initial configurations If no DHCP server is present, you need to assign a static IP configuration to the unit. As long as an HID unit has a valid IP configuration, it can be “seen” by the Security Center’s Access Manager, and you know the username and password to connect to the unit, everything else can be done once it has been enrolled into Security Center. To prepare your unit for enrollment into Security Center: 1 Launch the HID Discovery GUI and scan for devices on your network. 2 If you do not find the desired results, disconnect your workstation’s network cable from the wall (or switch) and plug it directly into the HID unit.
The address 169.254.242.121 is the factory-assigned default address for every HID device. Even if the unit has been configured with an IP configuration, it still listens on this address for (possible) troubleshooting needs. 3 If a change in IP configuration is required, this is performed from the device’s configuration Web page. You can open the device’s Web page one of the following ways:
In the HID Discovery GUI, click the Configure Unit hyperlink.
Type http://169.254.242.121 in your Web browser.
4 Authentication is required to connect to an HID unit’s web page. By default:
User Name: root
Password: pass
5 The first page displayed from the HID unit will be it’s Basic Setup page. It is on this page that you can assign the device’s IP configuration. CAUTION If no DNS server is present on your network, you must use the unit’s own IP address for the Primary DNS Server value. Furthermore, the Basic Central Station’s IP address should be set to the IP address of your Security Center server running the Access Manager role.
6 Scroll down, and click the link to Change Login Password. (NB: This refers to the user admin not the user root) 7 Scroll to the bottom of the page, and click Submit. The unit applies the new IP configuration, and reboot. The unit is now ready to be enrolled in Security Center. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
784
Special considerations when configuring HID units
Special considerations when configuring HID units Some special considerations should be taken into account when working with HID inputs and outputs. This section includes the following topics:
• • • •
"For HID V1000 units" on page 785 "Other HID hardware" on page 785 "HID factory default input settings" on page 785 "Modify input configurations" on page 786
For HID V1000 units It is not recommended to use an HID VertX V1000 inputs and outputs for special purpose requirements such as:
• • • • •
A door: REX, door sensor, door lock Interlock override or lockdown Elevator control floor tracking Door buzzer IO linking (Hardware zone)
Instead, you should use the inputs and outputs from the V1000’s sub-panels (V200’s, V300’s) for these purposes.
Other HID hardware Any unused inputs (including AC Fail, Battery Fail and REX) can be used for other purposes except the Tamper and Door Monitor inputs. These two types of inputs can only be used for their specified purpose.
HID factory default input settings HID units have the following configurations applied to the inputs:
• The door monitor input is configured by default as normally closed (NC), and not
•
supervised (no EOL resistors). This means that if nothing is connected to the door monitor input, the unit will emit beeps to signal that the door is open. To correct this, connect the door monitor input to an actual door monitor, or reconfigure the input to normally open (NO). See illustration below. All other inputs are configured as normally open (NO), not supervised (no EOL resistors).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
785
Special considerations when configuring HID units
Modify input configurations 1 Select the unit from the Config Tool’s Roles view task, and click the Properties tab. 2 In the Additional settings section, modify the Contact type / Supervision mode of the inputs and outputs attached to the unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
786
Interpreting the Power and Comm LEDs on an HID unit
Interpreting the Power and Comm LEDs on an HID unit HID units are equipped with 2 status LEDS; One is labelled Power, and the other is labelled Comm. You can find these LED’s on top of the face plate for V1000’s and V2000’s. For Edge and Edge Plus devices, the LED’s are found on the bottom of the unit. Table 22-2: V1000, V2000 and Edge Reader power & Comm LED’s LED indicator
Power
Comm
State
Description
Off
Check input voltage to the unit
Solid red
No network activity
Blinking (Red/Off)
Network activity
Solid green
All interfaces found (eg. V100, V200, V300)
Solid red
No interfaces found
Blinking (Red/Green)
Some interfaces were found (the duty cycle changes according to the number of interfaces found).
Blinking (Amber/Green)
The unit is in “Locate me” mode (somebody clicked the “Identify” button).
For VertX V1000 units: If the Comm LED indicator is off, update the firmware for the interface (V100) part of the unit. Table 22-3: VertX interface boards (sub-panels) V100, V200, V300 LED indicator
State
Description
Solid red
OK
Anything other than solid red
Check input voltage
Blinking (Red/Green)
RS-485 bus activity
Amber
Firmware download in progress
Power
Comm
If the Comm LED indicator for an interface board is off, verify the wiring for the RS-485 bus. Then try updating the firmware.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
787
Supported features and models
Supported features and models Please refer to the tables below to confirm which Security Center features are supported by which models of HID access control units.
Supported access control software and hardware This section describes the supported HID access control features in Security Center.
Supported HID keypad reader options Card and PIN operation depends on the type of unit and the keypad reader installed. For both HID iCLASS and Prox readers, the “Keypad configuration setting option” is selected at the time of purchase. Supported options include the following:
• Option 00: “Keypad configuration setting option” of 00 = Buffer one key, no parity, 4-bit •
message. Option 14: “Keypad configuration setting option” of 14 = Buffer one to five keys (Standard 26-bit output). This reader option is also known as “Galaxy Mode”. HID keypad reader option
Unit type
HID: V1000 with V100 V2000 EdgePlus E400
HID: EdgeReader ER40 EdgeReader ERP40 EdgeReader ERW400
Online mode
Mixed mode
Offline mode
Card or PIN.
Observation
“Keypad configuration setting option” of 14
Not applicable.
Card or PIN.
“Keypad configuration setting option” of 00
Not applicable.
Card or PIN. Card and PIN on schedule. When offschedule, operation reverts to card only.
An unknown PIN will not generate the Access denied: Unknown credential event in Security Center. The reader cannot be used to enroll PINs for credential creation.
These units cannot be ordered with a keypad.
Not applicable.
Card only.
—
Card only.
The keypad readers can be used to enroll PINs.
For HID SmartID keypad readers (SK10), the following option is required to support card and PIN functionality:
• Option 02PIN-0000: “Pincode Wiegand 4 bit per key no parity”. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
788
Supported features and models
PIN length Currently, PINs cannot have more than five digits.
Supported HID hardware For firmware version requirements, see the Security Center release notes.
• • • •
iCLASS EdgeReader (POE) ER40, ERP40, ERW400 integrated reader and controller EdgePlus (POE) E400 controller VertX V2000 reader interface/network gateway VertX V1000 network gateway
VertX V100 reader interface
VertX V200 input interface
VertX V300 output interface
Card readers:
• HID units support most industry standard card readers that output card data using the Wiegand protocol (up to 128-bit card formats). For card and keypad readers, see "Access control unit configuration" on page 799.
• • HID SmartID readers (MIFARE and DESFire) are also supported. Supported RF Ideas USB enrollment readers
The RF Ideas readers only support card data formats up to 64 bits. The following USB enrollment readers are supported:
• pcProx HID USB reader for enrolling proximity cards • AIR ID Enroll iCLASS ID# USB reader for enrolling HID iCLASS cards • AIR ID Enroll 14443/15693 CSN USB reader for enrolling a MIFARE card using the CSN (card serial number)
Support for Power over Ethernet (PoE) The following units support PoE (15.4W): Unit type
Support
HID V1000, V100, V200, V300
Not supported
HID V2000
Not supported
HID EdgeReader / EdgePlus
Supported
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
789
Supported features and models
Unit cardholder and reader capacity The number of cardholders (or credentials) that a unit can support offline is as follows: Unit type
Supported number of cardholders
HID V1000 / V100
22,000, up to 125,000 cardholders with full memory upgrade.
HID V2000
22,000, up to 125,000 cardholders with full memory upgrade.
HID EdgeReader / EdgePlus
22,000 cardholders (maximum). No memory upgrades are possible.
The number of readers that a unit can support is as follows: Unit type
Supported number of readers
HID V1000 / V100
64 readers with 32 V100 reader interface modules 32 doors configured as card in/card out 64 doors configured as card in/REX out
HID V2000
2 readers 1 door configured as card in/card out 2 doors configured as card in/REX out
HID EdgeReader / EdgePlus
1 reader 1 door configured as card in/REX out
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
790
Access control unit modes of operation
Access control unit modes of operation This section describes the supported HID access control unit modes of operation in Security Center. This section includes the following topics:
• "About offline, mixed, and online modes of operation" on page 791 • "Supported modes of operation per unit type" on page 791
About offline, mixed, and online modes of operation When the Security Center’s Access Manager role and an HID unit can communicate over an IP network, the HID unit will be, by definition, in Mixed mode. If the network connection is disrupted, the unit will fall into offline mode. Online mode is not supported for HID units. Unit operating mode
Description
Mixed mode
The unit makes access control decisions locally based on information downloaded from Security Center/Synergis during unit synchronization. Access events are reported to Security Center/Synergis in real-time.
Offline
Communication with Security Center/Synergis has been lost. The unit makes access control decisions locally, based on information downloaded from Security Center/Synergis during unit synchronization. Access granted and access denied events are logged in the unit and are uploaded to the Security Center/Synergis when the network connection is re-established.
Online
The unit is under the direct real-time control of Security Center/Synergis. Security Center/Synergis makes all access control decisions. This mode is not available with HID VertX and Edge units.
Supported modes of operation per unit type The following table summarizes which modes of operation are supported by unit type: Unit
Online Mode
Mixed Mode
Offline Mode
HID V1000/V100
Not supported
Supported
Supported
HID V2000
Not supported
Supported
Supported
HID EdgeReader/ EdgePlus
Not supported
Supported
Supported
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
791
Access control unit modes of operation
The features available for the HID mixed and HID offline modes of operation are as follows:
• • • • • • • • • • • • • • • • •
Action: Silence buzzer or Sound buzzer (event-to-action) Antipassback Card and PIN Elevator control Elevator floor tracking Event-to-action with Trigger output action Extended grant time Hard antipassback (passback violation event generated and access is denied) Interlock IO Linking Lockdown Override People Counting Readerless Door (use an IO module for a REX, door state, and door lock only) Soft Antipassback (passback violation event generated and access is granted) Strict Antipassback Timed antipassback
Action: Silence buzzer or Sound buzzer (event-to-action) Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported
For operation, the mixed and offline modes require the following:
• All inputs and outputs must belong to the same HID controller (one VertX V1000, one V2000, or one Edge). NOTE The Action feature is not available with a readerless door.
Antipassback Operating mode
Feature availability
HID mixed mode
Depends on the antipassback settings enabled with the Config Tool.
HID offline mode
Depends on the antipassback settings enabled with the Config Tool.
For operation, the mixed and offline modes require the following: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
792
Access control unit modes of operation
• All units used for this feature must be assigned to the same Access Manager. • The interlock feature must be disabled. Interlock (including the lockdown and override functions) and antipassback are mutually exclusive; both features cannot be enabled for an area at the same time.
HID VertX antipassback The antipassback feature works best once the access control system has been configured and the system is operational and relatively static. It is recommended to enable antipassback once the following entities have been properly configured in Security Center and are not expected to change on a daily basis:
• • • • • • •
Unit time zones Doors and associated readers Areas (groups of doors) Elevators and associated floors (including unlocking schedules) Cardholder groups Schedules (including card and PIN schedules) Access rules
The following section provides guidelines for configuring, enabling, and managing the antipassback with HID VertX controllers (units):
• You must use either the V1000 or V2000 for antipassback.
V2000: Antipassback is only supported for an area with a single door having both entry and exit readers.
V1000: Antipassback is supported for multiple areas, with each area supporting multiple doors with entry and exit readers. Limitation in the number of doors is based on the number of V100 modules installed. Antipassback is not recommended with the Edge product line for the following reasons:
•
Only a single reader can be specified for either entry or exit (not both) while antipassback typically requires both entry and exit readers. Peer-to-peer communication between Edge devices is not supported by Security Center.
• An area with antipassback must be configured for readers wired to, and doors managed by, the same unit (V1000 or V2000) because
Antipassback functions are handled by the unit (V1000 or V2000).
The Security Center does not support peer-to-peer communication between either VertX V1000 or V2000 devices. Antipassback can be reset using the following methods:
•
A unit synchronization operation
An action (manually or with an event-to-action) The following system behavior will reset a unit’s antipassback state:
•
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
793
Access control unit modes of operation
Initial unit synchronization when the Security Center services are started or restarted. Unit synchronization following the loss and recovery of a connection with the unit (V1000 or V2000).
Unit synchronization following certain configuration changes (see below for more details). Manual synchronization of the unit through the Config Tool page.
•
Card and PIN Operating mode
Feature availability
HID mixed mode
Depends on the card reader hardware options which are selected at the time of purchase. See "Supported HID keypad reader options" on page 788 for more details.
HID offline mode
Depends on the card reader hardware options which are selected at the time of purchase. See "Supported HID keypad reader options" on page 788 for more details.
For operation, the mixed and offline modes require the following:
• All reader interfaces/inputs/outputs for a door should belong to the same HID controller (HID Edge, VertX V2000, or Vertx V100 interface module).
Elevator control Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported
For operation, the mixed and offline modes require the following:
• All interface modules used for elevator control (HID VertX V100, V200, and V300) must be assigned to the same VertX V1000. Reader, inputs and outputs must be assigned to the same V2000 (max. of 4 floors) or Edge (max. of 2 floors). All units used for this feature must be assigned to the same Access Manager.
• • The reader interface, inputs, and outputs must be connected to the same HID controller
(VertX V1000, V2000, or Edge). A maximum of 1 elevator cab reader can be assigned per HID controller (VertX V1000, V2000, or Edge).
HID VertX elevator control The use of HID VertX controllers (V1000 and V2000) for elevator control is subject to the following:
• A VertX controller should be dedicated to the control of a single elevator cab. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
794
Access control unit modes of operation
• Once a VertX controller has been assigned to perform elevator control, it should only be •
used for that purpose. Door and zone control should not be mixed with elevator control, even when the unit has unused readers, inputs and outputs. When elevator floors are operating under controlled access mode, schedules from different access rules applied to different floors are merged when the rules are granted to a same cardholder.
EXAMPLE Suppose that the configuration set in Config Tool is such that Bob should be granted
access to floor 1 from 9 a.m. to 10 a.m. through access rule 1, and to floor 2 from 10 a.m. to 11 a.m. through access rule 2. When Bob presents his card in the elevator, the VertX controller will actually grant access to Robert from 9 a.m. to 11 a.m. on both floors.
Elevator floor tracking Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Not Supported. Event reporting is unavailable. Events are not regenerated when the unit reconnects to Synergis and switches from offline to either the online or the mixed mode of operation.
For operation, the mixed mode requires the following:
• All units used for this feature must be assigned to the same Access Manager. Event-to-action with Trigger output action Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Partially Supported
For operation, the mixed and offline modes require the following:
• All units used for this feature must be assigned to the same Access Manager. Extended grant time Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
795
Access control unit modes of operation
Hard antipassback (passback violation event generated and access is denied) Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported
NOTE Antipassback using the HID units is available with the VertX V2000 (area with a single
door) and the VertX V1000 (multiple areas and multiple doors per area). Antipassback with the HID Edge products is not supported.
Interlock Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported
For operation, the mixed and offline modes require the following:
• The antipassback feature must be disabled. Interlock (including the lockdown and override functions) and antipassback are mutually exclusive; both features cannot be enabled for an area at the same time. The inputs of an HID VertX V1000 must be not used for this feature.
• • All perimeter doors of an interlocked area must be assigned to the same HID controller (one VertX V1000 or one V2000).
NOTE If a perimeter door of an interlock is open, when an authorized cardholder accesses a second perimeter door of the same interlock, an Access Granted event for the second door might be generated, even through the second door does not unlock.
IO Linking Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported
For operation, the mixed and offline modes require the following:
• The inputs of an HID VertX V1000 must be not used for this feature. • All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
796
Access control unit modes of operation
Lockdown Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported
NOTE The Lockdown feature is only supported for areas where the Interlock feature is enabled.
Override Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported
NOTE The Override feature is only supported for areas where the Interlock feature is enabled.
People Counting Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Not Supported. If a unit assigned to one of the perimeter doors of an area is in this mode of operation, the feature is disabled for the entire area.
For operation, the mixed mode requires the following:
• All units used for this feature must be assigned to the same Access Manager. Readerless Door (use an IO module for a REX, door state, and door lock only) Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Supported NOTE There are no door activity reports during the time period when the unit is in this mode of operation.
For operation, the mixed and offline modes require the following:
• The inputs of an HID VertX V1000 must be not used for this feature. • All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
797
Access control unit modes of operation
NOTE A readerless door does not generate a Door forced open event. A readerless door also does not support the buzzer feature.
Soft Antipassback (passback violation event generated and access is granted) Operating mode
Feature availability
HID mixed mode
Supported
HID offline mode
Not Supported. Event reporting is unavailable. Events are not regenerated when the unit reconnects to Synergis and switches from offline to either the online or the mixed mode of operation.
Strict Antipassback With HID units, Hard and Strict antipassback are one in the same, as there is no distinction between the two. See "Hard antipassback (passback violation event generated and access is denied)" on page 796.
Timed antipassback Operating mode
Feature availability
HID mixed mode
Not Supported. All perimeter doors of an area must be in online mode.
HID offline mode
Not Supported. All perimeter doors of an area must be in online mode.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
798
Access control unit configuration
Access control unit configuration This section describes the supported HID access control unit configurations in Security Center.
General versus dedicated inputs When a unit is used to control a door, some inputs must be used only for their intended purpose (dedicated inputs). For example, if a door has a REX sensor or a door sensor, the unit’s inputs intended for these sensors must be used. If the door does not have a REX sensor or a door sensor, sometimes the unit input channels intended for these inputs can be used as general-purpose inputs. This is shown in the table below. Unit
Input
When used as
Required configuration
HID units (V100, V2000, and Edge devices)
REX
A REX input signal
When any unit REX input is used for a REX, you must also set: Automatically grant request to exit in the door Properties tab, which generates Request to exit events when the input is triggered. Events are logged, and can be used for event-to-actions. The input configuration in the Door, Unit tab to program the unit to react to a REX input by releasing the lock.
Another purpose (a general purpose input)
Deselect Automatically grant request to exit in the Door, Properties tab. Configure the input for a zone, interlock, etc.
A door position sensor input (door open or door closed).
Set this in the input configuration in the Door, Unit tab.
HID units (V100, V2000, and Edge devices)
Door Monitor
NOTE This input cannot be used as a
general purpose input.
Configuring a door with reader A door with a reader assigned to a V2000, V100, or an Edge device, must have all inputs (for example door contact, REX) and outputs (for example door lock) associated to that same device. Inputs and outputs must not be distributed across several devices.
Configuring a door with two door sensors It is not recommended to configure a door with two door sensors (or door contacts) without physically wiring the sensors in series. In the Security Center, only a single door sensor should be configured per door.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
799
Wiring diagrams
Wiring diagrams The following wiring diagrams can also be found at http://www.hidglobal.com/.
HID Edge reader & Edge Plus
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
800
Wiring diagrams
HID VertX V1000
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
801
Wiring diagrams
HID VertX V2000
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
802
D Bosch reference This section describes additional information concerning the setup and configuration of Bosch GV2, GV3, and GV4 series intrusion panels. This section includes the following topics:
• "How Bosch intrusion panel integration works" on page 804
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
803
How Bosch intrusion panel integration works
How Bosch intrusion panel integration works Bosch intrusion panels are integrated to Security Center using the Intrusion Manager role. The Intrusion Manager role receives events from the intrusion panel over an IP network or serial connection, reports them live in Security Desk, and logs them in a database for future reporting. The role also relays user commands to the intrusion panel (such as arming and disarming the intrusion detection areas), and triggers the outputs connected to the panel through event-toactions (for example, an Intrusion area master armed event in Security Center can trigger an output on the intrusion panel). For more information about setting up your Bosch intrusion panel in Security Center, see the Bosch Intrusion Panel Integration Guide, found in the Documentation\Controllers folder of your Security Center installation package.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
804
E Honeywell reference This section describes additional information concerning the setup and configuration of Honeywell Galaxy Dimension series control panels. This section includes the following topics:
• "How Galaxy Dimension control panel integration works" on page 806
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
805
How Galaxy Dimension control panel integration works
How Galaxy Dimension control panel integration works Honeywell Galaxy Dimension series control panels are integrated to Security Center using the Intrusion Manager role. The Intrusion Manager role receives events from the control panel over an IP network, reports them live in Security Desk, and logs them in a database for future reporting. The role also relays user commands to the control panel (such as arming and disarming the intrusion detection areas), and triggers the outputs connected to the panel through event-to-actions (for example, an Intrusion detection area master armed event in Security Center can trigger an output on the panel). For more information about setting up your Galaxy Dimension control panel in Security Center, see the Honeywell Galaxy Control Panel Integration Guide, found in the Documentation\Controllers folder of your Security Center installation package.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
806
Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Security Center is the unified platform for all Genetec’s IP security solutions, which include AutoVu™, Omnicast™, and Synergis™ modules. The definitions in this glossary pertain to all three modules.
A accepted user
A user who has read access over all entities contained in a partition. This allows the user to view them in all entity browsers. Additional access rights may be granted through user privileges.
Access control health history
Type of maintenance task that reports on access control unit malfunction events. See also Health history.
access control unit
Type of entity that represents an access control device, such as Synergis Master Controller (SMC) or an HID VertX controller, that communicates directly with the Access Manager over an IP network. Access control units usually control other slave units (or interface modules) such as the HID VertX V100 and V200, and the Mercury MR50 and MR52, which are connected to door sensors and readers. See also Access Manager, interface module and Synergis Master Controller.
Access control unit events Type of maintenance task that reports on events pertaining to selected access control units. Access Manager
Type of role that manages and monitors access control units on the system.
access point
Any monitored point that can be used to enter or exit a secured area, usually a door side or an elevator floor. Note that an elevator floor can only be used as an entry point.
access rule
Type of entity that defines the access control logic which grants or denies passage to a cardholder through an access point, based on a schedule.
Access rule configuration
Type of maintenance task that reports on entities and access points affected by a given access rule.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
807
Glossary
Access troubleshooter
Tool that helps you detect and diagnose access configuration problems. It allows you to find out about the following: • Who are allowed to use an access point at a given time • Which access points a cardholder is allowed to use at a given time • Why a given cardholder can or cannot use an access point at a given time.
access right
access right. (1) Type of rights a user has over entities in the system (view, add, modify, delete), which are defined by a combination of partitions and user privileges. (2) The right a cardholder has to pass through an access point at a given date and time.
action
User-programmable function that can be triggered as an automatic response to an event (door held open for too long, object left unattended) or executed according to a specific time table. See also event and event-to-action.
active alarm
An alarm that has not yet been acknowledged. See also alarm.
Active Directory
Active Directory (AD). (1) A directory service created by Microsoft. (2) Type of role that imports users and cardholders from an Active Directory and keeps them synchronized.
Activity trails
Type of maintenance task that reports on the user activity related to video and LPR functionality. This task can provide information such as who played back which video recordings, who used the Hotlist and permit editor, who enabled hotlist filtering, and much more.
Advanced Systems Format Advanced Systems Format or ASF (formerly Advanced Streaming Format) is a Microsoft streaming format associated with Windows Media Player. agent
Subprocess created by a Security Center role to run simultaneously on multiple servers for the purpose of sharing its load. See also redirector agent.
alarm
Type of entity that describes a particular trouble situation that requires immediate attention and how it should be handled in Security Center. Namely, its priority, what entities (usually cameras and doors) best describe it, who should be notified, how it should be displayed to the user, and so on.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
808
Glossary
alarm acknowledgement
User response to an alarm. There are two variants of alarm acknowledgement in Security Center: • Default acknowledgement • Alternate acknowledgement Each variant is associated to a different event so that specific actions can be programmed based on the alarm response selected by the user. See also action and event.
Alarm monitoring
Type of operation task that allows you to monitor and respond to alarms (acknowledge, forward, snooze, among other things) in real time, as well as review past alarms. See also monitor group.
alarm panel
Another name for intrusion panel. See also intrusion panel.
Alarm report
Type of investigation task that allows you to search and view current and past alarms.
analog monitor
Type of entity that represents a monitor that displays video from an analog source, such as a video decoder or an analog camera. This term is used in Security Center to refer to monitors not controlled by a computer. See also monitor group and video decoder.
antipassback
Access restriction placed on a secured area that prevents a cardholder from entering an area that they have not yet exited from, and vice-versa.
Archive storage details
Type of maintenance task that reports on the video files (file name, start and end time, file size, protection status, and so on) used to store video archive, and which allows you to change the protection status of those files, among other things.
Archiver
Type of role that is responsible for the discovery, status polling, and control of video units. The Archiver also manages the video archive, and performs motion detection when it is not done on the unit itself. See also Auxiliary Archiver and video unit.
Archiver events
Type of maintenance task that reports on events pertaining to selected Archiver roles.
Archives
Type of investigation task that allows you to find and view available video archives by camera and time range.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
809
Glossary
area
Type of entity that represents a concept or a physical location (room, floor, building, and so on) used for the logical grouping of entities in the system. See also Logical view. When Synergis is enabled, the area entity can also be used to configure a secured area with access rules and access control behavior. See also antipassback and interlock.
Area activities
Type of investigation task that reports on area related activities (access granted, access denied, first person in, last person out, antipassback violation, and so on).
Area presence
Type of investigation task that provides a snapshot of all cardholders and visitors currently present in a selected area.
ASF
See Advanced Systems Format.
asset
Type of entity that represents any valuable object with an RFID tag attached, allowing it to be tracked by an asset management software. See also RFID tag.
asynchronous video
Simultaneous playback video from more than one camera that are not synchronized in time.
audio decoder
Device or software that decodes compressed audio streams for playback. Synonym of "speaker".
audio encoder
Device or software that encodes audio streams using a compression algorithm. Synonym of "microphone".
Audit trails
Type of maintenance task that reports on the configuration changes who made them, on selected entities in the system.
automatic discovery
The process by which IP units on a network are automatically discovered by Security Center. This is done by broadcasting a discovery request on the discovery port and waiting for all listening units to respond with a packet that contains connection information about itself. Security Center uses the information to automatically configure the connection to the unit, thus enabling communication. Not all units support this feature. See also unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
810
Glossary
AutoVu
AutoVu™ is the IP license plate recognition (LPR) system of Security Center that automates the reading and verification of vehicle license plates. AutoVu Sharp cameras capture license plate images, and send the data to Patroller or Security Center to verify against lists of vehicles of interest (hotlists) and vehicles with permits (permit lists). You can install AutoVu in a fixed configuration (e.g. on a pole in a parking lot), or in a mobile configuration (e.g. on a police car). You can use AutoVu for scofflaw and wanted vehicle identification, city-wide surveillance, parking enforcement, parking permit control, vehicle inventory, security, and access control.
AutoVu LPR Processing Unit
Processing component of the SharpX system. The LPR Processing Unit is available with two or four camera ports, with one dedicated processor per camera (if using SharpX) or per two cameras (if using SharpX VGA). This ensures maximum, per-camera, processing performance. The LPR Processing Unit is sometimes referred to as the "trunk unit" because it is typically installed in a vehicle's trunk. See also LPR camera and SharpX.
Auxiliary Archiver
Type of role that supplements the video archive produced by the Archiver. Unlike the latter, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it can archive any camera in the system, including the federated ones (Security Center 5.x systems only). The Auxiliary Archiver depends on the Archiver to communicate with the video units. It cannot operate on its own. See also Archiver and discovery port.
B Badge designer
Tool that allows you to design and modify badge templates.
Badge printer
Tool that allows you to print badges in bulk, based on a badge template and a list of cardholders or credentials.
badge template
Entity type used to configure a printing template for badges.
bit rate
Data transfer rate expressed in kilobits per second (Kbps).
block face (2sides)
Type of parking regulation characterizing an overtime rule. A block face is the length of a street between two intersections. A vehicle is in violation if it is seen parked within the same block over a specified period of time. Moving the vehicle from one side of the street to the other does not make a difference.
bookmark
Short text used to mark a specific position in a recorded video sequence that can be used to search for that video sequence at a later stage.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
811
Glossary
Bookmarks
Type of investigation task that searches for bookmarks related to selected cameras within a specified time range.
Breakout box
Genetec's proprietary connector box for AutoVu mobile solutions that use Sharp version 2.0 cameras. The breakout box provides power and network connectivity to the Sharp units and the in-vehicle computer. Currently, the AutoVu SharpX system is the preferred solution for a mobile AutoVu installation.
broadcast
Communication between a single sender and all receivers on a network
C camera
Type of entity that represents a single video source on the system. The video source can be an IP camera or an analog camera connected to the video encoder of a video unit. Multiple video streams can be generated from the same video source. See also video encoder.
camera blocking
Omnicast feature that lets you restrict the viewing of video (live or playback) from certain cameras to users with a minimum user level. See also user level.
Camera events
Type of investigation task that reports on events pertaining to selected cameras within a specified time range.
camera sequence
Type of entity that defines a list of cameras that are displayed one after another in a rotating fashion within a single tile in Security Desk.
canvas
One of the panes found in the Security Desk's task workspace. The canvas is used to display multimedia information, such as videos, maps, and pictures. It is further divided into three panels: the tiles, the dashboard, and the properties. See also tile.
card and pin
An access point mode that requires a cardholder to present their card and then enter a personal identification number (PIN).
cardholder
Type of entity that represents a person who can enter and exit secured areas by virtue of their credentials (typically access cards) and whose activities can be tracked.
Cardholder access rights
Type of maintenance task that reports on which cardholders and cardholder groups are granted or denied access to selected areas, doors, and elevators.
Cardholder activities
Type of investigation task that reports on cardholder activities (access denied, first person in, last person out, antipassback violation, and so on).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
812
Glossary
Cardholder configuration Type of maintenance task that reports on cardholder properties (first name, last name, picture, status, custom properties, and so on). cardholder group
Type of entity that configures the common access rights of a group of cardholders.
Cardholder management
Type of operation task that allows you to create, modify, and delete cardholders, as well as manage their credentials, including temporary replacement cards.
cash register
Type of entity that represents a single cash register (or terminal) in a point of sale system. See also point of sale system.
certificate
Additional license information that is required to run plugins or SDK-based applications.
City Parking Enforcement Patroller software installation that is configured for city parking enforcement: the enforcement of parking permit and/or overtime restrictions. See also overtime rule and permit. City Parking Enforcement A "City Parking Enforcement" installation of a Patroller application that also with Wheel Imaging includes wheel imaging. The use of maps and of the Navigator is mandatory. See also City Parking Enforcement. compatibility pack
See Omnicast compatibility pack.
Config Tool
Security Center administrative application used to manage all Security Center users, and configure all Security Center entities such as areas, cameras, doors, schedules, cardholders, Patroller/LPR units, and hardware devices.
Conflict resolution utility Tool that helps you resolve conflicts caused by importing users and cardholders from an Active Directory. context camera
A camera connected to an LPR unit that produces a wider angle color image of the vehicle whose license plate was read by the LPR camera. See also LPR camera and LPR unit.
controlled exit
Credentials are necessary to leave a secured area.
controller module
Processing component of Synergis Master Controller with IP capability, preloaded with the controller firmware and the web-based administration tool, Controller Portal. See also Controller Portal, four-port RS-485 module, and Synergis Master Controller.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
813
Glossary
Controller Portal
Web-based administration tool hosted on every Synergis Master Controller unit, used to configure, administer, and upgrade the controller firmware. See also controller module and Synergis Master Controller.
Copy configuration tool
Tool that copies the configuration of one entity to many other entities.
covert hit
Read (captured license plate) that is matched to a covert hotlist. Covert hits are not displayed on the Patroller screen, but can be displayed in the Security Desk by a user with proper privileges.
covert hotlist
Hotlist hidden from the AutoVu Patroller users. Reads matching a covert hotlist generate covert hits.
credential
Type of entity that represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time.
Credential activities
Type of investigation task that reports on credential related activities (access denied due to expired, inactive, lost, or stolen credential, and so on).
credential code
A textual representation of the credential showing the credential data (typically the Facility code and the Card number). For credentials using custom card formats, the user can choose what to include in the credential code.
Credential configuration
Type of maintenance task that reports on credential properties (status, assigned cardholder, card format, credential code, custom properties, and so on).
Credential management
Type of operation task that allows you to create, modify, and delete credentials, and print badges. It also allows you to enroll large numbers of card credentials into the system, either by scanning them at a designated card reader, or by entering a range of values.
custom event
An event added after the initial system installation. Events defined at system installation are called system events. Custom events can be user-defined or automatically added through plugin installations. Unlike system events, custom events may be renamed and deleted.
custom field
User defined property associated to an entity type to store additional information that is useful to your particular organization.
D Daily usage per patroller
Type of investigation task that reports on the daily usage statistics of a selected Patroller (operating time, longest stop, total number of stops, longest shutdown, and so on) for a given date range.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
814
Glossary
dashboard
One of the three panels that belong to the canvas in Security Desk. It contains the graphical commands (or widgets) pertaining to the entity displayed in the current tile. See also widget.
database
Collection of data that is organized so that its contents can easily be accessed, managed, and updated.
database server
An application that manages databases and handles data requests made by client applications. Security Center uses Microsoft SQL Server as its database server.
debounce
The amount of time an input can be in a changed state (for example, from active to inactive) before the state change is reported. Electrical switches often cause temporarily unstable signals when changing states, possibly confusing the logical circuitry. Debouncing is used to filter out unstable signals by ignoring all state changes that are shorter than a certain period of time (in milliseconds).
dewarping
Transformation used to straighten a digital image taken with a fish-eye lens.
DHCP server
A DHCP (Dynamic Host Configuration Protocol) server provides configuration parameters necessary for a unit to automatically connect to an IP network. DHCP automatically supplies the unit with an IP address, the network mask, a gateway IP address, and a DNS server IP address.
Directory
The main role that identifies your system. It manages all entity configurations and system wide settings in Security Center. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server. All other servers in Security Center must connect to the main server and are called expansion servers. See also expansion server, main server, and server.
Directory Manager
The role that manages the Directory failover and load balancing in order to produce the high availability characteristics in Security Center. See also Directory server and high availability.
Directory server
Any one of the multiple servers simultaneously running the Directory role in a high availability configuration. See also Directory, high availability, and server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
815
Glossary
discovery port
Port used by certain Security Center roles (Access Manager, Archiver, LPR Manager) to find the units they are responsible for on the LAN. No two discovery ports can be the same on one system. See also automatic discovery.
district
Type of parking regulation characterizing an overtime rule. A district is a geographical area within a city. A vehicle is in violation if it is seen within the boundaries of the district over a specified period of time.
door
Type of entity that represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides named by default “A” and “B”. Each side is an access point (entrance or exit) to a secured area.
Door activities
Type of investigation task that reports on door related activities (access denied, door forced open, door open too long, hardware tamper, and so on).
door contact
A door contact monitors the state of a door, whether it is open or closed. It can also be used to detect improper state (door open too long).
door controller
See access control unit.
door side
Every door has two sides, named by default "A" and "B". Each side is an access point to an area. For example, passing through side A leads into an area, and passing through side B leads out of that area. For the purposes of access management, the credentials necessary to pass through a door in one direction are not necessarily the same to pass through in the opposite direction.
Door troubleshooter
Type of maintenance task that lists all the cardholders who have access to a particular door side or elevator floor at a specific date and time.
Driver Development kit
Driver Development Kit (DDK). An SDK for creating device drivers.
duress
A special code used to disarm an alarm system that quietly alerts the monitoring station that the alarm system was disarmed under threat.
E edge recording
Video is recorded on the unit itself, eliminating the need to constantly stream video to a centralized server. See also Archiver.
electric door strike
An electric device that releases the door latch when current is applied.
elevator
Type of entity that provides access control properties to elevators. For an elevator, each floor is considered an entry point for the area corresponding to that floor.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
816
Glossary
Elevator activities
Type of investigation task that reports on elevator related activities (access denied, floor accessed, unit is offline, hardware tamper, and so on).
enforce
To take action following a confirmed hit. For example, a parking officer can enforce a scofflaw (unpaid parking tickets) violation by placing a wheel boot on the vehicle.
entity
Entities are the basic building blocks of Security Center. Everything that requires configuration is represented by an entity. An entity may represent a physical device, such as a camera or a door, or an abstract concept, such as an alarm, a schedule, a user, or a software module.
entity tree
The graphical representation of Security Center entities in a tree structure illustrating the hierarchical nature of their relationships. See also Logical view.
event
Indicates the occurrence of an activity or incident, such as access denied to a cardholder or motion detected on a camera. Events are automatically logged in Security Center, and can be programmed to trigger actions, conferring intelligent behavior to the system. Every event mainly focuses on one entity, called the event source. See also event-to-action.
event-to-action
The coupling of an action to an event to confer automatic and intelligent behavior to the system.
expansion server
Any server machine in a Security Center system that does not host the Directory role. The purpose of the expansion server is to add to the processing power of the system. See also main server and server.
F failover
A backup operational mode in which a role (system function) is automatically transferred from its primary server to a secondary server that is on standby when the primary server becomes unavailable, either through failure or through scheduled downtime. See also high availability and load balancing.
federated entity
Any entity that is imported from an independent system via a federation role.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
817
Glossary
federated system
A independent system (Omnicast or Security Center) that is unified under your local Security Center via a federation role, so that the local users can view and manipulate its entities as if they belong to the local system. See also Omnicast Federation and Security Center Federation.
Federation
The Federation™ is a virtual system formed by joining multiple remote independent Genetec IP security systems together. The purpose of the Federation is to allow the users on your local system (the Federation host) to access the entities belonging to independent systems as if they were on your local system.
four-port RS-485 module
RS-485 communication component of Synergis Master Controller with four ports (or channels) named A, B, C, and D. The number of interface modules you can connect to each channel depends on the type of hardware you have. See also controller module, interface module, and Synergis Master Controller.
frame
A single video image.
free access
Access point state where no credentials are necessary to enter a secured area. The door is unlocked. This is typically used during normal business hours, as a temporary measure during maintenance, or when the access control system is first powered up and is yet to be configured.
free exit
Access point state where no credentials are necessary to leave a secured area. The person releases the door by turning the doorknob, or by pressing the REX button, and walks out. An automatic door closer shuts the door so it can be locked after being opened.
G G64
G64 is the native data format used by all archiving roles (Archiver and Auxiliary Archiver) to store video files. This data format incorporates all information related to the video data, including audio, bookmarks, timestamps, motion and event markers, and supports watermarking. See also ASF, video file, and video watermarking.
Genetec Plan Manager Server
Windows service that runs Plan Manager Server modules.
Genetec Server
Windows service at the core of Security Center architecture that must be installed on every computer that is part of the Security Center's pool of servers. Every such server is a generic computing resource capable of taking on any role (set of functions) you assign to it.
See also Plan Manager Server.
See also server. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
818
Glossary
geocoding
The process of finding associated geographic coordinates (latitude and longitude) from a street address. See also reverse geocoding.
ghost camera
Entity used as a stand in camera that is automatically created by the Archiver when video archives are detected for a camera whose definition has been deleted from the Directory, either accidentally or because the physical device no longer exists. Ghost cameras cannot be configured. They only exist so users can reference the video archive that would otherwise not be associated to any camera. See also camera.
ghost Patroller
Entity automatically created by the LPR Manager when the AutoVu license includes the XML Import module. In Security Center, all LPR data must be associated to a Patroller entity or an LPR unit corresponding to a fixed Sharp camera. When you import LPR data from an external source via a specific LPR Manager using the XML Import module, the system uses the ghost entity to represent the LPR data source. You can formulate queries using the ghost entity as you would with a normal entity. See also Patroller.
GIS
Geographic information system (GIS) is a third party map provider that Plan Manager can connect to, to bring maps and all types of geographically referenced data to Security Center. See also KML, OGC, and WMS.
Global Cardholder Synchronizer
Type of role that ensures the two-way synchronization of shared cardholders and their related entities between the local system (sharing participant) and the central system (sharing host). See also sharing guest and sharing host.
global entity
Entity that is shared across multiple independent Security Center systems by virtue of its membership to a global partition. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. See also global partition.
global partition
Partition that is shared across multiple independent Security Center systems by the partition owner, called the sharing host. See also global entity, partition, and sharing guest.
GUID
A globally unique identifier, or GUID, is a special type of identifier used in software applications to provide a unique reference number.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
819
Glossary
H H.264
H.264/MPEG-4 AVC (Advanced Video Coding) is a standard for video compression.
Hardware inventory
Type of maintenance task that reports on the characteristics (unit model, firmware version, IP address, time zone, and so on) of access control, video, intrusion detection, and LPR units in your system.
hardware zone
A subtype of zone entity where the IO linking is done by hardware. A hardware zone is controlled by a single access control unit and works only in mixed and offline mode. Hardware zones cannot be armed or disarmed from Security Desk. See also virtual zone and zone.
Health history
Type of maintenance task that reports on health issues. See also Health statistics and Health Monitor.
Health Monitor
The central role that monitors system entities such as servers, roles, units, and client applications for health issues. See also Health history and Health statistics.
Health statistics
Type of maintenance task that gives you an overall picture of the health of your system. See also Health history and Health Monitor.
high availability
Design approach used to enable a system to perform at a higher than normal operational level. This often involves failover and load balancing. See also failover and load balancing.
HIP
A hardware integration package, or HIP, is an update that can be applied to Security Center. It enables the management of new functionalities (for example, new video unit types), without requiring an upgrade to the next Security Center release.
hit
License plate read that matches a hit rule (hotlist, overtime rule, permit, or permit restriction). A Patroller user can choose to reject or accept a hit. An accepted hit can subsequently be enforced. See also enforce.
hit rule
Type of LPR rule used to identify vehicles of interest (called "hits") using license plate reads. The hit rules include the following types: hotlist, overtime rule, permit, and permit restriction. hit, hotlist, overtime rile, permit, and permit restriction.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
820
Glossary
Hits
Type of investigation task that reports on hits reported within a selected time range and geographic area. See also hit and hotlist.
hot action
An action mapped to a PC keyboard function key (Ctrl+F1 through Ctrl+F12) in Security Desk for quick access.
hotlist
Type of entity that defines a list of wanted vehicles, where each vehicle is identified by a license plate number, the issuing state, and the reason why the vehicle is wanted (stolen, wanted felon, Amber alert, VIP, and so on). Optional vehicle information might include the model, the color, and the vehicle identification number (VIN). See also hit rule.
Hotlist and permit editor
Type of operation task used to edit an existing hotlist or permit list. A new list cannot be created with this task, but after an existing list has been added to Security Center, users can edit, add, or delete items from the list, and the original text file is updated with the changes. See also hotlist and permit.
hotspot
Type of map object that represents an area on the map that requires special attention. Clicking on a hotspot displays associated fixed and PTZ cameras. See also map object.
HTTPS
Secure Hypertext Transfer Protocol for the World Wide Web that provides safe data transmission by encrypting and decrypting information sent over the Internet.
I I-frame
Synonym of intra-frame and key frame. See also key frame.
illuminator
A light in the Sharp unit that illuminates the plate, thereby improving the accuracy of the images produced by the LPR camera. See also LPR camera.
Immersive view
Plan Manager feature that lets you 'walk' inside a building or a city in a first person view.
Import tool
Tool that allows you to import cardholders, cardholder groups, and credentials from a CSV (Comma Separated Values) file.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
821
Glossary
inactive entity
An entity that is shaded in red in the entity browser. It signals that the real world entity it represents is either not working, offline, or incorrectly configured. See also entity.
incident
Any incident reported by a Security Desk user. Incident reports can use formatted text and include events and entities as support material. See also Incidents.
Incidents
Type of investigation task that allows you to search, review, and modify incident reports.
interface module
A third-party device that communicates with Synergis Master Controller over IP, USB, or RS-485, and provides input, output, and reader connections to the controller module. See also controller module, four-port RS-485 module, and Synergis Master Controller.
interlock
Access restriction placed on a secured area that permits only one door to be open at any given time. When one perimeter door is open, all other perimeter doors are locked.
intra-frame
Synonym of I-frame and key frame. See also key frame.
intrusion detection area
Type of entity that corresponds to a zone or a partition (group of sensors) on an intrusion panel. See also intrusion detection unit.
Intrusion detection area activities
Type of investigation task that reports on activities (master arm, perimeter arm, duress, input trouble, and so on) in selected intrusion detection areas.
intrusion detection unit
Type of entity that represents an intrusion panel (or alarm panel) that is monitored and controlled by Security Center. See also Intrusion Manager.
Intrusion detection unit events
Type of investigation task that reports on events (AC fail, battery fail, unit lost, input trouble, and so on) pertaining to selected intrusion detection units.
Intrusion Manager
Type of role that monitors and controls intrusion panels. It also logs the intrusion events in a database for intrusion activity reports. See also intrusion detection unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
822
Glossary
intrusion panel
A wall-mounted unit where the alarm sensors (motion sensors, smoke detectors, door sensors, and so on) and wiring of the intrusion alarms are connected and managed. See also intrusion detection unit.
Inventory management
Type of operation task that allows you to add and reconcile license plate reads to a parking facility inventory.
Inventory report
Type of investigation task that allows you to view a specific inventory (vehicle location, vehicle length of stay, and so on) or compare two inventories of a selected parking facility (vehicles added, vehicles removed, and so on).
IO configuration
Type of maintenance task that reports on the IO configurations (controlled access points, doors, and elevators) of access control units.
IO linking
IO (input/output) linking is controlling an output relay based on the combined state (normal, active, or trouble) of a group of monitored inputs. A standard application would be to sound a buzzer (via an output relay) when any window on the ground floor of a building is shattered (assuming that each window is monitored by a "glass break" sensor connected to an input). See also zone.
IP
The protocol that routes data packets through a local area network (LAN) and the Internet.
IP address
An IP Address is a unique numeric address for a specific computer or computing device connected to the Internet, or to a LAN. See also IPv4 and IPv6.
IP camera
A video unit incorporating a camera. See also video unit.
IPv4
First generation IP protocol using a 32-bit address space.
IPv6
New generation IP protocol extending the address space from 32 to 128 bits.
J K key frame
A key frame (or I-frame, or intra-frame) is a frame that contains a complete image by itself as opposed to a usual frame that only holds information that changed compared to the previous frame. It is used as reference in video image compression.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
823
Glossary
KML
Keyhole Markup Language (KML) is a file format used to display geographic data in an Earth browser such as Google Earth and Google Maps. See also GIS.
L Law Enforcement
Patroller software installation that is configured for law enforcement: the matching of license plate reads against lists of wanted license plates (hotlists). The use of maps is optional. See also hotlist.
license key
Software key used to unlock the Security Center software. The license key is specifically generated for each computer where the Directory role is installed. You need the System ID (which identifies your system) and the Validation key (which identifies your computer) in order to obtain your license key.
license plate inventory
List of license plate numbers of vehicles found in a parking facility within a given time period, showing where each vehicle is parked (sector and row). See also Inventory report.
license plate read
License plate number captured from a video image using LPR technology. See also hit and License Plate Recognition.
License Plate Recognition Image processing technology used to read license plate numbers. License Plate Recognition (LPR) converts license plate numbers cropped from camera images into a database searchable format. See also LPR camera and OCR equivalence. live hit
A hit matched by the Patroller and immediately sent to the Security Center over a wireless network.
live read
A license plate captured by the Patroller and immediately sent to the Security Center over a wireless network.
load balancing
Distribution of workload across multiple computers. See also failover and high availability.
logical ID
Unique IDs assigned to each entity in the system for ease of reference. Logical IDs are only unique within a particular entity type.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
824
Glossary
Logical view
Browser view that organizes all viewable entities in Security Desk (such as areas, cameras, doors, elevators, maps, and so on) according to their logical relationships. Areas are used as logical groupings for other entities. Each area may represent a concept or a physical location. See also Security Desk.
Logons per Patroller
Type of investigation task that reports on the logon records of a selected Patroller.
long term
Type of parking regulation characterizing an overtime rule. The "long term" regulation uses the same principle as the "same position" regulation, but the parking period is over 24 hours. No more than one overtime rule may use the long term regulation in the entire system.
LPR
See License Plate Recognition.
LPR camera
A camera connected to an LPR unit that produces high resolution close-up images of license plates. See also context camera and SharpX.
LPR Manager
Type of role that manages and controls Patrollers and fixed Sharp units. The LPR Manager manages the data (reads and hits) collected by the LPR units it controls and updates the configuration of the mobile units (Patrollers) every time they begin a new shift.
LPR rule
Method used by Security Center/AutoVu for processing a license plate read. An LPR rule can be a "hit rule" or a "parking facility". See also hit rule and parking facility.
LPR unit
Type of entity that represents a hardware device dedicated to the capture of license plate numbers. An LPR unit is typically connected to an LPR camera and a context camera. These cameras can be incorporated to the unit or external to the unit. See also AutoVu LPR Processing Unit, License Plate Recognition, LPR Manager, and Sharp unit.
M macro
Type of entity that encapsulates a C# program that adds custom functionalities to Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
825
Glossary
main server
The only server in a Security Center system hosting the Directory role. All other servers on the system must connect to the main server in order to be part of the same system. In an high availability configuration where multiple servers host the Directory role, it is the only server that can write to the Directory database. See also Directory server, expansion server, and server.
manual capture
When license plate information is entered into the system by the user, and not by the LPR.
manufacturer extension
Manufacturer specific settings for access control units, video units, and intrusion detection units.
Map Data Server
Plan Manager server module that manages the Plan Manager database. It must run on the Plan Manager’s main server. See also Plan Manager Server.
Map Generator
Plan Manager server module that imports raster and vector maps to Plan Manager database. See also Plan Manager configuration.
map link
Type of map object that lets you jump to either another map or another area of the same map. See also map object.
Map mode
Security Desk canvas operating mode where the main area of the canvas is used to display a geographical map.
map object
A graphical object displayed on a Plan Manager map, such as a camera, a door, or a hyperlink, that allows you to monitor and control your Security Center system, or to navigate through your maps. See also hotspot, map link, and Plan Manager Client.
Map Tile Server
Plan Manager server module that sends map files to Security Desk. See also Plan Manager Client and Plan Manager Server.
master arm
Arming an intrusion detection area in such a way that all sensors attributed to the area would set the alarm off if one of them is triggered. Some manufacturers call this arming mode “Away arming”.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
826
Glossary
Media Router
The central role that handles all stream (audio and video) requests in Security Center. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (client applications). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks, and servers).
metadata
Metadata is data about data. Any data that describes or enriches the raw data.
Migration tool
Tool used to migrate Omnicast 4.x systems to Security Center 5. This tool must be executed on every server computer where Omnicast 4.x components are installed.
mixed mode
Access control unit operation mode where all access control decisions are made by the unit locally based on information downloaded from the Access Manager during unit synchronization. Access events are reported to the Access Manager in real-time. See also offline mode, online mode.
M-JPEG
Motion JPEG (M-JPEG) is an informal name for a class of video formats where each video frame of a digital video sequence is separately compressed as a JPEG image.
MLPI
See Mobile License Plate Inventory.
Mobile Admin
Web-based administration tool used to configure the Mobile Server. See also Mobile Server.
Mobile app
The client component of Security Center Mobile installed on mobile devices. Mobile app users connect to Mobile Server to receive alarms, view live video streams, view the status of doors, and more, from Security Center. See also mobile device, Mobile Server, and Web Client.
Mobile Data Computer
Mobile Data Computer (MDC). Tablet computer or ruggedized laptop used in patrol vehicles to run the AutoVu Patroller application. The MDC is typically equipped with a touch-screen with a minimum resolution of 800 x 600 pixels and wireless networking capability.
mobile device
Any handheld device that can connect to Wi-Fi or wireless carrier networks, such as a smartphone, tablet, and so on, on which the Mobile app is installed. See also Mobile app.
Mobile License Plate Inventory
Patroller software installation that is configured for collecting license plates and other vehicle information for creating and maintaining a license plate inventory for a large parking area or parking garage. See also license plate inventory and parking facility.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
827
Glossary
Mobile Server
The server component of Security Center Mobile that connects Mobile apps and Web Clients to Security Center. The Mobile Server connects to Security Center, and synchronizes the data and video between Security Center and supported Mobile client components. See also Mobile Admin, Mobile app, and Web Client.
monitor group
Type of entity used to designate analog monitors for alarm display. Besides the monitor groups, the only other way to display alarms in real time is to use the Alarm monitoring task in Security Desk. See also Alarm monitoring and analog monitor.
monitor ID
ID used to uniquely identify a workstation screen controlled by Security Desk.
Monitoring
Type of operation task that allows you to monitor and respond to real time events pertaining to selected entities of interest.
motion detection
The software component that watches for changes in a series of video images. The definition of what constitutes motion in a video can be based on highly sophisticated criteria.
Motion search
Type of investigation task that searches for motion detected in specific areas of a camera's field of view.
motion zone
User defined areas within a video image where motion should be detected.
Move unit
Tool used to move units from one manager role to another. The move preserves all unit configurations and data. After the move, the new manager immediately takes on the command and control function of the unit, while the old manager continues to manage the unit data collected before the move.
MPEG-4
A patented collection of methods defining compression of audio and visual (AV) digital data.
multicast
Communication between a single sender and multiple receivers on a network.
N NAT
See network address translation.
Navigator
Genetec's proprietary in-vehicle device that provides GPS coordinates and odometer readings to Patroller. The Patroller uses this information to provide precise reverse geocoding to vehicles and reads. See also reverse geocoding.
network
Entity type used to capture the characteristics of a network for stream routing purposes.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
828
Glossary
network address translation
The process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device, for the purpose of remapping one IP address space into another.
Network view
Browser view that illustrates your network environment by showing each server under the network they belong to.
new wanted
In Patroller, a manually entered hotlist item. When you are looking for a plate that does not appear in the hotlists loaded in the Patroller, you can enter the plate in order to raise a hit if the plate is captured.
O OCR equivalence
The interpretation of OCR equivalent characters performed during license plate recognition. OCR equivalent characters are visually similar, depending on the plate’s font. For example, the letter “O” and the number “0”, or the number “5” and the letter “S”. There are several pre-defined OCR equivalent characters for different languages. See also Optical Character Recognition.
offline mode
Access control unit operation mode when the communication with the Access Manager has been lost. The unit makes access control decisions locally, based on information downloaded from the Access Manager during unit synchronization. Access events are logged in the unit and are uploaded to the Access Manager when the network connection is re-established. See also mixed mode and online mode.
OGC
Open Geospacial Consortium (OGC) is a standards organization for geographic information systems. See also GIS and WMS.
Omnicast
Omnicast™ is the IP video surveillance system of Security Center that provides seamless management of digital video. Omnicast allows for multiple vendors and CODEC (coder/decoder) to be used within the same installation, providing the maximum flexibility when selecting the appropriate hardware for each application.
Omnicast compatibility pack
Software component that you need to install to make Security Center compatible with an Omnicast 4.x system.
Omnicast Federation
Type of role that imports entities from an independent Omnicast 4.x system so that its cameras and events can be used by your local Security Center users.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
829
Glossary
online mode
Access control unit operation mode where the unit is under the direct real-time control of the Access Manager. The Access Manager makes all access control decisions. This mode is not available with HID VertX and Edge units. See also mixed mode and offline mode.
Optical Character Recognition
Optical Character Recognition (OCR) is the technology used to translate the characters found in images into machine editable text. See also OCR equivalence.
output behavior
Type of entity that defines a custom output signal format such as a pulse with a delay and duration.
overtime rule
Type of entity that defines a parking time limit and the maximum number of violations enforceable within a single day. Overtime rules are used in city and university parking enforcement. For university parking, an overtime rule also defines the parking zone where these restrictions apply. See also hit rule and parking zone.
P parking facility
Type of entity that defines a large parking area as a number of sectors and rows for the purpose of inventory tracking. See also Mobile License Plate Inventory.
parking lot
A polygon that defines the location and shape of a parking area on a map. By defining the number of parking spaces inside the parking lot, Security Center can calculate its percentage of occupancy during a given time period. See also parking zone.
parking zone
General concept used to designate the area where a given parking regulation (overtime rule, permit, or permit restriction) is enforced. When used in the context of university parking enforcement, the parking zone must be explicitly defined as a list of parking lots. See also parking lot.
partition
Type of entity that defines a set of entities that are only visible to a specific group of users. For example, a partition could include all doors, elevators, and cameras in one building. See also accepted user and partition manager.
partition manager
An accepted user of a partition who has full administrative rights over the partition and its members. A partition manager can add, modify, and delete all entities within the partition, including users and user groups.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
830
Glossary
Patroller
Patroller. (1) Type of entity that represents a patrol vehicle equipped with the Patroller software. (2) AutoVu software application installed on an in-vehicle computer. Patroller connects to Security Center and is controlled by the LPR Manager. Patroller verifies license plates read from LPR cameras against lists of vehicles of interest (hotlists) and vehicles with permits (permit lists). It also collects data for time-limited parking enforcement. Patroller alerts you of hotlist or permit hits so that you can take immediate action. See also LPR camera and LPR Manager.
Patroller Config Tool
Patroller administrative application used to configure Patroller-specific settings such as: adding Sharp cameras to the in-vehicle LAN; enabling features such as Manual Capture or New Wanted; and specifying that a username and password are needed to log on to Patroller.
People counting
Type of operation task that keeps count in real time of the number of cardholders in all secured areas of your system.
perimeter arm
Arming an intrusion detection area in such a way that only sensors attributed to the area perimeter would set the alarm off if triggered. Other sensors such as motion sensors inside the area will be ignored.
permit
Type of entity that defines a single parking permit holder list. Each permit holder is characterized by a permit ID, a license plate number, a license issuing state, and optionally, a permit validity range (effective date and expiry date). Permits are used in both city and university parking enforcement. See also City Parking Enforcement and University Parking Enforcement.
permit hit
A hit that is generated when a read (license plate number) does not match any entry in a permit or when it matches an invalid permit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
831
Glossary
permit restriction
Type of entity that applies time restrictions to a series of parking permits for a given parking zone. Permit restrictions are only used in university parking enforcement. Different time restrictions can be associated to different permits. For example, a permit restriction may limit the parking in zone A from Monday to Wednesday for permit P1 holders, and from Thursday to Sunday for permit P2 holders. A plate read generates a permit hit in the following instances: • Does not match any entry in the list • Matches one or more permit in the list that are not valid in the parking zone • Matches an invalid permit • Matches a valid permit, but the permit is not valid at that time • Matches a valid permit number, but the permit is temporarily not allowed to park. Additionally, a shared permit hit occurs when two plates sharing the same permit ID are read in the same parking zone within a specific time period. See also parking zone, permit, and permit hit.
Plan Manager
Security Center feature that lets you create and integrate interactive maps into your system, for access control, video streaming and intrusion detection. It uses digital maps to represent the physical locations of monitored inputs such as cameras, doors, areas and zones. See also Plan Manager Client and Plan Manager Server.
Plan Manager Client
Plan Manager client component that runs as a plugin for Security Desk. It enables operators to use maps to monitor and control cameras, doors, and other security devices, and administrators to create map objects. See also map object, Map Tile Server, and tile plugin.
Plan Manager configuration
Administrative task used to set up Plan Manager Server and configure the map hierarchy. See also Plan Manager Server.
Plan Manager Server
Plan Manager server component that includes three modules: Map Data Server, Map Generator, and Map Tile Server. See also Map Data Server, Map Generator, Map Tile Server, and Plan Manager configuration.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
832
Glossary
Plate Reader
Software component of the Sharp unit that processes the images captured by the LPR camera to produce license plate reads, and associates each license plate read with a context image captured by the context camera. The Plate Reader also handles the communications with the Patroller and the LPR Manager. If an external wheel imaging camera is connected to the Sharp unit, the Plate Reader also captures wheel images from this camera. See also LPR Manager, Patroller, and Sharp unit.
Plugin
Plugin. There are two definitions: (1) Proper noun – Type of role that hosts a specific plugin. (2) Common noun – A software module that adds a specific feature or service to a larger system.
Point of Sale
Type of role that imports transaction data from an external point of sale system so that transaction reports can be generated from Security Desk for investigation purposes. See also point of sale system.
point of sale system
Point of sale (POS) typically refers to the hardware and software used for checkouts - the equivalent of an electronic cash register. Point of sale systems are used in supermarkets, restaurants, hotels, stadiums, and casinos, as well as almost any type of retail establishment. Today's POS systems handle a vast array of features, including, but not limited to, detailed transaction capture, payment authorization, inventory tracking, loss prevention, sales audit and employee management.
Portable Archive Player
Self-contained video player that can play exported Security Center video files on computers that do not have Security Center installed. See also video file.
primary server
The default server chosen to perform a specific function (or role) in the system. To increase the system's fault-tolerance, the primary server can be protected by a secondary server on standby. When the primary server becomes unavailable, the secondary server automatically takes over. See also failover.
private IP address
An IP address chosen from a range of addresses that are only valid for use on a LAN. The ranges for a private IP address are: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.16.255.255, and 192.168.0.0 to 192.168.255.255. Routers on the Internet are normally configured to discard any traffic using private IP addresses.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
833
Glossary
private task
Entity that represents a saved type of task that is visible only to the user who created it. See also public task and task.
properties panel
One of the three panels found in the Security Desk canvas. It is used to show the metadata associated to the entity displayed in the current tile.
Public partition
A special partition created at system installation that has the unique characteristic that all its members are visible to all users on the system, regardless whether they are accepted users or not.
public task
Entity that represents a saved task that can be shared among multiple Security Center users. See also private task and task.
Q R read
See license plate read.
reader
A sensor that reads the credential for an access control system. For example, this can be a card reader, or a biometrics scanner.
Reads
Type of investigation task that reports on license plate reads performed within a selected time range and geographic area.
Reads/hits per day
Type of investigation task that reports on license plate reads performed within a selected time range and geographic area.
Reads/hits per zone
Type of investigation task that reports on the number of reads and hits per day for a selected date range.
recording mode
The criteria by which the Archiver schedules the recording of video streams. There are four possible recording modes: • Off (no recording allowed) • Manual (record only on user requests) • Continuous (always record) • On motion/manual (record according to motion detection settings or on user request).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
834
Glossary
recording state
Current recording status of a given camera. There are four possible recording states: • Enabled
• • •
Disabled Currently recording (unlocked) Currently recording (locked).
redirector
Server assigned to host a redirector agent created by the Media Router role.
redirector agent
Agent created by the Media Router role to redirect data streams from one IP endpoint to another.
redundant archiving
Option that allows a copy of all the video streams of an Archiver role to be archived simultaneously on the standby server as a protection against data loss.
Remote
Type of operation task that allows you to remotely monitor and control other Security Desks that are part of your system, using the Monitoring task and the Alarm monitoring task. See also Monitoring and Alarm monitoring.
Report Manager
Type of role that automates report emailing and printing based on schedules.
report pane
A section in the Security Desk's task workspace used to display information in a tabular form. The rows may correspond to query results or real-time events. See also task workspace.
request to exit
Request to exit (REX). (1) Door release button normally located on the inside of a secured area that when pressed, allows a person to exit the secured area without having to show any credential. This can also be the signal from a motion detector. (2) The signal received by the controller for a request to exit.
reverse geocoding
AutoVu feature that translates a pair of latitude and longitude into a readable street address. See also geocoding and Navigator.
RFID tag
Radio Frequency Identification tag. A device that communicates location data, and other data related to the location, of an object to which it is attached.
role
A software module that performs a specific function (or job) within Security Center. Roles must be assigned to one or more servers for their execution. See also server.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
835
Glossary
Role view
Browser view that lists all roles on your system with the devices they control as child entities.
route
Entity used to configure the transmission capabilities between two end points in a network for the purpose of routing media streams.
Route playback
Type of investigation task that replays the route followed by a Patroller on a given date on a map.
S same position
Type of parking regulation characterizing an overtime rule. A vehicle is in violation if it is seen parked at the exact same spot over a specified period of time. The Patroller must be equipped with GPS capability in order to enforce this type of regulation.
schedule
Type of entity that defines a set of time constraints that can be applied to a multitude of situations in the system. Each time constraint is defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed range, daytime, and nighttime). See also standard schedule and twilight schedule.
scheduled task
Type of entity that defines an action that executes automatically on a specific date and time, or according to a recurring schedule.
secondary server
Any alternate server on standby intended to replace the primary server in the case the latter becomes unavailable. See also failover and primary server.
Security Center
Security Center is the unified security platform that seamlessly blends Genetec's IP security and safety systems within a single innovative solution. The systems unified under Security Center include Genetec's Omnicast IP video surveillance system, Synergis IP access control system, and AutoVu IP license plate recognition (LPR) system. See also Security Desk.
Security Center Federation Type of role that imports entities from an independent Security Center system so that its entities can be used by your local Security Center users. Security Center Mobile
Security Center Mobile is a feature of Genetec’s unified platform that lets you remotely connect to your Security Center system over a wireless IP network. Supported Mobile client components include a platform-independent, unified Web Client, as well as various Mobile apps for smartphones and tablets. See also Mobile Admin, Mobile app, Mobile Server, and Web Client.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
836
Glossary
security clearance
Numerical value used to further restrict the access to an area when a threat level is in effect. Cardholders can only access (enter or exit) an area if their security clearance is equal or higher than the minimum security clearance set on the area. See also threat level.
Security Desk
Security Desk is the unified user interface of Security Center. It provides consistent operator flow across all of the Security Center’s main systems, Omnicast, Synergis, and AutoVu. Security Desk’s unique task-based design lets operators efficiently control and monitor multiple security and public safety applications. See also Security Center.
selector
One of the panes found in the Security Desk's task workspace. The selector contains different sets of tools, grouped in tabs, to help you find and select the information you need to work on. See also task workspace.
server
Type of entity that represents a server machine on which Genetec Server is installed. See also expansion server, Genetec Server, and main server.
Server Admin
Web application running on every server machine in Security Center that allows you to configure the settings of Genetec Server. Server Admin also allows you to configure the Directory role on the main server.
sharing guest
Security Center system that is given the rights to view and modify entities shared by another system, called the sharing host. See also Global Cardholder Synchronizer and global partition.
sharing host
Security Center system that owns partitions that are shared with other Security Center systems, called sharing guests. See also global partition.
Sharp EX
Sharp unit that includes an integrated image processor and supports two standard definition NTSC or PAL inputs for external cameras (LPR and context cameras). See also context camera, LPR camera, and Sharp unit.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
837
Glossary
Sharp Portal
Web-based administration tool used to configure Sharp cameras for fixed or mobile AutoVu systems. From a Web browser, you log on to a specific IP address (or the Sharp name in certain cases) that corresponds to the Sharp you want to configure. When you log on, you can configure options such as selecting the LPR context (e.g. Alabama, Oregon, Quebec, etc), selecting the read strategy (e.g. fast moving or slow moving vehicles), viewing the Sharp’s live video feed, and more. See also Sharp unit.
Sharp unit
Genetec's proprietary LPR unit that integrates license plate capturing and processing components, as well as digital video processing functions, inside a ruggedized casing. See also context camera, PlateReaderServer, LPR camera, Sharp EX, Sharp VGA, Sharp XGA, SharpX, and.
Sharp VGA
Sharp unit that integrates the following components: an infrared illuminator; a standard definition (640 x 480) LPR camera for plate capture; an integrated image processor; an NTSC or PAL color context camera with video streaming capabilities. See also context camera, LPR camera, and Sharp unit.
Sharp XGA
Sharp unit that integrates the following components: an infrared illuminator; a high-definition (1024 x 768) LPR camera for plate capture; an integrated image processor; an NTSC or PAL color context camera with video streaming capabilities and optional internal GPS. See also context camera, LPR camera, and Sharp unit.
SharpX
Camera component of the SharpX system. The SharpX camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome LPR camera (1024 x 946 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The LPR data captured by the SharpX camera unit is processed by a separate hardware component called the AutoVu LPR Processing Unit. See also AutoVu LPR Processing Unit.
SharpX VGA
Camera component of the SharpX system. The SharpX VGA camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome LPR camera (640 x 480 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The LPR data captured by the SharpX VGA camera unit is processed by a separate hardware component called the AutoVu LPR Processing Unit. See also AutoVu LPR Processing Unit.
SMC
See Synergis Master Controller.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
838
Glossary
Software Development Kit Software Development Kit (SDK). Allows end-users to develop custom applications or custom application extensions for Security Center. SSL
Secure Sockets Layer is a protocol used to secure applications that need to communicate over a network.
standard schedule
A subtype of schedule entity that may be used in all situations. Its only limitation is that it does not support daytime or nighttime coverage. See also twilight schedule.
standby server
See secondary server.
stream
stream. (1) Video stream. (2) Entity representing a specific video quality configuration on a camera.
strict antipassback
Antipassback option. When enabled, a passback event is generated when a cardholder attempts to leave an area that they were never granted access to. When disabled, Security Center only generates passback events for cardholders entering an area that they never exited. See also timed antipassback.
synchronous video
Simultaneous live video or playback video from more than one camera that are synchronized in time.
Synergis
Synergis™ is the IP access control system of the Security Center designed to offer end-to-end IP connectivity, from access control reader to client workstation. Synergis™ seamlessly integrates a variety of access control capabilities including, but not limited to, badge design, visitor management, elevator control, zone monitoring and more.
Synergis Master Controller Genetec's access control unit that supports a variety of third party readers and (SMC) interface modules over IP, USB, and RS-485. SMC is seamlessly integrated to Security Center, and is capable of making the access control decisions independently of the Access Manager. See also access control unit, controller module, and four-port RS-485 module. system event
A system event is a standard Security Center event defined at system installation. Unlike custom events, system events cannot be renamed or deleted. See also custom event.
System status
Type of maintenance task that monitors the status of all entities of a given type in real time, and allows you to interact with them.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
839
Glossary
T tailgating
A person who enters a secure area without presenting a credential, by following behind another person who has presented their credential.
task
The central concept on which the entire Security Center user interface is built. Each task corresponds to one aspect of your work as a security professional. For example, use a monitoring task to monitor system events in real-time, use an investigation task to discover suspicious activity patterns, or use an administration task to configure your system. All tasks can be customized and multiple tasks can be carried out simultaneously. See also private task and public task.
task cycling
Security Desk feature that automatically cycles through all tasks in the active task list following a fixed dwell time.
task workspace
Area in the Security Center client application window reserved for the current task. The workspace is typically divided into three panes: • canvas • selector • report pane See also canvas, report pane, and selector.
taskbar
User interface element of the Security Center client application window, composed of the Home button and the task list. The taskbar can be configured to appear on either edge of the application window.
threat level
Emergency handling procedure that a Security Desk operator can enact on one area or the entire system to deal promptly with a potentially dangerous situation, such as a fire or a shooting.
tile
An individual window within the tile panel, used to display a single entity. The entity displayed is typically the video from a camera, a map, or anything of a graphical nature. The look and feel of the tile depends on the displayed entity. See also tile panel.
tile ID
The number displayed at the upper left corner of the tile. This number uniquely identifies each tile within the tile panel. See also tile and tile panel.
Tile mode
Security Desk canvas operating mode where the main area of the canvas is used to display the tile panel and the dashboard.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
840
Glossary
tile panel
Panel within the canvas used to display multimedia information, such as videos, maps and pictures. The tile panel is composed of individual display windows called tiles. See also canvas and tile.
tile pattern
Predefined tile arrangements within the tile panel. See also tile panel.
tile plugin
Type of entity that represents an application that runs inside a Security Desk tile. Examples of tile plugins include a web browser (available as standard Security Center feature) and Plan Manager Client. See also Plan Manager and plugin.
Time and attendance
Type of investigation task that reports on who has been inside a selected area and the total duration of their stay within a given time range.
timed antipassback
Antipassback option. When Security Center considers a cardholder to be already in an area, a passback event is generated when the cardholder attempts to access the same area again during the time delay defined by Timeout. When the time delay has expired, the cardholder can once again pass into the area without generating a passback event. See also strict antipassback.
timeline
A graphic illustration of a video sequence, showing where in time, motion, and bookmarks are found. Thumbnails can also be added to the timeline to help the user select the segment of interest.
Transmission Control Protocol
The Transmission Control Protocol (TCP) is a connection-oriented protocol used to send data over an IP network. The TCP/IP protocol defines how data can be transmitted in a secure manner between networks. TCP/IP is the most widely used communications standard and is the basis for the Internet.
trickling
The process of transferring data in small amounts.
twilight schedule
A subtype of schedule entity that supports both daytime and nighttime coverages. A twilight schedule may not be used in all situations. Its primary function is to control video related behaviors. See also standard schedule.
U unicast
Communication between a single sender and a single receiver over a network.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
841
Glossary
Uniform Resource Locator A URL (Uniform Resource Locator, previously Universal Resource Locator) is the unique address for a file that is accessible on the Internet. The URL contains the name of the protocol (http:, ftp:, file:) to be used to access the file resource, a domain name that identifies a specific computer on the Internet, and a path name, a hierarchical description that specifies the location of a file in that computer. unit
A hardware device that communicates over an IP network that can be directly controlled by a Security Center role. We distinguish four types of units in Security Center: • Access control units, managed by the Access Manager role
• • •
Video units, managed by the Archiver role LPR units, managed by the LPR Manager role Intrusion detection units, managed by the Intrusion Manager role.
See also access control unit, Access Manager, Archiver, Intrusion Manager, LPR Manager, LPR unit, and video unit. Unit discovery tool
Tool that allows you to discover IP units connected to your network, based on their type (access control or video), manufacturer, and network properties (discovery port, IP address range, password, and so on). Once discovered, the units can be added to your system.
Unit replacement
Tool used to replace a failed hardware device with a compatible one, while ensuring that the data associated to the old unit gets transferred to the new one. For an access control unit, the configuration of the old unit is copied to the new unit. For a video unit, the video archive associated to the old unit is now associated to the new unit, but the unit configuration is not copied.
University Parking Enforcement
Patroller software installation that is configured for university parking enforcement: the enforcement of scheduled parking permits or overtime restrictions. The use of maps is mandatory. Hotlist functionality is also included. See also overtime rule, permit, and permit restriction.
unreconciled read
MLPI license plate read that has not been committed to an inventory. See also Mobile License Plate Inventory.
user
Type of entity that identifies a person who uses Security Center applications and defines the rights and privileges that person has on the system. Users can be created manually or imported from an Active Directory. See also Active Directory and user group.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
842
Glossary
User Datagram Protocol
The User Datagram Protocol (UDP) is a connectionless protocol used to exchange data over an IP network. UDP is more efficient than TCP for video transmission because of lower overhead.
user group
Type of entity that defines a group of users who share common properties and privileges. By becoming member of a group, a user automatically inherits all the properties of the group. A user can be member of multiple user groups. User groups can also be nested. See also user.
user level
A numeric value assigned to users to restrict their ability to perform certain operations, such as controlling a camera PTZ, viewing the video feed from a camera, or to stay logged on when a threat level is set. The smaller the value, the higher the priority. See also threat level, user, and user group.
user privilege
Privileges that control what operations a user is allowed to perform in Security Center, independent of what entities they can access, and within the constraints set by the software license. User privileges can be inherited from user groups. See also access right, partition, user, and user group.
V validation key
Serial number uniquely identifying a computer that must be provided to obtain the license key. See also license key.
vehicle identification number
All vehicles have a manufacturer assigned vehicle identification number (VIN). This is usually visible from outside the vehicle as a small plate on the dashboard. A VIN can be included as additional information with license plate entries in a hotlist or permit list, to further validate a hit and ensure that it is the correct vehicle.
video analytics
The software technology that is used to analyze video for specific information about its content. Examples of video analytics include counting the number of people going through a door, license plate recognition, detection of unattended objects, or the direction of people walking or running.
video archive
Video archive includes both the recorded audio/video footage and the database that documents those recordings (source camera, timestamps, events, bookmarks, and so on).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
843
Glossary
video encoder
Device that converts an analog video source to a digital format using a standard compression algorithm (H.264, MPEG-4, MPEG-2 or M-JPEG). The video encoder is one of the many devices found on a video encoding unit. See also camera and video unit.
video decoder
Device that converts a digital video stream into analog signals (NTSC or PAL) for display on an analog monitor. The video decoder is one of the many devices found on a video decoding unit. See also analog monitor and video unit.
video file
File created by an archiving role (Archiver or Auxiliary Archiver) to store archived video. The file extension is G64. You need the Security Desk or the Portable Archive Player to read video files. See also Archiver, Auxiliary Archiver, and G64.
Video file player
Type of investigation task that browses through your file system for video files (G64) and allows you to play, convert to ASF, and verify the authenticity of these files.
video sequence
Any recorded video stream of a certain duration.
video unit
Type of entity that represents a video encoding or decoding device capable of communicating over an IP network and incorporating one or more video encoders. They come in a wide variety of brands and models. Some support audio, others support wireless communication. The high-end encoding models come with their own recording and video analytics capabilities. See also Archiver, video decoder, and video encoder.
video watermarking
Process by which a digital signature (watermark) is added to each recorded video frame to ensure its authenticity. If anyone later tries to make changes to the video (add, delete or modify a frame), the signatures will no longer match, thus, showing that the video has been tampered with.
virtual zone
A subtype of zone entity where the IO linking is done by software. The input and output devices may belong to different units of different types. A virtual zone is controlled by the Zone Manager and only works online. It can be armed and disarmed from Security Desk. See also hardware zone and zone.
Visit details
Type of investigation task that reports on the stay (check-in and check-out time) of current and past visitors.
Visitor activities
Type of investigation task that reports on visitor activities (access denied, first person in, last person out, antipassback violation, and so on).
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
844
Visitor management
Type of operation task that allows you to check in, check out, and modify visitors, as well as manage their credentials, including temporary replacement cards.
visual tracking
Visual tracking is a feature in Security Desk that allows you to follow an individual across different areas of your company without ever loosing sight of that individual, as long as the places this person goes through are monitored by cameras. This feature displays transparent overlays on the video to show you where you can click to switch to adjacent cameras.
VSIP port
The VSIP port is the name given to the discovery port of Verint units. A given Archiver can be configured to listen to multiple VSIP ports. See also discovery port.
W watchdog
Security Center service installed alongside the Genetec Server service on every server computer, whose sole purpose is to monitor the operation of Genetec Server, and to restart it if abnormal conditions are detected.
Web-based SDK
Type of role that exposes the Security Center SDK methods and objects as Web services to support cross-platform development.
Web Client
The client component of Security Center Mobile that provides access to Security Center features from a Web browser. Web Client users connect to Mobile Server to configure and monitor various aspects of your Security Center system. See also Mobile Server.
wheel imaging
Virtual tire-chalking technology that takes images of the wheels of vehicles to prove whether they have moved between two license plate reads.
widget
A component of the graphical user interface (GUI) with which the user interacts.
Wiegand
An electrical interface standard and format used between a reader and controller (from the original Wiegand card reader).
Windows Communication Windows Communication Foundation (WCF) is a communication Foundation architecture used to enable applications, in one machine or across multiple machines connected by a network, to communicate. AutoVu Patroller uses WCF to communicate wirelessly with Security Center.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
845
WMS
Web Map Service (WMS) is a standard protocol for serving over the Internet, georeferenced map images that are generated by a map server using data from a GIS database. See also GIS and OGC.
X Y Z zone
Type of entity that monitors a set of inputs and triggers events based on their combined states. These events can be used to control output relays. See also hardware zone, IO linking, and virtual zone.
Zone activities
Type of investigation task that reports on zone related activities (zone armed, zone disarmed, lock released, lock secured, and so on).
Zone Manager
Type of role that manages virtual zones and triggers events or output relays based on the inputs configured for each zone. It also logs the zone events in a database for zone activity reports.
Zone occupancy
Type of investigation task that reports on the number of vehicles parked in a selected parking zone, and the percentage of occupancy (for university parking only). See also University Parking Enforcement.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
846
Index A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A ABA field, defining, 674 about entity tree, 85 Logical view, 85 System entity, 85 accepted user, partitions, 92, 449 access control setting entity expiration, 634 troubleshooting configurations, 320 Access control health history, about, 308 access control unit about, 337 adding using Unit discovery tool, 265 configuring, 267 connection parameters, 344 renaming, 345 SMC, 267 synchronizing about, 267 modes, 348 viewing events, 309 viewing health events, 308 viewing IO configurations, 310 viewing properties, 184 wiring doors, 268 Access control unit events, about, 309 access denied events, investigating, 325 Access diagnosis, using, 323 access granted events, investigating, 325 Access Manager about, 260, 511 adding, 260 configuring, 260 keeping events, 512 resolving conflicts, 515 access rights gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
troubleshooting, 323 viewing, 325 access rule about, 349 applying, 277 configuring, 281 creating, 281 viewing configurations, 317 Access rule configuration about, 317 generating report, 317 Access troubleshooter about, 294, 320, 652 limitations, 320 troubleshooting access requirements, 323 cardholder access rights, 322 doors, 321 accessing storage devices, 226 action about, 106 action privileges, users, 708 actions action types, 758–763 reference list, 758 task-related, 24 activating Genetec Server Directory, 478 roles, 51 user profiles, 483 Active Directory about, 516 encrypted communication, 144 importing cardholders, 284 importing ccredentials, 287 importing users, 102 synchronizing entities, 142 active tasks, list, 485 active tasks, updating, 686 847
Index
Activity trails about, 182 generating report, 182 adding accepted partition users, 92 access control units, 261 Access Mangers, 260 Archivers, 193 area members, 279 cameras to camera sequences, 218 cameras to doors, 270 cash registers, 597 expansion servers, 47 parition members, 448 parity checks, 673 partition members, 92 secondary servers, 64, 534 tasks, 22 tasks to favorites, 24 video units, 194, 244 administrative privileges, users, 697 Administrators user group, about, 97 advanced settings Archiver, 541 video units, 532 alarm about, 351 attached entities, 353 automatic acknowledgement, 355 automatic video recording, 356 broadcast mode, 353 configuring, 112 creating incidents on acknowlegement, 355 entities, 111 managing, 111 procedure, 355 protecting recorded video, 356 reactivation threshold, 354 recipients, 353 responding, 115 schedules, 355 setting priority, 352 testing, 112 triggering, 113 troubleshooting, 112 video display options, 355 Alarm Monitoring, assigning Logical IDs, 626 analyzing report results, 30 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
antipassback about, 361 configuring, 280 application privileges, users, 695 applying access rules for elevators, 277 custom filters, 43 custom filters using search tool, 43 name filters, 43 architecture Security Center system, 6 Synergis system, 252 archive database, about, 224 archive storage about, 224 accessing, 226 estimating requirements, 225 managing, 225 monitoring, 226 Archive storage details about, 233 protecting video files, 231 archive viewing, user limitations, 487, 492 Archiver about, 521 adding, 193 Bosch VRM settings, 531 camera details, 540 configuring, 193 servers, 534 standby archiving, 535 discovering video units, 529 failover, 227 limitation, 229 protected video file statistics, 539 recording modes, 522 recording options, 523, 545 settings advanced, 541 database, 536 network card, 538 storage, 536 video units, 528 statistics, 538 what is, 193 Archiver events, about, 249 Archiver role, searching for events, 249 archives 848
Index
viewing storage details, 233 area about, 360 adding members, 279 antipassback properties, 361 associating doors, 279 configuring, 278 creating, 278 interlock properties, 362 viewing cardholder access rights, 325 arming delaying arming, 505 hardware zones, 505 virtual zones, 508 zones, 160 assigning Keyboard shortcuts, 682 associating access control units to hardware zones, 503 doors to areas, 279 hardware zone states to events, 504 virtual zone states to events, 508 virtual zones to Zone Managers, 507 audio alarm, about, 391 Audit trails, about, 181 automatic stream selection, video units, 211 automating alarm acknowledgement, 355 database backup, 58 disk cleanup, 225 system behavior, 103 video recording on alarms, 356 AutoVu ports used (default), 778 Auxiliary Archiver about, 543 recording modes, 545 settings database, 548 network, 548 storage, 548
B backing up databases, 57 video archives, 227
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Badge designer, about, 366 badge template about, 365 Badge designer tool, 366 creating, 289 preview, 293 best practices configuring cameras, 209, 220 configuring system administrators, 97 deploying Omnicast, 190 deploying Synergis, 256 resolving reader issues, 327 solving HID unit issues, 314 system configuration, 90 wiring doors to access control units, 268 bit rate camera settings, 372 setting priority, 372 video unit settings, 497 boosting recording quality manual recording, 376 settings, 376 special events, 212 system events, 376 broadcast mode, about, 353 buzzer, configuring, 269
C camera about, 209, 220, 368 audio alarm events, 391 boost quality settings, 376 boosting quality on event recording, 376 on manual recording, 376 configuring, 209, 220 motion detection, 379 lens type, 392 linking speakers/microphones, 391 not recording, 241 rotating images, 392 setting bit rate, 372 bit rate priority, 372 connection type, 374
849
Index
video quality, 370 stream usage, 373 tampering, 391 visual tracking, 388 camera details, Archiver, 540 camera recording, troubleshooting, 241 camera sequence about, 393 adding cameras, 218 configuring cameras, 218 creating, 218 removing cameras, 218 camera tampering, about, 391 cannot add video units, troubleshooting, 244 cannot delete video units, troubleshooting, 247 cardholder about, 395 configuring, 283 creating, 283 importing from Active Directory, 284 from flat file, 284 managing, 284 setting picture size, 284, 635 troubleshooting access rights, 322 viewing access rights, 325 viewing properties, 318 Cardholder access rights, about, 325 Cardholder configuration, about, 318 cardholder group about, 398 configuring, 283 creating, 284 viewing access rights, 325 viewing member properties, 318 Cardholder troubleshooter about, 322 using, 322 cash register about, 400 adding, 597 CCTV matrix integration, 190 using, 129 changing role servers, 50 taskbar position, 27 user password, 10, 483 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
video file protection status, 231 checking macro syntax, 430 choosing zone type, 163 closing Security Center, 10 closing Security Desk options, 687 columns reference list, 723 reordering, 33 resizing, 32 selecting, 32 showing/hiding, 32 Comm LED, about, 787 command port, about, 497 common configuration tabs about, 332 Cameras tab, 334 Custom fields tab, 335 Identity tab, 332 Location tab, 336 concurrent logons, limiting, 484 Config Tool interface, 13 configuration changes, investigating, 181 configuring Access Manager, 260 access rules, 281 alarms, 112 antipassback, 280 Archiver, 193 Archiver servers, 534 areas, 278 automatic disk cleanup, 225 camera sequences, 218 cameras, 209, 220 cardholder groups, 283 cardholders, 283 credentials, 285 database notifications, 57 Directory, 473 door buzzers, 269 doors, 268 elevator floors, 275 elevator relays, 276 elevators, 274 entities, 85 entity tree, 86 federated entities, 129 850
Index
full screen mode, 95 Genetec Server, 476 hardware zones, 162 HID units, 799 inputs, 503 interlock, 280 Media Router, 202 motion detection, 379 output pins, 498 partitions, 90 PTZ, 390 readerless doors, 269 role groups, 135 roles, 49 Saved tasks page, 23 Security Center/Patroller communication, 571 servers, 48 standby archiving, 535 user groups, 96 user password expiration, 484 user privileges, 99 users, 93 video streams, 210 virtual zones, 162 visual tracking, 212 conflict resolution utility, using, 149 connecting Security Center, 9 connection parameters access control units, 344 federated Omnicast systems, 592 federated Security Center systems, 603 contacting technical support, 869 contextual command toolbar, 17 converting expansion servers to main servers, 478 main servers to expansion servers, 49, 479 primary servers to expansion servers, 534 Copy configuration tool about, 668 using, 668 countdown buzzer, about, 505 create event-to-actions, 107 creating access rules, 281 areas, 278 badge templates, 289 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
camera sequences, 218 cardholder groups, 284 cardholders, 283 credentials, 285 databases, 55 doors, 268 entities, manually, 37 incidents for door state overrides, 635 on alarm alcknowledgement, 355 intrusion detection areas, 159 Intrusion Managers, 156 macros, 110 network entities, 83 parent user groups, 98 partitions, 91 roles, 50 tasks, 22 user groups, 97 users, 94 credential about, 401 configuring, 285 creating, 285 enrolling, 287 importing from Active Directory, 287 from flat file, 287 information, 402 state, 402 viewing properties, 319 Credential configuration, about, 319 cross-platform development about, 164 Web-based SDK, 164 CSV file importing, 658 fields, 662 custom card format benefits, 287 using, 287, 635 Custom card format editor about, 670 adding parity checks, 673 defining ABA fields, 674 formats, 670 Wiegand fields, 672 851
Index
deleting custom card formats, 677 custom data type add, 138 configuration tab, 621 modify, 139 properties, 621 what is, 138 custom field add, 136 configuration tab, 619 properties, 619 purpose, 136 standard data types, 619 custom fields importing limitations, 665 custom filter, applying, 43 cycling tasks, 24
D database backing up automatic, 58 manual, 57 configuring notifications, 57 creating, 55 deleting, 59 finding version, 56 managing, 52 relocating, 53 restoring, 58 settings, 52 archiving, 536, 548 database failover backup and restore, 72 automatically reconnect to master database, 73 contingency backup, 72 configuring, 72 database server, about, 53 date and time options configuring, 690 displaying time zone abbreviations, 690 date coverage, setting, 464 deactivating Genetec Server Directory, 479 roles, 51 user profiles, 483
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
default network, 83 schedule, 104 user, 94 defining ABA fields, 674 custom card formats, 670 partitions, 91 schedules, 105 Wiegand fields, 672 delaying hardware zone arming, 505 virtual zone arming, 508 deleting current task, 25 custom card formats, 677 databases, 59 discovered entities, 45 entities, 45, 88 intrusion detection unit logs, 424 partition members, 448 tasks, 24 deleting video units, 247 demo license, acquiring, 869 deploying Omnicast, 190 Synergis, 256 determining Web service address, 606 diagnosing entities, 180 impossible to establish video session error, 239 video streams, 235 waiting for signal error, 237 Directory about, 551 configuring, 473 troubleshooting connection problems, 679 Directory Availability Manager, what is, 66 Directory Manager about, 552 Directory server, what is, 66 disarming zones, 160 discovered entities about, 39 deleting, 45 discovery port, video units, 497 displaying Security Desk in full screen, 24 852
Index
document information, ii documentation. See production documentation door about, 357, 404, 432 adding cameras, 270 behavior, 405 buzzer, 269 configuring, 268 creating, 268 door state override incidents, 635 troubleshooting, 326 troubleshooting access rights, 324 unlock schedules, 406 viewing cardholder access rights, 325 wiring, 268 See also readerless door Door troubleshooter about, 321, 324 generating a report, 324 using, 321 duplicating entities, 87
E editing keyboard shortcuts, 682 elevator about, 410 access rules, applying, 277 configuring, 274 floors, 275 relays, 276 hardware requirements, 274 viewing cardholder access rights, 325 enabling task cycling, 485 encryption communication Security Center and Active Directory, 144 enrolling credentials, 287 intrusion panels, 156 enryption key, setting up, 230 entities availability, 171 basic information, 38 configuring, 85 creating
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
network entities, 83 creating manually, 37 deleting, 45 diagnosing, 180 discovering, 39 duplicating, 87 entity types, 331–505 renaming, 85, 87 searching, 42 by custom filter, 43 by name, 43 using global search, 42 using search tool, 43 state types, 179 viewing, 85 entity states about, 179 red, 85 troubleshooting, 179 yellow, 85 entity tree configuring, 86 deleting entities, 88 duplicating entities, 87 reorganizing, 87 entity tree, about, 85 entity types access control unit, 337 access rule, 349 alarm, 351 analog monitor, 357, 432 area, 360 badge template, 365 camera, 368 camera sequence, 393 cardholder, 395 cardholder group, 398 cash register, 400 credential, 401 door, 404 elevator, 410 hardware zone, 502 hotlist, 414 intrusion detection area, 421 intrusion detection unit, 423 LPR unit, 426 macro, 429 network, 434 853
Index
output behavior, 437 overtime rule, 439 parking facility, 444 partition, 447 Patroller, 450 permit, 453 permit restriction, 457 public task, 461 role, 462 schedule, 463 scheduled task, 469 server, 471 tile plugin, 480 user, 482 user group, 489 video unit, 494 virtual zone, 506 entity, what is, 36 error impossible to establish video session, 239 waiting for signal, 237 error messages, investigating, 170 estimating archive storage requirements, 225 evaluating zone states, 503 event about, 106 custom events, 106 event types, 745–757 event recording, boosting quality, 376 event types, reference list, 745 event-to-action compared to scheduled task, 109 create, 107 search, 108 using, 106 See also event, action exceptions federated alarms, 130 execution context, defining, 431 expanding Security Desk full screen, 24 expansion server adding, 47 what is, 7 exporting keyboard shortcut configurations, 682 report results, 31
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
F F11 command, disabling, 95 failover how does it work?, 61 limitation, Archiver, 229 load planning, 228 third-party solutions, 60 favorites adding tasks, 24 removing tasks, 24 features, Omnicast system, 187 federated entity configuring, 129 exceptions, 130 identifying, 128 using, 129 what is, 128 Federating Omnicast systems, 131 Security Center systems, 133 Federation about, 128 advanced settings, 134 Omnicast Federation, 131 types of, 128 Federation host, definition, 128 filtering report queries, 712 finding Archiver role events, 249 database information, 56 who made configuration changes, 181 See also searching firmware upgrade, video units, 496 flat file importing cardholders, 284 importing credentials, 287 floor, elevators, 275 full screen mode configuring as default, 95 full screen, enabling for Security Desk, 24
G general privileges, users, 696 generating Access rule configuration report, 317 Activity trails report, 182 854
Index
Door troubleshooter report, 324 reports, 30 generating reports maximum results, 30 Genetec Server activating Directory, 478 configuring, 476 deactivating Directory, 479 expansion servers, 7 main server, 7 what is, 7 geocoding, about, 574 global cardholder management, what is, 296 Global Cardholder Synchronizer about, 557 connection parameters, 558 shared partitions, 559 synchronization options, 559 Global Cardholder Synchronizer, what is?, 298 global search, using, 42
H H.264 issues, solving, 248 Hardware inventory, about, 184 hardware matrix, integration, 190 hardware requirements HID units, 782 hardware requirements, elevators, 274 hardware zone about, 161, 502 arming on a schedule, 505 using a switch key, 505 associating access control units, 503 zone states to events, 504 configuring, 162 countdown buzzer, 505 delaying arming, 505 evaluating zone state, 503 setting reactivation threshold, 504 See also zone Health history, about, 170 health issues, viewing, 168 Health Monitor about, 560
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Health Monitor, what is, 75 health monitoring maintenance mode, 80 health monitoring, what is, 75 Health statistics, about, 171 HID Discovery GUI utility about, 783 using, 783 HID Edge plus, wiring, 800 HID Edge reader, wiring, 800 HID unit configuring, 799 door with reader, 799 door with two sensors, 799 inputs, 799 network, 782 discovering, 783 features available, 792 interpreting Comm LED, 787 Power LED, 787 operation modes, 791 setting up, 784 hardware, 782 special considerations default input settings, 785 HID hardware, 785 HID V1000 units, 785 supported software/hardware, 788 troubleshooting, 314 discovery issues, 315 enrollment issues, 315 wiring diagrams, 800 HID VertX units wiring VertX V1000, 801 VertX V2000, 802 hiding columns, 32 dashboard, 24 report pane, 24 selector, 24 taskbar, 27 unassigned logical IDs, 625 high availability how does it work?, 60 what is, 60 Home page, 14 855
Index
hotlist about, 414 HTTPS communication, 497
I idenfitying federated entities, 128 identifying system instabilities, 171 idle delay, PTZ, 390 image rotation, about, 392 Import tool about, 657 custom field limitations, 665 import scenarios, 657 importing CSV file fields, 662 CSV files, 658 entities, 664 replacing old credentials, 666 importing cardholders from Active Directory, 284 cardholders from flat file, 284 credentials from Active Directory, 287 credentials from flat file, 287 CSV file fields, 662 CSV files, 658 entities, 664 macros from files, 430 users from Active Directory, 102 importing keyboard shortcut configurations, 682 Impossible to establish video session, error, 239 information messages, investigating, 170 inheriting user privileges, 100 inputs, configuring, 503 instabilities, identifying in system, 171 interface, about, 13 interlock about, 362 configuring, 280 intrusion detection area about, 155, 421 creating, 159 properties, 422 intrusion detection unit about, 155, 423 deleting logs, 424 interface types, 424
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
renaming peripherals, 158 synchronizing clock, 424 intrusion detection, entity types, 155 Intrusion Manager about, 156, 563 creating, 156 keeping events, 564 limitations, 156 intrusion panel enrolling, 156 managing, 155 investigating malfunction events, 170 system configuration changes, 181 user activity, 182 investigation tasks generating reports, 30 IO configuration, about, 310 IO configurations, viewing, 310 IO linking, about, 160 IP address, video unit, 496 IPv4, display modes, 436 IPv6, about, 436
K keeping events Access Manager, 512 Intrusion Manager, 564 Zone Manager, 609 key switch, zone arming, 505 keyboard shortcuts assigning, 682 configuring, 681 editing, 682 exporting configurations, 682 importing configurations, 682 restoring default configurations, 682
L launching Walkthrough wizard, 272 lens type, about, 392 level, users, 486, 491 license information viewing from Config Tool, 769 viewing from Server Admin, 770 856
Index
licensing, 869 limitations importing custom fields, 665 Intrusion Manager, 156 motion detection, 385 Omnicast Federation, 131 limiting concurrent user logons, 484 report results, 600 linking map files to maps, 165 microphones to cameras, 391 speakers to cameras, 391 Web pages to maps, 165 Live video, dialog box, 213 PTZ commands, 214 loading saved tasks, 23 location, setting, 40 lock delay, PTZ, 391 log in, video unit credentials, 530 log off, Security Center, 10 log on basic authentication, 9 supervised, 487, 492 user schedules, 484 using Windows credentials, 153 using Windows credentials in a multi-AD environment, 153 logging on options, 679 wrong Directory, 679 logical ID hiding unassigned entities, 625 showing, 625 logical ID, showing, 686 Logical view about, 85 entity tree, 86 managing, 85 logs, deleting, 424 LPR Manager about, 567 configuring Security Center/Patroller communication, 571 enabling hotlist filtering, 574 enabling permit filtering, 574 geocoding, 574 importing data, 583 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
managed hotlists and permits, 572 matching license plate reads, 573 providing Patroller updates, 582 XML exporting, 579 XML importing, 578 LPR unit about, 426 LPR unit, viewing properties, 184
M macro about, 429 checking syntax, 430 creating, 110 defining execution contexts, 431 importing from files, 430 using, 110 main server converting to expansion servers, 49 what is, 7 maintenance mode, 80 maintenance tasks generating reports, 30 malfunction events, investigating, 170 managing alarms, 111 archive storage, 225 cardholders, 284 database, 52 intrusion panels, 155 Logical view, 85 Network view, 82 roles, 47 servers, 47 software security, 89 threat levels, 117 video archives, 224 zones, 160 manual recording, boosting quality, 376 map linking map files, 165 Web pages, 165 map file, linking to maps, 165 matching license plate reads, 573 maximum results, Security Desk reports, 30
857
Index
Media Router about, 585 configuring, 202 redirecting video streams, 586 RTSP port, 588 RTSP port conflict, 203 setting multicast port number, 588 what is, 202 microphone linking to cameras, 391 properties, 500 monitoring archive storage usage, 226 resource availability, 171 status of entities, 177 status of system, 177 system health, 171 Monitoring task viewing tiles only, 24 motion block, about, 380 motion detection about, 379 configuring, 379 drawing motion zones, 383 event types, 386 H.264 streams, 382 limitations, 385 motion blocks, 380 positive motion detection, 380 testing, 384 motion zones, drawing, 383 Move unit, about, 655
N name filter, applying, 43 nesting partitions, 93 network about, 434 IPv4 display modes, 436 IPv6 address, 436 proxy server, 436 routes, 436 settings, 374 transmission capabilities, 435 network card settings, Archiver, 538 network entities
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
about, 83 creating, 83, 84 network options, configuring, 681 Network view managing, 82 purpose, 82 what is, 82 Network view, what is, 82 notification settings, video unit, 530 notification tray viewing system messages, 168 NTP settings, video unit, 532
O offline video units troubleshooting, 236 Omnicast deploying prerequisities, 190 procedure, 191 entities, 188 features, 187 federating, 131 ports used (default), 780 what is, 187 Omnicast Federation about, 131, 590 connection parameters, 592 defining role groups, 591 limitations, 131 receiving information, 592 opening Server Admin, 48 Options dialog box about, 678 date/time display, 690 general options network, 681 user logon, 679 keyboard shortcuts, 681 performance options, 689 user interaction, 685 video options, 688 visual options, 683 ordinal pattern, schedules, 468 organizing video stream settings, 210
858
Index
output behavior, about, 437 output pin, settings, 498 overtime rule about, 439 overtime violations, 442 overtime violations, about, 442 overwriting databases, 55
P parition manager promoting users, 93 parity check, defining, 673 parking facility about, 444 partition about, 89, 447 adding accepted users, 92, 449 members, 92, 448 configuring, 90 creating, 91 defining, 91 deleting members, 448 nesting, 93 promoting users to managers, 93 public partition, 91 purpose, 91 system partition, 91 user privileges, 101 partition manager, about, 91 partition user, promoting, 93 password changing, 10, 483 expiration, 484 Patroller about, 450 performance options configuring, 689 limiting report results, 689 perimeter door, configuring, 279 permanently saving tasks, 26 permit about, 453 permit restriction about, 457
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
picture size, cardholders, 284, 635 playback video troubleshooting, 240 Plugin about, 594 Point of Sale about, 595 adding cash registers, 597 retrieving database information, 596 saving transaction data, 596 ports AutoVu-specific, 778 common to Security Center, 777 Omnicast-specific, 780 Synergis-specific, 779 positive motion detection, about, 380 Power LED, about, 787 preventing system failures, 171 primary server switching to secondary server, 534 printing report results, 31 private task saving, 24 using, 23 privilege templates about, 101 purpose, 101 usage tips, 101 using, 101 privileges, users, 694–710 product documentation, about, 868 promoting partition users to managers, 93 protected video file statistics, 539 protecting alarm video recordings, 356 video archives, 227 protecting video files, 231 proxy server, about, 436 PTZ configuring, 390 using idle delay, 390 lock delay, 391 PTZ commands advanced configuration, 214 Center-on-click, 214 testing, 214 859
Index
Zoom-box, 214 PTZ coordinates, dialog box, 214 public parition, about, 91 public task saving, 24 using, 23 public task, about, 461
Q query filters reference list, 712 Query tab query filters available, 712
R reactivation threshold alarms, 354 hardware zone, 504 virtual zone, 508 readerless door, configuring, 269 receiving information Omnicast Federation, 592 Security Center Federation, 603 recipients, alarms, 353 recording modes, Archiver, 522 recording modes, Auxiliary Archiver, 545 recording options, Archiver, 523, 545 red entity state, about, 85 redirecting video streams, 586 redundant archiving, using, 227 reference list action types, 758 event types, 745 query filters, 712 report columns, 723 relay settings, configuring, 276 relocating databases, 53 remote connection, enabling on SQL Server, 54 remote user, controlling, 487, 492 removing tasks from favorites, 24 removing cameras from camera sequences, 218 renaming access control units, 345 entities, 85, 87 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
intrusion detection unit peripherals, 158 renaming tasks, 24 reordering columns, 33 tasks, 25 reorganzing, entity tree, 87 replacing old credentials, 666 report analyzing results, 30 columns available, 723 exporting, 31 filtering query, 712 printing, 31 saving, 31 saving templates, 30 viewing results, 723 Report Manager about, 599 limiting results, 600 report pane columns available, 723 reordering columns, 33 resizing columns, 32 showing/hiding columns, 32 working with, 29 report results analyzing, 30 report results, limiting, 689 reporting tasks generating reports, 30 resizing columns, 32 resolving conflicts Access Manager, 515 how to, 149 overlapping schedules, 105 resources, monitoring availability, 171 responding, alarms, 115 restoring databases, 58 default keyboard shortcuts, 682 video archives, 227 retrieving Point of Sale system data, 596 role about, 49, 462 activating/deactivating, 51 changing servers, 50 configuring, 49 creating, 50 860
Index
managing, 47 role types, 510–610 troubleshooting, 51 what is, 7 role group configuring, 135 defining, 591 setting, 602 what is, 134 role types Access Manager, 511 Active Directory, 516 Archiver, 521 Auxiliary Archiver, 543 Directory, 551 Directory Manager, 552 Global Cardholder Synchronizer, 557 Health Monitor, 560 Intrusion Manager, 563 LPR Manager, 567 Media Router, 585 Omnicast Federation, 590 Plugin, 594 Point of Sale, 595 Report Manager, 599 Security Center Federation, 601 Web-based SDK, 605 Zone Manager, 608 routes, network, 436 RTSP port, about, 203, 588
S Saved tasks page configuring, 23 saving active task list, 687 open tasks, 24 report results, 31 report templates, 30 tasks, 24 workspace, 24 saving Point of Sale transaction data, 596 schedule about, 463 default schedule, 104 definition, 103
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
ordinal patterns, 468 resolving conflicts, 105 setting date coverage, 464 time coverage, 464 time range, 465 time zones, 104 twilight schedule, 104 user logon, 484 using, 103 scheduled task about, 469 compared to event-to-action, 109 create, 109 using, 109 what is, 109 schedules defining, 105 scheduling alarms, 355 hardware zone arming, 505 search event-to-actions, 108 search box using, 43 search box, using, 42 search tool, using, 43 searching for Archiver role events, 249 entities, 42 by name, 43 global search, 42 tasks, by name, 42 video files, 233 secondary server switching to primary server, 534 secondary server, adding, 64, 534 secure communication, video units, 497 Security Center about, 3 action types, 758 architecture, 6 changing user password, 10 closing, 10 common ports used, 777 connecting, 9 event types, 745 federating, 133 861
Index
logging off, 10 logging on, 9, 153 ports, default, 776–780 system features, 4 Security Center Federation about, 601 connection parameters, 603 receiving information, 603 setting role groups, 602 Security Desk displaying full screen, 24 Security Desk, about, 651 selecting columns, 32 Server Admin open using Config Tool, 48 using Internet Explorer, 48 using, 473 servers about, 471 configuring, 48 Directory, 473 Genetec Server, 476 managing, 47 using Server Admin, 473 setting alarm priorities, 352 bit rate priority, 372 camera bit rate priority, 372 camera bit rates, 372 camera connection type, 374 camera video quality, 370 entity expiration, 634 hardware zone reactivation threshold, 504 location, 40 multicast port number, 588 picture size, 284, 635 schedule date coverage, 464 schedule time coverage, 464 time ranges, 465 user group privileges, 493 user levels, 486, 491 user privileges, 488 video unit bit rates, 497 virtual zone reactivation threshold, 508 setting up HID units, 784 sharing guest, what is?, 298 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
sharing host, what is?, 297 showing columns, 32 logical IDs, 625 tiles only, 24 SMC units about, 267 software security about, 89 managing, 89 sorting tasks, 24, 25 speaker linking to cameras, 391 properties, 499 SQL Server, remote connection, 54 starting task cycling, 24 state types, entities, 179 status, user profiles, 483 stopping task cycling, 24 storage settings, Archiver, 536 storage settings, Auxiliary Archiver, 548 stream usage, about, 373 supervised log on, about, 487, 492 supporting cross-platform development, 164 synchronization modes, access control units, 348 synchronizing access control units, 267 entities with Active Directory, 142 intrusion detection unit clocks, 424 Synergis about, 252 architecture, 252 deploying alone, 258 prerequisities, 256 procedure, 257 with Omnicast, 259 entities, 253 ports used (default), 779 testing system, 294 unique model, 254 System entity, about, 85 system health monitoring, 171 troubleshooting, 170 862
Index
system messages about, 168 viewing, 168 system messages, display options, 686 system partition, about, 91 System status about, 177 monitoring entity statuses, 177 system, monitoring status, 177
T task adding, 22 adding to favorites, 24 administration tasks, 611–630 commands, 24 creating, 22 deleting, 24 loading saved tasks, 23 removing from favorites, 24 renaming, 24 reordering, 25 saving, 24 as private task, 24 as public task, 24 layout, 24 tasks permanently, 26 sorting, 25 working with, 24 task cycling starting, 24 stopping, 24 task cycling, enabling, 485 task list saving on exit, 687 sorting, 24 task privileges, users, 704 task types maintenance tasks Access control health history, 308 Access control unit events, 309 Access rule configuration, 317 Activity trails, 182 Archive storage details, 233 Archiver events, 249 Audit trails, 181
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
Cardholder access rights, 325 Cardholder configuration, 318 Credential configuration, 319 Door troubleshooter, 324 Hardware inventory, 184 Health history, 170 Health statistics, 171 IO configuration, 310 System status, 177 taskbar changing position, 27 display options, 683 hiding, 27 technical support, contacting, 869 testing alarms, 112 motion detection, 384 threat level managing, 117 purpose, 117 threat, definition, 117 tile plugin about, 480 time coverage, setting, 464 time range daily time, 465 setting, 465 specific dates, 467 twilight, 467 weekly, 466 time zone displaying abbreviations, 690 time zones, warning about, 104 tips privilege templates, 101 tool types Access troubleshooter, 652 Copy configuration tool, 668 Custom card format editor, 670 Import tool, 657 Move unit, 655 Options dialog box, 678 Security Desk, 651 Unit Discovery tool, 653 Unit replacement, 654 Tools Access troubleshooter, 320 Tools menu, 692 863
Index
transmission capabilities, network, 435 trickling, what is, 198 triggering alarms, 113 troubleshooting access configuration problems, 320 access requirements, 323 access rights to doors, 324 access rule configurations, 317 Access troubleshooter, 294 alarms, 112 cameras not recording, 241 cannot add video units, 244 cannot delete video units, 247 cardholder access rights, 322 doors, 321, 326 credentials, 326 readers, 327 Request to exit, 326 entity states, 179 H.264 video stream, 248 HID units, 314 impossible to establish video session error, 239 malfunction events, 170 offline video units, 236 playback video, 240 roles, 51 system health, 170 unstable entities, 171 video streams, 235 waiting for signal, 237 troushooting user logon, 679 twilight schedule, about, 104
U UI component Logical view, 85 UI element Home page, 14 Tools menu, 692 task workspace administration, 16 contextual command toolbar, 17 Unit discovery tool about, 653 adding
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
access control units, 265 video units, 196 Unit replacement, about, 654 unprotecting video files, 231 upgrading video unit firmware, 496 user about, 89, 93, 482 activating, 483 changing password, 10, 483 configuring, 93 controlling remote workstations, 487, 492 creating, 94 deactivating, 483 enabling task cycling, 485 entering personal information, 483 importing from Active Directory, 102 investigating activity, 182 limitations, archive viewing, 487, 492 limiting concurrent logons, 484 logon schedules, 484 password expiration, 484 setting level, 486, 491 setting privileges, 488 supervised log on, 487, 492 user group about, 89, 97, 489 configuring, 96 creating, 97 creating parent user groups, 98 members, 490 setting privileges, 493 user interaction options configuring, 685 displaying system messages, 686 exiting Security Desk, 687 renaming devices, 686 showing logical IDs, 686 updating public tasks, 686 user logon options, 679 troubleshooting, 679 user password changing, 10, 483 configuring expiration, 484 user privileges about, 99, 488 action privileges, 708 864
Index
administrative privileges, 697 application privileges, 695 configuring, 99 general privileges, 696 hierarchy, 99 inheriting, 100 partitions, 101 settings, 99 task privileges, 704 templates, 101 using Access troubleshooter, 323 Archiver failover, 227 Cardholder troubleshooter, 322 Copy configuration tool, 668 custom card formats, 287, 635 Door troubleshooter, 321 event-to-actions, 106 federated entities, 129 global search, 42 HID Discovery GUI utility, 783 macros, 110 ordinal patterns, 468 partitions, 91 redundant archiving, 227 scheduled tasks, 109 schedules, 103 search box, 42, 43 search tool, 43 Server Admin, 473 SSL connection, 606 Web-based SDK, 164
V video archive about, 224 archive database, 224 Archiver failover, 227 backing up, 227 encryption key, 230 failover load planning, 228 hardware failure protection, 227 managing, 224 protecting, 227 redundant archiving, 227 restoring, 227
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
routine cleanup protection, 229 storage, 224 storage failure protection, 227 tampering protection, 229 video display options, alarms, 355 video encoder, about, 368 video file changing protection status, 231 protecting, 231 searching, 233 unprotecting, 231 viewing properties, 233 video options configuring, 688 video protection, alarms, 356 video quality testing, 213 video quality, cameras, 370 video recording on alarms, 356 video stream automatic stream selection, 211 boosting recording quality, 212 configuring, 210 diagnosing, 235 organizing settings, 210 video unit about, 494 adding manually, 194 using Unit discovery tool, 196 advanced settings, 532 authenticating, 497 automatic discovery, 196 bit rate settings, 497 cannot add, 244 cannot delete, 247 command port, 497 discovery port, 497 discovery settings, 529 enabling UPnP, 497 IP address, 496 notification settings, 530 NTP settings, 532 peripherals configuring output pins, 498 microphone properties, 500 settings, 498 speaker properties, 499 865
Index
secure communication, 497 setting login credentials, 530 settings, 528 SSL settings, 531 troubleshooting offline units, 236 upgrading firmware, 496 viewing properties, 184 viewing access control unit events, 309 access control unit health events, 308 access rule configurations, 317 active task list, 485 archive storage details, 233 cardholder access rights, 325 cardholder properties, 318 credential properties, 319 entities, 85 health issues, 168 IO configurations, 310 license information from Config Tool, 769 from Server Admin, 770 report results, 723 system messages, 168 unit properties, 184 warnings, 168 virtual zone about, 161, 506 arming, 508 associating zone states to events, 508 configuring, 162 delaying arming, 508 evaluating zone state, 507 setting reactivation threshold, 508 Zone Manager, 507 See also zone visual options configuring, 683 taskbar, 683 visual tracking about, 388 configuring, 212
W Waiting for signal, error, 237 Walkthrough wizard
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
about, 271 launching, 272 modes, 272 purpose, 271 warning messages investigating, 170 viewing, 168 Watchdog, about, 478 Web page, linking to maps, 165 Web-based SDK about, 164, 605 determining Web service address, 606 using, 164 SSL connection, 606 Wiegand field, defining, 672 wiring diagrams HID Edge plus, 800 HID Edge reader, 800 HID VertX V1000, 801 HID VertX V2000, 802 wiring doors, 268 working with report pane, 29 tasks, 24
X XML exporting, 579 importing, 578
Y yellow state, entities, 85
Z zone about, 160 arming, 160 choosing zone type, 163 disarming, 160 hardware zone about, 161, 502 configuring, 162 IO linking, 160 managing, 160 866
Index
virtual zone about, 161, 506 configuring, 162 Zone Manager about, 161, 608 associating zones, 507 keeping events, 609
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
867
Where to find product documentation You can find our product documentation in the following locations:
• Installation package. The documentation is available in the Documentation folder of the installation package. Some of the documents also have a direct download link to the latest version of the document.
• Genetec Technical Assistance Portal (GTAP). The latest version of the documentation is available from the GTAP Documents page. Note, you’ll need a username and password to log on to GTAP.
• Help. Security Center client and web-based applications include help, which explain how the product works and provide instructions on how to use the product features. Patroller and the Sharp Portal also include context-sensitive help for each screen. To access the help, click Help, press F1, or tap the ? (question mark) in the different client applications.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
868
Technical support Genetec Technical Assistance Center (GTAC) is committed to providing its worldwide clientele with the best technical support services available. As a Genetec customer, you have access to the Genetec Technical Assistance Portal (GTAP), where you can find information and search for answers to your product questions.
• Genetec Technical Assistance Portal (GTAP). GTAP is a support website that provides indepth support information, such as FAQs, knowledge base articles, user guides, supported device lists, training videos, product tools, and much more. Prior to contacting GTAC or opening a support case, it is important to look at this website for potential fixes, workarounds, or known issues. You can log in to GTAP or sign up at https://gtap.genetec.com.
• Genetec Technical Assistance Center (GTAC). If you cannot find your answers on GTAP, you can open a support case online at https://gtap.genetec.com. For GTAC's contact information in your region see the Contact page at https://gtap.genetec.com. NOTE Before contacting GTAC, please have your System ID (available from the About button in your client application) and your SMA contract number (if applicable) ready.
• Licensing.
For license activations or resets, please contact GTAC at https://gtap.genetec.com. For issues with license content or part numbers, or concerns about an order, please contact Genetec Customer Service at
[email protected], or call 1-866-684-8006 (option #3). If you require a demo license or have questions regarding pricing, please contact Genetec Sales at
[email protected], or call 1-866-684-8006 (option #2).
Additional resources If you require additional resources other than the Genetec Technical Assistance Center, the following is available to you:
• GTAP Forum. The Forum is an easy to use message board that allows clients and Genetec staff to communicate with each other and discuss a variety of topics, ranging from technical questions to technology tips. You can log in or sign up at https://gtapforum.genetec.com.
• Technical training. In a professional classroom environment or from the convenience of your own office, our qualified trainers can guide you through system design, installation, operation, and troubleshooting. Technical training services are offered for all products and for customers with a varied level of technical experience, and can be customized to meet your specific needs and objectives. For more information, go to http://www.genetec.com/Services.
gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013
869