En.security Center Administrator Guide 5.2

July 5, 2016 | Author: jama99 | Category: N/A
Share Embed Donate


Short Description

security center...

Description

Security Center Administrator Guide 5.2

Copyright notice © 2013 Genetec Inc. All rights reserved. Genetec Inc. distributes this document with software that includes an end-user license agreement and is furnished under license and may be used only in accordance with the terms of the license agreement. The contents of this document are protected under copyright law. The contents of this guide are furnished for informational use only and are subject to change without notice. Genetec Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this guide. This publication may not be copied, modified, or reproduced in any form or for any purpose, nor can any derivative works be created therefrom without Genetec Inc.’s prior written consent. Genetec Inc. reserves the right to revise and improve its products as it sees fit. This document describes the state of a product at the time of document’s last revision, and may not reflect the product at all times in the future. In no event shall Genetec Inc. be liable to any person or entity with respect to any loss or damage that is incidental to or consequential upon the instructions found in this document or the computer software and hardware products described herein. The use of this document is subject to the disclaimer of liability found in the end-user license agreement. "Genetec", "Omnicast", "Synergis", "Synergis Master Controller", "AutoVu", "Federation", "Stratocast", the Genetec stylized "G", and the Omnicast, Synergis, AutoVu and Stratocast logos are trademarks of Genetec Inc., either registered or pending registration in several jurisdictions. "Security Center", "Security Center Mobile", "Plan Manager", "Stratocast" and the Security Center logo are trademarks of Genetec Inc. Other trade names used in this document may be trademarks or registered trademarks of the manufacturers or vendors of the respective products. All specifications are subject to change without notice.

Document information Document title: Security Center Administrator Guide 5.2 Document number: EN.500.003-V5.2.C1(1) Document update date: April 19, 2013 You can send your comments, corrections, and suggestions about this guide to [email protected].

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

ii

About this guide This guide provides the information you need to set up and configure your Security Center system. It explains the basic settings you must configure before your system can be used, as well as other settings you'll need to change such as adding additional users and resources (servers) to your system. This guide also provides the conceptual information and instructions on how to build and configure your Security Center video-surveillance, access control, and license plate recognition (LPR) systems. A reference section is included that provides information about each window and tab, and the related settings in the Config Tool. Last-minute updates can be found in the Security Center Release Notes. This guide is written for users who need to configure and manage Security Center. You should be familiar with the following concepts and systems:

• • • • • •

Microsoft Windows administration Installation, configuration, and use of Microsoft SQL Server 2008 Video surveillance concepts Access control concepts Vehicle law enforcement and parking enforcement concepts Wiring of access control equipment such as door controllers and input/output modules

Notes and notices This section explains how the following notes and notices are used in this guide:

• • • •

Tip. Suggests how to apply the information in a topic or step. Note. Explains a special case, or expands on an important point. Important. Points out critical information concerning a topic or step. Caution. Indicates that an action or step can cause loss of data, security problems, or performance issues.

• Warning. Indicates that an action or step can result in physical harm, or cause damage to hardware.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

iii

Contents About this guide .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. iii

Part I: Introduction to Security Center Chapter 1: Welcome to Security Center What is Security Center? .

.

.

.

.

Common/Core features

.

.

.

.

.

.

.

.

.

.

.

.

.

3

.

.

.

.

.

.

.

.

.

.

.

.

.

4

Omnicast – Video surveillance features .

.

.

.

.

.

.

.

.

.

.

.

.

4

Synergis – Access control features .

.

.

.

.

.

.

.

.

.

.

.

.

4

AutoVu – License plate recognition (LPR) features .

.

.

.

.

.

.

.

.

.

5

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6

About Security Center components.

.

.

.

.

.

.

.

.

.

.

.

.

.

6

What is Genetec Server?

.

.

.

.

.

.

.

.

.

.

.

.

.

7

Architecture overview.

.

. .

.

.

.

.

Chapter 2: Getting started with Config Tool Connecting to Security Center Log on .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

9 9

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Change your password .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 10

Log off .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 10

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 10

Differences between Config Tool 5.1 and 5.2 .

.

.

.

.

.

.

.

.

.

.

. 11

.

. 13

.

.

.

.

.

.

.

.

Close the application

.

.

.

.

.

.

.

.

.

.

.

.

.

How Config Tool is organized .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 13

Home page overview

.

.

.

.

.

.

.

.

.

.

.

.

.

. 14

Administration task workspace overview

.

.

.

.

.

.

.

.

.

.

.

. 16

Maintenance task workspace overview .

.

.

.

.

.

.

.

.

.

.

.

. 19

Config Tool interface tour .

. .

.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

iv

Chapter 3: Working with tasks Adding a task .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 22

Create a new task

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 22

Load a saved task

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 23

Working with your current tasks .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 24

Task list commands .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 24

Close the current task

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 25

Reordering tasks

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 25

Save a task .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 26

Send a task to another workstation .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 27

Change the taskbar position .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 27

Set the taskbar to auto-hide .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 27

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 30

Export and print your report .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 31

Chapter 4: Working with reports Generate a report .

.

.

Export your report .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 31

Print your report

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 31

.

Customize the report pane .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 32

Resize columns .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 32

Select columns .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 32

Change the column order

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 33

Part II: Security Center administration Chapter 5: Basic principles about entities Entities as basic building blocks

.

.

.

.

.

.

.

.

.

.

.

.

.

. 36

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 37

Create an entity manually

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 37

Common entity attributes .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 38

Entities created automatically by the system . Using geographical locations

Configuring entities

.

.

.

.

.

.

.

.

.

.

.

.

. 39

.

.

.

.

.

.

.

.

.

.

.

.

. 40

Further readings on entity configuration

.

.

.

.

.

.

.

.

.

.

.

. 40

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

.

.

v

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 42

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 42

Search for entities by name .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 43

Search for entities using the Search tool.

.

.

.

.

.

.

.

.

.

.

.

. 43

.

.

.

.

.

.

.

.

.

.

.

. 45

Searching for tasks and entities Search for a task

Delete an entity

.

.

.

.

.

.

.

.

.

Chapter 6: Common administrative tasks .

.

.

.

.

.

.

.

.

.

.

.

. 47

Add an expansion server to your system

.

.

.

.

.

.

.

.

.

.

.

. 47

Managing servers .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 48

Managing roles.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 49

Diagnose role problems

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 51

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 52

Common database settings .

.

.

Managing servers and roles

.

Managing databases .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 52

Where should the database be hosted? .

.

.

.

.

.

.

.

.

.

.

.

. 53

Move a database to a different computer

.

.

.

.

.

.

.

.

.

.

.

. 53

Connect roles to a remote database server .

.

.

.

.

.

.

.

.

.

.

. 54

Create a database .

.

.

.

.

.

.

.

.

.

.

.

. 55

View information about a role’s database

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 56

Turn on role database notifications .

.

.

.

.

.

.

.

.

.

.

.

.

. 57

Back up your role database .

.

.

.

.

.

.

.

.

.

.

.

.

. 57

.

.

.

.

Restore your role database .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 58

Delete a database .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 59

Configuring Security Center for high availability.

.

.

.

.

.

.

.

.

.

. 60

Configuring role failover .

.

.

.

.

.

.

.

.

.

. 61

.

. .

.

.

.

.

.

How role failover works in Security Center .

.

.

.

.

.

.

.

.

.

.

. 61

Which roles support failover

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 62

Configure failover for roles .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 64

Troubleshooting failover

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 65

.

.

.

.

.

.

.

.

.

. 66

How Directory failover and load balancing works .

.

.

.

.

.

.

.

.

. 66

.

Configuring Directory failover and load balancing

Directory failover and load balancing prerequisites .

.

.

.

.

.

.

.

.

. 67

Add a server to the Directory failover list

.

.

.

.

.

.

.

.

.

.

.

. 68

Modify the license for all servers

.

.

.

.

.

.

.

.

.

.

.

. 68

Change the order of the Directory servers .

.

.

.

.

.

.

.

.

.

.

. 69

.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

.

vi

Manually switch the main server

.

.

.

.

.

.

.

.

.

.

. 69

Remove a server from the Directory failover list .

.

.

.

.

.

.

.

.

.

. 70

Bypass default load balancing

.

.

.

.

.

.

.

.

.

. 70

.

. .

. .

. .

.

Configuring Directory database failover .

.

.

.

.

.

.

.

.

.

.

.

. 71

How Directory database failover works .

.

.

.

.

.

.

.

.

.

.

.

. 71

Configure database failover through backup and restore .

.

.

.

.

.

.

.

. 72

Configure database failover through mirroring .

.

.

.

.

.

.

.

.

.

. 74

Monitoring your system’s health .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 75

About the Health Monitor role .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 75

Configuring the Health Monitor.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 76

Monitoring your system’s health using maintenance tasks

.

.

.

.

.

.

.

. 81

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 82

What is the Network view? .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 82

Purpose of the Network view

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 82

Creating network entities

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 83

Managing the Logical view .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 85

About the Logical view .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 85

Configuring the Logical view

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 86

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 89

Introduction to software security

.

.

.

.

.

.

.

.

.

.

.

.

.

. 89

Defining partitions .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 90

Defining users .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 93

Defining user groups

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 96

Managing the Network view

Managing software security

Configuring user privileges .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 99

Using privilege templates

.

.

.

.

.

.

.

.

.

.

.

.

.

.

101

.

.

.

.

.

.

.

.

.

.

.

102

.

Importing users from an Active Directory Automating system behavior . Using schedules .

.

.

.

.

.

.

.

.

.

.

.

.

.

103

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

103

Using event-to-actions .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

106

Using scheduled tasks

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

109

Using macros

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

110

.

Managing alarms . What is an alarm?

.

.

. .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

111

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

111

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

vii

Create an alarm

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 112

Testing alarms .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 112

Trigger alarms manually

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 113

Trigger alarms automatically using event-to-actions Responding to alarms .

.

.

.

.

.

.

.

.

. 113

.

.

.

.

.

.

.

.

.

.

.

.

. 115

Investigating current and past alarms .

.

.

.

.

.

.

.

.

.

.

.

. 116

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 117

What are threat levels for? .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 117

Differences between threat levels and alarms

.

.

.

.

.

.

.

.

.

.

. 117

Create a threat level

Managing threat levels

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 119

Configuring threat level actions

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 121

Actions exclusive to threat levels

.

.

.

.

.

.

.

.

.

.

.

.

.

. 122

Threat level limitations .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 122

Threat level scenarios .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 123

Threat level related tasks

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 127

Federating remote systems

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 128

Types of federations

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 128

What are federated entities?

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 128

Federating Omnicast systems .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 131

Federating Security Center systems .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 133

Advanced settings for large federations .

.

.

.

.

.

.

.

.

.

.

.

. 134

.

.

.

.

.

.

.

.

.

.

.

.

. 136

Why use custom fields?.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 136

Add a custom field .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 136

Add a custom data type.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 138

Modify a custom data type .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 139

Integrating with Windows Active Directory .

.

.

.

.

.

.

.

.

.

.

. 140

Defining custom fields and data types

What is Active Directory integration? .

.

.

.

.

.

.

.

.

.

.

.

. 140

What are the benefits of AD integration?

.

.

.

.

.

.

.

.

.

.

.

. 140

How does Active Directory integration work? .

.

.

.

.

.

.

.

.

.

. 141

How does synchronization work? .

.

.

.

.

.

.

.

.

.

. 142

What information can be synchronized with the AD? .

.

.

.

.

.

.

.

. 142

Import security groups from an Active Directory

.

.

.

.

.

.

.

. 143

Select which cardholder fields to synchronize with the AD .

.

.

.

.

.

.

. 146

Mapping the credential card format to an AD attribute .

.

.

.

.

.

.

. 147

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

.

.

.

.

.

.

viii

Map custom fields to synchronize with the AD .

.

.

.

.

.

.

.

.

.

Resolve conflicts due to imported entities Modifying imported users .

148

.

.

.

.

.

.

.

.

.

.

.

149

.

.

.

.

.

.

.

.

.

.

.

.

.

.

151

Modifying imported cardholders

.

.

.

.

.

.

.

.

.

.

.

.

.

151

Logging on with an Active Directory user

.

.

.

.

.

.

.

.

.

.

.

153

.

.

.

.

.

.

.

.

.

.

.

155

How are intrusion detection panels represented in Security Center? .

.

.

.

.

155

What does the Intrusion Manager role do? . Enroll an intrusion panel

.

Managing intrusion panels

.

.

.

.

.

.

.

.

.

.

.

.

.

156

.

.

.

.

.

.

.

.

.

.

.

.

156

Edit intrusion detection unit peripherals.

.

.

.

.

.

.

.

.

.

.

.

158

Create an intrusion detection area .

.

.

.

.

.

.

.

.

.

.

.

.

159

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

160

What is IO linking? .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

160

What is a zone? .

.

.

Managing zones

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

160

About zone management roles .

.

.

.

.

.

.

.

.

.

.

.

.

.

161

Creating zones .

.

.

.

.

.

.

.

.

.

.

.

.

.

161

Which type of zone works best for me? .

.

.

.

.

.

.

.

.

.

.

.

163

Supporting cross-platform development .

.

.

.

.

.

.

.

.

.

.

.

164

What does the Web-based SDK role do? .

.

.

.

.

.

.

.

.

.

.

.

164

Using the Web-based SDK . Creating tile plugins

. .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

164

.

.

.

.

.

.

.

.

.

.

.

.

.

.

165

Create a tile plugin that links to a Web site .

.

.

.

.

.

.

.

.

.

.

165

Create a tile plugin that links to a map file

.

.

.

.

.

.

.

.

.

.

.

165

Chapter 7: Troubleshooting Viewing system messages .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

168

Viewing system health events .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

170

Viewing the health status and availability of entities .

.

.

.

.

.

.

.

.

171

System status task .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

172

Monitoring the status of your system .

.

.

.

.

.

.

.

.

.

.

.

.

177

Troubleshooting entity states .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

179

.

.

.

.

.

.

.

.

.

.

.

.

.

.

180

Finding out who made changes on the system .

.

.

.

.

.

.

.

.

.

.

181

Diagnosing entities

.

.

.

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

ix

Investigating user related activity on the system . Viewing properties of units in your system

.

.

.

.

.

.

.

.

.

.

.

. 182

.

.

.

.

.

.

.

.

.

. 184

Part III: Omnicast IP video surveillance Chapter 8: Deploying Omnicast .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 187

What are the Omnicast entities? .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 188

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 190

Omnicast deployment prerequisites

.

.

.

.

.

.

.

.

.

.

.

.

. 190

Omnicast deployment procedure .

.

.

.

.

.

.

.

.

.

.

.

.

. 191

What is Omnicast?

.

.

.

Omnicast deployment process

Configuring the Archiver role

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 193

What is the Archiver? .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 193

Configure the Archiver .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 193

Adding video units to your system .

.

.

.

.

.

.

.

.

.

.

.

.

. 194

Configuring video units for trickling

.

.

.

.

.

.

.

.

.

.

.

.

. 197

Configuring the Media Router role

.

.

.

.

.

.

.

.

.

.

.

.

.

. 202

What is the Media Router? .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 202

Configure the Media Router

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 202

Beware of RTSP port conflict

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 203

Configuring the Auxiliary Archiver role .

.

.

.

.

.

.

.

.

.

.

.

. 204

What is the Auxiliary Archiver?

.

.

.

.

.

.

.

.

.

.

.

.

.

. 204

Configure the Auxiliary Archiver .

.

.

.

.

.

.

.

.

.

.

.

.

. 206

Associate cameras to the Auxiliary Archiver

.

.

.

.

.

.

.

.

.

.

. 207

Remove a camera from the Auxiliary Archiver .

.

.

.

.

.

.

.

.

.

. 208

Move the Auxiliary Archiver to a different server

.

.

.

.

.

.

.

.

.

. 208

.

.

.

.

.

.

.

.

.

.

. 209

Recommended camera configuration process .

.

.

.

.

.

.

.

.

.

. 209

Configuring video streams .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 210

Configure visual tracking .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 212

Test the video quality of your camera .

.

.

.

.

.

.

.

.

.

.

.

. 213

Configuring cameras .

.

Configure PTZ motors .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 214

Creating camera sequences .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 218

Configuring analog monitors .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 220

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

x

Configure analog monitors .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

220

Testing your analog monitor configuration .

.

.

.

.

.

.

.

.

.

.

222

Chapter 9: Managing Omnicast Managing video archives .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

224

What constitutes a video archive?

.

.

.

.

.

.

.

.

.

.

.

.

.

224

Managing the archive storage

.

.

.

.

.

.

.

.

.

.

.

.

.

.

225

Protecting your video archives .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

227

Protecting your video archive against storage failure .

.

.

.

.

.

.

.

.

227

Protecting your video archive against hardware failure .

.

.

.

.

.

.

.

227

Protecting video archive against routine cleanup.

.

.

.

.

.

.

.

.

.

229

Protecting video archive against tampering .

.

.

.

.

.

.

.

.

.

.

229

Protecting video files .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

231

Viewing properties of video files .

.

.

.

.

.

.

.

.

.

.

.

.

.

233

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

234

Diagnosing video streams .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

235

Troubleshooting video units that are offline .

.

.

.

.

.

.

.

.

.

.

236

.

.

.

.

.

.

.

.

.

.

237

Diagnosing “Impossible to establish video session with the server” errors.

.

.

.

239

Troubleshooting no playback video available .

Replace video units

.

.

Diagnosing “Waiting for signal” errors

.

.

.

.

.

.

.

.

.

.

.

.

240

Troubleshooting cameras that are not recording .

.

.

.

.

.

.

.

.

.

241

Troubleshooting video units that cannot be added

.

.

.

.

.

.

.

.

.

244

Troubleshooting video units that cannot be deleted

.

.

.

.

.

.

.

.

.

247

Solving H.264 video stream issues .

.

.

.

.

.

.

.

.

.

.

.

.

.

248

Investigating Archiver events .

.

.

.

.

.

.

.

.

.

.

.

.

.

249

.

Part IV: Synergis IP access control Chapter 10: Deploying Synergis What is Synergis? .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

252

How does Synergis work?

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

252

What are Synergis entities? .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

253

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

xi

Uniqueness of the Synergis model . Synergis deployment process .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 254

.

.

.

.

.

.

.

.

.

.

.

.

.

. 256

Synergis deployment prerequisites .

.

.

.

.

.

.

.

.

.

.

.

.

. 256

Synergis deployment procedure

.

.

.

.

.

.

.

.

.

.

.

.

.

. 257

Configuring the Access Manager role .

.

.

.

.

.

.

.

.

.

.

.

.

. 260

Configure the Access Manager role .

.

.

.

.

.

.

.

.

.

.

.

.

. 260

Add the unit manufacturer extensions .

.

.

.

.

.

.

.

.

.

.

.

. 261

Adding access control units to your system .

.

.

.

.

.

.

.

.

.

.

. 261

Configuring access control units .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 267

Understanding unit synchronization

.

.

.

.

.

.

.

.

.

.

.

.

. 267

Synergis Master Controller’s unique characteristics .

.

.

.

.

.

.

.

.

. 267

.

.

.

.

.

.

.

.

.

.

.

.

.

. 268

Wiring doors to access control units

.

.

.

.

.

.

.

.

.

.

.

.

. 268

Create and configure your doors

.

.

.

.

.

.

.

.

.

.

.

.

.

. 268

Configuring a buzzer .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 269

Configuring readerless doors using Input/Output modules .

.

.

.

.

.

.

. 269

Associate cameras to doors .

.

.

.

.

.

.

.

.

. 270

Using the Walkthrough wizard

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 271

Why use the Walkthrough wizard? .

.

.

.

.

.

.

.

.

.

.

.

.

. 271

Assigning doors to access control units using the Walkthrough Wizard .

.

.

.

. 272

Configuring doors

.

Configuring elevators .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 274

Hardware for elevator control and floor tracking

.

.

.

.

.

.

.

.

.

. 274

Configuring elevator floors .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 275

Create an elevator .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 275

Configuring secured areas

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 278

Create an area .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 278

Add members to an area

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 279

Configure doors for an area

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 279

Configure antipassback.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 280

Configure interlock

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 280

Configuring access rules .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 281

Create and configure access rules .

.

.

.

.

.

.

.

.

.

.

.

.

. 281

Configuring cardholders and cardholder groups .

.

.

.

.

.

.

.

.

.

. 283

.

.

.

.

.

.

.

.

.

. 283

Create a cardholder in Config Tool . gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

.

.

.

xii

Create a cardholder group in Config Tool

.

.

.

.

.

.

.

.

.

.

About the maximum cardholder picture file size .

.

.

.

.

.

.

.

.

.

284

Import cardholders from a flat file .

.

.

.

.

.

.

.

.

.

.

284

Importing cardholders from an Active Directory

.

.

.

.

.

.

.

.

.

284

Managing cardholders in Security Desk . .

.

.

284

.

.

.

.

.

.

.

.

.

.

.

284

.

.

.

.

.

.

.

.

.

.

.

.

.

285

Create a credential in Config Tool .

.

.

.

.

.

.

.

.

.

.

.

.

285

Import credentials from a flat file

.

.

Configuring credentials

.

.

.

.

.

.

.

.

.

.

.

.

.

287

Importing credentials from an Active Directory .

.

.

.

.

.

.

.

.

.

.

287

Enrolling credentials from Security Desk

.

.

.

.

.

.

.

.

.

.

.

287

Using custom card formats .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

287

Defining badge templates .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

289

Testing your configuration

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

294

.

.

.

.

.

.

.

.

.

.

.

.

.

.

296

What is global cardholder management?

.

.

.

.

.

.

.

.

.

.

.

296

How does global cardholder management work? Rules and restrictions regarding GCM .

Chapter 11: Managing Synergis Managing global cardholders .

.

.

.

.

.

.

.

.

.

296

.

.

.

.

.

.

.

.

.

.

.

301

Configuring global cardholder management .

.

.

.

.

.

.

.

.

.

.

303

Operating on global entities .

.

.

.

.

.

.

.

.

.

.

.

.

.

305

Viewing access control health events .

.

.

.

.

.

.

.

.

.

.

.

.

308

Investigating access control unit events

.

.

.

.

.

.

.

.

.

.

.

.

309

Viewing IO configuration of access control units .

.

.

.

.

.

.

.

.

.

310

.

.

.

.

.

.

.

.

.

.

311

Replacing HID VertX 1000 units with SMC units .

.

.

.

.

.

.

.

.

.

312

Troubleshoot HID discovery and enrollment .

.

.

.

.

.

.

.

.

.

.

314

Common discovery and enrollment issues .

.

.

.

.

.

.

.

.

.

.

314

HID unit cannot be found with the discovery tool

.

.

.

.

.

.

.

.

.

315

HID unit enrollment issues .

.

.

.

.

.

.

.

.

.

315

Finding out which entities are affected by access rules .

.

.

.

.

.

.

.

.

317

Viewing properties of cardholder group members.

.

.

.

.

.

.

.

.

.

318

Viewing credential properties of cardholders .

.

.

.

.

.

.

.

.

.

319

Replace access control units

.

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

.

.

.

.

.

.

.

.

.

.

.

xiii

.

.

.

.

.

.

.

.

.

.

.

. 320

.

.

.

.

.

.

.

.

.

.

.

.

. 321

Troubleshooting cardholder access rights.

.

.

.

.

.

.

.

.

.

.

.

. 322

Diagnosing cardholder access rights based on credentials

.

.

.

.

.

.

.

. 323

Finding out who is granted access to doors and elevators .

.

.

.

.

.

.

.

. 324

Finding out who is granted/denied access at access points

.

.

.

.

.

.

.

. 325

Troubleshoot door issues .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 326

Request to exit events .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 326

Credential issues

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 326

Resolution of reader issues .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 327

.

.

.

.

.

.

.

. 332

How the Access troubleshooter tool works Troubleshooting access points

.

.

.

.

Part V: AutoVu IP license plate recognition Chapter 12: Deploying AutoVu

Part VI: Config Tool reference Chapter 13: Entity types Common configuration tabs .

.

.

.

.

.

.

.

Identity

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 332

Cameras

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 334

Custom fields .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 335

Location

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 336

Access control unit

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 337

Properties (SMC) .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 338

Properties (HID)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 340

Portal (SMC) .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 343

Network (HID).

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 344

Peripherals .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 345

Health .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 346

Synchronization

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 347

.

. .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 349

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 350

Access rule

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

xiv

Alarm .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

351

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

352

Advanced

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

354

.

Analog monitor

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

357

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

358

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

360

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

361

Members

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

363

Access rules .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

364

Badge template.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

365

Badge designer .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

366

Camera (video encoder)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

368

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

369

Area

.

Video

.

.

.

.

Recording .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

378

Motion detection

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

379

Color

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

387

Visual tracking .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

388

Hardware

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

389

Camera sequence .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

393

.

. .

Cameras

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

394

Cardholder.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

395

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

396

Picture .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

397

.

Cardholder group .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

398

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

399

Cash register

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

400

Credential .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

401

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

402

Badge template .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

403

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

404

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

405

Unlock schedules

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

406

Hardware

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

408

Door

.

.

.

.

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

xv

Access rules

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 409

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 410

Floors .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 411

Access .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 412

Advanced .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 413

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 414

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 415

Advanced .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 418

Intrusion detection area .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 421

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 422

Intrusion detection unit .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 423

Elevator

Hotlist.

.

Properties .

.

.

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 424

Peripherals .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 425

LPR unit .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 426

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 427

Macro .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 429

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 430

Default execution context .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 431

Monitor group

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 432

Monitors .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 433

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 434

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 435

Output behavior .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 437

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 438

Overtime rule .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 439

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 440

Parking lot .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 442

Parking facility

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 444

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 445

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 447

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 448

Accepted users .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 449

Network .

Partition .

Patroller .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 450

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 451

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

xvi

Permit .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

453

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

454

Permit restriction .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

457

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

458

Parking lot .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

460

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

461

Public task . .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

462

Schedule

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

463

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

464

Role

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

465

Using the ordinal pattern

Setting the time range

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

468

Scheduled task .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

469

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

470

Server .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

471

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

472

Server Admin

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

473

Directory tab

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

473

Genetec Server tab .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

476

Tile plugin .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

480

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

481

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

482

User

.

.

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

483

Workspace .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

485

Security .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

486

Privileges

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

488

User group .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

489

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

490

Security .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

491

Privileges

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

493

Video unit .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

494

Identity .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

495

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

496

Peripherals .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

498

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

xvii

Zone (hardware) .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 502

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 503

Arming

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 504

Zone (virtual) .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 506

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 507

Arming

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 508

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 511

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 512

Extensions .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 513

Resources .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 514

Active Directory .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 516

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 517

Links .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 518

Resources .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 520

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 521

Camera recording .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 522

Trickling

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 524

.

Chapter 14: Role types Access Manager

Archiver .

. .

.

.

Extensions .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 528

Resources .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 533

Auxiliary Archiver

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 543

Camera recording .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 544

Cameras

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 546

Resources .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 547

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 551

Configuring the Directory role .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 551

Managing the Directory role

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 551

Directory .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 552

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 553

Database failover .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 554

Directory Manager Directory servers

Global Cardholder Synchronizer .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 557

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 558

Resources .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 559

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

xviii

Health Monitor

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

561

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

562

.

.

.

560

Intrusion Manager .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

563

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

564

Extensions .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

565

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

566

LPR Manager .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

567

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

568

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

584

Media Router .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

585

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

586

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

588

Omnicast Federation .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

590

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

591

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

592

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

593

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

594

Point of Sale

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

595

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

596

Cash registers

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

597

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

598

Report Manager

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

599

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

599

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

600

Security Center Federation

Identity .

Plugin .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

601

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

602

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

603

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

604

Web-based SDK

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

605

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

606

Resources

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

607

Identity .

.

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

xix

Zone Manager.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 608

Properties .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 609

Resources .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 610

Chapter 15: Administration tasks .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 612

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 613

Network view .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 615

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 617

Alarms

.

Logical view Security

.

.

.

System

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 618

General settings

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 618

Custom fields .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 619

Events .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 622

Actions.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 624

Logical ID .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 625

User password settings .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 626

Activity trails .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 627

Audio .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 628

Threat levels

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 629

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 630

Access control .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 632

Roles and units .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 633

General settings

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 634

Intrusion detection

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 636

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 638

Roles and units .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 639

General settings

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 640

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 649

Video .

LPR

.

Plugins

.

.

.

.

.

Chapter 16: Tools and utilities Security Desk .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 651

Access troubleshooter .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 652

Unit discovery tool

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 653

Unit replacement .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 654

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

xx

Move unit .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

655

Moving units

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

655

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

657

Sample import scenario .

.

.

.

.

Import tool

.

.

.

.

.

.

.

.

.

.

.

657

Fields that can be imported from a CSV file .

.

.

.

.

.

.

.

.

.

.

662

About entity creations and updates .

.

.

.

.

.

.

.

.

.

.

.

.

666

Replacing old credentials

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

666

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

668

Using the copy configuration tool

.

.

.

.

.

.

.

.

.

.

.

.

.

668

.

.

.

.

.

.

.

.

.

.

.

.

.

.

670

Defining custom card formats .

.

.

.

.

.

.

.

.

.

.

.

.

.

670

Deleting a custom card format .

.

.

.

.

.

.

.

.

.

.

.

.

.

677

.

.

.

.

.

.

.

.

.

.

.

.

.

678

Copy configuration tool

.

Custom card format editor

Options dialog box.

.

General options .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

679

Keyboard shortcuts .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

681

Visual options .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

683

User interaction options.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

685

Video options .

. .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

688

Performance options

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

689

Date and time options .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

690

External devices .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

691

Adding shortcuts to external tools .

.

.

.

.

.

.

.

.

.

.

.

.

.

692

.

.

Chapter 17: User privileges Application privileges .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

695

General privileges .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

696

Administrative privileges .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

697

.

Logical entities .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

697

Physical entities

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

697

Schedule Management .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

700

Access control management

.

.

.

.

.

.

.

.

.

.

.

.

.

.

701

Alarm management

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

703

LPR management .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

703

genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1)

xxi

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 704

Action privileges .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 708

Task privileges

Chapter 18: Reporting task reference Query filters .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 712

Report pane columns .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 723

Chapter 19: Events and actions in Security Center .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 745

Action types .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 758

Event types

Chapter 20: Keyboard shortcuts in Config Tool .

.

.

.

.

.

.

.

.

.

. 765

Viewing license information from Config Tool .

.

.

.

.

.

.

.

.

.

. 769

Viewing license information from Server Admin .

.

.

.

.

.

.

.

.

.

. 770

Default keyboard shortcuts

.

.

.

.

.

Part VII: Appendices Appendix A: License options

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 771

Security Center license options .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 771

License option descriptions Synergis license options

. .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 772

Omnicast license options .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 773

AutoVu license options.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 774

Mobile license options .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 774

Certificate license options .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 775

Appendix B: Default Security Center ports Common communication ports .

.

.

.

.

.

.

.

.

.

.

.

.

.

. 777

AutoVu-specific ports.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 778

Synergis-specific ports

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 779

Omnicast-specific ports .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 780

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

xxii

Appendix C: HID reference .

.

.

.

.

.

.

.

. 782

Refer to HID’s documentation for initial hardware setup

.

.

.

.

.

.

.

. 782

Network configuration

.

.

.

.

Using the HID Discovery GUI utility .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 783

.

.

.

.

.

.

.

.

.

.

.

.

. 784

Special considerations when configuring HID units .

.

.

.

.

.

.

.

.

. 785

.

HID initial configurations

.

.

For HID V1000 units .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 785

Other HID hardware

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 785

HID factory default input settings .

.

.

.

.

.

.

.

.

.

.

.

.

. 785

Modify input configurations

.

.

.

.

.

.

.

.

.

.

.

.

. 786

Interpreting the Power and Comm LEDs on an HID unit

.

.

.

.

.

.

.

. 787

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 788

Supported access control software and hardware

.

.

.

.

.

.

.

.

.

. 788

.

.

.

.

.

.

.

.

.

. 791

About offline, mixed, and online modes of operation

.

.

.

.

.

.

.

.

. 791

Supported modes of operation per unit type

Supported features and models

.

.

Access control unit modes of operation .

. .

. .

.

.

.

.

.

.

.

.

.

. 791

Access control unit configuration.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 799

General versus dedicated inputs

.

.

.

.

.

.

.

.

.

.

.

.

.

. 799

Configuring a door with reader

.

.

.

.

.

.

.

.

.

.

.

.

.

. 799

Configuring a door with two door sensors .

.

.

.

.

.

.

.

.

.

.

. 799

Wiring diagrams .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 800

HID Edge reader & Edge Plus .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 800

HID VertX V1000 .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 801

HID VertX V2000 .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 802

How Bosch intrusion panel integration works

.

.

.

.

.

.

.

.

.

.

. 804

How Galaxy Dimension control panel integration works .

.

.

.

.

.

.

.

. 806

Appendix D: Bosch reference

Appendix E: Honeywell reference

Glossary

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.807

Index

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.847

.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

xxiii

Part I Introduction to Security Center Take a tour of Security Center and learn the basics of using the user interface. This part includes the following chapters: •

Chapter 1, “Welcome to Security Center” on page 2



Chapter 2, “Getting started with Config Tool” on page 8



Chapter 3, “Working with tasks” on page 21



Chapter 4, “Working with reports” on page 29

1 Welcome to Security Center This section includes the following topics:

• "What is Security Center?" on page 3 • "Architecture overview" on page 6

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

2

What is Security Center?

What is Security Center? Security Center is the unified security platform that seamlessly blends Genetec's IP security and safety systems within a single innovative solution. The systems unified under Security Center include Genetec's Omnicast IP video surveillance, Synergis IP access control, and AutoVu IP license plate recognition system. The Security Center unified security platform provides:

• One platform controlling and managing video/access/LPR edge devices. • One user interface for monitoring, reporting, and managing events and alarms for video • •

surveillance, access control, and LPR - Security Desk. One user interface for configuring video surveillance, access control, and LPR - Config Tool. Unified live video viewing with video searches and video playback.

Security Center features are divided into four main categories:

• • • •

Common/Core features Omnicast – Video surveillance features Synergis – Access control features AutoVu – License plate recognition (LPR) features

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

3

What is Security Center?

Common/Core features • • • • • • • • •

Alarm management Zone management Federation Intrusion panel integration Report management Schedule and scheduled task management User and user group management Windows Active Directory integration Programmable automated system behavior

Omnicast – Video surveillance features • • • • • • • • • • • • •

Full camera configuration and management (new in 5.2) View live and playback video from all cameras Full PTZ control using the PC or CCTV keyboard, or on screen using the mouse Digital zoom Motion detection Bookmark any important scene to ease future video archive search and retrieval Save and print video snapshots Search video by alarm, bookmark, event, motion, or date and time View all cameras on independent or synchronized timelines Visual tracking: follow individuals or moving objects across different cameras Export video in the Genetec G64 format, or a public ASF format Protect video against accidental deletion Protect video against tampering by using watermarks

Synergis – Access control features • • • • • •

Cardholder management Credential management Visitor management Door management Access rule management People counting

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

4

What is Security Center?

AutoVu – License plate recognition (LPR) features • • • • •

Fixed and mobile (with Patroller) LPR solution management Automatic identification of stolen (or scofflaw) vehicles Enforcement of city parking regulations (not involving permits) Enforcement of parking lot regulations (involving permits) License plate inventory in large parking facilities

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

5

Architecture overview

Architecture overview This section provides an overview of the components in a Security Center system. The setup and configuration of these components are explained later in this guide. This section includes the following topics:

• "About Security Center components" on page 6 • "What is Genetec Server?" on page 7

About Security Center components Security Center’s architecture is based on a client/server model, where all system functions are handled by a pool of server computers distributed over an IP network. Every Security Center system must have its own pool of servers. Their number can range from a single machine for a small system to hundreds of machines for a large scale system.

NOTE The icons colored in blue represent the computers where Security Center server and client

components are installed.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

6

Architecture overview

What is Genetec Server? Genetec Server is the Windows service you must install on every computer that you want included in the pool of servers available for Security Center to use. Every server is a generic computing resource capable of taking on any role (set of functions) you assign to it. You can increase the computing power of your Security Center system at any time by adding more servers to your pool of resources.

What is the main server? The main server is the only server on your system that hosts the Directory role. The Directory is the role that gives your system its identity. All other servers on the system must connect to the main server in order to be part of the same system. You can have only one main server on any Security Center system.

What is an expansion server An expansion server is any computer other than the main server that you add to your system to increase its total computing power. An expansion server must connect to the main server and can host any role in Security Center, except the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.

What is a role? A role is a software module that performs a specific job within Security Center. For example, you can assign roles for archiving video, for controlling a group of units, or for synchronizing Security Center users with your corporate directory service. You create and configure roles using Config Tool. You can assign one or more roles to a single server, or assign multiple servers to the same role to provide load balancing and failover. For more information, see "How role failover works in Security Center" on page 61. For each role you create, you can specify its parameters. After you’ve configured a role, you can move it to any server on your system (for example, one with a faster processor or more disk space) without having to install any additional software on that server. For a list of role types available in Security Center and what they are used for, see "Role types" on page 510.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

7

2 Getting started with Config Tool This section provides you with basic knowledge about Config Tool, the main application an administrator needs to configure Security Center. Once you’ve learned the basic concepts described in this section, you can refer to the "Config Tool reference" on page 330 for specific information on Config Tool topics. This section includes the following topics:

• "Connecting to Security Center" on page 9 • "Differences between Config Tool 5.1 and 5.2" on page 11 • "Config Tool interface tour" on page 13

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

8

Connecting to Security Center

Connecting to Security Center This section describes how to connect to Security Center. This section includes the following topics:

• • • •

"Log on" on page 9 "Change your password" on page 10 "Log off " on page 10 "Close the application" on page 10

Log on Before you begin: You need your username, password, and Directory name. 1 To open Config Tool, click Start > All Programs > Genetec Security Center 5.2 > Config Tool.

2 In the Logon dialog box, enter the required information. If you have just installed Security Center, log on with the default administrative user Admin with a blank password. The Directory name is the name or IP address of your main server. If you are running Config Tool on your main server, you can leave the Directory field blank. 3 Click Log on. The Home page appears. For more information, see "Home page overview" on page 14. After you are done: Change the Admin user’s password if it hasn’t been changed yet. IMPORTANT If active directory integration has been set up by your system administrator, and you

are connecting over a VPN connection, you must clear the Use Windows credentials check box and type your username in the format DOMAIN\Username. NOTE More logon options are available when an Active Directory is integrated to Security Center. For more information, see "Logging on with an Active Directory user" on page 153.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

9

Connecting to Security Center

Change your password Best practice: It is recommended to change your password regularly. 1 From the Home page, click About. 2 In the About page, click Change password. The Change password dialog box appears.

3 Enter your old password, then enter your new password twice. 4 Click OK.

Log off You can log off from Security Center without closing Config Tool. Logging off disconnects you from the Directory. Use this command when you plan to log on again using a different username and password.

• From the Home page, click Log off.

Close the application 1 In the upper-right corner of the Config Tool window, click Exit (

).

If you have unsaved tasks in your workspace, you are prompted to save them. 2 Click Save to automatically load the same task list the next time you open Config Tool.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

10

Differences between Config Tool 5.1 and 5.2

Differences between Config Tool 5.1 and 5.2 The following table highlights the differences between Config Tool 5.1 and 5.2. Item

Config Tool 5.1

Config Tool 5.2

Home page

Access the Home page by clicking the Home button.

Access the Home page by clicking the Home tab.

Favorites

Favorite items displayed in the Favorites tab in the Home page.

Favorite items listed in the Tasks tab in the Home page.

Recently used

Recent items displayed in the Recently used tab in the Home page.

Recent items listed in the Tasks tab in the Home page.

Private/public tasks

Private and public tasks are saved in the Saved tasks tab in the Home page.

Private and public tasks are saved as separate tabs in the Home page.

License options

All license options are displayed in the About page.

Some license options displayed in the About page can be turned on or off.

Task organization

Tasks in the Tasks tab listed by task category (Administration, Operation, and Maintenance), and solution type (access control, video, intrusion investigation, and LPR).

Tasks in the Tasks tab listed by task category (Administration, Operation, and Maintenance). The solution types are indicated by a colored line under the task icons; red for access control, green for video, and yellow for LPR.

Notification tray

Can hide some of the notification tray items.

All notification tray items can be shown or hidden.

Selector

Selector contains different tabs, such as Logical view and Query tab.

The Logical view and Query tab are displayed, but the selector is not indicated in the user interface.

Report commands

Report commands grouped in the Report tab (export and print report) in Maintenance tasks.

Report commands found at the top of the report pane (export and print report) in Maintenance tasks.

Select columns

Select which columns to display from the Report tab in Maintenance tasks.

Select which columns to display by right-clicking a column heading in the report pane in Maintenance tasks.

Configuring alarm entities

Alarm entity configuration pages found in the System task

Alarm entity configuration pages found in the new Alarms task.

Credential enrollment task

Allows you to enroll credentials.

Renamed to Credential management task. Allows you to enroll credentials, create and assign credentials, and respond to credential card printing requests.

Cardholder management

Three tabs for configuring cardholders: Identity, Credentials, and Access rules.

Two tabs for configuring cardholders: Identity and Access rules. Credentials tab is merged into the Identity tab.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

11

Differences between Config Tool 5.1 and 5.2

Item

Config Tool 5.1

Config Tool 5.2

Access control unit configuration report

Access control maintenance report, where you can view the configuration of access control units in your system.

Renamed to Hardware inventory report. A general maintenance report, where you can view the configuration of access control, video, intrusion detection, and LPR units in your system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

12

Config Tool interface tour

Config Tool interface tour This section describes the main components of the Config Tool user interface. This section includes the following topics:

• • • •

"How Config Tool is organized" on page 13 "Home page overview" on page 14 "Administration task workspace overview" on page 16 "Maintenance task workspace overview" on page 19

How Config Tool is organized Config Tool is organized by tasks. All tasks can be customized, and multiple tasks can be carried out simultaneously. You might not see all the tasks and commands described in this guide, depending on your license options and user privileges. There are user privileges for each Config Tool task, and for many commands in Config Tool. Tasks in the Home page are organized into three categories:

• Administration. Administration tasks used to create and configure the entities required to model your system.

• Operation. Tasks related to day-to-day Security Center operations. • Maintenance. Tasks related to maintenance and troubleshooting. Under each major category, the tasks are further divided as follows:

• Common tasks. Tasks that are shared by all three Security Center software modules. These tasks are always available regardless of which modules are supported by your software license.

• Access control. Tasks related to access control. Access control tasks are displayed with a red line under their icons. They are only available if Synergis is supported by your software license.

• Intrusion detection. Tasks that let you manage intrusion detection areas and units. • LPR. Tasks related to license plate recognition. LPR tasks are displayed with a yellow line under their icons. They are only available if AutoVu is supported by your software license.

• Video. Tasks related to video management. Video tasks are displayed with a green line under their icons. They are only available if Omnicast is supported by your software license.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

13

Config Tool interface tour

Home page overview This section describes the Home page, and key components of the Config Tool user interface. The Home page is the main page in Config Tool. You can open the Home page by clicking Home ( ). It is also shown if the task list is empty. A

B

C

D

E F G H I J K L M

N

A

Home tab

• Click to show or hide the Home page.Right-click for a list of commands (for example, save the workspace, close tasks, and so on).

B

Current tasks

Lists the tasks you currently have open and are working on. • Click a task tab to switch to that task. • Right-click a tab for a list of commands. See "Working with your current tasks" on page 24.

C

Notification tray

Displays important information about your system. Hold your mouse pointer over an icon to view system information, or double-click the icon to perform an action. You can choose which icons to show in the notification bar from the Options dialog box. See "Notification tray" on page 684.

D

List all tasks

Click to view a list of all open tasks. This button only appears if the task tabs take up the width of the taskbar.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

14

Config Tool interface tour

E

Search box

Type the name of the task, tool, or entity you are looking for. All tasks, tools or entities containing that text in their category, name, or description, are shown.

F

Tasks

Lists your recent items, favorites, and all the task types that are available to you. Select a task to open from this tab.

G

Private/ public tasks

Click to view the saved tasks that are available to you. • Private tasks. Tasks that you saved that are only available to you. • Public tasks. Tasks that you or someone else saved that are available to the general public. To save a private or public task, see "Save a task" on page 26.

H

Tools

Click to view the tools that you can start directly from your Home page. The Tools page is divided into two sections: • Tools. This section shows the standard Security Center tools. • External tools. This section shows the shortcuts to external tools and applications. See "Adding shortcuts to external tools" on page 692.

I

Options

Click to configure Config Tool options. See "Options dialog box" on page 678.

J

About

Click to view information regarding your Security Center software, such as your license, SMA, and software version. From the About page, you can also view the following: • Help. Click to open the online help. • Change password. Click to change your password. See "Change your password" on page 10. • Contact us. Click to visit GTAP or the GTAP forum. You need an Internet connection to visit these Web sites. See "Technical support" on page 869. • Installed components. Click to view the name and version of all installed software components (DLLs). • Copyright. Click to display software copyright information. For information about your software license, see "License options" on page 768.

K

Log off

Click to log off without exiting the application.

L

Favorites

Right-click any task or tool to add or remove it from your Favorites list. You can also drag a task into your favorites list. Tasks listed in favorites no longer appear in the Recent items list.

M

Recent items

Lists your recently opened tasks and tools.

N

Browse tasks

Click to view all the tasks available to you. Click a task icon to open the task. If it is a single-instance task, it will open. If you can have multiple instances of the task, you are required to type a name for the task. If the task has multiple entity views, you need to select an entity. See also, "Adding a task" on page 22.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

15

Config Tool interface tour

Administration task workspace overview Administration tasks used to create and configure the entities required to model your system. This section takes you on a tour of the administration task layout, and describes the common elements of most administration tasks. The Security task was used as an example. You can open the Security task by typing its name in the Search box on the Home page. For more information about administration tasks, see "Administration tasks" on page 611.

A B C D E F

G

H

I

A

Entity views

You’ll typically find one view for each entity type managed by the task.

B

Entity filter

Enter a string in this field and type Enter to filter the entities in the browser by name. Click Apply a custom filer ( ) to hand pick the entities you want to show in the browser.

C

Entity history

Use these buttons to browse through recently used entities within this task.

D

Entity browser

Click an entity in the browser to show its settings on the right.

E

Current entity

The icon and name of the selected entity is displayed here.

F

Configuration tabs

The entity settings are grouped by tabs. For more information about the configuration tabs for each entity type, see "Entity types" on page 331.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

16

Config Tool interface tour

G

Configuration page

This area displays the entity settings under the selected configuration tab.

H

Apply/cancel changes

You must Cancel or Apply any change you make on the current page before you can move to a different page.

I

Contextual commands

Commands pertaining to the selected entity are displayed in the toolbar at the bottom of the workspace. See "Contextual command toolbar" on page 17.

Contextual command toolbar The commands pertaining to the selected entity in the browser are displayed at the bottom of the task workspace, in the contextual toolbar. The following table describes them all in alphabetical order. Icon

Command

Applies to

Description

Activate role

All roles

Activates the selected role.

Add a cardholder

Access rules and cardholder groups

Creates a cardholder and assigns it to the selected entity.

Add a credential

Cardholders

Creates a credential and adds it to the selected cardholder.

Add an entity

All entities

See "Create an entity manually" on page 37.

Assign to new door

Access control units

Creates a door and assigns it to the selected access control unit.

Audit trails

All entities

Creates an Audit trails task for the selected entity. See "Finding out who made changes on the system" on page 181.

Conflict resolution

Active Directory role

Opens the Active Directory conflict resolution dialog box. See "Resolve conflicts due to imported entities" on page 149.

Copy configuration tool

All entities

See "Copy configuration tool" on page 668.

Create an access rule

Areas, doors, elevators

Creates an access rule and assigns it to the selected entity.

Deactivate role

All roles

Deactivates the selected role.

Delete

All entities

Deletes the selected entity from the system. Discovered entities can only be deleted when they are inactive.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

17

Config Tool interface tour

Icon

Command

Applies to

Description

Diagnose

All roles, and some entities

Performs a diagnosis on the selected role or entity.

Enable maintenance mode

Roles and physical devices

Set a role or a physical device in maintenance mode so its down time will not affect its availability calculation by the Health Monitor. See "Set an entity in maintenance mode" on page 80.

Health statistics

Roles and physical devices

Creates a Health statistics task for the selected entity. See "Viewing the health status and availability of entities" on page 171.

Identify

Video units

Flashes an LED on the selected unit to help locate it on a rack.

Live video

Cameras

Opens a dialog box showing live video from the selected camera. See "Test the video quality of your camera" on page 213.

Move unit

Access control and video units

Opens the Move unit tool, where you can move units from one manager to another. See "Move unit" on page 655.

Ping

Video units

Pings the video unit to check if you can communicate with it. This is helpful for troubleshooting purposes.

Print badge

Cardholders and credentials

Allows you to select a badge template and print a badge for the selected cardholder or credential.

Reboot

Video and access control units

Restarts the selected unit.

Run macro

Macros

Runs the selected macro. See "Using macros" on page 110.

Trigger alarm

Alarms

Triggers the selected alarm so it can be viewed in Security Desk. See "Testing alarms" on page 112.

Unit discovery tool

Access control and video units

Opens the Unit discovery tool, where you can find IP units connected to your network. See "Unit discovery tool" on page 653.

Unit’s Web page

Video units

Opens a browser to configure the unit using the Web page hosted on the unit.

Walkthrough wizard

Cardholders

A tool that enrolls doors into Synergis in bulk, by having a cardholder present his credential at the doors to be enrolled. See "Using the Walkthrough wizard" on page 271.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

18

Config Tool interface tour

Maintenance task workspace overview Maintenance tasks are where you generate customized queries on the entities, activities, and events in your Security Center system for maintenance and troubleshooting purposes. This section takes you on a tour of the maintenance task layout, and describes the common elements of most maintenance tasks. The Access rule configuration task was used as an example. You can open the Access rule configuration task by typing its name in the Search box on the Home page. A B C D

E

F A

Number of results

Displays the number of returned results. A warning is issued when your query returns too many rows. If this happens, adjust your query filters to reduce the number of results.

B

Query filters

Use the filters in the query tab to set up your query. Click on a filter heading to turn it on ( ) or off. Invalid filters display as Warning or Error. Hover your mouse over the filter to view the reason it is invalid. For a list of query filters available in Security Desk, see "Query filters" on page 712.

C

Export/print report

Click to export or print your report once it is generated. See "Generate a report" on page 30.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

19

Config Tool interface tour

D

Select columns

Right-click a column heading to select which columns to display. For a list of report columns available in Security Desk, see "Report pane columns" on page 723.

E

Report pane

View the results of your report. Drag an item from the list to a tile in the canvas, or right-click an item in the list to view more options associated with that item, if applicable.

F

Generate report

Click to run the report. This button is disabled if you have not selected any query filters, or when you have invalid filters. While the query is running, this button changes to Cancel. Click on Cancel to interrupt the query.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

20

3 Working with tasks This section includes the following topics:

• "Adding a task" on page 22 • "Working with your current tasks" on page 24

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

21

Adding a task There are two ways you can add tasks to your workspace:

• "Create a new task" on page 22 • "Load a saved task" on page 23

Create a new task 1 From the Home page, do one of the following: 

Type the task name in the Search box.



Click the Tasks tab, and then click Browse all tasks.

2 Click the task. 3 Depending on the task type you select, do one of the following: 



If only one instance of the task is allowed, the new task is created. Single-instance tasks cannot be renamed. (Only Administration tasks) If the task contains more than one entity view, select a view to configure. This option is only available for administration tasks. Tasks that allow you to configure more than one entity are indicated with a plus sign on the task icon.



If more than one instance of the task is allowed, you are prompted to provide a task name. Enter the task name, and click Create.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

22

Adding a task

NOTE This behavior can be changed in the User interaction tab in the Options dialog box. For more information, see "User interaction options" on page 685.

The new task is added to your task list.

Load a saved task You can load tasks that you have previously saved as private or public tasks.

• Private tasks. Tasks that you saved that are only available to you. • Public tasks. Tasks that you or someone else saved that are available to the general public. 1 From the Home page, click the Private tasks or Public tasks page. 2 Click a task. The task you select opens.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

23

Working with your current tasks This section includes the following topics:

• • • • • • •

"Task list commands" on page 24 "Close the current task" on page 25 "Reordering tasks" on page 25 "Save a task" on page 26 "Send a task to another workstation" on page 27 "Change the taskbar position" on page 27 "Set the taskbar to auto-hide" on page 27

Task list commands You can edit and work with your current tasks by right-clicking any tab in the task list.

Command

Description

Rename task

Click to rename the selected task. Only tasks that accept multiple instances can be renamed. You can also select the task tab, and then click F2 to rename the task.

Save

Click to save any changes you made to a previously saved task.

Save as

Click to save the task under a different name and scope (private or public). See "Save a task" on page 26.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

24

Working with your current tasks

Command

Description

Send

Click to send the selected task to another Security Desk user or workstation. See "Send a task to another workstation" on page 27.

Close task

Click to close the selected task. See also "Close the current task" on page 25.

Close all tasks

Click to close all tasks in your current task list.

Close all other tasks

Click to close all tasks in your current task list, except the selected task.

Add to Favorites

Click to add the selected task to your Favorites list on the Home page.

Remove from Favorites

Click to remove the selected task from your Favorites list on the Home page.

Save workspace

Click to save the current task list and workspace. The same tasks and workspace layout loads automatically the next time you log on to Security Desk with the same username. If you make changes to a task and save the workspace again, the previous configuration is lost. See also "Save a task" on page 26.

Sort by name

Click to reorder the tasks in alphabetical order from left to right. See "Reordering tasks" on page 25.

Tiles only

Click to hide the selector pane, the event pane, and the dashboard. Only the canvas tiles and task list are visible. This option is mainly used for the Monitoring task.

Full screen

Click to display the Security Desk window in full screen mode.

Close the current task • On the task tab, click

.

Reordering tasks This section includes the following topics:

• "Sort tasks by name" on page 25 • "Reorder tasks manually" on page 26 Sort tasks by name You can automatically reorder the tasks in the task list by name.

• Right-click anywhere on the task list, and select Sort by name.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

25

Working with your current tasks

Reorder tasks manually You can choose the task position in the task list manually.

• Click and hold a task tab, and drag it to the desired position in the list.

Save a task You can save your tasks permanently in either the private task list that only you can access, or in the public task list that everyone can access. The benefits for doing so are:

• You can delete your task from your active task list and reload it when you need it. • Public tasks can be shared with other users. • Public tasks can be used as a report template with the Email a report action. The task characteristics that are saved are:

• The filter settings used by the task query. • The report layout (choice and order of columns in the report). • The canvas layout and the entities displayed in each tile. NOTE The query results are not saved as part of the task definition. Only the query filters are saved. The results are regenerated every time you run the query.

To save a task in a permanent list: 1 Do one of the following: 

Right-click the task tab, and click Save as.



Use the CTRL+T keyboard shortcut.

NOTE A reporting task can be saved only when the query is fully qualified. You know that

your query is valid when the Generate report button in the Query tab is activated. 2 In the dialog box that appears, select the list you want to save your task to: 

Private tasks. The task can only be accessed by you. Enter a name for the saved task, or select an existing one to overwrite it.



Public tasks. Anyone can reuse your task. Enter a name for the saved task or select an existing one to overwrite it, and select the Partition that the task should belong to. The partition ensures that only certain users can view or modify this task.

3 (Optional) Rename the saved task. TIP The saved task name should be descriptive. For example, a saved monitoring task that displays your parking lot cameras might be saved with the name Parking Lot - Monitoring. A saved investigation task that queries for video bookmarks added over the last day might be saved as Today’s Bookmarks.

4 Click Save.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

26

Working with your current tasks

Send a task to another workstation You can send your current tasks to another Security Desk user on another workstation. This could be helpful if you’ve selected specific cameras to monitor and you want to share the task with someone else. Or, perhaps you’ve configured the query filters for a certain investigation task, and you want somebody else to run the same report. 1 Open the task you want to send. 2 (Optional) Configure the task. EXAMPLE Modify the tile layout, display certain cameras, configure query filters, add

entities to be monitored, etc. 3 Right-click the task tab, and then click Send. The Send task dialog box opens. 4 Click

.

5 Depending on whether you want to send the task to a user or a workstation, set the UserMonitor toggle switch to the appropriate type of recipient. 6 Select your recipient. 7 (Optional) If you are sending the task to a user, write a message in the Message field. 8 Click Send. The recipient receives a pop up message explaining that someone has sent them a task. They are prompted to accept the task before it loads in their Security Desk.

Change the taskbar position You can configure the taskbar to appear on any edge of the Security Desk window. 1 From the Home page, click Options. 2 In the Options dialog box, click the Visual tab. For more information, see "Visual options" on page 683. 3 From the Taskbar position drop-down list, select the edge where you want the taskbar to appear. 4 Click Save.

Set the taskbar to auto-hide You can configure the taskbar to appear only when the mouse cursor hovers over the edge where the taskbar is located. 1 From the Home page, click Options. 2 In the Options dialog box, click the Visual tab. For more information, see "Visual options" on page 683.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

27

Working with your current tasks

3 Select the Auto-hide the taskbar option. NOTE This option hides both the taskbar and the notification tray. See "Notification tray" on page 684.

4 Click Save.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

28

4 Working with reports This section includes the following topics:

• "Generate a report" on page 30 • "Export and print your report" on page 31 • "Customize the report pane" on page 32

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

29

Generate a report

Generate a report To generate a report for any task, you need to set the query filters, and then run the query. After you generate the report, you can work with your results. 1 Select an existing reporting task, or create a new one. See "Adding a task" on page 22. 2 Use the filters to create a customized search. 3 Click Generate report to run the query. If there are invalid filters, the Generate report button is unavailable. If your query returned too many results, you receive a warning message. Fine tune your query and run it again. The query results are displayed in the report pane. NOTE The maximum number of report results you can receive in Config Tool is 10, 000. By

default the maximum number of results is 2000. This value can be changed from the Options dialog box. See "Performance options" on page 689. 4 (Optional) Customize your query results. You can select the columns you want to show in your report, change the width and order of the columns, and sort the rows. See "Customize the report pane" on page 32. 5 Work with the query results. Depending on the items in the query results, you can print the report, or save the report as an Excel or PDF document. See "Export and print your report" on page 31. 6 Save the report as a template. Save the reporting task (query filters and report layout) as a report template that can be used with the Email a report action.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

30

Export and print your report

Export and print your report This section includes the following topics:

• "Export your report" on page 31 • "Print your report" on page 31

Export your report In every reporting task, you can export your report once it is generated. 1 At the top of the report pane, click

Export report.

The Save report as dialog box appears.

2 Select the file format. You must select CSV, Excel, or PDF file format. If you choose CSV format, you must also specify where the attached files, such as cardholder pictures or license plate images, are to be saved. 3 Select the destination file name. 4 Click Save.

Print your report In every reporting task, you can print your report once it is generated. 1 At the top of the report pane, click

Print report.

The Report preview dialog box appears.

• Click Print (

) in the preview window, and select a printer.

You can also export the report as a Microsoft Excel, Word, or Adobe PDF document.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

31

Customize the report pane

Customize the report pane Once you have generated your report, you can customize how the results are displayed in the report pane, such as re-ordering the rows and columns, choosing which columns to display, and so on. This section includes the following topics:

• "Resize columns" on page 32 • "Select columns" on page 32 • "Change the column order" on page 33

Resize columns You can change the column width in the report pane in any task.

• Click between two column headings and drag the separator to the right or to the left.

Select columns You can choose which columns to show or hide in the report pane. 1 In the report pane, right-click on a column heading, and then click Select columns (

).

A dialog box showing all available columns for your report appears.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

32

Customize the report pane

2 Select the columns you want to show, and clear the columns you want to hide.

3 To change the column order of appearance, use the

and

arrows.

4 Click OK. 5 (Optional) To save your column selection, right-click in the taskbar, and then click Save workspace.

Change the column order You can change the column order in the report pane in any task. 1 Click and hold a column heading in the report pane, and drag it to the desired position. 2 Repeat for all the columns you want to move.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

33

Part II Security Center administration Learn about administration tasks for configuring your system. This part includes the following chapters: •

Chapter 6, “Common administrative tasks” on page 46

5 Basic principles about entities This section includes the following topics:

• • • •

"Entities as basic building blocks" on page 36 "Configuring entities" on page 37 "Searching for tasks and entities" on page 42 "Delete an entity" on page 45

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

35

Entities as basic building blocks

Entities as basic building blocks Everything that requires configuration in Security Center is represented by an entity. Entities are the basic building blocks of Security Center. An entity can represent a physical device, such as a camera or a door, or an abstract concept, such as an alarm, a schedule, a user, or a software module. Configuring your system is about creating and configuring the entities required to model your system. For more information about the Administration tasks you can use to configure the entities in your system, see Chapter 15, “Administration tasks” on page 611.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

36

Configuring entities

Configuring entities As the basic building blocks of Security Center, most entities must be created manually. Other entities, such as those representing hardware devices connected to your system, must be discovered by Security Center. This section includes the following topics:

• • • • •

"Create an entity manually" on page 37 "Common entity attributes" on page 38 "Entities created automatically by the system" on page 39 "Using geographical locations" on page 40 "Further readings on entity configuration" on page 40

Create an entity manually All entities are manually created by specialized entity creation wizards in Config Tool. All the administration tasks allow you to create every entity type. The difference is how quickly you can get to the wizard you want. Every administration task is designed to favor a certain family of entities, so it is helpful to know them well. 1 From the Home page in Config Tool, open the administration task that is most appropriate for the type of entity you want to create. 2 At the bottom of the task workspace, click Add an entity ( has.

) or whatever name this button

If this button has an entity type name, it will immediately open the corresponding entity creation wizard. If not, you’ll need to click a few more times to find the entity type you want to create. 3 Follow the steps in the entity creation wizard to guide you through the creation process. Most wizards start with a first step called Basic information. For more information, see "Common entity attributes" on page 38. After you are done: Most wizards only help you create the entity. You might need to perform more configuration work before the entity is usable. For more information, see "Further readings on entity configuration" on page 40.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

37

Configuring entities

Common entity attributes During the entity creation process, you must always go through a step (usually the first step) called Basic information. The following screenshot is for a user entity.

You will be asked to enter the following information:

• Entity name. This name identifies the entity everywhere in the Config Tool. You can create two entities with the same name (except for user entities), but it is not recommended. In some cases, a default entity name is created for you, but you can override it.

• Entity description. Optional information regarding the entity. • Partition. Partitions are logical groupings used to control the visibility of certain entities by certain users on the system. Only users with permission to use a partition can see the entities placed in that partition. You have the following choices: 

Existing partition. Allows you to select an existing partition from a drop-down list. Selecting Public partition makes the entity visible to everyone on the system.





New partition. Allows you to create a partition before placing the new entity in it. System partition. Puts the new entity in the System partition. Only administrators can view and modify entities belonging to the System partition.

TIP If you are not planning to divide your system into partitions, it is better to leave everything in the Public partition rather than the System partition. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

38

Configuring entities

For more information on partitions, see "Defining partitions" on page 90.

Entities created automatically by the system Not all entities in the system are created manually. Some are discovered by the system, while others support both automatic and manual creation. As a general rule, the system requires a live connection to a hardware device before the entity representing it can be created. The following table lists the special cases: Icon

Entity type

Automatic creation

Manual creation

Server

Always.

Not supported.

Network

Adding a new server automatically creates a new network.

Supported, but generally not required.

Access control unit

Only for units that support automatic discovery. See "What is automatic discovery?" on page 196.

Supported, but requires a live connection to the unit.

Video unit

Only for units that support automatic discovery. See "What is automatic discovery?" on page 196.

Supported, but requires a live connection to the unit.

Camera (video encoder)

Always. Camera (or video encoder) entities are created when the encoding video units are added to your system.

Not supported.

Analog monitor

Always. Analog monitor (or video decoder) entities are created when the decoding video units are added to your system.

Not supported.

LPR unit

• Fixed LPR units are discovered by the LPR Manager roles. • Mobile LPR units (mounted on patrol vehicles) are added when the Patroller entities are added.

Supported for fixed LPR units, but generally not required.

Patroller

Always.

Not supported.

Intrusion detection unit

Never.

Supported, but requires a live connection to the intrusion panel.

Intrusion detection area

Created by the Intrusion Manager role when the intrusion panel is enrolled.

Supported only if the Intrusion Manager cannot read the area configurations from the unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

39

Configuring entities

Using geographical locations The geographical location (latitude, longitude) of the entity has several different uses. For example, for video units, it is used for the automatic calculation of the time the sun rises and sets on a given date. For fixed LPR units that are not equipped with a GPS receiver, the geographical location is used to plot the LPR events (reads and hits) associated with the LPR unit on the map in Security Desk. To set the latitude and longitude: 1 In the Location tab of an entity, click Select. A map window appears. 2 Navigate to the location of your entity on the map. You can click and drag to zoom in, zoom out, and pan. 3 Click Select in the map window. The cursor changes to a cross. 4 Click on the desired location on the map. A red pushpin appears on the map. 5 Click OK. The latitude and longitude fields are filled with the coordinates of the location you clicked on the map. For more information, see "Location" on page 336.

Further readings on entity configuration Entity configuration is the biggest part of a system administrator’s job. Depending on the type of system you have, your configuration strategy might be quite different. The following chapters deal with general configuration strategies:

• • • •

"Common administrative tasks" on page 46 "Deploying Omnicast" on page 186 "Deploying Synergis" on page 251 "Deploying AutoVu" on page 329

Regarding the specific settings available for each entity type, please refer to the following chapters under Part V – Config Tool reference.

• "Entity types" on page 331 • "Role types" on page 510 Finally, a number of tools are available through the Config Tool’s Home page Tools menu that are specifically geared towards entity configuration. They are:

• "Copy configuration tool" on page 668 • "Going through the import steps" on page 658 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

40

Configuring entities

• "Unit discovery tool" on page 653 • "Unit replacement" on page 654 • "Move unit" on page 655

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

41

Searching for tasks and entities

Searching for tasks and entities If you cannot find the tasks, tools, or entities you need, there are three ways you can search for them in Config Tool:

• "Search for a task" on page 42 • "Search for entities by name" on page 43 • "Search for entities using the Search tool" on page 43

Search for a task The easiest way to find a task or tool is to use the search from Config Tool’s Home page. 1 From the Home page, type in the Search box. All tasks, tools, and entities in your system whose name or description contains your search text appear in the Home page.

2 Click a task or a tool to open it, or click an entity to jump to that entity’s configuration page. 3 Click Clear filter (

) to stop filtering your tasks.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

42

Searching for tasks and entities

Search for entities by name If you cannot find the entity you need in a task, you can use the name search to reduce the number of entities listed in the selector. 1 In the Search box in the selector, type the entity name you are searching for. 2 Click Search (

).

Only entities with names containing the text you entered are listed. 3 Click Clear filter (

) to stop using the search filter.

Search for entities using the Search tool In many Config Tool tasks, you can apply a set of filters to find the entities you need using the Search tool. The filters available depend on the task you are using. For example, in the Health history task, you can filters entities by name, description, entity type, and partition. 1 In the Search box in the selector, click Apply a custom filter (

).

The Search window opens. 2 Use the filters to specify your search criteria. 



To turn on a filter, click on the filter heading. Active filters are shown with a green LED ( ). To turn off a filter (

), click on the filter heading.

NOTE Invalid filters are shown in red. You can point to the

icon to see why the filter is

invalid. 3 Click Search (

).

The search results appear on the right. The total number of results is displayed at the bottom of the list. 4 (Optional) Click Select columns (

) to choose which columns to display in the result list.

5 Select the entities you want.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

43

Searching for tasks and entities

TIP Hold the CTRL key for multiple selections. Click pages of results.

and

to scroll through multiple

6 Click Select. Only the entities you selected appear in the selector. 7 Click Clear filter (

) to stop using the search filter.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

44

Delete an entity

Delete an entity You can delete entities that you have manually created, and those that were discovered automatically by the system. Before you begin: If the entity was automatically discovered, it must be offline or inactive (shown in red) before you can delete it. 1 Select the entity in the Logical view. 2 In the contextual command toolbar, click Delete (

).

3 In the confirmation dialog box that appears, click Delete.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

45

6 Common administrative tasks This section explains the basic tasks required to configure Security Center. This section includes the following topics:

• • • • • • • • • • • • • • • • • • • •

"Managing servers and roles" on page 47 "Managing databases" on page 52 "Configuring Security Center for high availability" on page 60 "Configuring role failover" on page 61 "Configuring Directory failover and load balancing" on page 66 "Configuring Directory database failover" on page 71 "Monitoring your system’s health" on page 75 "Managing the Network view" on page 82 "Managing the Logical view" on page 85 "Managing software security" on page 89 "Automating system behavior" on page 103 "Managing alarms" on page 111 "Managing threat levels" on page 117 "Federating remote systems" on page 128 "Defining custom fields and data types" on page 136 "Integrating with Windows Active Directory" on page 140 "Managing intrusion panels" on page 155 "Managing zones" on page 160 "Supporting cross-platform development" on page 164 "Creating tile plugins" on page 165

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

46

Managing servers and roles

Managing servers and roles Every Security Center system requires its own pool of servers to run the system’s functions. As system administrator, you must ensure that enough computing power is available for your system to carry out its required load. For more information, see "Architecture overview" on page 6. This section includes the following topics:

• • • •

"Add an expansion server to your system" on page 47 "Managing servers" on page 48 "Managing roles" on page 49 "Diagnose role problems" on page 51

Add an expansion server to your system You can add expansion servers to your system at any time to increase the total computing power of your system. 1 Install Genetec Server on the computer that you want to add to the server pool. Genetec Server is installed as part of Security Center Server. For more information, see “Install an expansion server” in the Security Center Installation and Upgrade Guide. 2 Connect that computer to the Security Center’s main server. The main server is the one that hosts the Directory role. This is done with the Server Admin through a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. 3 Open Config Tool on any workstation. 4 From the Home page, open the Network view task. The server you just added should appear in the network tree. The name of the server entity should match the domain name of the server. 5 Select the new server entity, and click the Properties tab. If the server is used as the proxy server for a private network protected by a firewall, set its Public address and Port as configured by your IT department. For more information, see Server – "Properties" on page 472. 6 Click Apply. The new server is now ready to take on any role you wish to assign to it.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

47

Managing servers and roles

Managing servers After Genetec Server is installed on a machine, you can change its password and other settings using Server Admin. Server Admin is a Web application running on every machine where the Genetec Server service is installed. It allows you to change the settings of that particular server. For more information, see Server – "Server Admin" on page 473.

Open Server Admin using Internet Explorer You can access Server Admin on any server in your system using Microsoft Internet Explorer, which allows you to fully configure that server. Before you begin: You need to know the server’s DNS name or IP address, the Web server port, and the server password in order to log on to that server using Server Admin. The server password is specified during Security Center Server installation. For more information, see the Security Center Installation and Upgrade Guide. 1 Do one of the following: 

In the address bar of your Web browser, type http://machine:port/Genetec, where machine is the DNS name or the IP address of your server, and port is the Web server port specified during Security Center Server installation. You can omit the Web server port if you are using the default value (80).



If connecting to Server Admin from the local host, then double-click the Genetec Server Admin icon in the Genetec Security Center 5.2 program folder.

A dialog box requesting a password appears. 2 Enter the server password, and click Log on. The Genetec Security Center Server Admin page appears in your browser. After you are done: Configure the server. See "Server Admin" on page 473.

Open Server Admin using Config Tool You can access Server Admin on any server in your system using Config Tool, without requiring a server password or port number. When you open Server Admin from Config Tool, you cannot upgrade or restore the Directory database. Before you begin: You need to know the server password in order to log on to that server using Server Admin. The server password is specified during Security Center Server installation. For more information, see the Security Center Installation and Upgrade Guide. 1 From the Home page in Config Tool, open the Network view task. 2 Select the server you want to configure, and click the Server Admin tab. 3 Click Log on. The Genetec Security Center Server Admin page appears in the Server Admin tab. After you are done: Configure the server. See "Server Admin" on page 473. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

48

Managing servers and roles

Convert a main server to an expansion server When a computer comes pre-installed with Security Center, the Main server configuration is always used by default. You might need to convert a main server to an expansion server since only one main server is allowed per system. Before you begin: Make sure you have another main server to connect to before you decommission your current main server. For more information, see “Install Security Center on a main server” in the Security Center Installation and Upgrade Guide. 1 Log on to Server Admin on your computer using a Web browser (Internet Explorer). For this operation, using the Config Tool won’t work. For more information, see "Open Server Admin using Internet Explorer" on page 48. 2 In the Server Admin page, click the Genetec Server tab. 3 Scroll to the end of the browser page and click Deactivate Directory. This operation will restart Genetec Server. 4 Log on again to Server Admin. This time, the Directory tab should not appear. 5 Scroll to the section labelled Main server connection, and configure the name and password of the main server it is supposed to connect to.

6 Click Apply.

Managing roles What is a role? A role is an entity in Security Center that defines the following:

• A specific set of functions (role type) that should be performed by the system, such as the management of video units and associated video archives.

• A specific set of parameters (role settings) within which the system should operate, such as the retention period for the video archives, or the database the system should use.

• The servers that should be hosting (running) this role. After a role has been defined, it can be moved from one server to another without requiring changes on the server or additional software installed. The process might cause a short pause in the role’s operations.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

49

Managing servers and roles

Some roles can spawn subprocesses (called agents) and execute them simultaneously on multiple servers for greater scalability.

Create a role entity Create roles to add or extend the functionality of your system. For more information about the role types available in Security Center, see "Role types" on page 510. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, click Add an entity (

), and select a role type.

3 From the Server drop-down list, select the server assigned to this role. 4 Select the database server database, and click Next. For the Database server, the path you indicate is relative to the selected server. 5 Enter the Basic information for this role, and click Next. For more information, see "Common entity attributes" on page 38. 6 Confirm the information displayed on the Creation summary page. 7 Click Create, and click Close. The new role entity is created. 8 Select the role’s Resources tab to configure the role server and database. 

To use a different database than the default, see "Create a database" on page 55.



To switch the role to a different server, see "Move a role to a different server" on page 50.



To ensure the availability of the role in case of hardware failure, see "Configure failover for roles" on page 64.

9 Configure other role properties if necessary. For more information, see "Role types" on page 510. 10 Click Apply. The new role should be active and running. If not, see "Diagnose role problems" on page 51.

Move a role to a different server Before you begin: Make sure you have another server configured and ready to accept a new role. For more information, see "Add an expansion server to your system" on page 47. NOTE The following procedure does not apply to the Archiver role.

1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to modify. 3 Click the Resources tab. 4 If the role requires a database, do one of the following: 

If the database resides on a third computer, you have nothing to change.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

50

Managing servers and roles





If the database is empty, you can create it anywhere you want. See "Create a database" on page 55. If the database contains data and is residing on the current server, you need to move the database to the new server or to a third computer. See "Move a database to a different computer" on page 53.

5 Under the Servers list, click Add an item (

).

A dialog box appears with all available servers on your system. Select the substitute server and click Add. ).

6 Select the current server in the Servers list, and click Delete ( 7 Click Apply. The role now runs on the new server.

Deactivate a role A role can be deactivated for maintenance purposes. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to deactivate. 3 In the Contextual commands toolbar, click Deactivate role (

).

The role turns red (inactive) in the browser. TIP To reactivate the role, click Activate (

) in the Contextual commands toolbar.

Diagnose role problems A role that is not properly configured is displayed in yellow in the Role view. The diagnostic tool can help you troubleshoot your problem. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to troubleshoot. 3 In the Contextual commands toolbar, click Diagnose (

).

A troubleshooting window opens, showing the results from the diagnostic test performed on the selected role. Click Refresh ( ) to rerun the tests. 4 Click Close to end the diagnosis.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

51

Managing databases

Managing databases Most roles require a database to store the data they collect. Managing those databases is an important part of the system administrator’s responsibilities. This section includes the following topics:

• • • • • • • • • •

"Common database settings" on page 52 "Where should the database be hosted?" on page 53 "Move a database to a different computer" on page 53 "Connect roles to a remote database server" on page 54 "Create a database" on page 55 "View information about a role’s database" on page 56 "Turn on role database notifications" on page 57 "Back up your role database" on page 57 "Restore your role database" on page 58 "Delete a database" on page 59

Common database settings All roles requiring a database have a group of settings related to that database in the role’s Resources tab, as illustrated below.

From this group of settings, you can check the current status of the database, and perform the following maintenance functions: Button

Command

For more information

Create a database

See "Create a database" on page 55.

Delete the database

See "Delete a database" on page 59.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

52

Managing databases

Button

Command

For more information

Database info

See "View information about a role’s database" on page 56.

Notifications

See "Turn on role database notifications" on page 57.

Resolve conflicts

See "Resolve conflicts for Access Manager roles" on page 515.

Database backup

See "Back up your role database" on page 57.

Where should the database be hosted? By default, the role’s database is hosted on the same server that hosts the role. This is shown in the role’s Resources tab by the value(local)\SQLEXPRESS in the Database server field. If you plan to change the server hosting the role, or add secondary servers for failover, the database must be hosted on a different computer. For information about setting up a remote database server, see "Move a database to a different computer" on page 53 and "Connect roles to a remote database server" on page 54. NOTE The computer hosting the database server does not have to be a Security Center server (meaning a computer where Genetec Server service is installed), unless you are configuring Directory database failover using the backup and restore method.

Move a database to a different computer If you want to change the server hosting a role, or add secondary servers for failover, you must host the role’s database on a different computer. NOTE This procedure is not necessary for the Archiver role. For Archiver roles, it is recommended to host the database locally.

1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role whose database you want to relocate. 3 In the Contextual commands toolbar, click Deactivate role (

).

4 Click the Resources tab. 5 Back up the current database. See "Back up your role database" on page 57. TIP Since the backup folder is relative to the current server, it might be a good idea to select a network location that can be reached by any server on your system.

6 (Optional) Delete the current database. See "Delete a database" on page 59. 7 Create the database on the new machine. See "Create a database" on page 55. 8 Restore the backed up content to the new database. See "Restore your role database" on page 58. 9 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

53

Managing databases

10 In the Contextual commands toolbar, click Activate (

).

Connect roles to a remote database server If a role’s database is hosted on a different computer than the role, you must configure the remote database server (SQL Server) to accept connection requests from the role. 1 On the computer hosting SQL Server, open the TCP port 1433 on Windows Firewall. 2 Enable remote connection on your SQL Server instance. a Open Microsoft SQL Server Management Studio and connect to the database server used by Security Center. b In the Microsoft SQL Server Management Studio window, right-click the database server ( ) in the Object Explorer, and select Properties. c In the Server Properties window, select the Connections page. d Under the section Remote server connections, select the option Allow remote connections to this server. e Click OK and close Microsoft SQL Server Management Studio. 3 Make your SQL Server instance visible from the SQL Server Browsers installed on other computers on your network. a Open Microsoft Management Console Services (services.msc). b Start the service named SQL Server Browser. c Right click the SQL Server Broswer server, and click Properties. d In the General tab, from the Startup type drop-down list, select Automatic. This SQL Server instance is now available from the Database server drop-down list of any role’s Resources tab in Config Tool. 4 Enable Named Pipes and TCP/IP protocols on your SQL Server instance. a Open SQL Server Configuration Manager. b Expand the SQL Server Network Configuration section, and select the protocols for your database server instance (for example, Protocols for SQLEXPRESS). c Right-click the Named Pipes and TCP/IP protocols, and set the status to Enabled.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

54

Managing databases

d Close SQL Server Configuration Manager. 5 Restart your SQL Server instance to enable the settings you have changed. a Open Microsoft Management Console Services (services.msc). b Right-click the SQL Server instance service (for example SQL Server (SQLEXPRESS)), and click Restart. 6 On every server that hosts your Security Center roles, change the logon user of the Genetec Server service to a local Windows administrator account, so the server can access the SQL Server instance you just modified. a Open Microsoft Management Console Services (services.msc). b Right-click the Genetec Server service, and click Properties. c In the Log on tab, select the This account option, and type an administrator Account name and Password. d Click Apply > OK. 7 On every server that might be used to host your Security Center roles, change the logon user of the SQL Server service to a local Windows administrator account, so the server can access the SQL Server instance you just modified. a Open SQL Server Configuration Manager. b Click SQL Server Services. c Right-click the SQL Server service, and click Properties. d In the Log on tab, select the This account option, and type an administrator Account name and Password. e Click Apply > OK.

Create a database You might need to create a new database, overwrite the default database assigned to your role by the system, or select a different database prepared by your company’s DBA group if you plan on using a dedicated database server. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, select a role, and click the Resources tab 3 From the Database server drop-down list, type or select the name of the database server. The value (local)\SQLEXPRESS corresponds to Microsoft SQL Server 2008 Express Edition that was installed by default with Genetec Security Center Server. To specify a database server on a different server than the one hosting the role, enter the name of that remote server. 4 From the Database drop-down list, type or select the name of the database. The same database server can manage multiple database instances. 5 Click the Create a database command. 6 Specify the database creation options. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

55

Managing databases

CAUTION If you select the Overwrite existing database option, all current content of the

selected database is lost. If you need to create a backup first, see "Back up your role database" on page 57. 7 Click OK. The database creation starts. A window appears, showing the progress of this action. You can close this window, and review the history of all database actions later on by selecting Database actions from the View menu. 8 Wait until you see Database status indicating Connected. 9 (Optional) See "Turn on role database notifications" on page 57. 10 Click Apply. The Status of the Database status field should indicate Connected.

View information about a role’s database You can view information about a role’s database, such as the database and database server versions, how much disk space is available, the number of archived events, and so on. The database information provided varies depending on the role. You might be asked to provide information on a role’s database when you contact Technical support. To view a role’s database information: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Database info (

).

The following information can be displayed, depending on the role: 

Database server version. Software version of the database server.



Database version. Schema version of the role’s database.





Approximate number of events. (Also called Approximate number of archived events and Event count) Number of events that are stored in the role’s database. Source count (Archiver and Auxiliary Archiver only). Number of video sources (cameras) that have archives.



Video file count (Archiver and Auxiliary Archiver only). Number of video files.



Size on disk. Size of the Database files.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

56

Managing databases

Turn on role database notifications You can configure the role to send you an e-mail notification when the database space is running low. Before you begin: To make sure that the email notification is sent, configure the SMTP and Watchdog settings on the server hosting the role. See "Server Admin" on page 473. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Notifications (

).

4 In the dialog box that opens, set the following options: 



Disk space. Sends a notification when the remaining free space falls below a certain threshold (in GB). Database usage. Sends a notification when the used space reaches a certain percentage. This option is only for the Express edition of SQL Server, whose database size is limited to 4 GB for the 2005 version, and 10 GB for 2008 R2. If you are using a full edition of SQL Server, this option has no effect.

5 Click OK.

Back up your role database You can protect the data in a role’s database by regularly backing up the database. The backup file is created with the file extension BAK. The name of the file is the database name, followed by “_ManualBackup_”, followed by the current date (mm-dd-yyyy). Best practice: Always back up your databases before an upgrade. To backup your role database: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore (

).

The Backup/Restore dialog box appears. 4 In the Backup/Restore dialog box, beside the Backup folder field, click Select folder ( and select the folder where you want to save the backup file.

),

NOTE The path is relative to the server hosting the role, not to the workstation where you are

running Config Tool. 5 Click Backup now. A backup file is created in the backup folder.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

57

Managing databases

Setting up an automatic backup For extra protection, configure the database backup to be performed periodically. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore (

).

4 In the Backup/Restore dialog box, switch the Enable automatic backup option to ON. 5 Select the day and time to perform the backup (every day or once a week). TIP It is a good idea to stagger the backup operations if several different databases need to be

backed up on the same machine. 6 Specify how many backup files you want to keep. NOTE The backup files you create manually are not counted in that number.

7 Click OK > Apply. The automatic backup starts at the next scheduled date and time.

Restore your role database You can restore an old database Before you begin: Back up the current database before you restore an old database. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select a role. 3 Click the Resources tab, and click Backup/restore (

).

The backup and restore dialog box appears. 4 In the Backup/Restore dialog box, beside the Restore folder field, click Select folder ( and select the backup file you want to restore.

),

NOTE The path is relative to the server hosting the role, not to the workstation where you are

running Config Tool. 5 Click Restore now. The current content of the database is replaced by the content restored from the backup file.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

58

Managing databases

Delete a database To free up disk space, delete databases you no longer use. 1 From the Database drop-down list in the Resources tab of a role, select the database you want to delete. NOTE This does not need to be your current database.

2 Click Delete the database (

).

CAUTION A confirmation dialog box appears. If you continue, the database is permanently deleted. Clicking Cancel in the Config Tool toolbar will not restore it!

3 Click Delete in the confirmation dialog box. The database instance is permanently deleted. 4 Do one of the following: 



If a database is already created for your role, click Cancel in the Config Tool toolbar. If there was no database created for your role, create a new database. See "Create a database" on page 55.

5 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

59

Configuring Security Center for high availability

Configuring Security Center for high availability To ensure that there is uninterrupted access and data protection for your system, Security Center offers the following high availability features:

• Directory failover. Ensure that the Directory role is still available if its primary server fails (see "Configuring Directory failover and load balancing" on page 66). The Directory role handles failover for all other roles, so it is important that the Directory role is available at all times.

• Directory load balancing. A benefit of Directory failover. The Directory can run simultaneously on up to 5 servers to share the workload of the Directory role. All servers that are set up for Directory failover are automatically used for load balancing.

• Database failover (only for Directory role). Protect the Directory database, using one of the following methods: 



Backup and restore. Regularly backup your database, and restore it if a failover occurs. Microsoft SQL Server Database Mirroring. The database instances are kept in synch by Microsoft SQL Server.

For more information, see "Configuring Directory database failover" on page 71.

• Archiver failover. Ensure that the Archiver role and the video archives are still available if the Archiver’s primary server fails (see "Protecting your video archive against hardware failure" on page 227).

• Other role failover. Ensure that other roles in your system are still available if their primary server fails (see "Configuring role failover" on page 61). If the role database must be protected, you should consider one of the following third party solutions: SQL Server Clustering or Database Mirroring.

• NEC ExpressCluster X LAN. Third party solution for roles that do not support failover. For more information, see Security Center Installation Guide for NEC Cluster. Click here for the most recent version of this document.

• Windows 2008 Server failover cluster. Third party solution for roles that do not support failover. For more information, see Security Center Installation Guide for Windows Cluster. Click here for the most recent version of this document. Other ways you can ensure high availability are to detect problems early, and prevent those problems from reoccurring. For more information, see "Monitoring your system’s health" on page 75.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

60

Configuring role failover

Configuring role failover This section explains what role failover is, and how to configure it. This section includes the following topics:

• • • •

"How role failover works in Security Center" on page 61 "Which roles support failover" on page 62 "Configure failover for roles" on page 64 "Troubleshooting failover" on page 65

How role failover works in Security Center Role failover is a backup operational mode where a role is transferred from its primary server to a standby server if the primary server becomes unavailable, either through failure or scheduled down time. Role failover is managed by the Directory role.

• Primary server. Server that normally hosts a role for it to work on the system. • Secondary server. Standby servers that are assigned to a role to keep it running in case the primary server becomes unavailable. There is no limit to the number of secondary servers you can assign to most roles. However, the more servers you add, the less cost-effective it might be for you. The secondary server for one role can be the primary server for another role, provided that both servers have enough resources (CPU, memory, disk space, and network bandwidth) to handle the combined load of both roles in case of a failover. IMPORTANT Security Center does not handle database failover, except for the Directory role. Besides performing regular backups of your database, one solution you might consider to protect your data is to use SQL Server Clustering or Database Mirroring.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

61

Configuring role failover

Before failover, a role is hosted on the primary server, and connects to a database server hosted on a third computer. When the primary server fails, the role automatically fails over to the secondary server and reconnects to the same database server. Before failover Primary server (hosting the role)

After failover Primary server (failed)

Secondary server (on standby)

Secondary server (hosting the role)

Fails over Role

Role

Database server

Database server

Which roles support failover The following table lists which Security Center roles support failover, the failover approach they use, and any special constraints they might have. Role

Supports failover

Exceptions

Access Manager

Yes, configured

Only supported with Synergis Master Controller (SMC). For more information, see the Synergis Master Controller Configuration Guide.

Active Directory

Yes

Archiver

Yes

Auxiliary Archiver

No. It ensures that video archives are still available if the main Archiver fails.

Directory

Yes

Directory Manager

No. It manages the Directory failover and load balancing.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Can only have one secondary server. Each server requires a separate database, hosted locally, or on another computer. See "About Archiver failover" on page 227.

Can run simultaneously on up to five servers. Also supports Directory database failover. See "Configuring Directory failover and load balancing" on page 66.

62

Configuring role failover

Role

Supports failover

Global cardholder synchronizer

Yes

Health Monitor

Yes

Intrusion Manager

Yes

Only when the intrusion panels are connected using IP. Failover is not supported if the intrusion panels are connected using serial ports.

LPR Manager

Yes

Extra resources must be shared between the primary and secondary servers. The Root folder of the role must point to a UNC location that all servers have access to. File paths of hotlist and permit entities must be entered as a UNC location accessible to all servers. Also, the WatermarkEncryptionParameters.xml file located in the installation folder of the primary server must be copied to the secondary servers.

Media Router

Yes

The primary and secondary servers can each have a separate database, hosted locally, or on another computer.

Omnicast Federation

Yes

Plugin

Yes

Point of sale

Yes

Report Manager

Yes

Security Center Federation

Yes

Web-based SDK

Yes

Zone Manager

Yes

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Exceptions

63

Configuring role failover

Configure failover for roles To configure failover for roles on your system, you must select secondary servers to be on standby in case the primary server hosting the role becomes unavailable. Before you begin: For roles that require a database (except for the Archiver), the database must be hosted on a different computer than the primary and secondary servers, and all the servers must be able to communicate with the database server. See "Move a database to a different computer" on page 53 and "Connect roles to a remote database server" on page 54. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the role you want to configure failover for. 3 Click the Resources tab where the role’s primary server is listed. 4 Under the Servers list, click Add an item (

).

A dialog box listing all remaining servers on your system not assigned to the role appears. 5 Select the server you want to add as a secondary server, and click Add. The secondary server is added below the primary server. The green LED indicates which server is currently hosting the role. The order of appearance of the servers in the list corresponds to the order they are picked if a failover occurs. When the primary server fails, the role automatically switches to the next server in the list.

6 After a failover occurs, if you want the primary server to take control of the role once it is restored, select the Force execution on highest priority server option. By default, the role remains on the secondary server after a failover occurs to minimize system disruptions. 7 Click Apply. 8 To make the new server the primary server: a Select it in the list, and click

to move it to the top of the list.

b Select the Force execution on highest priority server option, and click Apply. After a few seconds, the green LED moves to the new server, indicating that it is now the one hosting the role.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

64

Configuring role failover

Troubleshooting failover If you encounter problems when trying to configure failover for your system. check the following:

• Make sure the correct ports are open on your network. See "Default Security Center ports" on page 776.

• Make sure your database connections are configured properly, and that the servers being used for failover can communicate with the database server. See "Connect roles to a remote database server" on page 54.

• Make sure the database path is correct in the Server Admin. See Server Admin - "Database" on page 474.

• Make sure the Genetec Server and SQL Server services are running under a local Windows administrator user account. See "Connect roles to a remote database server" on page 54.

• (Directory database failover using Backup/Restore method only) Make sure that the user account has access read/write access to the backup folder.

• (Directory database failover using Backup/Restore method only) Make sure that the Genetec server is installed on the remote database server. For more information about installing expansion servers, see “Install an expansion server” in the Security Center Installation and Upgrade Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

65

Configuring Directory failover and load balancing

Configuring Directory failover and load balancing This section explains what Directory failover is, what load balancing is, and how to configure it. This section includes the following topics:

• • • • • • • •

"How Directory failover and load balancing works" on page 66 "Directory failover and load balancing prerequisites" on page 67 "Add a server to the Directory failover list" on page 68 "Modify the license for all servers" on page 68 "Change the order of the Directory servers" on page 69 "Manually switch the main server" on page 69 "Remove a server from the Directory failover list" on page 70 "Bypass default load balancing" on page 70

How Directory failover and load balancing works The Directory service is available as long as its two components are available:

• Directory role. Manages your system configuration, and handles failover for all other roles. • Directory database. Stores your system configuration. The Directory Manager role handles Directory failover and load balancing for your system. It manages failover for the Directory role and Directory database independently, allowing you to have separate lists of servers assigned to host the two components. These two lists of servers can overlap or be completely separate. NOTE There can only be one Directory Manager role in your system. It is created automatically when your software license supports multiple Directory servers.

Differences between Directory servers and the main server To configure Directory failover and load balancing, you must know the difference between Directory servers and the main server.

• Directory server. Servers assigned to host the Directory role. The Directory role can run on five Directory servers simultaneously for load balancing. They distribute the workload for credential authentication, software license enforcement, Directory database report queries, and so on. Users can log on to Security Center through any of the Directory servers. By default, the Directory Manager redirects the connection requests across all Directory servers in a round robin fashion. To change this behavior, see "Bypass default load balancing" on page 70.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

66

Configuring Directory failover and load balancing

• Main server. The main Directory server in your system (

). It has full read/write access to the Directory database. If your system is configured for Directory failover and load balancing, the additional Directory servers ( ) only have read access to the database.

When a Directory server fails, only the client applications connected to Security Center through that server must reconnect. If the main server fails, then all clients on the system must reconnect, and the responsibility of being the main server is passed down to the next Directory server in the failover list.

Directory failover and load balancing prerequisites Before you can configure the Directory for failover and load balancing, make sure you have the following:

• Your Security Center license must support multiple Directory servers. If you need to update your license, see “Activate license” in the Security Center Installation and Upgrade Guide. NOTE The Directory Manager (

) role is created automatically in Config Tool when your license supports multiple Directory servers.

• Your System ID and Password, found in the Security Center License Information document. • •

Genetec Technical Assistance sends you this document when you purchase the product. All servers you plan to use as Directory servers must be up and running as expansion servers. For more information about installing expansion servers, see “Install an expansion server” in the Security Center Installation and Upgrade Guide. For all the expansion servers you plan to use as Directory servers, make sure their general properties configured in Server Admin are the same as those of the main server. This ensure that your data, such as the alarm retention period and so on, is stored for the same amount of time. For information about configuring Directory properties in the Server Admin, see "Server Admin" on page 473.

• The Directory database must be hosted on a remote computer from the Directory servers. •

See "Move a database to a different computer" on page 53. The database server must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

67

Configuring Directory failover and load balancing

Add a server to the Directory failover list You can convert up to five expansion servers into Directory servers to be used for load balancing and failover. IMPORTANT Do not try to add a server to the Directory failover list by activating the Directory

on that expansion server with Server Admin. This action disconnects the server from your current system and transforms it into the main server of a new system. Before you begin: Read "Directory failover and load balancing prerequisites" on page 67. 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager ( 4 Click Add an item (

), and then click the Directory servers tab.

).

5 In the dialog box that appears, select the server you want to add, its connection port (default=5500), and click Add. The server is added to the failover list. 6 To add more Directory servers, repeat Step 4 and Step 5. You can add up to five Directory servers. The order of appearance of the servers in the list corresponds to the order they are picked if a failover occurs. If the main server fails, the role switches to the next server in the list, and that server becomes the main server. 7 Update your license to include the servers you’ve just promoted to Directory Servers. For more information, see "Modify the license for all servers" on page 68. 8 Click Apply. The expansion servers are converted into Directory servers and the updated license is applied to all Directory servers in the list. Client applications and roles on expansion servers can connect to Security Center using any of the Directory servers.

Modify the license for all servers You must update your Security Center license every time you make a change to the list of servers assigned to host the Directory role. 1 In the Directory servers tab, click Modify license for all servers. The following dialog box appears. 2 In the License management dialog box, update your license in one of the following ways: 

Web activation. (Recommended) Activate your license via Internet. In the dialog box that appears, enter your System ID and Password and click Activate.



Manual activation. Update and activate Security Center manually using license file. For more information, see "Manual license activation" in the Security Center Installation and Upgrade Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

68

Configuring Directory failover and load balancing

Change the order of the Directory servers The first server in the Directory server list is your default main server. After a Directory failover, the next server in the list becomes the new main server ( ).To minimize the number of system disruptions (disconnection and re-connection), the responsibility is not automatically transferred back to the original main server once it is back online. You can change this behavior in the Directory servers tab. To change the order of the servers in the Directory failover list: 1 In the Directory servers tab, select a server in the list. 2 Click Up (

) or Down (

) to move the Directory servers up or down in the list.

3 To force the first server in the failover list as the main server whenever it is available, select Force the first server in the list to be the main server option. By default, the role remains on the Directory server that becomes the main server when failover occurs. 4 Click Apply.

Manually switch the main server If necessary, you can manually assign any server in the Directory failover list to be the main server. For example, when maintenance work needs to be done on the current main server. 1 In the Directory servers tab, select a server. 2 Click Activate main server (

).

3 Click Continue. All client applications and roles are disconnected, the main server switches to the Directory server you selected, and all applications and roles reconnect.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

69

Configuring Directory failover and load balancing

Remove a server from the Directory failover list IMPORTANT Do not try to remove a server from the Directory failover list by deactivating the Directory on that server with Server Admin. Your change will not last because the Directory Manager will change it back to a Directory server.

1 From the Home page in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager (

), and then click the Directory servers tab.

4 Select the server you want to remove, and click Remove the item (

).

5 Repeat Step 4 if necessary. 6 Update your license to exclude the servers you’ve just removed. For more information, see "Modify the license for all servers" on page 68. 7 Click Apply. The removed servers are reverted to the status of expansion servers, and the updated license is applied to all remaining Directory servers. Users can no longer connect to the system using the servers that have been removed. Clients connected to Security Center through these servers are disconnected, and reconnected to the remaining Directory servers.

Bypass default load balancing When you have more than one Directory server on your system, load balancing is automatically in effect. This means that the Directory Manager systematically redirects a logon request to the next Directory server in the list based on the previous one being used. If connection redirection is not desirable, for example when the client is on a remote LAN, you can bypass this behavior for that specific workstation by selecting the Prevent connection redirection to different Directory servers option in the Options dialog box. For more information, see "General options" on page 679.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

70

Configuring Directory database failover

Configuring Directory database failover This section explains what Directory database failover is, and how to configure it using the backup and restore method, or database mirroring. This section includes the following topics:

• "How Directory database failover works" on page 71 • "Configure database failover through backup and restore" on page 72 • "Configure database failover through mirroring" on page 74

How Directory database failover works Two database failover modes are supported for the Directory:

• Backup and restore. The Directory Manager protects the Directory database by regularly backing up the master database instance (source copy). During a failover, the latest backups are restored to the backup database that’s next in line. Two schedules can be defined: one for full backups, and another for differential backups.

• Mirroring. Database failover is taken care of by Microsoft SQL Server and is transparent to Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover. The following table compares the differences between the two database failover modes. Backup and restore (Directory Manager)

Mirroring (Microsoft SQL Server)

Multiple backup instances of the Directory database are kept relatively in synch with its master instance via regular backups performed by the Directory Manager role.

A single copy (the mirror instance) of the Directory database is kept perfectly in synch with the master copy (or principal instance) using SQL Server database mirroring.

The failover database can only be as up to date as the most recent backup.

The failover database is an exact copy of the principal database.

Changes made while the Directory is connected to the backup database are lost when the Directory switches back to the master database.

Changes can be made to the Directory database at any time without ever losing data.

Both master and backup databases must be hosted on Security Center servers.

The principal and mirror database instances can be hosted on any computer.

Can work with SQL Server Express edition which is free.

Requires SQL Server 2008 Standard Edition or better with the mirroring feature.

Recommended when the entity configurations are not frequently updated.

Recommended when entity configurations are frequently updated, such as for cardholder and visitor management.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

71

Configuring Directory database failover

Backup and restore (Directory Manager)

Mirroring (Microsoft SQL Server)

Causes a temporary disconnection of all client applications and roles while the database failover is in progress.

No client application disconnection during failover.

Database failover is handled by the Directory Manager role.

Database failover is executed by a separate Witness server running on SQL Server Express (optional but highly recommended) or it has to be manually detected and executed by the database administrator.

Configure database failover through backup and restore You can configure Directory database failover using the backup and restore method. For more information about the backup and restore options in the Database failover tab of the Directory Manager role, see "Backup and restore" on page 554. Before you begin:

• Your Security Center license must support multiple Directory servers. If you need to update your license, see “Activate license” in the Security Center Installation and Upgrade Guide. NOTE The Directory Manager (

) role is created automatically in Config Tool when your license supports multiple Directory servers.

• The database servers must be running on remote computers from the Directory servers. See • •

"Move a database to a different computer" on page 53. All database servers must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54. All database instances must be the same version, and an expansion server must be installed on each database server. For more information about installing expansion servers, see “Install an expansion server” in the Security Center Installation and Upgrade Guide.

What you should know IMPORTANT Changes made to the system configuration while you were operating from the backup database are not automatically restored to the master database when it is restored to active service.

• To preserve the changes made to your system configuration while you were operating from



the backup database, you must restore the latest contingency backup (created in the ContingencyBackups subfolder under the restore folder) to your master database before reactivating it. To avoid losing the configuration changes made while you were operating from the backup database, you can transform the backup database into your master database. To do this, select it from the database failover list to move it to the top of the list. However, keep in

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

72

Configuring Directory database failover

mind that your backup database is only as up to date as the most recent backup before the failover took place. To configure database failover through backup and restore: 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select the Directory Manager (

), then the Database failover tab.

4 Switch the Use database failover option to ON. 5 Select Backup and restore for Failover mode. 6 Click Add an item (

).

7 In the dialog box that appears, specify the Security Center server, the database server, the database instance, and the folder where the backup files should be copied.

You can assign as many backup databases as you want. However, the more backup databases you have, the longer it takes to back up the Directory database content. 8 Click OK. The new backup database instance is added. NOTE The server flagged as (Master) is the one currently hosting the database. The green

LED (

) indicates the database that is currently active (not necessarily the master).

9 Repeat Step 6 to Step 8 if necessary. 10 To force all Directory servers to reconnect to the master database once it is back online after a failover, select the Automatically reconnect to master database option. CAUTION Switching the active database causes a short service disruption, and all changes made to the system configuration while the master database was offline are lost. Use this option only if you are ready to lose the changes made to the system configuration while you were operating from the backup database.

11 Under Master backup, specify the frequency at which the full backup and the differential backup should be generated.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

73

Configuring Directory database failover

A differential backup only contains the database transactions made since the previous backup, so it is much faster to generate than a full backup. Frequent differential backups ensure that your backup database is most up to date when you fail over, but might take longer to restore. 12 Click Apply. After you are done: IMPORTANT Once the Backup and restore failover mode is enabled, all subsequent changes to the master database from Server Admin (restoring a previous backup for example) must immediately be followed by a full manual backup executed from Config Tool. Failing to do so causes your master and backup databases to become out of synch and the database failover mechanism to no longer work. See "Back up your role database" on page 57.

Configure database failover through mirroring You can configure Directory database failover using the mirroring method. For more information about the options in the Database failover tab of the Directory Manager role, see "Mirroring" on page 556. Before you begin:

• The Principal database server, the Mirror database server, and the Witness server (optional •

but highly recommended) must be configured. For the configuration of SQL Server for mirroring, please refer to Microsoft SQL Server Database Mirroring documentation. Your Security Center license must support multiple Directory servers. If you need to update your license, see “Activate license” in the Security Center Installation and Upgrade Guide. NOTE The Directory Manager (

) role is created automatically in Config Tool when your license supports multiple Directory servers.

• The database servers must be running on remote computers from the Directory servers. • All database servers must be accessible from all Directory servers. To configure the remote database server (SQL Server) to accept connection requests from the roles "Connect roles to a remote database server" on page 54. To configure database failover through mirroring: 1 From the Home in Config Tool, open the System task. 2 Click the Roles view. 3 Select Directory Manager (

), then the Database failover tab.

4 Switch the Use database failover option to ON, and select the Mirroring option. The database you’re currently connected to is the Principal database. 5 Under Mirror database, enter the database server name of the Mirror database. 6 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

74

Monitoring your system’s health

Monitoring your system’s health Health monitoring refers to a set of tools to monitor your Security Center system's health. The goal is to detect health issues early enough to avoid more serious problems in the future. Health monitoring also provides you with the information to identify the root cause of various health problems so that they can be prevented from occurring again. This section includes the following topics:

• "About the Health Monitor role" on page 75 • "Configuring the Health Monitor" on page 76 • "Monitoring your system’s health using maintenance tasks" on page 81

About the Health Monitor role The Health Monitor role is created at system installation and cannot be deleted. It monitors the health of entities such as servers, roles, units, and client applications. The following table gives you some examples of health events that can be monitored: Entity

Health event

Description

Access control unit

Synchronization failed

Server and access control unit cannot synchronize databases.

Archiver

RTP packet loss high

Packet loss ratio is greater than 10% over 5 seconds.

Video unit

Connection to unit lost

Server cannot connect to video unit.

Media router

Role stopped unexpectedly

Media router is unavailable and the cause is unknown to the system.

Patroller

Offload failed

Autovu Patroller offload unsuccessful.

Security Desk

Application stopped unexpectedly

Security Desk application failed.

You can choose which health events to monitor and keep them in a database which enables you to generate health history and statistics reports.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

75

Monitoring your system’s health

Configuring the Health Monitor The Health Monitor role is configured to watch all health events by default. This section includes the following topics:

• • • • •

"Initial Health Monitor setup" on page 76 "Health event definitions" on page 77 "Configure health events to monitor" on page 79 "Set an entity in maintenance mode" on page 80 "Change the firing threshold of a health event" on page 80

Initial Health Monitor setup Best practice: The process of setting up and configuring a system can generate many health events. It is normal that health errors and warnings are produced during this time. After initial setup is complete, you should reset the health monitoring database to its initial, clean, state. To reset the Health Monitor database to its default state: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Health Monitor role. 3 Click the Resources tab. 4 Click Delete the database (

).

5 When prompted if you want to delete this database, click Delete. The Database actions window opens.

6 When you see confirmation that the database has been deleted, click Clear finished, then click Close. 7 In the Contextual commands toolbar, click Deactivate role ( gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

). 76

Monitoring your system’s health

8 Click Activate role (

).

After 15-30 seconds, a new HealthMonitor database should be created in the Health monitor role’s Resources tab. The health errors and warnings generated during the setup are deleted. As a result, all health statistics are reset.

Health event definitions

• The table below lists the health events by their error number and indicates their severity level, Information ( Error number

), Warning (

), or Error (

).

Health event

Severity

1

Archiving started

Information

2

Archiving stopped

Error

3

Application connected

Information

4

Application disconnected by user

Information

5

Application disconnected unexpectedly

Warning

6

Application started

Information

7

Application stopped by user

Information

8

Application stopped unexpectedly

Warning

9

Connection restored

Information

10

Connection failed

Error

11

Connection to unit restored

Information

12

Connection to unit lost

Error

13

Connection to unit stopped by user

Information

14

Database automatic backup restored

Information

15

Database automatic backup failed

Error

16

Database recovered

Information

17

Database lost

Error

18

CPU usage normal

Information

19

CPU usage high

Warning

20

Memory usage normal

Information

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

77

Monitoring your system’s health

Error number

Health event

Severity

21

Memory usage high

Warning

22

Database space normal

Information

23

Database space low

Warning

24

Patroller offload restored

Information

25

Patroller offload failed

Error

26

Patroller online

Information

27

Patroller offline

Information

28

Point of Sale database recovered

Information

29

Point of Sale database lost

Error

30

Role started

Information

31

Role stopped unexpectedly

Error

32

Role stopped by user

Information

33

RTP packet loss normal

Information

34

RTP packet loss high

Warning

35

Server started

Information

36

Server stopped by user

Information

37

Server stopped unexpectedly

Error

38

Synchronization recovered

Information

39

Synchronization failed

Warning

40

Video signal recovered

Information

41

Video signal lost

Error

42

Disk access restored

Information

43

Disk access unauthorized

Warning

44

Alarm trigger rate normal

Information

45

Alarm trigger rate high

Warning

46

Directory started

Information

47

Directory stopped unexpectedly

Error

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

78

Monitoring your system’s health

Error number

Health event

Severity

48

Directory stopped by user

Information

49

Remaining archive disk space normal

Information

50

Remaining archive disk space low

Warning

51

Live server monitoring restored

Information

52

Live server monitoring failed

Error

53

Directory failover: Main database recovered

Information

54

Directory failover: Main database lost

Error

55

Database restore succeeded

Information

56

Database restore failed

Error

Configure health events to monitor You can configure the Health Monitor role to ignore certain health events, and change how it generates some health events. NOTE If you want to ignore all health events, deactivate the Health Monitor role. If you want to

temporarily ignore an entity’s health events because you are performing maintenance work on it, set it to maintenance mode. See "Set an entity in maintenance mode" on page 80. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Health Monitor role. 3 Click the Properties tab. 4 Under Events to monitor, select or clear the desired events. Expand the list as necessary. Most health events come in pairs, such as Database lost and Database recovered. They can only be selected or ignored together. IMPORTANT Clearing a health event in the monitoring list does not remove it from the Health history query filter, but it could make some of the health statistics calculations impossible.

Some events allow you to adjust the thresholds used to generate the event. For example, the default configuration is set so that any server who’s CPU runs higher than 80% for a period of 10 seconds will generate a CPU usage high health event. See "Change the firing threshold of a health event" on page 80. 5 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

79

Monitoring your system’s health

Set an entity in maintenance mode Downtime spent in maintenance mode is considered Expected down-time and is not used in the health statistics availability percentage calculations. Only Unexpected down-time is used when calculating availability. Most entities and roles can be set to maintenance mode through their own contextual toolbar ( Enable maintenance mode). For client applications, the maintenance mode must be set from the Health Monitor’s Properties tab. 1 Switch the Client app. maintenance mode option to ON. 2 Click Apply. NOTES

• Setting something in Maintenance mode does not stop the health events. Rather, it •

downgrades all health events to informational only. When you set Security Center Federation roles or Omnicast Federation roles in maintenance mode, you might need to press F5 to refresh the roles’ icons in the Logical view.

Change the firing threshold of a health event 1 Select the desired event to be modified.

2 Click Edit (

) on the selected line or at the bottom of the list.

The event details window opens. 3 Adjust the values as required. 4 Click Save.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

80

Monitoring your system’s health

5 Repeat with another event if necessary.

Monitoring your system’s health using maintenance tasks To help you monitor the health of your system, there are two maintenance tasks in Config Tool:

• Health history. View system health events (errors, warnings, issues) related to selected entities. For more information, see "Viewing system health events" on page 170.

• Health statistics. Monitor the overall health of your system. By monitoring the health and availability of certain resources such as server roles, video units, door controllers, intrusion detection panels, and so on, you can identify instabilities, and possibly prevent critical system failures. For more information, see "Viewing the health status and availability of entities" on page 171.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

81

Managing the Network view

Managing the Network view This section includes the following topics:

• "What is the Network view?" on page 82 • "Purpose of the Network view" on page 82 • "Creating network entities" on page 83

What is the Network view? Your network infrastructure is illustrated in the entity browser of the Network view task. The browser gives you a simple representation of your system’s network infrastructure by showing you the networks ( ) and the servers ( ) found in your system. The main server hosting the Directory role is shown with a different icon ( ).

Purpose of the Network view Network view is the only place in Config Tool where you can configure the entities that represent the networks and servers used by your Security Center system. An accurate representation plays a critical role in the proper operation of your system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

82

Managing the Network view

Creating network entities This section includes the following topics:

• • • •

"When do I need to configure the Network view?" on page 83 "How network entities are created" on page 83 "What is the Default network?" on page 83 "Create a network manually" on page 84

When do I need to configure the Network view? You need to configure the Network view when:

• Your system spreads across multiple networks. • You allow users to connect to your main server over the Internet. How network entities are created Network entities are created automatically by the system. After installing Security Center on your main server, you’ll have two network entities on your system. The Default network is at the root of the network tree, and attached to it is a second network entity that corresponds to your company’s network (where your main server is located).

After that, more network entities are added to your system when you add new servers belonging to different networks. You can also add new networks manually, rename them, and change their initial configuration. You can also move networks and servers around in the network tree.

What is the Default network? The Default network is the root node on the network tree. Its video transmission capabilities are set to Unicast TCP, which is the characteristic shared by all IP networks. You cannot delete the Default network entity.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

83

Managing the Network view

Create a network manually You can manually create network entities as needed. 1 From the Home page in Config Tool, open the Network view task. 2 If you are creating a subnet, select the parent network in the network tree. 3 Click Network (

).

The network creation wizard appears. 4 Enter the Basic information. See "Common entity attributes" on page 38. 5 Click Create, and click Close. A new network entity is attached below the selected one in the network tree. 6 Click the Properties tab, and configure the new network’s characteristics. See Network – "Properties" on page 435. 7 If there are servers that belong to the new network, move them under the network in the network tree using drag-and-drop.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

84

Managing the Logical view

Managing the Logical view This section includes the following topics:

• "About the Logical view" on page 85 • "Configuring the Logical view" on page 86

About the Logical view You can find and view all the entities in your system quickly, using the logical view. The entities in the logical view are organized in a hierarchy (or entity tree) according to their logical relationships with areas ( ). For example, the doors leading to an area, and other devices located within the area, such as cameras, are shown as “child entities” of that area (below that area in the hierarchy). The changes you make to the Logical view in Config Tool are also displayed in Security Desk. A B C D

E

F

G

H

I

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

85

Managing the Logical view

A

Search box

Type in the Search box to find the entities containing that text in their category, name, or description. See "Searching for tasks and entities" on page 42.

B

System entity

At the root of the hierarchy is the system entity ( hosts the Directory role.

C

Additional commands

Right-click an entity in the Logical view to use additional commands, such as adding or deleting entities, diagnosing the selected entity, launching a report on the selected entity, or refreshing the Logical view.

D

Area entity

Area entities ( grouping.

E

Yellow entity

Whenever an entity name is displayed in yellow, it means that there is a problem with the settings.

F

Rename entity

Press F2 to rename the selected local entity. NOTE You cannot edit names of federated entities.

G

Arrow icons

Click the arrows in the Logical view to show or hide child entities.

H

Red entity

Indicates that the entity is offline and the server cannot connect to it, or the server is offline.

I

Federated entity

All entities imported from federated systems are shown with a yellow arrow superimposed on the regular entity icon ( ). They are called federated entities.

), which is the server that

) can represent a concept or physical location. It is a logical

Configuring the Logical view The structure of the Logical view is configured in Config Tool. As the system administrator, you should create a structure that is easy for everyone to understand and to navigate. For more information about the Logical view task, see "Logical view" on page 613. This section includes the following topics:

• • • • •

"Add a new area to the Logical view" on page 86 "Move entities around in the Logical view" on page 87 "Rename entities in the Logical view" on page 87 "Copy entities in the Logical view" on page 87 "Delete an entity from the Logical view" on page 88

Add a new area to the Logical view You can add new areas anywhere in the Logical view hierarchy. 1 From the Home page in Config Tool, open the Logical view task. 2 Click the system entity (

) or an area entity (

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

).

86

Managing the Logical view

3 In the Contextual commands toolbar, click Add an entity (

), and then click Area.

The new area is added under the selected entity. 4 Type a name for the area, and press ENTER. After you are done: Configure the new area. For information about area properties, see "Area" on page 360.

Move entities around in the Logical view You can re-organize the entities in Logical view by dragging them to another area. You can also select multiple entities at once and drag them to another area.

• Do one of the following in the Logical view: 

Select an area or another entity, and then drag it to another area.



Hold the SHIFT key, select multiple entities, and then drag them to another area.

The selected entities are now a child entities of that area (below that area in the hierarchy).

Rename entities in the Logical view You can rename local entities from the Logical view. NOTE You cannot edit federated entities.

• Select an entity in the Logical view, press F2, rename the entity, and press ENTER. Copy entities in the Logical view You can create multiple copies of the same entity under areas in the Logical view.

• Hold the CTRL key, click the entity you want to copy, and then drag the entity into another area. A copy of the entity is created under the area. If you copied an area under another area, all its child entities (entities below that area) are also copied.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

87

Managing the Logical view

Delete an entity from the Logical view You can delete an entity or the selected copy. Before you begin: If an entity cannot be deleted, the Delete button does not appear. 1 Select an entity in the Logical view. 2 In the Contextual commands toolbar, click Delete. A confirmation dialog box appears. 3 The next step depends on whether you have more than one copy of the entity in the tree. 



If it is the only copy of that entity in the tree, click Delete. If more than one copy of the entity exists, make the choice to delete them all or only the selected copy.

If you deleted an area that has child entities, those child entities are also deleted.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

88

Managing software security

Managing software security This section includes the following topics:

• • • • • • •

"Introduction to software security" on page 89 "Defining partitions" on page 90 "Defining users" on page 93 "Defining user groups" on page 96 "Configuring user privileges" on page 99 "Using privilege templates" on page 101 "Importing users from an Active Directory" on page 102

Introduction to software security While Security Center protects your company's assets (buildings, equipment, important data collected in the fields, etc), your job as a system administrator is to protect the Security Center software against illegal access and wrongful usage. There are three questions you should ask:

• Who uses the system? • What do they use it for? • What parts of the system are they allowed to access? How is software security configured? The software security of your system is modelled by three entity types:

• User. The user entity represents a person who needs to use Security Center applications to do their job. Each user is identified by a username and a password. What the user is allowed to do on the system is defined by their privileges, and the partitions they have access to.

• User group. The user group entity defines the common attributes shared by a group of users, such as their privileges and other security attributes. A user who is a member of a user group automatically inherits the characteristics of that group. This mechanism simplifies the configuration process because it eliminates the tedious task of configuring users individually.

• Partition. A partition is a grouping of entities for security or management purposes, so that only certain users on the system have the right to access the entities belonging to that partition. This concept eliminates the tedious task of creating one-to-one relationships between users and the entities they are allowed to access. If a user does not have the right to a partition, that partition and everything in it are invisible to that user.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

89

Managing software security

Recommended configuration sequence Best practice: It is best practice to define your security partitions first when setting up your system. As you add new entities to model your system, you can create them directly in the partition where they belong. 1 Define partitions first. Identify the parts of your system that are relatively independent of each other, and create a partition for each. For example, if your system covers multiple sites, and if the security staff at each site work independently of the other sites, then create a partition for each site. For more information, see "Defining partitions" on page 90. 2 Define user groups before users. Identify the groups of users who share the same roles and responsibilities, and create a user group for each. For example, all security operators can form one group, and all investigators can form another group. If, within each group, you have subgroups working on different partitions, define a user group to represent each subgroup, and add them as members of the larger group. Each individual subgroup can then be assigned to their corresponding partitions. For more information, see "Defining user groups" on page 96. 3 Define users last. Define the individual users and add them as members of the user groups you already created, trying to add them as members of the smallest group. A user can belong to multiple user groups. Let each user entity inherit everything from the parent user group, resorting to individual configurations only for exceptions. For more information, see "Defining users" on page 93. Related topics:

• "Importing users from an Active Directory" on page 102

Defining partitions This section includes the following topics:

• • • • • • • •

"Why use partitions?" on page 91 "What constitutes a partition?" on page 91 "Who is a partition manager?" on page 91 "Differences between Public and System partitions" on page 91 "Create a partition" on page 91 "Add members to a partition" on page 92 "Add accepted users to a partition" on page 92 "Promote a user to partition manager" on page 93

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

90

Managing software security

• "Nesting partitions" on page 93 Why use partitions? Partitions are used to divide a large system into smaller subsystems. This has two benefits:

• Reduces the scope of what a user can access for security reasons. In a multi-site system, it •

might be undesirable for the security team of one site to be able to see or interfere with the activities of a security team on another site. Reduces the scope of a user’s work to make it more manageable. If a user is only concerned with one part of the system (one site in a multi-site system), it is better for that person not to be distracted by the entities they have nothing to do with.

What constitutes a partition? Each partition is defined by the following lists:

• List of members. Entities that belong to the partition (areas, doors, cameras, etc.). • List of accepted users. Users and user groups that have the right to access the entities contained in the partition. The type of user access varies according to the user privileges. A new set of privileges that override the user's basic privileges, can be defined on the partition level.

Who is a partition manager? A partition manager is an accepted user of a partition who has full administrative rights over that partition and its members. A partition manager can add and remove members from the partition, as well as modify and delete the entities contained in the partition.

Differences between Public and System partitions By default, two partitions are created in Security Center. These two partitions cannot be deleted or renamed, but the administrator can change their contents (member entities).

• Public partition. This partition has the unique characteristic that all its members are visible to all users on the system. NOTE This does not mean that every user is automatically an accepted user of the Public

partition. Only partition managers who have been explicitly configured as accepted users can exercise their administrative privileges over the members of the Public partition.

• System partition. This is a hidden partition. This partition has the unique characteristic that its members are only visible to the administrative users (Admin user and members of the Administrators user group).

Create a partition 1 From the Home page in Config Tool, open the Security task. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

91

Managing software security

2 Click the Partitions view, and click Partition (

).

3 In the partition creation wizard, enter the Basic information. See "Common entity attributes" on page 38. All partitions are created by default in the System partition. Selecting an existing partition will create the new partition as its subordinate. For more information, see "Nesting partitions" on page 93. 4 Click Create, and click Close. An empty partition is created. 5 Define the content of the partition. See "Add members to a partition" on page 92. TIP You can also place the new entities you create directly into the partition.

6 Define who has permission to access the entities contained in the partition. See "Add accepted users to a partition" on page 92. NOTE You might have to perform this step later if the users have not yet been created.

7 (Optional) Name an accepted user as partition manager. See "Promote a user to partition manager" on page 93.

Add members to a partition NOTE An entity cannot be placed in more than three partitions.

1 Click the Properties tab of a partition entity. 2 At the bottom of the Properties tab, click Add (

).

3 Select the entities you want to add, and click Select. The selected entities are added to the Members list. You do not have to click Apply. 4 Repeat the previous steps as needed. For more information about partition properties, see "Properties" on page 448.

Add accepted users to a partition 1 Click the Accepted users tab of a partition entity. 2 At the bottom of the Accepted users tab, click Add (

).

3 Select the users and user groups you want to add, and click Select. The selected entities appear in the list. 4 Repeat the previous steps as needed. 5 Click Apply. For information about the Accepted users tab for partition entities, see "Accepted users" on page 449.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

92

Managing software security

Promote a user to partition manager A partition manager has full administrative rights over the partition and its members. 1 Click the Accepted users tab of a partition entity. 2 Select the Partition manager option next to the user or user group you want to promote. 3 Click Apply.

Nesting partitions By default, partitions are created at the top level and can be nested if required.

The red arrows illustrate the following:

• When using the Config Tool, accepted users of a partition can see all entities that belong to •

that partition and its subordinates. When using the Security Desk, accepted users of a partition can monitor all entities that belong to that partition and its subordinates.

Defining users This section includes the following topics:

• • • • •

"How are users represented?" on page 93 "What are Admin and Service users?" on page 94 "Create a user" on page 94 "Add a user as a member of a user group" on page 95 "Force Security Desk to run in full screen mode" on page 95

How are users represented? A user is anyone who can use Security Center applications. To log on to the system, that person needs a username and a password.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

93

Managing software security

What a person can do on the system is restricted by their user attributes:

• Privileges. Limits the types of activities the user can perform on the system. See "Configuring user privileges" on page 99.

• Partitions. Limits the entities on which the user can exercise their privileges. See "Defining partitions" on page 90. A user can be a member of one or more user groups, from which it inherits most of its attributes.

What are Admin and Service users? The following users are created by default and cannot be deleted or renamed.

• Admin. This user has full administrative rights to configure Security Center. A person logged on as Admin can change, modify, and delete any entity in Security Center.

• Service . This is a hidden user account reserved exclusively for the Genetec Server service. A person cannot use this account to connect to Security Center.

Create a user 1 From the Home page in Config Tool, open the Security task. 2 Click the Users view, and click User (

).

3 In the user creation wizard, enter the Basic information. See "Common entity attributes" on page 38. NOTE The entity name is also the username, therefore, it must be unique.

4 Select partition rights for the user. a Select Give this user administrative rights over the partition to make the user a manager of the partition you selected. b Select Give this user access to the partition to make the user an accepted user of the partition you selected. See "What constitutes a partition?" on page 91. 5 Click Next. 6 Enter the User information, and click Next. See "Using privilege templates" on page 101. 7 Click Create, and click Close. The new user account is created. 8 (Optional) Configure the user’s membership in user groups. See "Add a user as a member of a user group" on page 95. 9 Click the Properties tab, type the person’s email address, and click Apply. 10 Click the Security tab, configure the security properties, and click Apply. See "Security" on page 486. 11 Click the Privileges tab, define the user privileges, and click Apply. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

94

Managing software security

See "Privileges" on page 488 and "Force Security Desk to run in full screen mode" on page 95. 12 Click the Workspace tab, define the user’s Security Desk workspace, and click Apply. See "Workspace" on page 485.

Add a user as a member of a user group A user who is a member of a user group inherits all the attributes of that group. 1 Click the Identity tab of the user entity. 2 In the Relationships section, click User groups. 3 Click Insert an item (

), select one or more parent user groups, and click Select.

4 Click Apply.

Force Security Desk to run in full screen mode If a user’s job is to focus on monitoring live video, you can force Security Desk to run in full screen mode and prevent the user from switching to windowed mode. You can force the full screen operation on a user or a workstation. To force full screen operation on a user: 1 From the Home page in Config Tool, open the Security task. 2 Click the Users view, select a user, then click the Privileges tab. 3 Expand the Application privileges, and the Security Desk privileges. 4 Deny the privilege Change client views to that user. For information, see "Privileges" on page 488 and "Application privileges" on page 695. 5 Click Apply. Security Desk will always run in full screen mode for that user. The Restore Down command and the F11 key (switch between full screen and windowed mode) are disabled.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

95

Managing software security

To force full screen operation on a workstation: 1 On the workstation, open the Security Desk Properties dialog box. 2 Select the Shortcut tab, and add the option /forcefullscreen (or /ff) to the end of the string found in Target.

3 Click Apply. The next time a user starts Security Desk using this shortcut, the application will start in full screen mode. The Restore Down commands and the F11 key (switch between full screen and windowed mode) are disabled. NOTE Locking Security Desk in full screen mode does not prevent the user from minimizing the

Security Desk window with ALT+ESC or to switch to another application with ALT+TAB.

Defining user groups This section includes the following topics:

• • • •

"Why do I need to create user groups?" on page 97 "What is the Administrators user group?" on page 97 "Create a user group" on page 97 "Make a user group a subordinate of another user group" on page 98

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

96

Managing software security

Why do I need to create user groups? User groups serve to group users with common attributes (such as privileges) together so those attributes only need to be defined once. A user group can also be a member of another user group.

What is the Administrators user group? The Administrators user group is a system entity that is created upon installation. It cannot be deleted or renamed. Members of this user group have the same administrative rights as the Admin user, and their rights cannot be revoked. Best practice: For reasons of traceability, rather than letting everyone use the same Admin account, it is best to create a separate user account for each administrator.

Create a user group 1 From the Home page in Config Tool, open the Security task. 2 Click the User groups view, and click User group (

).

3 In the user group creation wizard, enter the Basic information. See "Common entity attributes" on page 38. 4 Select partition rights for the user. a Select Give this user group administrative rights over the partition to make every member of this user group, a manager of the partition you selected. b Select Give this user group access to the partition to make every member of this user group an accepted user of the partition you selected. See "What constitutes a partition?" on page 91. 5 Click Next, enter the User group information, and click Next. See "Using privilege templates" on page 101. 6 Click Create, and click Close. The new user group is created. 7 (Optional) Make this user group a subordinate of another user group. See "Make a user group a subordinate of another user group" on page 98. 8 (Optional) Click the Properties tab, type the group’s email address, and click Apply. 9 (Optional) Click the Security tab, configure the security properties, and click Apply. See "Security" on page 491. 10 (Optional) Click the Privileges tab, define user privileges, and click Apply. See "Privileges" on page 493.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

97

Managing software security

Make a user group a subordinate of another user group A group that is subordinate to a another user group inherits all the attributes of that group. 1 Click the Identity tab of the user group entity. 2 In the Relationships section, click Parent user groups. 3 Click Insert an item (

), select one or more parent user groups, and click Select.

4 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

98

Managing software security

Configuring user privileges This section includes the following topics:

• • • • • • •

"What are user privileges?" on page 99 "How are privileges granted to users?" on page 99 "About privilege hierarchy" on page 99 "About privilege inheritance" on page 100 "Differences between Basic and Partition privileges" on page 101 "About privilege templates" on page 101 "What are the privilege templates?" on page 101

What are user privileges? Privileges are applied to users and user groups to control which operations they are allowed to perform in Security Center, independently of what entities they can access, and within the constraints set by the software license. Privileges in Security Center are divided into the following groups:

• • • • •

Application privileges. Grant access to the Security Center applications. General privileges. Grant access to the generic Security Center features. Administrative privileges. Grant access to system entity configuration in Config Tool. Task privileges. Control accessibility to the various Security Desk tasks. Action privileges. Control the actions that can be performed on the system entities.

For a complete list and definition of all privileges, see "User privileges" on page 694.

How are privileges granted to users? Each privilege can be granted explicitly to a user or inherited from a user group. Each privilege can be granted with one of these settings:

• Allow. The privilege is granted to the user. • Deny. The privilege is denied to the user. • Undefined. This privilege must be inherited from a parent user group. If the user is not a member of any group, or if the privilege is also undefined to the parent user group, then the privilege is denied.

About privilege hierarchy Privileges are organized in a hierarchy, with the following behavior:

• For a child privilege to be allowed, the parent privilege must be allowed. • If a parent privilege is denied, all child privileges are denied. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

99

Managing software security

• A child privilege can be denied when the parent privilege is allowed. About privilege inheritance Privilege settings can be inherited from user groups and replaced at the member (user or user group) level according to the following rules:

• A privilege that is undefined at the group level can be allowed or denied at the member level. A privilege that is allowed at the group level can be denied at the member level.

• • A privilege that is denied at the group level is automatically denied at the member level. • When a user is a member of multiple user groups, the user inherits the most restrictive privilege settings from its parents. This means that Deny overrules Allow, and Allow overrules Undefined. There are exceptions to the above rules:

• Administrator status. The Admin user, and members of the Administrators user group, have a special status that grants them full administrative rights. These users can configure the Security Center as they see fit; they can view and modify all entities in all partitions. The Admin user and the Administrators user group are created at installation and cannot be deleted or renamed.

• Partition manager status. A user or user group assigned to a partition can be given the status of Partition manager over that partition. This special status confers full administrative rights over the entities contained in that partition. It supersedes all privileges configured at the partition level for that user. A partition manager can add, modify, and delete all entities within their partition, including the users and user groups. Unlike users with the administrator status, the Application, General, and Task privileges can be denied to a partition manager.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

100

Managing software security

Differences between Basic and Partition privileges The Basic privileges of a user (or user group) are the end results of the privileges inherited from their parent user groups, plus the ones explicitly allowed/denied to the user. When a user is given access to a partition, their Basic privileges are applied by default to the partition. Later, an administrator or a partition manager can overwrite the privileges a user has over a specific partition. For example, a user can be allowed to configure alarms in partition A, but not in partition B. This means that a user can have a different set of privileges for each partition they have access to. Only Administrative and Action privileges, plus the privileges over public tasks, can be overwritten at the partition level.

Using privilege templates This section includes the following topics:

• "About privilege templates" on page 101 • "What are the privilege templates?" on page 101 About privilege templates Privilege templates are predefined privilege configurations, based on standard security personnel profiles, that you can apply to users and user groups to simplify the creation process. Once applied, you can fine tune the privileges manually. Privilege templates are only available when creating a user or user group. You cannot rename, modify, or delete the privilege templates. However, you can freely modify the privilege settings after they are applied to a user or user group. The best way to use privilege templates is to create one user group for each template if necessary. After your model user groups are created, users can inherit privileges from them.

What are the privilege templates? Security Center provides the following privilege templates:

• Reporting. This template only grants the privileges to run Security Desk and to execute the most basic reporting tasks, excluding those for AutoVu LPR. A user with this set of privileges alone cannot view any video, control any physical devices, or report incidents.

• Operator. This template is for security operators who need to monitor real time events in the system. It grants them the privileges to use the Monitoring task, view video, manage visitors, credentials, and badge templates, add bookmarks and incidents, save snapshots, unlock doors, and so on.

• Investigator. This template is for investigators. It grants the privileges to use the Monitoring task, view video, control PTZ cameras, record and export video, add bookmarks and incidents, use investigation tasks, manage alarms and visitors, override door unlock schedules, save tasks, and so on.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

101

Managing software security

• Supervisor. This template is for people who have supervisory responsibilities. It grants the same privileges as the Investigator template, plus the privileges to use maintenance tasks, manage cardholders and credentials, modify custom fields, set threat levels, block cameras, and perform people counting.

• Provisioning. This template is for the system installer. It grants almost all configuration privileges, with only a few exceptions (managing roles, macros, users, user groups, custom events, activity trails, threat levels, and audio files).

• Basic AutoVu Operator. This template is for security operators using AutoVu LPR. It grants them privileges to use LPR tasks, configure LPR entities, create LPR rules, monitor LPR events, and so on.

Importing users from an Active Directory Users and user groups can be created by importing them from your corporate directory service. For more information, see "Integrating with Windows Active Directory" on page 140.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

102

Automating system behavior

Automating system behavior Security Center offers you many ways to automate the system’s behavior. This section includes the following topics:

• • • •

"Using schedules" on page 103 "Using event-to-actions" on page 106 "Using scheduled tasks" on page 109 "Using macros" on page 110

Using schedules Schedules are useful in Security Center to dynamically control the behavior and settings of the system based on timetables. This section includes the following topics:

• • • • • •

"What is a schedule?" on page 103 "What is the default schedule?" on page 104 "Warning about time zones" on page 104 "What is a twilight schedule?" on page 104 "Create a schedule" on page 105 "Resolving schedule conflicts" on page 105

What is a schedule? The schedule entity ( ) defines a set of time constraints that can be applied to many situations, such as when a user can log on to the system, when video from a surveillance camera should be recorded, or when access should be granted to a secured area. Each time constraint is characterized by two sets of properties:

• Date coverage. Defines a date pattern, or specific dates to be covered by the schedule. 





Daily. Defines a pattern that repeats every day. Weekly. Defines a pattern that repeats every week. Each day of the week can have a different time coverage. Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date pattern can have a different time coverage. For example, on July 1st every year, on the first Sunday of every month, or on the last Friday of October every year.

Specific. Defines a list of specific dates in the future. Each date can have a different time coverage. This setting is ideal for special events that occur only once. Time coverage. Defines which time periods apply during a 24-hour day. 



gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

103

Automating system behavior





All day. Covers the entire day. Range. Covers one or multiple distinct time periods within the day. For example, from 9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m.



Daytime. From sunrise to sunset. Only supported by twilight schedules.



Nighttime. From sunset to sunrise. Only supported by twilight schedules.

For more information on Daytime and Nighttime settings, see "What is a twilight schedule?" on page 104.

What is the default schedule? When Security Center Directory is installed, a schedule named Always is created by default. This schedule has a 24/7 coverage, and cannot be renamed, modified, nor deleted. This schedule has the lowest priority in terms of schedule conflict resolution. For more information, see "Resolving schedule conflicts" on page 105.

Warning about time zones The time of day for a schedule is based on the local time zone set in each individual context where it is applied. For example, if the schedule is used to set continuous video recording from 9 a.m. to 5 p.m., whether the video unit is in Tokyo or London, the recording will occur on schedule according to the local time. This is due to every video unit having a time zone setting, to control video settings and recordings relative to the unit’s local time. For more information, see "Location" on page 336. When a schedule is applied to an entity that has no time zone settings, such as the logon schedule for a user, the local time is taken from the server hosting the Directory role.

What is a twilight schedule? A twilight schedule ( ) is a special type of schedule that covers either daytime or nighttime. These special time coverages vary according to the day of the year. The calculation of the time of day when the sun rises and sets is based on a geographical location (latitude and longitude). Twilight schedules are designed for situations where the sunlight has an impact on the system’s operation, such as video settings and recording. Some typical uses of the twilight schedules are:

• To record video only during daytime. • To boost the video encoder’s sensitivity after sunset. • To disable motion detection during twilight. Twilight schedules have the following restrictions:

• Cannot be used in any situation involving access control entities. • Requires that the entity it applies to has a geographical location setting, such as video units •

and LPR units. See "Using geographical locations" on page 40. The Weekly option for date coverage is not available.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

104

Automating system behavior

• The All day and Range options for time coverage are not available. • Twilight schedules are not visible in contexts where they are not applicable. For more information, see "Date coverage" on page 103.

Create a schedule Schedules must be created in advance if you plan to use them in any settings. 1 From the Home page in Config Tool, open the System task. 2 Click the Schedules view, and click Schedule (

).

3 In the schedule creation wizard, enter the Basic information, and click Next. For more information, see "Common entity attributes" on page 38. 4 In the Schedule information page, select one of the following: 

Select Standard schedule if you want to be able to use this schedule in all situations.



Select Twilight schedule if you specifically need Daytime or Nighttime coverage.

CAUTION The schedule type cannot be changed after the entity is created. For more information, see "What is a twilight schedule?" on page 104.

5 Click Close. A default daily schedule is created. 6 Click the Properties tab to configure the desired date and time coverage. For more information, see Schedule – "Properties" on page 464. 7 Click Apply.

Resolving schedule conflicts You might have a scheduling conflict when two overlapping schedules are applied to the same function. For example, two schedules applied to the recording of the same camera. Security Center can resolve some of these conflicts by giving priority to the most specific (or restrictive) schedule. The specificity of a schedule is determined by its date coverage option. The following lists the date coverage options in decreasing order of priority: 1 Specific (Runs only once. Highest priority) 2 Ordinal (Repeats on a monthly or yearly basis) 3 Weekly (Repeats every week) 4 Daily (Repeats every day) 5 Always (The default schedule. Has the lowest priority) CAUTION When two overlapping schedules with the same priority level are applied to the same

function, you have an unresolved conflict. An Entity warning is raised by the system, and the entity with the faulty configuration is displayed in yellow in the entity browser. For more information, see "Viewing system messages" on page 168. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

105

Automating system behavior

Using event-to-actions An event-to-action is the coupling of an action to an event, to confer automatic and intelligent behavior to the system. This section includes the following topics:

• • • • •

"What is an event?" on page 106 "What is a custom event?" on page 106 "What is an action?" on page 106 "Create an event-to-action" on page 107 "Search for event-to-actions" on page 108

What is an event? Security Center uses events to record activity on the system. The types of events generated by Security Center vary from entity to entity. For instance: Access denied to a cardholder, Signal lost on a camera, License plate matched to a hotlist, and so on. Some of the ways you can make use of system events are the following:

• View them in Security Desk in real-time. • Have the system record them in event logs for viewing and analysis at a later time. • Configure the system to take action automatically by associating actions to various types of events, such as triggering an alarm, or sending a message. This is called an event-to-action. This is the most powerful and versatile method for handling events. For more information, see "Actions" on page 624. Events can arise from many sources, such as recording started by a user on a camera, a door being left open for too long, or an attempt to use a stolen credential. For a complete list of the predefined event types in Security Center, see "Event types" on page 745.

What is a custom event? In addition to the predefined event types, you can also define custom events to precisely represent each of the various combinations of input signals received from different units on your system. For more information, see "Managing zones" on page 160 and "Custom events" on page 623.

What is an action? An action is a user-programmable function that can be triggered as an automatic response to an event (door held open for too long, or object left unattended) or executed according to a specific time table.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

106

Automating system behavior

For a complete list of the predefined action types in Security Center, see "Action types" on page 758. For other action usages, see "Using scheduled tasks" on page 109.

Create an event-to-action 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Actions page. For more information, see "Actions" on page 624. 3 Click Add an item (

).

4 In the Entity type page, select the type of the source entity and click Next. The source entity is the entity to which the event is attached. 5 In the Source page, select the source entity and click Next. Enter a search string if necessary. Only entities corresponding to the selected type are listed. 6 In the Event page, select an event type and a schedule, and click Next. Only events pertaining to the selected entity type are listed. The schedule determines when the event should occur in order to trigger the action. For example, you might want to sound an alarm only when a window is opened during the weekend. By default, Always is selected.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

107

Automating system behavior

7 In the Action page, select an action type and configure its parameters.

The Next button becomes enabled only when all the arguments required by the selected action type are properly configured. For a full description of all action types you can choose from, see "Action types" on page 758. 8 Click Next. The Creation summary page appears. 9 Verify that all information is correct, click Create, and click Close. If the information is incorrect, click Back and fix the errors. The new event-to-action is added to the list of system actions. For more information, see "Actions" on page 624.

Search for event-to-actions You can search for an event-to-action by any combination of source entity (name and type), event type, and action type. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Actions page. 3 Click Advanced search (

) to show search filters.



Entity name. Search for source entity names starting with the search string.



Entity type. Select a specific source entity type (default=All).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

108

Automating system behavior



Event. Select a specific event type (default=All).



Action. Select a specific action type (default=All).

4 Use the action buttons at the bottom of the page to fix or delete the unwanted event-toactions. For more information, see "Actions" on page 624.

Using scheduled tasks This section includes the following topics:

• "What is a scheduled task?" on page 109 • "Comparison between scheduled tasks and event-to-actions" on page 109 • "Create a scheduled task" on page 109 What is a scheduled task? A scheduled task is an entity that defines an action that executes automatically on a specific date and time, or according to a recurring schedule.

Comparison between scheduled tasks and event-to-actions The similarities between the two concepts are:

• Both have access to the same set of actions. • Both use recurring schedules. The differences between the two concepts are:

• • • •

A scheduled task is saved as an entity, an event-to-action is not. A scheduled task is triggered on schedule, not on event. A scheduled task can be turned on and off. The scheduling options are different: 

Once. Executed once at a specific date and time.



Every minute. Executed every minute.



Hourly. Executed at a specific minute of every hour.



Daily. Executed at a specific time every day.



Weekly. Executed at a specific time on selected days of the week



On startup. Executed on system startup.



Interval. Executed at regular intervals that can be days, hours, minutes, or seconds.

Create a scheduled task This sample procedure creates a scheduled task that synchronizes an Active Directory role. 1 From the Home page in Config Tool, open the System task. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

109

Automating system behavior

2 Click the Scheduled tasks view, and click Scheduled task (

).

A new scheduled task entity appears in the Logical view. 3 Type a name for the scheduled task, and press ENTER. 4 Click the Properties tab. For more information, see Scheduled task – "Properties" on page 470. 5 Set the Status switch to Active. 6 Set the desired Recurrence pattern. a Click on the drop-down list and select Weekly. b Set the desired start time on the scheduled dates. c Select the days of the week when the action is to be executed. 7 Select the type of action to be executed. Additional parameters might be required based on the selected action. For our example, scroll down and click Trigger synchronization, then select the Active Directory role that needs to be synchronized. 8 Click Apply.

Using macros This section includes the following topics:

• "What is a macro?" on page 110 • "Creating macros" on page 110 What is a macro? You can write programs in C# using Security Center SDK to add custom functionality to your system. These programs are loaded into Security Center as macro entities. If you need help to develop custom macros, contact Genetec Professional Services through your sales representative for a quote, or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com.

Creating macros You can write your C# programs with an external text editor, or use the text editor found in Config Tool. For more information, see Macro – "Properties" on page 430.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

110

Managing alarms

Managing alarms This section includes the following topics:

• • • • • •

"What is an alarm?" on page 111 "Create an alarm" on page 112 "Testing alarms" on page 112 "Trigger alarms manually" on page 113 "Trigger alarms automatically using event-to-actions" on page 113 "Responding to alarms" on page 115

What is an alarm? An alarm entity describes a particular trouble situation in Security Center (intrusion, broken window, door forced open, and so on) that requires immediate attention. The basic properties of an alarm are:

• Name. Alarm name. • Priority. Priority of the alarm (1-255), based on the urgency of the situation. Higher priority alarms are displayed first in Security Desk.

• Recipients. Users who are notified when the alarm occurs, and are responsible for responding to the alarm situation. Recipients can be notified all at once, or one after another in a sequence.

• Attached entities. Entities that help describe the alarm situation (for example, cameras, area, doors, and so on). When the alarm is received in Security Desk, the attached entities can be displayed one after another in a sequence or all at once in the canvas, to help you review the situation.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

111

Managing alarms

Create an alarm You create alarms from the Alarms task in Config Tool. 1 From the Home page in Config Tool, open the Alarms task. 2 Click the Alarms view, and click Alarm ( A new alarm entity (

).

) appears in the Logical view.

3 Type a name for the alarm, and press ENTER. Best practice: Provide a name best describes the situation, so it is easy to determine what happened when the alarm is triggered. 4 Click the Properties tab, configure the essential properties, and click Apply. For more information, see "Properties" on page 352. 5 Click the Advanced tab, configure the advanced settings, and click Apply. For more information, see "Advanced" on page 354. After you are done: Test the alarm you just created. See "Testing alarms" on page 112.

Testing alarms The simplest way to test an alarm is to trigger it manually from Config Tool, and make sure you receive it in Security Desk. Before you begin: Log on to Security Desk as one of the alarm recipients. 1 From the Home page in Config Tool, open the Alarms task. 2 Click the Alarms view, and select the alarm to test. 3 In the Contextual commands toolbar, click Trigger alarm (

).

The triggered alarm should appear in the Security Desk notification tray, and in the alarm list in the Alarm monitoring task. The Alarm monitoring task opens automatically if Security Desk is configured open the task when an alarm is triggered. To set this behavior, see “Customizing alarm behavior” in the Security Desk User Guide. If the Alarm monitoring task does not open automatically, doubleclick the alarm icon in the Security Desk notification tray to open it.

Troubleshooting alarms If you do not receive an alarm, check the following:

• Is the alarm schedule preventing you from triggering the alarm at this moment? • Does the alarm recipient have the correct privileges to receive alarms (Alarm monitoring and Acknowledge alarms)? gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

112

Managing alarms

Trigger alarms manually When you observe a trouble situation happening in Security Center, you can manually trigger an alarm. To trigger an alarm manually:

• Do one of the following: 





In the Alarms task in Config Tool, select an alarm, and then in the Contextual commands toolbar, click Trigger alarm ( ). In the notification tray in Security Desk, click Hot actions ( Trigger alarm ( ), select an alarm, and then click OK.

) > Manual action. Click

In the Alarm monitoring task in Security Desk, click Trigger alarm ( alarm, and click Trigger alarm.

), select an

Trigger alarms automatically using event-to-actions You can configure events that occur to trigger alarms, using event-to-actions. This is the most common way alarms are triggered. NOTE If an alarm is triggered and displayed in the canvas and the triggering event is caused by

an entity that is associated with cameras (for example a door), then the associated cameras are displayed in the canvas before the entities attached to the alarm. For more information, see Alarm – Properties – "Attached entities" on page 353. For more information about creating event-to-actions, see "Using event-to-actions" on page 106. To trigger an alarm automatically: 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view. 3 Click the Actions tab, and click

.

4 In the Entity type page, select an entity type, and click Next. The source entity is the entity that the event is attached to. 5 In the Source page, select the source entity and click Next. 6 In the Event page, select an event type Only events related to the selected entity type are listed. For a list of events available in Security Center, see "Event types" on page 745. 7 Select a schedule, and click Next. The schedule determines when the event will trigger the action. For example, you might want to trigger an alarm only when a window is opened during the weekend. By default, Always is selected. 8 In the Action page, select Trigger alarm. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

113

Managing alarms

9 From the Alarm drop-down list, select an alarm to trigger. 10 (Optional) From the Acknowledgement condition drop-down list, select an event that must be triggered before the alarm can be acknowledged. This option is only available when you select some source event types. For a list of event types that could require an acknowledgement condition to be cleared before the alarm can be acknowledged, see "Event types that could require an acknowledgement conditions" on page 114. 11 To require a user to acknowledge the alarm after the acknowledgement condition is cleared, select the User acknowledgement required option. If you clear this option, the alarm is automatically acknowledged when the acknowledgement condition is cleared. 12 Click Next > Create > Close.

Event types that could require an acknowledgement conditions For some event-to-actions that trigger alarms, you can configure them so that a second event must be triggered before the triggered alarm can be acknowledged. The second event is the acknowledgement condition. The following is a list of event types that allow you to select an acknowledgement condition that must be cleared before the alarm can be acknowledged. Source event type

Entity type

Acknowledgement condition

AC fail

Access control unit, Intrusion detection unit

AC fail input normal

Application lost

Roles

Application online

Asset offline

Asset

Asset online

Asset online

Asset

Asset offline

Battery fail

Access control unit, Intrusion detection unit

Battery fail input normal

Door forced open

Door

Door closed

Door opened

Door

Door closed

Door opened too long

Door

Door closed

Hardware tamper

Access control unit, Intrusion detection unit, Zone (hardware)

Input normal

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

114

Managing alarms

Source event type

Entity type

Acknowledgement condition

Intrusion detection area alarm activated

Intrusion detection area

• • • •

Intrusion detection area input bypass activated

Intrusion detection area

Input bypass deactivated

Manual station activated

Door

Manual station reverted to normal state

Signal lost

Camera

Signal recovered

Unit lost

Access control unit, Intrusion detection unit, LPR unit, Video unit

Unit online

Zone armed/ disarmeda

Zone

• Zone state normal • Zone state active

Disarmed (not ready) Disarmed (ready to arm) Master armed Perimeter armed

a. Events that are associated with the normal, active, and trouble states of a zone can also be configured with an acknowledgement condition. For more information about zone states, see "Properties" on page 503.

Responding to alarms You respond to active alarms from the Alarm monitoring task in Security Desk. When you receive an alarm, you can snooze the alarm, forward it to a colleague, or acknowledge it. The alarm can also be automatically acknowledged after a period of time, if it is configured that way. For alarms with an acknowledgement condition, the process is a bit different. Before the acknowledgement condition is cleared, you can investigate the alarm to let other users know you have seen it, and are taking care of it. You can only acknowledge the alarm after the acknowledgement condition is cleared. The alarm can also be automatically acknowledged by the system after the acknowledgement condition is cleared, if it is configured that way. EXAMPLE A Unit lost event occurs, which triggers an alarm with an acknowledgement

condition of Unit online. Before the unit comes back online, the alarm can be snoozed, forwarded, investigated, or an administrator can forcibly acknowledge it. After the event Unit online occurs, the alarm can be acknowledged. NOTE Administrators can force all local alarms to be acknowledged at any time, even if the acknowledgement condition is not cleared.

For more information on acknowledging alarms, see “Acknowledging alarms” in the Security Desk User Guide. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

115

Managing alarms

Investigating current and past alarms You can search for and examine current and past alarms, using the Alarm report task in Security Desk. For more information about using the Alarm report task, see “Investigating current and past alarms” in the Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

116

Managing threat levels

Managing threat levels This section includes the following topics:

• • • • • • • •

"What are threat levels for?" on page 117 "Differences between threat levels and alarms" on page 117 "Create a threat level" on page 119 "Configuring threat level actions" on page 121 "Actions exclusive to threat levels" on page 122 "Threat level limitations" on page 122 "Threat level scenarios" on page 123 "Threat level related tasks" on page 127

What are threat levels for? A threat is a potentially dangerous situation, such as a fire or a shooting, that requires immediate response from the system and the security personnel. A threat could affect only one area or the entire system. As the Security Center administrator, you define threat levels to help the security personnel deal promptly with threatening situations. Each threat level is characterized by a name and a color, and associated to two lists of actions that the system executes automatically, one when the threat level is set, and another one when the threat level is cleared. The full range of Security Center actions is at your disposal to dictate the behavior of the system, plus some actions that are unique to threat levels, such as denying certain cardholders access to areas in your system, or forcing certain users to log off from the system. Threat levels are set by Security Desk operators when a situation calls for such an action. The operator must have the Set threat level privilege. The operator can set a threat level on an area or on the entire system (includes all areas). For more information on dealing with threats from an operator’s perspective, see “Set threat levels” in the Security Desk User Guide.

Differences between threat levels and alarms The following table highlights the differences between threat levels and alarms. For more information on alarms, see "Managing alarms" on page 111. Characteristics

Alarm

Threat level

Purpose

Deals with localized events, such as a forced entry or an object being left unattended in a public area.

Deals with widespread events affecting an whole area or the entire system, such as a fire or a shooting.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

117

Managing threat levels

Characteristics

Alarm

Threat level

Configuration privileges

• Config Tool • Add/delete alarms • Modify alarms

Only administrative users can configure threat levels.

Activation

Typically triggered by an event-toaction. Can also be triggered by a manual action.

Typically set manually by a Security Desk operator. Can also be set by an event-to-action.

System response on activation

Recording starts automatically on cameras associated to the alarm.

The threat level activation action list is automatically executed.

Notification method

The alarm icon turns red in the Security Desk notification tray. Depending on your Security Desk configuration, the Alarm monitoring task might be brought to the foreground.

The threat level icon turns red in the Security Desk notification tray. When a threat level is set at the system level, the background of Security Desk turns to the color of the threat level.

Who gets the notification?

Security Desk users configured as alarm recipients.

All Security Desk users.

Event ranking

Alarms are ranked according to their priority level (1=highest, 255=lowest). Higher priority alarms are displayed first. When the priority level is the same, the most recent is displayed first.

Threat levels are independent of each other. Only one threat level can be set on an area at any given time. The last threat level set overrides the previous one.

Deactivation

A Security Desk user (alarm recipient) must acknowledge the alarm. Alarms can also be automatically acknowledged by the system after a specified delay or when the acknowledgment condition is met.

A Security Desk user must manually clear the threat level or set a different threat level. A threat level can also be automatically cleared using an event-toaction (Set threat level to None).

System response on deactivation

The acknowledged alarm is removed from all active alarm list (Alarm monitoring task in Security Desk).

The threat level deactivation action list is automatically executed.

Related events

• • • • • •

• Threat level set • Threat level cleared

Alarm triggered Alarm being investigated Alarm condition cleared Alarm acknowledged Alarm acknowledged (Alternate) Alarm forcibly acknowledged

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

118

Managing threat levels

Characteristics

Alarm

Threat level

Operator privileges

• • • • • • •

Security Desk (Application) Alarm monitoring (Task) Alarm report (Task) Trigger alarms (Action) Snooze alarms (Action) Forward alarms (Action) Acknowledge alarms (Action) NOTE Only administrative users can forcibly acknowledge alarms.

• Security Desk (Application) • Set threat level (Action) The same privilege is used for both setting and clearing threat levels. To clear a threat level is to set it to None. NOTE The threat level activation and deactivation actions are carried out by the system, independently of the operator’s privileges.

Exclusive actions

None.

• Set minimum security clearance • Set minimum user level • Set reader mode For more information, see "Actions exclusive to threat levels" on page 122.

Create a threat level Only administrative users can configure threat levels. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view and select the Threat levels page. For a description of this page, see "Threat levels" on page 629. 3 At the bottom of the threat level list, click Add an item (

).

The Threat level configuration dialog box appears. 4 Enter the Name, Description, Logical ID (optional), and Color of the threat level. Make sure you choose a distinctive color for each threat level. The threat level color is used to color the Security Desk background when the threat level is set at the system level. 5 Configure the threat level Activation actions. These actions are executed by the system when the threat level is set, independently of the privileges and permissions of the user who set the threat level. For information on what actions you can configure, see "Configuring threat level actions" on page 121 and "Actions exclusive to threat levels" on page 122. 6 Configure the threat level Deactivation actions. These actions are executed by the system when the threat level is cleared or overwritten by another one, independently of the privileges and permissions of the user who cleared the threat level. CAUTION The system does not automatically revert the configuration back to what it was before the threat level was set. You need to explicitly configure the deactivation actions to take care of that. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

119

Managing threat levels

7 Click OK to close the configuration dialog box. A new threat level (

) appears in the threat level list.

8 Click Apply. After you are done: Do the following:

• Grant Set threat level privilege to all users who need to set threat levels. NOTE For users who need to set system threat levels, they must be accepted users of the

Public partition. For more information, see "Action privileges" on page 708.

• (Optional) Configure additional threat level activation and deactivation actions for specific areas. For more information, see "Threat levels" on page 362.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

120

Managing threat levels

Configuring threat level actions Actions in Security Center typically affect a single target entity (see "Action types" on page 758). However, when actions are used to configure threat levels, the scope of many of them can be extended to all entities found under the area where the threat level is set that match the type of the target entity. For example, the action Start recording normally applies to a specific camera. If you select All entities for the Camera argument, recording will start on all cameras found under the area where the threat level is set.

NOTE If you select a specific entity for your action, the action will be applied to the selected entity regardless whether the entity is found under the area where the threat level is set or not.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

121

Managing threat levels

Actions exclusive to threat levels The following actions are unique to threat level configuration. Action name

Target entity

Description

Set minimum security clearance

area (Location)

Sets the minimum security clearance level required from cardholders to access the area on top of the restrictions imposed by the access rules. Additional parameter: • Security clearance. The minimum security clearance level required for the selected area. (0=highest level, 99=lowest level or no special clearance required). NOTE The security clearance is only visible to administrative users. This action only works with door controllers that support this feature. The range of supported values might vary, depending on the access control hardware.

Set minimum user level

N/A

Logs out users with a lower user level than the one you specify when a threat level is set, and prevents them from logging back on. Additional parameter: • User level. The minimum user level (1=highest level, 254=lowest level) required to log on to the system, or to stay logged on to the system. NOTE This action is only executed when the threat level is set of the system level. If the user setting the threat level has a user level below the required minimum, that user will be logged off the system the moment the threat level is set.

Set reader mode

area, door (Location)

Sets the reader mode for accessing doors. Additional parameter: • Reader mode. Select whether access is granted using Card and PIN, or Card or PIN, for the selected areas. NOTE This action only works with door controllers and readers that support this feature.

Threat level limitations The following limitations apply when using the threat level feature:

• Threat levels work independently of partitions. Therefore, a threat level set at the system •

level by the users of one partition might affect the entities belonging to another partition, if the actions have a generic scope (applied to All entities). Threat levels cannot be applied to federated areas.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

122

Managing threat levels

Threat level scenarios The following scenarios serve to illustrate the use of threat levels.

• "Scenario #1: Fire" on page 123 • "Scenario #2: Gunman" on page 125 Related topics:

• “Set threat levels” in the Security Desk User Guide • “Clear threat levels” in the Security Desk User Guide Scenario #1: Fire In case a fire breaks out, we want the system to respond immediately with the following actions:

• Sound the fire alarm NOTE For the sake of illustration. Not a recommended practice.

• Unlock all doors to let people evacuate NOTE For the sake of illustration. Not a recommended practice.

• Log off all low priority users to free as much resources (especially network bandwidth) as •

possible for high priority users to manage the current threat. Record the entire evacuation process at high video quality for as long as it lasts.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

123

Managing threat levels

The threat level configured to handle a fire could be as follows:

When an operator sets this threat level, the following actions are executed by the system:

• Trigger output. Sounds the fire alarm by sending the Fire alarm output behavior to the output pin Building Exit - Output-1, assuming that this is where the alarm bell is connected.

• Set the door maintenance mode. Sets all doors within the area where the threat level is set to maintenance mode, effectively unlocking all of them for an indefinite period of time. This is better than using the Unlock door explicitly action which only unlocks the doors for a few seconds.

• Set minimum user level. Immediately logs off all users with a user level lower than 1, basically every one that is not an administrator, encouraging them to leave their desk at once, as well as stopping all unnecessary activity on the network, so the administrators can have as much bandwidth as possible at their disposal to deal with the situation.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

124

Managing threat levels

NOTE This action is only executed if the threat level is set at the system level. So if the fire is

limited to one area, we do not want to log off everyone from the system.

• Override with event recording quality. Boosts the recording quality of all cameras within the area where the threat level is set to event recording quality. For more information, see "Boost quality on event recording" on page 376.

• Start recording. Starts recording on all cameras within the area where the threat level is set for an infinite duration, or until it the Stop recording command is issued. When an operator clears this threat level, the following actions are executed by the system:

• Trigger output. Stops the fire alarm by sending the Normal output behavior to the output pin Building Exit - Output-1.

• Set the door maintenance mode. Turns off the maintenance mode on all doors within the area where the threat level is set. This effectively restores all doors to their normal behavior.

• Set minimum user level. Resets the minimum user level to 254 (the lowest value), allowing all users to log back on.

• Recording quality as standard configuration. Restores the standard recording quality on all cameras within the area where the threat level is set.

• Stop recording. Stops recording on all cameras within the area where the threat level is set. This action will not stop the recording on cameras that are on a continuous recording schedule.

Scenario #2: Gunman In case a gunman or a shooter is spotted, we want the system to respond immediately with the following actions:

• • • •

Block access to where the gunman/shooter is from innocent bystanders. Record the shooting incident in high quality video as evidence in court. Protect the video recordings of the whole event against accidental deletion. Block the sensitive video footage from the public eye in case some of the video streams are shown on public web sites.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

125

Managing threat levels

The threat level configured to handle a gunman/shooter could be as follows:

When an operator sets this threat level, the following actions are executed by the system:

• Set minimum security clearance. Prevents the cardholders who have a security clearance lower than 5 (between 6-99) from entering the area where the gunman is, and hopefully, preventing the gunman from getting out. NOTE This configuration assumes that only armed security personnel have a clearance level higher than 5 (between 0-5), and that security operators continue to monitor all exits and can manually unlock doors to let the innocent people out.

• Override with event recording quality. Boosts the recording quality of all cameras within the area where the threat level is set to event recording quality. For more information, see "Boost quality on event recording" on page 376.

• Start recording. Starts recording on all cameras within the area where the threat level is set for an infinite duration, or until it the Stop recording command is issued. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

126

Managing threat levels

• Start applying video protection. Starts protecting the videos recorded from the cameras within the area where the threat level is set, from now until the Stop applying video protection command is issued, for an unlimited period of time.

• Block and unblock video. Block all users with a user level lower than 5 from viewing the video from the cameras within the area where the threat level is set, from now until the video blocking is explicitly stopped, for an unlimited period of time. NOTE This configuration assumes that all security personnel has a user level higher than 5

and can continue to monitor the scene. When an operator clears this threat level, the following actions are executed by the system:

• Set minimum security clearance. Restore normal access to the area to all cardholders by setting the security clearance to 99 (the lowest level).

• Recording quality as standard configuration. Restores the standard recording quality on all cameras within the area where the threat level is set.

• Stop recording. Stops recording on all cameras within the area where the threat level is set after 30 seconds. This action will not stop the recording on cameras that are on a continuous recording schedule.

• Stop applying video protection. Stops protecting the videos recorded from the cameras within the area where the threat level is set, after one minute.

• Block and unblock video. Unblock all cameras within the area where the threat level is set. The video recorded during the time when the threat level was active will remain blocked for playback to the users whose user level is lower than 5.

Threat level related tasks You can monitor threat level related activities with the following maintenance tasks:

• System status. Use this task to monitor the threat level and security clearance set on each areas. See "Monitoring the status of your system" on page 177.

• Activity trails. Use this task to find out when threat levels have been set and cleared, and who did it. See "Investigating user related activity on the system" on page 182.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

127

Federating remote systems

Federating remote systems The Federation™ is a virtual system formed by joining multiple independent Genetec IP security systems together. The purpose of the Federation is to allow the users on your local system to view and control the entities belonging to independent remote systems as if they were on your local system. This section includes the following topics:

• • • • •

"Types of federations" on page 128 "What are federated entities?" on page 128 "Federating Omnicast systems" on page 131 "Federating Security Center systems" on page 133 "Advanced settings for large federations" on page 134

Types of federations Security Center can join (or federate) Omnicast 4.x systems and other Security Center systems into a large federation. The system that joins other systems together is called the Federation host. Security Center does this by creating a specific federation role for each system it needs to unify. Two types of federation roles are available:

• Omnicast Federation. Federates an Omnicast 4.x system so that its cameras and events can be used in your local system. For more information, see "Federating Omnicast systems" on page 131.

• Security Center Federation. Federates an independent Security Center system so that its entities can be used in your local system. For more information, see "Federating Security Center systems" on page 133.

What are federated entities? Federated entities are entities imported from remote independent systems. They do not belong to your local system. You can view and manipulate them in your local system, but you cannot change their native settings.

Identification of federated entities Federated entities are easily identifiable by the yellow arrow that is superimposed on their entity icon. The following are some examples of federated entities:

• • •

– Federated area entity (they are called sites in Omnicast) – Federated alarm entity – Federated fixed camera entity

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

128

Federating remote systems

• • • • • • • •

– Federated dome camera entity – Federated camera sequence entity – Federated virtual camera entity (Omnicast only) – Federated cash register entity – Federated door entity (Security Center only) – Federated elevator entity (Security Center only) – Federated cardholder entity (Security Center only) – Federated credential entity (Security Center only)

Using federated entities You can perform the following operations on federated entities in Security Desk:

• • • •

View live or playback video from federated cameras. Add bookmarks, start/stop recording, and export video from federated cameras. Control the PTZ on federated dome cameras (except PTZ locking). Switch cameras on CCTV matrices via virtual cameras federated from Omnicast 4.x. For more information, see "Federating Omnicast systems" on page 131.

• View, start/stop cycling, pack/unpack federated camera sequences. For more information, see "Limitations with Omnicast Federation" on page 131.

• Receive, acknowledge, snooze, forward, start/stop cycling, pack/unpack federated alarms. For more information, see "Exceptions regarding federated alarms" on page 130 and "Limitations with Omnicast Federation" on page 131.

• • • •

View and control federated tile plugins. Lock/unlock federated doors. Arm/disarm federated intrusion detection areas. Arm/disarm federated zones.

Can federated entities be configured locally? Most federated entity properties cannot be changed on your local system, but you can use the federated entities to configure your local entities.

• You cannot change their name and description. • You cannot change any attributes that inherently defines the entity. This includes most •

properties defined in the entity configuration tabs, although you can view them. You can assign a logical ID to each federated entity. The logical ID is a local attribute associated with the federated entity to uniquely identify it within the Federation.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

129

Federating remote systems

• You can choose what events you want to receive from the federated system. Based on these events, you can define event-to-actions for the federated entities. The actions can either be executed on the Federation host or on the federated system. You can view their activity and audit trail reports in the Reporting tab.

• • You can control the visibility of the federated entities to your local users via partitions. • You can configure the visual tracking for cameras federated from Omnicast systems. • You can use them in the configuration of local entities, such as attaching federated cameras to local entities, or use them to define local alarms and camera sequences.

Exceptions regarding federated alarms Not all alarm properties are federated. Most properties pertaining to the alarm display in Security Desk must be configured locally on the Federation host. The exceptions for federated alarms are the following:

• The alarm schedule follows the original configuration of the remote system. Since schedule •

entities are not federated, the default schedule Always is shown instead. Alarm priority: 

Omnicast: Original value is not federated. You can redefine it (default=1) locally on the Federation host.

Security Center: Original value is federated and cannot be modified. Reactivation threshold is an inherent property of the alarm and cannot be modified. 

• • Entity cycling is a local property to the Federation host. You can change its setting and it will not affect the federated system. Automatic acknowledgement is an inherent property of the alarm and cannot be modified.

• • Create an incident on acknowledgement is a local property to the Federation host. You can change its setting and it will not affect the federated system. Automatic video recording is an inherent property of the alarm and cannot be modified.

• • Protect recorded video is an inherent property of the alarm and cannot be modified. • Video display is a local property to the Federation host. You can change its setting and it will not affect the federated system.

• Alarm procedure (URL): 

Omnicast: Original value is not federated. You can redefine it locally on the Federation host.

Security Center: Original value is federated and cannot be modified. Attached entities are federated as far as they are federated entities. The list is an inherent property of the alarm and cannot be modified. Alarm recipients must always be configured locally for the Federation host. 

• •

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

130

Federating remote systems

Related topics:

• "Alarm" on page 351

Federating Omnicast systems The Omnicast Federation role acts as a proxy between your local clients and the remote Omnicast system they need to connect to. For the exact versions of Omnicast 4.x systems supported in this release, see the Security Center Release Notes.

Limitations with Omnicast Federation Federating an Omnicast system has the following limitations:

• Alarms are federated, but the alarm priority and the alarm procedure must be configured • •

locally on the Federation host. For more information, see "Exceptions regarding federated alarms" on page 130. Some playback capabilities are not supported on federated cameras. Smooth reverse playback is not available and the rewind speed is limited to -10x, -20x, -40x, and -100x. Camera sequences are federated, but they behave as a single camera on the Federation host. This means that the users on the Federation host cannot unpack nor stop the camera cycling on camera sequences ( ) federated from Omnicast.

• Sites ( ) are federated as areas ( ) in Security Center. • Sites with a Map (URL) property ( ) are federated as areas (

) with a Web page tile

plugin attached.

Configure an Omnicast federation Before you begin: The Omnicast Compatibility Pack corresponding to the version of the Omnicast system you plan to federate must first be installed on the server where the federation role is to be hosted, and on the client workstation where Config Tool is running. The same Compatibility pack must also be installed on all secondary servers you plan to assign to the federation role, and all Security Desk workstations viewing the federated cameras. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view. 3 Click Add an entity (

), and click Omnicast Federation.

4 From the Server drop-down list, select the primary server for this role. NOTE The Compatibility pack corresponding to the Omnicast system you wish to federate

must be pre-installed on that server. 5 In the Directory field, enter the name of the Omnicast Gateway connecting you to the remote Omnicast system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

131

Federating remote systems

6 In the next two fields, enter the username and password that the federation role is going to use to log on to the remote Omnicast system. The rights and privileges of that user determine what your local users will be able to see and do on the federated remote system. 7 From the Version drop-down list, select the version of the remote Omnicast system. This drop-down list only shows the Omnicast versions for which a compatibility pack is installed. 8 In the Federated events section, select the types of event that you want to receive on the your local system, and click Next. Events are necessary if you plan to monitor the federated entities in Security Desk, or to configure event-to-actions for the federated entities. 9 Click Next. 10 Enter the Basic information for this role, and click Next. All federated entities are created in the partition you select. 11 Confirm the information displayed on the Creation summary page. 12 Click Create, and click Close. The new federation role (

) is created.

13 If you plan to host more than 40 Omnicast Federation roles on the same server, you need to assign a different role group to every 40 roles you create. For more information, see "Advanced settings for large federations" on page 134. 14 Click the Properties tab, and finalize the role configuration. For more information, see "Properties" on page 592. 15 Open the Logical view task in Config Tool. You should see the new federation role ( ) in the Logical view. Expand this entity to see all the federated entities imported by this role. The entity hierarchy corresponds to the Logical view on the federated remote system. For more information, see "Omnicast Federation" on page 590.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

132

Federating remote systems

Federating Security Center systems The Security Center Federation role acts as a proxy between your local clients and the remote Security Center system they need to connect to. For the exact version of Security Center systems supported by the release you have, see the Security Center Release Notes. 1 From the Home page in Config Tool, open the System task. 2 Click Add an entity (

), and click Security Center Federation.

3 From the Server drop-down list, select the primary server for this role. 4 In the Directory field, enter the Directory server name of the remote Security Center system. 5 In the next two fields, enter the username and password that the federation role is going to use to log on to the remote Security Center system, and click Next. The rights and privileges of that user determine what your local users will be able to see and do on the federated remote system. 6 Click Next. 7 Enter the Basic information for this role, and click Next. All federated entities are created in the partition you select. 8 Confirm the information displayed on the Creation summary page. 9 Click Create, and click Close. The new federation role (

) is created.

10 If you plan to host more than 100 Security Center Federation roles on the same server, you need to assign a different role group to every 100 roles you create. For more information, see "Advanced settings for large federations" on page 134. 11 Click the Properties tab, and complete the role configuration. For more information, see "Properties" on page 603. 12 Open the Logical view task in Config Tool. You should see the new federation role ( ) in the Logical view. Expand this entity to see all the federated entities imported by this role. The entity hierarchy corresponds to the Logical view on the federated remote system. For more information, see "Security Center Federation" on page 601.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

133

Federating remote systems

Advanced settings for large federations On a large scale deployment, Security Center can federate thousands of independent remote systems. However, there are hardware and software limitations you need to consider. The number of federation roles you can host on a single server depends on the following:

• Type of federation roles you are hosting. • Number of federation roles you are hosting. • Type of computer running Genetec Server. 

Low capacity: Intel Core 2 Duo 3.0 GHz, 2 GB RAM



Medium capacity: Dual Core Intel Xeon 2.66 GHz, 4 GB RAM



High capacity: Quad Core Intel® Xeon®, 2.00 GHz, 4 GB of RAM

What is a role group? When a large number of federation roles are hosted on the same server, they need to be divided into multiple role groups. All roles belonging to the same role group are executed by the same process on the same machine. There is a limit to the number of roles a single process can handle. The following table helps determine how many role groups you need on your server. NOTE These calculations assume that each federated system (either an Omnicast system or a Security Center system) has 150 cameras. Role type

Number of federation roles supported on a single server

Single role group (Any hardware profile)

Multiple role groups (Low and Medium capacity hardware profiles)

Multiple role groups (High capacity hardware profile)

Omnicast Federation

40

Contact Genetec Technical Assistance (see "Technical support" on page 869)

100

Security Center Federation

100

Contact Genetec Technical Assistance (see "Technical support" on page 869)

500

EXAMPLES

• A single role group can have up to 40 Omnicast Federation roles. Therefore, a high capacity



computer hosting 100 Omnicast Federation roles requires three separate role groups, divided as follows: 30 roles on the first group, 30 roles on the second group, and 40 roles on the third group. A single role group can have up to 100 Security Center Federation roles. Therefore, a high capacity computer hosting 500 Security Center Federation roles requires five separate role groups.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

134

Federating remote systems

Configure the role group You need to configure the role group for federation roles only when you have a large number of roles to host on the same server. 1 From the Home page in Config Tool, open the System task. 2 Click the Role view, and select the role entity to configure. 3 Click the Identity tab. 4 In the Name field, type Ctrl+Shift+A. The Advanced settings appear at the bottom of the tab. 5 Change the Role group if necessary. To determine how many roles you can put in the same group, see "What is a role group?" on page 134. 6 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

135

Defining custom fields and data types

Defining custom fields and data types This section includes the following topics:

• • • •

"Why use custom fields?" on page 136 "Add a custom field" on page 136 "Add a custom data type" on page 138 "Modify a custom data type" on page 139

Why use custom fields? Custom fields can be added to some types of entities. These fields can be used to collect additional information. For example, you can add gender, home phone number, and cellphone as custom fields on a user entity. Custom fields are also useful for holding additional information when users and cardholders are imported from your company’s Active Directory. For more information, see "Integrating with Windows Active Directory" on page 140. Custom fields can be of any type and you can define them yourself. Once added, the custom field is available in all database reports and queries. When custom fields contain private information, you can restrict their access to contain groups of users.

Add a custom field Before you begin: A custom field can be based on a standard data type or a custom data type. Custom data types must be created beforehand if they are to be used to create custom fields. For more information, see "Add a custom data type" on page 138. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Custom fields page. For more information, see "Custom fields" on page 619.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

136

Defining custom fields and data types

3 Click

at the bottom of the custom field list.

The Add custom field dialog box appears.

4 From the Entity type drop-down list, select the entity type. 5 From the Data type drop-down list, select the data type for this field. Both standard and custom data types are listed. The standard data types are: 

Text. Alphanumeric text.



Numeric. Integers in the range -2147483648 to 2147483647.



Decimal. Real numbers from -1E28 to 1E28.



Date. Gregorian calendar date and time.



Boolean. Boolean data, represented by a check box.



Image. Image file. The supported formats are: bmp, jpg, gif, and png.



Entity. Security Center entity. Users will have to use the Search tool to set the value for this type of field. See "Search for entities using the Search tool" on page 43.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

137

Defining custom fields and data types

6 In the Name field, type the name for this custom field. 7 (Optional) In Default value field, type or select the default value for this field. 8 Depending on the selected data type, the following additional options appear: 

Mandatory. Select it if this custom field cannot be empty.



Value must be unique. Select it if the value of this custom field must be unique.

NOTE The unique value option can only be enforced after the field is created. To enforce this

option, you must first make sure that all entities in your system have a distinct value for this custom field, then come back to this tab to apply the unique value option to it. 9 (Optional) Under the Layout section, type the Group name, and select the Priority from the drop-down list. These two attributes are used when displaying the field in the Custom fields tab of associated entity. The group name is used as the group heading, and the priority dictates the display order of the field within the group. 10 (Optional) Under the Security section, click to add users and user groups that will be able to see this custom field. By default, only administrative users can see a custom field. 11 Click Save and close. The new custom field is available in the Custom fields tab of the selected entity type and can be used in reports. For an example, see Common configuration tabs – "Custom fields" on page 335.

Add a custom data type Custom data types define a list of values based on a standard data type. Custom data types appear in a drop-down list in the Custom fields tab of the entity’s configuration page. 1 From the Home page in Config Tool, open the System task. 2 Click the General settings view, then click the Custom fields page. 3 Click the Custom data types tab. For more information, see System – General settings – "Custom data types" on page 621. 4 Click

at the bottom of the custom data type list.

The custom data type creation wizard appears. 5 In the Edit custom data type page, enter the Name, Description, and Type for your custom data type, and click Next. 6 In the Data entry page, enter a value in the Value field and click

.

The entered value is added to the enumerated list. 7 Repeat Step 6 to define all possible values for this data type. 8 When you are finished, click Next, Next, and Close.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

138

Defining custom fields and data types

Modify a custom data type Before you begin: You can modify a custom data type even after it is being used in a custom field. For instance:

• You can rename a custom data type. • You can add new values to the custom data type. • You can delete a value as long as it is not used as the default value for a custom field. If you delete a value that is already being used by an entity, the value of that custom field for that entity is replaced by its default value. But there are restrictions:

• You cannot change the standard data type on which the custom data type is based. • Modifying a value is equivalent to deleting the old value and adding a new value. NOTE Suppose you have a custom data type with the possible values of A, B, and C, and a

custom field based on this custom data type with A as its default value. If you change the value C to D in the custom data type, the entities using the value C for this custom field will not see their values change to D, but to A (the default value). To modify a custom data type:

• Select it in the Custom data types tab, click

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

, and follow the wizard.

139

Integrating with Windows Active Directory

Integrating with Windows Active Directory This section includes the following topics:

• • • • • • • • • • • • •

"What is Active Directory integration?" on page 140 "What are the benefits of AD integration?" on page 140 "How does Active Directory integration work?" on page 141 "What information can be synchronized with the AD?" on page 142 "How does synchronization work?" on page 142 "Import security groups from an Active Directory" on page 143 "Select which cardholder fields to synchronize with the AD" on page 146 "Mapping the credential card format to an AD attribute" on page 147 "Map custom fields to synchronize with the AD" on page 148 "Resolve conflicts due to imported entities" on page 149 "Modifying imported users" on page 151 "Modifying imported cardholders" on page 151 "Logging on with an Active Directory user" on page 153

What is Active Directory integration? The integration of Windows Active Directory (AD) into Security Center allows you to manage all personnel security information from a single location, whether it is for logical security (IT) or for physical security (control access to physical locations). You can import security groups from an AD into Security Center as user groups and/or cardholder groups. Members can be imported as users and/or cardholders. Both standard and custom attributes can be imported from the AD. Most imported fields can only be modified within the AD and are read-only in Security Center. You can import entities from more than one AD if necessary. For example, from Security Center, you can manage access to a facility shared by multiple companies, such as an office building. As system administrator, you can import users and/or cardholders from their individual Active Directories, and manage them in separate partitions.

What are the benefits of AD integration? Having a centralized security information management system provides many benefits.

• Less data entry means fewer errors and better control during initial Security Center setup, since users and cardholders can be imported from an existing AD.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

140

Integrating with Windows Active Directory

• Consistency and better security since all shared information is entered only once. 

A new user account added to an imported security group automatically adds a new user and/or cardholder in Security Center.

A user account that is disabled in the AD automatically disables the corresponding user and/or cardholder in Security Center. Single logon capability for synchronized Security Center users. 



Users logged on to Windows do not have to log on to Security Center.

How does Active Directory integration work? To import users and/or cardholders from one or more ADs, you need to create an Active Directory role for each AD. The Active Directory role connects your Security Center system to an Active Directory server, and imports users and/or cardholders from selected security groups. Imported entities are identified in Security Center by a yellow arrow ( ) superimposed on the regular entity icon. Through a process called synchronization, the Active Directory role also keeps all imported entities up-to-date with changes made on the AD. Another function of the Active Directory role is to pass the logon credentials of imported users to the AD service for validation.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

141

Integrating with Windows Active Directory

How does synchronization work? All imported entities are synchronized with their source by the Active Directory role. Most of the attributes imported from the AD are read-only in Security Center, except for a few cardholder properties (see "Modifying imported users" on page 151 and "Modifying imported cardholders" on page 151). Imported entities cannot be deleted unless they are deleted from the AD. CAUTION If you move a security account from a synchronized AD security group to one that is not synchronized, it is as though the account ceases to exist in Security Center. The Active Directory role deletes the corresponding entities (users and/or cardholders) from Security Center the next time it synchronizes with the AD.

Synchronization is always initiated from Security Center. There are two ways that you can start synchronization:

• Manually. Synchronization is performed when you explicitly request it. This is the default setting. The advantage of this approach is that you have perfect control over when you want the synchronization to be done.

• On schedule. The imported groups are synchronized using a scheduled task. For more information, see "Using scheduled tasks" on page 109.

What information can be synchronized with the AD? Both standard and custom Security Center fields can be imported from the AD, and kept synchronized with the AD. You can choose which user group, user, cardholder group, and cardholder fields to import from the AD in the Links tab of the Active Directory role. The standard attributes you can import from the AD are:

• User group 

Name



Description

Email address User 





Username



Password



Description



Membership in the imported user group



First name



Last name



Email address



Account status: Active or Inactive

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

142

Integrating with Windows Active Directory

• Cardholder group 

Name



Description

Email address Cardholder 





Cardholder name



Description



Membership in the imported cardholder group



First name



Last name



Email address



Partition



Cardholder picture



Profile status: Active or Inactive



Card data



Card format



Card number



Credential name



Credential partition



Credential status



Facility code

Additional attributes are imported from the AD by mapping them to Security Center custom fields. The Active Directory role keeps all imported fields synchronized with the AD. See "Map custom fields to synchronize with the AD" on page 148.

Import security groups from an Active Directory When you import an AD security group, you must import all members of that group. If you only want to import a subset of its members, for example, only Security Center users, then you need to define a new AD security group with only the members you wish to import. IMPORTANT

• If multiple AD’s are to be integrated into Security Center, they must all belong to different •

domains. If you have servers in your system that are still running an older version of Security Center, you should upgrade them to the current version before using them to host a new Active Directory role.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

143

Integrating with Windows Active Directory

To import security groups: 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, then click Add an entity (

) and select Active Directory.

3 In the Specific info page, do the following: a From the Server drop-down list, select the server where this role will be hosted. b In the Active Directory field, enter the hostname or the IP address of the AD server. NOTE If encrypted communication is used, the default port is 636. If you selected a different port, you need to append it to the AD server name, separated by a colon (‘:’),

c Specify how you want the role to connect to the AD server. With both choices, you must have read access to the selected AD service. 



Use the Windows credentials assigned to the Genetec Server service running on the server hosting the Active Directory role. Specify a different set of Windows credentials (username, password).

4 In the Basic information page, enter the name, description, and partition where the Active Directory role will be created. For more information, see "Common entity attributes" on page 38. 5 Click Next, Create, and Close. A new Active Directory role ( the AD server.

) is created. Wait a few seconds for the role to connect to

6 In the Properties tab, select the AD security groups to import. NOTE There are two types of groups in Windows Active Directory: distribution groups and

security groups. Security Center can only synchronize with security groups. a Click Add an item (

).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

144

Integrating with Windows Active Directory

b Select the security groups to add to your Active Directory role. Use one of these two methods: 

(Recommended) Type text in Find Active Directory groups, and click

.

If the text you entered matches a single group, it is automatically added to the Selected groups list. If the text you entered matches multiple group names, a second dialog box will appear listing all the group names that match the text you entered. Select the ones you want, and click OK to add them to the Selected groups list. 

Under the Selected groups list, click (

).

The Active Directory members dialog box appears. Select a security group, and click OK. Only security groups can be synchronized. If you selected an item that is not a security group, the OK button remains disabled. NOTE The names shown in that dialog box are display names. Security Center only synchronizes the account names because they are guaranteed to be unique. Typically, the display names and the account names are the same. The only way to tell them apart is that the display names contain spaces.

c Repeat the previous step as often as necessary until all security groups you wish to synchronize with the AD are listed in Selected groups, then click OK. The selected groups are listed under Synchronized groups in the Properties tab. For more information about the Properties tab, see Active Directory – "Properties" on page 517. 7 For each of the synchronized groups, specify how you want to import them.

You have the following options: 



As user group. Select this option to import the synchronized group as user group, and the group members as users. Create user on first logon. This is the default option, and it creates an empty user group. User entities will only be created when someone tries to log on with it. It avoids having to create all user entities at once, which can freeze up the system. If you clear this option, all user entities will be created at the same time as a user group.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

145

Integrating with Windows Active Directory





As cardholder group. Select this option to import the synchronized group as cardholder group, and the group members as cardholders. There is no delayed creation for cardholders. All synchronized cardholders are created at once. Import credentials. Select this option to import the credential information of the synchronized cardholders

8 If you are importing the AD security group as cardholder group, select which cardholder fields you want to synchronize with the AD. See "Select which cardholder fields to synchronize with the AD" on page 146. 9 (Optional) "Map custom fields to synchronize with the AD" on page 148. 10 Click Apply, and then click Synchronize now (

).

All synchronized groups and their members are imported as Security Center entities according to your specifications, with a yellow arrow ( ) superimposed on their icon. After you are done: Some additional configuration might be required, depending on what you synchronized with the AD:

• If you already had entities configured in your system, you might need to resolve some • • •

conflicts due to the import. See "Resolve conflicts due to imported entities" on page 149. (Optional) Configure the imported user groups with proper privileges and security options so when new user entities are created, they can automatically inherit those properties from their parent user group. For more information, see "Defining user groups" on page 96. (Optional) Configure the imported cardholders and cardholder groups. For more information, see "Configuring cardholders and cardholder groups" on page 283. (Optional) Create a scheduled task to synchronize imported entities with the AD on a regular basis. For more information, see "Create a scheduled task" on page 109. After you create a scheduled task, the warning message No scheduled task exists to synchronize this role disappears from the Properties tab.

Select which cardholder fields to synchronize with the AD Before synchronizing with the AD, you need to select which cardholder attributes you want to import from the AD by mapping them to Security Center fields in the Links tab of the Active Directory role. The mapping can be different for each Active Directory role in your system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

146

Integrating with Windows Active Directory

To map AD attributes to cardholder fields: 1 From the Links tab of the Active Directory role, click Add an item (

).

2 Select a Security Center cardholder field and an AD attribute, and then click OK. IMPORTANT The data type of the Security Center field must match that of the AD attribute: text with text, decimal with decimal, date with date, and so on. The Security Center image data type must be mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG image.

The new mapping appears in the Links tab. For more information about the Links tab, see "Links" on page 518. 3 Repeat the previous steps as needed. 4 If you are importing cardholder credential fields, do the following in the Links tab: 



From the Card format drop-down list, select the default card format to use for the imported cardholder credentials when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential card format to an AD attribute" on page 147. From the Badge template drop-down list, select a default badge template to use for the imported cardholder credentials.

5 Click Apply. The mapped cardholder fields are displayed in the Links tab. When you synchronize with the AD, most of them are read-only.

Mapping the credential card format to an AD attribute If you decide to map the credential Card format property to an AD attribute, that attribute must contain either a numeric value (for standard card formats) or the exact card format name (text).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

147

Integrating with Windows Active Directory

The following table shows you the numeric value and the text value corresponding to each of the standard card formats supported by Security Center, and their descriptions. Number

Format name (Text)

Facility code range

Card number range

0

Standard 26 bits

0 to 255

0 to 65 535

1

HID H10306 34 Bits

0 to 65 535

0 to 65 535 (also known as “Card ID Numbers”)

2

HID H10302 37 Bits

Not required

0 to 34 359 738 367

3

HID H10304 37 Bits

0 to 65 535

0 to 524 287

4

HID Corporate 1000

0 to 4095 (also known as “Company ID Code”

0 to 1 048 575 (also known as “Card ID Numbers”)

For custom card formats, you must use the exact spelling used to create the custom card format. For more information, see "Custom card format editor" on page 670.

Map custom fields to synchronize with the AD In addition to default attributes, you can import other attributes from the AD by mapping them to Security Center custom fields. The custom field mapping can be different for each Active Directory role in your system. Before you begin:

• The workstation where Config Tool is running must be on the same network domain as the • •

AD server. The custom fields that will receive data from the AD must be defined beforehand. For more information, see "Defining custom fields and data types" on page 136. No more than 32 custom fields can be mapped to the AD.

To map custom fields, do the following: 1 From the Links tab of the Active Directory role, click Add an item (

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

).

148

Integrating with Windows Active Directory

2 Select the custom field and the AD attribute, and then click OK. IMPORTANT The data type of the custom field must match that of the AD attribute: text with text, decimal with decimal, date with date, etc. The Security Center image data type must be mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG image.

The new mapping appears in the Links tab. For more information about the Links tab, see "Links" on page 518. 3 Repeat the previous steps as needed. 4 Click Apply. The mapped custom fields are displayed in the Links tab. When you synchronize with the AD, they are read-only.

Resolve conflicts due to imported entities Conflict resolution might be necessary if you have existing entities (users and/or cardholders) in your database prior to importing entities from the AD. When a synchronized entity has the same name as a local entity, the Active Directory role sees it as a potential conflict. You can use the Conflict resolution tool to merge local entities with synchronized ones, by copying the nonsynchronized fields from the local entity to the synchronized entity ( ). The relationships the local entity had with other entities in the system are also copied. When the merge is complete, the local entity is deleted, eliminating duplicate entities. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and select the Active Directory role ( 3 In the Contextual command bar, click Conflict resolution (

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

) from the entity browser. ).

149

Integrating with Windows Active Directory

The Active Directory conflict resolution dialog box appears. All synchronized entities are listed to the left. The ones that conflict with a local entity are flagged in green.

4 Select a conflicting entity from the Synchronized entities list. All local entities that can be merged with the imported entity are listed to the right. Do one of the following: 

Select No selection if you do not wish to merge it with a local entity.



Select the local entity to be merged with the imported entity.

5 Repeat the previous step for all synchronized entities flagged in green. 6 Click Finish to save the conflict resolution decisions to a file on disk. The default file name is Conflict_Manifest.data. Be sure to save the file to a location that can be accessed from your main server and all servers hosting the Access Manager role. 7 (Optional) If you have user conflicts to resolve, apply the conflict manifest to your Directory database. a Connect to the Server Admin of your main server with a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. b In the Directory tab, under the Database group, click Resolve conflicts (

).

c In the dialog box that appear, browse to the Conflict_Manifest.data file. d Click Resolve conflicts, then click Back up. The conflict resolution status is shown in a independent dialog box. 8 (Optional) If you have cardholder conflicts to resolve, apply the conflict manifest to your Directory database and your Access Manager database.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

150

Integrating with Windows Active Directory

a Select your Access Manager role from the Roles view of the System task. b Click the Resources tab, and click Resolve conflicts (

).

c In the dialog box that appears, browse to the Conflict_Manifest.data file. d Click Resolve conflicts, then click Back up. The conflict resolution status is shown in a independent dialog box. After conflict resolution, all synchronized entities that are merged with a local entity inherit their local properties, and all merged local entities are deleted.

Modifying imported users If you have users that are imported from an Active Directory, you can set the user’s status to inactive. The user becomes desynchronized from the AD until you activate the user again. 1 From the Home page in Config Tool, open the Security task. 2 Select an imported user (

), and click the Properties tab.

3 Set the User status option to Inactive.

• Click Apply. The user is no longer synchronized with the AD. It will only become synchronized again once you set the user’s status to Active.

Modifying imported cardholders If you have cardholders that are imported from an Active Directory, there are a few cardholder properties that you can modify in Security Center, such as the cardholder’s status or their picture. This section includes the following topics:

• "Assign pictures to imported cardholders" on page 151 • "Assign temporary cards to imported cardholders" on page 152 • "Modify the status of imported cardholders" on page 152 Assign pictures to imported cardholders You can assign a picture to the imported cardholder from Security Center, and then synchronize the picture with the Active Directory. 1 From the Cardholder management task, assign a picture to the cardholder. For more information, see “Assign a picture to the cardholder” in the Security Desk User Guide. 2 From the Home page, open the System task. 3 Select the Active Directory role, and then click the Links tab.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

151

Integrating with Windows Active Directory

4 Select the Upload pictures to Active Directory option. 5 Click Apply. 6 Click the Properties tab, and then click Synchronize now. NOTE If Security Center synchronizes with the AD based on a scheduled task, then the next

time the synchronization occurs, the new cardholder picture is synchronized with the AD.

Assign temporary cards to imported cardholders If an imported cardholder forgets or loses their card, you can assign them a temporary card in the Cardholder management task. When you assign them a temporary card, their credential becomes greyed out in Config Tool until the card is returned. For more information about assigning or returning temporary cards, see “Assign a temporary card to a cardholder” in the Security Desk User Guide.

Modify the status of imported cardholders You can modify the status and expiration date of an imported cardholder in Security Center. The cardholder becomes desynchronized from the AD. 1 From the Home page in Config Tool, open the Access control task. 2 Select an imported cardholder (

), and click the Properties tab.

3 In the Status section, move the slider from Keep synchronized to Override.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

152

Integrating with Windows Active Directory

4 Set the cardholder’s status and expiration date: 

Status. Set the cardholder status to Active or Inactive. If the cardholder status is inactive, then the credentials assigned to the cardholder do not work, and the cardholder does not have access to any area.



Activation. Displays the current date.

Expiration. Set the cardholder to expire Never, on a specific date, or after a specified number of days after the first use. Click Apply. 



The cardholder is no longer synchronized with the AD. It will only become synchronized again once you set the cardholder’s status to Keep synchronized.

Logging on with an Active Directory user This section includes the following topics:

• "Log on with Windows credentials" on page 153 • "Log on in an multiple AD integration scenario" on page 153 Log on with Windows credentials When you’re signed on to Windows using an account that happens to be synchronized with Security Center, you can log on to Security Center without having to retype your username and password.

• In the Security Center logon dialog box, select the option Use Windows credentials and click Log on.

Log on in an multiple AD integration scenario If multiple ADs are integrated into your system, you must to specify the Windows domain name with your username (for example genetec\dtsiang) when you log on to Security Center

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

153

Integrating with Windows Active Directory

using the basic authentication method. This is to let Security Center know which AD service to call for the validation of your credentials.

TIP If you are already signed on to Windows using the account that is synchronized to your Security Center user, then use the single logon option instead. For more information, see "Log on with Windows credentials" on page 153.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

154

Managing intrusion panels

Managing intrusion panels Intrusion panels (also known as alarm panels) can be integrated to Security Center for centralized monitoring, control, and reporting. This allows you to monitor the status of each zone in real time, generate detailed activity reports and arm/disarm zones (or partitions) defined on those intrusion panels through Security Desk. This section includes the following topics:

• • • • •

"How are intrusion detection panels represented in Security Center?" on page 155 "What does the Intrusion Manager role do?" on page 156 "Enroll an intrusion panel" on page 156 "Edit intrusion detection unit peripherals" on page 158 "Create an intrusion detection area" on page 159

How are intrusion detection panels represented in Security Center? Intrusion detection panels and other intrusion detection concepts are represented in Security Center by the following entity types:

• Intrusion detection unit. Represents an intrusion panel that is monitored and controlled by Security Center. Each intrusion panel can control multiple zones (or group of sensors). For more information, see "Intrusion detection unit" on page 423.

• Intrusion detection area. Corresponds to an area (also known as a partition or zone) configured on an intrusion panel. Intrusion detection areas are monitored in Security Desk. Users can perform the following actions on these areas: 



Master arm. Arming an intrusion detection area so that all sensors attributed to the area set off the alarm if triggered. Some manufacturers call this arming mode “Away arming”. Perimeter arm. Arming an intrusion detection area so that only sensors attributed to the perimeter of that area set off the alarm. Other sensors such as motion sensors inside that area will be ignored.

Disarm. Tells the intrusion panel to ignore all sensors attributed to this area. If an alarm is set off by this area, disarming it also turns the alarm off. For more information, see "Intrusion detection area" on page 421. 

For a list of intrusion detection panels supported in Security Center, see the Security Center Release Notes.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

155

Managing intrusion panels

What does the Intrusion Manager role do? The Intrusion Manager role is responsible for the integration of intrusion panels with Security Center. It listens to the events reported by the intrusion panels, provides live reports to Security Desk, and logs the events in a database for future reporting. The Intrusion Manager also relays user commands to intrusion panels such as arm/disarm intrusion detection areas, and triggering panel outputs through event-to-actions.

Creating an Intrusion Manager role The Intrusion Manager role is not created by default. For instructions on how to create a role, see "Create a role entity" on page 50. Best practice: It is recommended to run the intrusion panels and Intrusion Manager role on a secure network to prevent hackers from attempting to control the intrusion panels from outside by sniffing your network.

Limitations of the Intrusion Manager role For purposes of failover, the Intrusion Manager can be assigned to more than one server. However, if your intrusion panel is directly connected to your server via a serial port, failover is not supported. For more information, see"Configure failover for roles" on page 64.

Enroll an intrusion panel Before you begin: The Intrusion Manager role responsible for the intrusion panel must be created first. If the intrusion panel is going to be controlled via serial port, it should be connected to the server hosting the Intrusion Manager role. For additional information, see:

• "How Bosch intrusion panel integration works" on page 804 • "How Galaxy Dimension control panel integration works" on page 806 Enrolling an intrusion panel allows you to monitor and control its areas (or zones, or partitions) from Security Desk. 1 From the Home page in Config Tool, open the Intrusion detection task. 2 In the Contextual commands toolbar, click Add an entity (

) > Intrusion detection unit.

3 In the intrusion detection unit creation wizard, enter the Basic information for this unit, and click Next. 4 From the Intrusion Manager drop-down list, select the role that will be managing this unit. 5 From the Unit type drop-down list, select the unit manufacturer. 6 From the Interface type drop-down list, select IPv4 or Serial. 



If you selected IPv4, type the IP address and port numbers that are configured on the unit. If you selected Serial, type the COM port used to connect the unit to Security Center.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

156

Managing intrusion panels

NOTE The choice of interface type cannot be changed after the entity has been created. If you choose to use the serial interface, the Intrusion Manager will not support failover.

7 Click Next. 8 Click Create, and click Close. A new intrusion detection unit entity is created. For certain types of intrusion panels (such as Bosch), the Intrusion Manager automatically creates intrusion detection areas (also known as zones or partitions) configured on the panel for you. These entities appear in the Logical view. 9 Click the Properties tab, and configure the unit specific settings. For more information, see "Properties" on page 424. 10 Click the Peripherals tab, and assign logical names, IDs, and descriptions to the input and output devices controlled by the unit. This is also where you define whether the input is an interior or perimeter input and its normal contact state. For more information, see "Edit intrusion detection unit peripherals" on page 158. 11 Configure the intrusion detection areas controlled by this unit. a If the intrusion detection areas are automatically created by the Intrusion Manager, they are found under the root of the Logical view task. For more information, see "Intrusion detection area" on page 421. b If the Intrusion Manager did not create the intrusion detection areas automatically, you’ll need to create them manually. For more information, see "Create an intrusion detection area" on page 159.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

157

Managing intrusion panels

Edit intrusion detection unit peripherals You can assign a meaningful name, a logical ID, and a description to each device connected to the intrusion detection unit, so you can easily identify those devices in Security Center. Depending on the configuration of your physical intrusion unit, you might also need to define the inputs as Perimeter or Interior, as well as the normal contact state (open or closed). WARNING The configuration of Interior versus Perimeter inputs must be set if the physical intrusion panel itself has been configured to differentiate between interior and perimeter inputs. NOTE The physical name of the device can only be changed on the panel itself.

1 In the Peripherals tab of an intrusion detection unit entity, select a device in the list. 2 Click

.

3 In the dialog box that appears, enter the Name, Logical ID, and Description for that device. 4 Set the Input type to either Perimeter or Interior (if the physical intrusion unit is configured as such) 5 Set the Contact type as either Normally open or Normally closed. 6 Click OK

7 Repeat Step 1 to Step 3 as necessary. 8 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

158

Managing intrusion panels

Create an intrusion detection area Before you begin: Intrusion detection unit must be enrolled before you can create areas. If the intrusion detection areas weren’t automatically created after the intrusion detection unit was enrolled, you’ll have to create the areas manually. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity detection area.

> Show all > Intrusion

3 In the intrusion detection area creation wizard, enter the Basic information for this area, and click Next. 4 From the Intrusion detection unit drop-down list, select the unit on which this area is defined. 5 Under Intrusion detection area unique ID, enter the ID or name of the area as it is configured on the intrusion panel. 6 Click Next, Create, then Close. A new intrusion detection area entity is created. For more information, see "Intrusion detection area" on page 421.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

159

Managing zones

Managing zones The concept of a zone is borrowed from the world of alarm panels, in which electric inputs are associated with zones to trigger specific alarms. This section includes the following topics:

• • • • •

"What is IO linking?" on page 160 "What is a zone?" on page 160 "About zone management roles" on page 161 "Creating zones" on page 161 "Which type of zone works best for me?" on page 163

What is IO linking? IO linking is the control of specific output relays based on the combined result of a specific set of electric inputs. Each input can be connected to a specific monitoring device, such as a motion sensor, a smoke detector, a door or window contact, and so on. EXAMPLE A standard application is the linking of a glass break sensor on a window connected

to an input pin on a unit that sounds a buzzer (via an output relay) when that window is shattered.

What is a zone? The concept of IO linking is represented by the zone entity in Security Center. Since everything is controlled by software, a zone entity can do a lot more than just IO linking. The idea of using inputs to trigger output relays is expanded to trigger events. Using the eventto-action mechanism, these events can in turn be used to trigger alarms, send emails, start camera recording, and so on. Therefore, in Security Center, a zone is used to monitor a set of inputs in order to trigger events based on their combined states. These events can be used to trigger output relays or trigger other actions on the system. TIP You can define custom events to correspond to each of the special input combinations. For more information, see "What is a custom event?" on page 106.

When do I arm and disarm a zone? The event triggers associated with a zone can be activated all at once by arming the zone, or deactivated all at once, by disarming it. A zone can be armed by software (using an action command or according to a schedule), or via hardware (for units that support this feature).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

160

Managing zones

What is a hardware zone? A hardware zone is a subtype of the zone entity where the IO linking is done by hardware. This entity type called simply zone in Synergis 2.x and in Security Center 3 and 4. A hardware zone is controlled by a single access control unit. Hardware zones cannot be armed or disarmed from Security Desk or via software commands. However, once an access control unit has been configured via Security Center, it can make decisions on its own without being connected to or controlled by Security Center.

What is a virtual zone? A virtual zone is a subtype of the zone entity where the IO linking is done by software. The input and output devices are linked by software, and can belong to different units of different types, such as video units and intrusion detection units. A virtual zone is controlled by the Zone Manager role and can only work online. This means that the units whose inputs and outputs are linked via the zone must be in constant communication with Security Center for the zone to work. Because virtual zones are solely controlled by software, you can use Security Desk to arm/ disarm a virtual zone, and use the Arm zone and Disarm zone actions in those contexts where those actions are permitted in Security Center.

About zone management roles Zones are managed by two different types of roles in Security Center. Before creating a zone, you must first ensure that the appropriate role is created and configured.

• Hardware zones are managed by the Access Manager role. The Access Manager is created by default when Synergis is enabled in your software license. For more information, see "Configuring the Access Manager role" on page 260.

• Virtual zones are managed by the Zone Manager role. The Zone Manager is not created by default. For instructions on how to create a role, see "Create a role entity" on page 50. For information on its specific settings, see "Zone Manager" on page 608.

Creating zones The creation procedures for a hardware zone and a virtual zone are different. Once the zone has been created, you cannot change its type.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

161

Managing zones

Create a hardware zone Before you begin: The access control unit used to control the zone must be added to your system and managed by an Access Manager role. A hardware zone allows you to program the IO linking behavior on an access control unit so it can operate on its own even when the unit is not connected to the Access Manager. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity

, and click Zone.

3 In the zone creation wizard, enter the Basic information for this zone, and click Next. 4 In the Zone information page, click Zone. 5 From the dialog box, select the access control unit for this zone and click OK. 6 Click Create, and click Close. A new hardware zone entity is created. 7 Click the Properties tab, and configure how inputs are to be evaluated. For more information, see "Properties" on page 503. 8 Click the Arming tab, and configure how this zone should be armed. For more information, see "Arming" on page 504. 9 Click the Cameras tab, and configure any zone monitoring camera. For more information, see "Cameras" on page 334. After you are done: Try out your zone and verify the generated events with the Zone activities report. For more information about the Zone activities report, see the Security Desk User Guide.

Create a virtual zone Before you begin: The Zone Manager role responsible for the zone must be created. A virtual zone allows you to turn monitoring on/off the various input devices (sensors, switches, and so on) on your system via Security Desk and to use them to trigger events. 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity

, and click Zone.

3 In the zone creation wizard, enter the Basic information for this zone and click Next. 4 In the Zone information page, click Virtual zone. If you have multiple Zone Manager roles, you are prompted to select one. 5 Click Create, and click Close. A new virtual zone entity is created. 6 Click the Properties tab, and configure how inputs are to be evaluated. For more information, see"Properties" on page 507. 7 Click the Arming tab, and configure its arming schedule and delays.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

162

Managing zones

For more information, see "Arming" on page 508. 8 Click the Cameras tab and configure any zone monitoring camera. For more information, see "Cameras" on page 334. After you are done: Arm your zone in Security Desk and test your configuration. For more information, see zone-related tasks in Genetec Security Desk User Guide.

Which type of zone works best for me? Hardware zones are recommended when quick response and offline operations are crucial for your security system. In all other situations, virtual zones offer the same functionality but with greater flexibility. The table below will help you make you decide. Table 6-1: Differences between hardware and virtual zones Characteristics

Hardware zone

Virtual zone

Role

Access Manager

Zone Manager

IO linking (inputs)

All inputs must be from the same access control unit

Can combine inputs from any unit of any type

IO linking (outputs)

All outputs must be from the same unit as the inputs

Can trigger outputs on any unit of any type

Operation mode

Offline and mixed mode

Online mode only

Arm/disarm via Security Desk

No

Yes

Arm/disarm via actions

No

Yes

Arm/disarm via key switch

Yes (the key switch must be wired to an input pin on the same access control unit)

No

Arm/disarm on schedule

Yes (only one schedule at a time, and cannot be combined with the key switch approach)

Yes (multiple schedules can be specified)

Trigger other actions

Yes (only in mixed mode)

Yes

Zone activity report

Yes

Yes

Recommended when

The unit is sometimes dis connected from the system

Zone arming/disarming needs to be controlled via software

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

163

Supporting cross-platform development

Supporting cross-platform development Security Center supports cross-platform development. This section includes the following topics:

• "What does the Web-based SDK role do?" on page 164 • "Using the Web-based SDK" on page 164

What does the Web-based SDK role do? The Web-based SDK role exposes the Security Center SDK methods and objects as Web services so developers on platforms other than Windows (for example Linux) can write custom programs to interact with Security Center. For more information, see "Web-based SDK" on page 605.

Using the Web-based SDK Genetec Professional Services can help you develop the custom solution you need. To find out more, contact your sales representative, or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

164

Creating tile plugins

Creating tile plugins You can create a tile plugin that links to a Web site or a map file (a compiled .dll file), that you can view and interact with in Security Desk. This section includes the following topics:

• "Create a tile plugin that links to a Web site" on page 165 • "Create a tile plugin that links to a map file" on page 165

Create a tile plugin that links to a Web site You can create a tile plugin that links to a Web site that contains a map, which you can interact with when the tile plugin is displayed in Security Desk. For more information about tile plugins, see "Tile plugin" on page 480. 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (

) > Tile plugin.

3 In the Creating a tile plugin wizard, enter the entity name and description. 4 If there are partitions in your system, select the partition the tile plugin is a member of, and click Next. For more information, see "Partition" on page 447. 5 In the Tile plugin information page, select Web site. 6 Click Next > Close. The tile plugin appears in the Logical view with a Web site icon (

).

7 Select the tile plugin, and click the Properties tab. 8 In the Web page option, type a Web address. TIP Select a URL that can be reached from all Security Desk workstations.

9 Click Apply.

Create a tile plugin that links to a map file You can create a tile plugin that links to a .dll or .xaml file that contains a map, which you can interact with when the tile plugin is displayed in Security Desk. Before you begin: The map file must be created and located on your local computer. For more information about how to map files are created, see "Tile plugin" on page 480. 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (

) > Tile plugin.

3 In the Creating a tile plugin wizard, enter the entity name and description.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

165

Creating tile plugins

4 If there are partitions in your system, select the partition the tile plugin is a member of, and click Next. For more information, see "Partition" on page 447. 5 In the Tile plugin information page, select Tile plugin. 6 In Windows, select the .dll file that the tile plugin will link to, and click Open. 7 Click Next > Close. The tile plugin appears in the Logical view with the default tile plugin icon (

).

8 Select the tile plugin, and click the Properties tab. 9 To select another map file, click Modify, and select another .dll file. 10 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

166

7 Troubleshooting This part explains how to maintain and troubleshoot your Security Center system, such as verifying your system configurations, monitoring the health of your system, troubleshooting entity states, and so on. NOTE For specific tasks related to video or access control maintenance and troubleshooting, see Chapter 9, “Managing Omnicast” on page 223 and Chapter 11, “Managing Synergis” on page 295.

This section includes the following topics:

• • • • • • • • • •

"Viewing system messages" on page 168 "Viewing system health events" on page 170 "Monitoring the status of your system" on page 177 "System status task" on page 172 "Monitoring the status of your system" on page 177 "Troubleshooting entity states" on page 179 "Diagnosing entities" on page 180 "Finding out who made changes on the system" on page 181 "Investigating user related activity on the system" on page 182 "Viewing properties of units in your system" on page 184

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

167

Viewing system messages

Viewing system messages If you receive messages from the system, you can review them from the notification tray, and diagnose the trouble entities. You can receive three types of messages from the system:

• • •

Health issues Warnings Messages

NOTE System messages are not the same as health events related to entities. Health events can be health issues, but health issues are not necessarily health events. For more information about health events, see "Viewing system health events" on page 170.

For more information about diagnosing trouble entities, see "Diagnose role problems" on page 51. To view system messages: 1 In the notification tray, double-click the System messages (

) icon.

2 In the Health issues tab of the Notifications dialog box, do one of the following: 







From the Sort by drop-down list, select how to display the health issues. You can sort them alphabetically by health event type, event timestamp, machine (computer name), or source (entity name). Click an entity to open its configuration pages, to diagnose the entity. Click in a row to launch a Health history task (see "Viewing system health events" on page 170). Click Refresh to update the content displayed in the Health issues tab.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

168

Viewing system messages

3 In the Warnings ( 



) tab, do one of the following:

Click an entity to open its configuration pages in Config Tool. Click Details ( ) to open the diagnostic window, which provides additional details about the warning. From this window you can save the warning as a text file, or click Refresh to rerun the diagnostic tests.

4 In the Messages (

) tab, select a message, and do one of the following:



Click Copy to clipboard to copy the selected message to the clipboard.



Click clear to delete the selected messages.



Click Clear all to clear all messages.

5 Click

to close the Notification dialog box.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

169

Viewing system health events

Viewing system health events You can view system health events related to selected entities within a specified time range, using the Health history report. What you should know There are three severity levels of health events:

• • •

Health errors Warnings Information

Almost every entity in your system can generate health events. You can choose which health events to monitor by configuring the Health monitor role in Config Tool. For information, see "Configure health events to monitor" on page 79. NOTE Health events also appear in the notification tray as system messages ( in real time (see "Viewing system messages" on page 168).

) as they occur

To view system health events related to an entity: 1 From the Home page, open the Health history task. 2 Set up the query filters for your report (see "Query filters" on page 712). 3 To include current health events in the report, click the Show current health events heading. When the heading is enabled, it appears as On

.

4 Click Generate report. The health events of the selected entities are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. EXAMPLE If an entity is experiencing issues, you can search for past health events that have

occurred in relation to that entity. If you want to search if there were critical errors that happened in the system during the last week, you can filter you search only for errors, and set a time range.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

170

Viewing the health status and availability of entities

Viewing the health status and availability of entities You can monitor the overall health of your system, using the Health statistics report. What you should know By monitoring the health and availability of certain resources such as server roles, video units, door controllers, intrusion detection panels, and so on, you can identify instabilities, and even prevent critical system failures. One of the important fields in the Health statistics report is the Availability of a given entity. Availability is expressed as a percentage. To view the health status and availability of an entity: 1 From the Home page, open the Health statistics task. 2 Generate your report (see "Generate a report" on page 30). The health statistics for the selected entities are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. If health statistics could not be calculated for a given role or entity, the reason is shown in the Calculation status column of the report pane: 



One or more events used to calculate availability are currently disabled. The system administrator needs to select which health events to monitor in the Config Tool. For more information, see Health monitor - "Properties" on page 561. One or more servers from the system are offline. The server hosting the selected role is offline, therefore, the health statistics cannot be calculated for the role.

EXAMPLE A door controller called Gym was down four times over the last week, producing

90.72% availability. From the report results, you can see that this door controller is a potential concern, and have a maintenance crew come and look at the door.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

171

System status task

System status task Use the System status task to monitor the current status of different types of entities and investigate health issues they might have. The following figure shows the System status task. For information about monitoring the system status, see "Monitoring the status of your system" on page 177.

A B

C D

E A

Entity types you can monitor.

B

Type of issues that you can monitor.

C

The entity statuses are listed in the report pane.

D

Print the report, export the report, or select which columns to display. For more information, see "Working with reports" on page 29, and "Report pane columns" on page 723.

E

Entity-specific commands.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

172

System status task

System status task columns In the System status task, you can monitor the current status of different types of entities and investigate the health issues that they might have. The following table lists the columns that are displayed for each entity type in the Monitor dropdown list. Entity

Columns

Description

Access control units

Entity

Unit name

Health

Online, Offline, or Warning

IP address

IP address of the unit

Sync

Synchronization status

AC fail

Yes () or No (blank)

Battery fail

Yes () or No (blank)

Firmware

Firmware version of the unit

Tampered

Indicates whether the unit has been tampered with Yes () or No (blank)

Entity

Analog monitor name

Logical path

List of all parent areas, starting from the system entity. If the analog monitor has multiple parent areas, “*\” is shown as the path.

Health

Online, Offline, or Warning

Connected entity

Name of the cameras currently displayed in the analog monitor

Entity

Type of application (Config Tool or Security Desk)

Source

Machine it is running on

Username

Name of the user who is connected

Version

Software version of the client application

Analog monitors

Applications

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

173

System status task

Entity

Columns

Description

Areas

Entity

Area name

Logical path

List of all parent areas, starting from the system entity

Health

Online, Offline, or Warning

Threat level

Indicates if a threat level is currently activated on the selected area, along with the threat level name. If no threat level is set, the column is blank.

Security clearance

(Only visible to administrative users) Indicates the minimum security clearance level required from cardholders to access this area, on top of the restrictions imposed by the access rules

People count

Working () or Not working (blank)

Antipassback

Hard, Soft, or None (no antipassback)

Interlock

Working () or Not working (blank)

Priority

Interlock input priority: Lockdown or Override

Tampered

Indicates whether a unit in the area has been tampered with. Yes () or No (blank)

Entity

Camera name

Logical path

List of all parent areas, starting from the system entity. If a camera has multiple parent areas, “*\” is shown as the path.

Health

Online, Offline, or Warning

Recording

Recording state

Analog signal

Lost, Available, or Unknown (IP cameras)

Blocked

Indicates if the camera is currently blocked from some users. Blocked (), or not blocked (blank)

Entity

Door name

Logical path

List of all parent areas, starting from the system entity

Health

Online, Offline, or Warning

Open

Open (

Lock

Locked (

Cameras

Doors

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

) or closed (

)

) or unlocked (

)

174

System status task

Entity

Columns

Description

Elevators

Entity

Elevator name

Logical path

List of all parent areas, starting from the system entity

Health

Online, Offline, or Warning

Entity type

Icon representing the entity type

Entity

Entity name

Source

For a local entity, shows the server it is running on. For a federated entity, shows the federation role name

Logical path

List of all parent areas, starting from the system entity

Health

Online, Offline, or Warning

Entity

Intrusion detection area name

Logical path

List of all parent areas, starting from the system entity

Health

Online, Offline, or Warning

Arming state

Master arm, Perimeter arm, Ready to arm, Arming, Disarmed, Disarmed (input trouble), or Armed (Alarm active)

Bypass

Active/inactive (represented by an icon)

Alarm active

Active/inactive (represented by an icon)

Entity

Intrusion detection unit name

Health

Online, Offline, or Warning

AC fail

Yes () or No (blank)

Battery fail

Yes () or No (blank)

Tamper

Yes () or No (blank)

Entity

Macro name

Start time

Time the macro was started

Instigator

Name of the user who started the macro

Health issues

Intrusion detection areas

Intrusion detection units

Macros

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

175

System status task

Entity

Columns

Description

Roles

Entity

Role name

Health

Online, Offline, or Warning

Current server

Name of server currently hosting the role

Servers

List of servers assigned to host this role

Version

Software version of role

Status

Activated (

Route

Route name, showing the two networks it joins

Current configuration

Unicast TCP, Unicast UDP, or Multicast

Detected capabilities

Unicast TCP, Unicast UDP, or Multicast

Status

OK, or warning message stating the reason of the problem

Entity

Server name

Health

Online, Offline, or Warning

Roles

Roles assigned to this server

Entity

Zone name

Logical path

List of all parent areas, starting from the system entity

Health

Online, Offline, or Warning

State

Normal, Active, or Trouble

Armed

Indicates if the zone is armed or not

Routes

Servers

Zones

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

) or Deactivated (

)

176

Monitoring the status of your system

Monitoring the status of your system You can monitor the current status of different types of entities, and investigate health issues they might have, using the System status report. To monitor the status of your system: 1 From the Home page, open the System status task. 2 From the Monitor drop-down list, select one of the following: 

Access control units



Analog monitors



Applications (only administrators)



Areas



Cameras



Cash registers



Doors



Elevators



Health issues



Intrusion detection area



Intrusion detection units (only administrators)



Macros (only administrators)



Roles (only administrators)



Routes (only administrators)



Servers (only administrators)



Zones

3 If required, select an area in the Selector. 4 To search for entities within nested areas, select the Search member entities option. The related entities, roles, applications, and items are listed in the report pane. For information about the status columns that are available for each entity, see "System status task" on page 172. 5 (Optional) Do one of the following: 



To launch a Health history report, click health events" on page 170. To diagnose the selected entity, click on page 180.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

. For more information, see "Viewing system . For more information, see "Diagnosing entities"

177

Monitoring the status of your system



To print the report, click



To save the report, click

. .

EXAMPLE If you have a camera that is not working, you can select the camera entity to

investigate why it is offline. If an entity has a health issue, you can launch the Health history task and generate a report to investigate further, or diagnose the entity from the System status task.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

178

Troubleshooting entity states

Troubleshooting entity states Entity icons and labels can appear in several different colors in the Logical view: Color

Entity state

White

The entity is online, and the server can connect to it.

Red

The entity is offline, and the server cannot connect to it.

Yellow

The entity is in the warning state. The server can connect, there are problems.

Entity warnings usually appear because of invalid configurations.When it comes to cameras, there are two specific conditions that can cause the camera to fall into a yellow warning state:

• Multiple recording schedules (that are in conflict) have been applied to the same camera. • A transmission lost event has occurred. This means that the Archiver is still connected to the camera, but it has not received any video packets for more than 5 seconds. To fix these issues, try the following:

• Change the conflicting schedules, see "Resolving schedule conflicts" on page 105. • Diagnose the Archiver role (see "Diagnosing entities" on page 180).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

179

Diagnosing entities

Diagnosing entities You can diagnose entities, roles, and applications using the diagnostic tool. What you should know An entity or role that is not properly configured is displayed in yellow. An entity that is offline is displayed in red. The diagnostic tool can help you troubleshoot your problem. For more information about troubleshooting entity states, see "Troubleshooting entity states" on page 179. To diagnose an entity: 1 From the Home page, open the System status task. 2 From the Monitor drop-down list, select the entity type you want to diagnose. 3 If required, select an area in the Selector. 4 To include entities within nested areas, select the Search member entities option. The related entities are listed in the report pane. 5 Select a trouble entity, and click Diagnose (

).

A troubleshooting window opens, showing the results from the diagnostic test performed on the selected entity. 6 To rerun the test, click Refresh. 7 To save the results of the test, click Save. 8 Click Close.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

180

Finding out who made changes on the system

Finding out who made changes on the system You can find out who made configuration changes on the system, and for which entities, using the Audit trails report. To find out who made configuration changes on the system: 1 From the Home page, open the Audit trails task. 2 Generate your report (see "Generate a report" on page 30). The description of the changes to the selected entities, and who made those modifications, are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. EXAMPLE If you see that the properties of an entity have changed, and you must find out who

made those changes, you can select that entity. If you requested an update for an entity (for example, the privileges for a user), you can check to see if you the changes have been made from Config Tool.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

181

Investigating user related activity on the system

Investigating user related activity on the system You can view all user activity related to video, access control, and LPR, using the Activity trails report. To investigate user related activity on the system: 1 From the Home page, open the Activity trails task. 2 In the Query tab, select the activities you want to investigate. The activities you can investigate are: 



Analog monitor connection/disconnection. Who connected to or disconnected from an analog monitor. Application update. Who updated a client application, such as Patroller, Web Client, Security Desk, and so on, or a Sharp unit.



Badge printing. Who printed a credential badge.



Connect to remote Security Desk. Who connected to a remote Security Desk workstation.



Credential request. Who requested a credential badge to be printed, and why.





Credential request cancelled/completed. Who completed or cancelled a credential badge print request. Disconnect from remote Security Desk. Who connected to a remote Security Desk workstation.



Enable/disable visual tracking. Who enabled or disabled visual tracking in a tile.



Export/generate report. Who exported/generated which reports.



Hotlist editor. Who loaded a hotlist or permit list, or added, deleted, or edited entries within the list.



Hotlist filtering. The LPR Manager role which has hotlist filtering enabled.



Live streaming started/stopped. Which camera was displayed.



Playback. Which recording was played.



Playback bookmark deleted/modified. Who deleted/modified which bookmarks.



Print hit report - photo evidence. Who printed evidence.



Print report. Who printed a report.



PTZ command. What did the user do with the PTZ.



Snapshot printed/saved. Who printed or saved a snapshot.



Threat level set/reset. Who activated/deactivated a threat level, and on which area or system.



User logon/logoff. Who logged on or off of which Security Center client application.



Video export. What did the user export and where did they save it.



Video unit identified/rebooted. Who tried to identified/rebooted a unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

182

Investigating user related activity on the system

3 Set up the other query filters for the report (see "Query filters" on page 712). 4 Click Generate report. The activity results are listed in the report pane. EXAMPLE You can find out who played back which video recordings, who blocked a camera,

who activated a threat level, who requested a credential badge to be printed, who used the Hotlist and permit editor task, or who enabled hotlist filtering.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

183

Viewing properties of units in your system

Viewing properties of units in your system You can view the properties of video, access control, intrusion detection, and LPR units in your system, using the Hardware inventory report. What you should know At a glance, you have a list of all the units that are part of your system, and can see their information, such as their unit type, manufacturer, model, IP address, and so on. For example, this is helpful to see what firmware version a unit has, and determine if it needs to be upgraded. To view the properties of units in your system: 1 From the Home page, open the Hardware inventory task. 2 Generate your report (see "Generate a report" on page 30). The unit properties are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

184

Part III Omnicast IP video surveillance Learn how to set up, configure, and manage your Omnicast system in Security Center. This part includes the following chapters: •

Chapter 8, “Deploying Omnicast” on page 186



Chapter 9, “Managing Omnicast” on page 223

8 Deploying Omnicast This section explains how to set up your video surveillance system for the first time. This section includes the following topics:

• • • • • • • •

"What is Omnicast?" on page 187 "What are the Omnicast entities?" on page 188 "Omnicast deployment process" on page 190 "Configuring the Archiver role" on page 193 "Configuring the Media Router role" on page 202 "Configuring the Auxiliary Archiver role" on page 204 "Configuring cameras" on page 209 "Configuring analog monitors" on page 220

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

186

What is Omnicast?

What is Omnicast? Omnicast™ is the IP video surveillance component of Security Center. Omnicast provides seamless management of digital video, audio, and metadata across IP networks. Omnicast main features are as follows:

• • • • • • • • • • •

View live and playback video from all cameras View up to 64 video streams side-by-side on a single workstation View all cameras on independent timelines or on synchronized timelines Full PTZ control, using a PC or CCTV keyboard, or on screen using the mouse Digital zoom on all cameras Motion detection on all cameras Visual tracking: follow individuals or moving objects across different cameras Search video by bookmark, motion, or date and time Export video in proprietary G64 format or public ASF format Protect video against accidental deletion Protect video against tampering by using watermarks

Omnicast also provides video support for events tracked by other systems unified under Security Center.

• • • •

Enhance all event reporting with playback video Enhance alarm monitoring (core feature) with live video Enhance intrusion detection (core feature) with live video Enhance access control system (Synergis) with live video 

Video verification: compare cardholder picture with live video

Consolidate all access events with video Enhance LPR system with live video 



gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

187

What are the Omnicast entities?

What are the Omnicast entities? The Omnicast video surveillance system uses the following entity types. Icon

Entity

Description

Archiver (role)

Role that controls the video units and manages the video archive. See "Archiver" on page 521.

Auxiliary Archiver (role)

Role that supplements the video archive produced by the Archiver. It is capable of archiving any camera on the system. See "Auxiliary Archiver" on page 543.

Media Router (role)

Role that takes care of the routing of all audio and video streams on the network. See "Media Router" on page 585.

Network

Network (with specific streaming capabilities) that the Media Router takes into account while making routing decisions. See "Network" on page 434.

Server

Server on your network. Used to host the roles needed on your system. See "Server" on page 471.

Area

Logical grouping of cameras and camera sequences. See "Area" on page 360.

Analog monitor

Represent a physical analog monitor connected to a video decoder. See "Analog monitor" on page 357.

Camera

A single video source on the system. Might support audio. See "Camera (video encoder)" on page 368.

Camera (PTZ enabled)

PTZ camera or dome camera. See "Camera (video encoder)" on page 368.

Camera sequence

A pre-arranged order for the display of video sequences in a rotating fashion within a single tile in Security Desk. See "Camera sequence" on page 393.

Monitor group

Group of analog monitors sharing common characteristics. See "Monitor group" on page 432.

Schedule

Date and time range. Might support daytime and nighttime. See "Schedule" on page 463.

Video unit

IP unit incorporating one or more video encoders. See "Video unit" on page 494.

Partition

Group of entities on the system visible only to a group of users. See "Partition" on page 447.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

188

What are the Omnicast entities?

Icon

Entity

Description

User

Individual who uses Security Center applications. See "User" on page 482.

User group

Group of users sharing common characteristics. See "User group" on page 489.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

189

Omnicast deployment process

Omnicast deployment process This section includes the following topics:

• "Omnicast deployment prerequisites" on page 190 • "Omnicast deployment procedure" on page 191

Omnicast deployment prerequisites Before you deploy Omnicast, you must have the following ready:

 A network diagram showing all public and private networks used within your organization, their IP address range, their video transmission capabilities (Multicast, Unicast UDP, and Unicast TCP). For public networks, you also need the name and public IP address of their proxy servers. TIP Ask your IT department for this information.

 All ports used by Security Center for communication and video streaming must be open and redirected for firewall and NAT purposes. For more information, see "Default Security Center ports" on page 776.

 All video equipment (video units, fixed and PTZ cameras) must be installed and connected on your company’s IP network, with the following information: 

Manufacturer, model, and IP address of each video unit



Login credentials (username and password) if applicable



Communication protocol used (HTTP or HTTPS)

TIP A site map (floor plans) showing where the cameras are located would be helpful.

 If you have cameras connected to a conventional CCTV matrix (hardware matrix in Omnicast), you need the following: 

An Omnicast 4.x system to manage the video encoders connected to the CCTV matrix outputs. For information on how to integrate hardware matrices with Omnicast, see “Hardware Matrix” in the Omnicast Administrator Guide.

To federate Omnicast 4.x system in Security Center. For more information, see "Federating Omnicast systems" on page 131. Security Center software components installed: 





Security Center Server software installed on your main server. The main server is the computer hosting the Directory role.



Optionally, Security Center Server software installed on expansion servers. An expansion server is any other server on the system that does not host the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

190

Omnicast deployment process



Security Center Client software installed on at least one workstation.

For software installation, see Security Center Installation and Upgrade Guide.

 (Optional) A list of user groups operating independently of each other. Identify user groups that will work independently on different parts of the system.

 A list of all known users with their names and responsibilities. To save configuration time, identify users who have the same roles and responsibilities.

Omnicast deployment procedure The table below summarizes a typical Omnicast deployment. Phase

Description

See

1

Read the things you need to know and do before deploying your Omnicast system.

"Omnicast deployment prerequisites" on page 190.

2

Use the Admin account on Config Tool to connect to your system.

"Connecting to Security Center" on page 9.

3

Change the Admin account’s password to protect your system.

"Change your password" on page 10.

4

Create a partition for each independent user group. By first defining the partitions, you won’t have to move entities around after you’ve created them.

"Defining partitions" on page 90.

5

Configure the Logical view (the tree structure). The Logical view lets you organize the entities from an end-user’s perspective.

"Managing the Logical view" on page 85.

6

Set up the default Archiver role.

"Configuring the Archiver role" on page 193.

7

(Optional) Configure your networking environment.

"Managing the Network view" on page 82.

8

(Optional) Set up additional Archiver roles if necessary.

"Configuring the Archiver role" on page 193.

9

(Optional) Configure the Media Router role.

"Configuring the Media Router role" on page 202.

10

(Optional) Configure Auxiliary Archiver roles.

"Configuring the Auxiliary Archiver role" on page 204.

11

(Optional) Define custom fields for your system entities as needed.

"Custom fields" on page 619.

12

Create the users and user groups.

"Defining user groups" on page 96 and "Defining users" on page 93.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

191

Omnicast deployment process

Phase

Description

See

13

(Optional) Federate remote Omnicast systems if necessary.

"Federating remote systems" on page 128.

14

(Optional) Configure the alarms.

"Managing alarms" on page 111.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

192

Configuring the Archiver role

Configuring the Archiver role This section includes the following topics:

• • • •

"What is the Archiver?" on page 193 "Configure the Archiver" on page 193 "Adding video units to your system" on page 194 "Configuring video units for trickling" on page 197

What is the Archiver? The Archiver role is responsible for the discovery, control, and status polling of video units. All communications between the system and video units are established through this role. All events generated by the units (motion, video analytics) are forwarded by the Archiver to the concerned parties on the system. The Archiver also manages the video archive and performs motion detection on video units that do not support this feature.

Configure the Archiver When Omnicast is enabled in your license, an Archiver role is created by default and assigned to the main server. You must complete its configuration before it can be fully operational. 1 From the Home page in Config Tool, open the Video task. 2 Select the Archiver role entity to configure. 3 Click the Resources tab, and configure the server, database, and disk storage required to run this Archiver. For more information, see Archiver – "Resources" on page 533. 4 Click the Camera recording tab, and configure the default recording settings for all cameras controlled by this Archiver. For more information, see Archiver – "Camera recording" on page 522. TIP If you are using multiple disk groups, you might want to temporarily set the recording mode to off, then re-enable it at the end of the process to avoid creating the video files on the wrong disk group. For more information, see "Archive storage settings" on page 536.

5 Add the video units that you want this Archiver to control. For more information, see "Adding video units to your system" on page 194. 6 Click the Extensions tab, and complete the configuration of the extensions created in the previous step if necessary. For more information, see Archiver – "Extensions" on page 528. 7 If you are using multiple disk groups for archiving, see "Optimizing access to your storage devices" on page 226. 8 Configure the cameras associated with the video units you just added. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

193

Configuring the Archiver role

For more information, see "Configuring cameras" on page 209. 9 If recording is performed on the edge units, see "Configuring video units for trickling" on page 197. After you are done: If you have a large system, you can distribute the load by adding more Archiver roles and hosting them on separate on separate servers. To add more Archivers, see "Create a role entity" on page 50.

Adding video units to your system This section includes the following topics:

• "Add video units manually" on page 194 • "What is automatic discovery?" on page 196 • "Add video units using the Unit discovery tool" on page 196 Add video units manually Before you begin: You must know the manufacturer, the product type (model or series), the IP address, and the login credentials (username and password) for the units you plan to add. 1 From the Home page in Config Tool, open the Video task. 2 Click the Role view, and select the Archiver role.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

194

Configuring the Archiver role

3 In the Contextual commands toolbar, click Add an entity(

) > video unit.

The Manual add dialog box appears (the following screenshot is just a sample).

4 If you have multiple Archiver roles, select the Archiver role from the Archiver drop-down list. 5 Select the unit’s manufacturer and product type. 6 Enter the IP address and HTTP port of the unit. Use a range of IP addresses to add multiple units in a single operation. TIP If you do not know your unit’s IP address, use the Unit discovery tool instead. For more

information, see "Add video units using the Unit discovery tool" on page 196. 7 Select which credentials the Archiver should use to connect to the unit. 



Default login . Use the default login credentials defined in the manufacturer’s extension for this Archiver. If the extension has not yet been defined, blank credentials are used. Specific. Enter the specific login credentials used by this unit. This can be changed to Use default login later during video unit configuration.

8 Complete all other settings as-necessary, and click Add. If the manufacturer’s extension does not exist, it will be created for you. For more information, see Archiver – "Extensions" on page 528.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

195

Configuring the Archiver role

NOTE If the manufacturer supports automatic discovery, all other units present on your system that share the same discovery port will automatically be added to the same Archiver in addition to those being added manually. For more information, see "What is automatic discovery?" on page 196.

9 Refresh the Role view. The newly added video units appear under the selected Archiver entity. 10 (Optional) Select the video units, and change their default settings if necessary. For more information, see Entity configuration – "Video unit" on page 494. If you are having trouble adding the video unit, see "Troubleshooting video units that cannot be added" on page 244.

What is automatic discovery? Automatic discovery is the process by which video units on a network are automatically discovered by an Archiver role. This is done by broadcasting a discovery request on the discovery port and waiting for all listening units to respond with a package that contains connection information about the unit. The Archiver uses this information to automatically configure the connection to the unit and enable communication. NOTE Only a few unit manufacturers, such as ACTi, Bosch, and Verint, support this feature.

Add video units using the Unit discovery tool The Unit discovery tool helps you find video units on your network when you do not know their IP addresses. For a complete description of this tool, see "Unit discovery tool" on page 653. To perform a unit search with the Unit discovery tool: 1 From the Home page, click Tools > Unit discovery tool. 2 Click the Manufacturers button. The Configure manufacturer’s extensions dialog box appears. 3 In the Video tab, click Add an item (

).

4 In the Add manufacturers dialog box, select the manufacturers you need, and click Add. The Add manufacturers dialog box closes. 5 One by one, configure the discovery settings for each of the manufacturers found in the left pane (be as specific as you can), then click Save. The Configure manufacturer’s extensions dialog box closes.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

196

Configuring the Archiver role

6 Click Start discovery. The tool starts to list all units discovered on your network, using the discovery parameters you set for each manufacturer. You can stop the discovery process at any time.

NOTE If the discovery is based on the Axis extension, units from other manufacturers might

also be discovered because UPnP and Zero config are also used as well in the discovery process. 7 Select a unit in the list to display its information in the right-hand pane. 



If you provided the correct login credentials, you will be able to add the unit to your system by clicking the Add unit ( ) button found below the unit information. If the login credentials are incorrect, you can still try to add the unit using the Manual add dialog box and providing the correct credentials: 

Click Manual add (

), and select Video unit.

Configuring video units for trickling This section includes the following topics:

• • • • •

"What is trickling?" on page 198 "Trickling limitations" on page 198 "Enable edge recording on a camera" on page 198 "Configure cameras for trickling" on page 200 "Start and stop trickling manually" on page 201

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

197

Configuring the Archiver role

What is trickling? Trickling is the process of transferring data in small amounts. Applied to the video world, it refers to situations where the video is recorded on the unit itself (edge recording), and that the recordings are only transferred to the Archiver at a specific or pre-determined time. There are many scenarios where video trickling is used:

• Remote site connected to a central site with limited bandwidth. Typically, a server would be deployed at the remote site to host the recording. But with video trickling, it is possible to go server-less and download the video on demand.

• Systems with large camera deployments but limited network bandwidth. Recording is entirely done on the edge units. No video, or only low quality video is streamed live on the network. Security Center records specific events (analytics, motion, bookmarks, alarms). Video is downloaded to the Archiver only outside of peak hours, and for the periods corresponding to the recorded events.

• City wide surveillance using edge recording cameras. Cameras are always recording. Client can view live video when requested. Recordings are only downloaded on demand for investigation purposes, or outside of peak hours. A successful trickling setup must include the following:

• Cameras configured for edge recording. The recording can be continuous or triggered by specific events (inputs, motion, analytics, etc.).

• Security Center must be configured to download video from these cameras, either periodically, when a connection is established between the Archiver and the unit, or when a user explicitly requests it.

Trickling limitations The following limitations apply when using the trickling feature:

• It is not possible to trickle video sequences that occurred on a unit prior to the last video time frame stored on the Archiver for that unit. For example, If the last frame trickled for a unit is ‘9/30/2011 3:44:40', and you try to trickle video between 3:40:00 and 3:50:00, only video between 3:44:40 and 3:50:00 will be trickled and stored in the Archiver.

Enable edge recording on a camera Before you begin: Only cameras/video units capable of edge recording can be configured for trickling. However, not all units capable of edge recording are supported for trickling. To find out which edge devices are currently supported, contact Genetec Technical Assistance at http:// gtap.genetec.com. Edge recording can only be enabled from the unit’s Web page. 1 From the Home page in Config Tool, open the Video task. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

198

Configuring the Archiver role

2 From the entity browser, select the video unit you wish to configure. 3 Click Unit’s Web page (

) in the contextual command bar.

4 In the Web browser window that appears, follow the instructions from the unit’s manufacturer to enable recording on that unit. 5 Close the Web browser window when you’re done. NOTE Some unit manufacturers support edge recording on a separate device from the video units, such as an iSCSI drive managed by Bosch VRM (Video Recording Manager). In this case, the VRM settings must be configured in the Archiver’s extension for the manufacturer that supports it.

To configure a Bosch VRM: 1 From the Home page in Config Tool, open the Video task. 2 From the entity browser, select the Archiver that is managing the Bosch cameras. 3 Select the Extensions tab, and select the installed Bosch extension.

4 Under the VRM section, click Add an item (

).

For more information, see Archiver – Extensions – "Bosch VRM settings" on page 531. 5 In the dialog box that appears, enter the IP address of the VRM, and the logon credentials, then click Save.

6 Click the Playback mode drop-down list and select one of the following: 

iSCSI

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

199

Configuring the Archiver role



TCP redirection via VRM



UPD redirection via VRM

Select the data transport method according to the configuration of your Bosch VRM. 7 Click Apply.

Configure cameras for trickling Before you begin: All cameras selected for trickling must have edge recording enabled. See "Enable edge recording on a camera" on page 198. 1 From the Home page in Config Tool, open the Video task. 2 From the entity browser, select the Archiver that is managing the camera. 3 Select the Trickling tab. For more information, see "Trickling" on page 524. 4 Click Add an item (

), select the camera and click Add.

IMPORTANT Only cameras with edge recording capability are listed. Once a camera is

selected for trickling, recording on the Archiver is stopped. This however does not affect the recording on Auxiliary Archivers. 5 For each camera selected for trickling, select 



On connection. To configure the camera to start trickling upon connection to the network. This option is recommended for cameras connected to mobile units that regularly move in and out of Wi-Fi coverage. On schedule. To configure the camera to start trickling on schedule. This option is recommended for fixed cameras with poor network bandwidth. Trickling can then be scheduled for a time when the network demand is the lowest.

6 (Optional) If trickling on schedule is selected, define when it should happen. 7 Configure the type of video data you want to be trickled. NOTE If you do not set any filter, all available video stored on the unit will be trickled. 













Time interval. Select this filter to trickle video segments recorded during a specific period of time. You can specify a specific time range or a relative time range (last n days, hours, minutes). Playback requests. Select this filter to trickle video segments that were played back from the camera. Motions. Select this option to trickle video segments that span between a Motion on and Motion off event. This option applies to unit motion detection only. Bookmarks. Select this option to trickle video segments that contain bookmarks. Unit offline. Select this filter to trickle video segments that span between a Unit lost and a Unit discovered event. Video analytics. Select this filter to trickle video segments that contain video analytics events. Alarms. Select this filter to trickle video segments that contain alarm events.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

200

Configuring the Archiver role



Input triggers. Select this filter to trickle video segments that contain input events.

8 Configure the general trickling behavior. The behavior settings are: 





Time buffer when downloading events. The time buffers apply to event-based trickling. Specify how many seconds of video should be trickled before and after the event occurred. For example, if you selected the Motion filter, these settings indicate how many seconds are trickled before the Motion on event occurred, and how many seconds are trickled after the Motion off event. Delay after connection. Use this setting to specify how long (in seconds) the Archiver will wait to determine if a unit is truly online before trickling. For example, if your cameras are set to trickle on connection and you have an unstable network where your cameras frequently go on and offline, this setting is useful to prevent trickling from repeatedly starting and stopping. Simultaneous downloads. Use this setting to specify how many cameras can trickle at the same time. This setting is useful if you have a limited network and do not want too many downloads to occur simultaneously.

9 Click Apply.

Start and stop trickling manually Trickling can be started and stopped manually from the Trickling status dialog box. For more information, see "Trickling status" on page 525. 1 Click Trickling status (

) found at the bottom of the camera list.

2 In the dialog box that appears, select one or more cameras and click: 

to start trickling for the selected cameras



to stop trickling for the selected cameras



to start trickling for all cameras



to stop trickling for all cameras

NOTE A camera that has just been added to the trickled camera list does not appear in this

dialog box until you have clicked Start trickling for all cameras (

) once.

3 Click Close when you have finished.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

201

Configuring the Media Router role

Configuring the Media Router role This section includes the following topics:

• "What is the Media Router?" on page 202 • "Configure the Media Router" on page 202 • "Beware of RTSP port conflict" on page 203

What is the Media Router? The Media Router is the central role that handles all stream requests (audio and video) on the system. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (Security Desk or SDK clients). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks, and servers).

Configure the Media Router When Omnicast is enabled by your license, the Media Router role is created by default and hosted on the main server. The default setup is usually all you need, unless you have a complex system involving multiple private networks. 1 From the Home page in Config Tool, open the Video task. 2 From the Logical view, select the Media Router role. 3 Click the Resources tab, and change the role’s primary server or add a standby server if necessary. For more information, see "Move a role to a different server" on page 50. 4 Click the Properties tab. 5 Change the start multicast address and port settings if necessary. You’ll need to change the default settings only if they conflict with other applications on your system. For more information, see Media Router – "Properties" on page 586. 6 Add or change the redirector configurations. Redirectors are servers assigned to host redirector agents. A redirector agent is a software module created by the Media Router to redirect data streams from one IP endpoint to another. The Media Router automatically creates a redirector agent on every server assigned to an Archiver role. You might have to create redirector agents on additional servers if you need to reach clients located on remote networks. To avoid overloading a redirector server or the network bandwidth between the two endpoints, you can limit the number of live and playback streams that the server can redirect. For more information, see Media Router – "Redirectors" on page 586. 7 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

202

Configuring the Media Router role

Beware of RTSP port conflict The Media Router role has a default RTSP port of 554, its redirectors have a default RTSP port of 560, and an Archiver role has a default RTSP port of 555. These ports must be unique on the same server. If multiple Archiver roles are created on the same server, they must all have a different RTSP port. Otherwise, the role entity will turn yellow and an Entity warning event will be generated.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

203

Configuring the Auxiliary Archiver role

Configuring the Auxiliary Archiver role This section includes the following topics:

• • • • •

"What is the Auxiliary Archiver?" on page 204 "Configure the Auxiliary Archiver" on page 206 "Associate cameras to the Auxiliary Archiver" on page 207 "Remove a camera from the Auxiliary Archiver" on page 208 "Move the Auxiliary Archiver to a different server" on page 208

What is the Auxiliary Archiver? This section includes the following topics:

• • • •

"Purpose of the Auxiliary Archiver" on page 204 "When do I need Auxiliary Archivers?" on page 204 "Auxiliary Archiver limitations" on page 205 "Differences between the Archiver and the Auxiliary Archiver" on page 205

Purpose of the Auxiliary Archiver The purpose of the Auxiliary Archiver roles is to supplement the video archive produced by the Archiver roles. Unlike the Archiver, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it is free to archive any camera in the system, including cameras federated from other Security Center systems. The Auxiliary Archiver must depend on the Archiver to communicate with the video units. If the Archiver isn’t running, the Auxiliary Archiver will not be able to archive the cameras it controls.

When do I need Auxiliary Archivers? The Auxiliary Archiver offers you the flexibility to create a different set of archives than the one created by the Archiver. The auxiliary archives can use different video quality settings and different recording schedules. The following are some sample scenarios where you would need Auxiliary Archivers.

• You need to create a high resolution off-site (outside your corporate LAN) copy of your video archive for selected cameras. In this scenario, you would run the Auxiliary Archiver from a secured location, probably on a server located in a separate building with large storage capabilities. The Auxiliary Archiver would record high quality video streams from specific cameras using different recording settings (mode, schedules, etc.) than the Archiver. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

204

Configuring the Auxiliary Archiver role

• You need to create a lower quality copy of your video archive to keep for a longer period of •

time. In this scenario, you would record the low quality video stream with the Auxiliary Archiver and set a longer retention period. You need to record more cameras (offering different viewing angles) during off-hours when there are no guards on duty. In this scenario, you would configure an Auxiliary Archiver to continuously archive during off hours those cameras that are not archived by the regular Archiver, while the regular Archiver continues to archive

Auxiliary Archiver limitations The Auxiliary Archiver cannot archive cameras federated from Omnicast 4.x systems, whether directly via an Omnicast Federation role or indirectly via the federation of a remote Security Center system that federates an Omnicast 4.x system. The archiving of federated Security Center native cameras is supported.

Differences between the Archiver and the Auxiliary Archiver The following table highlights the differences between these two roles. Characteristics

Archiver role

Auxiliary Archiver role

Automatic unit discovery

Yes (on units that support it).

No.

Command and control of cameras/video units

Yes.

No (relies on the Archiver role).

Command encryption via secure protocols (such as HTTPS and SSL)

Yes (on units that support it).

Not applicable.

Recorded cameras

A camera can only be associated to one Archiver role.

A given camera can be associated to multiple Auxiliary Archivers.

Can only record cameras with which it has a direct connection (usually on the same LAN).

Can record any camera on the system, including federated cameras (but only from Security Center systems).

Recording settings

Each camera has the option to follow the default role settings or its own custom settings.

Each camera has the option to follow the default role settings or its own custom settings.

Recorded video stream

Can only record the stream designated for Recording.

Can record any video stream of your choice.

Manual recording

Yes, when Manual recording schedules are in effect.

No (although Manual recording schedules can be configured).

Event logging in database

Yes. The events can be searched and viewed with the Archiver events video maintenance task.

Yes. The events can be searched and viewed with the Archiver events video maintenance task.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

205

Configuring the Auxiliary Archiver role

Characteristics

Archiver role

Auxiliary Archiver role

Event logging to a flat file

Yes. Found in ArchiverLogs folder.

No.

Database backup and restore

Yes (video files are not included).

Yes (video files are not included).

Failover support

Yes. One secondary server can be added to the Archiver role.

Not applicable.

Multiple copies of the video archive

Yes, via redundant archiving, but the master and redundant copies are identical, because they use the same recording settings.

Yes. Each Auxiliary Archiver produces a different set of video archive that follows its unique recording settings.

Video file protection

Yes.

Yes.

Video watermarking

Yes.

Yes.

Configure the Auxiliary Archiver The Auxiliary Archiver role is not created by default. You need to create it manually. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and then click Add an entity (

) > Auxiliary Archiver.

3 In the Specific info page, do the following: a From the Server drop-down list, select the server where this role will be hosted b Enter the Data server name for the video archive database. A default data server, called (local)\SQLEXPRESS, is installed on every computer where Genetec Server is installed. You can use it or use another data server on your network. c Enter the Database name of the video archive database. CAUTION The default name is AuxiliaryArchiver. If the selected server is already hosting

another instance of Auxiliary Archiver, you must choose a different name. Otherwise, the new role will corrupt the existing database! TIP As a way to prevent unfortunate accidents, Genetec recommends you use a different database name for every instance of Auxiliary Archiver, regardless of whether there is a conflict or not.

d Click Next. 4 In the Basic information page, enter the name, description, and partition where the Auxiliary Archiver role will be created. For more information, see "Common entity attributes" on page 38.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

206

Configuring the Auxiliary Archiver role

5 Click Next, Create, and Close. A new Auxiliary Archiver role ( ) is created. Wait a few seconds for the role to create the database on the selected data server. 6 Select the Resources tab, and configure the server, database, and disk storage required to run this Auxiliary Archiver. NOTE Every newly created Auxiliary Archiver is assigned the default value of 558 for its RTSP port. This port value must be unique for all archiving roles hosted on the same machine. For more information, see Auxiliary Archiver – "Resources" on page 547.

7 Select the Camera recording tab, and configure the default recording settings for all cameras recorded by this Auxiliary Archiver. For more information, see Auxiliary Archiver – "Camera recording" on page 544. TIP If you are using multiple disk groups, you can temporarily set the recording mode to off, then re-enable it at the end of the process to avoid having video files created on the wrong disk group.

8 Select the Cameras tab, and configure the cameras you want to archive. For more information, see "Associate cameras to the Auxiliary Archiver" on page 207. 9 If you are using multiple disk groups for archiving, see "Optimizing access to your storage devices" on page 226.

Associate cameras to the Auxiliary Archiver Before you begin: You can add any camera visible in your system to an Auxiliary Archiver, except the ones federated from Omnicast 4.x systems. 1 From the Auxiliary Archiver’s Cameras tab, click Add an item (

).

2 In the dialog box that appears, select the cameras you want and click OK. NOTE It takes a few seconds for the selected cameras to be added. If the role is unable to add

a camera in the given time, a failed status will be indicated for a few seconds, and the camera will be removed. 3 Click Apply. 4 To override the default recording settings on a camera: a Select the camera from the list and click Jump to (

).

The camera configuration page is selected. b From the Recording tab of the camera, select the tab that corresponds to the current Auxiliary Archiver. For more information, see Camera – "Recording" on page 378. c Select Custom settings under Recording settings, and make the necessary changes. d Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

207

Configuring the Auxiliary Archiver role

Remove a camera from the Auxiliary Archiver Before you begin: Removing a camera from the Auxiliary Archiver instantly deletes the associated video archive from the Auxiliary Archiver’s database. 1 From the Cameras tab, select a camera and click Delete the item (

).

CAUTION There is no undo if you proceed through the next step!

2 In the confirmation dialog box that appears, click Delete. All records of this camera’s video archive are deleted from the role’s database. 3 In the second confirmation dialog box, do one of the following: 

Click No if you want to keep the video files on disk. This allows you to play the video files with the Video file player in Security Desk, but you will no longer be able to query the video archive with the Archives task.



Click Yes if you do not want to keep the video files.

Move the Auxiliary Archiver to a different server Before you begin: You should not move your Auxiliary Archiver to a different server unless both the database and the video storage are configured on a separate machine.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

208

Configuring cameras

Configuring cameras Camera (or video encoder) entities are automatically created when the video units they are part of are added to your system. Although Security Center provides workable default settings, we recommend that you carefully go through the configuration of each entity in order to achieve optimal performance. TIP You can save a significant amount of time by copying the settings of one camera to all similar cameras. For more information, see "Copy configuration tool" on page 668.

This section includes the following topics:

• • • • • •

"Recommended camera configuration process" on page 209 "Configuring video streams" on page 210 "Configure visual tracking" on page 212 "Test the video quality of your camera" on page 213 "Configure PTZ motors" on page 214 "Creating camera sequences" on page 218

Recommended camera configuration process 1 From the Home page in Config Tool, open the Video task. 2 In the Logical view, select a camera. 3 Click the Video tab and configure the video streams that the encoder should generate. For more information, see "Configuring video streams" on page 210. 4 Configure specific recording settings for this camera for each archiving role it is assigned to. If you do not configure specific settings for the camera, it follows the recording settings for the archiving roles (Archiver and Auxiliary Archivers). For more information, see Camera – "Recording" on page 378. NOTE If a camera has been added to an Archiver’s trickling list, its recording can only be

configured using its web page. For more information, see "Trickling" on page 524. 5 (Optional) Motion detection can be performed by the Archiver or by the unit, on the entire video image (default) or only on certain areas (motion zones). For more information, see Camera – "Motion detection" on page 379. 6 (Optional) The camera’s video attributes (brightness, contrast, hue, saturation) can be adjusted to account for different times of the day. For more information, see Camera – "Color" on page 387. 7 (Optional) Visual tracking, the ability for Security Desk users to switch to an adjacent camera’s view by clicking on certain areas of the video image in the tile, can be configured for all fixed cameras.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

209

Configuring cameras

For more information, see Camera – "Visual tracking" on page 388, and "Configure visual tracking" on page 212. 8 (Optional) Hardware devices such as PTZ motors, microphones and speakers can be manually associated with the current camera if they are not built-in on the same unit. For more information, see Camera – "Hardware" on page 389. 9 Test the settings you have configured so far: video quality, color and brightness, PTZ controls, etc. For more information, see "Test the video quality of your camera" on page 213. 10 (Optional) Configure any necessary event-to-action behaviors for this camera. For more information, see "Using event-to-actions" on page 106. 11 (Optional) Copy the settings you just configured from this camera to other similar cameras on your system if applicable. For more information, see "Copy configuration tool" on page 668. 12 Repeat the same process for all other cameras on your system.

Configuring video streams Most video encoders can generate multiple video streams from the same video source. You must carefully evaluate how you plan to use each of them (for live viewing or for recording) and what are the optimum video quality settings for each. This section includes the following topics:

• "How video stream settings are organized" on page 210 • "Automatic stream selection" on page 211 • "Boosting recording quality on special events" on page 212 How video stream settings are organized Video stream settings for a video encoder are nested in the following way:

• Each video encoder can generate one or more video streams. • Each video stream is described by the following settings: 

Video quality. Video quality is defined by a host of parameters such as image resolution, bit rate, frame rate, and so on, that can vary depending on the manufacturer. The video quality can have multiple configurations based on different schedules. For example, lower resolution might be required for regular hours when there is a lot of activity in the office, while higher resolution might be used after closing time when less human surveillance is available.



Stream usage. The stream usage defines the purpose of the stream. You can select from the following options: 

Live – Default stream used for viewing live video in Security Desk.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

210

Configuring cameras



Recording – Stream recorded by the Archiver for future investigation. The quality of the recording stream can be temporarily boosted when the recording is triggered by certain types of events. For more information, see "Boosting recording quality on special events" on page 212.







Remote – Stream used for live viewing when the bandwidth is limited. Low resolution – Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. High resolution – Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large.

A stream can be assigned all, some, or none of the usage options. A stream that has no usage is not generated by the video encoder. 

Network settings. Specific connection type and multicast address can be configured for each stream based on its usage and your network configuration.

For more information on stream configuration, see Camera – "Video" on page 369.

Automatic stream selection Displaying high resolution video requires a lot of CPU power. In order to display the maximum number of live video streams simultaneously in Security Desk, CPU use should be optimized. Security Desk can be configured to base its decisions on which video stream to display on the size of the selected viewing tile. A higher resolution stream is used when the selected tile is large enough to show the difference. Security Desk can also dynamically change the displayed video stream when the user resizes the application window or changes the tile pattern. In order to make these stream selection decisions, Security Desk has to rely on what the administrator assigned to the following stream usage options:

• Low resolution • Live • High resolution Security Desk chooses the most suitable video stream for display based on the current size of the viewing tile. The best choice would be the stream with an image resolution equal to, or lower than, the display area of the tile. The video stream selection also changes dynamically when the user resizes the application window, or changes the tile pattern. When Automatic mode is selected as the default viewing stream in Security Desk, the High resolution stream is always used when a tile is maximized, or when the digital zoom is in use. Security Desk uses a higher resolution stream only if it would make a visual difference to the human user. For this reason, when configuring the video quality of the individual streams, make sure the Live stream has a better resolution than the Low resolution stream, and that the High resolution stream has a better resolution than the Live stream. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

211

Configuring cameras

For more information on how the default live stream is configured in Security Desk, see “Default live stream” in Genetec Security Desk User Guide.

Boosting recording quality on special events On a typical system, the video stream used for recording is often of a lesser quality (lower frame rate or lower image resolution) than the stream used for live viewing. The purpose is to save storage space. However, when important events occur, a higher quality recording is often required to provide adequate support for future investigations. To address this need, Security Center offers the following video encoder options:

• Boost quality on manual recording. Temporarily boosts video quality when the recording is started manually by a user. The actions that trigger manual recording are as follows: 

The Record button (

) is clicked by a Security Desk user

The Add a bookmark button ( ) is clicked by a Security Desk user Boost quality on event recording. Temporarily boosts video quality when the recording is triggered by a system event. 



The events that qualify as event recording are as follows: 

The Start recording action was executed



The recording was triggered by an alarm



The recording was triggered by motion

For more about how to configure these options, see:

• "Boost quality on manual recording" on page 376 • "Boost quality on event recording" on page 376

Configure visual tracking To configure visual tracking is to define on-video controls (colored shapes) for a camera. 1 From the Home page in Config Tool, open the Logical view task. 2 Select a camera from the entity tree and click the Visual tracking tab. 3 Select one of the drawing tools, Rectangle or Ellipse, and draw a shape over the live video displayed to the right. You can resize, position, and rotate the shape with the mouse, or use the Size and Position parameters. 4 Select the fill color and opacity for the shape. Setting the opacity at 60 percent is usually a good tradeoff between transparency and visibility. You can also set a border color and a border thickness.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

212

Configuring cameras

5 From the camera tree located under the drawing tools, drag and drop the camera you want to switch to onto the colored shape. The camera name appears in the Entities box. You can associate multiple cameras to the same shape. If more than one camera is to be associated with the same on-video control, the operator must explicitly select a camera before making the switch instead of just clicking on the colored shape. 6 Add as many on-video controls as necessary. 7 Click Apply.

Test the video quality of your camera After configuring your cameras, you should always test the video quality to make sure it works properly. 1 From the Home page in Config Tool, open the Video task. 2 Do one of the following: 

Double-click the camera you want to test.



Select the camera, and then in the Contextual commands toolbar, click Live video (

).

The Live video dialog box appears and shows you live statistics about the video stream that is coming from the video encoder. For a PTZ camera, see "Configure PTZ motors" on page 214.

3 If you have configured multiple video streams, click the Stream drop-down list to select a different stream to view. For more information, see "Configuring video streams" on page 210. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

213

Configuring cameras

4 If you have configured separate High resolution and Low resolution streams, select Automatic as your stream option, and resize the Live video dialog box to test the automatic stream selection. For more information, see "Automatic stream selection" on page 211. 5 If you are experiencing streaming problems, click Show diagnostic information to display diagnostic information as a transparent overlay on the video.





Click Copy to clipboard to capture that information to send it to "Technical support" on page 869. Click Close to hide the diagnostic information.

Configure PTZ motors If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor separately before you can control it in Security Desk. Some PTZ motors support additional commands:

• Zoom-box. Zoom in on an area by drawing a box on the video image using your mouse. This works like the digital zoom for fixed cameras.

• Center-on-click. Center the camera on a point of the video image with a single click. When these two commands are enabled, they replace the normal pan, tilt, and zoom commands when controlling the PTZ in Security Desk. To configure PTZ motors: 1 From the Home page in Config Tool, open the Video task. 2 Select the camera, and click the Hardware tab. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

214

Configuring cameras

3 Switch the PTZ option to ON. 4 From the Protocol drop-down list, select the protocol used by the PTZ motor. 5 Beside the Protocol field, click options.

to set the Idle delay, Idle command, and Lock delay

For more information about these options, see "Hardware" on page 389. 6 From the Serial port drop-down list, select the serial port used to control the PTZ motor. 7 In the PTZ address box, select the number that identifies the PTZ motor on the serial port. This number is important because it is possible to connect more than one PTZ motor on the same serial port. This number must correspond to the dip switch settings on the PTZ hardware. 8 To enable the enhanced PTZ commands (zoom-box and center-on-click), switch the Enhanced PTZ option to ON, and calibrate the PTZ coordinates. For information about how to calibrate the PTZ, see "Calibrate the PTZ coordinates" on page 215. NOTE Not all cameras require PTZ calibration. For example, Axis cameras do not require

calibration. 9 Click Apply. After you are done: To test the PTZ controls, do the following: a From the Logical view, do one of the following: 



Double-click the camera you want to test. Select the camera, and then in the Contextual commands toolbar, click Live video ( ).

b In the Live video dialog box, test the PTZ controls in the video image. c Use the PTZ widget to control the camera. For a list of commands in the PTZ widget, see "PTZ widget" on page 217.

Calibrate the PTZ coordinates For most cameras, you need to calibrate the limits of the PTZ movement in order to use the zoom-box and center-on-click commands properly in Security Desk. To calibrate the PTZ coordinates for zoom-box and center-on-click: 1 From the Home page in Config Tool, open the Video task. 2 Select the camera, and click the Hardware tab. 3 Next to the Enhanced PTZ option, click Calibrate. 4 To set the PTZ coordinates automatically, click Calibration assistant, and follow the onscreen instructions. 5 To set the PTZ coordinates manually, move the PTZ motor around in the live video image, and enter the corresponding values on the right: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

215

Configuring cameras















Max zoom factor. Zoom in to the maximum level you want Security Desk users to reach, and enter the Zoom value from the Coordinates section. Horizontal field of view. Enter the horizontal field of view specified by the camera manufacturer. If you do not have this information, zoom out until the Zoom value indicates 1x, and estimate the angle of the horizontal field of view from the image you see on screen. Vertical field of view. Enter the vertical field of view specified by the camera manufacturer. If you do not have this information, zoom out until the Zoom value indicates 1x, and estimate the angle of the vertical field of view from the image you see on screen. Minimum pan angle. Turn the camera to the left-most position of the area under surveillance, and enter the Pan value from the Coordinates section. Maximum pan angle. Turn the camera to the right-most position of the area under surveillance, and enter the Pan value read from the Coordinates section. Minimum tilt angle. Turn the camera to the bottommost position of the area under surveillance, and enter the Tilt value read from the Coordinates section. Maximum tilt angle. Turn the camera to the topmost position of the area under surveillance, and enter the Tilt value read from the Coordinates section.

6 If you want to flip the camera image at any point, select one of the following from the Flip camera drop-down list: 



Minimum tilt. Flips the camera image when the PTZ motor reaches the minimum tilt coordinate. Maximum tilt. Flips the camera image when the PTZ motor reaches the maximum tilt coordinate.

7 If you see that the Minimum pan angle value is higher than the Maximum pan angle value, select the Invert pan axis option. 8 If you see that the Minimum tilt angle value is higher than the Maximum tilt angle value, select the Invert tilt axis option. After you are done: Test the zoom-box and center-on-click commands from a Security Desk tile. If needed, adjust the calibration, and test the PTZ camera again. NOTE Every time you change a parameter, you must remove the camera from the tile and drag

it back to the tile for your changes to take effect.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

216

Configuring cameras

PTZ widget The PTZ widget is used to perform pan, tilt, and zoom operations on the displayed PTZ-enabled camera ( ). IMPORTANT Not all PTZ cameras support all PTZ commands. If one or more of the PTZ buttons are greyed out, it means that the PTZ camera you are working with does not support that command.

A B C D

E F G

A

Eight direction arrows for PTZ motor control

B

Adjust speed of the PTZ motor

C

Zoom in and zoom out commands (+ and -)

D

Quick access buttons for the first eight presets

E

Choice of preset slot (drop-down menu)

F

Choice of pattern/tour slot (drop-down menu)

G

Choice of auxiliary command slot (drop-down menu) Lock control of the PTZ motor Toggle the PTZ Advanced mode menu Manual focus control (focus near) Manual focus control (focus far) Manual iris control (open iris)

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

217

Configuring cameras

Manual iris control (close iris) Go to PTZ home (default) position Flip PTZ motor 180 degrees Open PTZ’s menu (analog domes only) Use specific commands (specific to that model camera) Go to preset position Save preset position Rename a preset, pattern, or auxiliary Start PTZ pattern (tour). Click any preset or PTZ button to stop the pattern. Record PTZ pattern (tour) Start PTZ auxiliary command (e.g. wiper blade) Stop PTZ auxiliary command

Creating camera sequences You can group fixed, PTZ-enabled, and federated cameras into a camera sequence, so they are displayed one after another in a rotating fashion in Security Desk tiles. For more information about camera sequences, see "Camera sequence" on page 393. To create a camera sequence: 1 From the Home page in Config Tool, open the Logical view task. 2 In the Contextual commands toolbar, click Add an entity ( A new camera sequence entity (

) > Camera sequence.

) appears in the Logical view.

3 Type a name for the camera sequence, and press ENTER. 4 Click the Cameras tab, and click Add an item (

).

5 From the Camera drop-down list, select a camera to be part of the sequence. 6 In the Dwell time box, set the amount the time the camera is displayed when cycling through the sequence. 7 From the PTZ command drop-down list, choose what action the PTZ camera will perform when it is displayed in the sequence. This option is only for PTZ-enabled cameras. 

Preset. Move the PTZ camera to a preset position.



Position. Start a PTZ pattern.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

218

Configuring cameras

8 From the PTZ auxiliary drop-down list, configure the switch number and the state to set it to. This option is only for PTZ-enabled cameras that support auxiliary switches. 9 Click Save > Apply. 10 To add another camera to the sequence, repeat steps Step 4 to Step 9. 11 To change the order of the cameras in the sequence, use the

and

buttons.

12 To remove a camera from the sequence, select the camera, and click Remove the item (

).

13 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

219

Configuring analog monitors

Configuring analog monitors Analog monitor entities are automatically created when the video decoding units they are connected to are added to your system. Although Security Center provides workable default settings, we recommend that you configure each analog monitor in order to achieve optimal performance. This section includes the following topics:

• "Configure analog monitors" on page 220 • "Testing your analog monitor configuration" on page 222

Configure analog monitors This is the recommended process for configuring analog monitors on your system. 1 Add a video decoding unit to your system. For information about adding units to your system, see "Adding video units to your system" on page 194. Analog monitors that are connected to the video decoding unit are automatically created as analog monitor entities. 2 Configure the analog monitor properties. a In the Video task, select an analog monitor to configure. b Click the Properties tab. c Configure the video settings, network settings, and the hardware connected to the analog monitor. For information about analog monitor properties, see "Analog monitor" on page 357.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

220

Configuring analog monitors

d Repeat Step a to Step c for each analog monitor connected to the decoder. 3 To receive alarms on your physical analog monitors, do the following: a In the Alarms task, click the Monitor groups view. b Click

Monitor group.

c Type a name for your monitor group. d Select the monitor group, and click the Monitors tab. e At the bottom of the page, click group, and then click OK.

, select the analog monitors to be part of the monitor

You can select multiple analog monitors by holding the SHIFT or CTRL keys. IMPORTANT The order of analog monitors in the list is important. If you add more than

one analog monitor to a monitor group, the first analog monitor in the list will receive the highest priority alarm, the second analog monitor will receive the second highest priority alarm, and so on. The last analog monitor in the monitor group list will receive all the other alarms. f Click Apply. g In the Alarms task, click the Alarms view. h Select an alarm, and then click the Properties tab. i In the Recipients section, click alarm, and then click OK.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

, select the monitor groups to be recipients of the

221

Configuring analog monitors

j Click Apply. Analog monitors that are part of the monitor group are now recipients of the alarm. When the alarm is triggered, the video associated with the alarm is shown on the physical analog monitor. NOTE High priority alarms do not replace lower priority alarms that are displayed on the

analog monitor. For more information about viewing video or receiving alarms in analog monitors in Security Desk, see “Viewing video in an analog monitor” in the Security Desk User Guide.

Testing your analog monitor configuration After configuring your analog monitors, you should always test to make sure you can view video on the analog monitors. To test your configuration:

• Display an analog monitor in a canvas tile in Security Desk, and then add a supported camera to the tile. Supported cameras must be from the same manufacturer as the decoder, and use the same video format. For more information about using analog monitors in Security Desk, see “Viewing video in an analog monitor” in the Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

222

9 Managing Omnicast This section explains advanced configuration techniques, and describes how to keep your video surveillance system reliable, protected, and running smoothly. This section includes the following topics:

• • • • • • • • • • • • • • •

"Managing video archives" on page 224 "Protecting your video archives" on page 227 "Protecting video files" on page 231 "Viewing properties of video files" on page 233 "Replace video units" on page 234 "Diagnosing video streams" on page 235 "Troubleshooting video units that are offline" on page 236 "Diagnosing “Waiting for signal” errors" on page 237 "Diagnosing “Impossible to establish video session with the server” errors" on page 239 "Troubleshooting no playback video available" on page 240 "Troubleshooting cameras that are not recording" on page 241 "Troubleshooting video units that cannot be added" on page 244 "Troubleshooting video units that cannot be deleted" on page 247 "Solving H.264 video stream issues" on page 248 "Investigating Archiver events" on page 249

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

223

Managing video archives

Managing video archives The video archives managed by the Archiver roles are the most important assets produced by your video surveillance system. They incorporate all the video (and audio) information recorded by your system. This section includes the following topics:

• "What constitutes a video archive?" on page 224 • "Managing the archive storage" on page 225

What constitutes a video archive? Each Archiver is responsible for its own video archive for the cameras it controls. The video archive is divided into two parts:

• The archive database • The archive storage The archive database Each Archiver role maintains an archive database. It keeps four types of information:

• Catalog of the recorded video footage. • Events associated with the recorded video footage, such as motion detected, bookmarks, and occasionally metadata (in the future).

• Events describing the recording activities, such as when recording started and stopped, and •

what triggered the event. Events related to the archiving process, such as Disk load is over 80%, and Cannot write to any drive.

The archive storage The Archiver role does not keep the actual video footage in the database. Instead, it is kept on disk, in small files with a G64 extension, called video files. Each video file contains one or many discrete short sequences of video. The location of these files and the description of the video sequences they contain (camera, beginning and end of sequence) are kept in the catalog managed by the Archiver. For information on how to configure the archive database and storage for an Archiver role, see Archiver – "Resources" on page 533.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

224

Managing video archives

Managing the archive storage Managing the archive storage involves the following tasks:

• • • •

Estimating how much storage you need Configuring automatic disk cleanup Optimizing access to your storage devices Monitoring the storage usage

Estimating how much storage you need The storage requirements must be evaluated for each Archiver role, since they can control different numbers of cameras. The storage requirement is affected by the following factors:

• The number of cameras that need archiving. • The number of days you need to keep the archive online. See "Configuring automatic disk cleanup" on page 225.

• The percentage of recording time. The percentage of recording time depends on the selected archiving mode. Recording can be configured for different times during the day as continuous, triggered by motion and user request, only upon user request, or off. For information on how to configure the recording mode, see Archiver – "Recording modes" on page 522.

• Frame rate. The higher the frame rate, the more storage space the recording will require. For information on configuring the recording frame rate, see Camera – "Video" on page 369.

• Image resolution. The higher the image resolution, the more storage space the recording will require. The image resolution is determined by the video data format in effect. For a description of the available video data format, see Camera – "Video" on page 369.

• The expected percentage of movement. Instead of the whole image for every single frame, most video encoding schemes compress data by storing only the image changes between consecutive frames. Therefore, recording a scene that is in constant movement requires a lot more storage than recording a quiet scene. TIP Checking the disk usage statistics regularly is the best way to estimate future disk space requirements, and allows you to make adjustments in a timely manner. See Archiver – "Archiver statistics" on page 538.

Configuring automatic disk cleanup The Archiver uses two methods to free up storage space for new video files:

• The first method is to delete the oldest video files when running out of disk space. This is the simplest method if the video footage from all cameras is of equal importance, and if you gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

225

Managing video archives



wish to keep as much footage as possible. This method maximizes disk usage. For information on how to configure this option, see Archiver – "Advanced settings" on page 532. The second method is to specify for each camera the number of days the recorded footage needs to be kept online. When the that timer period expires, the video is automatically deleted, even if disk space has not run out. This method allows you to keep more important video footage for a longer period of time. For information on how to set this option, see Camera – "Recording" on page 378.

The Archiver can also be instructed not to delete any video files. In this case, archiving stops when disk space runs out.

Optimizing access to your storage devices The main bottleneck on the Archiver is disk throughput. The Archiver has a way to alleviate this problem by simultaneously writing to multiple disks. This optimization is achieved by spreading the video archive over several disk groups. Each disk group must correspond to a separate disk controller. By splitting the video archive from different cameras over different disk groups, you can effectively attain the maximum throughput in terms of disk access. To distribute the archiving cameras over multiple disk groups: 1 From the Role view in Config Tool, select the Archiver entity. 2 Select the Resources tab. 3 Create a new disk group. See Archiver – "Archive storage settings" on page 536. 4 Click Camera distribution (

).

5 Using the dialog box that appears, distribute the cameras between the disk groups by selecting them one at a time and moving them with the arrow buttons. 6 Click Close > Apply.

Monitoring the storage usage Given the importance of your video archive, you should monitor disk usage so archiving does not get interrupted inadvertently. There are many ways to monitor disk usage:

• Program event-to-action behaviors to alert you when the Archiver is running out of disk •

space or has stopped archiving. For more information, see "Using event-to-actions" on page 106. Regularly check the Archiver statistics. See Archiver – "Archiver statistics" on page 538.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

226

Protecting your video archives

Protecting your video archives This section discusses how to enhance the security of your video archives. This section includes the following topics:

• • • •

"Protecting your video archive against storage failure" on page 227 "Protecting your video archive against hardware failure" on page 227 "Protecting video archive against routine cleanup" on page 229 "Protecting video archive against tampering" on page 229

Protecting your video archive against storage failure The best protection for your video archive is regular backups.

Backing up your video archive You need to back up both the archive database and the video files at the same time. The video files must be backed up manually, and in their entirety (by default, everything under the VideoArchives folder), and must correspond to the catalog stored in the archive database. For information on how to backup the database, see "Back up your role database" on page 57.

Restoring your video archive You need to restore the video files to the VCDexact same location where they were originally stored. If you are restoring the files to a different server, the relative path to the video files root folder (by default VideoArchives) from the new server must be the same as the path from the old server. Otherwise, the Archiver role will not be able to find them. For information on how to restore the database, see "Restore your role database" on page 58.

Protecting your video archive against hardware failure When the server hosting the Archiver role fails, two main functions of your video system are disabled. First, you lose control over the live video (viewing cameras, controlling the PTZ camera, archiving, etc.), because it is the Archiver that controls the video units. Second, you lose access to your archived video, because it can only be accessed through the Archiver that created it. This is true even if your database server is not the same computer as the one that failed.

About Archiver failover Failover can counter the first problem posed by hardware failure. Adding a secondary server to your Archiver role effectively minimizes the down time over the live video. For Archiver failover, the following conditions apply: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

227

Protecting your video archives

• Only one primary server and one secondary server can be assigned to an Archiver role. • The primary and secondary servers must each have their own database, hosted locally, or on another computer.

• To make sure that the video archived by the primary server is still available if it fails to the secondary server, you must turn on redundant archiving. This ensures that the primary and secondary servers can archive video at the same time, and that they each manage their own copy of the video archive. NOTE You can set up redundant archiving on all cameras managed by the Archiver role, or protect just a few important cameras. For more information, see Archiver – "Camera recording" on page 522.

An alternative solution to protecting your video archives is to use Auxiliary Archivers. For more information, see "Configuring the Auxiliary Archiver role" on page 204.

Careful load planning for failover Depending on the archiving load of the Archiver role (meaning the number of cameras it is archiving and the video quality for each), the additional load it places on its secondary server as a result of a failover can affect that server’s ability to perform. This happens when the failover archiving load added to the existing archiving load of the secondary server exceeds the archiving capability of that server. Additional roles hosted on the secondary server can also affect its archiving capability. When selecting a server as a secondary server for an Archiver role, consider the following:

• How much spare power does the secondary server have? If the secondary server has other functions, it is unlikely be able to absorb the full load of another server. NOTE Based on recent benchmarks, a high-end server dedicated to video archiving cannot handle more than 300 Mbps of data or 300 cameras, whichever comes first. TIP To alleviate the failover load on a server, Genetec recommends defining multiple Archiver roles with fewer video units each. They can all share the same primary server, but should all fail over to different secondary servers.

• How long is a typical failover expected to last? The longer a failover lasts, the more additional disk space you need to reserve for archiving. For more information, see "Estimating how much storage you need" on page 225.

• Is some video less important? The command and control of the video units uses much less resources compared to video archiving. Any server can handle a lot more video units if it is only required to take care of the command and control function over them. If video archiving is not equally important on all cameras, you can entrust all important cameras to one Archiver role and give it a higher archiving priority than the rest. That way, if multiple Archiver roles happen to fail over to the same server at the same time, archiving gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

228

Protecting your video archives

will be maintained for the important cameras. For more information, see "Configure standby archiving priorities" on page 535.

Archiver failover limitation The failover process might take 15 to 30 seconds. During that time, no video will be recorded. Live video viewing will not be affected by the Archiver failover. However, if a user adds a bookmark during that small time window, no bookmark will be added, because the Archiver role is not ready to accept the command, and no operation failure will be reported in Security Desk.

Protecting video archive against routine cleanup By default, video files are not kept indefinitely. Old video files can be deleted by the Archiver to make space for new video, or they can be deleted simply because their time has expired. See "Configuring automatic disk cleanup" on page 225. If important video footage needs to be kept beyond its normal retention period, you can protect it temporarily, or indefinitely. See "Protecting video files" on page 231. CAUTION Too many protected video files on a disk can waste valuable storage space for new video files. To make sure this does not happen, regularly check the percentage of protected video files on each disk (see Archiver – "Protected video file statistics" on page 539). TIP An alternative to protecting video files is to export the desired video sequence to a different location. See “Exporting video” in the Security Desk User Guide.

Protecting video archive against tampering When video evidence is to be used in court, its integrity is of paramount importance. Watermarking is the Security Center way of proving that video has not been altered. Video watermarking is the process of adding a digital signature to every recorded video frame to ensure its authenticity. If anyone later tries to make changes to the video (add, delete, or modify a frame or a section of the video), the signatures will no longer match, proving that the video has been tampered with. In other words, if a video sequence passes the watermark test, it is faithful to the original. To enable video watermarking on an Archiver: 1 From the Home page in Config Tool, open the System task. 2 Click the Role view, and select the Archiver entity. 3 Click the Resources tab, and click Advanced settings. See Archiver – "Advanced settings" on page 532. 4 Switch the Video watermarking option to ON, and click OK. 5 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

229

Protecting your video archives

Set up a custom encryption key You can generate your own encryption key and ask the Archiver to use it. 1 Run the program called EncryptionKeyGenerator.exe found in the Security CenterSecurity Center Server installation folder. The program will generate two 1 kB files named fingerprint.bin and private.bin. The first file contains a random 20 Byte initial fingerprint used for the encryption. The second file contains an RSA 248-bit encryption key. These two files will be different every time the program is executed. 2 Keep a copy of these files in a safe place. 3 Place another copy of these files in the Security Center Server installation folder. 4 From the Home page in Config Tool, open the System task. 5 Click the Role view, and select the Archiver entity. 6 To restart the role, click Deactivate, and then Activate in the Contextual commands toolbar.. The next time the Archiver records video to disk, the video files will be watermarked, and the fingerprint will be encrypted using the new encryption key. IMPORTANT If you assign a second server to the Archiver role, it must use the same custom encryption files. This means you must place a copy of the encryption files in the Security Center Server installation folder of the second server.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

230

Protecting video files

Protecting video files You can protect video files from being automatically deleted by the system when the Archiver’s disk space becomes full. What you should know You might protect a larger segment than what you select because the Archiver cannot protect partial files. "Protecting your video archives" on page 227. To protect a video file: 1 From the Home page, open the Archive storage details task 2 Generate your report (see "Generate a report" on page 30). The video files associated with the selected cameras are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 From the report pane, select the video file to protect, and then click Protect (

).

NOTE To select multiple video files, hold the CTRL or SHIFT keys.

4 In the Start and End columns in the Protect archives dialog box, set the time range of the video file to protect.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

231

Protecting video files

5 Select how long to protect the video file for, from one of the following options: 

Indefinitely. No end date. You must remove the protection status manually by selecting the video file in the report pane, and then clicking Unprotect ( ). NOTE When you unprotect a video file, it is not immediately deleted. You have 24 hours to change your mind (see "Archive storage settings" on page 548).



For x days. The video file is protected for the number of days that you select.



Until. The video file is protected until the date that you select.

6 Click Protect. The video file is protected.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

232

Viewing properties of video files

Viewing properties of video files You can find the of video files used to store video archives from cameras, and view the properties of the video files (file name, start and end time, file size, protection status, and so on), using the Archive storage details report. You can also change the protection status of the video files. To view the properties of a video file: 1 From the Home page, open the Archive storage details task. 2 Generate your report (see "Generate a report" on page 30). The video files associated with the selected cameras are listed in the report pane, along with their file properties. For information about the report columns available, see "Report pane columns" on page 723. 3 To view a video sequence in a tile, double-click or drag a video file from the report pane to the canvas. The selected sequence immediately starts playing. After you finish

• To export an important video archive, select the item in the report pane, and then click •

Export video ( ). For more information, see “Exporting video” in the Security Desk User Guide. To remove a video file from the database, select the item in the report pane, and then click



Delete ( ). To protect an important video archive from automatic deletion, select the item in the report pane, and then click Protect ( page 231.

). For more information, see "Protecting video files" on

EXAMPLE If you protected an important video file, you can search for that camera, see when

the protection status is going to end, and extend the amount of time, if needed. Also, if the video file is not yet protected, you can protect it.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

233

Replace video units

Replace video units If a video unit fails and is offline in Security Center (red in the Logical view), you can replace the unit with a compatible one. This process copies the video archives and event logs associated with the old unit to the new one, so that the video archives are not lost. IMPORTANT You need to copy over the configuration settings to the new video unit and all the cameras it controls before replacing the unit using the Unit replacement tool.

Before you begin: The new video unit must be the same brand and model as the old one, or you will receive the following error message: Units’ extension does not match. 1 Add a new video unit to the Archiver controlling the old unit. For information about adding a video unit, see "Adding video units to your system" on page 194. 2 Copy the configuration settings of the old video unit to the new video unit, using the Copy configuration tool. See "Copy configuration tool" on page 668. 3 Copy the configuration settings of the cameras controlled by the old video unit to the new cameras, using the Copy configuration tool. See "Copy configuration tool" on page 668. 4 Click the Home tab, and then click Tools > Unit replacement tool. 5 In the Unit type option, select Cameras. 6 Select the Old and the New cameras. For more information about searching for entities, see "Search for entities using the Search tool" on page 43. 7 Click Swap. The video archives and event logs of the old video unit are copied to the new one. 8 Verify that the video archives are now associated with the new video unit. a Open Security Desk. b From the Home page, open the Archives task. c Select a camera that is controlled by the new video unit. All days that include video archives for the selected camera are listed in the All available tab. d Click Generate report. 9 Once everything is verified, return to the Config Tool Video task. 10 In the Logical view, right-click the old unit, and click Delete (

).

11 In the confirmation dialog box that opens, click Continue.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

234

Diagnosing video streams

Diagnosing video streams In Security Desk, you can diagnose the status of video streams displayed in the canvas. What you should know This can help you determine if there is a potential problem with the video stream, the Archiver, the redirection to Security Desk, and so on. To diagnose a video stream: 1 In Security Desk, display a camera in a tile. 2 Press CTRL+SHIFT+D. Diagnostic information about the video stream is overlaid in the tile. Click OK to view additional information. 3 Review the video stream connections. 

Archiver. The connection status from the camera to the Archiver role.



Redirector. The connection status from Archiver role to the redirector.



Media player. The connection status from the redirector to your Security Desk workstation.

4 Click Close.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

235

Troubleshooting video units that are offline

Troubleshooting video units that are offline When the camera is red in the Logical view, it means that it is offline, or the communication with the Archiver role has been lost. What you should know When a unit is offline in Security Center, it usually coincides with a Unit lost event in Security Desk. This could be caused by an unstable network connection, or issues with the unit itself. To troubleshoot why a unit is offline: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping ( 



).

If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.

2 Open the unit’s Web page by typing its IP address in a Web browser. 3 Reboot the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Reboot (

).

4 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. You’ll need a username and password to log on to GTAP. 5 Restart the Archiver role controlling the unit. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Deactivate role (

).

c In the confirmation dialog box that opens, click Continue. The Archiver turns red. d At the bottom of the Video task, click Activate role (

).

6 If the video unit is still offline, contact technical support. See "Technical support" on page 869.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

236

Diagnosing “Waiting for signal” errors

Diagnosing “Waiting for signal” errors When you see a Waiting for signal message in a tile, it means that Security Desk is trying to connect to the Archiver. What you should know Some of the reasons you could get the waiting signal are the following:

• The network is slow. • There is some sort of block due to your port connections. • The video stream was dropped while it was being redirected to Security Desk. Wait to see if the camera connects. If the Waiting for signal message persists, you can try to diagnose the connection. To diagnose a Waiting for signal error: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping ( 



).

If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.

2 Open the unit’s Web page by typing its IP address in a Web browser. 3 Change the video unit’s connection type to the Archiver. a In Video task in Config Tool, select the red camera. b Click the Video tab. c From the Connection type drop-down list in the Network settings section, select a different connection type. d Click Apply. 4 Try viewing playback video from the camera. a In the Archives task in Security Desk, select the camera. b Select the most recent video archive available, and then click Generate report. c Once the report is generated, try to view the video from the archive. 



If you can view the video, continue with Step 5. If you cannot view any video, contact technical support (see "Technical support" on page 869).

5 If you have an expansion server on your system running the Archiver role, try to view video from the expansion server. a Open Security Desk on the expansion server. b In the Monitoring task, drag the camera from the Logical view to a tile in the canvas. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

237

Diagnosing “Waiting for signal” errors





If you can view video, it might be a problem with the redirection from the Media Router to your Security Desk. Continue with Step 6. If you cannot view any video, contact technical support (see "Technical support" on page 869).

6 Make sure the correct ports are open on your network. For a list of default ports that are used in Security Center, see “Default Security Center ports” in the Security Center Administrator Guide. 7 Make sure your networks are configured properly. a In the Network view task in Config Tool, select a network. b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet mask, routes, and so on). c Change the network settings if needed, and then click Apply. d Repeat Step a and Step b for all the networks on your system. For more information about configuring network settings, see “Network view” in the Security Center Administrator Guide. 8 Force Security Desk to use a different connection type. a In the Home page in Security Desk, click Options. The Options dialog box opens. b Click the General page. c In the Network options section, next to the Network option, select Specific. d From the drop-down list, select a different network, and then click Save. e Restart Security Desk. f If changing the network connection does not work, repeat Step a to Step e to test using other networks. 9 If you still cannot view video, or the tile displaying the camera still says Waiting for signal, contact technical support (see "Technical support" on page 869).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

238

Diagnosing “Impossible to establish video session with the server” errors

Diagnosing “Impossible to establish video session with the server” errors If you receive an Error: Impossible to establish the video session with the server message, you can try to determine the cause. What you should know The Error: Impossible to establish video session with the server message could show up for multiple reasons. There could be a problem with your server, the Media Router role, the Federation role, the Archiver role, or the video unit itself. To diagnose an Impossible to establish video session with the server error: 1 Make sure your server is running. 2 Make sure the Archiver role is online. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Diagnose (

).

c If there are issues, try to fix them. 3 If you are trying to view a federated camera, make sure the Security Center Federation role or the Omnicast Federation role is online. a In the System task in Config Tool, click the Roles view. b Select the Federation role, and at the bottom of the task, click Diagnose (

).

c If there are issues, try to fix them. 4 If you are trying to view a federated camera, make sure the server of the federated Security Center system is online. 5 It might be a connection problem with the Media router. Make sure the Media Router role is online. a In the System task in Config Tool, click the Roles view. b Select the Media Router role, and at the bottom of the task, click Diagnose (

).

c If there are issues, try to fix them. 6 Restart the Media Router role. a In the System task in Config Tool, click the Roles view. b Select the Media Router role, and at the bottom of the task, click Deactivate role (

).

c In the confirmation dialog box that opens, click Continue. The Media Router turns red. d At the bottom of the System task, click Activate role (

).

7 Check if the video unit is offline (see "Troubleshooting video units that are offline" on page 236).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

239

Troubleshooting no playback video available

Troubleshooting no playback video available If you cannot view playback video or video archives in Security Desk, you can try to troubleshoot the issue. To troubleshoot why you cannot view playback video: 1 Try viewing live video from the camera. a In the Monitoring task in Security Desk, drag the camera from the Logical view to a tile in the canvas. 



If you can view live video, continue with Step 2. If you cannot view any video, see the following troubleshooting section: "Troubleshooting video units that are offline" on page 236.

2 Try viewing playback video from the Archives task. a In the Archives task in Security Desk, select a camera. b Search for video archives at different dates and times, and then click Generate report. c Once the report is generated, try to view video from the archives. d Repeat Step a to Step c with other cameras. 

If you can view the video from some of the video archives, go to Step 3.



If you cannot view any video, go to Step 4.

3 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. You’ll need a username and password to log on to GTAP. 4 Try viewing playback video from the Archives task on another Security Desk, and on the server where the Archiver role is running (follow the substeps in Step 2). 



If you can view video, it might be a problem with the redirection from the Media Router to your Security Desk. Continue with Step 5. If you cannot view any video, contact technical support (see "Technical support" on page 869).

5 Make sure the correct ports are open on your network. For a list of default ports that are used in Security Center, see "Default Security Center ports" on page 776. 6 If you still cannot view playback video, contact technical support (see "Technical support" on page 869).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

240

Troubleshooting cameras that are not recording

Troubleshooting cameras that are not recording If you cannot record video, you can try to determine the cause of the issue. What you should know If you can view live video from a camera but cannot record video, it might be due to the recording mode of the camera, the Archiving schedule, the Archiver role database, or even your CPU usage. Some of the ways you can tell if the camera is not recording are the following:

• If you are viewing live video, the recording status of the camera is indicated in the lowerright corner of the tile. If the status indicates

, the camera is currently not recording.

• You are trying to view playback video, but there is no video available for the date and time you selected, and you know that there should be. To troubleshoot why a camera is not recording: 1 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. You’ll need a username and password to log on to GTAP. 2 Verify the camera recording type. a In the Video task in Config Tool, select the red camera. b Click the Recording tab. 



If the Recording settings option is set to Custom settings, check that all the recording settings are correct, and then click Apply. If the Recording settings option is set to Inherit from Archiver, continue with Step c.

c In the Video task, select the Archiver. d Click the Camera recording tab. e In the Recording modes section, make sure the Archiver is set to record on the right Schedule, and that the recording Mode is not set to Off. 3 If the camera recording mode is set to On motion/manual, make sure the motion detection settings are configured properly. a In the Video task in Config Tool, select the red camera. b Click the Motion detection tab. c Verify the motion detection settings. Fore more information, see “Motion detection” in the Security Center Administrator Guide. 4 Check the status of the Archiver role database. a In the Video task in Config Tool, select the Archiver. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

241

Troubleshooting cameras that are not recording

b Click the Resources tab. 

If the Archiver database status is Connected, go to Step 5.



If the Archiver database status is Disconnected, or Unavailable, continue with Step c.

c Click Create a database (

).

CAUTION Do not overwrite the existing database, or your video archives will be deleted. NOTE When you create a new database, the video archives from the old database are no longer included in Security Center searches, and will not be deleted by automatic database cleanups. 



If the camera can record using the new Archiver database, you can continue to use the new database. If the camera is still not recording, revert back to the original database, and continue with Step 5.

5 Check how much disk space is available for archiving. a In the Video task in Config Tool, select the Archiver. b Click the Resources tab. c In the disk information table, make sure the Min. free space value is at least 0.2% of the Total size value. The Min. free space is the minimum amount of free space that the Archiver must leave untouched on the disk. d If the Min. free space value is less than 0.2% of the Total size, click on the value, and then increase it. 6 Check for Archiving stopped and Recording stopped events that occurred on your system. In Windows on the server where the Archiver role is running, open the .log files, located in C:\ArchiverLogs. If there are Archiving stopped or Recording stopped events in the Entry type column, restart the Genetec Server service. a Open your Windows Control Panel. b Click Administrative Tools > Services. c Click the Genetec Server service, and then click Restart. 7 Check for Transmission lost and RTP packet lost events that occurred on your system. In Windows on the server where the Archiver role is running, open the .log files, located in C:\ArchiverLogs. 



If there are many Transmission lost and RTP packet lost events in the Entry type column, then it might be a CPU usage or network issue. Continue with Step 8. If there are not many Transmission lost and RTP packet lost events, go to Step 9.

8 Check your CPU usage. a Right-click in the Windows taskbar.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

242

Troubleshooting cameras that are not recording

The Windows Task Manager opens. b Click the Performance tab, and make sure the CPU Usage is not over 60%. If the CPU usage is over 60%, restart the server, and consider adding more CPU to the server. c Click the Networking tab, and make sure the network Link speed is not over 300 Mbps. 9 If you are only experiencing recording problems with one video unit, try the following: a In the Video task in Config Tool, right-click on the red video unit, and then click Delete. b In the confirmation dialog box that opens, choose if you want to keep the video archives from the unit. The video unit is removed from the Archiver. c Add the video unit. For more information about adding units in Security Center, see the Security Center Administrator Guide. 10 If you still cannot record video on the camera, contact technical support (see "Technical support" on page 869).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

243

Troubleshooting video units that cannot be added

Troubleshooting video units that cannot be added If you are having trouble adding a video unit to an Archiver, you can try to determine the cause of the issue. What you should know When you cannot add a video unit, it might be due to network issues, user credential issues, and so on. Best practice: Log on to Config Tool as an administrator. To troubleshoot why a video unit cannot be added: 1 Ping the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Ping ( 



).

If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on), or there is a problem with your network. If you can ping the unit, continue with Step 2.

2 Open the unit’s Web page by typing its IP address in a Web browser. 3 Reboot the unit. a In Video task in Config Tool, select the red video unit. b At the bottom of the Video task, click Reboot (

).

4 Try adding the unit again. 5 Make sure that you have a free camera connection in your Security Center license. a From the Home page in Config Tool, click the About page, and click the Omnicast tab. b In the Number of cameras license option, make sure there is a camera connection still available. 6 Make sure the unit is supported by Security Center, and that it is running the certified firmware. For a list of video units supported by Security Center, see the Supported Devices list on GTAP, at https://gtap.genetec.com/Library/SupportedDevices.aspx. You’ll need a username and password to log on to GTAP. 7 Make sure you are using the correct credentials when trying to add the unit. For some manufacturers, you have to set the default credentials from the Archiver Extensions tab. a From the Video task in Config Tool, select the Archiver to which you are trying to add the video unit. b Click the Extensions tab. c To add the extension for the video unit, click Add an item ( type, and click Add. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

), select the extension

244

Troubleshooting video units that cannot be added

d Select the extension. e In the Default logon section, enter the username and password for the unit. 8 Make sure the Archiver is connected to the correct database. a In the Video task in Config Tool, select the Archiver. b Click the Resources tab. 

If the Archiver database status is Connected, go to Step 9.



If the Archiver database status is Disconnected, or Unavailable, continue with Step c.

c Click Create a database (

).

CAUTION Do not overwrite the existing database, or your video archives will be deleted. NOTE When you create a new database, the video archives from the old database are no longer included in Security Center searches, and will not be deleted by automatic database cleanups.

9 Make sure the Media Router is connected to the correct database. NOTE If the camera was previously added in Security Center and the IP address or name was

changed, you can also re-create the Media Router database. a In the Video task in Config Tool, select the Media Router. b Click the Resources tab. 

If the Media Router database status is Connected, go to Step 10.



If the Media Router status is Disconnected, or Unavailable, continue with Step c.

c Click Create a database (

).

10 Try adding the unit with the firewall turned off. For information about how to disable Windows firewall, see KBA00596: “Recommended Windows Firewall Settings” on GTAP, at https://gtap.genetec.com/Library/ KnowledgeBaseArticle.aspx?kbid=596. IMPORTANT Do not turn off the firewall permanently. Reactivate it after your tests are

complete. 11 Make sure your networks are configured properly. a In the Network view task in Config Tool, select a network. b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet mask, routes, and so on). c Change the network settings if needed, and then click Apply. d Repeat Step a to Step c for all the networks on your system. For more information about configuring network settings, see “Network view” in the Security Center Administrator Guide. 12 Make sure the Archiver, Media Router, and all redirectors are using the correct NICs (network interface cards). a From the System task in Config Tool, click the Roles view. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

245

Troubleshooting video units that cannot be added

b Select the Archiver role, and click the Resources tab. c From the Network card drop-down list, select the appropriate NIC. d In the Logical view, select the Media Router role, and click the Resources tab. e Under the Servers section, click Advanced (

).

f Select the appropriate Network card for each server, and click Apply. g Click the Properties tab. h Select a Redirector, and click Edit the item (

).

i From the Multicast interface drop-down list, select the appropriate NIC. j Repeat Step h and Step i for each redirector. 13 Try adding the unit. 14 Verify the NICs priority in Windows. a In Windows, click Start > Run, and type ncpa.cpl. The Network Connections window opens. b Click the Advanced menu above and select Advanced Settings. c Note which NIC on your server is configured as network priority one (at the top of the Connections list), and which is configured as priority two. d If needed, use the arrow buttons on the right side to move the different connections up and down in the list. 15 Try adding the unit. 16 Make sure the Media Router role is online. a In the System task in Config Tool, select the Media Router role. b At the bottom of the System task, click Diagnose (

).

c If there are issues, try to fix them. 17 Make sure the Archiver role is online. a In the Video task in Config Tool, select the Archiver. b At the bottom of the Video task, click Diagnose (

).

c If there are issues, try to fix them. 18 If you still cannot add the video unit, contact technical support (see "Technical support" on page 869).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

246

Troubleshooting video units that cannot be deleted

Troubleshooting video units that cannot be deleted If you cannot delete a video unit from Security Center, you can temporarily deactivate the Archiver. To delete a video unit: 1 In the Video task in Config Tool, select the Archiver. 2 At the bottom of the Video task, click Deactivate role (

).

3 In the confirmation dialog box that opens, click Continue. The Archiver and all video units controlled by the role turn red. 4 Select the video unit, and at the bottom of the Video task, click Delete (

).

5 Select the Archiver, and at the bottom of the Video task, click Activate role (

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

).

247

Solving H.264 video stream issues

Solving H.264 video stream issues If you are having problems viewing H.264 video streams, you can disable the AVCodec_ErrorRecognition advanced Archiver role setting. To solve H.264 video stream issues: 1 From the Video task in Config Tool, select the Archiver to configure. 2 Click the Resources tab. 3 At the bottom of the Resources tab, click Advanced settings. 4 Click Additional settings. 5 In the Additional settings dialog box, click Add an item (

).

6 In the Name column, type AVCodec_ErrorRecognition. 7 In the Value column, type 0. 8 Click Close. 9 In the Advanced settings dialog box, click OK. 10 In the Resources tab, click Apply. 11 When you are asked to restart the Archiver, click Yes.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

248

Investigating Archiver events

Investigating Archiver events You can search for events related to Archiver roles, using the Archiver events report. What you should know You can check the status of an Archiver by selecting it, setting a time range of a week, and making sure there are no critical events in the report. You can also troubleshoot an Archiver by searching for important events, such as Disk load is over 80% or Cannot write to any drive, and see when those events occurred. To investigate Archiver events: 1 From the Home page, open the Archiver events task. 2 Generate your report (see "Generate a report" on page 30). The Archiver events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

249

Part IV Synergis IP access control Learn how to set up, configure, and manage your Synergis system in Security Center. This part includes the following chapters: •

Chapter 10, “Deploying Synergis” on page 251



Chapter 11, “Managing Synergis” on page 295

10 Deploying Synergis This section explains how to set up your access control system for the first time. This section includes the following topics:

• • • • • • • • • • • • •

"What is Synergis?" on page 252 "Synergis deployment process" on page 256 "Configuring the Access Manager role" on page 260 "Configuring access control units" on page 267 "Configuring doors" on page 268 "Using the Walkthrough wizard" on page 271 "Configuring elevators" on page 274 "Configuring secured areas" on page 278 "Configuring access rules" on page 281 "Configuring cardholders and cardholder groups" on page 283 "Configuring credentials" on page 285 "Defining badge templates" on page 289 "Testing your configuration" on page 294

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

251

What is Synergis?

What is Synergis? Synergis™ is Security Center’s IP access control system. From access control reader to client workstation, Synergis provides end-to-end IP connectivity. Synergis integrates a variety of access control capabilities including, but not limited to, badge design, visitor management, elevator control, zone monitoring and more. Synergis was designed with an open and distributed architecture. Build your system with new IP readers or use what you already have. Integrate your access control system with other thirdparty systems, like intrusion or building management, and distribute Synergis server components on many different network computers to optimize bandwidth and workload. Synergis Enterprise supports an unrestricted number of doors, controllers and client workstations. You can grow your system one door at a time or scale your system across multiple buildings using the Federation feature.

How does Synergis work? Synergis architecture is based on the server role known as the Access Manager, which controls the physical door controllers.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

252

What is Synergis?

The following provides a general description of how Synergis architecture works:

• System configurations are saved by the Directory role. • The Directory pushes configurations to the Access Manager. • Access Manager communicates directly with the physical door controllers (called access control units) over TCP/IP.

• Access Manager pushes schedules, cardholder information, and access rules to the door • •

controllers. When a cardholder presents their credential to a reader, the controller refers to the access rule to determine whether the user should be granted or denied access. Once controllers have synchronized with the Access Manager, they can operate autonomously, even if they lose the network connection to the Access Manager.

With additional configuration, a cardholder can belong to a cardholder group, a door can be part of an area, and there can be multiple schedules and rules pushed to a unit.

What are Synergis entities? The Synergis access control system uses the following entity types: Icon

Entity

Description

Access Manager (role)

Role that manages the door controllers on the system. See "Access Manager" on page 511.

Access control unit

Door controller (to which a reader is attached). See "Access control unit" on page 337.

Access rule

Logic used to determine whether to grant access or not. See "Uniqueness of the Synergis model" on page 254 and "Access rule" on page 349.

Area

Simple grouping of doors and elevator floors or secured area with full access control behavior, including antipassback and interlock. See "Area" on page 360.

Badge template

Custom-designed printing template for user credentials. See "Badge template" on page 365.

Cardholder

Individual who possesses a credential. See "Cardholder" on page 395.

Cardholder group

Group of cardholders sharing common characteristics. See "Cardholder group" on page 398.

Credential

Claim of identity (card, PIN, biometric scan, etc). See "Credential" on page 401.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

253

What is Synergis?

Icon

Entity

Description

Door

Physical barrier controlled by an access control unit. See "Door" on page 404.

Elevator

A single elevator cabin. See "Elevator" on page 410.

Schedule

Date and time range. See "Schedule" on page 463.

Partition

Group of entities on the system visible only to a group of users. See "Partition" on page 447.

User

Individual who uses Security Center applications. See "User" on page 482.

User group

Group of users sharing common characteristics. See "User group" on page 489.

Uniqueness of the Synergis model Synergis is different from other solutions. Unlike other products, Synergis does not use “Clearance codes” or “Access levels” to grant or deny access. Instead, the basic logic used by Synergis to grant or deny access is defined by the access rule. The biggest difference between an access rule approach and an access level approach is that access rules are applied to doors, while access levels are applied to persons. Access rules tell a door who can pass through, and when, while an access level defines where and when someone can gain access. An access rule is a simple entity that contains the three W’s:

• Who? (cardholder or cardholder group) • What? (grant or deny access) • When? (schedule) Notice that Synergis does not grant access to a card/credential. Rather, access is granted, or denied based on the cardholders themselves.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

254

What is Synergis?

This subtle, but fundamental shift in the applied logic has a significant benefit in managing lost and stolen cards. The access rules that have been pushed to the door controllers do not have to be modified. If you associate a new credential with a cardholder, the old rule is still valid.

A B

C

A

When? (Schedule)

B

What? (Grant or deny access)

C

Who? (Cardholders and/or cardholder groups)

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

255

Synergis deployment process

Synergis deployment process This section includes the following topics:

• "Synergis deployment prerequisites" on page 256 • "Synergis deployment procedure" on page 257

Synergis deployment prerequisites Before you begin: Before you deploy Synergis, you must have the following ready:

 A network diagram showing all public and private networks used within your organization, and their IP address ranges. For public networks, you also need the name and public IP address of their proxy servers. TIP Ask your IT department for this information.

 Security Center software installed. 

Security Center Server software installed on your main server. The main server is the computer hosting the Directory role.



Optionally, Security Center Server software installed on expansion servers. An expansion server is any other server on the system that does not host the Directory role. You can add expansion servers at any time. For more information, see "Add an expansion server to your system" on page 47.



At least one Access Manager role created on your system.



Security Center Client software installed on at least one workstation.

For instructions on software installation, see the Security Center Installation and Upgrade Guide.

 A list of partitions (if any). Partitions are used to segregate the system into more manageable



subsystems. This is especially important in a multi-tenant environment. If, for example, you are installing one large system in a shopping center or, office tower, you might want to give local administration privileges to the tenants. By using partitions, you can group the tenants so that they can only see and manage the contents of their store or office, but not the others. All access control units (IP door controllers and/or IP readers) installed and connected together on your company’s IP network, with the following information: 

Manufacturer, model, and IP address of each door controller.



Login credentials (username and password).



Which door/gate/elevator is each controller connected to.



Are the doors card-in/card-out or, card-in/REX-out?



Which inputs and outputs are connected to the door monitor/REX/lock/other?

TIP A site map or floor plan showing door, controller and reader locations would be very helpful. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

256

Synergis deployment process

 A list of door groupings to create areas for purposes of people-counting.  A list of all known cardholders (and cardholder groups where applicable). TIP For a large installation, cardholders can be imported from a text file or from a Windows Active Directory. For more information, see "Import cardholders from a flat file" on page 284, and "Importing cardholders from an Active Directory" on page 284.

 A list of available credentials. Facility codes and card numbers. A list (and details) of all required schedules (office hours, holidays, etc.). 

  A list (and details) of all required access rules (who is allowed where and when).  A list of all known users with their names and responsibilities. TIP To save configuration time, identify users who have the same roles and responsibilities. NOTE Users are not cardholders. Users are persons who access the software. Cardholders are

persons who have physical access to the monitored site.

 (Optional) Identify user groups that will work independently on different parts of the system (partitions). NOTE If Omnicast video will be integrated, you will also need:

 A cross-reference list indicating which cameras should be associated with which doors.

Synergis deployment procedure A Security Center system can be deployed with access control only (Synergis alone), or access control with video integration (Synergis with Omnicast). This section describes both options. NOTE The system can be setup and deployed in almost any order you want.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

257

Synergis deployment process

Deploying Synergis alone The table below summarizes a typical Synergis deployment. Phase

Description

See

1

Make sure you have everything listed in the prerequisites section.

"Synergis deployment prerequisites" on page 256.

2

Connect to your system with Config Tool using the Admin account.

"Connecting to Security Center" on page 9.

3

Change the Admin account’s password to protect your system.

"Change your password" on page 10.

4

Create a partition for each independent user group. By first defining the partitions, you won’t have to move entities around after you’ve created them.

"Defining partitions" on page 90.

5

Configure the Logical view (the tree structure). The Logical view lets you organize the entities: areas, doors, elevators, and zones, from an enduser’s perspective.

"Managing the Logical view" on page 85.

6

Configure your Access Manager roles.

"Configuring the Access Manager role" on page 260.

7

(Optional) Define custom fields for your system entities as needed.

"Custom fields" on page 619.

8

Discover and enroll the access control units in the system. The Access Manager role needs to “see” the door controllers over the IP network.

"Adding access control units to your system" on page 261.

9

Configure the newly enrolled access control units and the interface modules attached to them.

"Configuring access control units" on page 267.

10

Create doors and configure the wiring of the readers, sensors, locks, and son on, to the access control units.

"Configuring doors" on page 268.

11

(Optional) Create elevators and configure the wiring of the cabin reader and floor buttons to their access control units.

"Configuring elevators" on page 274.

12

Configure the secured areas (antipassback or interlock) and their perimeter doors.

"Configuring secured areas" on page 278.

13

Create schedules (open/closed hours and holidays).

"Using schedules" on page 103.

14

Create access rules. Link rules to doors and schedules.

"Configuring access rules" on page 281.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

258

Synergis deployment process

Phase

Description

See

15

Create cardholders and (optional) cardholder groups. Link to access rules.

"Configuring cardholders and cardholder groups" on page 283.

16

Create credentials.

"Configuring credentials" on page 285.

17

(Optional) Create badge templates.

"Defining badge templates" on page 289.

18

Test your configuration.

"Testing your configuration" on page 294.

19

Create the users and user groups.

"Defining users" on page 93 and "Defining user groups" on page 96.

20

(Optional) Create alarms.

"Managing alarms" on page 111.

21

(Optional) Create threat levels.

"Managing threat levels" on page 117.

Deploying Synergis with Omnicast If no Omnicast system is available, please refer to "Omnicast deployment process" on page 190. Once an Omnicast system is available, integrating Omnicast’s video functionality into Synergis is relatively straightforward. It does not matter whether the Omnicast or Synergis system is set up first. Cameras can be linked to doors at any time. If both Omnicast Archiver and Synergis Access Manager are found on the same Security Center system:

• Associate Synergis doors to Omnicast cameras. See "Associate cameras to doors" on page 270. If the Omnicast Archiver and the Synergis Access Manager are found on different Security Center systems:

• Federate the Omnicast cameras with the Synergis system. See "Federating remote systems" on page 128.

• Associate Synergis doors with the federated Omnicast cameras. See "Associate cameras to doors" on page 270.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

259

Configuring the Access Manager role

Configuring the Access Manager role The Access Manager role manages and monitors access control units on the system. The role validates all access activities when the units are online. Upon receiving a request from a unit, the Access Manager checks the access rules and schedules to decide whether the door or elevator floor can be accessed. It then sends a command to the controller to unlock the door or enable an elevator floor button. It also logs the access control events in the database for access control investigation and maintenance reports. All events generated by the units (access granted, access denied, door open, etc.) are forwarded by the Access Manager, through the Directory, to the concerned parties on the system. This section includes the following topics:

• "Configure the Access Manager role" on page 260 • "Add the unit manufacturer extensions" on page 261 • "Adding access control units to your system" on page 261

Configure the Access Manager role When Synergis is enabled by your license, an Access Manager role is created by default and hosted on the main server. You must configure it before it can be fully operational. 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view, and select the Access Manager role. 3 Click the Resources tab, and configure the database required to run this Access Manager. For more information, see "Resources" on page 514. 4 Click the Properties tab, and configure the default retention period for door activity. The retention period defines how long (in days) a door event like “access granted”, or “access denied” remains in the SQL database. NOTE If you’re using the SQL Express 2008 R2 database engine (included with the Security

Center installation files), the database size limitation is 10 GB. A door event uses (on average) 200 Bytes in the database. If you configure the Access Manager to retain door events indefinitely, it will eventually hit the 10 GB limitation and the database engine will stop. 5 Add the manufacturer extensions for the unit types this Access Manager is to manage. For more information, see "Add the unit manufacturer extensions" on page 261. 6 Add the access control units you want this Access Manager to manage. For more information, see "Adding access control units to your system" on page 261. After you are done: If you need more than one Access Manager role on your system, now is the time to add more Access Manager roles and host them on separate servers. To add a new Access Manager role, see "Add an expansion server to your system" on page 47 and "Create a role entity" on page 50.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

260

Configuring the Access Manager role

Add the unit manufacturer extensions The manufacturer extensions are manufacturer specific settings that enable the Access Manager to communicate with the access control units. You need to add these extensions manually. Security Center supports the following unit types:

• Synergis Master Controller. Synergis Master Controller (SMC) is Genetec’s access control unit that supports a variety of interface modules from third-party manufactures, such as HID, Mercury Security, STid, DDS, and more.

• HID controllers. The HID controllers include the legacy VertX controllers (V1000 and V2000), the VertX EVO controllers, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see “Supported HID units” in the Security Center Release Notes. To add a manufacturer extension to the Access Manager: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view, select the Access Manager, and click the Extensions tab. For more information, see "Extensions" on page 513. 3 At the bottom of the extensions list (empty at the beginning), click Add an item (

).

4 In the Add extensions dialog box, select the extension types you need and click Add. If you only selected HID VertX, the procedure ends here. 5 Click the SMC extension you just added. 6 At the bottom of the Discovery Ports list, click Add an item (

).

7 In the Discovery port dialog box, enter the port number configured for your SMC units and click Create. The port number must match the discovery port configured on your SMC units. The default value is 2000. Do not change the default value unless it is reserved by your IT department for a different purpose. 8 Click Apply (

) to save your changes.

Adding access control units to your system Before you begin: "Add the unit manufacturer extensions" on page 261. This section only covers adding HID units. For adding SMC units, see “Enrolling the SMC unit in Security Center” the Synergis Master Controller Configuration Guide. This section includes the following topics:

• "Add an HID unit manually" on page 262 • "Add access control units using the Unit discovery tool" on page 265.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

261

Configuring the Access Manager role

Add an HID unit manually Before you begin: You must know the IP address, and the login credentials (username and password) of the HID units you plan to add. This is often achieved by using the HID discovery utility known as the Discovery GUI. The Discovery GUI can be downloaded from HIDglobal.com, or found in the Security Center 5.2 installation package, at: \Tools\Access\HID VertX\Discovery Tool\. The Discovery GUI is used for the initial network discovery and IP configuration of HID VertX controllers.

This utility will scan a local network and report which HID units were found. You can then apply the unit’s IP configuration, password, etc. Once the access control units are online and you have their IP addresses and passwords, you can then add the units manually in the Config Tool. To add an HID unit manually in Security Center: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Roles and units view. 3 Click Add an entity (

) > Access control unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

262

Configuring the Access Manager role

From the Network endpoint drop-down list in the Unit information tab, select the Access Manager that will manage the unit.

4 Click Unit type and select HID VertX. 5 Enter the IP address of the HID unit. NOTE If the server hosting the Access Manager is behind a NAT, and the access control unit is not, you must click on the More button and specify the server’s IP address.

6 Enter the Username and Password. NOTE The default username/password is root/pass.

7 Click Next. 8 Select a Partition where the access control unit should be added. 



If no partitions were created, select the default Public partition. If there are partitions in your system, select the partition that will include the door(s), schedule(s), rule(s) cardholder(s) linked to this specific door controller.

For more information, see "Partition" on page 447, and "How is software security configured?" on page 89. 9 Click Next.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

263

Configuring the Access Manager role

10 Review the Creation summary, and click Create. The Access Manager attempts to connect to the unit, and enrolls it in your system. Once the process has been successfully completed, a confirmation message appears.

11 Click close. Your newly created access control unit appears under the Access Manager it was assigned to in the Roles and units view. NOTE It might take another minute or two before the unit can be used. It will undergo (automatic) synchronization. This process involves the Access Manager sending schedules, access rules, and cardholder information to the unit. The unit will save the information locally so that it can operate even if the Access Manager is unavailable.

For more information, see "Synchronization" on page 347. After you are done: To confirm whether the unit has successfully synchronized with Access Manager: 1 From the Roles and units view, select the access control unit that was just added. 2 Click the Synchronization tab, and check the date/time stamp of the Last update.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

264

Configuring the Access Manager role

Add access control units using the Unit discovery tool The Unit discovery tool helps you find access control units on your network when you do not know their IP addresses. NOTE For a complete description of this tool, see "Unit discovery tool" on page 653.

To perform a unit search with the Unit discovery tool: 1 From the Home page, click Tools > Unit discovery tool. 2 In the Unit discovery dialog box, click the Manufacturers button. 3 In the Configure manufacturer’s extensions dialog box, click the Access control tab, and click Add an item ( ). 4 Select the manufacturers you need, and click Add. 5 Click Save. 6 Click Start discovery (

).

The units discovered on your network are listed. Newly discovered entities are displayed with a yellow star. You can stop the discovery process at any time. NOTE UPnP and Zero config protocols are also used for the discovery process. This means

that IP cameras supporting UPnP and Zero config might also be discovered during the scan.

7 To filter out the entities already enrolled in your system, click Investigation ( bottom of the dialog box, and click Show only new units.

) at the

8 Select a unit from the list, and do one of the following: 

To add the unit to your system, click Add unit (

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

) below the unit information. 265

Configuring the Access Manager role

This only works if you provided the correct login credentials. 



To change the discovery port of the unit, click Change discovery port (

).

If the login credentials are incorrect, click Manual add ( ) > Access control unit to add the unit manually, and provide the correct login credentials. See "Add an HID unit manually" on page 262.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

266

Configuring access control units

Configuring access control units Once you have successfully enrolled your access control units in the system, you will find them in the Access control task under the Access Manager that manages them. Each access control unit starts with a default configuration. For a description of all the configurable properties, see "Access control unit" on page 337. TIP If your access control units share many settings in common, you can configure a first one and copy the common part of its configuration to all the rest to save time. For more information, see "Copy configuration tool" on page 668.

This section includes the following topics:

• "Understanding unit synchronization" on page 267 • "Synergis Master Controller’s unique characteristics" on page 267

Understanding unit synchronization The logic used to decide whether a door should be locked or unlocked is processed by the access control unit. This means that units must synchronize with the Access Manager to receive the latest access rules, schedules, credentials, and so on. The unit’s synchronization mode can be configured or modified under the access control unit’s Synchronization tab in Config Tool (see "Synchronization" on page 347). Three different synchronization modes are supported by Security Center:

• Automatically. This is the recommended setting. Any configuration change is sent to the access control unit 15 seconds after the change is saved by the Config Tool, Web Client or Security Desk. Only configurations that affect that particular unit are sent.

• On schedule. The unit is synchronized according to a schedule. For continued offline or mixed mode operation, make sure the scheduled synchronization time never falls after the date and time shown for Expiration date. If in doubt, set the synchronization mode to Automatically.

• Manual only. The unit is only synchronized when you click the Synchronize now button. Make sure you synchronize the unit before the date and time shown for Expiration date.

Synergis Master Controller’s unique characteristics Some noteworthy characteristics of the SMC unit is that it’s synchronized data never expire because it understands the scheduling scheme used in Security Center. For a complete list of SMC supported features and limitations, see the Synergis Master Controller Configuration Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

267

Configuring doors

Configuring doors In Security Center, a door entity refers to any physical barrier that can be controlled by an access control unit. Often, a door will represent a physical door, but it can also represent a gate or a turnstile. This section includes the following topics:

• • • • •

"Wiring doors to access control units" on page 268 "Create and configure your doors" on page 268 "Configuring a buzzer" on page 269 "Configuring readerless doors using Input/Output modules" on page 269 "Associate cameras to doors" on page 270

Wiring doors to access control units For information on wiring doors to SMC units, refer to the Synergis Master Controller Hardware Installation Guide. For information on wiring doors to HID VertX units, refer to the wiring diagrams found in the appendix of this guide. See "Wiring diagrams" on page 800. The diagrams are also available in PDF format in the Security Center 5.2 installation package, located at: \Documentation\Controllers\HID VertX\Wiring and Installation Guidelines\. Best practice: It is best practice to have an electrician verify the functionality between all door sensors and actuators.

Create and configure your doors Once the physical wiring between the access control unit and the door is complete, you need to create and configure the door in the Config Tool. There are three basic door configurations:

• Card in/Card Out - 2 readers are required • Card In/REX Out - 1 reader is required • Readerless doors - No readers are required To create a door in Security Center: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (

) > Door.

3 In the Creating a door wizard, enter the door name and description. 4 If there are partitions in your system, select the partition in which the door will be created, and click Next. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

268

Configuring doors

5 In the Door information page, assign names to the door sides (Inside/Outside, Secure/ Non-secure, Entrance/Exit, East/West). 6 To associate the door with the access control unit it is wired to, select a unit from the Access control unit drop-down list. 7 Review the Creation summary to make sure the configuration page matches the physical wiring done at the door. 8 Click Create and Close. For more information, see "Door" on page 404. After you are done:

• To link an access rule to your door, see "Access rules" on page 409 • To attach cameras to your door, see "Associate cameras to doors" on page 270 • To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on page 408.

Configuring a buzzer You can assign an access control unit output to sound a buzzer. This output is governed by the action Sound buzzer and Silence buzzer. Use the event-to-action mechanism for this. For example, the buzzer output can be used to prompt someone to shut a door when it is being held open. With an event-to-action, you associate the event Door open too long to trigger the action Sound buzzer. Then associate the event Door closed to trigger the action Silence buzzer. NOTE Buzzer does not refer to the reader’s beeper, but an external buzzer that is wired to an output relay on the access control unit.

For more information, see "Using event-to-actions" on page 106.

Configuring readerless doors using Input/Output modules If a reader is not required for a door configuration, HID input and output modules (V200 and V300) can be used to control the REX, door sensor, and lock. Some examples of where readerless doors might be used could include:

• Fire exits - Locked from the outside, with a push-bar to open the door from the inside using a REX.

• Stadiums/Theatres/Arenas - Everyone must enter through the ticket booth but once the event is finished, many exits become available to decrease congestion at the main entrance. NOTES

• No access rules need to be linked to the readerless door. For more information, see "Access •

rules" on page 409. An unlock schedule can be assigned to the readerless door. For more information, see "Unlock schedules" on page 406.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

269

Configuring doors

Associate cameras to doors If a door entity is linked to a camera in Security Center, an access control event triggered at that door (door forced, access denied) will cause the camera’s video feed to be displayed in a Security Desk tile. If there are multiple cameras associated with that door, by default the cameras linked to the outside of that door will be displayed in a Security Desk monitoring tile. Multiple cameras associated with a single door (composite entities) can be cycled or unpacked in the Security Desk. For more information, see “Unpacking/packing tiles” in the Security Desk User Guide. To monitor doors with cameras, your Security Center must have one of the following configurations:

• An Archiver role with available cameras. For more information, see "Archiver" on page 521.

• An Omnicast Federation role to connect to an external Omnicast system. For more information, see "Omnicast Federation" on page 590.

• A Security Center Federation role to connect to an external Security Center system with cameras. For more information, see "Security Center Federation" on page 601. To link cameras to your doors: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the door entity to configure, and click the Hardware tab. 3 Below door side (A), click Associate a camera (

).

4 From the Camera drop-down list, select a camera. If the camera has a PTZ motor, you can also include the PTZ preset number to ensure that the camera points towards the door. 5 To add another camera to the door side, click Associate a camera (

) again.

6 Repeat Step 3 and Step 4 for door side (B). 7 Click Apply.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

270

Using the Walkthrough wizard

Using the Walkthrough wizard The Walkthrough wizard tool simplifies the configuration of newly installed access control units by associating them with doors. You to simply walk through the newly installed doors, presenting your credential to each reader along the way. These access requests are recorded in real-time and stored. Once all the access points are recorded, you use the wizard to associate each access point with a door. Only units that are not yet associated with a door can be configured with this wizard. This section includes the following topics:

• "Why use the Walkthrough wizard?" on page 271 • "Assigning doors to access control units using the Walkthrough Wizard" on page 272

Why use the Walkthrough wizard? Imagine that you have just installed 10 new access control units. 

You discover them with the HID Discovery GUI and configure their IP addresses.



You wire them to the doors.





You then enroll them with the Config Tool and they become part of your Security Center/Synergis system. You begin creating doors in the Config Tool’s Logical view.

And now, the challenge is to remember which controller is physically wired to which door.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

271

Using the Walkthrough wizard

Assigning doors to access control units using the Walkthrough Wizard Assign door names to access points by using the Walkthrough wizard and presenting your card to different readers around your site. TIP This task is accomplished faster with two people. One walking through the doors and presenting a credential while the other monitors which reader just picked up the card. A pair of walkie-talkies or cell phones can be helpful.

To launch the walkthrough wizard: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholders view, and select the cardholder that corresponds to the credential you’ll be using for the wizard. 3 In the contextual commands toolbar, click Walkthrough wizard (

).

4 In the Door walkthrough wizard, select a walkthrough mode, and click Next. 





Real time. Credential reads are shown in real-time. If the building is large, this mode is best used with two installers. One installer runs the Config Tool, while the other walks around swiping the credential on the readers for the newly installed units. Reporting. Installation is done in two steps with one person. First you walk through the building in a pre-defined circuit, swiping the credential on readers for newly installed units. Security Center records these credential reads. Then you associate the list of discovered units to newly created doors. For this mode you set a time period during which the mode is active. Mixed mode. A combination of both real time and reporting mode.

5 Begin your walkthrough by presenting your card at each reader. As you present your card at each reader, the Walkthrough wizard notes which controller picked up the card read. In the Device discovery tab, all the access points that read your card are listed.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

272

Using the Walkthrough wizard

6 Select a reading, assign a Door name, and click Next.

7 Review the Creation summary. 8 If the configuration looks correct, click Create. Your newly configured doors can now be found in the Config Tool’s Logical view. After you are done:

• To link an access rule to your door, see "Access rules" on page 409 • To attach cameras to your door, see "Associate cameras to doors" on page 270 • To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on page 408.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

273

Configuring elevators

Configuring elevators The elevator entity controls access to the floors of a building. When a cardholder uses a credential, the floor buttons to access those floors for which that cardholder is authorized, are enabled. This is achieved by controlling an output relay to enable the floor button. Floor tacking records the floor buttons pressed. It is achieved by monitoring inputs. This permits tracking reports for elevator usage in the Security Desk. For information about a unit’s limitations with this feature, see the Security Center Release Notes. This section includes the following topics:

• "Hardware for elevator control and floor tracking" on page 274 • "Configuring elevator floors" on page 275

Hardware for elevator control and floor tracking To control access, this entity relies on a single access control unit that must be associated with an elevator. IMPORTANT To configure an elevator, make sure you have an access control unit dedicated to the control of an individual elevator cab. In other words, the access control unit assigned to elevator control cannot be used for any other purpose.

You will require the following: 

A reader in the elevator cab.



Outputs that close relay contacts to enable the floor buttons.



Inputs that record the floor buttons that have been selected (only necessary when the floor tracking is required).

The following hardware supports elevator control and floor tracking. Access control unit

Number of outputs for elevator control

Number of inputs for floor tracking

HID VertX V2000 reader interface/ network gateway

4

6 (including AC Fail and Bat Fail inputs)

HID iCLASS Edge device

2

2

HID VertX V1000 network gateway (in addition to a V100, up to 31 modules (V200 and V300) can be connected):

Not supported

Not supported

HID VertX V100 reader interface module

4

4 (including AC Fail and Bat Fail inputs)

HID VertX V200 input module

2

18 (including AC Fail and Bat Fail inputs)

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

274

Configuring elevators

Access control unit

Number of outputs for elevator control

Number of inputs for floor tracking

HID VertX V300 output module (latching outputs)

12

4 (including AC Fail and Bat Fail inputs)

Configuring elevator floors To configure elevator floors: 1 Install the reader in the elevator cab and wire it to the access control unit. 2 Wire the outputs for elevator control. The output relay state can be inverted according to your regulatory requirements. This setting will affect how you wire the units. For more information, see "Configure the elevator relay settings" on page 276. For an HID unit see "HID VertX elevator control" on page 794 After you are done: Once wired, the input for each floor must be configured.

Create an elevator To create an elevator in the Config Tool: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (

) > Elevator.

3 In the elevator creation wizard, enter the elevator name and description. 4 If there are partitions in your system, select the partition where the elevator will be created, and click Next. 5 Enter the number of elevator floors, and click Create. The default floor entities are created. 6 To change a floor name, select the floor. 7 Make adjustments if necessary, and click Next. 8 Review the creation summary, and click Create and Close. The new elevator appears in the Logical view’s entity tree with its floors. It initially appears in red until it is fully configured.

9 From the Logical view, select the elevator, and click the Advanced tab. 10 Configure the elevator relay settings. See "Configure the elevator relay settings" on page 276.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

275

Configuring elevators

11 Click the Floors tab, and assign the access control unit to be used for the elevator, the reader, the outputs that enable the selection for a floor, and the cameras monitoring the elevator. For more information, see "Configure the elevator floors" on page 276. 12 Click the Access tab, and configure the access rules applied to the elevator floors, and scheduled periods when the elevator floors should be configured for free access (no credentials required). After you are done: You can configure event-to-actions based on events regarding this elevator. See "Using event-to-actions" on page 106.

Configure the elevator relay settings The elevator Advanced tab can be used to configure the elevator control unit relay settings. The following settings change the relay behavior for elevator control:

• Grant time. This value indicates for how long the elevator floor button will be enabled after the access granted event has been generated.

• Free access when the output relay is: 



Normal. Floor access is enabled when the access control unit output relay is deenergized. This means that a power loss results in free access to the floor. Active. Floor access is enabled when the access control unit output relay is energized. This mean that a power loss results in floor access being denied.

NOTE The access control unit relay output wiring must be made according to these settings (use the appropriate NO or NC relay contacts on the units).

Configure the elevator floors The elevator Floors tab allows you to configure the physical wiring relationships between the access control unit and the elevator floors, and select cameras used to monitor this elevator in Security Desk. To configure the elevator floors: 1 Select the Floors tab of the elevator entity. 2 From Preferred unit drop-down list, select a unit to filter the inputs and outputs displayed on this screen. This greatly simplifies the selection of inputs and outputs since there are so many of them in the system. 3 From the Elevator cab reader drop-down list, assign the reader input. 4 To change the elevator cab’s reader settings, then click

.

The configuration dialog box is displayed to allow you to change the following: 

Type of reader (Wiegand vs. Clock & Data; Card only vs. Card and PIN)



Set card and PIN mode with the schedule and access timeout.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

276

Configuring elevators

5 Under Floors, use the following buttons to add elevator floors or change their configuration: 

To add an elevator floor, click

.



To delete the selected elevator floor, click



To move the selected elevator floor up, click



To move the selected elevator floor down, click



To modify the selected elevator floor, click

. . .

.

6 From the Push button relay drop-down list, assign elevator floors to outputs. 7 From the Floor tracking drop-down list, assign elevator floors to floor tracking inputs. NOTE On an access control unit dedicated to elevator control, all inputs can be used for floor

tracking except for the door monitor inputs. 8 Click Apply.

Associate rules, unlock schedules, and cameras to elevators Just like a door, elevator control requires access rules to determine who will be granted access, where and when. And, you can assign an unlock schedule to permit free access based on a schedule, as well as assigning cameras to monitor the elevator events.

• In the elevator’s Access tab, assign access rules to your elevator to determine which cardholders can access which floors, and assign schedules to allow free access during certain times of the day. For more information, see "Access" on page 412.

• In the Floors tab, link cameras to your elevator for monitoring. For more information, see "Floors" on page 411.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

277

Configuring secured areas

Configuring secured areas An area represents a group of entities. In the context of access control, this would typically be a group of doors, and perhaps alarm inputs. An secure area consists of perimeter entities (doors) and, optionally, captive entities. Areas are required for:

• Antipassback • Interlock • People counting NOTE A secured area can be configured with either antipassback or interlock functionality, but never both.

This section includes the following topics:

• • • • •

"Create an area" on page 278 "Add members to an area" on page 279 "Configure doors for an area" on page 279 "Configure antipassback" on page 280 "Configure interlock" on page 280

Create an area To create a secured area: 1 From the Home page in Config Tool, open the Logical view task. 2 Click Add an entity (

) > Area.

A new area appears in the Logical view. 3 Type a name for the area, and press ENTER. For more information, see "Area" on page 360.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

278

Configuring secured areas

Add members to an area Entities such as cameras, zones, sub-areas, elevators, and tile plugins can be added as members of an area. You can also add doors as area members. See "Configure doors for an area" on page 279. To add members to an area, do one of the following:

• Click •

at the bottom of the Members tab of the area entity, and use the Search tool that appears. For more information, see "Search for entities using the Search tool" on page 43. Use drag-and-drop to move or copy entities in the Logical view. For more information, see "Configuring the Logical view" on page 86.

Configure doors for an area A door can be configured as Captive or Perimeter for an area. Perimeter doors are used to enter and exit an area, and help to control access. By correctly setting the door sides, people counting and antipassback are properly tracked. A door’s Entrance and Exit sides are relative to the area being configured. NOTE Access rules configured for an area only apply to perimeter doors.

1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Members tab. 3 Click Add an item (

) at the bottom of the page.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

279

Configuring secured areas

4 Select the doors you want as members, and click Select. 5 In the Doors section of the Members tab, set the doors as perimeter or captive doors. 

For doors that represent entry or exit from the area, set the slider to Perimeter.



For doors that are found within the area, set the slider to Captive.

6 To swap the door sides, beside the door, click the Swap door side button. 7 Click Apply.

Configure antipassback Once your area has been created, and it contains at least 1 perimeter door, antipassback can be applied to your area. Please note that for areas made up of multiple doors, the antipassback logic will be applied to the perimeter doors but not the captive doors. To configure antipassback for your area: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Properties tab. 3 Set the Antipassback properties to ON, and Interlock properties to OFF. 4 Set the Type, Timeout, and Strict fields as required by your installation. For more information about these fields, see "Antipassback properties" on page 361. IMPORTANT All doors participating in an antipassback area must be controlled by the same

unit. 5 Click Apply.

Configure interlock An interlock (also known as mantrap or airlock) is the logic applied to a group of doors stipulating that only one door can be open at any given time. This would typically be used in a passageway with at least two doors. The cardholder unlocks the first door, enters the passageway, but cannot unlock the second door until the first door has closed. To configure your area with interlock functionality: 1 From the Home page in Config Tool, open the Logical view task. 2 Select the area, and click the Properties tab. 3 Set the Interlock properties to ON, and the Antipassback properties to OFF. 4 Assign an access control unit’s input to activate either Override mode or Lockdown mode. 5 Click Apply. For more information about these fields, see "Properties" on page 361.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

280

Configuring access rules

Configuring access rules An access rule is the access control logic that grants or denies access to a cardholder. This section includes the following topics:

• "Create and configure access rules" on page 281

Create and configure access rules To create and configure an access rule: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Access rules view, and click Access rule (

).

3 Assign a name and description to the access rule. TIP It is best practice to assign descriptive names to your rules so that when your system accumulates many rules, it is clear from their names what they do.

Eg. “Rule_Area or Door name_Schedule name”. 4 If there are partitions in your system, select the partition in which the door will be created, and click Next. For more information, see "Partition" on page 447. 5 Select a schedule of when you want your rule to be active. The default is Always. For more information, see "Schedule" on page 463. 6 Click Next. 7 Review the Creation summary and click Create. 8 Select the access rule, and click the Properties tab. 9 Select a schedule, and grant access or deny access depending on your needs. TIP Usually schedules are used to grant access through a door.

10 At the bottom of the page, click the add cardholders ( cardholders, or cardholder groups to your rule.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

) button to add individual

281

Configuring access rules

TIP It is recommended to add cardholder groups rather than cardholders, as this becomes much more manageable in large systems as new people arrive, and former people leave.

11 Click Apply. After you are done: Now that your access rule has been configured, you need to assign it to specific doors, or areas for the rule to be applied and to control physical access. Related topics:

• "Access rules" on page 364, for areas • "Access rules" on page 409, for doors

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

282

Configuring cardholders and cardholder groups

Configuring cardholders and cardholder groups Cardholders and cardholder groups are the Who in an access rule. While both individual cardholders and cardholder groups are supported, cardholders and access rules are much easier to manage when cardholders are members of cardholder groups. This section includes the following topics:

• • • • • •

"Create a cardholder in Config Tool" on page 283 "Create a cardholder group in Config Tool" on page 284 "About the maximum cardholder picture file size" on page 284 "Import cardholders from a flat file" on page 284 "Importing cardholders from an Active Directory" on page 284 "Managing cardholders in Security Desk" on page 284

Create a cardholder in Config Tool Cardholders can be created either through the Cardholder creation wizard (explained here) or with the Cardholder management task. For more information on the latter, see “Cardholders” in the Security Desk User Guide. To create a new cardholder: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholders view, and click Cardholder (

).

3 Assign a first name and last name to your cardholder, then click Next. 4 In the Basic information page, assign a name, and a description to the cardholder entity. 5 If there are partitions in your system, select the partition in which the cardholder will be recognized, and click Next. For more information, see "Partition" on page 447. 6 If custom fields have been created for cardholders, fill in the custom fields, and click Next For more information, see "Custom fields" on page 335. 7 Choose to create the cardholder’s credential now, or later on, and click Next. 

If you selected Create the credential for this cardholder now, continue with Step 8.



If you selected Delay the creation of the credential for this cardholder, go to Step 9.

8 Choose whether to create the credential manually, or automatically and create their credential, and click Next. For more information, see "Create a credential in Config Tool" on page 285. 9 Review the Creation summary and click Create and Close. For more information, see "Cardholder" on page 395. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

283

Configuring cardholders and cardholder groups

Create a cardholder group in Config Tool To create a new cardholder group: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Cardholder groups view, and click Cardholder group (

).

A new cardholder group appears in the Logical view. 3 Type a name for the group, and press ENTER. 4 Click the Properties tab of the cardholder group, and click at the bottom of the page to add individual cardholders or cardholder groups to your new group. For more information, see "Cardholder group" on page 398.

About the maximum cardholder picture file size If cardholders’ pictures are used, they are also stored in the configuration database. Imported cardholder pictures will be reduced to the maximum cardholder picture size. For more information, see Access control – General settings – "Maximum picture file size" on page 635.

Import cardholders from a flat file Cardholders can be created by importing a text file containing all cardholder information, using the Import tool. It is often useful in large organizations where many cardholders or cards need to be created automatically. The Import tool can be found in the Config Tool’s Tools menu. For more information, see "Import tool" on page 657.

Importing cardholders from an Active Directory Cardholders and cardholder groups can be created by importing them from Windows Active Directory (AD). If somebody already has a valid Windows user profile on the Windows domain, their cardholder profile can be created automatically. For more information, see "Import security groups from an Active Directory" on page 143.

Managing cardholders in Security Desk You can create, delete, and modify cardholders (such as change their group membership, partition access, credential, employee photo, and so on), using the Cardholder management task. For more information, see “Cardholders” in the Security Desk User Guide. NOTE The cardholder management task does not offer cardholder group management.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

284

Configuring credentials

Configuring credentials Credentials are used by Security Center to identify who is requesting access through a secured access point. For access control to be operational, every cardholder must possess at least one credential. These are typically (but not exclusively) access control cards. For more information, see "Credential" on page 401. This section includes the following topics:

• • • • •

"Create a credential in Config Tool" on page 285 "Import credentials from a flat file" on page 287 "Importing credentials from an Active Directory" on page 287 "Enrolling credentials from Security Desk" on page 287 "Using custom card formats" on page 287

Create a credential in Config Tool Before assigning a credential to a cardholder, the credential must first be created and enrolled in the system. NOTE Credentials can be enrolled either through the Credential creation wizard (explained here)

or with the Credential management task. For more information on the latter, see “Credentials” in the Security Desk User Guide. To create a new credential: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Credentials view, and click Credential (

).

3 In the credential creation wizard, select manual or automatic credential creation. and click Next. 



Manual credential creation. Involves entering the access control card number and facility code manually with your PC keyboard. Automatic credential creation. Involves presenting the card to a reader upon which it will be recognized by the system.

4 Assign a name, and a description to the credential. TIP Typically, a credential will be named “CardholderName’s credential” (eg. Mike Walker’s

credential). The alternative is to assign the card number (printed on the face of the card) as the credential name. If a lost card is found, it can then be searched for quickly with this number. 5 If there are partitions in your system, select the partition in which the credential will be recognized, and click Next.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

285

Configuring credentials

For more information, see "Partition" on page 447. 6 In the Credential assignment page, assign the credential to a cardholder immediately, or create the credential but delay assigning it to a cardholder until later on. 



If you selected Assign credential later on, click Next. If you selected Assign credential now, choose a cardholder from the Cardholder dropdown list, and click Next.

7 Do one of the following: 



If you initially chose Manual credential creation, select the credential type, and go to Step 12. 

Card: Set the Card format, the Facility code and the Card number.



PIN: Set the Code for the PIN.

If you initially chose Automatic credential creation, present the cards at a reader, and continue with Step 8.

8 In the Enrollment device section, select whether you will present the cards to a USB reader connected to your local workstation, or to a door reader from the drop-down list. 9 If you selected Door as the enrollment device, select an Access point. 10 Present the cards at the reader and you should see the card’s value appear. 11 To enroll the card, select a card and click Next.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

286

Configuring credentials

TIP You can select multiple cards and enroll them at once by holding the CTRL key.

If the card has already been enrolled in the system, instead of seeing the card’s value, you will see a message appear stating that “The last discovered credential was discarded because it already exists.” 12 If any custom fields have been created for credential properties, you are prompted to enter the custom field information. For more information, see "Custom fields" on page 335. 13 Review the Creation summary, and click Create and Close.

Import credentials from a flat file Credentials can be created by importing a text file containing all credential information, using the Import tool. It is often useful in large organizations where many cardholder cards need to be created automatically. The Import tool can be found in the Config Tool’s Tools menu. For more information, see "Import tool" on page 657.

Importing credentials from an Active Directory Cardholder credentials can be created by importing them from Windows Active Directory (AD). If somebody already has a valid Windows user profile on the Windows domain, their cardholder credential can be created automatically. For more information, see "Import security groups from an Active Directory" on page 143.

Enrolling credentials from Security Desk Credentials can also be enrolled using the Credential management task. For more information, see “Credentials” in the Security Desk User Guide.

Using custom card formats Security Center allows you to define custom card formats. Custom card formats allow you to add new formats to Synergis with specific card data fields, in addition to the standard formats supported by default. (Eg. the standard 26-bit Wiegand format).

Benefits of custom card formats Creating custom card formats has the following benefits:

• Ability to manually enroll a new card using a standard workstation keyboard, whereas a •

card with an unknown format can only be enrolled using a card reader. Ability to view the card number in the Config Tool and the Security Desk, whereas data for unknown card formats cannot be displayed.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

287

Configuring credentials

• Ability to import cards using custom formats with the Import tool. For more information, •

see "Import tool" on page 657. Ability to enroll cards manually in bulk, without a card reader, using the Credential management task. For more information, see “Credential management” in the Genetec Security Desk User Guide.

Custom card formats are defined in Config Tool under the System entity. For more information, see Access control – General settings – "Custom card formats" on page 635.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

288

Defining badge templates

Defining badge templates Badge templates are Synergis entities used to design customized printing templates for access control cards. You might, for example, want a company logo, a background image, employee photo, or a custom color printed on the access control cards. A badge template can include fields from the configuration database so that the correct name, cardholder photo, and so on, will appear on each card. To create a new badge template: 1 From the Home page in Config Tool, open the Access control task. 2 Click the Badge template view, and click Badge template (

).

A new badge template appears in the Logical view. 3 Type a name to your badge template, and press ENTER. 4 In the Identity tab, type a description for the badge template. 5 In the Relationships section, select the partition where you want the badge template to be placed (if applicable). For more information about partitions, see "Partition" on page 447. 6 Click Apply. 7 Click the Badge designer tab. 8 To select the size of the access control cards you want to print, click Properties (

).

9 In the Format dialog box, select a card size and orientation: 

CR70



CR80



CR90



CR100





To create custom card size, click click OK.

, enter the card name, width, and length, and then

Orientation. Select Landscape or Portrait orientation type.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

289

Defining badge templates

10 Click OK.

Once the card size/format has been chosen, you can design the actual printing template. 11 In the Tools section, select a tool, and then click on the template to use it. There are six graphical tools you can use to edit the template: 

Select tool. Use to click and select an object on the template.



Rectangle tool. Use to draw a square/rectangle on the template.



Ellipsis tool. Use to draw circles/ovals on the template.



Text tool. Use to insert text on to the template.





Image tool. Use to insert a picture on to the template. You can insert cardholder pictures, a background image for the card, and so on. Barcode tool. Use to insert barcodes on to the template.

12 If you added an image to the template, select the image to edit it using the options in the Image and Color and border sections. In the Image section, choose whether the image displayed on the badge uses a cardholder picture or an image from a file, and whether the image should be stretched or not. 

Display the cardholder’s picture. Dynamic cardholder picture that changes, depending on which cardholder credential you are printing. This image field links to the value Cardholder picture in the configuration database.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

290

Defining badge templates

TIP If a cardholder’s picture was taken in front of a chroma key screen, you can make the picture background transparent. This is helpful if you are creating a badge template that has an image in the background. 

Select a picture from disk. Static image selected from a file.

In the Color and border section, you can use the following tools: 

Fill. Use to modify the fill color of an inserted object like a square or oval.



Border. Use to modify the border color of an inserted object.



Opacity. Use to modify the opacity of an inserted object.



Border thickness. Use to modify the thickness of the inserted object’s border

13 If you added text to the template, select the text to edit it using the options in the Text section. You can add dynamic cardholder fields, the date and/or time, or type specific text that will be static on the template. You can also edit the text, the text color, and the text alignment. 14 If you added a barcode to the template, right-click the barcode, and then click Properties to edit it. The data on the barcode can be static, or use dynamic credential properties.

15 In the Size and position section, select where the text, image, or barcode is located on the badge, and its width and height. 16 Click Apply. There are also other buttons available to help you edit the template:

• • • •

Import (

). Import a badge template to use.

Export (

). Save your badge template.

Cut ( Copy (

). Delete the selected item on the badge template. ). Copy the selected item on the badge template.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

291

Defining badge templates

• Paste ( ) . Paste the copied item onto the badge template. • Send to back ( ). Send the selected item to the background of the badge template. This is option is helpful if you want to have a background image on the badge.

• Bring to front (

). Bring the selected item to the foreground of the badge template.

Here is a sample badge template with objects already inserted:

• Two different images have been inserted. One is dynamic, and the other is static: 

The dynamic cardholder picture appears on the front of the card.

The static image appears on the back of the card. It is the company logo that is displayed on every card. Three dynamic text fields have been inserted: 









{Firstname} {lastname} appears on the front of the card. The text printed will be taken from the configuration database and we will see first name, (space), last name. {Firstname} {lastname} appears on the back of the card. This is the same as the name field on the front except with a smaller font size. {Cardholder.Department} Custom field that was created for the cardholder entity.

• A barcode has been inserted, containing dynamic data. It displays the credential name, using the barcode type Code 39.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

292

Defining badge templates

To see a print preview of what the printed cards will look like using this template: 1 In the Access control task, click the Credentials view. 2 Select the credential that you want to preview with a badge template, and then click the Badge template tab.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

293

Testing your configuration

Testing your configuration One of the more useful tools available to test you configurations, or to use as a troubleshooting tool is the Access troubleshooter. It can be found in the Tools menu of both the Config Tool and Security Desk. The basic access control logic defined by a rule is quite simple: Who can pass through this door, and when? If only one rule and one schedule exists, it is a very simple notion to understand. The challenge is that in a large system, you will start to accumulate multiple schedules (Office hours/ Office closed/Holidays/Weekends/Special events). You might also accumulate multiple areas, and an area can contain multiple sub-areas. Cardholders can belong to multiple cardholder groups. As we accumulate entities and configurations, the basic logic applied at a door can become more difficult to predict. The Access troubleshooter is a tool that allows you to identify a door, a cardholder, and a date/ time. It then runs through the logic determined by the access rule(s), and displays the result. For more information, see "Access troubleshooter" on page 652.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

294

11 Managing Synergis This section explains advanced configuration techniques, and describes how to keep your access control system reliable, protected, and running smoothly. This section includes the following topics:

• • • • • • • • • • • • • • • • •

"Managing global cardholders" on page 296 "Viewing access control health events" on page 308 "Investigating access control unit events" on page 309 "Viewing IO configuration of access control units" on page 310 "Replace access control units" on page 311 "Replacing HID VertX 1000 units with SMC units" on page 312 "Troubleshoot HID discovery and enrollment" on page 314 "Finding out which entities are affected by access rules" on page 317 "Viewing properties of cardholder group members" on page 318 "Viewing credential properties of cardholders" on page 319 "How the Access troubleshooter tool works" on page 320 "Troubleshooting access points" on page 321 "Troubleshooting cardholder access rights" on page 322 "Diagnosing cardholder access rights based on credentials" on page 323 "Finding out who is granted access to doors and elevators" on page 324 "Finding out who is granted/denied access at access points" on page 325 "Troubleshoot door issues" on page 326

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

295

Managing global cardholders

Managing global cardholders This section includes the following topics:

• • • • •

"What is global cardholder management?" on page 296 "How does global cardholder management work?" on page 296 "Rules and restrictions regarding GCM" on page 301 "Configuring global cardholder management" on page 303 "Operating on global entities" on page 305

What is global cardholder management? Global cardholder management (GCM) is used to synchronize cardholders between independent Security Center installations. It allows you to have a central repository of cardholder information for your entire organization, whether this information is managed from a central office or by individual regional offices. With global cardholder management, you can:

• Create global cardholders from a central location (for example your head office) and • • •

synchronize them at remote Security Center systems that operate independently of the central system and of each other. Allow local Security Center administrators to decide what global cardholders can or cannot access at their local facilities. Allow local Security Center administrators make changes to global cardholders and their related entities, and propagate these changes to other sharing parties. Allow local system administrators keep exclusive ownership of their local cardholders and related entities, while sharing global cardholders with other systems.

Practically speaking, an organization that has multiple Security Center systems deployed at different locations can have these independent installations share information with a centralized human resource management system. Each local office continues to manage the employees working at their local office, such as maintaining the employee profile, photo ID, credentials, etc. For employees that need to travel from site to site, that same information can be shared among all sites within the organization.

How does global cardholder management work? This section includes the following topics:

• "Architecture overview" on page 297 • "What is the sharing host?" on page 297 • "What is the sharing guest?" on page 298 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

296

Managing global cardholders

• "What is the Global Cardholder Synchronizer?" on page 298 • "Differences between Federation and GCM" on page 299 • "Differences between Active Directory integration and GCM" on page 300 Architecture overview In order to share cardholders across multiple independent Security Center systems, one of the system must act as the sharing host, while the others act as sharing guests.

What is the sharing host? The sharing host is the Security Center system you choose to initiate the sharing process. You do this by creating a global partition on that system. All cardholders, cardholder groups, credentials, and badge templates which are members of the global partition automatically become available for sharing. Other types of entities can be part of the global partition, but will not be visible to the sharing guests.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

297

Managing global cardholders

The sharing host owns the master copy of the global partition and the entities that are in it. All changes made by the sharing guests to the content of the global partition must first be validated by the sharing host before they are propagated to other sharing parties. The global partition is like a central database, the sharing host is like the database server, while the sharing guests are like the database clients. There is no limit to the number of global partitions a host system can share.

What is the sharing guest? The sharing guest is a Security Center system that participates in the sharing process. This is achieved by creating a Global Cardholder Synchronizer (GCS) role on that system, and using it to connect the sharing guest to the sharing host. As the sharing guest administrator, you can decide which partitions shared by the host are of interest to your system. The GCS role then creates a copy of the selected shared partitions and entities on your local system. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. The shared entities are visually identified with a green icon ( ) superimposed over the regular entity icon. You can assign local access rules and credentials to global cardholders to grant them access to your local areas, doors, and elevators. You can add, modify, and delete entities from the global partition. However, what you can actually do is dependent on the rights of the user representing the GCS role on the sharing host. All changes made to global entities on the guest system must be validated on the host system. All modifications rejected on the host system are also rejected on your local system.

What is the Global Cardholder Synchronizer? The Global Cardholder Synchronizer (GCS) is the role running on the sharing guest (the remote system) that ensures the two-way synchronization of the shared cardholders and their related entities between the sharing guest and the sharing host. The host-to-guest synchronization can be performed in three different ways:

• In real time. The guest system is updated immediately when changes are made on the host system.

• On demand. The guest system is synchronized only when it is requested by a user. • On schedule. The guest system is synchronized on schedule via a scheduled task. For more information, see "Using scheduled tasks" on page 109. The guest-to-host synchronization is always performed immediately by the GCS role because all changes to the shared partitions must be validated by the host system before they can be accepted by the guest system. The host system processes the change requests on a first come first served basis.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

298

Managing global cardholders

Differences between Federation and GCM The following table highlights the differences between Federation and global cardholder management in their attempts to share cardholders and other information. Federation (applied to access control)

Global Cardholder Management (GCM)

Purpose: Central activity/event monitoring

Purpose: Sharing of a central configuration

Allows an organization to monitor from a central location (federation host), the access control events and activities at independent remote locations (federated sites).

Allows an organization to share the common configuration of access control entities, hosted at a central location (sharing host), with independent remote locations (sharing guests).

The federation host uses the Security Center Federation role to connect to the remote sites.

The remote sites use the Global Cardholder Synchronizer role to connect to the sharing host.

Entities created at remote sites are federated at the central system.

Entities created at the central system are shared at the remote sites.

The federation host can observe, but cannot change anything on the remote sites.

The remote site can add, modify, and delete the entities that are shared by the host with all other remote sites (two-way synchronization).

A federated site has no visibility on what is going on at the federation host or other federated sites.

All sharing guests have the same read/write access to all shared (global) entities, while maintaining full ownership of the local entities.

Almost all entities that generate events can be federated (monitored).

Only cardholders, cardholder groups, credentials, and badge templates can be shared.

Custom fields are not federated.

All custom fields and data types are shared.

A federated cardholder can be granted access to the facility managed by the federation host, but not the reverse.

A global cardholder can be granted access to all facilities participating in the sharing.

Best practice: Federation and GCM are best used together on the same system to complement each other. For more information, see "Rules concerning federation and global entities" on page 302.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

299

Managing global cardholders

Differences between Active Directory integration and GCM The following table highlights the differences between Active Directory integration and global cardholder management in their attempts to centralize cardholder information management. Active Directory integration

Global Cardholder Management (GCM)

Purpose: Centralized employee (users and cardholders) security management

Purpose: Centralized employee (cardholders) security management

Allows an organization to manage the employee information from a central location, and share it with a single Security Center system (users and cardholders).

Allows an organization to manage the cardholder information from a central location, and share it with all Security Center systems within the organization.

The corporate directory service is the information source. Security Center gets the employee information from the corporate directory service.

One Security Center system acts as the information source (sharing host), and shares it with all other Security Center systems within the organization (sharing guests).

The Security Center system connects to the information source (directory service) via the Active Directory role.

The sharing guests connect to the information source (sharing host) via the Global Cardholder Synchronizer role.

Custom fields defined on the Active Directory can be linked to Security Center custom fields.

All custom fields and data types are shared.

The shared employee information can only be modified on the Active Directory. Only the cardholder picture can be loaded in Security Center and updated on the Active Directory.

The shared information can be modified by all sharing parties. The sharing host validates and propagates the changes to all sharing parties.

The source information can only be shared with one Security Center system. If multiple Security Center systems need to share the same information, they need to connect individually to the corporate directory service.

The central Security Center system can share the cardholder information with as many satellite Security Center systems as necessary.

Best practice: Active Directory integration and GCM are best used in tandem. The sharing host should be the only system that integrates with the Active Directory. This solution keeps the Active Directory protected on the corporate LAN, while the sharing host only pushes the employee information that need to be shared to the satellite systems.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

300

Managing global cardholders

Rules and restrictions regarding GCM Global cardholder management is governed by the following sets of rules:

• • • • •

"Rules concerning local and global partitions" on page 301 "Rules concerning local and global entities" on page 301 "Rules concerning global custom fields and data types" on page 302 "Rules concerning federation and global entities" on page 302 "Rules concerning Active Directory and global entities" on page 303

Rules concerning local and global partitions

• A sharing guest cannot have more than one host. Only one instance of the GCS role is allowed per system.

• A global partition cannot be modified on a sharing guest, but its members can. What the sharing guest is actually allowed to modify is subject to the privileges of user assigned to the GCS role.

• No system is allowed to share what it does not own. Two-tier sharing is not permitted. A corollary to this rule is that a local partition cannot be converted into a global partition if it contains global entities, unless it is performed on the host system.

• Adding a local entity to a global partition transfers the ownership of that entity from its •

local owner (sharing guest) to the partition owner (sharing host). Deleting a global entity on a sharing guest also deletes it on the sharing host, unless that entity also belongs to another global partition, in which case, only its membership is removed from the first partition.

Rules concerning local and global entities

• An entity is global by virtue of its membership to a global partition. This means that a cardholder does not automatically become global simply because its parent cardholder group is global.

• Local access rules can apply to local and global cardholders alike. Access rules are never shared. This ensures that local administrators always have full control over the security of their local facilities.

• Global cardholders/groups can become members of local cardholder groups. • Local cardholders/groups cannot become members of global cardholder groups. An exception to this rule is when both entities belong to the same system. In this case, the local cardholder would not be shared, although the cardholder group is.

• Both global and local credentials can be assigned to global cardholders. • Global credentials cannot be assigned to local cardholders. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

301

Managing global cardholders

• Global credentials using custom card formats can be used and edited on the sharing guest. However, the credential data would only be visible if the corresponding custom card format (XML file) is also defined on the sharing guest. For more information, see "Custom card format editor" on page 670. Best practice: It is always recommended to apply access rules to cardholder groups rather than individual cardholders. For this reason, it is recommended to share the cardholders along with their parent cardholder groups. If this is not feasible for any reason, then we recommend that you create a local cardholder group for the global cardholders.

Rules concerning global custom fields and data types

• Custom fields and data types defined for global entities are automatically shared when the global entities are shared. Global custom field and data type definitions cannot be modified on the sharing guest.

• • Global and local custom fields remain separate even when they use the same name. They • • • • •

are differentiated by their owner, which is the system that defines them. Global data types cannot be used to define local custom fields. Global entities’ custom field values can be modified on sharing guests. Global custom fields also apply to local entities, but their values stay local. Local custom fields also apply to global entities, but their values stay local. When a guest system stops sharing a global partition, all local copies of the shared global entities, and the local entities’ global custom field values are deleted.

Best practice: If you are to implement GCM within your organization, we recommended that you define all custom fields and data types for global entities on the sharing host.

Rules concerning federation and global entities

• If a sharing host also federates its sharing guest, only the local entities belonging to the •

sharing guest are federated. The entities that are shared will not be federated on the sharing host. The sharing host which also happens to be a federation host should not share the entities it federates by adding them to a global partition because it does not own the federated entities. An entity can only be shared by its rightful owner. For the federated entities to become shared, the federated system has to become a sharing guest of the federation host. This will give the federation host the rights to share any of the federated entities.

• A sharing guest which happens to federate a third system cannot share its federated entities •

with the sharing host because it is not the owner of the federated entities. If a sharing guest is federated by another system, both its local and global entities will appear as federated entities on the federation host. For more information, see "Identification of federated entities" on page 128.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

302

Managing global cardholders

Rules concerning Active Directory and global entities

• Cardholders and cardholder groups imported from an Active Directory can be added to a global partition on the sharing host.

• Cardholders and cardholder groups imported from an Active Directory that is local to the •

sharing guest cannot be added to a global partition because the Active Directory and the sharing host cannot both be owners of the shared cardholders. Global cardholders and cardholder groups imported from an Active Directory must only be modified via the directory service that owns them. CAUTION Although it is possible to modify global cardholders and cardholder groups imported from an Active Directory on the sharing guest, these changes are temporary. You will lose the changes you made when the sharing host synchronizes with the Active Directory.

Best practice: If all cardholder data entry must be centralized, the system that imports cardholders from your corporate Active Directory should act as the sharing host, and all modifications must be made using the directory service. For more information, see "Importing cardholders from an Active Directory" on page 284.

Configuring global cardholder management This section includes the following topics:

• • • •

"Global cardholder management setup prerequisites" on page 303 "Global cardholder management setup procedure" on page 304 "Configure a partition for sharing" on page 304 "Configure the Global Cardholder Synchronizer" on page 304

Global cardholder management setup prerequisites

• Decide which Security Center system is going to be your sharing host. It is typically the system running at your head office or the system that is synchronized with your corporate Active Directory. For more information, see "Differences between Active Directory integration and GCM" on page 300.

• If the sharing host is protected behind a firewall, you need to open a port to allow the GCS •

role to connect to the host system. For more information, see "Common communication ports" on page 777. Decide what types of updates the users on the guest systems are allowed to perform on the shared global partitions. You can limit their range of actions by restricting the privileges of the user representing the GCS roles on the host system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

303

Managing global cardholders

Global cardholder management setup procedure Before you begin: Read "Rules and restrictions regarding GCM" on page 301, and "Global cardholder management setup prerequisites" on page 303. 1 On the sharing host, create a global partition or change the status of a local partition to global. Create as many global partitions as necessary. For more information, see "Configure a partition for sharing" on page 304. 2 Create a user with the proper level of administrative privileges over the shared entities to be used to connect the GCS roles to the host system. You might have to create more than one user accounts if the sharing guests have different update requirements. For more information, see "Defining users" on page 93. 3 On the sharing guest: a Create a GSC role and synchronize the sharing guest with the sharing host. For more information, see "Configure the Global Cardholder Synchronizer" on page 304. b Assign local users and partition managers to shared partitions ( c Apply local access rules to shared cardholders (

).

) and cardholder groups (

).

d (Optional) Custom card formats are not shared. If you have shared credentials that use custom card formats, the credentials will work on your local system, but you will not be able to view the card data fields unless the custom card format in use is also defined on your local system. For more information, see "Custom card format editor" on page 670. e (Optional) Create a scheduled task to synchronize periodically your local system to the host. For more information, see "Using scheduled tasks" on page 109. 4 Repeat Step 3 for every sharing guest you have.

Configure a partition for sharing Entity sharing is initiated on the sharing host by setting a partition as global. Before you begin: You cannot share the Public partition. 1 From the Home page in Config Tool, open the Security task. 2 CLick the Partitions view, and select the partition you want to share. 3 CLick the Properties tab, and switch the Global partition option to ON. The partition is now visible to all GCS roles connected to this system. Only cardholders, cardholder groups, credentials, and badge templates are shared.

Configure the Global Cardholder Synchronizer You must create and configure the Global Cardholder Synchronizer (GCS) role to connect your local system to the sharing host. 1 From the Home page in Config Tool, open the System task. 2 Click the Roles view, and click Add an entity ( gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

) > Global Cardholder Synchronizer. 304

Managing global cardholders

3 In the Specific info page, enter the following parameters, and click Next. 





Server. Server where this role will be hosted. Directory. Sharing host’s main server name. If anything else than the default connection port (5500) is used, you must explicitly indicate the port number after the Directory name, separated by a colon. For example: HostServer:5888. Username and Password. Credentials used to connect to the sharing host. The extent of what the sharing guest can do on the global partition will be limited by what this user can see and do on the sharing host. The user must have the Global Cardholder Synchronizer privilege on the sharing host in order to connect.



Synchronize automatically. Select this option to have the GCS to update the guest system immediately, every time a change is made on the host. We recommend to leave this option cleared (default) if you plan to make massive updates on the host.

4 In the Basic information page, enter the name, description, and partition where the GCS role should be created. For more information, see "Common entity attributes" on page 38. 5 Click Next, Create, and Close. A new Global Cardholder Synchronizer ( to connect to the sharing host.

) role is created. Wait a few seconds for the role

6 Click the Properties tab. The partitions shared by the host are listed under Global partitions. For more information, see "Properties" on page 558. 7 Select the partitions you want your local system to share and click Apply. 8 Click Synchronize now (

).

The GCS role will create a local copy of all shared entities on your system. This might take a while depending on how many entities you are sharing. After you are done: Configure the global entities you shared so they can be used on your local system. Also, consider setting the GCS role to synchronize automatically or to synchronize on a schedule. For more information, see "Using scheduled tasks" on page 109.

Operating on global entities A global entity is an entity that is shared across multiple independent Security Center systems by virtue of its membership to a global partition. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. This section includes the following topics:

• "Start sharing an entity" on page 306 • "Stop sharing an entity" on page 306 • "Override the cardholder synchronization" on page 307 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

305

Managing global cardholders

Start sharing an entity You share an entity by adding it to a global partition. This can be done from both the sharing host or the sharing guest. You can also create a new entity directly in a global partition. 1 From the Home page Config Tool, open the Security task. 2 Click the Partitions view, and select the global partition you want to share it from. 3 Click the Properties tab, and under the Members section, click Add (

).

4 In the Search dialog box that appears, pick the entity you want to share, and click Select. On the sharing guest, only cardholders, cardholder groups, credentials, and badge templates can be added to a global partition. 5 In the confirmation dialog box that appears, click Continue. On the sharing host, the effect of this action is immediately visible. On a sharing guest, the newly shared entity will not appear until after a synchronization is performed, unless the GCS role is configured for automatic synchronization.

Stop sharing an entity You stop sharing an entity by removing it from its global partition. This can be done from both the sharing host or the sharing guest. CAUTION Removing a shared entity from a global partition deletes it from all other systems that

might be sharing it, even from the sharing host. 1 From the Home page Config Tool, open the Security task. 2 Click the Partitions view, and select the global partition you want to share it from. 3 Click the Properties tab. 4 In the Members section, select the entity you want to stop sharing, and click Remove (

).

5 To confirm the action, click Remove. If this action is performed on a sharing guest, the entity is converted from a global to local entity. After you are done: Move the local entity to a local partition if it does not belong to any, so non administrative users can have access to it.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

306

Managing global cardholders

Override the cardholder synchronization When the connection between the GCS role and the sharing host is lost, all global entities at the sharing guest become inactive (red). This means that you can no longer make any changes to them because they cannot be validated by the sharing host. If for any reason, you urgently need to deactivate a cardholder, for instance, an employee has just been fired, you can temporarily override the synchronization. 1 From the Home page Config Tool, open the Access control task. 2 Click the Cardholders view, and select the global cardholder you need to deactivate. 3 Click the Properties tab, and switch the Status option to Override. The cardholder icon changes to properties.

. You are now free to change the cardholder’s status

4 Make the necessary changes and click Apply. After you are done: Remember to turn the synchronization back on when the connection with the sharing host is re-established.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

307

Viewing access control health events

Viewing access control health events You can view health events related to access control entities, using the Access control health history report. What you should know This report is similar to the Health history report, but the query only includes access control entities. The access control entities that can produce health events include access control units, doors, areas, and elevators. To search for access control health events: 1 From the Home page, open the Access control health history task. 2 Generate your report (see "Generate a report" on page 30). The access control health events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

308

Investigating access control unit events

Investigating access control unit events You can investigate events related to access control units, using the Access control unit events report. What you should know To view the properties of all the access control units that are part of your system, see "Viewing properties of units in your system" on page 184. To investigate access control unit events: 1 From the Home page, open the Access control unit events task. 2 Generate your report (see "Generate a report" on page 30). The access control unit events are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. EXAMPLE If you want to see if any critical events happened relating to access control units in

the last week (for example, Hardware tamper), you can search for that event, and set a time range.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

309

Viewing IO configuration of access control units

Viewing IO configuration of access control units You can view the IO configurations (controlled access points, doors, and elevators) of access control units, using the IO configuration report. What you should know To view the properties of all the access control units that are part of your system, see "Viewing properties of units in your system" on page 184. To view the IO configuration of an access control unit: 1 From the Home page, open the IO configuration task. 2 Generate your report (see "Generate a report" on page 30). The input and output configurations of the selected access control units are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. EXAMPLE You can search a for a specific door, and see how the access through each door side

is configured (REX, readers, IO modules, and so on).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

310

Replace access control units

Replace access control units If an access control unit fails and is offline in Security Center ( ), you can replace the unit with a compatible one. This process copies the configuration settings, associations to doors, elevators, and zones, and event logs from the old unit, so you do not have to configure the new one. Before you begin: The new access control unit must be the same brand and model as the old one, or you will receive the following error message: Units’ extension does not match. 1 Add a new access control unit to the Access Manager controlling the old unit. For information about adding an access control unit, see "Adding access control units to your system" on page 261. 2 Temporarily deactivate the Access Manager. a In the Access control task, select the Access Manager. b In the Contextual commands toolbar, click Deactivate role (

).

c In the confirmation dialog box that opens, click Continue. The Access Manager and all the access control units controlled by the role turn red. 3 Click the Home tab, and then click Tools > Unit replacement tool. 4 In the Unit type option, select Access control units. 5 Select the Old and the New access control units. For more information about searching for entities, see "Search for entities using the Search tool" on page 43. 6 Click Swap. The configuration settings of the old access control unit are copied to the new one. 7 Click the Access control task, and select the new unit. 8 Verify that the configuration settings are all correct. 9 In the Logical view, right-click the old unit, and click Delete (

).

10 In the confirmation dialog box that opens, click Continue. 11 Right-click the Access Manager, and click Activate role (

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

).

311

Replacing HID VertX 1000 units with SMC units

Replacing HID VertX 1000 units with SMC units You can replace an HID VertX 1000 access control unit with a Synergis Master Controller (SMC) unit. What you should know This procedure copies the configuration settings and associations to doors and zones from the V1000 to the SMC unit, so you do not have to configure the SMC unit. NOTES

• The access control unit events logged in the Access Manager from the V1000 are not copied. •

The events remain in the database, but you cannot search for them using the SMC unit. The following V1000 inputs and outputs are not cpoied to the SMC unit: V1000 - AC Fail, V1000 - Bat Fail, V1000 - Input 1, V1000 - Input 2, V1000 - Relay 1, and V1000 - Relay 2.

Before you begin Do the following: 1 Backup the Directory database from the Server Admin (see "Back up your role database" on page 57). 2 Physically disconnect the V1000 unit, and make sure it is offline in Security Center (

).

3 Assemble and install the SMC and its hardware components. For information, see the Synergis Master Controller Hardware Installation Guide. IMPORTANT You must set up the SMC with same interface modules that you disconnected from the V1000, or you will not be able to replace the V1000 with that SMC unit in Security Center.

4 Configure the SMC unit, and add it in Security Center. For more information, see the Synergis Master Controller Configuration Guide. To replace a VertX 1000 unit with an SMC unit: 1 From the Home page in Config Tool, click Tools > V1000 - SMC. 2 In the Connection dialog box, type your Security Center Username and Password, and then click Connect. 3 From the Offline V1000 units drop-down list in the Mapping tool, select the offline V1000 unit. 4 From the Available SMC units drop-down list, select the SMC unit to replace the old unit with. NOTE The SMC unit is only available in the list if it is configured with the same number of interface modules as the V1000.

The ports used by the V1000 and SMC unit are listed in the Channel section, and the interface modules connected to those ports are listed below.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

312

Replacing HID VertX 1000 units with SMC units

5 If the interface modules are not pointing to the correct SMC ports, you must manually map the ports in the Channel section as follows: a For the interface modules that were previously connected to port A on the V1000, type the SMC port they are physically connected to (A-D). b Repeat Step a for the interface modules that were previously connected to port B on the V1000. 6 Click Apply. The V1000 configuration settings are copied to the SMC unit. 7 Click Close. 8 Remove the V1000 unit from Security Center as follows: a From the Home page open the Access control task. b Click the Roles and units tab, and then select the offline V1000 unit. c From the bottom of the Config Tool window, click Delete (

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

).

313

Troubleshoot HID discovery and enrollment

Troubleshoot HID discovery and enrollment The following section discusses the troubleshooting tips for HID units. This section includes the following topics:

• "Common discovery and enrollment issues" on page 314 • "HID unit cannot be found with the discovery tool" on page 315 • "HID unit enrollment issues" on page 315

Common discovery and enrollment issues Best practice: Use the following best practices to resolve HID unit issues common to discovery and enrollment.

• Are the computers on which the Config Tool and Access Manager are running, behind a • •

firewall? Ports 4050 TCP and 4070 UDP must be unblocked. Has the HID VertX device extension been added to the Access Manager in the Server Admin? For more information, see "Extensions" on page 513. Has the HID extension properly loaded in the Access Manager? To validate: a Open console session to the Access Manager. Open a web browser and go to the URL http://(server name or IP)/Genetec/console NOTE If you cannot connect to the console ensure that console access is enabled in the Server Admin, under the Genetec Server tab.

b Click the Commands tab at the top of the page. c Under the column User Commands on the left, expand Access Manager and click Status. d A status query will be sent to the Access Manager and the response will contain the extensions that are loaded. e Ensure that the following line is shown in the status results: HID VertX:4070 = X units.

• Is the unit set to a static IP address? If so, then the DNS must also be set, otherwise the unit



might have issues enrolling or connecting. In the HID Configuration GUI, set the primary and secondary DNS to the appropriate values. If you do not know your network’s DNS, set the unit’s own IP address as the primary and secondary DNS server. To access the HID Configuration GUI, point a browser to the unit’s IP address. Ensure no other application is blocking port 4070, 4050, and 20. Stop the Access Manager, and at the Microsoft Windows command prompt, run netstat -na.

To open Command Prompt:

• Click Start, click Run, type cmd, and then click OK.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

314

Troubleshoot HID discovery and enrollment

HID unit cannot be found with the discovery tool Best practice: Use the following best practices to resolve HID unit discovery issues.

• Is the Host Name in the Advanced Setup of HID VertX web page not set or has more than • • •

15 characters? If so, the unit cannot be discovered. Is the unit on the same network subnet as the PC on which the Config Tool is running? Discovery will only work within the same broadcast domain. Ensure no other application is already listening on ports 4070 and 4050. At the Microsoft Windows command prompt, run netstat -na. To open Command Prompt, click Start, click Run, type cmd, and then click OK. Ensure the firmware of the unit is up to date.

HID unit enrollment issues Symptoms of enrollment issues include:

• • • •

Unit cannot be enrolled. Unit is enrolled but its icon remains red. Unit connects and disconnects continuously. Unit begins enrolling and fails at 67%

Best practice: Use the following best practices to resolve HID unit enrollment issues.

• Can you ping (check connectivity) and telnet (check credential) the unit from the machine running the Access Manager? Proceed as follows: a Ping the unit. At the Microsoft Windows command prompt, run ping w.x.y.z (w, x, y, and z is the IP address of the unit). To open the Command Prompt, click Start, click Run, type ping w.x.y.z, and then click OK. A report is generated. It should show that no packets were lost. b Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z.



• • •

Login to the unit. If the login is successful, there is connectivity to the unit. Is the unit on the same network subnet as the PC on which the Access Manager is running? If not, you can enroll this unit manually as long as you know its IP address. (The unit must be set to use a static IP address.) For more information, see "Add an HID unit manually" on page 262. Is the unit firmware up to date? Is the interface board firmware up to date? The required firmware version is shown in the Security Center Release Notes. Verify the network card binding and database configuration for the Access Manager is correctly set. For more information, see "Configuring the Access Manager role" on page 260 and "Access Manager" on page 511. Is the Access Manager behind a NAT? If so you must specify the translated host address for the Access Manager. For more information, see "Add an HID unit manually" on page 262.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

315

Troubleshoot HID discovery and enrollment

• Verify that no other Access Manager is currently connected to the HID unit. i Stop your Access Manager. (Config Tool > Role View > Deactivate) ii Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z (w, x, y, and z is the IP address of the unit). To open the Command Prompt, click Start, click Run, type telnet w.x.y.z, and then click OK. iii Login to the unit. (Default: user=root / password =pass) iv At the prompt, type netstat -na. A list of network connections is shown. There should be no one connected to port 4050.

• Verify that any HID units (and connected interfaces) are wired to not generate tamper or



door held open alarms, access granted or access denied events. Tamper and door held open alarms will trigger repeatedly. Upon connection, any such alarms and events have to be downloaded from the unit which can slow-down the enrollment process. Symptoms of this is the unit is difficult to enroll, the unit connects and disconnects, or the unit beeps. The last solution is to upgrade the unit’s firmware. Refer to the Security Center Release notes for a list of supported firmware versions or, contact Genetec Technical Assistance. For more information, see "Technical support" on page 869.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

316

Finding out which entities are affected by access rules

Finding out which entities are affected by access rules You can find out which entities and access points are affected by a given access rule, using the Access rule configuration report. What you should know In the report results, you can see the members of the access rule, such as the cardholders, doors, and the associated schedule. This helps you determine if you must add or remove entities, or adjust the schedule. For more information about modifying the members of an access rule, see "Configuring access rules" on page 281. To find out which entities are affected by an access rule: 1 From the Home page, open the Access rule configuration task. 2 In the Query tab, select the access rule to investigate. For more information, see "Searching for tasks and entities" on page 42. 3 In the Expand cardholder groups option, select Enable to list the members of the affected cardholder groups in the report instead of the cardholder groups themselves. 4 In the Include perimeter entities option, select Enable to include the perimeter entities of the affected areas in the report. 5 Click Generate report. The entities and access points affected by this access rule are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

317

Viewing properties of cardholder group members

Viewing properties of cardholder group members You can find out the members of a cardholder group, and view any associated cardholder properties (first name, last name, picture, status, custom properties, and so on) of the cardholders, using the Cardholder configuration task. What you should know You can search for a specific cardholder group to see which cardholders are members of that group. You also can search for expired or inactive cardholders so see if there are any in your system. To view the properties of cardholder group members: 1 From the Home page, open the Cardholder configuration task. 2 Generate your report (see "Generate a report" on page 30). The cardholders that are members of the selected cardholder groups are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

.

318

Viewing credential properties of cardholders

Viewing credential properties of cardholders You can view credential properties (status, assigned cardholder, card format, credential code, custom properties, and so on) of cardholders, using the Credential configuration report. To view the credential properties of a cardholder: 1 From the Home page, open the Credential configuration task. 2 Generate your report (see "Generate a report" on page 30). The credential properties the selected cardholder are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click

.

EXAMPLE If you requested a credential for a cardholder, and want to see if it was activated, you can search for that cardholder. The Credential status column indicates if the credential is in the Requested or Active state. You can also see if there are any credentials currently listed as lost or stolen.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

319

How the Access troubleshooter tool works

How the Access troubleshooter tool works You can detect and diagnose access configuration problems, using the Access troubleshooter tool. The Access troubleshooter allows you to:

• Find out who has the right to pass through an access point at a given date and time. • Find out which access points a cardholder is allowed to use at a given date and time. • Find out why a given cardholder can, or cannot use an access point at a given date and time. The Access troubleshooter is most accurate when examining an event that just occurred. When using the troubleshooter to investigate a past event (denied access, for example), keep in mind that the configurations might have changed since the event occurred. The troubleshooter does not take past settings into consideration. It only evaluates a situation based on the current settings.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

320

Troubleshooting access points

Troubleshooting access points You can find out who has the right to pass through a door side (or elevator floor) at a given date and time, using the Door troubleshooter tab in the Access troubleshooter tool. What you should know The door troubleshooter does not examine each cardholder’s credentials. You can further diagnose the cardholder’s access rights by clicking the Access diagnosis ( ) tab (see "Diagnosing cardholder access rights based on credentials" on page 323). To troubleshoot an access point: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Door troubleshooter tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. Only access rules are evaluated based on the specified date and time. 4 Select the access point that you want the troubleshooter to examine: 

If you select a door, specify a door side.



If you select an elevator, specify a floor.

5 Click Go. The active cardholders who have the rights to use the selected access point at the specified time, based on the current access rules, are listed.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

321

Troubleshooting cardholder access rights

Troubleshooting cardholder access rights You can find out which access points a cardholder is allowed to use at a given date and time, using the Cardholder troubleshooter tab in the Access troubleshooter tool. What you should know The cardholder troubleshooter does not examine each cardholder’s credentials. You can further diagnose the cardholder’s access rights by clicking the Access diagnosis ( ) tab (see "Diagnosing cardholder access rights based on credentials" on page 323). To troubleshoot a cardholder’s access rights: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Cardholder troubleshooter tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. Only access rules are evaluated based on the specified date and time. 4 Select the cardholder that you want the troubleshooter to examine. Instead of a cardholder, you can also select a credential or a visitor. NOTE The entities that are currently inactive are greyed out.

5 Click Go. The access points that the selected cardholder (or visitor) has the right to use at the specified time, based on the current access rules, are listed.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

322

Diagnosing cardholder access rights based on credentials

Diagnosing cardholder access rights based on credentials You can diagnose why a cardholder with a given credential can, or cannot access a given door or elevator, at a given date and time, using the Access diagnosis tab in the Access troubleshooter tool. To diagnose a cardholder’s access rights based on their credential: 1 From the Home page, click Tools > Access troubleshooter. 2 In the Access troubleshooter dialog box, click the Access diagnosis tab. 3 Select the date and time you want to the troubleshooter to base its evaluation on. 4 Select the cardholder you want to examine. Instead of a cardholder, you can also select a credential or a visitor. 5 If the selected cardholder has more than one credential, specify the one you want to examine. 6 Select an access point to examine. 

If you select a door, specify a door side.



If you select an elevator, specify a floor.

7 Click Go. The troubleshooter produces a diagnosis based on the current system configuration, taking into consideration the access rules, and both the cardholder’s and the credential’s activation and expiration dates.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

323

Finding out who is granted access to doors and elevators

Finding out who is granted access to doors and elevators You can verify which cardholders are granted access to a particular door side or elevator floor at a specific date and time, using the Door troubleshooter report. What you should know This report is helpful, because it allows you to see what the configuration of a door or elevator is, and determine if their properties must be adjusted. For more information about troubleshooting your access control configurations, see "Troubleshooting access points" on page 321. For more information about modifying the properties of a door or elevator, see "Configuring doors" on page 268 and "Configuring elevators" on page 274. To find out who is granted access to a door or elevator: 1 From the Home page, open the Door troubleshooter task. 2 In the Query tab, select a date and time range for the report. 3 Select a door or elevator you want to investigate. For more information, see "Searching for tasks and entities" on page 42. 4 From the Access point drop-down list, select the access point (door side or elevator floor) you want to verify. 5 Click Generate report. All cardholders who can go through the selected access point at the specified time are listed in the report pane. For information about the report columns available, see "Report pane columns" on page 723.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

324

Finding out who is granted/denied access at access points

Finding out who is granted/denied access at access points You can find out which cardholders are currently granted or denied access to selected areas, doors, and elevators, using the Cardholder access rights report. What you should know This report is helpful, because it allows you to see where a cardholder can go, and when, and determine if their access rule properties must be adjusted. For information about modifying a cardholder’s access rights, see “Assigning access rules to cardholders” in the Security Desk User Guide. TIP Perform your query on one access point at a time, so your report is more specific.

To find out who is granted/denied access at an access point: 1 From the Home page, open the Cardholder access rights task. 2 Generate your report (see "Generate a report" on page 30). The cardholders associated with the selected access point through an access rule are listed in the report pane. The results indicate if the cardholder is granted or denied access, and by which access rule. For information about the report columns available, see "Report pane columns" on page 723. 3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the canvas. 4 To view additional cardholder information in the tile, click

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

.

325

Troubleshoot door issues

Troubleshoot door issues The following section discusses the troubleshooting tips for doors. This section includes the following topics:

• "Request to exit events" on page 326 • "Credential issues" on page 326 • "Resolution of reader issues" on page 327

Request to exit events Issue: The logs for a door shows far too many request to exit events for the actual amount of door activity. Description: Sometimes a request to exit event is triggered when people are entering an area. This door is equipped with an automatic request to exit device (based on a motion detection sensor). Solution: Depending on the quality of the automatic request to exit device and how it is installed, the device will trigger on any activity near the door. The Security Center has filters in the Door, Properties tab that you can configure to reduce the number of false request to exit events.

For more information, see "Properties" on page 405.

Credential issues Issue: A credential does not work at a door or elevator, and the reason is unclear. Description: For a credential to be granted access at a given door side or to an elevator floor, a number of conditions have to be met. For example:

• The credential’s profile must be enabled • The credential must be associated to a cardholder • The cardholder’s profile must be enabled

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

326

Troubleshoot door issues

• There must be at least one access rule that specifically grants access for that cardholder or the cardholder’s cardholder group. If these settings are not correct, access will be denied. Solution: The easiest way to determine what is the reason for denied access is to use the Access troubleshooter. For more information, see "Access troubleshooter" on page 652.

Resolution of reader issues Best practice: Use the following best practices to resolve reader issues.

• Ensure you are using the right type of card technology for the reader. For example, some readers are multi-technology (can read 125 kHz and 13.56 MHz cards), other readers can read only one card type. Is the card defective? Try another card.

• • Is the reader installed too close to another one? Readers emit an electromagnetic field that •

can interfere with other readers located nearby. Test this by disconnecting the power to one reader and see if the other reader starts to operate correctly. Are you using the proper cable for the reader (see the reader and unit documentation for the maximum cable length and type)? Test this by connecting a spare reader directly to the unit with a short cable. If it works, change the cable.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

327

Part V AutoVu IP license plate recognition Learn how to set up, configure, and manage your AutoVu system in Security Center. This part includes the following chapters: •

Chapter 12, “Deploying AutoVu” on page 329

12 Deploying AutoVu AutoVu deployment is explained in a separate document, the AutoVu Handbook. Click the link below to open the most recent version of the AutoVu Handbook: http://downloads.genetec.com/SecurityCenter/5.2/SLA/AutoVu/EN.AutoVu Handbook 5.2 LA.pdf

Why have a separate document for AutoVu? Although you configure many AutoVu settings from Security Center Config Tool, to fully deploy an AutoVu system, you’ll need to configure settings in multiple applications. For example, if you’re deploying a mobile AutoVu system, you’ll need to configure settings in Security Center Config Tool, Patroller Config Tool, and the Sharp Portal. AutoVu deployment also includes a hardware installation process. For example, to install a SharpX camera on a vehicle, you might be required to drill into the vehicle’s roof, remove the vehicle’s headliner, and so on. The purpose of the AutoVu Handbook is to provide you with a complete source of information about how to install and configure an AutoVu system. It explains everything from installing the hardware, to installing the Patroller application, to configuring the Sharp unit software. You’ll still need to refer to the Security Center Administrator Guide from time to time, because the AutoVu Handbook does not explain how to administer your Security Center system. For example, for information on how to manage partitions, databases, users and user groups, and so on, you’ll need to refer to the Security Center Administrator Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

329

Part VI Config Tool reference Learn about the entities, role types, tools, and utilities used in Config Tool. This part includes the following chapters: •

Chapter 13, “Entity types” on page 331



Chapter 14, “Role types” on page 510



Chapter 15, “Administration tasks” on page 611



Chapter 16, “Tools and utilities” on page 650



Chapter 17, “User privileges” on page 694



Chapter 18, “Reporting task reference” on page 711



Chapter 19, “Events and actions in Security Center” on page 744



Chapter 19, “Keyboard shortcuts in Config Tool” on page 764

13 Entity types This section lists all Security Center entity types in alphabetical order. Each entity type is covered with a general description of its purpose and usage. The sub-sections describe each entity type’s configuration tabs and the settings they contain. This section includes the following topics:

• • • • • • • • • • • • • • • • • • • •

"Common configuration tabs" on page 332 "Access control unit" on page 337 "Access rule" on page 349 "Alarm" on page 351 "Analog monitor" on page 357 "Area" on page 360 "Badge template" on page 365 "Camera (video encoder)" on page 368 "Camera sequence" on page 393 "Cardholder" on page 395 "Cardholder group" on page 398 "Cash register" on page 400 "Credential" on page 401 "Door" on page 404 "Elevator" on page 410 "Hotlist" on page 414 "Intrusion detection area" on page 421 "Intrusion detection unit" on page 423 "LPR unit" on page 426 "Macro" on page 429

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

• • • • • • • • • • • • • • • • • • • •

"Monitor group" on page 432 "Network" on page 434 "Output behavior" on page 437 "Overtime rule" on page 439 "Parking facility" on page 444 "Partition" on page 447 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457 "Public task" on page 461 "Role" on page 462 "Schedule" on page 463 "Scheduled task" on page 469 "Server" on page 471 "Tile plugin" on page 480 "User" on page 482 "User group" on page 489 "Video unit" on page 494 "Zone (hardware)" on page 502 "Zone (virtual)" on page 506

331

Common configuration tabs

Common configuration tabs Some of the configuration tabs are commonly used by the majority of Security Center entities. The following tabs are covered in this section: Identity

Name, description, logical ID, and relationships of the selected entity with other entities in the system.

Cameras

Cameras associated to the selected entity.

Custom fields

Custom fields for the selected entity.

Location

Time zone and geographical location for the selected entity.

Identity The Identity tab provides descriptive information on the entity and lets you jump to the configuration page of related entities. The sample screen shot below is that of a camera entity.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

332

Common configuration tabs

Standard information All entity types share the following standard attributes:

• Type. Entity type. • Name. Entity’s given name. The entity name is editable, except in the following cases: 

Server entities. The entity name corresponds to the machine name and cannot be changed.

Federated entities. The entity name belongs to the original system and cannot be changed on the federation. Description. Optional descriptive text. 

• • Logical ID. Logical IDs are unique numbers assigned to entities for ease of reference in the system (mainly for CCTV keyboard operations).

NOTE A logical ID must be unique across all entities of the same group. Entity types that are likely to be referenced within the same context are put in the same group. For example, cameras and public tasks belong to the same functional group, therefore, a camera and a public task may not have the same logical ID, but a camera and a camera sequence may. TIP You can view and edit the logical IDs of all entities in the system from one place. For more information, see System – General settings – "Logical ID" on page 625 in the Security Center Administrator Guide.

• Relationships. List of relationships between this entity and other entities on the system. You can use the command buttons found at the bottom of the relationship list to manage the relationships of this entity with other entities in the system. 

Select a relationship group, and click

to add a new relationship.



Select a related entity, and click

to remove the relationship.



Select a related entity, and click

to jump to its configuration page.

Specific information Certain entity types may show additional information in this tab. For example, see Video unit – "Identity" on page 495.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

333

Common configuration tabs

Cameras The Cameras tab allows you to associate cameras to the entity so that when it is viewed in Security Desk, the cameras are displayed instead of the entity icon. The sample screen shot below is that of a virtual zone entity.

From this tab you can perform the following actions:

• To add a camera, click . • To remove the selected camera, click

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

.

334

Common configuration tabs

Custom fields The Custom fields tab lets you view and modify the custom fields defined for this entity. The sample screen shot below is that of a cardholder entity.

In the above example, five custom fields have been defined for the cardholder entity, separated in two groups:

• Employee information 

Hire date



Department



Office extension

• Personal information 

Gender



Home number



Cellphone number (flagged as mandatory)

For information on defining custom fields, see System– General settings – "Custom fields" on page 619.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

335

Common configuration tabs

Location The Location tab provides information regarding the time zone and the geographical location of the entity. The sample screen shot below is that of a video unit entity.

Time zone The time zone is used to display the entity events in the entity’s local time zone. In Security Center, all times are stored in UTC in the databases, but are displayed according to the local time zone of the entities. The local time of the entity is displayed below the time zone selection.

Location The geographical location (latitude, longitude) of the entity has several different uses:

• For video units, it is used for the automatic calculation of the time the sun rises and sets on



a given date. A typical application is for the system to record video only during daytime (for cameras placed outside), or to adjust the brightness of the camera based on daytime and nighttime. For more information, see "Schedule" on page 463. For fixed LPR units that are not equipped with a GPS receiver, the geographical location is used to plot the LPR events (reads and hits) associated to the LPR unit on the map in Security Desk. For more information, see Hits and Reads investigation tasks in the Genetec Security Desk User Guide.

For more information, see "Using geographical locations" on page 40.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

336

Access control unit

Access control unit The access control unit entity represents an access control device, such as Synergis Master Controller (SMC) or an HID VertX controller, that communicates directly with the Access Manager over an IP network. Access control units usually control other slave units (or interface modules) such as the HID VertX V100 and V200, and the Mercury MR50 and MR52, which are connected to door sensors and readers. For SMC, the interface modules can come from various manufacturers. For more information, see the documentation on Synergis Master Controller that is available from the GTAP Documents page. System: Synergis IP access control Task: Access control – Roles and units Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties (SMC) Connection settings and other parameters that cannot be configured using the SMC portal. Properties (HID)

Specific information about the HID unit and configuration of its subpanels.

Portal (SMC)

Connection to the web configuration interface (Controller Portal) of the SMC unit.

Network (HID)

Connection parameters used by the Access Manager to communicate with the HID unit.

Peripherals

Configuration of the IO pins according to the features supported by the hardware. Applies to both SMC and HID units.

Health

Unit’s health status. Applies to both SMC and HID units.

Synchronization

Synchronization mode and command button allowing you to synchronize this unit with its Access Manager. Applies to both SMC and HID units.

Custom fields

Custom field values for this unit.

Location

Time zone and geographical location of this unit.

Related topics:

• • • •

"Access Manager" on page 511 "Door" on page 404 "Elevator" on page 410 "Zone (hardware)" on page 502

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

337

Access control unit

Properties (SMC) The SMC unit’s Properties tab allows you to update the connection parameters after the unit has been discovered, such as the logon credentials.

Connection settings The connection settings are correctly initialized at the time the SMC unit is enrolled in your system. Do not change these settings unless you changed them on the SMC using Controller Portal after the unit has been enrolled, or a Genetec representative instructs you to do so.

• Web address. Web address for contacting Controller Portal. • Username/Password. Logon username and password. • Using DHCP. Do not change this parameter unless asked by a Genetec Technical Support representative. This parameter is reset every time the Access Manager reconnects to the SMC unit.

• Ignore web proxy. Select this option to instruct the Access Manager to ignore the Proxy Server settings on the server currently hosting the role. Clear this option to instruct the Access Manager to follow the Proxy Server settings. (Default=cleared). NOTE For an HID unit, the equivalent settings are found in the Network tab (see "Network

(HID)" on page 344).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

338

Access control unit

Discovered properties Current settings returned by the SMC units. Click Upgrade to upgrade the SMC firmware. It is equivalent to the Firmware upgrade function found in the SMC Portal. See "Check and upgrade the SMC firmware" in the Synergis Master Controller Configuration Guide.

General settings The following settings cannot be set through the SMC Portal. The settings here are pushed from Security Center to SMC during unit synchronization.

• Mixed mode. Clear this option to set the SMC to operate in online mode (Default=mixed mode). NOTE If the connection to Access Manager is lost while in online mode, SMC will revert back to mixed mode.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

339

Access control unit

Properties (HID) The Properties tab for HID shows specific information about the HID unit and allows you to configure its inputs, outputs, and subpanels (V100, V200, V300 if connected).

Unit information This section shows the firmware version, model name, and serial number of the unit.

General settings

• Mixed mode. HID units always operate in mixed mode. • Monitor AC Fail. The AC fail input is being used to monitor AC failures or some other general purpose.

• Monitor battery fail. The Battery fail input is being used to monitor the backup battery or some other general purpose.

Additional settings In this section, you configure the unit’s inputs and outputs according to how they are used.

• Program version. The interface firmware revision number. • EEPROM version. The interface EEPROM revision number. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

340

Access control unit

• Door behavior. This must be set to match the door’s configuration: 



Set Card-in / Card-out if the door has two readers; Wire the door lock to the Strike Relay (Out 1) output and wire all door hardware to the Reader 1 side of the unit. The Strike Relay (Out 3) is available for any other use (for example, for a zone). Set Card-in / REX-out if the door has one reader on one side, and a REX on the other side. In this case, the unit can control two such doors: 



Wire the first door with Reader 1 side of the unit and use Strike Relay (Out 1) to control the door lock. Wire the second door with Reader 2 side of the unit and use Strike Relay (Out 3) to control the door lock.

With an Edge device unit, this option is unavailable (it is Card-in / REX-out). NOTE This configuration must correspond to the hardware assignments you make for the

door configuration. For more information, see "Hardware" on page 408.

• Debounce. The amount of time an input can be in a changed state (for example, from active to inactive) before the state change is reported. Electrical switches often cause temporarily unstable signals when changing states, possibly confusing the logical circuitry. Debouncing is used to filter out unstable signals by ignoring all state changes that are shorter than a certain period of time (in milliseconds).

• Contact type / Supervision mode. Sets the normal state of the input contact and its supervision mode. There are four preset configurations, and a custom one: 

Preset: Normally closed / Not supervised.



Preset: Normally open / Not supervised.



Preset: Normally closed / 4-state supervised.



Preset: Normally open / 4-state supervised.



Custom. Allows you to set your custom range of values for Active and Normal input states.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

341

Access control unit

• Minimum time (Action). Applies when the relay is being used as part of a zone (either hardware or virtual). It establishes the minimum number of seconds the relay stays close when triggered by an event (for example Request to exit).

• Minimum time (Access grant). Applies when the relay is actually being used to control a locking device. The normal configuration is to open the lock when access is granted and to close the lock immediately after the door opens (Minimum time = 0). There are certain situations where the normal configuration would cause the door to be locked too soon (absence of a door sensor, or double doors). In those situations, a Minimum time must be set on the strike relay to keep the door unlocked after the system detects that the door has been opened (typically for the same duration as the Access grant time set on the door).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

342

Access control unit

Portal (SMC) The SMC unit’s Portal tab allows you to connect to the SMC’s web-based interface (Controller Portal) for its configuration and maintenance.

Controller Portal allows you to perform the following tasks:

• • • • • • • • • • •

Change the security password required to log on to the SMC unit. Configure the network settings on the SMC unit so it works on your system. Configure SMC to accept connections from specific Access Manager servers. Configure the properties of the interface modules attached to the SMC unit. Configure the access control behavior for SMC, in both online and offline modes. View the activity logs stored on the SMC unit. Test and diagnose the interface module connections to the SMC unit. View and export the SMC status and configuration. Upgrade the SMC firmware. Restart the SMC hardware or software. Update security clearance levels assigned to Security Center areas manually on the SMC unit when the connection to the Access Manager is lost.

For more information on what you can do through the Controller Portal, see the Synergis Master Controller Configuration Guide. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

343

Access control unit

Network (HID) The HID unit’s Network tab allows you to configure the connection parameters for the Access Manager to communicate with the unit. These settings are correctly initialized at the time the HID unit is added to your system. Do not change these settings unless you changed them on the unit using the HID Discovery GUI after the unit has been enrolled, or a Genetec representative instructs you to do so.

Connection parameters

• Username/password. Username and password used to log on to the HID unit. • Use translated host address. Must be selected when there is a NAT router between the unit and it’s Access Manager. The NAT router’s IP address that is visible from the unit would be set here.

• Obtain network settings dynamically (DHCP). Select this option if the HID unit will be assigned it’s IP configuration by a DHCP server.

• Use these static settings. Select this option and configure the IP address, Gateway and Subnet mask manually if the access control unit will use a fixed IP address (recommended). NOTE The equivalent settings for an SMC unit are configured through the SMC portal (see

"Portal (SMC)" on page 343).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

344

Access control unit

Peripherals The Peripherals tab allows you to give meaningful names to IO devices controlled by the unit so they are easier to identify. Additionally, you can assign a logical ID for each IO device.

Rename a device To edit a unit’s logical name, select a device’s logical name (eg. V200 [02] Relay 1) and type over its existing name to something more meaningful (eg. V200 [02] - Door Bell). The (abc) button and (id) button at the bottom of the page can also be used to apply a logical name or logical ID number to one of the device peripherals.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

345

Access control unit

Health The Health tab displays the memory usage on the unit.

Usage You can monitor a unit’s health and status:

• Number of credentials. Indicates the number of credentials stored on the unit versus the total number of credentials the unit can store, based on the available memory and the average number of bytes per credential.

• Main memory. Available memory on the unit. This information is only available to HID VertX units. For SMC units, a different set of information is available through the System status page in Controller Portal (see “Viewing and exporting system information” in the Synergis Master Controller Configuration Guide).

• Secondary memory. Available secondary memory on the unit. This information is only available to HID VertX units.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

346

Access control unit

Synchronization The Synchronization tab allows you to configure the type of synchronization you want between the unit and its Access Manager.

A unit must be synchronized with the Access Manager database to allow it to work in offline or mixed mode. For synchronization, the Access Manager knows a unit’s capacity, and fills it with as much information as possible so that the unit is optimized to run when it is offline, or in mixed mode. Synchronization management handles credential and IO linking rules. This can be set according to your needs. See "About unit synchronization modes" on page 348. This tab shows you the following information about this process:

• Last update. Indicates the day and time of the last successful synchronization with the unit. • Expiration date. Indicates the day and time when the unit will no longer be capable of fully functioning in offline or mixed mode. This is due to the limited scheduling capability of the access control unit. You will need to synchronize before the expiration date to ensure that the unit will work in offline or mixed mode. The scheduling limit varies depending on the unit type: 



HID VertX units expire after one year. Past the expiration date, the unit stops working. SMC units never expire because they fully support the scheduling schemes used in Security Center.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

347

Access control unit

IMPORTANT Any synchronization errors are displayed in yellow. Pay attention to these errors to avoid any disruption in the operation. For example, HID VertX units are limited to 65,000 credentials. Exceeding this limit causes the synchronization to fail and the unit to be reset.

About unit synchronization modes Security Center supports the following unit synchronization modes for credentials:

• Automatically. This is the recommended setting. Any configuration change is sent to the access control unit 15 seconds after the change is saved by the Config Tool, Web Client or Security Desk. Only configurations that affect that particular unit are sent.

• On schedule. The unit is synchronized according to a schedule. For continued offline or mixed mode operation, make sure the scheduled synchronization time never falls after the date and time shown for Expiration date. If in doubt, set the synchronization mode to Automatically.

• Manual only. The unit is only synchronized when you click the Synchronize now button. Make sure you synchronize the unit before the date and time shown for Expiration date.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

348

Access rule

Access rule The access rule entity defines the access control logic which grants or denies passage to a cardholder through an access point, based on a schedule.

System: Synergis IP access control Task: Access control – Access rules Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Type of rule and to who and when this rule applies.

Custom fields

Custom field values for this rule.

Related topics:

• Area – "Access rules" on page 364 • "Access Manager" on page 511

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

349

Access rule

Properties The Properties page of an access rule links the 3 W’s: The “Who”, “When” and “What”. For example, “All Employees”, “Office Hours”, and “Access Granted”.

• Schedule. Choose when this access rule is active. • When the schedule is active . Select whether to grant or deny access from cardholders. • Cardholders affected by this rule. Select the cardholders affected by this rule. NOTE An access rule is not operational until it is associated to a door, elevator, or area.

Related topics:

• For information about creating access rules for areas, see "Access rules" on page 364. • For information about creating access rules for doors, see "Access rules" on page 409.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

350

Alarm

Alarm The alarm entity describes a particular trouble situation that requires immediate attention, and how it should be handled in Security Center. Namely, its priority, what entities (usually cameras and doors) best describe it, who should be notified, how it should be displayed to the user, and so on. System: General Task: Alarms – Alarms Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Essential alarm priorities: priority, recipients, broadcast mode, and attached entities.

Advanced

Optional alarm properties: reactivation threshold, alarm procedure, schedule, automatic acknowledgement, and video display and recording options.

Custom fields

Custom field values for this alarm.

Related topics:

• "Managing alarms" on page 111 • "Testing alarms" on page 112

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

351

Alarm

Properties The Properties tab allows you to define the essential alarm properties.

Priority In Security Desk, alarms are displayed in the Alarm monitoring task by order of priority (this is evaluated every time a new alarm is received). The highest priority alarm is displayed in tile #1, followed by the second highest in tile #2, and so on. When two alarms have the same priority value, priority is given to the newest one. When a new alarm is received in Security Desk with a priority level identical or higher than the current alarms displayed, it pushes the other alarms down the tile list. When an alarm is acknowledged in Security Desk, it frees a tile for lower priority alarms to move up.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

352

Alarm

Recipients An alarm recipient is either a user, user group, or analog monitor group. They receive the alarms in Security Desk. IMPORTANT Make sure all the alarm recipients have the privilege to acknowledge alarms.

Broadcast mode There are two ways alarm recipients can be notified:

• All at once. (Default) All recipients are notified at the same time, immediately after the alarm is triggered.

• Sequential. The recipients are notified individually, each after a specified delay (in seconds) calculated from the time the alarm is triggered. If the recipient is a user group, all members of the user group are notified at the same time.

Attached entities The attached entities are what visually describe the alarm situation. The alarm entity has the characteristics of a composite entity. When displayed in Security Desk, you can cycle through all displayable entities (cameras, tile plugins, and so on) within the display tile, or unpack the alarm to display them all at once. For more information, see “Unpack/pack tile content” in the Security Desk User Guide. When a composite entity is attached to an alarm, the entities that compose it are also attached to the alarm. For example, if a door entity is attached to the alarm, the cameras associated to the door are also attached to the alarm.

Entity cycling Entity cycling is a Security Desk feature that automatically rotates the display of a composite entity through its components within a display tile, displaying each entity for an equal amount of time. For more information, see “Entity cycling” in the Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

353

Alarm

When entity cycling is turned on in Security Desk, the order of the attached entities in the list is the order they will be displayed in Security Desk. NOTE When the alarm is triggered by an event, the entity that caused the event is also attached to the alarm. That entity will be displayed first when the alarm is displayed.

Advanced The Advanced settings tab allows you to configure the optional alarm properties.

Reactivation threshold The minimum time Security Center needs to wait after triggering this alarm once, before it can trigger it again. This option serves to prevent the system from repeatedly triggering the same alarm while it is awaiting to be resolved.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

354

Alarm

Alarm procedure (URL) Use this option to set the URL or the Web page address corresponding to the alarm procedure. This feature is used to provide alarm handling instructions to the operators. The Web page is displayed when the user clicks Show alarm procedure ( ) in the alarm widget in Security Desk.

NOTE The alarm procedure is also displayed as part of the entities attached to the alarm in Security Desk when entity cycling is turned on.

Schedule The schedule defines when this alarm is in operation. This means that outside the periods defined by this schedule, triggering this alarm would have no effect.

Automatic acknowledgment Turn this option on (default=off) to let the system automatically acknowledge this alarm if no one acknowledges it before the specified time (in seconds). This option is recommended for lowpriority alarms that serve to alert the security operator, but do not require any action.

Create an incident on acknowledgement Turn this option on (default=off) to prompt the Security Desk user to report an incident every time they acknowledge an alarm. NOTE Turning this option on turns the automatic acknowledgement off.

Video display option If cameras are attached to an alarm, you can choose to display live video (default) or playback video when the alarm is triggered. If you choose to display playback video, you must specify the playback pre-trigger time, which is the number of seconds to go back in time before starting the playback, from the time the alarm is triggered.

NOTE Make sure that the recording buffer is equal to, or longer than the pre-trigger time you need for your alarm display. For more information, see "Time to record before an event" on page 523. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

355

Alarm

Automatic video recording When cameras are attached to the alarm, the Archiver automatically records the video for a minimum duration specified in seconds. The recording buffer configured for each camera ensures that whatever happened a few seconds before the alarm was triggered will also be recorded (see "Time to record before an event" on page 523). The recording buffer plus the alarm recording duration is called the guaranteed recording span. This behavior ensures that video recordings will be available for future alarm investigations whenever cameras are attached to this alarm. Turn this option off (default=on) if recording video for the alarm is not necessary. NOTE If the alarm is triggered from a camera event (for example Object removed), the camera that caused the event is automatically attached to the alarm, and therefore, will also be recorded if this option is turned on. IMPORTANT All recordings are ultimately subject to the archiving schedules in place. If recording is disabled at the time the alarm is triggered, no video is recorded. For more information, see "Recording modes" on page 522.

Protect recorded video Turn this option on (default=off) to protect the video recordings associated to this alarm (see "Automatic video recording" on page 356) for the specified number of days. For more information on video protection, see "Protecting video archive against routine cleanup" on page 229. Related topics:

• "Testing alarms" on page 112

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

356

Analog monitor

Analog monitor The analog monitor entity represents a physical monitor that displays video from an analog source, such as a video decoder or an analog camera. A video decoder is a device that converts a digital video stream into analog signals (NTSC or PAL) for display on an analog monitor. The video decoder is one of the many devices found on a video decoding unit. A video decoding unit can have multiple video decoders, each connected to an analog monitor. Each video decoder found on a video decoding unit is represented by an analog monitor entity in Security Center. System: Omnicast IP video surveillance Task: Video - Analog monitor Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

General behavior of the analog monitor.

Related topics:

• "Monitor group" on page 432 • "Video unit" on page 494

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

357

Analog monitor

Properties The Properties tab lets you configure the video stream usage (or function) and specific network settings for the analog monitor.

Video The video section contains various settings that affect the quality the video.

• Stream usage. Select the video stream to use for cameras displayed in the analog monitor. This option is only available for decoders capable of generating multiple video streams. The stream usage options are the following: 

Live. Default stream used for viewing live video in Security Desk.



Recording. Stream recorded by the Archiver for future investigation.



Remote. Stream used for viewing video when the bandwidth is limited.



Low resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. See "Automatic stream selection" on page 211.

High resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large. See "Automatic stream selection" on page 211. Analog format. Select NTSC (National Television System Committee) or PAL (Phase Alternating Line) analog format for the video signal. PAL format generally streams video at a lower frame rate, but at a higher resolution. 



gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

358

Analog monitor

• Display camera name. Turn this option ON if you want the camera name to be shown when it is displayed in the analog monitor in a tile.

Network settings The Network settings section allows you to configure the desired connection type used by the video decoder.

• UDP port. Port number used when the connection type is unicast UDP. If the encoder supports multiple video streams, this parameter is different for each stream.

• Connection type. Defines how communication is established between the Archiver and the unit for sending or receiving video streams. Each device on the same unit could support different connection types. 







Best available. Lets the Archiver select the best available connection type for the stream. The best available types rank in this order, according to availability: Multicast, UDP, and TCP. When the stream is requested for recording only, multicast is removed from the list, so the best available types start with UDP. Multicast. Communication between a single sender and multiple receivers on a network. This is the preferred connection type. In this mode, multiple users in multiple locations can receive the same video transmission simultaneously from a same source, using the bandwidth only once. Most video units are capable of multicast transmissions. UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted using the RTP protocol. TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the broad sense. For some types of cameras, the Archiver establishes a TCP connection to the unit and receives the stream in a proprietary protocol. For others, the stream is sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by the unit. The Archiver has to convert the stream to the RTP protocol to be archived or retransmitted to the system.

Hardware The Hardware section allows you to associate other hardware devices (PTZ motor, Speaker, Microphone, and so on) to this analog monitor. When the decoder is added to the system, all hardware devices belonging to the same unit are configured by default. You can manually associate the analog monitor to other devices, according to how they are physically connected.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

359

Area

Area The area entity, in its most generic use, represents a concept or a physical location (room, floor, building, site, and so on) used for the logical grouping of entities in the system. When Synergis is enabled in your license, an area entity can also be used to configure a secured area with access rules and access control behavior. System: General, Synergis (if secured areas are to be created) Task: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Antipassback and interlock properties for this area (Synergis only).

Members

Child entities of this area.

Access rules

Access rules applied to this area (Synergis only).

Custom fields

Custom field values for this area.

Related topics:

• • • •

"Managing threat levels" on page 117 "Managing the Logical view" on page 85 "Configuring secured areas" on page 278 "Configuring access rules" on page 281

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

360

Area

Properties The Properties tab allows you define the optional area properties. Some these properties might not be visible depending on your license option settings.

Antipassback properties Antipassback is the access restriction placed on a secured area that prevents the same cardholder from entering an area they have not yet exited, and vice-versa.

• Status. Set the antipassback feature to ON or OFF. • Type. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

361

Area



Soft. Soft antipassback only logs the passback events in the database. It does not restrict the door from being unlocked due to a passback event.

Hard. Hard antipassback logs an entry in the database and prevents the door from being unlocked due to a passback event. Timeout. Set how many minutes until the passback event is automatically “forgiven”. 

• • Strict. When turned ON, antipassback logic is applied in both directions on the area.

Cardholders that never left an area cannot enter, and cardholders that never entered cannot leave. Otherwise, the default is OFF and antipassback logic is only applied in one direction. Cardholders who never left an area cannot enter. When a hard antipassback event is triggered, it must be “forgiven” for the cardholder to unlock the door. It might be forgiven automatically due to a timeout value having been configured. Otherwise, the passback event can be forgiven by an authorized user with the Security Desk Monitoring task. For more information, see “Monitoring access events – About antipassback” in the Security Desk User Guide. CAUTION HID units support antipassback or interlock, but not both simultaneously.

Interlock properties Security Center supports the interlocking of the perimeter doors for an area by allowing only one perimeter door to be open at one time. It is important that the door sensors detect when a door can be opened.

• Status. Set the interlock properties feature to ON or OFF. When it’s status is set to ON, only one member door of the area can be open at any given time. To open a door, all others must be closed.

• Priority. An interlock override or lockdown button can be associated to this interlock. • Override / Lockdown. Select an input to be used as a trigger for override or lockdown mode. CAUTION HID units support antipassback or interlock but not both simultaneously.

Threat levels This section is only visible to administrative users, and if the Threat level license option is enabled. You can configure specific actions to be executed by the system when a threat level is activated or deactivated for this area. For more information, see "Managing threat levels" on page 117.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

362

Area

Members The Members tab shows the child entities of the area, grouped by entity type.

Areas are used as entity groupings in the Logical view. The area represented in the above sample screen shot would appear as the following in an entity tree.

For more information about adding members to an area, see "Add members to an area" on page 279.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

363

Area

Access rules The Access rules tab is only necessary if you are configuring a secured area. This tab is only visible when Synergis is enabled in your license.

You assign one or more existing access rules that allow authorized cardholders to gain access to the area. For more information, see "Configuring access rules" on page 281.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

364

Badge template

Badge template The badge template entity is used to configure a printing template for badges.

System: Synergis IP access control Task: Access control – Badge templates Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Badge designer

Tools allowing you to design new badge templates.

Related topics:

• "Cardholder" on page 395 • "Credential" on page 401 • "Defining badge templates" on page 289

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

365

Badge template

Badge designer The Badge designer is a tool that allows you to design and modify badge templates.

In the Badge designer, there are different tools you can use to edit a template:

• In the Tools section, there are six graphical tools you can use to edit the template: 

Select tool. Use to click and select an object on the template.



Rectangle tool. Use to draw a square/rectangle on the template.



Ellipsis tool. Use to draw circles/ovals on the template.



Text tool. Use to insert text on to the template.



Image tool. Use to insert a picture on to the template.



Barcode tool. Use to insert barcodes on to the template.

Select a tool, and click on the template to use it.

• In the Image section, you can choose whether the image displayed on the badge uses a • •

cardholder picture or an image from a file, and whether the image should be stretched or not. In the Text section, you can add cardholder fields, as well as edit the text, the text color, and the text alignment. In the Color and border section, the following options are available:

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

366

Badge template



Fill. Use to modify the fill color of an inserted object like a square or oval.



Border. Use to modify the border color of an inserted object.



Opacity. Use to modify the opacity of an inserted object.

Border thickness. Use to modify the thickness of the inserted object’s border In the Size and position section, you can choose where the text or image is located on the badge, and its width and height. 



• Properties (

). Opens the Format dialog box, where you can select from the following card sizes and orientation:

• • • • • •



CR70



CR80



CR90



CR100



Custom card size



Orientation. You can choose Landscape or Portrait orientation.

Import (

). Import a badge template to use.

Export (

). Save your badge template.

Cut (

). Delete the selected item on the badge template.

Copy (

). Copy the selected item on the badge template.

Paste (

) . Paste the copied item onto the badge template.

Send to back ( ). Send the selected item to the background of the badge template. This is option is helpful if you want to have a background image on the badge.

• Bring to front (

). Bring the selected item to the foreground of the badge template.

For more information about creating badge templates, see "Defining badge templates" on page 289.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

367

Camera (video encoder)

Camera (video encoder) The camera entity represents a single video source on your system. The video source can be an IP camera or an analog camera connected to a video encoder. A video encoder is the device that converts an analog video source to a digital format using a standard compression algorithm (H.264, MPEG4, or M-JPEG). The video encoder is one of the many devices found on a video unit. Each video encoder can generate one or multiple video streams using different compression schemes and formats for different usages. In the case of an IP camera, the camera and the video encoder form an inseparable unit. Because of the intimate relationship between the camera and the video encoder, the two terms are often used interchangeably. System: Omnicast IP video surveillance Views: Video – Units (under Archiver) Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Video

Video stream configuration (usage and quality) based on schedules. Not available for federated cameras.

Recording

Video recording settings. Can be inherited from the archiving roles or customized for each camera. Not available for federated cameras.

Motion detection

Motion detection configuration based on schedules. Can be performed on the video unit (certain models only) or on the Archiver. Not available for federated cameras.

Color

Video attribute (brightness, contrast, hue, and saturation) adjustments based on schedules. Not available for federated cameras.

Visual tracking

Visual tracking is a feature in Security Desk that allows you to follow an individual or moving object across different cameras all within the same display tile. This tab is only available for fixed cameras.

Hardware

Hardware configuration such as PTZ protocol, links to audio devices, and unit specific video settings. Not available for federated cameras.

Custom fields

Custom field values for this camera.

Related topics:

• "Configuring cameras" on page 209 • "Camera sequence" on page 393 • "Video unit" on page 494 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

368

Camera (video encoder)

• "Archiver" on page 521 • "Media Router" on page 585

Video The Video tab allows you to define multiple video quality (resolution, frame rate, and so on) configurations for each video stream generated by your video encoder. For each stream, you can also specify its usage (or function) and specific network settings.

This section includes the following topics:

• • • • •

"Video quality" on page 370 "Stream usage" on page 373 "Network settings" on page 374 "Boost quality on manual recording" on page 376 "Boost quality on event recording" on page 376

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

369

Camera (video encoder)

Video quality Video quality refers to the various settings (image resolution, bit rate, frame rate, and so on) that affect the quality the video. Multiple video quality configurations can be defined for the same stream on different schedules. The list below describes all possible settings pertaining to video quality. These settings vary from one manufacturer to another. No single manufacturer supports them all. NOTE For any setting not covered in this section, refer to the manufacturer’s documentation.

• Resolution. Data format and image resolution. The available choices depend on the type of video unit you have. NOTE On certain models of video units that support a large number of video feeds (4 to 12), some high resolution formats might be disabled when you enable all the video streams, because the unit cannot handle all the streams at high resolutions.

• Quality. Video quality depends on a combination of settings. Config Tool proposes a list of predefined configurations for you to choose from. To adjust each of them individually, select Custom from the Quality drop-down list.

• Bit rate. Sets the maximum bandwidth (kbps) allowed for this encoder. See also "Advanced bit rate settings" on page 372.

• Frame rate. This slider sets the number of frames per second (fps). A high frame rate (10 fps or more) produces fluid video and is essential for accurate motion detection. However, increasing the frame rate also sends more information over the network, and therefore, requires more bandwidth.

• Image quality. This slider affects the image quality (the higher the value, the better the quality). Higher image quality requires more bandwidth, which might compromise the frame rate. When bandwidth is limited, you should consider the following: 

To retain very good image quality, restrict the number of images per second (lower frame rate).

To transmit more images per second at a high frame rate, lower the image quality. The encoder will always try to maintain each quality setting. However, if bandwidth is limited, the encoder might reduce the frame rate in favor of the image quality. 

• Automatic settings. Certain models of encoders (such as Bosch) let you select this option instead of setting your own value for image quality. To set the image quality manually, you have to select Custom in the Quality drop-down list.

• Key frame interval. A key frame is a frame that contains a complete image by itself as opposed to a usual frame that only holds information that changed compared to the previous frame. You would need a higher key frame rate to recover more rapidly from cumulative errors in the video when the network is less reliable. Frequent key frames require a higher bandwidth. You can specify the key frame interval in seconds (1 to 20) or by frames (based on the frame rate). gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

370

Camera (video encoder)

• Recording frame rate. The purpose of this setting is to save storage space by recording the video at a frame rate lower than the one used for viewing. This setting only reduces the storage usage, not the bandwidth usage. Setting the Recording frame rate to anything other than All frames locks the Key frame interval.

• Profile and level. Used only for MPEG-4 streams, the profile determines the tools available when generating the stream (for example, interlace, or B frames), and the level limits the resource usage (for example, max bit rate).

• Video object type. The Video Object Type (VOT) to use for the MPEG-4 streams. The available choices are governed by the choice of Profile and Level.

• GOP structure. Stands for Group Of Picture structure. It is possible to configure up to four types of GOP structures: 





I. Stands for Intra frame structure. Meaning only Intra (key frame) frames are sent. This is primarily for using an external multiplexer. IP. Stands for Intra and Predicted frame structure. This setting results in the lowest possible video delay. IPB. Stands for Intra and Predicted and Bidirectional frame structure. This setting enables the user to have a higher quality and a higher delay.

IPBB. Stands for Intra and Predicted and Bidirectional and Bidirectional frame structure. This setting enables the highest quality and a highest delay. GOP length. Stands for Group Of Picture length. With this value, it is possible to change the distance (number of frames) between the intra-frames in the MPEG-2 video stream. 



• Streaming type. Select between VES (video elementary stream), which sends only video information, or PRG (program stream), which sends both video and audio information.

• Input filter mode. This drop-down list lets you select a noise filter to apply to the video signal before it is encoded. It has four settings: None, Low, Medium, and High. NOTE Removing noise from the video signal also reduces the sharpness of the image. If the

video signal is relatively clean, do not apply any filter (None). The higher the filter level, the more blurry the video image becomes. Keeping a sharp image creates more pixels to encode, which uses more bandwidth. This is why on some video units the default is set to Medium.

• Bit rate control. This option lets the encoder automatically lower the bit rate when one of the decoders is reporting transmission errors (dropped packets). This usually happens when there is a lot of motion on the camera. The encoder drops the bit rate as low as necessary to let all decoders receive an error free transmission. When the motion subsides, the encoder gradually increases the bit rate until it reaches the configured maximum limit. The trade-off between low bit rate and transmission errors is that with a low bit rate, the image stays crisp but the video might appear jerky, while with transmission errors, the image contains noises, but the video stays fluid.

• Compression mode. Select between SM4, Verint's proprietary version of MPEG-4 compression, or ISO, the standard MPEG-4 compression.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

371

Camera (video encoder)

Advanced bit rate settings Certain types of video units (such as Axis) allow you to set the maximum bit rate at the unit level (see Video unit – "Properties" on page 496). In this case, there is an additional drop-down list (bit rate mode) for your bit rate setting.

You have two values to choose from for the bit rate mode:

• Variable. Variable bit rate (VBR) adjusts the bit rate according to the complexity of the images in the video. This uses a lot of bandwidth when there is a lot of activity in the image and less bandwidth when the monitored area is quiet.

• Constant. Constant bit rate (CBR) allows you to set a fixed target bit rate that will consume a predictable amount of bandwidth, which will not change, whatever happens in the image. This requires you to set another parameter, the Bit rate priority.

Bit rate priority If you choose to maintain a constant bit rate, the encoder might not be able to keep both the frame rate and the image quality at their set values when the activity in the image increases.

The Bit rate priority lets you configure which aspect of video quality you wish to favor when you are forced to make a compromise.

• Frame rate. Maintains the frame rate at the expense of the image quality. • Image quality. Maintains the image quality at the expense of the frame rate. • None. Lowers both the frame rate and the image quality to maintain the bit rate.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

372

Camera (video encoder)

Stream usage The Stream usage options are only available for encoders capable of generating multiple video streams. It allows you to specify the usage (or function) of each stream.

The stream usage options are the following:

• • • •

Live. Default stream used for viewing live video in Security Desk. Recording. Stream recorded by the Archiver for future investigation. Remote. Stream used for viewing video when the bandwidth is limited. Low resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is small. See "Automatic stream selection" on page 211.

• High resolution. Stream used instead of the Live stream when the tile used to view the stream in Security Desk is large. See "Automatic stream selection" on page 211. NOTE Every stream usage must be covered by a stream, but not every stream needs to be assigned a usage. The streams that have no usage assigned are simply not generated, which conserves CPU on the unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

373

Camera (video encoder)

Network settings The Network settings options allow you to configure the desired connection type used by the video encoder.

The network settings are the following:

• UDP port. Port number used when the connection type is unicast UDP. If the encoder supports multiple video streams, this parameter is different for each stream.

• Connection type. Defines how communication is established between the Archiver and the unit for sending or receiving video streams. Each device on the same unit could support different connection types. 





Best available. Lets the Archiver select the best available connection type for the stream. The best available types rank in this order, according to availability: Multicast, UDP, TCP, RTSP over HTTP, and RTSP over TCP. When the stream is requested for recording only, multicast is removed from the list, so the best available types start with UDP. Unicast UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted using the RTP protocol. Unicast TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the broad sense. For some types of cameras, the Archiver establishes a TCP connection to the unit and receives the stream in a proprietary protocol. For others, the stream is

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

374

Camera (video encoder)

sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by the unit. The Archiver has to convert the stream to the RTP protocol to be archived or retransmitted to the system. 



RTSP stream over HTTP. This is a special case of TCP connection. The Archiver uses the RTSP protocol to request the stream through an HTTP tunnel. The stream is sent back through this tunnel using the RTP protocol. This connection type is used to minimize the number of ports needed to communicate with a unit. It is usually the best way to request the stream when the unit is behind a NAT or firewall, because requests sent to HTTP ports are easily redirected through them. RTSP stream over TCP. This is another special case of TCP connection. The Archiver uses the RTSP protocol to request the stream in TCP. The request is sent to the RTSP port of the unit.

Same as unit. Special case for Panasonic units. The connection type is the same for all streams of the unit. When present, it is the only connection type supported. The real connection type must be set in the specific configuration page of the unit. Multicast address. The multicast address and port number are assigned automatically by the system when the video unit is discovered. Each video encoder is assigned a different multicast address with a fixed port number. If the encoder is capable of generating multiple video streams, then a multicast address should be assigned to each stream. This is the most efficient configuration. 



Normally, you do not need to be concerned with the multicast addresses. However, if you are short of multicast addresses (certain switches are limited to 128), you can use the same multicast address on multiple encoders, and assign a different port number to each. This solution is less efficient than using a different address for each encoder, because it will cause more traffic than is necessary on the network. NOTE All multicast addresses must be between the range 224.0.1.0 and 239.255.255.255. For these changes to take effect, you must restart the unit. To do so, select the unit in the Roles view task, and click the Reboot ( ) button in the Contextual commands toolbar.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

375

Camera (video encoder)

Boost quality on manual recording The Boost quality on manual recording option is only available for the recording stream. It allows you to configure a sudden boost of quality when the recording is started manually by a user.

The actions that trigger manual recording are as follows:

• The Record button ( ) is clicked by a Security Desk user. • The Add a bookmark button ( ) is clicked by a Security Desk user. See also "Common boost quality settings" on page 376.

Boost quality on event recording The Boost quality on event recording option is only available for the recording stream. It allows you to configure a sudden boost of quality when the recording is triggered by a system event. The events that qualify as event recording are as follows:

• The Start recording action was executed. • The recording was triggered by an alarm. • The recording was triggered by motion. See also "Common boost quality settings" on page 376.

Common boost quality settings This section describes the common behavior of the two Boost quality options.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

376

Camera (video encoder)

The boosted quality settings you can configure are the same as the ones described in the section "Video quality" on page 370. When both sets of events are triggered, the event recording settings have priority over the manual recording settings. The duration of the quality boost depends on the type of event and the duration configured in the Recording tab of the camera. For more information, see Camera – "Recording" on page 378. The ON/OFF switch tells the system whether the video quality should be boosted every time the triggering events occur (ON), or only on demand (OFF). When boost on demand is selected (switch=OFF):

• You can demand the boost quality settings to be applied explicitly by executing one of the following actions: 

Override with manual recording quality.



Override with event recording quality.

• Once the boost quality settings are applied through an action, they have precedence over any other settings currently in effect. To return to the normal settings, you must execute the following action: 

Recording quality as standard configuration.

For more information about executing actions, see "Using event-to-actions" on page 106.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

377

Camera (video encoder)

Recording The Recording tab allows you to customize the recording settings on each individual camera instead of following the archiving role settings.

If the camera is associated to additional Auxiliary Archiver roles, roles, you’ll find one group of settings for each archiving role the camera is associated to. For each recording configuration, the camera can follow the settings inherited from the role or use its own custom settings. For more information on the rest of the recording settings related to:

• An Archiver, see "Camera recording" on page 522. • An Auxiliary Archiver, see "Camera recording" on page 544.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

378

Camera (video encoder)

Motion detection The Motion detection tab allows you to define multiple motion detection configurations for your camera. Each configuration is based on a different schedule.

What is a motion detection configuration? A motion detection configuration is a group of settings that specify how motion is detected on a camera, and when these settings are applied (based on a schedule). Every camera has a default motion detection configuration based on the Always schedule. The default motion detection configuration can be modified but not deleted. The motion detection settings are as follows:

• Motion detection. Turns motion detection ON or OFF for the time periods covered by the schedule.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

379

Camera (video encoder)

• Detection is done on. Specifies whether motion detection is performed on the Archiver (always available), or on the video unit (not all units support this feature). See also "Limitations with motion detection on unit" on page 385.

• Sensitivity. Controls how much difference must be detected in a block between two consecutive frames before it is highlighted as a motion block (see "Motion block" on page 380). With the sensibility set to the maximum (100%), the slightest variation in an image block is detected as motion. Lowering the sensitivity reduces the number of motion blocks detected in the video. Only set the sensitivity lower than 100% if your equipment is prone to generate noise. TIP A plain image, such as viewing an empty wall, is more prone to generate noise than an image containing a lot of detail.

You can also set the sensitivity value automatically (see "Automatically set motion detection sensitivity" on page 381). See also "Advanced H.264 motion detection" on page 382.

• Consecutive frame hits. A frame where the number of motion blocks reaches the Motion on threshold is called a hit. Setting this parameter higher than 1 helps avoid false motion detection hits, such as from video noise in a single frame. This setting ensures that positive motion detection is only reported when a hit is observed over a certain number of consecutive frames. When enough consecutive hits have been observed, the first hit in the series is marked as the beginning of motion.

• Motion zones. Defines where on the video image motion should be detected. Up to six different motion zones can be defined per configuration. For the purpose of motion detection, the video image is divided into a large number of blocks (1,320 for NTSC encoding standard and 1,584 for PAL). Each of these blocks can be individually turned on/off for motion detection. A block where motion detection is turned on is represented by a semi-transparent blue square overlay on the video image. See "Drawing tools for motion zones" on page 383.

Motion block A block is called a motion block when motion is detected in it. There is positive motion in a video image when the area covered by the block detects motion in two consecutive video frames. The number of motion blocks detected represents the amount of motion. A motion block is represented by a semi-transparent green square overlay on the video image.

What constitutes a positive motion detection? Simply seeing motion blocks on the video does not necessarily mean that the system will generate a motion related event. It could simply be noise. To determine when motion actually started (Motion on event) and when it stopped (Motion off event), two more parameters must be configured on top of the Sensitivity and Consecutive frame hits:

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

380

Camera (video encoder)

• Motion on threshold. Indicates the minimum number of motion blocks that must be detected before the motion is significant enough to be reported. Together with the Consecutive frame hits, a positive motion detection is made.

• Motion off threshold. In the same way the Motion on threshold detects the beginning of motion, the Motion off threshold detects the end of motion. Motion is considered stopped when the number of motion blocks drops below the Motion off threshold for at least 5 seconds. CAUTION Light reflections on windows, switching lights on/off, and light level changes caused by cloud movement can cause undesirable responses from the motion detection algorithm, and thereby generate false alarms. Carry out a number of tests for different day and night conditions to ensure correct interpretation of the video images. For surveillance of indoor areas, ensure there is a consistent lighting of the areas during the day and at night. Uniform surfaces without contrast can trigger false alarms even with uniform lighting.

Automatically set motion detection sensitivity You can determine what constitutes positive motion detection by automatically setting the sensitivity value. Before you begin: Make sure there is no motion in the camera’s field of view (0 motion blocks). NOTE If your camera is located outdoors, the accuracy of this test might be affected due to wind, moving trees, and so on.

To automatically set the motion detection sensitivity:

• In the camera’s Motion detection tab, select one of the following options from the Auto calibrate drop-down list: 





Current zone. Calibrate the sensitivity for motion detected in the currently selected motion zone on the video image. All zones. Calibrate the sensitivity for motion detected in all the motion zones on the video image. All motion. Calibrate the sensitivity for motion detected on the whole video image.

Different sensitivity values are tested to find the highest value without detecting motion in the image. This test accounts for any unwanted background noise that your camera may pick up and consider as motion.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

381

Camera (video encoder)

Advanced H.264 motion detection When an H.264 stream is selected as the recording stream, the Advanced settings button is available after the Sensitivity slider. Click this button to open the H.264 advanced motion detection settings dialog box where you can refine your motion detection settings for an H.264 stream.

Choose a Preset from the drop-down menu:

• Custom. Allows you to customize your settings using the available sliders. • Vector emphasis. Sets motion detection based on the difference in motion vector values (movement) between consecutive frames.

• Luma emphasis. Sets motion detection based on the difference in luma values (brightness) between consecutive frames. Depending on your unit, the Vector and Luma emphasis presets might not provide desirable results. If you find you are getting too many, or too few motion events, choose Custom from the Preset list and adjust the following slider values until you achieve desirable results. Values range between 0 and 100. The higher the value, the more motion is detected.

• Luma weight. Sets motion detection based on the difference in luma values (brightness) between consecutive frames.

• Chroma weight. Sets motion detection based on the difference in chroma (color) values between consecutive frames.

• Vectors weight. Sets motion detection based on the difference in vector values (movement) between consecutive frames.

• Macroblocks weight. Sets motion detection based on the presence of intra-macroblocks in your frame. This setting is useful when you notice motion detection indicators on still frames. For example, some units generate frames completely comprised of intramacroblocks as a new reference point. When this happens, you will see motion detection blocks covering your whole image. Setting the Macroblocks weight to 0 helps prevent this from happening. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

382

Camera (video encoder)

TIP Test your new settings with the View all motion mode.

Drawing tools for motion zones You draw the motion zone using the following drawing tools: Icon

Tool name

Description

Pen

Draws motion detection blocks one at a time.

Eraser

Erases the motion detection blocks one at a time.

Rectangle

Draws a group of motion detection blocks.

Fill

Covers the entire image with motion detection blocks.

Clear

Clears all motion detection blocks.

Invert

Interchanges the area with motion detection blocks with the area without.

Learning mode

Lets the computer analyze what is typical motion in the image. When typical motion occurs, the motion detection blocks in the affected areas are turned off, so it can be ignored.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

383

Camera (video encoder)

Testing motion detection settings After modifying the motion detection settings for a camera, always test your new settings to make sure that you get the expected results. You can always test your settings in Config Tool whether the motion detection is performed on the Archiver or on the unit. However, the test might not be completely accurate when the motion detection is performed on the unit. See "Limitations with motion detection on unit" on page 385. You have three motion test modes to choose from:

• Test zone. The motion zone is displayed as blue overlays. The motion blocks are displayed as green overlays. The number of motion blocks is updated in real time. When the number of motion blocks reaches the Motion threshold, it is displayed in red.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

384

Camera (video encoder)

• Test all zones. In this mode, all motion zones are displayed at once, with the number of motion blocks in each displayed separately.

• View all motion. In this mode, the entire video image is tested for motion. All motion anywhere on the image is displayed as motion blocks (green overlays). The total number of motion blocks is updated in real time. Use this mode to test the sensitivity setting for this camera.

Limitations with motion detection on unit When motion detection is performed on the unit, not all motion detection settings are taken into consideration. The following list some of the known limitations:

• Not all units support multiple motion detection zones. When switching motion detection •

from Archiver to Unit, the existing zone configurations not supported by the unit will be lost. The unit might not interpret the Sensitivity parameter the same way as the Archiver. Therefore, when testing your motion zones, the results might not be accurately reflected in Config Tool. The Motion search task in Security Desk is not supported.

• • In most cases, the motion indicators (green bars) are not shown in the timeline during playback.

NOTE Axis cameras however are exceptions. They do show the motion indicators in the

timeline during playback when motion detection is performed on the unit. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

385

Camera (video encoder)

Motion related events The default events related to motion detection generated by the system are as follows:

• Motion on. At the beginning of the motion period. • Motion off. At the end of the motion period. You can silence these events or replace them with the custom events of your choice using the Motion events dialog box (click the Events button to open it).

TIP One reason why you would want to use custom events is when you are using multiple motion zones. Each zone can be configured to detect motion in a different area of the camera’s field of view and generate different events. Having different events allows you to program different actions to respond to different situations.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

386

Camera (video encoder)

Color The Color tab allows you to adjust the video attributes such as brightness, contrast, hue, and saturation, based on different schedules.

Click the Add schedule button to add an new color configuration. Click the Load default button to reset all parameters to their default values. TIP A typical use of this feature is to automatically control the brightness and contrast based on ambient light. For more information, see "What is a twilight schedule?" on page 104.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

387

Camera (video encoder)

Visual tracking Visual tracking is a Security Desk feature that allows you to follow an individual or moving object across different cameras and all within the same display tile. For more information, see “Using visual tracking” in Genetec Security Desk User Guide. The Visual tracking tab is where you configure this feature.

How visual tracking works When visual tracking is turned on, semi-transparent overlays (colored shapes drawn over the video) appear in the tile showing that camera. Each overlay corresponds to one or more adjacent cameras. Simply click the overlay to switch to an adjacent camera. Video from the camera you switched to is displayed within the same tile. For more information, see "Configure visual tracking" on page 212.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

388

Camera (video encoder)

Hardware The Hardware tab allows you to associate other hardware devices (PTZ motor, Speaker, Microphone, and so on) to this camera and configure specific hardware settings.

When the unit is initially added to the system, all hardware devices belonging to the same unit are configured by default. You can manually associate your camera to other devices, according to how they are physically connected.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

389

Camera (video encoder)

PTZ configuration If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor separately before you can control it in Security Desk. When you turn the PTZ switch on, additional settings appear.

• Protocol. Protocol used by the PTZ motor. • Serial port. Serial port used to control the PTZ motor. Click

to set the Idle delay, Idle command, and Lock delay parameters.

• Enhanced PTZ. Turn this option on to enable the zoom-box and center-on-click PTZ commands. For more information, see "Configure PTZ motors" on page 214.

• Calibrate. Click to calibrate the PTZ. See "Calibrate the PTZ coordinates" on page 215. NOTE Not all cameras require PTZ calibration.

• PTZ address. Number identifying the selected PTZ motor on the serial port. This number is important because it is possible to connect more than one PTZ motor on the same serial port. This number must correspond to the dip switch settings on the PTZ hardware.

Idle delay The idle delay is used in two ways:

• The idle delay defines the period of inactivity after which the PTZ is considered idle. When a user starts moving the PTZ when it is idle, the PTZ activated event is generated. When the idle delay expires, the PTZ stopped event is generated. As long as there are users who continue to move the PTZ, the countdown timer continuously restarts.

• The same idle delay value is also used specifically for the zoom operation on a PTZ. Whenever a user starts to zoom the PTZ, the PTZ zoom by user event is generated. After the last zoom operation, when the idle delay expires, the PTZ zoom by user stopped event is generated. For a particular user, idle delay delineates a single zoom activity. A user who zooms several times, with each zoom activity taking place less than 120 seconds after the previous one, will generate only one PTZ zoom by user event, assuming the idle delay is 120 seconds. Then, if another user performs a zoom on the same PTZ before the idle delay has expired, the PTZ zoom by user event is again generated, logged to the second user, and the countdown timer

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

390

Camera (video encoder)

is restarted. Note that in this case, the PTZ zoom by user stopped event is only generated after the Idle delay has expired, and logged to the second user. NOTE The PTZ activated and PTZ stopped events cannot be triggered by a programmed PTZ

action. The PTZ zoom by user and PTZ zoom by user stopped events cannot be generated due to automated PTZ functions such as presets or patterns, or by a programmed PTZ action.

Idle command When the PTZ becomes idle (after the idle delay expires and the PTZ stopped or PTZ zoom by user stopped event is generated), this option determines the next action of the PTZ.

• None. The PTZ remains idle until a user starts controlling it. • Preset. The PTZ moves to a preset position when it becomes idle. • Pattern. The PTZ motor starts a PTZ pattern when it becomes idle. Lock delay When a user controls an idle PTZ, the PTZ becomes implicitly locked for that user. The implicit PTZ lock prevents two users from fighting for the control of the same PTZ. The implicit lock lasts Idle delay + Lock delay seconds after the user has stopped using the PTZ. After this period, the PTZ automatically unlocks.

Speaker and microphone Even if the unit your camera belongs to does not support audio, you can still link your camera with audio devices (speaker and microphone) found on other units.

Camera tampering Select this option to let Security Center process Camera tampering events issued by the unit. This setting is only available if the video unit is capable of detecting camera tampering. Typically, any dysfunction that prevents the original scene from being viewed properly can by treated as an attempt to tamper with the camera. This can be a partial or complete obstruction of the camera view, a sudden change of the field of view, or a loss of focus. You can control the sensitivity of the unit’s alarm notification mechanism by specifying the Minimum duration that a dysfunction must last before the unit issues a Camera tampering event. Select the Alarm for dark images option if total obstructions are to be considered as dysfunctions.

Audio alarm Select this option to let Security Center process audio alarms issued by the unit as Audio alarm events. This setting is only available if the video unit is capable of raising audio alarms.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

391

Camera (video encoder)

NOTE The Alarm level sets the value used to trigger audio alarms on the unit. A unit can be configured to issue audio alarms when the sound level rises above or falls below the set value. The alarm level can be set in the range 0-100%, where 0% is the most sensitive and 100% the least sensitive.

Image rotation Use this setting to correct the orientation of the image when the camera is mounted upside down or at a 90 degree angle. The rotation options might vary depending on the model of the camera.

Lens type Use this setting to select the lens type for cameras with interchangeable lenses. Depending on the selected lens type, you might have additional settings to configure, such as dewarping a fish-eye lens. For more information, see the Security Center Video Unit Configuration Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

392

Camera sequence

Camera sequence The camera sequence entity defines a list of cameras that are displayed one after another in a rotating fashion within a single tile in Security Desk. When displayed in a Security Desk, the camera sequence can be paused (stop cycling) and unpacked (showing all cameras at the same time). The cameras composing the sequence can be fixed, PTZ enabled, or federated. Each camera is given a preset amount of display time. Dome cameras can be configured to point to a preset position, to run a pattern, or to turn on/off an auxiliary switch. System: Omnicast IP video surveillance Views: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Cameras

Configuration of the cameras composing the sequence.

Custom fields

Custom field values for this camera sequence.

Related topics:

• "Camera (video encoder)" on page 368 • "Creating camera sequences" on page 218 • “Viewing a camera sequence” in the Security Desk User Guide

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

393

Camera sequence

Cameras The Cameras tab allows you to configure the cameras composing the camera sequence. The order of the cameras in the list is the order they will be displayed in Security Desk. For information about creating camera sequences, see "Creating camera sequences" on page 218.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

394

Cardholder

Cardholder The cardholder entity represents a person who can enter and exit secured areas using their credentials (typically access cards), and whose activities can be tracked.

System: Synergis IP access control Task: Access control – Cardholders Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Cardholder’s personal information and status.

Picture

Cardholder’s picture.

Custom fields

Custom field values for this cardholder.

Related topics:

• "Badge template" on page 365 • "Cardholder group" on page 398 • "Credential" on page 401

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

395

Cardholder

Properties The Properties tab shows the cardholder’s personal information and status. Additional information might be found in the Custom fields tab. For information about configuring cardholders, see “Cardholder management” in the Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

396

Cardholder

Picture The Picture tab allows you to assign a picture to the cardholder. For information about editing cardholder pictures, see “Assign a picture to the cardholder” in the Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

397

Cardholder group

Cardholder group The cardholder group entity is used to configure the common access rights and properties of a group of cardholders.

System: Synergis IP access control Task: Access control – Cardholder groups Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Cardholder group properties and members.

Custom fields

Custom field values for this cardholder group.

Related topics:

• "Cardholder" on page 395

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

398

Cardholder group

Properties The Properties tab lets you view and configure the members of this cardholder group, and configure their common properties. Additional information might be found in the Custom fields tab.

• Group available for visitors. Set this to ON if this group will be used for visitors • Email address. Set an email address here for automated actions associated to the group • Security clearance. (Only visible to administrative users) Set the security clearance level for the cardholder group. A cardholder group’s security clearance level determines their access to areas when a minimum security clearance level is required on areas by setting a threat level in Security Center. For more information, see "Set minimum security clearance" on page 122. Level 0 is the highest clearance level, with the most privileges. 

Inherited from parent cardholder groups. The cardholder group’s security clearance level is inherited from their parent cardholder group. When multiple parent cardholder groups exist, the highest clearance level is inherited.

Specific. Set a specific security clearance level for the cardholder group. Cardholders. Define the cardholder group members using the and buttons. Both individual cardholders and other cardholder groups can be members. 



gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

399

Cash register

Cash register The cash register entity represents a single cash register (or terminal) in a point of sale (POS) system. Cash register entities are created by the Point of Sale role. They identify the transaction data imported by the Point of Sale role from an external POS system. Security Center can link Omnicast cameras to cash registers to provide video support to help security officers in their investigations. For more information, see “Transactions” in the Security Desk User Guide. IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin must be enabled on the machine where Security Desk is installed. For more information, see “Enable Point-of-Sale plugin” in the Security Center Installation and Upgrade Guide.

System: General Task: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Cameras

Cameras used to monitor this cash register in Security Desk.

Custom fields

Custom field values for this cash register.

Location

Time zone and geographical location for this cash register.

Related topics:

• "Point of Sale" on page 595 • “Transactions” in the Security Desk User Guide

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

400

Credential

Credential The credential entity represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time. Credentials are really “claims of identity”. A credential distinguishes one cardholder from another.

System: Synergis IP access control Task: Access control – Credentials Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Credential information and status.

Badge template

Default badge template associated to this credential.

Custom fields

Custom field values for this credential.

Related topics:

• "Badge template" on page 365 • "Cardholder" on page 395

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

401

Credential

Properties The Properties tab lets you configure the credential information and status. Additional information might be found in the Custom fields tab.

Credential information This section identifies the details of the credential itself. If the credential is an access control card, the format, facility code and card number will be shown.

• Cardholder. Displays the cardholder this credential is associated with. The cardholder can be changed if required.

State This section shows whether the credential status is active or Inactive/Lost/Stolen/Expired. It also displays the date and time when the credential was attributed to this state. Expiration - An expiration date/time can be set here so the credential expires automatically on a certain date and time.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

402

Credential

Badge template The Badge template tab defines the default badge template associated to this credential.

The badge template tab allows you to preview what the credential will look like when printed using any specific badge template. You can also print the card credential.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

403

Door

Door The door entity represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides named by default “A” and “B”. Each side is an access point (entrance or exit) to a secured area.

System: Synergis IP access control Task: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

General behavior of the door.

Unlock schedules

Scheduled periods when the door should not be used for secured access.

Hardware

Physical wiring configuration of the door to access control units and associations to monitoring cameras.

Access rules

Access rules applied to this door.

Custom fields

Custom field values for this door.

Related topics:

• • • •

"Access control unit" on page 337 "Access rule" on page 349 "Area" on page 360 "Elevator" on page 410

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

404

Door

Properties The Properties tab allows you to configure the general behavior of the door.

• Standard grant time. Amount of time the door is unlocked after an access granted event is generated.

• Access time. Amount of time the cardholder has to cross the entry sensor, in addition to the Standard grant time. If no entry is detected during this time, a No entry detected event is generated. This option is only supported when your door is configured with an entry sensor. EXAMPLE If the Standard grant time is 5 seconds, and the Access time is 5 seconds, the

cardholder has a total of 10 seconds to cross the entry sensor of the door.

• Extended grant time. For cardholders with the property “extended grant time” turned on, the amount of time the door is unlocked after access is granted.

• Extended access time. For cardholders with the property “extended grant time” turned on, the amount of time the cardholder has to cross the entry sensor, in addition to the Extended grant time. If no entry is detected during this time, a No entry detected event is generated. This option is only supported when your door is configured with an entry sensor. EXAMPLE If the Extended grant time is 10 seconds, and the Extended Access time is 10

seconds, the cardholder has a total of 20 seconds to cross the entry sensor of the door.

• Trigger a ‘door open too long’ event. The event ‘door open too long’ will be generated after this duration. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

405

Door

• Ignore ‘door forced open’ events. Ignore ‘door forced open’ events. • Unlocked for maintenance. Door is unlocked, and possibly pinned open for maintenance purposes. Do not generate the normal events when in maintenance-mode. The values in the Request to exit section are generally used to decrease the number of false Request to exit events at a door.

• Time to ignore ‘Request to exit’ after granted access. Ignore any requests to exits for this long after access has been granted.

• Unlock on request to exit. Set to ON if a REX is being used, and you want to automatically grant the request to exit.

• Ignore ‘Request to exit’ events while door is open. Do not generate REX when door is open.

• Time to ignore ‘Request to exit’ after door closure. Once the door has closed, wait this long before generating any more Request to exit events.

Unlock schedules Unlock schedules represent scheduled periods when the door should not be used for secured access. It is unlocked, and no access rules are in effect.

A typical use of an unlock schedule might be:

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

406

Door

The main door of the office should be unlocked from 9:00 AM-12:00 PM, locked from 12:00 PM - 1:00 PM, and unlocked again from 1:00 PM - 6:00 PM.

• Click the add button below Unlock schedules to apply free access periods. • Click the add button below Exceptions to unlock schedules to apply “controlled access” periods.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

407

Door

Hardware The Hardware tab allows you to configure the physical wiring relationships between the access control unit and the door, and associate cameras to door sides.

Match each one of these functions to correspond with the physical wiring done on the controller and door. EXAMPLE The physical door has the following installed: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

408

Door

• • • • •

A reader wired on door side A A REX wired on door side B A strike relay on the door lock A door sensor An auxiliary relay wired to a buzzer

In Config Tool, the door entity must have Card-In/REX out configuration. Door side A can be named Entry, and door-side B can be named Exit.

Access rules The Access rules tab displays the access rules applied to this door.

In the example above, we can see that an access rule called Employees only is applied to the Entry side of the door but no rule is applied to the Exit side because of a Request to exit device.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

409

Elevator

Elevator The elevator entity provides access control properties to elevators. For an elevator, each floor is considered an entry point for the area corresponding to that floor. CAUTION To configure an elevator, make sure you have an access control unit dedicated to the control of an individual elevator cab. In other words, the access control unit used for elevator control cannot be shared for any other purpose.

System: Synergis IP access control Task: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Floors

Physical wiring relationships between the access control unit and the elevator floors, and cameras used to monitor this elevator in Security Desk.

Access

Access rules applied to the elevator floors, and scheduled periods when the elevator floors should not be used for secured access.

Advanced

Advanced behavior of the elevator.

Custom fields

Custom field values for this elevator.

Related topics:

• • • •

"Access control unit" on page 337 "Access rule" on page 349 "Area" on page 360 "Door" on page 404

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

410

Elevator

Floors The Floors tab allows you to configure the physical wiring relationships between the access control unit and the elevator floors, and select cameras used to monitor this elevator in Security Desk.

• • • •

Preferred unit. Assign an access control unit to manage this elevator cab’s panel. Elevator cab reader. Assign a reader interface to be used inside the elevator cab. Camera. Select a camera to monitor this elevator in Security Desk. Floors. Assign push button relays and inputs to the elevator floor buttons. 



Push button relay. Assign output relays to the different elevator floor buttons. Access granted events cause an output relay to close, which enables the button-push to request a certain floor. Floor tracking. (Optional) Assign inputs to elevator floor buttons. When you assign inputs, Security Center can take note of which floor button was pushed.

The floor configurations can be added, deleted, or modified with the add buttons at the bottom of the page.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

, delete

, and

411

Elevator

Access The Access tab lets you configure the access rules applied to each of the elevator floor, and determine when access to floors is controlled and when free access to elevator floors is available.

• Access rules. Select access rules to determine which floor buttons are enabled, when, and for which cardholders. Different access rules can be applied to different floors, or applied to all floors. In the example above, the access rule Weekdays applies to all floors.

• Exceptions. Determine if there are any exceptions to the access rule you set. 

Schedule. Select a schedule when the exception applies.



Floor. Select which floors the exception applies to.

Mode. Select whether access to the elevator floor is free or controlled during the exception schedule. In the example above, controlled access is used when the office is closed. 

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

412

Elevator

Advanced The Advanced tab lets you configure the advanced behavior of this elevator.

• Grant time. This value indicates for how long the elevator floor button will be enabled after the access granted event has been generated.

• Free access when the output relay is: 



Normal. Floor access is enabled when the access control unit output relay is deenergized. This means that a power loss results in free access to the floor. Active. Floor access is enabled when the access control unit output relay is energized. This mean that a power loss results in floor access being denied.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

413

Hotlist

Hotlist The hotlist entity defines a list of wanted vehicles. Each vehicle in the list is identified by a license plate number, the license plate issuing state (or province, or country), and the reason why the vehicle is wanted (for example, Stolen, Wanted felon, Amber alert, VIP, and so on). Additional vehicle information can include the model, the color, and the vehicle identification number (VIN). Hotlists are used by both the AutoVu Patroller and the AutoVu LPR Manager role to check against license plates captured by LPR units to identify vehicles of interest. The hotlist entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include overtime, permit, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a plate read matches a plate on a hotlist, it is called a hotlist hit. System: AutoVu IP license plate recognition Task: LPR – Hotlists Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Configure the basic parameters of the hotlist, including: assigning priority to a hotlist, and the location and attributes of the hotlist data file.

Advanced

Configure the advanced parameters of the hotlist, including: assigning color, sound, email address for notifications, and enabling hotlist and permit editor support.

Custom fields

Custom field values for this hotlist.

Related topics:

• "LPR Manager" on page 567 • "LPR unit" on page 426

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

414

Hotlist

Properties The Properties tab is where you configure the basic properties of the hotlist (hotlist priority, hotlist path, attributes, and so on). These settings tell Security Center how to parse the hotlist file into the format required by the Patroller and the LPR Manager to identify plates read by Sharp units. For more information on how to configure hotlists, see “Configuring hotlists” in the AutoVu Handbook.

• Priority. Choose a hotlist priority. Zero (0) is the highest priority setting and 100 is the lowest priority setting. This setting is used to resolve conflicts when a plate read matches more than one hotlist, in which case the hotlist with the highest priority is displayed first in the list of hotlist matches.

• Hotlist path. Type the path or browse to the hotlist text file. Every hotlist entity in Security Center must be associated with a text file containing the actual hotlist data; that is, license plate numbers and other related vehicle information. The associated text file is typically created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files). The source text file can be located on the LPR Manager computer’s local drive (for example, the C drive), or on a network drive that is accessible from the LPR Manager computer. If you start typing a path to a network drive, the Username and Password fields appear and you’ll need to type the username and password to access the network drive.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

415

Hotlist

• Use delimiters. Tells Security Center that the fields in the hotlist file are of variable length and indicates the character used to separate each field in the file. By default, Use delimiters is set to On, and the delimiter specified is a semi-colon (;). If your hotlist file is made up of fixed length fields, set Use delimiters to Off. Security Center supports the following delimiters: 

Colon (:)



Comma (,)



Semi-colon (;)



Tab (Tab)

If your hotlist file uses Tab as a delimiter (i.e. the “Tab” key on your keyboard), type the word “TAB” as the delimiter character. IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use more than one Tab space to align columns in your hotlist file or Security Center may not be able to parse the hotlist.

• Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and permit editor task. IMPORTANT Please note the following about the Hotlist and permit editor: 

A user must be granted the privilege to use the Hotlist and permit editor.



Only the first 100,000 rows of a hotlist are loaded into the Hotlist and permit editor.

If an error occurs while the hotlist is being loaded, the loading process is cancelled and an error message is displayed. However, you will not lose any of the data loaded before the error occurred, and you can still edit the data loaded into the editor. Attributes. Tells Security Center the name and order of the fields in the source text file. From the Attributes area, you can add, delete, or edit the data fields (attributes). Security Center includes the following default attributes: 









Category. (Mandatory field) Reason why a license plate number is wanted. For example: Scofflaw, Stolen, Amber alert, Wanted felon, and so on. When a hit occurs, this field is displayed on the hit screen in Patroller and Security Desk. PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate. Patroller uses the PlateNumber to match against a plate read. When a hit occurs, this field is displayed on the hit screen in Patroller and Security Desk. PlateNumber. (Mandatory field) The license plate number.

The following fields are shown by default, but are optional. If there is no start or end date for the hotlist, you can delete these fields, or simply leave them blank. 

EffectiveDate. Date at which the hotlist starts to be effective.



ExpiryDate. Date after which the hotlist is no longer valid.

IMPORTANT Please note the following about hotlist attributes.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

416

Hotlist





The hotlist text file must include Category, PlateState, and PlateNumber fields. For this reason, these fields already appear in the attribute list and cannot be deleted from the list. There cannot be any spaces within an attribute name.

You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber. Add ( ) or Edit ( ) a hotlist attribute. Configure the following: 







Name. Name of the field. It may contain spaces. Only the three compulsory fields, Category, PlateState and PlateNumber cannot be renamed. Value. The default value is interpreted differently depending on whether delimiters are used or not. 











If delimeters are in use, the default value is written into this field. Fields already populated will be overwritten. If delimeters are not in use, and if the field is empty, the default value is written into this field. Fields already populated will not be overwritten.

Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if you add a mandatory attribute called CarColor, the column for CarColor in the source file must have text in it. Fixed length. This option is enabled only if you chose to use fixed length data fields. Indicate the start position of the field in the file record and its length. The position of the first character is zero (0). Date format. Specify a time format if the field contains a date or time value. All standard date and time format strings used in Windows are accepted. If nothing is specified, the default time format is “yyyy-MM-dd”. Translate. You can apply an optional transformation to the values read from the data file. Use this feature to shorten certain values to save space on the Patroller or to enforce spelling consistency.

For example, the following is what you may find in a variable field length data file using a semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, CarMake, and CarColor. AMBER;QC;DEF228;TOYOTA COROLLA;GREEN STOLEN;QC;345ABG;HONDA CIVIC;BLUE STOLEN;QC;067MMK;FORD MUSTANG;YELLOW STOLEN;QC;244KVF;LEXUS IS350;SILVER

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

417

Hotlist

Advanced The Advanced tab is where you configure the advanced properties of the hotlist (the color, sound, download frequency, and so on). These properties are not required for all hotlists, but allow you to customize certain hotlists for specific scenarios. For more information on how to configure hotlists, see “Configuring hotlists” in the AutoVu Handbook.

• Color. Assigns a color to a hotlist. When you choose a color, the map symbol that marks the location of the hotlist hit in Security Desk and Patroller, as well of the Hotlist Hit and Review Hits screen in Patroller, appears in that color.

• Use wildcards. Indicates that the hotlist contains wildcards (partial license plate numbers). You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber. Wildcard hotlists are used in situations where witnesses did not see, or cannot remember a complete license plate number. This allows the officer to potentially intercept vehicles associated with a crime, which otherwise would not have been detected using standard hotlists. Best practice: If using a wildcard hotlist, use the following best practices: 



Do not use more than one wildcard hotlist per Patroller. By default, hotlists are applied at the LPR Manager level. Use only one wildcard hotlist per LPR manager role.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

418

Hotlist



Limit the number of entries to 100 plates.

NOTE If using wildcard hotlists, please note the following: 











An asterisk (*) in the data file indicates a wildcard. Only the PlateNumber field accepts wildcard characters. If the asterisk is found in any other field, it is considered as a normal character. The PlateNumber field is limited to two wildcard characters. If you select Use wildcards, Patroller ignores all hotlist entries that do not contain a wildcard, or that contain more than two wildcard characters. It is the number of wildcards in the PlateNumber field, and not the location of the wildcard, that determines how many mismatched characters are allowed before a match can occur. The position of the wildcards cannot be enforced because, typically, when witnesses report a partial plate number, they do not remember the position of the characters they missed. The sequence of the normal characters in the PlateNumber is respected, such that the three patterns “S*K3*7”, “**SK37”, and “SK37**” are equivalent. EXAMPLE If a wildcard hotlist contains the PlateNumber entry S*K3*7: 



Plate reads NSK357 and ASDK37 will generate a hit because both reads have no more than two mismatched characters (in red) and the sequence “SK37” is respected. Plate read SUKA357, will not generate a hit because it contains three mismatched characters (in red).

Plate read SKU573 read will not generate a hit because the sequence of characters SK37 is not found in the read. Covert. Set the hotlist to a covert hotlist. When you choose this setting, Patroller users are not alerted when a hit occurs. Only users with sufficient privileges can view covert hits in Security Desk. 



• Email address. Set hotlist email notifications. When the hotlist you’re configuring generates a hit, Security Center sends an email to the address you specify. IMPORTANT For this feature to work, the SMTP configuration must be set up in the Server

Admin and the Email notification option must switched to ON in the Config Tool’s LPR Manager Properties tab.

• Sound file. This indicates which sound Patroller should play when a hotlist hit occurs. If you leave this field blank, Patroller plays its default sounds. The path (you must include the filename) indicates the file’s location on the Patroller in-vehicle computer. You can copy sound files to the in-vehicle computer manually, or use the Security Center updater service to push new sound files to Patroller as you would a hotfix. Only .wav files are supported.

• Override privacy for emails. Bypasses any privacy settings you applied at the Directory level (see "Applications" on page 640), and sends an email with real LPR data to the Email address you specified for this particular hotlist.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

419

Hotlist

• Disable periodic transfer. Turns off periodic transfer of hotlist modifications to the Patroller computer. When this setting is off, hotlist changes are only downloaded to Patroller when the user logs on to the application. This option requires a wireless connection between Patroller and Security Center.

• Enable transfer on modification. Transfer hotlist modifications to Patroller as soon as they occur. For example, you can use this option on a hotlist to force Patroller to query for changes more frequently than the periodic transfer period (which applies to all hotlists). This can be useful for Amber alerts because they can be added to a specific hotlist and sent to a Patroller almost immediately. This option requires a continuous wireless connection between Patroller and Security Center.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

420

Intrusion detection area

Intrusion detection area An intrusion detection area entity corresponds to an area (also known as zone or partition, depending on the manufacturer) that is configured on an intrusion panel (also known as alarm panel). Intrusion detection areas might be automatically created by the Intrusion Manager when the intrusion panels on which they are configured are enrolled to your system. Intrusion detection areas are not configurable for the most part, except for the cameras assigned to them for monitoring purposes in Security Desk and the event-toactions. They are automatically updated when the zones they correspond to are updated on the intrusion panels. System: General – Intrusion management Task: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Shows the properties of the intrusion detection area as it is configured on the intrusion detection unit.

Cameras

Cameras used to monitor this intrusion detection area in Security Desk.

Custom fields

Custom field values for this intrusion detection area.

Related topics:

• • • •

"Enroll an intrusion panel" on page 156 "Create an intrusion detection area" on page 159 "Intrusion Manager" on page 563 "Intrusion detection unit" on page 423

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

421

Intrusion detection area

Properties The Properties tab shows the properties of the intrusion detection area as configured on the intrusion detection unit.

NOTE This page is read-only for zones configured on Bosch units.

Property description

• Physical name. Name of the intrusion detection area (sometimes called zone or partition) as it is configured on the physical intrusion panel. Changing the entity name of the intrusion detection area will not change its physical name.

• Intrusion detection unit. Entity name of the intrusion detection unit (intrusion panel) where this area is configured.

• Devices. Name and description of the inputs defining this intrusion detection area. TIP You can assign meaningful names to input and output devices of the intrusion detection unit from the unit’s Peripherals tab. For more information, see "Edit intrusion detection unit peripherals" on page 158.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

422

Intrusion detection unit

Intrusion detection unit The intrusion detection unit entity represents a physical intrusion panel that is monitored and controlled by Security Center. An intrusion panel (also known as alarm panel) is a wall-mounted unit where the alarm sensors (motion sensors, smoke detectors, door sensors, and so on) and wiring of the intrusion alarms are connected and managed. System: General – Intrusion management Task: Intrusion detection – Units Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Hardware specific settings for this unit.

Peripherals

List of all peripheral devices connected to the unit.

Custom fields

Custom field values for this intrusion detection unit.

Location

Time zone and geographical location of this unit.

NOTE Security Center currently supports both Bosch GV2/GV3 series and Honeywell Galaxy Dimension intrusion panels. Only the configuration of Bosch intrusion panels is described in this manual. For the configuration of Honeywell intrusion units in Security Center, see the Honeywell Galaxy Control Panel Integration User Guide, found in the Documentation\Controllers folder of your Security Center installation package.

Related topics:

• "Enroll an intrusion panel" on page 156 • "Intrusion Manager" on page 563 • "Intrusion detection area" on page 421

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

423

Intrusion detection unit

Properties The Properties tab allows you to configure the hardware-specific options for this unit.

• Clear logs after download is completed. Select this option to erase the log from the intrusion panel once it is downloaded to Security Center. NOTE You might not want Security Center to erase the logs on the intrusion panel if the panel

is also monitored by a central monitoring station.

• Interface type. The interface type cannot be changed after the entity is created. If you need to change the interface type, you need to delete the entity and re-create it. For more information, see "Enroll an intrusion panel" on page 156. For the serial interface, you can change the port number. For the IPv4 interface, you can change the IP address of the intrusion panel and its connection port.

• Clock synchronization. Select Automatic synchronization if you want the clock on the intrusion panel to be synchronized with Security Center.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

424

Intrusion detection unit

Peripherals The Peripherals tab lists all peripherals (inputs pins and output relays) connected to the intrusion detection unit. For more information about editing intrusion detection unit peripherals, see "Edit intrusion detection unit peripherals" on page 158.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

425

LPR unit

LPR unit An LPR unit is an IP-based license plate recognition (LPR) device. An LPR device converts license plate numbers cropped from camera images into a database searchable format. Typically, an LPR unit includes two cameras: an LPR camera that produces high resolution close-up images of license plates; and a context camera that produces a wide-angle color image of the license plate and the vehicle. AutoVu Sharp is the LPR unit used in Security Center AutoVu solutions. The Sharp includes license plate capturing and processing components, as well as digital video processing functions, enclosed in a ruggedized casing. Sharps can be deployed in mobile and fixed installations. A mobile installation is where the Sharp is mounted on a vehicle and is integrated into AutoVu Patroller (the in-vehicle software of the AutoVu LPR system), which in turn is integrated into Security Center. A fixed installation is where the Sharp is mounted in a fixed location, such as on a pole, and integrated directly into Security Center. The LPR Manager automatically detects Sharps on the network and adds them to the Security Center system. It detects mobile Sharps through the AutoVu Patroller system they are connected to. It detects fixed Sharps directly through the Security Center discovery port. System: AutoVu IP license plate recognition Task: Role view (under the LPR Manager roles and Patrollers) Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Unit properties such as manufacturer, model, firmware version, network settings, and authentication password.

Custom fields

Custom field values for this LPR unit.

Location

Time zone and geographical location of this unit.

Related topics:

• "LPR Manager" on page 567 • "Patroller" on page 450

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

426

LPR unit

Properties The Properties tab displays hardware and software information about the Sharp unit, such as the IP address and port being using. You can also associate a specific hotlist to the Sharp, or link the LPR camera in the Sharp to an Omnicast camera, or the Sharp's own context camera.

• Properties. Displays hardware and software information about the Sharp unit: 

IP address. IP address of the Sharp unit.



Port. Port used by the LPR Manager to communicate with the Sharp unit.



Version. AutoVu PlateReaderServer software version running on the unit.



Type. Unit hardware version.



Serial number. Unit factory installed serial number.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

427

LPR unit

• Applications. Displays which Updater service and Firmware versions are running on the Sharp.

• Devices. Link the LPR camera to an Omnicast camera. • File association. Select how the Sharp behaves with hotlists: 



Inherit from LPR Manager role. The Sharp uses the hotlists associated with its parent LPR Manager. This is the default setting. Specific. Associate specific hotlists with the Sharp unit. This allows you to create Eventto-actions in Security Desk that trigger on that specific hotlist. For example, if you’re using the Sharp to allow access to a parking lot, you would put the vehicle plates on a hotlist, and then associate that hotlist to the Sharp.

NOTE To reboot a fixed Sharp, click the Reboot button found on the Contextual command toolbar at the bottom of the Config Tool window. If the Reboot button is not visible, log on to the ’s Configuration page, and then select Accept remote reboot requests.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

428

Macro

Macro The macro entity encapsulates a C# program that adds custom functionalities to Security Center. Macros can be executed either manually or automatically. When automated, it is loaded as a background process and executes when a set of conditions are met.

System: General Task: System – Macros Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Features a basic text editor allows you to view and edit your C# code.

Default execution context

Default values for the context variables declared in the macro body. The default execution context is used when the macro is run from the Common tasks area.

Related topics:

• "Using macros" on page 110 • "Tile plugin" on page 480 • "Monitoring the status of your system" on page 177

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

429

Macro

Properties The Properties tab provides a basic text editor for you to write your C# code.

Import from file Click this button to import the source code from a file.

Checking syntax Click this button to validate the C# code. If errors are found in the code, they are listed in a dialog box with the line and column numbers where they are found. NOTE Security Center prevents a macro that has errors from being saved. If a macro has errors,

and you change tabs, it is rolled back to its last error free version.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

430

Macro

Default execution context The Default execution context tab shows the context variables defined in your macro.

About the execution context You can provide input parameters to your macro by declaring mutators. Such mutators must be public. Their type must be one of the following:

• • • •

System.Boolean System.String System.Int32 System.Guid

By declaring mutators, your macro will have an execution context that can be configured in the Default execution context tab. If a macro is run without specifying an execution context, the default execution context is used. This is always the case when a macro is launched from the Contextual commands toolbar in Config Tool. The default execution context can be overridden by specifying your own context.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

431

Monitor group

Monitor group The monitor group entity is used to configure the properties of a group of analog monitors.

System: General Task: Alarms - Monitor groups Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Monitors

General behavior of the analog monitor.

Related topics:

• "Analog monitor" on page 357 • "Managing alarms" on page 111

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

432

Monitor group

Monitors The Monitors tab lets you add multiple analog monitors to the monitor group. Later, when you create alarms, you can add a monitor group and its members as a recipient of the alarm. See "Configuring analog monitors" on page 220. IMPORTANT The order of analog monitors in the monitor group list is important. If you add more than one analog monitor to the monitor group, the first analog monitor in this list will receive the highest priority alarm, the second analog monitor will receive the second highest priority alarm, and so on. The last analog monitor in this list will receive all the other alarms.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

433

Network

Network Network entities are used to capture the characteristics of the networks used by your system so that proper stream routing decisions can be made. Unless your entire system runs from a single private network without communicating with the outside world, you must configure at least one network entity other than the Default network to describe your networking environment. System: General, and more specifically for Omnicast Task: Network view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Network characteristics and routing information.

Related topics:

• "Managing the Network view" on page 82 • "Server" on page 471 • "Media Router" on page 585

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

434

Network

Properties The Properties tab defines the network characteristics and routing information.

Capabilities Data transmission capabilities. This setting is only used by Omnicast for streaming live video on the network. Always select the largest set of capabilities if your network supports them.

• Unicast TCP. Unicast (one-to-one) communication using TCP protocol is the most common mode of communication. It is supported by all IP networks, but it is also the least efficient method for transmitting video.

• Unicast UDP. Unicast (one-to-one) communication using UDP protocol. Because UDP is a connectionless protocol, it works better for live video transmission. When the network traffic is busy, UDP is much less likely to cause choppy video then TCP. A network that supports unicast UDP necessarily supports unicast TCP.

• Multicast. Multicast is the most efficient transmission method for live video. It allows a video stream to be transmitted once over the network to be received by as many destinations as necessary. The gain could be very significant if there are many destinations. A network supporting multicast necessarily supports unicast UDP and unicast TCP. NOTE Multicast requires specialized routers and switches. Make sure you confirm this with

your IT department before setting the capabilities to multicast.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

435

Network

IPv4 address IPv4 has two display modes.

• Subnet display. This mode displays the IPv4 subnet mask as four bytes.

• CIDR block display. The Classless Inter-Domain Routing (CDIR) mode displays the IPv4 subnet mask as a number of bits.

Click

to select the preferred display mode.

IPv6 address Version 6 IP address prefix for your network.

Your network must support IPv6 and you must enable the option Use IPv6 on all your servers. For more information, see "Network" on page 476.

Proxy server You only need to specify the proxy server when Network Address Translation (NAT) is used between your configured networks. The proxy server must be a server known to your system and must have a public port and address configured on your firewall. For more information, see Server – "Properties" on page 472.

Routes Routes are defined by default between every two networks on your system. The route capabilities are limited by the smallest capability set of the two end points. For example, if one end is capable of multicast and the other end is only capable of unicast UDP, the capabilities of the route between these two end points cannot be more than unicast UDP. If the connection between the two end points (for example VPN) only supports unicast TCP, you might have to limit the capabilities of a route even further. You need to delete a route if no direct connection exists between two networks.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

436

Output behavior

Output behavior The output behavior entity defines a custom output signal format such as a pulse with a delay and duration. Output behaviors are used to control output relays that are not being used to control door locks.

System: Synergis IP access control Task: System – Output behaviors Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Output signal pattern.

Related topics:

• • • •

"Access control unit" on page 337 "Video unit" on page 494 "Zone (hardware)" on page 502 "Zone (virtual)" on page 506

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

437

Output behavior

Properties The Properties tab lets your configure the output signal pattern.

Some examples of output behaviors can include controlling a parking gate, flashing a light in the warehouse, and so on. In the image above, the behavior for an output relay is configured to open and close the circuit 10 times over a 10 second period.

• Output type. Choose state, pulse or periodic. State sets the circuit’s state to open or closed, Pulse sets a pulse to be generated, and Periodic sets a cyclic output to be generated.

• Delay. The delay before the pulse or periodic output is generated. • Duration. The duration (in milliseconds) of the pulse. • Infinite. Select this checkbox if the periodic behavior should continue until it is told to stop by another output behavior.

• Duty cycle. The ratio of the output signal pattern pulse width divided by the period. • Period. The time for one complete cycle of the output signal pattern. Output behaviors can be triggered by automatic event-to-action relationships, manually through hot actions in Security Desk, or through IO linking.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

438

Overtime rule

Overtime rule The overtime rule entity specifies time limits of parking within a restricted area (a single parking space, a city district, or both sides of a city block). It also specifies the maximum number of overtime violations enforceable within a single day. The overtime entity is downloaded to Patroller. In Patroller, an overtime hit occurs when the time between two plate reads of the same plate is beyond the time limit specified in the overtime rule. For example, your overtime rule specifies a four hour parking limit within a city district. The Patroller operator does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator then does a second pass through the district at 1:05 P.M. If a plate was read during the first and second pass, Patroller will generate an overtime hit. The overtime rule is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include hotlist, permit, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a pair of plate reads (same plate read at two different times) violates an overtime rule, it is called an overtime hit. System: AutoVu IP license plate recognition Task: LPR – Overtime rules Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

The parking regulations enforced by this entity.

Parking lot

The parking zone where this entity is enforced.

Custom fields

Custom field values for this overtime rule.

Related topics:

• • • •

"Hotlist" on page 414 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

439

Overtime rule

Properties The Properties tab is used to configure the parking regulations enforced by this overtime rule. For more information on how to configure overtime rules, see “Configuring overtime rules in Security Center” in the AutoVu Handbook.

• Color. Assign a color to the overtime rule. When you select the overtime rule in Patroller, the plate reads on the map, and the hit screen, are displayed in this color.

• Vehicle parking position. Each Patroller has two sets of calibrated parameters for the optimal reading of wheel images, based on the parking position of the vehicles: Parallel or Angled (45-degree). This setting tells the Patroller which set of parameters to use. NOTE This setting applies to AutoVu Patroller City Parking Enforcement with wheel imaging applications.

• Long term overtime. Use this option for long term parking; that is, where vehicles can park in the same spot for over 24 hours. When Long term overtime is selected, the parking time limit is specified in days (2 to 5 days). IMPORTANT You can only have one long term overtime rule per Directory.

This option automatically sets the parking regulation to same position, meaning the vehicle has parked overtime when it stays in the same parking space beyond the parking time limit set for such parking space.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

440

Overtime rule

NOTE This setting applies to AutoVu Patroller City Parking Enforcement with or without

wheel imaging. Wheel imaging is recommended if you plan to use this rule to detect vehicles parked long term so that you can distinguish between someone who parks in the same position and a vehicle which has been abandoned.

• Parking enforcement. Select the type of restricted parking area that applies to the time limit: a single parking spot, a district within a city, or both sides of a city block. 

Same position. A vehicle is parked overtime if it parks in the same spot beyond the time limit specified. For example, your overtime rule specifies a one hour parking limit for a single parking space. The Patroller operator does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator does a second pass at 10:05 A.M. If Patroller reads the same plate in the same spot both times, it results in an overtime hit. IMPORTANT For this feature to work, Patroller needs GPS capability.



District. A vehicle is parked overtime if it is parked anywhere within a city district (a geographical area) beyond the specified time limit. For example, your overtime rule specifies a four hour parking limit within a city district. The Patroller user does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator does a second pass through the district at 1:05 P.M. If Patroller reads the same plate in the same district both times, it results in an overtime hit.

Block face (2 sides). A vehicle is parked overtime if it is parked on both sides of a road between two intersections beyond the specified time limit. For example, your overtime rule specifies a 1hour parking limit within a city block face.The Patroller operator does a first pass through the block face at 9:00 A.M. collecting license plate reads. The operator does a second pass down the block at 10:05 A.M. If Patroller reads the same plate in the same block face both times, it results in an overtime hit. Regulation. Defines the parking time limit, when it is to be enforced, the grace period to be granted, and how many times it can be enforced within a single day. You can add, delete, and modify a parking regulation. To add a regulation, click , and do the following. 



gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

441

Overtime rule









Time limit. The parking time limit in hours and minutes. Grace period. Time beyond the parking time limit during which overtime violation is waived. For example, Patroller will generate an overtime hit on a plate when time between the capture of the same plate exceeds the Time limit plus the Grace period. Applicable days. Days of the week when the time limit is enforced. You can select a weekly time frame from the drop-down list: Always (7 days), Weekdays (Monday to Friday), Weekends (Saturday and Sunday), and Custom. To create a custom time frame, click on the days. Applicable hours. Select when the time limit is enforced. You can choose All day or Time range. To define a time range, click in the date picker field, and use the text field or the graphical clock to specify the time.

About multiple overtime violations You can add multiple parking regulations to an Overtime rule to specify the maximum number of citations that can be issued to the same vehicle for the same offence. For example, let’s say your overtime rule has two separate parking regulations defined (of differing time limits if required). If a vehicle exceeds the first parking time limit an overtime hit occurs. If the same vehicle remains parked and subsequently exceeds the second parking time limit, a second overtime hit occurs. If the same vehicle still remains parked a third overtime hit will not occur. By default, Patroller keeps reads associated to an overtime rule for 12 hours. Therefore, if the next day the vehicle is still in the same spot, and exceeds the parking time limit, an overtime hit will occur. To change the reset time of overtime rules, see the Patroller Config Tool setting LinkReadPersistenceDuration.

Parking lot The Parking lot tab defines the parking zone where this parking rule must be enforced. The Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of spaces in the lot, and then draw a polygon on top of the map to represent the physical parking lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in that area. For more information on how this information is being used, see “Zone occupancy report” in Genetec Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

442

Overtime rule

NOTE This applies only to AutoVu Patroller University Parking applications.

You can add multiple lots to a map.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

443

Parking facility

Parking facility The Parking facility entity defines a large open parking area or a parking garage as a number of sectors and rows for the purpose of tracking the location of vehicles inside that parking facility. It is used in the AutoVu Mobile License Plate Inventory (MLPI) application. The license plate inventory is the list of vehicles present in a parking facility within a given time period. Before AutoVu MLPI units (mobile Patrollers and handheld devices) can collect license plates for the inventory, you must define their collection route as a sequence of sectors and rows configured in the parking facility. The sector and row where a license plate is read represents the location of the vehicle inside the parking facility. Security Center collects license plate reads from the MLPI units and creates an inventory for the current date. Using Security Desk, you can find where a vehicle is parked (sector and row) and how long it has been parked there in the current inventory. You can also compare two inventories on different dates to view the vehicle movements (vehicles that were arrived, moved, or left). System: AutoVu IP license plate recognition Task: LPR – Parking facilities Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Assigns an LPR Manager to this entity and configures its sectors and rows.

Custom fields

Custom field values for this parking facility.

Related topics:

• "Patroller" on page 450

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

444

Parking facility

Properties The Properties tab is used to assign an LPR Manager to the parking facility and configure its sectors and rows for the license plate collection route. For more information on how to configure parking facilities, see “Configuring parking facilities” in the AutoVu Handbook.

• AutoVu LPR Manager. Select the LPR Manager responsible for creating and managing the license plate inventory for this parking facility. Only offloads from MLPI Patrollers managed by the same LPR Manager are used to build the inventory for this parking facility. An MLPI Patroller offload can include the vehicle inventory for multiple parking facilities, but only the reads tagged for this parking facility are used to build the inventory. IMPORTANT Make sure to set a Read retention period for the LPR Manager (see "General settings" on page 569) that is long enough for the period of time you want to keep your inventories.

• Configuration. List of sectors, rows, and space count of the parking facility. The parking space of a parking facility is divided into sectors (or levels in the case of a parking garage) for ease of reference. Each sector contains x number of rows, and each row contains x number of spaces. You can configure Patroller to trigger an alarm (sound or warning message) if the reads collected during your sweep of a row exceed the space count for that row. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

445

Parking facility

• Route. License plate collection route to be followed by the MLPI units responsible for collecting the license plates for the inventory. The route is downloaded by the Patrollers and handheld devices assigned to this parking facility. Only one route may be defined per parking facility, but each MLPI device can start its sweeping round at a different point in the route. The route forms a closed circuit. New sectors and rows are added to the end of the route by default. You can change the order of sector-rows in the route using the and buttons.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

446

Partition

Partition The partition entity defines a set of entities that are only visible to a specific group of users. For example, a partition could include all doors, elevators, and cameras in one building. Partitions eliminate the tedious task of creating one-to-one relationships between users and the entities they are allowed to see in the system. If a user has no rights to a partition, that partition and everything it contains are invisible to that user. System: General Task: Security – Partitions Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Defines the members (content) of the partition.

Accepted users

Defines the users who can see the content of the partition.

Related topics:

• • • •

"Managing software security" on page 89 "Defining partitions" on page 90 "User" on page 482 "User group" on page 489

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

447

Partition

Properties The Properties tab allows you to view and manage partition content.

From this tab, you can do the following:

• To share this partition with other independent Security Center systems, switch Global •

partition to ON. For more information, see "Configure a partition for sharing" on page 304. To search for an entity in the members list, use the name filter or the custom filter. For more information, see "Searching for tasks and entities" on page 42.

• To add members to the partition, click

. For more information, see "Add members to a partition" on page 92. To remove the selected entities from the partition membership, click .

• • To jump to the configuration page of the selected entity, click . • To filter the members by entity type, use the Show drop-down list. Related topics:

• "Managing global cardholders" on page 296

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

448

Partition

Accepted users The Accepted users tab allows you to view and configure who can access the content of the partition, and designate some of them as partition managers.

From this tab, you can do the following:

• To show only users, only user groups, or both, use the Entity type scroll-down list. • To add accepted users to the partition, click . For more information, see "Add accepted •

users to a partition" on page 92. To promote the selected user or user group to the status of partition manager, click the Partition manager checkbox NOTE All administrators are by default managers of all partitions. This is shown by the

checkbox selected but greyed out. For more information, see "Who is a partition manager?" on page 91.

• To remove all access rights over the partition from the selected users and user groups, Click .

• To jump to the configuration page of the selected entity, click

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

.

449

Patroller

Patroller A Patroller entity represents the in-vehicle software that runs on board a mobile data computer (MDC). It verifies license plates captured by LPR units mounted on the vehicle against lists of vehicles of interest and vehicles with permits. It also collects data for time-limited parking enforcement. The Patroller interface alerts users of license plates matching the above rules so that immediate action can be taken.

System: AutoVu IP license plate recognition Task: Logical view, or LPR – Units (under LPR Manager) Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Assigns an LPR Manager to this entity and configures its sectors and rows.

Custom fields

Custom field values for this Patroller.

Location

Time zone and geographical location of this unit.

Related topics:

• "LPR unit" on page 426

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

450

Patroller

Properties The Properties tab displays information about the computer hosting the Patroller entity (you cannot edit the Patroller properties). You can also configure sound management, acknowledgment buffer settings, and a hit delay for the Patroller unit. TIP Use the Copy configuration tool to copy these settings to another Patroller entity.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

451

Patroller

• Properties. Lists the properties of the Patroller in-vehicle computer. 

IP address. IP address of the Patroller computer.



Version. Version number of the Patroller application.



Type. Patroller installation type(s).



Serial number. Serial number of the Patroller.



Machine name. Name of the Patroller computer.

• File association. Select how the Patroller behaves with hotlists and/or permit lists: 

Inherit from LPR Manager role. Patroller uses the hotlists and permit lists associated with its parent LPR Manager. This is the default setting.

Specific. Associate specific hotlists or permit lists with the Patroller unit rather than the LPR Manager. If you later want to move the Patroller entity to another LPR Manager on your system, the hotlist or permit list will follow. Sound management. Configure Patroller to play a sound when reading a plate and/or generating a hit, and choose whether sounds should be played even when Patroller is minimized. 





Play sound on hit. Plays a sound when Patroller generates a hit.



Play sound on read. Plays a sound when Patroller reads a plate.

Play sounds even when minimized. Play sounds even if the Patroller window is minimized. Acknowledgment buffer. Specify a buffer restriction that limits how many hits can remain unacknowledged (not accepted or rejected) before Patroller starts automatically rejecting all subsequent hits. You can also choose (by priority) which hotlists should comply with this restriction. 





Reject count. How many unacknowledged hits are allowed.

Reject priority. When you create a hotlist entity, you can specify a priority for that hotlist. This setting tells Patroller which hotlist(s) should comply with the buffer restriction. Hotlist. Specify the Duplicate hotlist hit delay that tells Patroller to disregard multiple hits on the same plate for the duration of the delay. For example, if you set a delay of 10 minutes, no matter how many times Patroller reads the same plate during those 10 minutes, it will generate only one hit (assuming the plate is on a hotlist). 



gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

452

Permit

Permit The Permit entity defines a single parking permit holder list. Each permit holder is characterized by a Category (whose value is the same as the name of the Permit entity), a license plate number, a license issuing state (or province, or country), an optional permit validity range (effective date and expiry date), and an optional Permit ID. Permits are used by AutoVu Patrollers configured for either city or university parking enforcement. The permit entity belongs to a family of methods used by AutoVu to identify vehicles of interest, called hit rules. Other types of hit rules include hotlist, overtime, and permit restriction. When a plate read matches a hit rule, it is called a hit. When a read fails to match any permit loaded in the Patroller, it generates a permit hit. System: AutoVu IP license plate recognition Task: LPR – Permits Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Configuring the parsing of the source permit data file for this entity.

Custom fields

Custom field values for this permit.

Related topics:

• • • •

"Hotlist" on page 414 "Patroller" on page 450 "Overtime rule" on page 439 "Permit restriction" on page 457

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

453

Permit

Properties The permit Properties tab is used to configure the parsing of the source permit data file. For more information on how to configure permits, see “Configuring permits and permit restrictions in Security Center” in the AutoVu Handbook.

• Path. Type the path or browse to the permit text file. Every permit entity in Security Center must be associated with a text file containing the actual permit data; that is, license plate numbers and other related vehicle information. The associated text file is typically created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files). The source text file can be located on the LPR Manager computer’s local drive (for example, the C drive), or on a network drive that is accessible from the LPR Manager computer. If you start typing a path to a network drive, the Username and Password fields appear and you’ll need to type the username and password to access the network drive.

• Use delimiters. Tells Security Center that the fields in the permit list file are of variable length and indicates the character used to separate each field in the file. By default, Use delimiters is set to On, and the delimiter specified is a semi-colon (;). If your permit list file is made up of fixed length fields, set Use delimiters to Off. Security Center supports the following delimiters: 

Colon (:)



Comma (,)

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

454

Permit



Semi-colon (;)



Tab (Tab)

If your permit list file uses Tab as a delimiter (i.e. the “Tab” key on your keyboard), type the word “Tab” as the delimiter character. IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use more than one Tab space to align columns in your file or Security Center may not be able to parse the permit list.

• Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and permit editor task. IMPORTANT Please note the following about the Hotlist and permit editor: 

A user must be granted the privilege to use the Hotlist and permit editor.



Only the first 100,000 rows of a list are loaded into the Hotlist and permit editor.

If an error occurs while the hotlist is being loaded, the loading process is cancelled and an error message is displayed. However, you will not lose any of the data loaded before the error occurred, and you can still edit the data loaded into the editor. Attributes. Tells Security Center the name and order of the fields (attributes) in the source text file. You can add, delete, or edit the fields. 



IMPORTANT There cannot be any spaces within an attribute name. 

Category. (Mandatory field) The name of the parking permit. This field in the permit list’s source text file must match the permit entity name for the entry to be downloaded to Patroller. This field allows you to use one permit list for several permit entities on your system, provided you create permit entities for each permit category in your permit list. EXAMPLE Here is a simple permit list with three different permit categories (Students,

Faculty, and Maintenance). Students;QC;DEF228;2012-01-31;2012-05-31;PermitID_1 Category field

Faculty;QC;345ABG;2012-01-31;2012-07-25;PermitID_2 Maintenance;QC;244KVF;2012-01-31;2012-03-31;PermitID_3

You can use this same permit list for three different permit entities. Create a Students permit entity, a Faculty permit entity, and a Maintenance permit entity, and then point all of them to the same source text file. Security Center will extract the license plates (and related information) whose category is the same as the name of the permit entity. IMPORTANT The permit entity name must match the category name exactly. 

PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate.



PlateNumber. (Mandatory field) The license plate number.

The following fields are shown by default, but are optional. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

455

Permit



EffectiveDate. Date from which the particular permit on the list starts to be effective.



ExpiryDate. Date after which the particular permit on the list is no longer valid.

PermitID. (University Parking Enforcement only) Used when multiple entries in a permit list share the same permit (e.g. car pool permits). Can be used to identify the number of the permit issued to the vehicle whose license plate is identified in PlateNumber. In the case of shared permits, normally up to four separate vehicles would all have the same permit number. Add ( ) or Edit ( ) a permit attribute. Configure the following: 







Name. Only the three compulsory fields, Category, PlateState, and PlateNumber cannot be renamed. Names may contain spaces. Value. The default value is interpreted differently depending on whether delimiters are used or not. 









If delimiters are in use, the default value is written into this field. Fields already populated will be overwritten. If delimiters are not in use, and if the field is empty, the default value is written into this field. Fields already populated will not be overwritten.

Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if you add a mandatory attribute called CarColor, the column for CarColor in the source file must have text in it. Fixed length. This option is enabled only if you chose to use fixed length data fields. Indicate the start position of the field in the file record and its length. The position of the first character is zero (0). Date format. Specify a time format if the field contains a date or time value. All standard date and time format strings used in Windows are accepted. If nothing is specified, the default time format is “yyyy-MM-dd”. For example, the following is what you may find in a variable field length data file using a semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, EffectiveDate, ExpiryDate, and PermitID. MyPermit;QC;DEF228;2012-01-31;2012-05-31;PermitID_1 MyPermit;QC;345ABG;2012-01-31;2012-07-25;PermitID_2 MyPermit;QC;067MMK;2012-03-31;2012-09-11;PermitID_1 MyPermit;QC;244KVF;2012-01-31;2012-03-31;PermitID_3



Translate. You can apply an optional transformation to the values read from the data file. Use this feature to shorten certain values to save space on the Patroller or to enforce spelling consistency.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

456

Permit restriction

Permit restriction The permit restriction entity defines where and when permit holders can park. Different time restrictions can be applied to different permits. For example, a permit restriction may limit the parking in zone A from Monday to Wednesday for permit P1 holders, and from Thursday to Sunday for permit P2 holders. Permit restrictions are used by AutoVu Patrollers configured for University Parking Enforcement. The permit restriction entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles of interest. Other types of hit rules include hotlist, overtime, and permit. When a plate read matches a hit rule, it is called a hit. When a plate read matches a permit restriction, it generates a permit hit. Additionally, a shared permit hit occurs when two plates sharing the same permit ID are read in the same parking zone within a specific time period. System: AutoVu IP license plate recognition Task: LPR – Permit restrictions Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

The parking restrictions applied to this entity.

Parking lot

The parking zone where this entity is enforced.

Custom fields

Custom field values for this permit restriction.

Related topics:

• "Overtime rule" on page 439 • "Patroller" on page 450 • "Permit" on page 453

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

457

Permit restriction

Properties The Properties tab is used to configure the restrictions for the individual permits that apply to the parking zone represented by the rule. For more information on how to configure permit restrictions, see “Configuring permits and permit restrictions in Security Center” in the AutoVu Handbook.

• Color. Color used to represent the permit restriction in Security Desk. In Patroller, permit restrictions are always green for regular permit hits, or blue for shared permit hits. A read is displayed as a triangular-shaped icon in the selected color on the map, when an permit restriction is in effect. When a read violates one of the restrictions, the icon is encircled with a red ring. It indicates a permit hit.

• List of restrictions. Define the time restrictions for the different permits associated to a parking zone. Each time restriction is described by the following attributes: 

Permits. Select the permits the time restriction applies to: 



Everyone. Parking is available to everyone, regardless of whether they have a permit or not. No restriction is enforced during the specified time period. No permit. Only vehicles without permits can park. For example, you can use this type of restriction to reserve a zone for visitors parking. A plate read that matches any of the permits downloaded to the Patroller raises a hit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

458

Permit restriction





All permits. Only vehicles with a permit can park. A plate read that does not match any of the permits downloaded to the Patroller raises a hit. Specific permits. Only vehicles having one or more of the specified permits can park. A plate read that does not match any of the specified permits raises a hit.

When multiple time restrictions apply at a given time, conflicts are resolved by evaluating the restrictions in the following order: 1. Everyone, 2. No permit, 3. All permits, 4. Specific permits. Moreover, a hit is raised when a matched permit is not valid (either not yet effective or already expired). 

Days. Days of the week when parking is allowed.



Hours. Time during the day when parking is allowed.



Validity. Dates when parking is allowed. Choose All year or select a specific time span using the date picker.

NOTE The date span must be longer than one day.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

459

Permit restriction

Parking lot The Parking lot tab defines the parking zone where this parking rule must be enforced. The Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of spaces in the lot, and then draw a polygon on top of the map to represent the physical parking lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in that area. For more information on how this information is being used, see “Zone occupancy report” in Genetec Security Desk User Guide. NOTE This applies only to AutoVu Patroller University Parking applications.

You can add multiple lots to a map.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

460

Public task

Public task The public task entity represents a saved Security Desk task that can be shared among multiple Security Desk users. Public tasks can only be created from Security Desk.

System: All systems Task: Role view Identity

Name and description of this public task. Use the relationships list to manage the visibility of this public task through partitions.

Related topics:

• “Getting started – Save a task” in Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

461

Role

Role The role entity corresponds to a set of functions within Security Center, such as archiving video or managing access control units, and defines the parameters within which these functions must be carried out. Roles must be hosted by servers. Multiple roles can be hosted on a single server, and multiple servers can be assigned to perform the same role, either as a standby, or for load balancing purposes. System: All systems Task: System – Roles Every role type has its particular configuration tabs. The following are the most common ones found in roles. Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Specific properties of the role. See "Role types" on page 510.

Resources

Servers and database assigned to this role.

Extensions

Roles are often required to control hardware devices (units).

NOTE The Directory role is an exception. The Directory role can only be configured using Server Admin. For more information, see "Server Admin" on page 473.

Related topics:

• • • •

"Managing servers and roles" on page 47 "Configuring role failover" on page 61 "Server" on page 471 "Role types" on page 510

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

462

Schedule

Schedule The schedule entity defines a set of time constraints that can be applied to many situations, such as when a user is allowed to log on to the system, when video from a surveillance camera should be recorded, or when access should be granted to a secured area. Each time constraint is defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed range, daytime, and nighttime). There are two subtypes of schedules:

• Standard schedule (

). This type of schedule can be used in all situations. Its only limitation is that it does not support daytime or nighttime coverage.

• Twilight schedule ( ). This type of schedule supports both daytime and nighttime coverages, but cannot be used in all situations. Its primary function is to control video related behaviors. Twilight schedules are not visible in contexts where they are not applicable. System: General Task: System – Schedules Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Time constraints defining this schedule.

Custom fields

Custom field values for this schedule.

Related topics:

• "Using schedules" on page 103 • "Resolving schedule conflicts" on page 105

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

463

Schedule

Properties The Properties tab lets you configure the time constraints that define the schedule.

Date coverage The date coverage defines a date pattern or specific dates to be covered by the schedule.

• Daily. Defines a pattern that repeats every day. • Weekly. Defines a pattern that repeats every week. Each day of the week can have a different time coverage. This option is not available for twilight schedules. For more information, see "Weekly time range" on page 466.

• Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date pattern can have a different time coverage. For example, on July 1st every year, on the first Sunday of every month, or on the last Friday of October every year. For more information, see "Using the ordinal pattern" on page 468.

• Specific. Defines a list of specific dates in the future. Each date can have a different time coverage. This option is ideal for special events that occur only once.

Time coverage The time coverage defines which time periods apply during a 24-hour day.

• All day. Covers the entire day. This option is not available for twilight schedules. • Range. Covers one or multiple discrete time periods within the day. For example, from 9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m. This option is not available for twilight schedules. For more information, see "Setting the time range" on page 465.

• Daytime. Covers from sunrise to sunset. This option is only available for twilight schedules. For more information, see "Twilight coverage" on page 467.

• Nighttime. Covers from sunset to sunrise. This option is only available for twilight schedules. For more information, see "Twilight coverage" on page 467.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

464

Schedule

Setting the time range Time ranges are shown as colored blocks on a time grid. Each block represents either 15 minutes or one minute, depending on the selected time resolution. Left-click the mouse to select, and the right-click the mouse to remove a selection. To select or remove a contiguous block of time, click and drag.

Daily time range The following example shows a daily schedule covering the period from 6 p.m. to 6 a.m. every day. The time grid shows a 24-hour day in blocks of 15 minutes.

To switch to high resolution mode (each block represents 1 minute), click the

Eye button.

While you are in this mode, use the arrow buttons to scroll in the 24 hour time line. To switch back, click the Eye button again.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

465

Schedule

Weekly time range The following example shows a weekly schedule covering a period from 9 a.m. to 5 p.m., from Monday to Friday, with a half-hour break between 12:15 p.m. and 12:45 p.m.

The Weekly date pattern is not available for twilight schedules. TIP You can configure something equivalent to the Weekly pattern using the Ordinal pattern. The following example shows a schedule that covers the daytime of every Monday of the year.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

466

Schedule

Time range for specific dates When you use the Ordinal or Specific date pattern, the time range covers up to three days: the day before, the current day, and the day after. The following example shows a specific schedule covering July 1st 2011 from 9 p.m. the day before to 3 a.m. the day after.

While configuring multiple dates in the schedule (Ordinal or Specific), you can use a different time coverage for each day covered by the schedule.

Twilight coverage The Daytime and Nighttime options are only available for twilight schedules. The following example shows a daily schedule using a Daytime coverage. The time coverage starts 10 minutes after the sun rises and ends 10 minutes before the sun sets.

NOTE You can offset the sunrise and sunset times by up to 3 hours, in both directions.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

467

Schedule

Using the ordinal pattern The Ordinal date pattern allows you to configure time coverages that repeat on specific days of a month or a year. You can define as many dates as necessary within a single schedule entity.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

468

Scheduled task

Scheduled task The scheduled task entity defines a command (or action) in Security Center that must be executed automatically, at a specific time, or repetitively on a recurring schedule.

System: General Task: System – Scheduled tasks Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Details about the scheduled task, recurrence pattern and action to be executed.

Related topics:

• "Using scheduled tasks" on page 109 • "Using event-to-actions" on page 106

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

469

Scheduled task

Properties The Properties tab is where you configure the scheduled task’s behavior.

The schedule task properties are:

• Status. Allows you to turn the scheduled task on or off. • Recurrence. 

Once. Executed once at a specific date and time.



Every minute. Executed every minute.



Hourly. Executed at a specific minute of every hour.



Daily. Executed at a specific time every day.



Weekly. Executed at a specific time on selected days of the week.



On startup. Executed on system startup.

Interval. Executed at regular intervals that can be days, hours, minutes, or seconds. Action. Action to be executed on schedule. For more information, see "Action types" on page 758. 



gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

470

Server

Server The server entity represents a generic computing resource capable of taking on any role (group of functions) you assign it. Server entities are not created manually on the system. Instead, Security Center automatically creates a server entity when the Security Center Server software (Genetec Server service) is installed on a machine, and that machine is connected to the main server of your system (the server hosting the Directory role). System: General Task: Network view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Public address and port of the server.

Server Admin

Embedded browser to access to the Web Server Admin page.

Related topics:

• • • • •

"Managing servers and roles" on page 47 "Configuring role failover" on page 61 "Managing the Network view" on page 82 "Network" on page 434 "Role" on page 462

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

471

Server

Properties The Properties tab shows the server’s private IP addresses, and allows you to specify a public address and a port number. These last two settings are necessary only if the server acts as the proxy server for a private network.

Servers with multiple network interface cards If your server is equipped with more than one network interface card (NIC), all private IP addresses corresponding to the NICs are listed. IMPORTANT Make sure the first address found in the server’s private address list matches the IPv4 properties of the network entity the server belongs to.

For more information, see Network – "Properties" on page 435. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

472

Server

Server Admin The Server Admin tab lets you log on to the Server Admin Web page of the server. It also allows you to view and change the configuration of the server. For more information, see "Managing servers" on page 48.

The Server Admin page contains one or two tabs:

• Directory. Settings pertaining to the configuration of the Directory role. This tab is only present on the main server. For more information, see "Directory tab" on page 473.

• Genetec Server. Local settings pertaining to configuration of the Genetec Server service. For more information, see "Genetec Server tab" on page 476. NOTE Depending on whether you are viewing Server Admin from the Config Tool or from a Web browser, the options are not exactly the same, because Config Tool needs to stay connected to the Directory. For all purposes, the Web browser (Internet Explorer) is a better way to connect to Server Admin.

Directory tab The Directory tab is only available on the main server hosting the Directory role. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

473

Server

Directory status Shows the status of the Directory role. Allows you to start, stop, and restart the Directory.

Database Configuration of the Directory database. The Directory database contains all system and entity configurations, the incident reports, and the alarm history.

The management of the Directory database is similar to the management of any role database. For more information, see "Managing databases" on page 52. NOTE If you are accessing Server Admin from Config Tool, you won’t have access to the database commands such as create and delete database, resolve conflicts, and restore database, because you cannot change the Directory database while being connected to it. IMPORTANT When database failover is enabled, you must manually perform a full backup every time you make a change to the Directory database from Server Admin. For more information, see "Configure database failover through backup and restore" on page 72. NOTE The Show actions progress ( ) button does the same thing the Database actions monitoring dialog box found in the Config Tool’s Home page, Tools view.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

474

Server

License Security Center license status and information.

Click License information to display your license options or to modify your license. For more information, see "License options" on page 768.

General properties General properties of the Directory.

• Secure communication. Select this option to encrypt all communications between the Directory role and all client applications (Config Tool and Security Desk) on the system.

• Incoming connection port. Port used by client applications such as Security Desk and Config Tool to log on to your system. If you decide to change its default value (5500), the next time a user tries to log on to your system, they will have to add the port number to Directory name in the Logon dialog box, separated by a colon “:”.

• Keep incidents. Specify how long the incident reports are kept in the Directory database. • Keep audit trails. Specify how long the entity configuration history is kept in the Directory database.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

475

Server

• Keep alarms. Specify how long the alarm history is kept in the Directory database.

Genetec Server tab The Genetec Server tab is available on all servers, with only minor differences between the main server and the expansion servers.

Authentication Use this section to change the password and HTTP port used to log on to the Server Admin on this server. These parameters correspond respectively to the Server password and the Web server port specified during Genetec Security Center Server installation.

If you decide to change the HTTP port from its default value (80), the next time someone needs to log on to this Server Admin from a Web browser, they will have to specify the port number in the URL as follows: “http://machine:port/Genetec” instead of “http://machine/Genetec”. Select the Local machine only option to accept logon requests only when they come from the local machine.

Network Use this section to configure the network card and the TPC listening port used by Genetec Server.

Select Use IPv6 if your network supports it. IPv6 is only supported for video streaming. The Listening TCP port is used by Genetec Server to listen to commands received from the main server.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

476

Server

Main server connection This section is only found on the Genetec Server tab of expansion servers. Use this section to configure the connection parameters to the main server.

Enter the DNS name or the IP address of the main server, and the password required to connect to the main server. The password must match the password configured in the Authentication section of the main server.

Console Use this section to enable/disable the debug console used by technical support engineers.

Specify a password to prevent anyone from accessing the console if necessary.

SMTP Use this section to configure the SMTP server responsible to handle email messages in Security Center.

• Mail server. DNS name or IP address of your SMTP mail server. • SMTP server port. The server port is usually 25, though your mail server might use a different port.

• “From” email address. Email address shown as the sender of the email.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

477

Server

Watchdog Use this section to configure the Genetec Watchdog service. The role of the Watchdog is to ensure that the Genetec Server service is always running.

The Watchdog can be configured to send email notifications to a list of recipients for the following types of events: Error, Warning, and Information.

Activate Directory button The Activate Directory button is only found on expansion servers. It allows you to convert the expansion server to the main server (the one hosting the Directory role).

WARNING This operation restarts Genetec Server. The next time you log on to Server Admin, you’ll have to use a Web Browser by entering “http://machine/Genetec” in the address bar, where machine is the DNS name or the IP address of your server. Using the Config Tool will no longer work.

You will also have to activate the software license on this newly converted main server. For more information, see the Security Center Installation and Upgrade Guide. If you have other expansion servers on the system, you will need to reconfigure them to connect to this one. See also "Deactivate Directory button" on page 479.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

478

Server

Deactivate Directory button This button is only found on the main server (the one hosting the Directory role). It allows you to convert the main server to an expansion server. NOTE You cannot deactivate the Directory from the Config Tool.

WARNING This operation restarts Genetec Server. You will have to log on again to Server Admin, and connect this expansion server to a main server. You’ll have to use a Web Browser, by entering “http://machine/Genetec” in the address bar, where machine is the DNS name or the IP address of your server. Using the Config Tool will no longer work. See also "Activate Directory button" on page 478.

Related topics:

• "Convert a main server to an expansion server" on page 49

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

479

Tile plugin

Tile plugin The tile plugin entity represents either a Web site ( ) or an interactive .dll or .xaml file ( ) that contains a map or floor plan. There are no default map files included with Security Center for tile plugins. Map files must be created using Genetec Plan Manager, or provided through an SDK developed by Genetec’s Custom Development Solutions team or a third party. For information about Plan Manager, see the Plan Manager User Guide, available from the GTAP Documents page. For information about Genetec’c Custom Development Solutions team, contact your sales representative. When a tile plugin is displayed in Security Desk, you can view and interact with the Web site or map file, such as viewing live video from cameras, changing the lock state of doors, and so on. When a tile plugin is attached to (is a member of) an area entity, it is automatically displayed in Security Desk instead of the area icon when the area is dragged to a tile. System: General Task: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Links the tile plugin to a Web page or a .dll file.

Custom fields

Custom field values for this tile plugin.

Related topics:

• "Area" on page 360 • "Macro" on page 429

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

480

Tile plugin

Properties The Properties tab lets you link the tile plugin entity to a Web site or a .dll file. For more information, see "Create a tile plugin that links to a Web site" on page 165 or "Create a tile plugin that links to a map file" on page 165.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

481

User

User The user entity identifies a person who can use Security Center applications and defines the rights and privileges that person has on the system. Each user is assigned a username and a password, which are that person’s credentials to log on to the system. While the user privileges limit the range of activities a user can perform on the system, the partitions limit the range of entities the user can exercise his/her privileges on. A user can be a member of one or more user groups. Users can inherit the privileges and the access rights from their parent user groups. System: General Task: Security – Users Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

User’s general profile.

Workspace

User’s default Security Desk workspace configuration.

Security

User’s security profile.

Privileges

User’s privileges.

Custom fields

Custom field values for this user.

Related topics:

• • • • •

"Defining users" on page 93 "Importing users from an Active Directory" on page 102 "Partition" on page 447 "User group" on page 489 "User privileges" on page 694

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

482

User

Properties The Properties tab lets you configure the user’s general profile.

First name, last name, email address The personal information of the user can be imported from your company’s directory service. TIP The email address can be used to send emails or to email reports to the user via Send an email and Email a report actions.

User status Use this switch to activate or deactivate the user profile. A user cannot log on when their profile is deactivated. Deactivating a user’s profile while the user is logged on will immediately log off the user.

Password Administrators and users that have the Change own password user privilege can change their password.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

483

User

Password expiration You can configure a user’s password to expire after a certain number of days. The system automatically warns users whose password is expiring soon, and gives them a chance to set a new password immediately. You can set the password expiry notification period to between 0 and 30 days. If you see that your password is going to expire soon, but do not have the Change own password user privilege, contact your administrator so they can change your password.

Password change required You can configure Patroller and/or Security Desk to require a password change the next time the user tries to log on. Users must have the proper privilege to change their own passwords.

Limit concurrent logons You can limit the number of different workstations a user can log on at the same time. This limit only applies to Security Desk. Config Tool is not restricted by this setting.

User logon schedule You can restrict the user logon according to schedules. A schedule can either be used to allow user logon or to block user logon. When multiple schedules are being used, the schedule conflict rules apply. When two schedules with the same priority level overlap, the blocking schedule has priority over the allowing schedule. Related topics:

• "Resolving schedule conflicts" on page 105 • "Using event-to-actions" on page 106

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

484

User

Workspace The Workspace tab lets you configure the user’s Security Desk workspace.

List of active tasks This list shows the tasks found in the user’s active task list. Users can save their task list using the Save workspace (Ctrl+Shift+S) command found in the Security Desk command menu.

Hot actions This list shows the hot actions mapped to the PC keyboard function keys (Ctrl+F1 through Ctrl+F12) when this user is logged on to Security Center via Security Desk. The user configures his hot actions via the Monitoring task. For more information, see “Working with hot actions and alarms” in the Security Desk User Guide.

Additional settings Turn on the switch Automatically start task cycling on logon so the next time the user logs on via Security Desk, task cycling will start automatically. TIP To prevent users from stopping the task cycling once the Security Desk is open, deny them

the Start/stop task cycling privilege. There are many more privileges that are designed to help the users focus on their tasks. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

485

User

Security The Security tab lets you configure the user’s security profile.

User level User levels affect three things in Security Center:

• They determine which user has priority over the PTZ controls of a camera when two or more users are trying to take control of the same camera at the same time. Priority is always given to the highest level user (1=highest). If two competing users have the same user level, it is decided on a first come first served basis. Once a user gains control over a PTZ camera, it is locked by that user. This means no other users can take control of that camera unless they have a higher user level. The control over the PTZ camera is automatically relinquished after 5 seconds of inactivity.

• They determine which users are logged out of the system when a threat level is set. For



example, if you configure a threat level to trigger the Set minimum user level action, when the threat level is set, users with a lower user level than the one you specified are logged out. For more information about configuring threat levels, see "Managing threat levels" on page 117. They determine which users can continue viewing a video stream when a camera is blocked in Security Desk. When you block a camera, users that have a lower user level than the one you specified can no longer view the video stream.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

486

User

For more information about blocking cameras, see “Blocking/unblocking cameras” in the Security Desk User Guide. Level 1 is the highest user level, with the most privileges. The user level can be inherited from a parent user group. If the user has multiple parents, the highest user level will be inherited. If the user has no parent, the lowest user level (254) will be inherited.

Archive viewing limitation This parameter serves to restrict the user's ability to view archived video to the last n days. This limitation can be inherited from a parent user group. If the user has multiple parents, the most restrictive limitation will be inherited. If the user has no parent, no restriction will be imposed.

Remotely control This section lists the Security Desk workstations that this user is allowed to control remotely in order to display entities. This list applies to both the Security Desk workstations you can connect to and control using the Remote task in Security Desk, and the Security Desk monitors that you can control using a CCTV keyboard. NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want to display. The Security Desk workstation monitors available on your system are listed in the Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.

You can specify which workstation can be controlled using one of following methods:

• User. Any Security Desk workstation where that user is logged on can be remotely controlled.

• User group. Any Security Desk workstation where a member of that user group is logged on can be remotely controlled.

• Application. The specified workstation (COMPUTER - SecurityDesk) can be remotely controlled, regardless of who is logged on. For more information, see “Remote monitoring” and “Connecting to remote Security Desks” in the Security Desk User Guide.

Logon supervisor of This section lists the users whose logons are supervised by this current user. This means that when a user in this list needs to log on to the system, the current user must also provide his/her username and password in order to complete the logon. A user can have more than one logon supervisor. For more information, see “Connecting to Security Center – Log on with supervision” in the Genetec Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

487

User

Privileges The Privileges tab lets you view and configure the user’s privileges.

Set of privileges Use this drop-down list to select the set of privileges to view and edit. A user can have many sets of privileges. Each user has the Basic privileges set, plus one for every partition he/she is an accepted user of. Regarding access to entities contained in that partition, partition privileges supercede basic privileges.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

488

User group

User group The user group entity describes a group of Security Center users who share common properties and privileges. By becoming a member of a user group, a user automatically inherits all the properties of that group. This approach simplifies the configuration of users on large systems. A user can be a member of multiple user groups. User groups can also be nested. System: General Task: Security – User groups Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

User group’s common email address and members.

Security

User group’s security attributes than can be inherited by its members.

Privileges

Privileges that can be inherited by the group members.

Custom fields

Custom field values for this user group.

Related topics:

• • • •

"Defining user groups" on page 96 "Partition" on page 447 "User" on page 482 "User privileges" on page 694

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

489

User group

Properties The Properties tab lets you view and configure the members of the user group.

Email address The email address you set for a user group should be a group address that is used by all members of the group. This information can be imported from your company’s directory service.

Members List of user group members. The members inherit by default the rights to partitions and the privileges of the user group. The email address can be used to send emails or to email reports to users via Send an email and Email a report actions. Related topics:

• "Importing users from an Active Directory" on page 102

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

490

User group

Security The Security tab lets you configure common security attributes for the group members.

Security attributes can be inherited by the members of the user group, and can themselves be inherited from other user groups.

User level User levels affect three things in Security Center:

• They determine which user has priority over the PTZ controls of a camera when two or more users are trying to take control of the same camera at the same time. Priority is always given to the highest level user (1=highest). If two competing users have the same user level, it is decided on a first come first served basis. Once a user gains control over a PTZ camera, it is locked by that user. This means no other users can take control of that camera unless they have a higher user level. The control over the PTZ camera is automatically relinquished after 5 seconds of inactivity.

• They determine which users are logged out of the system when a threat level is set. For example, if you configure a threat level to trigger the Set minimum user level action, when the threat level is set, users with a lower user level than the one you specified are logged out. For more information about configuring threat levels, see "Managing threat levels" on page 117.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

491

User group

• They determine which users can continue viewing a video stream when a camera is blocked in Security Desk. When you block a camera, users that have a lower user level than the one you specified can no longer view the video stream. For more information about blocking cameras, see “Blocking/unblocking cameras” in the Security Desk User Guide. Level 1 is the highest user level, with the most privileges. The user level can be inherited from a parent user group. If the user group has multiple parents, the highest user level will be inherited. If the user group has no parent, the lowest user level (254) will be inherited.

Archive viewing limitation This parameter serves to restrict this user group members’ ability to view archived video to the last n days.

Remotely control This section lists the Security Desk workstations that the members of this user group are allowed to control remotely in order to display entities. This list applies to both the Security Desk workstations you can connect to and control using the Remote task in Security Desk, and the Security Desk monitors that you can control using a CCTV keyboard. NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want to display. The Security Desk workstation monitors available on your system are listed in the Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.

You can specify which workstation can be controlled using one of following methods:

• User. Any Security Desk workstation where that user is logged on can be remotely controlled.

• User group. Any Security Desk workstation where a member of that user group is logged on can be remotely controlled.

• Application. The specified workstation (COMPUTER - SecurityDesk) can be remotely controlled, regardless of who is logged on. For more information, see “Remote monitoring” and “Connecting to remote Security Desks” in the Security Desk User Guide.

Logon supervisor of This section lists the users whose logons are supervised by the members of this user group. This means that when users from this list need to log on to the system, any member of this user group can help them complete their logon.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

492

User group

Privileges The Privileges tab lets you view and configure the user group’s privileges.

The privileges of a user group are inherited by its members, and can themselves be inherited from other user groups.

Set of privileges Use this drop-down list to select the set of privileges to view and edit. A user group might have many sets of privileges. Every one has the Basic privileges set, plus one for every partition the group is an accepted user of. Regarding access to entities contained in that partition, partition privileges supercede basic privileges.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

493

Video unit

Video unit The video unit entity represents a video encoding or decoding device capable of communicating over an IP network, and incorporating either video encoders or video decoders. They come in a wide variety of brands and models. Some support audio, and others support wireless communication. The high-end encoding models come with their own recording and video analytics capabilities. Video units are created manually or automatically by the Archiver if the unit supports automatic discovery. System: Omnicast IP video surveillance Task: Video – Units Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Information required by the Archiver to connect to this video unit and other data transmission properties.

Peripherals

List of all peripheral devices found on the unit that you can configure.

Custom fields

Custom field values for this video unit.

Location

Time zone and geographical location of this video unit.

Related topics:

• "Adding video units to your system" on page 194 • "Camera (video encoder)" on page 368 • "Archiver" on page 521

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

494

Video unit

Identity The Identity tab of a video unit entity includes an additional section on hardware-specific information. a

Standard information The top section of the video unit’s Identity tab is the same as that of all entities. For more information, see "Identity" on page 332.

Specific information The bottom section of the Identity tab displays hardware specific information, such as the manufacturer, model, firmware version, and whether audio or SSL (Secure Socket Layer protocol) are supported.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

495

Video unit

Upgrade the unit firmware You can upgrade the firmware on your video unit directly from Config Tool.

• Click

Upgrade, and from the file browser, select the firmware file (bin) to apply.

Properties The Properties tab lets you configure the information required by the Archiver to connect to this unit and other data transmission properties. These settings vary from one manufacturer to another. Additional options might be available, depending on the unit type. The sample screen shot below is that of an Axis 210A unit.

IP address

• Obtain network settings dynamically (DHCP). Select this option to have the IP address assigned dynamically by your DHCP (Dynamic Host Configuration Protocol) server. NOTE Do not use this option unless your DHCP server is configured to always assign the

same IP address to the same device. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

496

Video unit

• Specific settings. Select this option to enter a fixed address. This is the IP address you entered when you initially created the video unit entity. You need to enter the following fields: 





Local IP. Fixed IP address. Subnet mask. The subnet mask tells the unit which peripherals it can communicate with directly. Anything that does not belong to the same subnet must go through the Gateway. Gateway. IP address of the gateway. It must be on the same subnet as the unit.

Command port The command port is the port used by the Archiver to connect to the video unit. The command port is sometimes called the HTTP port by some manufacturers.

Discovery port The discovery port is used for automatic discovery (see "What is automatic discovery?" on page 196). Not all manufacturers supports this feature. On Verint units, both the command port and discovery port are replaced by a single port called the VSIP port.

Authentication Credentials used by the Archiver to connect to the video unit.

• Default login. Select this option for the Archiver to use the credentials defined in the unit manufacturer’s extension.

• Specific. Select this option for the Archiver to use specific credentials to connect to this unit. The fields you need to fill in depend on the unit’s manufacturer.

Use secure communication Enable this option to use HTTPS communication instead of HTTP (default).

Bit rate Use this option to limit the maximum bit rate allowed for this unit. Setting a limit to the bit rate helps prevent one unit from using up all the bandwidth available on the network.

Enable UPnP Enable this option to use the UPnP (Universal Plug and Play) protocol. Disable UPnP if you do not want the unit to be discovered by other Windows applications. This option is disabled by default.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

497

Video unit

Peripherals The Peripherals tab lists all peripherals devices (input/output pins, audio encoder/decoder) found on the unit that are not explicitly shown as entities, such as the either video encoders or video decoders.

Logical ID and Description To every peripheral device found on a video unit, you can assign:

• Name. Logical name. It is the same as the Physical name by default. • Logical ID. Logical identifier. • Description. Description of the device. To change the settings of a peripheral device:

• Select a peripheral from the list and click Edit the item (

).

Output pin settings For the output pin, you can also configure the default mode.

• Normally open • Normally closed

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

498

Video unit

Speaker properties You can change the default settings of the speaker (audio decoder device).

The speaker settings are as follows:

• Volume. Desired volume level (0 to mute, 100 equals maximum volume). • UPD port. Port number used when the connection type is unicast UDP. • Connection type. Connection type that should be used between the unit and the Archiver for this audio decoder.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

499

Video unit

Microphone properties You can change the default settings of the microphone (audio encoder device).

The microphone settings are as follows:

• Data format. Audio compression format. • Input type. Type of input source. 



Line in. Used for pre-amplified source. Mic in. Use this if the microphone is directly connected to the unit. In this case, the signal is amplified by the hardware.

Internal. Use microphones integrated to the unit. Sensitivity. Desired amplification level (default=68). The lower the level, the less sensitive the microphone is to ambient noise, but the recording level will also be lower. 



• UPD port. Port number used when the connection type is unicast UDP. • Connection type. Connection type that should be used between the unit and the Archiver •

for this audio encoder. Multicast address. The multicast address and port number are assigned automatically by the system when the video unit is discovered. Each audio encoder is assigned a different multicast address with a fixed port number. This is the most efficient configuration.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

500

Video unit

Normally, you do not need to be concerned with the multicast addresses. However, if you are short of multicast addresses (certain switches are limited to 128), you can use the same multicast address on multiple encoders, and assign a different port number to each. This solution is less efficient than using a different address for each encoder because it will cause more traffic than necessary on the network. All multicast addresses must be between the range 224.0.1.0 and 239.255.255.255. For these changes to take effect, you must restart the unit. To do so, select the unit in the Roles view task, and click the Reboot ( ) button in the Contextual commands toolbar.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

501

Zone (hardware)

Zone (hardware) The zone entity monitors a set of inputs to trigger events based on their combined states. These events can be used to control output relays (see IO linking) or trigger other actions (see event-to-action). A zone can be armed (triggers activated), or disarmed (triggers deactivated) using a key switch, a software command, or on a schedule. A hardware zone (called zone in Synergis 2 and Security Center 3 and 4) is a subtype of the zone entity where the IO linking is done by hardware. A hardware zone is controlled by a single access control unit and only works in mixed and offline mode. A hardware zone cannot be armed or disarmed from Security Desk. System: Synergis IP access control Task: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Input pins defining this zone and how they are evaluated. For a hardware zone, all input pins must be from the same access control unit.

Arming

Arming source used for this zone and arming behavior configuration. A hardware zone can only be armed via a key switch or on schedule.

Cameras

Cameras used to monitor this zone in Security Desk.

Custom fields

Custom field values for this zone.

Related topics:

• • • •

"Managing zones" on page 160 "Access control unit" on page 337 "Access Manager" on page 511 "Zone (virtual)" on page 506

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

502

Zone (hardware)

Properties The Properties tab lets you configure the input pins that define this zone and how they are evaluated.

Access control unit A hardware zone must be controlled by a single access control unit. All input pins and output relays configured for this zone must belong to the same unit.

Combining the inputs to evaluate the zone state The purpose of a zone is to trigger specific events based on the combined state of the individually selected inputs. The possible input states are as follows:

• Normal (interpreted as 0) • Active (interpreted as 1) • Trouble You evaluate the zone state by applying the AND or OR logical operator on the selected inputs. The zone is considered to be in the Trouble state when one of the selected input is in the Trouble state. The Trouble state supersedes any other state.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

503

Zone (hardware)

CAUTION Certain types of input, such as Door Monitor on an HID VertX unit, can only be used for their designated purpose. Other inputs, such as AC Fail and Bat Fail, must be configured for general purpose before they can be used for IO linking. If you use a specific purpose input as general purpose, your configuration will not work. For more information, see "Properties (HID)" on page 340.

Associated events Use this section to associate each zone state to an event of your choice. Select None if a zone state should be ignored. These events are only triggered when the zone is armed.

Reactivation threshold Set the time period during which the same event should not be re-triggered.

Arming The Arming tab lets you configure the arming source of your zone and its arming behavior.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

504

Zone (hardware)

Arming source A hardware zone can only be armed using a key switch or on a schedule. NOTE You cannot arm or disarm a hardware zone in Security Desk, or by using a software command (event-to-action).

To configure arming via a key switch: Before you begin: The input pin must belong to the access control unit selected in the Properties tab for this to work.

• Slide the Arming source to the Input pin position and select the input that is wired to the key switch. To configure arming on schedule: Before you begin: A schedule corresponding to the period when the zone should be armed must be defined in your system.

• Slide the Arming source to the Schedule position and select the desired schedule. Delays You can configure optional delays that give you time to leave the premises after arming the zone, and time to disarm the zone after tripping a sensor.

• Arming delay. Turn on this option to set a delay before the event triggers become active after arming the system.

• Entry delay. Turn on this option to set a delay before triggering the events when an sensor is tripped. This option allows you to disarm the zone before triggering the output relays.

Countdown buzzer You can optionally assign an output relay to activate a countdown buzzer to match the arming delay. This option is not available when the arming is done on schedule. NOTE For this feature to work, the output relay must belong to the access control unit selected in the Properties tab.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

505

Zone (virtual)

Zone (virtual) The zone entity monitors a set of inputs to trigger events based on their combined states. These events can be used to control output relays (see IO linking) or trigger other actions (see event-to-action). A zone can be armed (triggers activated), or disarmed (triggers deactivated) using a key switch, a software command, or on a schedule. A virtual zone is a subtype of the zone entity where the IO linking is done by software. A virtual zone is controlled by the Zone Manager and only works online. It can be armed and disarmed from Security Desk. System: General Task: Logical view Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

Input pins defining this zone and how they are evaluated. For a virtual zone, the inputs and outputs from different units of different types can be used for IO linking.

Arming

Automatic arming schedules. A virtual zone can be armed and disarmed via Security Desk or via event-to-action. An explicit arm or disarm command always takes precedence over the arming schedule.

Cameras

Cameras used to monitor this zone in Security Desk.

Custom fields

Custom field values for this zone.

Related topics:

• "Managing zones" on page 160 • "Zone (hardware)" on page 502 • "Zone Manager" on page 608

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

506

Zone (virtual)

Properties The Properties tab lets you configure the input pins that define this zone and how they are evaluated.

Zone Manager A virtual zone must be controlled by a Zone Manager role. Because a virtual zone is software controlled, it works only in online mode. For more information, see "Zone Manager" on page 608.

Combining the inputs to evaluate the zone state The purpose of a zone is to trigger specific events based on the combined state of the individually selected inputs. The input pins can belong to different units of different types. The possible input states are as follows:

• Normal (interpreted as 0) • Active (interpreted as 1) • Trouble (only if the selected unit models support this feature) You evaluate the zone state by applying the AND or OR logical operator on the selected inputs. The zone is considered to be in the Trouble state when one of the selected input is in the Trouble state. The Trouble state supersedes any other state.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

507

Zone (virtual)

Associated events Use this section to associate each zone state to an event of your choice. Select None if a zone state should be ignored. These events are only triggered when the zone is armed.

Reactivation threshold Set the time period during which the same event should not be re-triggered.

Arming The Arming tab lets you configure the arming source of your zone and its arming behavior.

Arming source A virtual zone can be armed at any time by a Security Desk operator, or by the Arm zone action. Arming schedules are optional and are only necessary if you want the zone to be armed automatically at a certain time. An armed virtual zone can be disarmed at any time by a Security Desk user, or by the Disarm zone action triggered by an event.

Delays You can configure optional delays that give you time to leave the premises after arming the zone, and time to disarm the zone after tripping a sensor. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

508

Zone (virtual)

• Arming delay. Turn on this option to set a delay before the event triggers become active after arming the system.

• Entry delay. Turn on this option to set a delay before triggering the events when an sensor is tripped. This option allows you to disarm the zone before triggering the output relays.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

509

14 Role types This section lists all Security Center role types in alphabetical order. Each role type is covered with a general description of its purpose and usage. The sub-sections describe each role type’s configuration tabs and the settings they contain. This section includes the following topics:

• • • • • • • • • • • • • • • • • •

"Access Manager" on page 511 "Active Directory" on page 516 "Archiver" on page 521 "Auxiliary Archiver" on page 543 "Directory" on page 551 "Directory Manager" on page 552 "Global Cardholder Synchronizer" on page 557 "Health Monitor" on page 560 "Intrusion Manager" on page 563 "LPR Manager" on page 567 "Media Router" on page 585 "Omnicast Federation" on page 590 "Plugin" on page 594 "Point of Sale" on page 595 "Report Manager" on page 599 "Security Center Federation" on page 601 "Web-based SDK" on page 605 "Zone Manager" on page 608

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

510

Access Manager

Access Manager The Access Manager role manages and monitors access control units on the system. The role validates all access activities when the units are online. Upon receiving a request from a unit, the Access Manager checks the access rules and schedules to decide whether the door or elevator floor can be accessed. It then sends a command to the controller to unlock the door or enable an elevator floor button. It also logs the access control events in the database for access control investigation and maintenance reports. Multiple instances of this role can be created on the system. System: Synergis IP access control Task: Access control – Roles and units, or System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Database retention period for access control events.

Extensions

Manufacturer specific settings for connecting to access control units that this Access Manager should communicate with.

Resources

Servers and database configuration for this role.

Related topics:

• • • • •

"Configuring the Access Manager role" on page 260 "Access control unit" on page 337 "Door" on page 404 "Elevator" on page 410 "Zone (hardware)" on page 502

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

511

Access Manager

Properties The Properties tab lets you configure the retention period of the access control events in the database.

Keep events Access control events are logged by the Access Manager for access control related activity and maintenance reports. You can decide for how long you want to keep them before they are purged from the Access Manager database. Related topics:

• "Finding out who is granted access to doors and elevators" on page 324

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

512

Access Manager

Extensions The Extensions tab allows you to configure the manufacturer-specific settings for connecting to access control units that this role should communicate with.

Security Center supports two types of access control units:

• Genetec SMC. For Synergis Master Controller (SMC) units. You also need to add at least one discovery port (default=2000) to the extension. The discovery port configured for the extension must match the value configured on the SMC units. For more information, see the Synergis Master Controller Configuration Guide.

• HID VertX. For all HID controllers, including the legacy VertX models (V1000 and V2000), the VertX EVO, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see “Supported HID units” in the Security Center Release Notes.

Advanced settings The advanced settings are reserved for use by Genetec’s Technical Assistance Center. Please do not be concerned with these settings.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

513

Access Manager

Resources The Resources tab allows you to configure the servers and database assigned to this role.

Servers All server management principles are the same for the Access Manager role as with any other role. For more information, see "Managing servers and roles" on page 47. IMPORTANT The Access Manager failover works only when the role is exclusively connected to SMC units. Additional configurations are required on the SMC units for the failover to work. For more information, see “Configure the SMC unit for Access Manager failover” in the Synergis Master Controller Configuration Guide. The Access Manager failover does not work with HID VertX units because these units cannot handle the change of server IP address, should the Access Manager role fail over to a different server.

Database All database management principles are the same for the Access Manager role as with any other role. For more information, see "Managing databases" on page 52.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

514

Access Manager

Resolve conflicts for Access Manager roles If you generated a conflict resolution file (Conflict_Manifest.data) after importing cardholders and cardholder groups from an Active Directory, you need to apply these conflict resolution decisions to your Access Manager database. 1 Click Resolve conflicts (

) found in the Database section.

The following dialog box appears.

2 Enter the path to the conflict resolution file using the browse button. 3 Click Resolve conflicts. You’ll be prompted to create a safety backup before updating your database. 4 Click Backup. 5 The backup and the conflict resolution updates will be performed in a single step.

6 Click Close.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

515

Active Directory

Active Directory The Active Directory role imports users, user groups, cardholders, and cardholder groups from your corporate directory service (Windows Active Directory), and keeps them synchronized. Multiple instances of this role can be created on the system.

System: General, Synergis (if cardholder groups are to be imported) Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Connection parameters to the Windows Active Directory and list of security groups to be imported as Security Center entities.

Links

Mapping between AD fields and Security Center custom fields.

Resources

Servers and failover configuration for this role.

Related topics:

• • • • •

"Integrating with Windows Active Directory" on page 140 "Cardholder" on page 395 "Cardholder group" on page 398 "User" on page 482 "User group" on page 489

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

516

Active Directory

Properties Defines all the parameters within which this Active Directory role is supposed to operate. For more information, see "Import security groups from an Active Directory" on page 143.

• Connection status. Connection status between the role and the corporate AD. • Status. Shows what the role is doing. Idle is the normal status. If there is a problem, an error message is displayed.

• Active Directory. Hostname or IP address of the corporate AD server. 



Use Windows credentials. You can use the Windows credentials used for running the Genetec Server service, or specify a different set of Windows usernames and passwords. In both cases, the credentials you specify must give you read and write access to the specified corporate AD. Use SSL connection. Select this option to encrypt LDAP (Lightweight Directory Access Protocol) network traffic. LDAP is the protocol used for communication between the Active Directory role and the AD. The default port used for encrypted communication is 636. If you use a different port, you need to specify it explicitly by appending the port number after the AD server name, separated by a colon (‘:’).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

517

Active Directory

• Partition. Default partition where the entities synchronized with the corporate AD will be created if the partition is not mapped to an AD attribute.

• Synchronized groups. List of all AD security groups imported as user groups, cardholder groups, or both. For information on how to add to this list, see "Import security groups from an Active Directory" on page 143.

• No scheduled task exists to synchronize this role. This warning message appears if you have not configured a scheduled task to automatically handle synchronization with the corporate AD. For more information, see "Create a scheduled task" on page 109.

• Synchronize now. Click this button to perform an instant synchronization. You should always re-synchronize after making changes to the synchronized groups.

Links The Links tab allows you to map AD attributes to Security Center fields.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

518

Active Directory

• Cardholder. Map AD attributes to Security Center cardholder fields. See "Select which cardholder fields to synchronize with the AD" on page 146.

• Maximum picture file size. If you are importing cardholder pictures from the AD, specify the maximum size of the imported picture.

• Upload pictures to Active Directory. Select this option if you want the pictures you assign to imported cardholders from Security Center to be synchronized to the AD.

• Card format. Select the default card format to use for the imported cardholder credentials when the card format property is either not mapped to an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential card format to an AD attribute" on page 147.

• Badge template. Select a default badge template to use for the imported cardholder credentials.

• Custom fields. Map additional AD to Security Center custom fields. See "Map custom fields to synchronize with the AD" on page 148. Related topics:

• "Defining custom fields and data types" on page 136

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

519

Active Directory

Resources The Resources tab allows you to configure the servers. The Active Directory role does not require a database.

Servers All server management principles are the same for the Active Directory role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

520

Archiver

Archiver The Archiver role is responsible for the discovery, control, and status polling of video units. All communications between the system and the video units are established through this role. All events generated by the units (motion, video analytics) are forwarded by the Archiver to the concerned parties on the system. The Archiver also manages the video archive, and performs motion detection on units that do not support this feature. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Tasks: Video – Units, or System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Camera recording

Default recording settings for all cameras controlled by this role.

Trickling

Data transfer configuration for edge recording units.

Extensions

Manufacturer specific settings for connecting to video units that this Archiver should communicate with.

Resources

Servers, databases, disk storage, and failover configuration for this role.

Related topics:

• • • • •

"Configuring the Archiver role" on page 193 "Managing video archives" on page 224 "Video unit" on page 494 "Auxiliary Archiver" on page 543 "Media Router" on page 585

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

521

Archiver

Camera recording The Camera recording tab lets you configure the default recording settings applied to all cameras controlled by this Archiver role. The default settings can be superseded by the recording settings of each individual camera. For more information, see Camera – "Recording" on page 378.

Recording modes The Archiver can apply different recording modes at different times. Recording mode

Description

Off

Recording is off ( ). This mode prevents recording from taking place, not even when an alarm is triggered.

Continuous

Records continuously. Recording cannot be stopped by the user (

On motion/Manual

Records when recording is triggered by an action (such as Start recording, Add bookmark, or Trigger alarm), via motion detection, or manually by a user. In this mode, the Record button in Security Desk appears grey ( ) when the Archiver is not recording, red when it is recording but can be stopped by the user ( ), or red with lock ( ) when it is recording but cannot be stopped by the user (on motion or alarm recording).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

).

522

Archiver

Recording mode

Description

Manual

Same as On motion/Manual. The only difference is that motion will not trigger any recording.

CAUTION Recording schedules of the same type cannot overlap, regardless of the recording mode configured for each. When a scheduling conflict exists, the Archiver and the video units are displayed in yellow in the entity browser and will issue entity warning messages. For more information, see "Resolving schedule conflicts" on page 105.

Other recording options Option

Description

Record audio

Turn this option on to record audio along with video. A microphone entity must be attached to this camera entity for this option to work. For more information, see Camera – "Hardware" on page 389.

Automatic cleanup

Turn this option on to delete the recorded video after a certain number of days, regardless whether the archiving storage is full or not. For more information, see Archiver – "Advanced settings" on page 541.

Redundant archiving

Turn this option on to allow both primary and secondary servers to archive video at the same time. This setting is effective only if failover is configured. For more information, see Archiver – "Server configurations" on page 534.

Time to record before an event

Duration of the recording buffer. This buffer is saved whenever the recording starts, ensuring that whatever prompted the recording is also captured on video.

Time to record after a motion

Recording duration when recording is triggered by motion detection. For more information, see Camera – "Motion detection" on page 379. During this period, the recording cannot be stopped by the user.

Default manual recording length

Recording duration when recording is started by a user. The user can stop the recording any time before the duration expires. This value is also used by the Start recording action, when the default recording length is selected.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

523

Archiver

Trickling The Trickling tab allows you to configure the transfer of video that was recorded on a video unit to the Archiver. You can define when and what type of data is transferred. IMPORTANT To be able to trickle with a camera/video unit, you must first configure your unit to record video using the unit’s Web page. For more information, see "Enable edge recording on a camera" on page 198.

Camera list The camera list shows all the cameras that are set to record on the edge and perform trickling. It allows you to specify whether or not you want the units to trickle on connection or on a schedule, and supplies information about the trickling process. You can configure the same trickling settings for all cameras in the list, or configure settings for specific cameras. To add cameras to the camera list: 1 (Optional) To add a camera group, click Add group.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

524

Archiver

If you have a large system, it is a good idea to create groups of cameras, so you can configure the trickling download settings for each group separately. 2 To add cameras, click Add an item. 3 From the drop-down list, select a camera group to add the cameras to. 4 Select the cameras, and then click OK. Hole CTRL or SHIFT to select multiple cameras. 5 For each camera group, or for each specific camera, specify whether or not you want the units to trickle on connection or on a schedule: 



On connection. Select this option for the camera to start to trickle upon connection to the network. On schedule. Select this option for the camera to trickle based on the schedule defined in the Trickling schedule section.

Trickling status The Trickling status dialog box allows you to start and stop trickling manually, and shows you the latest trickling status. Click at the bottom of the camera list to open it.

NOTE A camera that has just been added to the trickled camera list does not appear in this dialog

box until you have clicked Start trickling for all cameras (

) once.

• Camera. Edge recording camera selected for trickling. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

525

Archiver

• Last trickling request. Date and time of the last trickling request for the camera. • Last recorded frame. Date and time of the last video frame recorded by the Archiver. • Status. Lists the trickling status for the camera. The status can be one of the following: 



No video. There is no video recorded on the camera that is available to trickle for the filters specified in the Trickling filter section. For example, if you specify an alarm filter, the camera might have generated an alarm event, however it did not record any video for it. No events. There are no events recorded on the camera that correspond to the filters specified in the Trickling filter section. For example, if you specify a motion filter, but there were no motion events generated by the camera, there are no events to trickle.



Started. Trickling has started.



Completed. Trickling was successfully completed.



Pending. Trickling will start as soon as a spot opens in the download queue. The spots available depend on what is specified in the Simultaneous downloads setting.



Incomplete. Something occurred during the trickling process that prevented the transfer from being completed.

Trickling schedule Use the Trickle every setting to define a schedule for when you want video to be trickled. You can specify the amount of days, hours, and the time. If you’ve set all cameras to always trickle on connection, ignore this setting.

Trickling filter Use these settings to specify what type of video data you want to be trickled. Multiple filters can be selected at the same time and all video that corresponds to the filters will be trickled. NOTE If you do not set any filter, all available video stored on the unit will be trickled.

• Time interval. Select this filter to trickle video segments recorded during a specific period of time. You can specify a specific time range or a relative time range (last n days, hours, minutes).

• Playback requests. Select this filter to trickle video segments that were played back from the camera.

• Motions. Select this option to trickle video segments that span between a Motion on and Motion off event. This option applies to unit motion detection only.

• Bookmarks. Select this option to trickle video segments that contain bookmarks. • Unit offline. Select this filter to trickle video segments that span between a Unit lost and a Unit discovered event.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

526

Archiver

• Video analytics. Select this filter to trickle video segments that contain video analytics events.

• Alarms. Select this filter to trickle video segments that contain alarm events. • Input triggers. Select this filter to trickle video segments that contain input events. Trickling behavior Use these settings to specify how trickling is to be done.

• Time buffer when downloading events. The time buffers apply to event-based trickling. Specify how many seconds of video should be trickled before and after the event occurred. For example, if you selected the Motion filter, these settings indicate how many seconds are trickled before the Motion on event occurred, and how many seconds are trickled after the Motion off event.

• Delay after connection. Use this setting to specify how long (in seconds) the Archiver will wait to determine if a unit is truly online before trickling. For example, if your cameras are set to trickle on connection and you have an unstable network where your cameras frequently go on and offline, this setting is useful to prevent trickling from repeatedly starting and stopping.

• Simultaneous downloads. Use this setting to specify how many cameras can trickle at the same time. If you created camera groups, you can specify how many cameras can trickle at the same time per camera group. This setting is useful if you have a limited network and do not want too many downloads to occur simultaneously.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

527

Archiver

Extensions The Extensions tab lets you configure the common connection parameters shared by the video units controlled by this Archiver. The manufacturer extensions are created automatically when you add a unit to the Archiver (see "Add video units manually" on page 194).

This section includes the following topics:

• • • • • • • •

"General settings" on page 528 "Discovery settings" on page 529 "Default logon" on page 530 "Notification settings" on page 530 "Bosch VRM settings" on page 531 "Verint specific settings" on page 531 "Advanced settings" on page 532 "NTP settings" on page 532

General settings

• Transaction timeout. Time to wait for a response before resending a command to the unit. A unit is considered lost after three failed attempts. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

528

Archiver

• Command port. Port used by the Archiver to send commands to the Bosch units. This field cannot be changed.

• RSTP port. RTSP (Real Time Streaming Protocol) port used by the Archiver to request video from the units that support this protocol. CAUTION If you have multiple Archiver roles on the system controlling different groups of video units, then each Archiver must use a different RTSP port.

• VSIP port. (Verint only) Port used for automatic discovery. All units that should be controlled through the same Verint extension must be configured with the same VSIP port. The Verint extensions configured for the same Archiver must all have different discovery ports. For more information, see "What is automatic discovery?" on page 196.

Discovery settings The following sample screenshot shows the discovery settings of a Bosch unit.

• Discovery port. Automatic discovery port. If multiple instances of the same type of extension are configured for the same Archiver, they must all use a different discovery port. (ACTi) Corresponds to the Search server port 1 in the ACTi video server settings. (Bosch) All units that should be controlled through the same Bosch extension must be configured with the same discovery port. NOTE If you decide to change the Discovery port after the units are discovered, you’ll need to create a new extension with the new discovery port and delete the old one. If the units are not automatically discovered, you’ll have to add them manually. For more information, see "Add video units manually" on page 194.

• Discovery reply port. (ACTi and Interlogix) Corresponds to the Search server port 2 in the ACTi video server settings.

• Unicast period. Period whereby the extension repeats its connection tests using unicast to determine whether each unit is still active in the system.

• Multicast period. Period whereby the extension attempts to discover new units using multicast. This option can be disabled. The IP address that follows is the standard multicast IP address used by Omnicast. Change it only if it is already used for something else.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

529

Archiver

• Broadcast period. Period whereby the extension attempts to discover new units using broadcast. This option can be disabled.

Default logon Certain types of units can be protected against fraudulent access by a username and a password. The logon credentials can be defined individually for each unit or for all units using the same manufacturer extension. The following sample screenshot shows the default logon settings of an Axis unit.

• Username. Certain types of units (such as Axis) require a username. • Password. Certain types of units (such as Bosch) only requires a password. • Use HTTPS. Select this option to use Hypertext Transfer Protocol Secure for added security.

Notification settings The following sample screenshot shows the notification settings of an Interlogix unit.

• TCP notification port. (Panasonic and Interlogix) Port used by the Archiver role to receive notification messages from the units. When an event occurs, such as Signal lost or Signal recovered, the unit will initiate a TCP connection with the Archiver and send the notification through this port.

• Notification channel. (Interlogix only) When multiple Archiver roles are configured to listen to the same units, such as in a failover list, each archiver must be identified with a different notification channel (1 to 8). This parameter can be ignored when you are only using one archiver. For multiple Archiver roles, the following rules must be followed: 

All Archiver roles that can potentially control the same units must be configured with the same TCP notification port.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

530

Archiver



All Archiver roles must use a different notification channel.

Bosch VRM settings The VRM settings are exclusive to Bosch VRM (Video Recording Manager). The latter allows you to query and play back video from Bosch cameras that are managed by a Bosch VRM. Multiple Bosch extensions can use the same VRM.

If you add more than one VRM to the list, you can use the move up ( ) and move down ( ) buttons to move a VRM up or down in the list. By default, the Archiver will use the first VRM in the list for queries and archived video. If the first VRM is not available, the Archiver will use the next VRM in the list.

Verint specific settings The following settings are only found on Verint units.

• Show all available video streams as separate cameras. (Verint only) Omnicast supports encoders that generate multiple video streams from the same video source. When such a unit is discovered, the Archiver creates a video encoder with multiple streaming alternatives. For more information, see Camera – "Stream usage" on page 373. With Verint units, you have the choice to represent every video stream as a separate camera. If this is the desired behavior, select this option. NOTE This option requires a camera connection license for each stream. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

531

Archiver

• SSL settings. SSL (Secure Sockets Layer) is a protocol used to secure applications that need to communicate over a network. Security Center supports SSL on all message transmissions between the Archiver and the units, with the exception of the video streams, because the data volume would be prohibitive. The purpose for using SSL in Security Center is to prevent malicious attacks, not to stop eavesdropping. Select Enforce SSL only if SSL must be enforced on all units controlled by this Archiver. If this option is cleared, the Archiver will only use SSL to communicate with the units on which SSL is enabled.

Advanced settings The advanced settings are reserved for use by Genetec’s Technical Assistance Center. Please do not be concerned with these settings.

NTP settings Use the NTP settings to synchronize the time between the units that support NTP (Network Time Protocol) and the NTP server. Keeping the units’ time synchronized is particularly important for units that handle video archiving themselves. The following parameters must be set:

• NTP server. Specify the NTP server name. • NTP port. Specify the NTP server port number • Poll timeout. Specify in minutes how often you want the time on the units to be checked to ensure that they are properly synched with the NTP server. For example, if 60 seconds is entered, the time will be verified every 60 seconds.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

532

Archiver

Resources The Resources tab lets you assign servers, databases, and disk storage to this Archiver role.

This section includes the following topics:

• • • • • • • •

"Server configurations" on page 534 "Configure standby archiving priorities" on page 535 "Archive database settings" on page 536 "Archive storage settings" on page 536 "Network card settings" on page 538 "Archiver statistics" on page 538 "Protected video file statistics" on page 539 "Archiving camera details" on page 540

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

533

Archiver

• "Advanced settings" on page 541 Server configurations The Archiver role supports up to two servers for failover. The two servers assigned to the Archiver must be configured separately from each other, and must have their own database and storage system for keeping the video archive. For more information, see "Protecting your video archive against hardware failure" on page 227. To add the secondary server: Before you begin: You cannot add a secondary server if the Archiver role has already two servers assigned. See also "Careful load planning for failover" on page 228. 1 Click the tab labelled Add server (

).

2 From the dialog box that appears, select the desired server and click Add. The Add server tab becomes the secondary server tab.

3 From the secondary server tab, configure the following: 

"Archive database settings" on page 536



"Archive storage settings" on page 536



"Network card settings" on page 538

4 If the secondary server is also on standby for other Archiver roles, then you might have to adjust their standby archiving priorities. See "Configure standby archiving priorities" on page 535. 5 Click Apply. To switch the primary and secondary servers around: Before you begin: You must have two servers assigned to the Archiver role. It is best to choose a time when the Archiver is not archiving to perform this operation. 1 Click Failover (

) at the bottom of the Resources tab.

A dialog box appears, showing both servers assigned to this Archiver role. 2 Select one of the server in the list and click

or

to move it up or down the list.

3 Click OK to close the Failover dialog box. The two server tabs switch places.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

534

Archiver

4 (Optional) If the primary server that became the secondary server also hosts other Archiver roles, then you might have to adjust their standby archiving priorities. For more information, see "Configure standby archiving priorities" on page 535. 5 Click Apply. CAUTION If the Archiver was archiving video, you will lose a few seconds of recording while the switch is taking place.

Configure standby archiving priorities A same server can be designated as the standby server of multiple Archiver roles. Should all Archiver roles fail over to the same server at the same time, their combined load might be too much for the server to handle. One way to avoid overloading a server is to assign a lower archiving priority to the roles of lesser importance in case a competition occurs. 1 Click Failover (

) at the bottom of the Archiver’s Resources tab.

2 In the Failover dialog box that appears, click Standby archiving priorities. 3 From the dialog box that appears, select a server from the Server drop-down list.

All Archiver roles that rely on this server as their primary or secondary server are listed. The archiving priority can only be set when the server is used as a standby. For roles that rely on the server as their primary server, the archiving priority is implicitly locked at 1 (the highest). 4 Set the priority of the roles as you see fit, and click Save. NOTE The archiving priority is a setting specific to each Archiver role on each server. When

the archiving priority has never been set, its default value is 1. 5 Repeat Step 3 and Step 4 as necessary to configure all servers hosting Archiver roles on your system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

535

Archiver

NOTE At any point in time on a given server, only the Archiver roles with the highest archiving

priority will be able to archive, be it 1 or 100. The archiving priority only affects archiving. Having a lower archiving priority does not stop a failed over Archiver role from performing its command and control functions.

Archive database settings The archive database stores the catalog of the recorded video footage, and the events related to them and the archiving process. The default database name is Archiver. IMPORTANT A separate database must be configured for each server assigned to the role. Because of this requirement, the archive database is often hosted locally on each server. When two or more Archiver roles are hosted on the same server, be sure to assign to each of them a different database instead of using the default one. For more information, see "Server configurations" on page 534.

The configuration of the Archiver database is the same as that of any other role on the system. For more information, see "Managing databases" on page 52.

Archive storage settings The actual video footage is not kept in the database, but on disk, in video files. Each video file might contain several short discrete video sequences, and uses the G64 file extension. The size limit of the video files is configured in the Advanced settings dialog box. For more information, see "Advanced settings" on page 541. Just like the archive database, the archive file storage is also specific to each server. Both local drives and network drives can be used to store video. All local drives found on the host server are listed by default and grouped under Default Disk Group.

Disk space cannot be allocated in advance for archiving purpose. Instead, the Archiver is allowed to use the available disk space up to a certain limit which is defined by the minimum free space that must be left on each disk. The information displayed on each disk are as follows:

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

536

Archiver

• Disk base path. Root folder on the disk where all video files are located. The default value is VideoArchives. Click on the name to change it to a different folder. IMPORTANT You must make sure that the service user running the Archiver role has write access to all the archive root folders assigned to the role. The Config Tool cannot verify this information on behalf of the Archiver.

• Min. free space. Minimum free space that the Archiver must leave untouched on the disk. Click on this value to change it.

• Free space. Actual free space remaining on disk. • Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk minus the minimum free space. CAUTION There is nothing to prevent other applications from using up the disk space set aside for the Archiver. For this reason, we recommend that you assign a disk that is not shared with other applications to this role. In the case where multiple Archivers share the same server, use a separate disk for each.

• Total size. Total capacity of the disk. The archive storage configuration commands are as follows: Button

Command

Description

Add network location

You can only add network drives to your archive storage. All local drives on the host server are listed by default. You can exclude them from being used by the Archiver by clearing the checkbox in front of each disk.

Add disk group

A disk group is a logical storage unit used by the Archiver to improve the overall disk throughput. See "Optimizing access to your storage devices" on page 226. Click the Up and Down arrows to move the selected disk from one group to another.

Delete

Deletes the selected disk or disk group. You cannot leave a disk group without any disk associated to it.

Camera distribution

This button appears only if you have more than one disk group defined. See "Optimizing access to your storage devices" on page 226.

Refresh the drive information

Refreshes the drive information.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

537

Archiver

Network card settings For every server assigned to this Archiver role, you must specify:

• Network card. Network card used to communicate with all video units. • RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests. When multiple archiving roles are hosted on the same server, this value must be unique for each one. The default value is 555. Additionally the value configured must not duplicate any of those used for the Media Router role, its redirector agent, or any Auxiliary Archiver hosted on the same server.

• Telnet port. Port used to listen to the Telnet Console connection requests for debugging purposes. When you change this value, you need to deactivate and reactivate the Archiver role for the change to take effect.

Archiver statistics The Statistics dialog box appears when you click the Statistics ( ) button. It provides all sorts of useful information regarding the archive storage, and the rate at which it is being filled up. If nothing is displayed, click .

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

538

Archiver

The available statistics are as follows:

• List of assigned disks. Snapshot of the disk statistics the last time a refresh was made. TIP Click to view the percentage of protected video files on the selected disk. For more information, see "Protected video file statistics" on page 539.

• Average disk usage. Average space used per day (first line) and average space used per camera per day (second line).

• Estimated remaining recording time. Number of days, hours, and minutes of recording time left based on the average disk usage and the current load.

• Active cameras. Number of cameras that are currently active. • Archiving cameras. Number of cameras for which archiving is enabled. TIP Click See details to view the recording state of each individual camera. For more information, see "Archiving camera details" on page 540.

• Archiving span. Time bracket within which video archives can be found. • Worst case bandwidth. This number gives you the worst-case scenario on the total bandwidth requirement if all the cameras are at the peak of their archiving demands.

Protected video file statistics Too many protected video files on a disk can take away valuable storage space for new video files. To make sure this does not happen, regularly check the percentage of protected video files on each disk.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

539

Archiver

The orange slice represents the proportion of video files that the user has decided to unprotect. When a user decides to manually remove the protection on a video file, the Archiver waits 24 hours before actually removing the protection, giving the user enough time to change his/her mind if necessary. During this reprieve, the status is said to be Protection ending. Instead of checking the Protected video files statistics, you can also configure an event-to-action to alert you on the event Protection threshold exceeded. For more information, see "Using eventto-actions" on page 106.

Archiving camera details The Archiving cameras dialog box displays the statistics for each individual camera based on the information collected the last time you clicked .

This report lets you verify whether each encoder is currently streaming video (and audio) and whether the Archiver is currently recording these data. The possible Recording states are as follows: Recording state

Description

Recording off

Recording is enabled but the Archiver is currently not recording. If you suspect a problem, the Description column might give you a clue. The possible causes are as follows: • Database lost. • Disks full. • Cannot write to any drive.

Recording on

Recording was started by a user.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

540

Archiver

Recording state

Description

Recording on (locked by system)

Recording is currently controlled by the Archiver (following an On Motion or Continuous schedule).

Recording off (locked by system)

Recording is currently disabled on this camera by a schedule.

Recording about to stop

Recording was started by a user and is about to stop (within the last 30 seconds of recording).

Advanced settings The advanced settings are independent of the server hosting the Archiver role.

Advanced settings

Description

Video watermarking

Turn this option on to protect your video archive against tampering. For more information, see "Protecting video archive against tampering" on page 229.

Delete oldest files when disks are full

Turn this option on to recycle the archive storage (the default mode), meaning that the oldest files are deleted to make space for new files when all the disks within a disk group are full. TIP Another way to manage the archiving space is to set individual archive retention periods for each camera (Automatic cleanup option in each camera’s Recording tab). This method allows you to keep the more important data for a longer period of time by purging less important video first.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

541

Archiver

Advanced settings

Description

Enable edge playback requests

Turn this option on only if the Archiver controls units configured for edge recording. This option is turned off by default to prevent sending playback requests to units that are not recording.

Protected video threshold

This is a safety threshold used to limit the amount of space that protected video files are allowed to occupy on disks. Protected video files are files that will not be deleted by normal archive cleanup procedures. When this threshold is exceeded, the Archiver will generate the Protected video threshold exceeded event once every 15 minutes for as long as the condition is true, but will not delete any video file that is already protected.

Video files

These two settings are used to control the size of the video files created by the Archiver: • Maximum length. Limits the length of video sequence contained in each file. The video length is the time span between the first video frame and the last video frame stored in a file. • Maximum size. Limits the size of the video file in MB. The Archiver will start saving the video to a new video file when either one of these conditions is met.

Additional settings

These additional settings are reserved for use by Genetec’s Technical Assistance personnel. Please do not be concerned with these settings.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

542

Auxiliary Archiver

Auxiliary Archiver The Auxiliary Archiver role supplements the video archive produced by the Archiver role. Unlike the latter, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it is free to archive any camera in the system, including the federated ones. The Auxiliary Archiver must depend on the Archiver to communicate with the video units. If an Archiver is not running, the Auxiliary Archiver would not be able to archive the cameras it controls. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Tasks: Video – Units, or System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Camera recording

Default recording settings for all cameras archived by this role.

Cameras

Cameras recorded by this Auxiliary Archiver.

Resources

Server, database, and disk storage configuration for this role.

Related topics:

• • • •

"Configuring the Auxiliary Archiver role" on page 204 "Camera (video encoder)" on page 368 "Managing video archives" on page 224 "Archiver" on page 521

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

543

Auxiliary Archiver

Camera recording The Camera recording tab lets you configure the default recording settings applied to all cameras associated to this Auxiliary Archiver. The default settings can be superseded by the recording settings of each individual camera. For more information, see Camera – "Recording" on page 378.

Video stream Use this drop-down list to select the default video stream that the Auxiliary Archiver should record for each camera. The video streams are configured for each individual camera. For more information, see "Configuring video streams" on page 210.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

544

Auxiliary Archiver

Recording modes The Auxiliary Archiver can apply different recording modes at different times. Recording mode

Description

Off

Recording is off ( ). This mode prevents recording from taking place, not even when an alarm is triggered.

Continuous

Records continuously. Recording cannot be stopped by the user (

On motion/Manual

Records when recording is triggered by an action (such as Start recording, Add bookmark, or Trigger alarm), or via motion detection.

).

Note: Manual recording is not supported by Auxiliary Archivers. Manual

Manual recording is not supported by Auxiliary Archivers. This schedule would have no effect.

CAUTION Recording schedules of the same type cannot overlap, regardless of the recording mode configured for each. When a scheduling conflict exists, the Auxiliary Archiver and the cameras are displayed in yellow in the entity browser and will issue entity warning messages. For more information, see "Resolving schedule conflicts" on page 105.

Other recording options Option

Description

Record audio

Turn this option on to record audio along with video. A microphone entity must be attached to this camera entity for this option to work. For more information, see Camera – "Hardware" on page 389.

Automatic cleanup

Turn this option on to delete the recorded video after a certain number of days, regardless whether the archiving storage is full or not. For more information, see Auxiliary Archiver – "Advanced settings" on page 550.

Time to record before an event

Duration of the recording buffer. This buffer is saved whenever the recording starts, ensuring that whatever prompted the recording is also captured on video.

Time to record after a motion

Recording duration when recording is triggered by motion detection. For more information, see Camera – "Motion detection" on page 379. During this period, the recording cannot be stopped by the user.

Default manual recording length

Recording duration when recording is started by a user. The user can stop the recording any time before the duration expires. This value is also used by the Start recording action, when the default recording length is selected.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

545

Auxiliary Archiver

Cameras The Cameras tab lets you select the cameras archived by this role. The Auxiliary Archiver can record any camera on your system, except those that are federated from an Omnicast 4.x system.

Related topics:

• "Associate cameras to the Auxiliary Archiver" on page 207 • "Remove a camera from the Auxiliary Archiver" on page 208

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

546

Auxiliary Archiver

Resources The Resources tab lets you configure the server, the database, and the disk storage for this Auxiliary Archiver role.

This section includes the following topics:

• • • • • • • •

"Genetec Server" on page 548 "Network settings" on page 548 "Archive database settings" on page 548 "Archive storage settings" on page 548 "Archiver statistics" on page 550 "Protected video file statistics" on page 550 "Archiving camera details" on page 550 "Advanced settings" on page 550

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

547

Auxiliary Archiver

Genetec Server Failover is not supported for the Auxiliary Archiver role. You can only select one server at a time. For more information, see "Move the Auxiliary Archiver to a different server" on page 208.

Network settings Additional network settings can be configured by clicking the

button:

• Network card. Network card used to communicate with all video units. • RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests. When multiple archiving roles are hosted on the same server, this value must be unique for each one. The default value is 555 for the Archiver and 558 for the Auxiliary Archiver. Additionally the value configured must not duplicate any of those used for the Media Router role or its redirector agent hosted on the same server.

Archive database settings The archive database stores the catalog of the recorded video footage, and the events related to them and the archiving process. The default database name is AuxiliaryArchiver. The configuration of the Auxiliary Archiver database is the same as that of any other role on the system. For more information, see "Managing databases" on page 52.

Archive storage settings The actual video footage is not kept in the database, but on disk, in video files. Each video file might contain several short discrete video sequences, and uses the G64 file extension. The size limit of the video files is configured in the Advanced settings dialog box. For more information, see "Advanced settings" on page 550. Both local drives and network drives can be used to store video. All local drives found on the host server are listed by default and grouped under Default Disk Group.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

548

Auxiliary Archiver

Disk space cannot be allocated in advance for archiving purpose. Instead, the Auxiliary Archiver is allowed to use the available disk space up to a certain limit which is defined by the minimum free space that must be left on each disk. The information displayed on each disk are as follows:

• Disk base path. Root folder on the disk where all video files are located. The default value is AuxiliaryArchives. Click on the name to change it to a different folder. IMPORTANT You must make sure that the service user running the Auxiliary Archiver role

has write access to all the archive root folders assigned to the role. The Config Tool cannot verify this information on behalf of the Auxiliary Archiver.

• Min. free space. Minimum free space that the Auxiliary Archiver must leave untouched on the disk. Click on this value to change it.

• Free space. Actual free space remaining on disk. • Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk minus the minimum free space. CAUTION There is nothing to prevent other applications from using up the disk space set aside for the Auxiliary Archiver. For this reason, we recommend that you assign a disk that is not shared with other applications to this role. In the case where multiple archivers share the same server, use a separate disk for each.

• Total size. Total capacity of the disk. The archive storage configuration commands are as follows: Button

Command

Description

Add network location

You can only add network drives to your archive storage. All local drives on the host server are listed by default. You can exclude them from being used by the Auxiliary Archiver by clearing the checkbox in front of each disk.

Add disk group

A disk group is a logical storage unit used by the Auxiliary Archiver to improve the overall disk throughput. See "Optimizing access to your storage devices" on page 226. Click the Up and Down arrows to move the selected disk from one group to another.

Delete

Deletes the selected disk or disk group. You cannot leave a disk group without any disk associated to it.

Camera distribution

This button appears only if you have more than one disk group defined. See "Optimizing access to your storage devices" on page 226.

Refresh the drive information

Refreshes the drive information.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

549

Auxiliary Archiver

Archiver statistics The Statistics dialog box appears when you click the Statistics ( ) button. It works the same way as for the Archiver role. For more information, see Archiver – Resources – "Archiver statistics" on page 538.

Protected video file statistics The Protected video file statistics dialog box of the Auxiliary Archiver works the same way as for the Archiver role. For more information, see Archiver – Resources – "Protected video file statistics" on page 539.

Archiving camera details The Archiving cameras dialog box displays the statistics for each individual camera based on the information collected the last time you clicked . It works the same way as for the Archiver role. For more information, see Archiver – Resources – "Archiving camera details" on page 540.

Advanced settings The Auxiliary Archiver’s advanced settings work the same way as the Archiver. For more information, see Archiver – Resources – "Advanced settings" on page 532.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

550

Directory

Directory The Directory is the main role that identifies your Security Center system. It manages all entity configurations and system wide settings in Security Center. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server, and must be set up first. All other servers you add in Security Center are called expansion servers, and must connect to the main server to be part of the same system. The main functions of the Directory role are:

• • • • • • • • •

Client application connection authentication Software license enforcement Central configuration management Event management and routing Audit trail and activity trail management Alarm management and routing Incident management Scheduled task execution Macro execution

Configuring the Directory role Because the Directory role is responsible for the authentication of all client connections, it cannot be configured in the Config Tool client application. To configure the Directory role, call Server Admin from a Web browser. For more information, see "Open Server Admin using Internet Explorer" on page 48. Using Server Admin, you can perform the following administrative tasks:

• • • • •

Start/stop the Directory role Manage the Directory database and change the data retention periods View and modify your Security Center license View and modify the main server’s password and communication ports Convert the main server into an expansion server

Managing the Directory role In a multiple Directory server configuration, the Directory failover and load balancing is managed by the Directory Manager role. For more information, see "Configuring Directory failover and load balancing" on page 66.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

551

Directory Manager

Directory Manager The Directory Manager is the role that manages the Directory failover and load balancing in order to produce the high availability characteristics in Security Center. Only one instance of this role is permitted per system. This role is created by default when your Security Center license supports multiple Directory servers, and cannot be deleted nor deactivated. System: General Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Directory servers

Lets you configure the servers assigned to Directory failover and load balancing.

Database failover

Lets you configure the failover of the Directory database. This feature is turned off by default.

Related topics:

• • • • •

"Configuring Directory failover and load balancing" on page 66 "Managing servers and roles" on page 47 "Managing databases" on page 52 "Configuring role failover" on page 61 "Directory" on page 551

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

552

Directory Manager

Directory servers The Directory servers tab lets you configure the servers assigned to Directory failover and load balancing.

Directory failover list The list of servers assigned to Directory failover and load balancing is called the Directory failover list. To show or change the connection port assigned to each server, click Advanced (

).

The server identified with a different icon ( ) than the rest ( ) is the main server. The main server is the only Directory server that can write to the Directory database. The rest can only read from that database. Related topics:

• "Configuring Directory failover and load balancing" on page 66 • "How Directory failover and load balancing works" on page 66 • "Differences between Directory servers and the main server" on page 66

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

553

Directory Manager

Database failover The Database failover tab lets you configure the Directory database failover. When this feature is turned on, you have two options:

• "Backup and restore" on page 554 • "Mirroring" on page 556 Backup and restore The Directory Manager protects the Directory database by regularly backing up the master database instance. During a failover, the latest backups are restored to the backup database that’s next in line.

The list of databases available for failover is described as follows:

• LED ( ). Indicates the database server that is currently active. • Server. Security Center server hosting the database instance. The server that manages the master database instance is flagged as (Master).

• Database server. Database server name. The name must be accessible from all computers. Relative names, such as (local)\SQLSEXPRESS cannot be used. Always write explicitly the server’s DNS name (for example TW-WIN7-SC-5) instead of (local). gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

554

Directory Manager

IMPORTANT All database servers must be of the same version for database failover to work.

• Database name. Database instance name. • State. Database state. If there is a problem, an error message is displayed. • Last Backup/Restore time. Time of the last backup on the master database, or the last restore on the backup database.

• Folder. Local folder on the specified server where the backup files are copied. The other parameters are:

• Automatically reconnect to master database. Select this option to force all Directory servers to reconnect to the master database once it is back online after a failover. This will cause a short service disruption, and all changes made to the system configuration while the master database was offline will be lost.

• Generate full backup every. Frequency (in days) and time at which the full backup should be generated. TIP It is recommended to generate a full backup after you’ve made lots of changes to the system configuration. You can do this anytime by clicking Generate full backup. IMPORTANT After changing the master database from Server Admin (restoring a previous backup for example), always manually generate a full backup from Config Tool immediately after. Failing to do so will cause your master and backup databases to become out of synch and the database failover mechanism will no longer work.

• Generate differential backup every. Frequency (in minutes) at which the differential backup should be generated. A differential backup contains the database transactions made after the previous backup (full or differential). The differential backups are deleted only after a full backup is made. NOTE All backup activities are stopped when the active database is not the master database.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

555

Directory Manager

Mirroring Database failover is handled by Microsoft SQL Server and is transparent to Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover.

NOTE The Principal and the Mirror databases must be of the same version. Should you decide to use a Database server instance name, the two instance names must be different. For more information on database mirroring, please refer to Microsoft SQL Server Database Mirroring documentation.

Related topics:

• "How Directory database failover works" on page 71 • "Configuring Directory database failover" on page 71

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

556

Global Cardholder Synchronizer

Global Cardholder Synchronizer The Global Cardholder Synchronizer (GCS) role ensures the two-way synchronization of the shared cardholders and their related entities between the local system (sharing guest), where it is hosted, and the central system (sharing host). Only a single instance of this role is permitted on each system.

System: Synergis IP access control Task: Access control – Units, or System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Connection parameters to the sharing host, shared global partitions, and synchronization option.

Resources

Servers and failover configuration for this role.

Related topics:

• "Managing global cardholders" on page 296 • "What is the Global Cardholder Synchronizer?" on page 298 • "Configure the Global Cardholder Synchronizer" on page 304

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

557

Global Cardholder Synchronizer

Properties The Properties tab lets you configure the connection parameters to the sharing host, the global partitions you want to share, and your synchronization option.

Connection parameters The Global Cardholder Synchronizer (GCS) role must stay connected to the sharing host in order to keep the local copies of the global entities synchronized with the host.

• Connection status. Indicates the current connection status. The second line shows the connection activities or when the last synchronization was performed.

• Directory. Name of a Directory server on the sharing host. If anything else than the default connection port (5500) is used, you must explicitly indicate the port number after the Directory name, separated by a colon. For example: HostServer:5888.

• Username and password. Credentials used by the GCS role to connect to the sharing host. The rights and privileges of this user determine what your local system will be able to see and share with the host system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

558

Global Cardholder Synchronizer

Global partitions List of global partitions found on the sharing host. Select the ones you wish to share.

Synchronize automatically Select this option to have the GCS role perform synchronization in real time. This means that whenever a change is made on the sharing host, either by the host itself or by another sharing guest, the change will immediately be reflected on your local system. Leaving this option unchecked allows you to synchronize manually. You must also leave the role in manual synchronization mode if you want the GCS role to synchronize periodically via a scheduled task. For more information, see "Using scheduled tasks" on page 109.

Resources The Resources tab lets you configure the servers for hosting this role. The GCS role does not require a database.

Servers All server management principles are the same for the Global Cardholder Synchronizer role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

559

Health Monitor

Health Monitor The Health Monitor is the central role that monitors system entities such as servers, roles, units, and client applications for health issues. Health events are recorded in a database for the purpose of reporting and statistical analysis. Current system errors are reported in real time in your application’s notification tray. Only one instance of this role is permitted per system. This role is created at system installation and cannot be deleted. System: General Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Health events to be monitored.

Resources

Servers, database, and failover configuration for this role.

Related topics:

• • • •

"Monitoring your system’s health" on page 75 "Configuring the Health Monitor" on page 76 "Viewing system health events" on page 170 "Viewing the health status and availability of entities" on page 171

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

560

Health Monitor

Properties The Properties tab lets you configure the health events to be monitored.

• Client app. maintenance mode. Turn this switch on to set the client applications in maintenance mode. Setting any entity in maintenance mode means that the down time will be considered Expected-down time and will not be used in the health statistics availability percentage calculations. Only Unexpected down-time is used when calculating availability. Most entities can be set in maintenance mode through their own contextual toolbar ( Enable maintenance mode). For client applications, it must be set here. NOTE Setting something in maintenance mode does not stop the health events. Rather, it

downgrades all health events to informational only.

• Events to monitor. Select which events you want the Health Monitor role to watch. IMPORTANT Clearing a health event in this list does not remove it from the Health history query filter. But, it could make some of the Health statistics calculations impossible.

Some of the events allow you to adjust the thresholds used to fire the event. For more information, see "Change the firing threshold of a health event" on page 80.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

561

Health Monitor

Resources The Resources tab allows you to configure the servers and database assigned to this role.

Servers All server management principles are the same for the Health Monitor role as with any other role. For more information, see "Managing servers and roles" on page 47.

Database All database management principles are the same for the Health Monitor role as with any other role. For more information, see "Managing databases" on page 52.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

562

Intrusion Manager

Intrusion Manager The Intrusion Manager role is responsible for the integration of intrusion panels (or alarm panels) to Security Center. It listens to the events reported by the intrusion panels, reports them live in Security Desk, and logs them in a database for future reporting. The Intrusion Manager is also responsible to relay user commands such as arming and disarming the areas (or zones) to the controlling panel and triggering the outputs connected to the latter via event-to-actions. Multiple instances of this role can be created on the system. System: General – Intrusion detection Task: Intrusion detection – Units, or System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Database retention period for intrusion events.

Extensions

Manufacturer specific settings for connecting to intrusion detection units that this role should communicate with.

Resources

Servers, database, and failover configuration for this role.

Related topics:

• "Managing intrusion panels" on page 155 • "Intrusion detection unit" on page 423 • "Intrusion detection area" on page 421

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

563

Intrusion Manager

Properties The Properties tab lets you configure the retention period of the intrusion events in the database.

Keep events Intrusion events are logged by the Intrusion Manager for intrusion activity reports. You can decide for how long you want to keep them before they are purged from the Intrusion Manager database. Related topics:

• Intrusion detection investigation tasks in Genetec Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

564

Intrusion Manager

Extensions The intrusion unit models controlled by this Intrusion Manager role.

All supported manufacturer extensions are created by default when the role is created.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

565

Intrusion Manager

Resources The Resources tab allows you to configure the servers and database assigned to this role.

Servers All server management principles are the same for the Intrusion Manager role as with any other role. For more information, see "Managing servers and roles" on page 47. IMPORTANT The Intrusion Manager role supports failover only when the intrusion panels are connected via IP. Failover is not supported if the intrusion panels are connected via serial port. For more information, see "Configuring role failover" on page 61.

Database All database management principles are the same for the Intrusion Manager role as with any other role. For more information, see "Managing databases" on page 52.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

566

LPR Manager

LPR Manager The LPR Manager stores all LPR data (reads, hits, images, vehicle status, GPS data, and so on) collected from the LPR units (fixed Sharps) and Patrollers that it manages into a central database for data mining and reporting. The LPR Manager is also responsible for updating fixed Sharps and Patrollers in the field with hotfixes, hotlist updates, and so on. Multiple instances of this role can be created on the system to provide scalability and partitioning. For example, different fleets of Patrollers can be managed by different LPR Managers, fixed Sharp units can be managed by different LPR Managers, and so on. System: AutoVu IP license plate recognition Tasks: LPR – Units, or System – Roles Identity

Name, description, logical ID, and relationships of this entity with other entities in the system.

Properties

General parameters within which this role should operate.

Resources

Server and database configuration for this role.

Related topics:

• • • • • • •

"Hotlist" on page 414 "LPR unit" on page 426 "Overtime rule" on page 439 "Parking facility" on page 444 "Patroller" on page 450 "Permit" on page 453 "Permit restriction" on page 457

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

567

LPR Manager

Properties The Properties tab is used to configure the general LPR Manager settings and optional AutoVu features. The availability of certain features depends on your Security Center license. This section includes the following topics:

• • • • • • • • • • •

"General settings" on page 569 "Live" on page 571 "File association" on page 572 "Matching" on page 573 "Reverse geocoding" on page 574 "Plate filtering" on page 574 "Email notification" on page 576 "XML import" on page 578 "XML export" on page 579 "Update provider" on page 582 "Data import" on page 583

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

568

LPR Manager

General settings Use the General settings to configure the Root folder for the LPR Manager, the user group for the Patrollers, and how long the data from the LPR Manager is kept in the database. IMPORTANT Please read the following before you configure the LPR Manager General settings.

• If you are using SQL Server Express Edition, the database might be full before the retention •

period ends. Contact GTAP to help you evaluate whether SQL Server Express meets the requirements of your AutoVu system. If your computer is hosting more than one LPR Manager, each LPR Manager must have a different root folder.

• Root folder. The main folder on the computer hosting the LPR Manager. This is where all the configuration files are created, saved, and exchanged between the LPR Manager and the Patroller units it manages. Whenever you create a new LPR Manager role, the root folder is created automatically on your computer at the location C:\Genetec\AutoVu\RootFolder. If you create multiple LPR Managers, new folders will be created for you at the same location. For example, if you have three LPR Managers created, the folders RootFolder1, RootFolder2, and RootFolder3 will be created under the folder C:\Genetec\AutoVu. The LPR Manager root folder includes the following subfolders: 

ManualTransfer. Contains the configuration and data files to transfer to Patroller manually using a USB key or similar device.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

569

LPR Manager





Offload. Contains the LPR data offloaded by Patroller. Rules. Contains the delta files used by Security Center to transfer hotlist and permit list changes. Do not copy or move anything in this folder.

Updates. This folder appears when you first turn on the Update provider (see "Update provider" on page 582). It contains Security Center and Patroller hotfixes, as well as Sharp service and firmware updates. Patroller hotfixes are automatically downloaded to Patroller whenever Patroller is connected to Security Center. Mobile Sharp units are updated through Patroller, and fixed Sharp units are updated through the network. Optimize Root folder disk space. (Windows Vista or later only) Enables the use of symbolic links to reduce disk utilization when the same file is replicated in multiple folders, such as when you have large hotlists and/or permit lists associated to individual Patroller units. This reduces the Root folder’s overall disk space, and optimizes file transfer performance to the Patroller in-vehicle computer. To use this feature, the server machine must be running Windows Vista or later, otherwise hotlists and permits will be copied as usual (duplicate copies on disk). The client machine must also be running Windows Vista or later, otherwise the client won’t be able to access the files inside the root folder. After enabling this option in Security Center, you also must enable it in Windows on your server and client machines (you’ll need administrator rights). On both the server and client machines, open Windows Command Prompt, and then type the following: 





To enable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:1

To disable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:0. User group for Patrollers. List of users (and their passwords) who are allowed to log on to the Patrollers managed by the LPR Manager. This list is downloaded to the Patrollers. 



In Patroller Config Tool, if the Patroller Logon type is Secure name or Secure name and password, the Patroller user will be required to enter the username and password configured in Security Center. If secure logon names are in use, when a read or a hit occurs, in Security Desk you can view who was driving the vehicle.

• Database retention periods. Specify how many days of LPR-related data Security Center can query. The default is 90 days, and the maximum is 2000 days. LPR data that is older than the value(s) you specify will not appear in Security Center queries and reports (Hit reports, Read reports, and so on). 

Patroller route retention period. Number of days Patroller route data (GPS positions) can be queried.



Hit retention period. Number of days hit data can be queried.



Read retention period. Number of days license plate reads can be queried.



Event retention period. Number of days the LPR events License plate read and License plate hit can be queried.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

570

LPR Manager

Live The Live settings are used to configure how data is transferred between Security Center and Patroller.

• Listening port. Port used to listen for connection requests coming from fixed Sharps and Patrollers. After the connection is established, the LPR Manager can receive live updates from the LPR units it manages.

• Sharp discovery port. Port used by the LPR Manager to find fixed Sharp units on the network. The same port number must be used in the Discovery port setting on the Sharp. IMPORTANT Each LPR Manager must use a unique discovery port.

• Send on read (fixed Sharp only). For each plate read, choose which Sharp images are sent to Security Center. These images are displayed in Security Desk when monitoring LPR events. 

License plate image. Include the high resolution close-up image of the license plate along with the plate read data.

Context image. Include the wide angle context image of the vehicle along with the plate read data. Channel security. Encrypt communication between Security Center and Patroller. 



IMPORTANT Encryption must be enabled both in the Security Center Config Tool and in

Patroller Config Tool. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

571

LPR Manager





Encrypt communication channel. Encrypt communication between Patroller and Security Center. Accept non encrypted messages. Security Center will accept incoming connections from Patrollers that do not have the encryption option enabled.

File association The File association settings specify which hotlists and permits are active and managed by the LPR Manager.

• Hotlists. A list of all the hotlists in Security Center. Choose which hotlists you want the LPR Manager to manage. The LPR Manager then sends the hotlists to the Patrollers it manages, or matches the hotlists against the reads collected from fixed Sharp units to produce hits. When you create a new hotlist, it is automatically added to this list and enabled for all the LPR Managers on your system.

• Permits. A list of all the permits in Security Center. Choose which permits the LPR Manager manages. The LPR Manager sends these permit lists to Patrollers. Only Patrollers configured for parking enforcement require permits. When you create a new permit, it is automatically added to this list and enabled for all the LPR Managers on your system. NOTE You can also associate permits to individual Patrollers, and hotlists to individual Patrollers

or Sharp units. For more information, see "Patroller" on page 450, and "LPR unit" on page 426.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

572

LPR Manager

Matching The Matching settings are used to enable matching between hotlists and fixed Sharp units. You use these settings when you want to configure event-to-actions in Security Desk that trigger on “match” or “no match” events.

• Matching. Enables matching between fixed Sharp units and hotlists. When matching is enabled, you can configure event-to-actions in Security Desk that trigger when the Sharp reads a plate that is on a hotlist you’ve activated in File association.

• Generate “No match” events. Security Center generates “no match” events when a plate is not found on a specific hotlist. You can then configure event-to-actions in Security Desk based on “No match” events. You would typically use “No match” events as part of an access control scenario. For example, you can associate a hotlist to a specific Sharp unit that is monitoring access to a parking lot or similar location. In this scenario, a Security Center event-to-action for a “License plate hit” grants the vehicle access (opens a gate, raises a barrier, and so on), and an event-to-action for a “No match” could trigger an alarm, or send an email to security personnel.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

573

LPR Manager

Reverse geocoding The Reverse geocoding feature converts the raw GPS data (longitude, latitude) from Patrollers into street addresses. The street addresses are then saved along with the reads in the LPR Manager database. NOTE You need geocoding if your Patrollers are equipped with GPS but no maps.

• Map type. Displays the map type set in the Security Center license. • (If you choose Mapinfo) MapInfo workspace. Folder where the MapInfo files (Maps.mws and associated files) are found. This folder must be on the same computer where the LPR Manager is installed.

• (If you choose Mapinfo) MapInfo version. If using MapInfo version 6 and later, you must select New.

Plate filtering The Plate filtering settings determine what to do when a hotlist or permit list is modified. The LPR Manager can detect if the new or modified lists include entries that contain invalid (nonalphanumeric) characters. You can configure the LPR Manager to either delete the invalid entries completely, or to delete only the invalid characters within the entries. You can also save logs of the filtering process to view detailed information about how many invalid entries were deleted or modified.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

574

LPR Manager

• Plate number valid characters. Select the types of characters to filter on (Latin, Arabic, or Japanese).

• Invalid plate number. Configure how the LPR Manager handles invalid records: 



Modify record. (Default setting). Removes any non-alphanumeric characters from the plate number. For example, the plate number “ABC#%3” becomes “ABC3”. Remove record. Deletes the entry from the list entirely.

• Logging. Select Log filtering in, and then specify where you want the log file to be saved. The destination folder you choose must be accessible to the computer hosting the LPR Manager role.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

575

LPR Manager

Email notification The Email notification setting turns on email notifications for hotlist hits, and lets you customize the look and contents of the email message. You can configure email notification at the hotlist level (any hit from a hotlist), or at the individual license plate level (a hit from a specific plate). For more information, see “Configuring email notifications for hotlist hits” in the AutoVu Handbook.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

576

LPR Manager

• Annotation email address. Used for email notification at the individual license plate level. Type the name of the hotlist attribute related to email notification. For example, if you added an “Email” attribute on the hotlist entity’s Properties page, type the exact same name here. The names must match exactly.

• Email components. Choose the LPR data you want to attach to the notification email, and whether to hide the license plate numbers in the message body. 

License plate image. High resolution close-up images of the license plate.



Context image. A wider angle color image of the vehicle.

License plate. Replaces the read plate number, and the matched plate number in the email with asterisks (*). Log emails in. Select the check box to log hotlist hit notification emails. Type the full path to the log file. 



• Template. Customize the email. Do any of the following: 

Edit the email’s subject line or message body.



Switch between plain text and HTML.



Add formatting (bold, italics, and so on).





Right-click in the message body for a menu of quick tags that you can use to add more information to the email. Restore the default email template at any time.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

577

LPR Manager

XML import The XML import settings are used to import data from third-party applications into the LPR Manager database. When you turn this setting on, Security Center creates an XML import entity, and then associates the imported data with this entity. In Security Desk, you can then filter on the XML import entity when running hit or read reports.

• XML template file. Specify where the XML template file is located. You’ll find a default template in the Security Center installation package in Tools\LPR\XMLTemplatesSamples.

• XML data folder. Specify the folder that contains the XML data files for Security Center to import.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

578

LPR Manager

XML export The XML export settings are used to send LPR Manager reads and hits to third-party applications. Reads and hits are sent live as they occur.

• XML templates folder. Specify where the XML templates folder is located. You’ll find default templates in the Security Center installation package in Tools\LPR\XMLTemplatesSamples. There are XML templates for each type of LPR event (plate reads, hotlist hits, overtime hits, permit hits, and shared permit hits).

• XML export folder. Specify the folder that contains the XML files exported by the LPR Manager.

• Time format. Enter the time format used in the exported files. As you set the time format the information field displays what the time format will look like in the XML file. To identify the units of time, use the following notation: Notation

Description

h

Hour

m

Minute

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

579

LPR Manager

s

Second

:

Must use a colon (:) between the hour, minute, and second units.

hh,mm,ss

Display time with leading zero. For example: 03:06:03 represents 3 hours 6 minutes 3 seconds.

h,m,s

Display without leading zero. For example: 3:6:3 represents 3 hours 6 minutes 3 seconds.

tt

Include A.M. or P.M. If using a 12-hour clock, you might want to use A.M. or P.M. notation. Unit can be preceded with or without a space. For example, HH:mm:ss tt displays 17:38:42 PM.

Lowercase h

12-hour clock.

Uppercase H

24-hour clock.

• Date format. Enter the date format used in the export files. To identify the units of a date, use the following notation: Notation

Description

M

Month in numerals

MM

Month in numerals with leading zero.

MMM

Month abbreviation. For example Apr for April.

y

Year without century. For example, yy displays 11 for 2011.

yyy

Year with century. For example, yyyy displays 2011

d

Date

dd

Date with leading zero.

ddd

Day of week three letter abbreviation. For example, ddd displays Wed for Wednesday.

dddd

Day of week. For example, dddd displays Wednesday.

Delimiters

Can use space or dash (-) between units in the date.

Example

dddd MM dd, yyy displays Wednesday April 06, 2011.

• Supported XML hashtags. The following XML hashtags are supported. Each hashtag must have an opening and closing XML tag (for example, to use the tag #CONTEXT_IMAGE# you must write #CONTEXT_IMAGE# in the XML). 

#ATTRIBUTES#. Generate all Read and Hit attributes.



#CONTEXT_IMAGE#. Context image (Base64-encoded JPEG).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

580

LPR Manager











#DATE_LOCAL#. Local date of the LPR event. #ELAPSED_TIME#. For an overtime hit, this tag indicates the time difference between the two plate reads (displaying the number of days is optional). #FIRST_VEHICLE#. For a shared permit hit, this tag generates the content specified in ReadTemplate.xml for the first vehicle seen. #FIRST_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute From street from the first plate read. #FIRST_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To street from the first plate read.



#HOTLIST_CATEGORY#. Category field of the hotlist that generated the hit.



#GUID#. Unique identifier of the LPR event.



#INVENTORY_LOCATION#. For MLPI installations, the location of the vehicle inventory.



#ISHIT#. This tag indicates if the LPR event is a hit.



#LATITUDE_DEGREE#. Latitude of the LPR event (in degrees).



#LATITUDE_DMS#. Latitude of the LPR event (in degrees, minutes, and seconds).



#LATITUDE_MINUTE#. Latitude of the LPR event (in minutes).



#LATITUDE_SECOND#. Latitude of the LPR event (in seconds).



#LONGITUDE_DEGREE#. Longitude of the LPR event (in degrees).



#LONGITUDE_DMS#. Longitude of the LPR event (in degrees, minutes, and seconds).



#LONGITUDE_MINUTE#. Longitude of the LPR event (in minutes).



#LONGITUDE_SECOND#. Longitude of the LPR event (in seconds).



#MATCHED_PLATE#. License plate against which the hit was generated.



#ORIGINAL#. For an overtime hit, this tag generates the content specified in ReadTemplate.xml for the first read of a given plate.



#OVERVIEW_IMAGE#. Overview image (Base64-encoded JPEG).



#PERMIT_NAME#. Name of the permit that generated the LPR event.



#PLATE_READ#. License plate as read by the Sharp.



#PLATE_IMAGE#. License plate image (Base64-encoded JPEG).











#READ#. Embed the contents of the ReadTemplate.xml inside another XML template (useful for hits). #SECOND_VEHICLE#. For a shared permit hit, this tag generates the content specified in ReadTemplate.xml for the second vehicle seen. #SECOND_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute From street from the second plate read. #SECOND_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To street from the second plate read. #SHARP_NAME#. Name of the Sharp that read the plate.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

581

LPR Manager



#STATE#. License plate's issuing state or province, if read.



#TIME_LOCAL#. Local time.



#USER_ACTION#. User action related to the LPR event.



#VEHICLE#. Same as #READ#.



#ZONE_COLOR#. Color of the zone associated to the LPR event.



#ZONE_NAME#. Name of the zone associated to the LPR event.

Update provider Turn on the Update provider to create the required sub-folder in the LPR Root folder that will receive the update files. Also, you need to specify the Listening port used for Patroller and Sharp updates. The LPR Manager will use this port to update Patrollers and Sharps with new hot fixes, hit alert sounds, hotlists, firmware and so on.

• Listening port. This is the port Security Center uses to send updates to Patrollers and connected Sharp units, as well as to fixed Sharps on the network. Make sure to use the same port number in Patroller Config Tool, and in the .

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

582

LPR Manager

Data import The Data import settings are used to import data from AutoVu 4.3 systems. The LPR Manager connects to the AutoVu Gateway 4.3 database and imports all mobile data into the LPR Manager database so that the data can be viewed with Security Desk. IMPORTANT Before you turn on Data import, configure the AutoVu Gateway database server and database name. NOTE Please note the following about importing the AutoVu Gateway 4.3 database into Security

Center: 







The first time you run the migration, the LPR Manager will import everything that is in the existing Back Office database up until the retention period specified in the General settings. It takes approximately one hour for every 2.5 GB of data to transfer. For example, if you have 100 GB of data, the data import process will take approximately 40 hours. After the first batch of data is imported, the import process will resume every 12 hours. In the mean time, the old system can operate as usual. As data from the legacy system is imported into Security Center, you'll see the Patroller and LPR units appear under the LPR Manager.

For information on how to migrate to Security Center 5.0 from AutoVu 4.3, see the Security Center Installation and Upgrade Guide. Data server. Name of the data server used by the legacy AutoVu Gateway. 

• • Database. Name of the legacy AutoVu Gateway database.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

583

LPR Manager

Resources The Resources tab allows you to configure the servers and database assigned to this role.

Servers All server management principles are the same for the LPR Manager role as with any other Security Center role.

Database All database management principles are the same for the LPR Manager role as with any other Security Center role. NOTE When backing up (or restoring) the database to a network drive, you must manually enter the network path (for example, \\\\.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

584

Media Router

Media Router The Media Router role handles all stream (audio or video) requests on the system. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (Security Desk or SDK clients). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks and servers).

It ensures all video streams use the best route to get to their destinations, while performing any necessary transformation (for example, from unicast to multicast, or from IPv4 to IPv6). Only a single instance of this role is permitted per system. System: Omnicast IP video surveillance Tasks: Video – Units, or System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Stream redirectors, start multicast endpoint, and RTSP port.

Resources

Servers, databases, and failover configuration for this role.

Related topics:

• • • •

"Configure the Media Router" on page 202 "Network" on page 434 "Server" on page 471 "Archiver" on page 521

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

585

Media Router

Properties The Properties tab allows you to configure the stream redirectors, the start multicast endpoint, and the RTSP port for the Media Router.

Redirectors Redirectors are servers assigned to host redirector agents. A redirector agent is a software module launched by the Media Router to redirect data streams from one IP endpoint to another. The Media Router automatically creates a redirector agent on every server assigned to an Archiver role. You might have to create redirector agents on additional servers if you need to reach clients located on remote networks or to balance the redirection workload between multiple servers. Click Add an item (

) to add new redirectors or Edit an item (

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

) to modify an existing one.

586

Media Router

Both commands open the Redirector configuration dialog box.

The redirector settings are as follows:

• Server. Server selected to host the redirector agent. • Multicast interface. Network adaptor to use for streaming data in multicast mode. • Incoming UDP port range. Range of ports used by the redirector agent to send video using UDP. If the redirector agent is running behind a firewall, make sure that these ports are unlocked for inbound packets for UDP connections.

• RTSP port. Port used by the redirector agent to receive TCP commands. The same port is used to stream data using TCP. NOTE If you are configuring the redirector agent on the same server that is hosting the Media Router, the RTSP port cannot be the same as the one used by the Media Router.

• Live capacity. Use this option to limit the maximum number of live streams that this server (redirector) can redirect. This feature serves two purposes: 

Avoid overloading the server with too many users trying to view video (that needs redirection) at the same time.

Avoid overloading the network with too many video streams coming from a remote site that has limited bandwidth. When the limit is reached, an error message is displayed on the client application requesting the live video that the live stream capacity is exceeded. 

• Playback capacity. Same idea as Live capacity for playback streams.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

587

Media Router

Start multicast endpoint Start multicast address and port number. In multicast, all audio and video sources are streamed to different multicast addresses while using the same port number. This is because multicast switches and routers use the destination IP address to make their routing decisions. To follow the same approach, the Media Router assigns that same port number to all streaming devices (microphones and cameras), starting with the specified IP address, and incrementing it by 1 for every new devices it encounters.

RTSP port Incoming TCP command port used by the Media Router.

Resources The Resources tab allows you to configure the servers and database assigned to this role.

Servers All server management principles are the same for the Media Router role as with any other role. For more information, see "Managing servers and roles" on page 47.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

588

Media Router

Database All database management principles are the same for the Media Router role as with any other role. For more information, see "Managing databases" on page 52. NOTE The Media Router role supports failover and accepts multiple secondary servers. The exception to the rule is that its database can be local to each server. For more information, see "Configuring role failover" on page 61.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

589

Omnicast Federation

Omnicast Federation The Omnicast Federation role imports entities from an remote Omnicast 4.x system so that its cameras and events can be used by your local Security Desk users. The federation role acts as a proxy between your local clients and the remote Omnicast system they need to connect to. Multiple instances of this role can be created on the system. System: Omnicast IP video surveillance Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system. This is also where you set the value of role group for very large scale Federation deployment.

Properties

Connection parameters to the remote Omnicast system, and default video stream and of events to receive from it.

Resources

Servers and failover configuration for this role.

Related topics:

• "Federating remote systems" on page 128 • "Federating Omnicast systems" on page 131 • "Security Center Federation" on page 601

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

590

Omnicast Federation

Identity The Identity tab provides descriptive information about this role lets you jump to the configuration page of related entities. For more information, see "Identity" on page 332.

Role group The role group is an advanced setting that is necessary only if you plan on hosting more than 40 Omnicast Federation roles on the same server. For more information, see "What is a role group?" on page 134. To make this setting appear:

• Click inside the Name field and type Ctrl+Shift+A.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

591

Omnicast Federation

Properties The Properties tab allows you to configure the connection parameters to the remote Omnicast system, and the default video stream and events you wish to receive from it.

Connection parameters The top section identifies the remote Omnicast system and its connection status.

• Connection status. Shows the connection status of the federation role to the remote system. Click Reset connection at the bottom of the tab to force a reconnection.

• Directory. Name of the Omnicast Gateway connecting you to the remote Omnicast system. • Username and password. Credentials used by the federation role to log on to the remote Omnicast system. The rights and privileges of that user will determine what your local users will be able to see and do on the federated remote system.

• Version. Version of the federated Omnicast system. This drop-down list only shows the Omnicast versions for which a compatibility pack has been installed.

Received information The bottom section describes the default video stream and events you wish to receive from the federated system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

592

Omnicast Federation

Events are necessary if you plan to monitor the federated entities in Security Desk or to configure event-to-actions for the federated entities.

Resources The Resources tab lets you configure the servers for hosting this role. The federation role does not require a database.

Servers All server management principles are the same for the Omnicast Federation role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

593

Plugin

Plugin The Plugin role hosts a specific plugin. Each Plugin role instance hosts exactly one plugin of the type you select. IMPORTANT You need to install the plugin package on your client and server computers before you can create the corresponding Plugin role, and you must make sure your Security Center license has a valid certificate for the plugin you want to use.

System: General Task: Plugins – Plugins, or System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Depends on the type of plugin the role is hosting. Other tabs might appear depending on the type of plugin you have. For more information, see the corresponding Plugin User Guide.

Resources

Servers and database assigned to this role. The Plugin role supports failover. For more information, see "Configuring role failover" on page 61.

Related topics:

• "Role" on page 462 • RF Code Asset Management Plugin User Guide • OnGuard and Video Translator Plugin User Guide

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

594

Point of Sale

Point of Sale The Point of Sale role imports transaction data from an external point of sale (POS) system so that transaction reports can be generated from Security Desk for investigation purpose. The transactions are tied to the cash registers that were used to capture these transactions. Security Center can link Omnicast cameras to these cash registers, allowing users to search video sequences based on the transaction details. For more information, see “Transactions” in the Security Desk User Guide. IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin must be enabled on the machine where Security Desk is installed. For more information, see “Enable Point-of-Sale plugin” in the Security Center Installation and Upgrade Guide.

System: General Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Description of the external (third party) POS system database.

Cash registers

Cash registers corresponding to the transactions imported by this role.

Resources

Servers, database, and failover configuration for this role.

Related topics:

• "Cash register" on page 400

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

595

Point of Sale

Properties The Properties tab lets you configure how this role is to get the transaction data from the external POS system, and how long these data should be kept in Security Center.

Parameters for getting the transaction data The Point of Sale role gets its data from the external POS system by polling its database at regular intervals. The first set of parameters tells the role how to get these data.

• • • •

Database server. Database server used by the external POS system. Database. Database name used by the external POS system. Transaction header table. Table name used for transaction headers. Transaction details table. Table name used for transaction details (or transaction line items).

• Fetch transaction every. Frequency at which the role should poll the POS database for new data.

Housekeeping parameters for the saved transaction data Data fetched from the external POS database are saved to a database in Security Center. The local database where the transaction data is stored is configured in the Resources tab.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

596

Point of Sale

• Retention period. Number of days the transaction data should be kept locally. • Cleanup period. Frequency of the local database cleanup. • Cleanup time. Scheduled database cleanup start time.

Cash registers The Cash registers tab lets you configure the cash registers (or terminals) whose associated transactions ought to be downloaded from the external POS database (see Properties tab).

Add a cash register Add cash registers to have the Point of Sale role import their associated transactions from the external POS system. 1 Select the Point of Sale role from the System – Roles. 2 Select the Cash registers tab and click

at the bottom of the list.

3 In the Cash register properties dialog box, enter the following: 

Name. Name of the cash register entity.



Description. Description of the cash register entity.



ID. External identifier (or primary key) used to identify the cash register in the external POS database.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

597

Point of Sale



Partition. Partition the created cash register entity should belong to. Click different partition from your system.

to select

4 Click Save. 5 Click Apply. The new cash register entities are created and appear in the Logical view. You can associate cameras to the cash register entities. For more information, see "Cash register" on page 400.

Resources The Resources tab allows you to configure the servers and database assigned to this role.

Servers All server management principles are the same for the Point of Sale role as with any other role. For more information, see "Managing servers and roles" on page 47.

Database All database management principles are the same for the Point of Sale role as with any other role. For more information, see "Managing databases" on page 52.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

598

Report Manager

Report Manager The Report Manager role automates report emailing and printing based on schedules. Only one instance of this role is permitted per system. This role is created by default at system installation and hosted on your main server.

System: General Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

General parameters within which this role should operate.

Resources

Servers and failover configuration for this role.

Properties The Properties tab lets you configure the default behavior of this role.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

599

Report Manager

Maximum number of results Sets the maximum number of results that can be returned by any report. This limit helps prevent a broadly defined query from freezing your computer when too many results are returned. When the query reaches the specified limit, it stops automatically with a warning message. NOTE The maximum value you can set is 10,000.

Resources The Resources tab lets you configure the servers for hosting this role. The Report Manager role does not require a database.

Servers All server management principles are the same for the Report Manager role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

600

Security Center Federation

Security Center Federation The Security Center Federation role imports entities from an remote Security Center system so that its entities and events can be used by your local Security Desk users. The federation role acts as a proxy between your local clients and the remote Security Center system they need to connect to. Multiple instances of this role can be created on the system. System: General Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system. This is also where you set the value of role group for very large scale Federation deployment.

Properties

Connection parameters to the remote Security Center system, and default video stream and of events to receive from it.

Resources

Servers and failover configuration for this role.

Related topics:

• "Federating remote systems" on page 128 • "Federating Security Center systems" on page 133 • "Omnicast Federation" on page 590

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

601

Security Center Federation

Identity The Identity tab provides descriptive information about this role lets you jump to the configuration page of related entities. For more information, see "Identity" on page 332.

Role group The role group is an advanced setting that is necessary only if you plan on hosting more than 100 Security Center Federation roles on the same server. For more information, see "What is a role group?" on page 134. To make this setting appear: Click inside the Name field and type Ctrl+Shift+A.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

602

Security Center Federation

Properties The Properties tab allows you to configure the connection parameters to the remote Security Center system, and the default video stream and events you wish to receive from it.

Connection parameters The top section identifies the remote Omnicast system and its connection status.

• Connection status. Shows the connection status of the federation role to the remote system. • Server. Name of the main server (Directory) for the remote Security Center system. • Username and password. Credentials used by the federation role to log on to the remote Security Center system. The rights and privileges of that user will determine what your local users will be able to see and do on the federated remote system.

Received information The bottom section describes the default video stream and events you wish to receive from the federated system. Events are necessary if you plan to monitor the federated entities in Security Desk or to configure event-to-actions for the federated entities.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

603

Security Center Federation

Resources The Resources tab lets you configure the servers for hosting this role. The federation role does not require a database.

Servers All server management principles are the same for the Security Center Federation role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

604

Web-based SDK

Web-based SDK The Web-based SDK role exposes the Security Center SDK methods and objects as Web services to support cross-platform development. For example, this role allows an application developed on Linux to interoperate with your Security Center system. This role mainly exist for clients who need custom development. If you have such needs, please contact Genetec Professional Services for a quote through your sales representative or call us at one of our regional offices around the world. To contact us, visit our Web site at www.genetec.com. System: General Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

General parameters within which this role should operate.

Resources

Servers and failover configuration for this role.

Related topics:

• "Supporting cross-platform development" on page 164 • "Macro" on page 429 • "Tile plugin" on page 480

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

605

Web-based SDK

Properties The Properties tab lets you configure what the external developers need to know to use the Web services.

Port + Base URI These two parameters are used to determine the address of the Web service. For example, with Port=4590 and Base URI=WebSdk, the Web service address would be “http:/ /:4590/WebSdk/”, where is the DNS name or public IP address of the server hosting the Web-based SDK role.

Streaming port Port where events will be streamed. The user can configure the events he wants to listen to.

Use SSL connection Turn this option on (default=off) to use SSL encryption for communications with the Web service. Once this option is turned on:

• The Web service address will use https instead of http. • You need to configure the SSL settings: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

606

Web-based SDK





Certificate. Name of the certificate to use. Use the form: “CN=NameOfTheCertificate”. The certificate must be registered in Windows. You can find procedures on the Web on how to do just that. Bind certificate to port. Turn this option on (default=off) to bind the certificate to the port. This operation does the same thing as you would normally do under Windows.

Resources The Resources tab lets you configure the servers for hosting this role. The Web-based SDK does not require a database.

Servers All server management principles are the same for the Web-based SDK role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

607

Zone Manager

Zone Manager The Zone Manager role manages virtual zones and triggers events or output relays based on the inputs configured for each zone. It also logs the zone events in a database for zone activity reports. Multiple instances of this role can be created on the system.

System: General – Zone management Task: System – Roles Identity

Name, description, and relationships of this role with other entities in the system.

Properties

Database retention period for zone events.

Resources

Servers, database, and failover configuration for this role.

Related topics:

• "Managing zones" on page 160 • "Zone (virtual)" on page 506

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

608

Zone Manager

Properties The Properties tab lets you configure the retention period of the zone events in the database.

Keep events Zone events are logged by the Zone Manager for zone activity reports. You can decide for how long you want to keep them before they are purged from the Zone Manager database. Related topics:

• “Zone activities” task description in Genetec Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

609

Zone Manager

Resources The Resources tab allows you to configure the servers and database assigned to this role.

Servers All server management principles are the same for the Zone Manager role as with any other role. For more information, see "Managing servers and roles" on page 47 and "Configuring role failover" on page 61.

Database All database management principles are the same for the Zone Manager role as with any other role. For more information, see "Managing databases" on page 52.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

610

15 Administration tasks This section lists all Security Center administration tasks in the order they appear in the Home page. Each task is covered with a short description, and when applicable, a short description for each of its configuration groupings. This section includes the following topics:

• • • • • • • • • •

"Alarms" on page 612 "Logical view" on page 613 "Network view" on page 615 "Security" on page 617 "System" on page 618 "Video" on page 630 "Access control" on page 632 "Intrusion detection" on page 636 "LPR" on page 638 "Plugins" on page 649

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

611

Alarms

Alarms The Alarms task allows you to configure alarms and analog monitor groups. System: General License option: Alarms Category: Administration The Alarms task includes the following views: Alarms

Lists all alarms in alphabetical order. For more information, see "Alarm" on page 351.

Monitor groups

Lists all monitor groups in alphabetical order. For more information, see "Monitor group" on page 432.

Related topics:

• "Administration task workspace overview" on page 16 • "Managing alarms" on page 111

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

612

Logical view

Logical view The Logical view task allows you to configure the entities visible in the Security Desk (such as areas, cameras, doors, elevators, tile plugins, intrusion detection areas, zones, and so on) and organize them according to their logical relationships. Areas are used as logical groupings for other types of entities. Each area can represent a concept or a physical location. System: General Category: Administration

A

B

C D A

Currently selected entity (Suite 400).

B

Click an entity to view its configuration.

C

Jump to the configuration page of the selected entity in the Relationships group.

D

See "Contextual command toolbar" on page 17.

Related topics:

• "Administration task workspace overview" on page 16 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

613

Logical view

• "Managing the Logical view" on page 85

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

614

Network view

Network view The Network view task allows you to configure the networks and servers in your system, and organize them according to your network topology. System: General Category: Administration

A

B

C

D A

Currently selected entity (Montreal network entity).

B

Click an entity to view its configuration.

C

Configuration pane of the selected entity.

D

See "Contextual command toolbar" on page 17.

Related topics:

• "Administration task workspace overview" on page 16 • "Managing the Network view" on page 82 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

615

Network view

• "Network" on page 434 • "Server" on page 471

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

616

Security

Security The Security task allows you to configure the entities that pertain to the software security of your system, such as users, user groups, and partitions. System: General License option: None required Category: Administration The Security task includes the following views: Users

Lists all users in alphabetical order. For more information, see "User" on page 482.

User groups

Lists all user groups in alphabetical order. For more information, see "User group" on page 489.

Partitions

Lists all partitions in alphabetical order. For more information, see "Partition" on page 447.

Related topics:

• "Administration task workspace overview" on page 16 • "Managing software security" on page 89

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

617

System

System The System task allows you to configure the system level settings as well as all system entities that are not visible in the Logical view, such as alarms, macros, schedules, and so on. System: General License option: None required Category: Administration The System task includes the following views: General settings

Lets you configure the system level settings.

Roles

List all roles in alphabetical order. For more information, see "Role" on page 462.

Schedules

Lists all schedules in alphabetical order. For more information, see "Schedule" on page 463.

Scheduled tasks

Lists all scheduled tasks in alphabetical order. For more information, see "Scheduled task" on page 469.

Macros

Lists all macros in alphabetical order. For more information, see "Macro" on page 429.

Output behaviors

Lists all output behaviors in alphabetical order. For more information, see "Output behavior" on page 437.

General settings The General settings view includes the following settings pages:

• • • • • • • •

"Custom fields" on page 619 "Events" on page 622 "Actions" on page 624 "Logical ID" on page 625 "User password settings" on page 626 "Activity trails" on page 627 "Audio" on page 628 "Threat levels" on page 629

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

618

System

Custom fields (Only visible to administrative users) The Custom fields page is where you define custom fields and custom data types for your system entities. It contains two individual tabs:

• "Custom fields" on page 619 • "Custom data types" on page 621 Custom fields The Custom fields tab lists all custom fields defined in your system and allows you to add new ones.

Each custom field is characterized by the following properties:

• Entity icon/Field name. Custom field name and the entity type using it. • Data type. Custom field data type. The default data types are: 

Text. Alphanumeric text.



Numeric. Integers in the range -2147483648 to 2147483647.



Decimal. Real numbers from -1E28 to 1E28.



Date. Gregorian calendar date.



Date/Time. Gregorian calendar date and time.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

619

System



Boolean. Boolean data, represented by a check box.



Image. Image file. The supported formats are: bmp, jpg, gif, and png.

Entity. Security Center entity. Users will have to use the Search tool to set the value for this type of fields. For more information, see "Search for entities using the Search tool" on page 43. Data types can also be user defined. For more information, see "Add a custom data type" on page 138.



• Default value. (Optional) Preset default values are provided for certain data types. This column displays the default value that was selected when defining the custom field. The selected value will appear when the field is displayed in the specific entity.

• Mandatory. (Optional) A value must be provided with this type of fields otherwise the system will not accept your changes.

• Value must be unique. (Optional) Indicates a key field. This option does not apply to fields using custom data types.

• Group name/Priority. (Optional) Name the custom field is grouped under, and the field’s order of appearance within the group. For an example, see "Custom fields" on page 335. No group (1) is the default value. Custom fields that belong to no group appear first in the entity’s custom field page.

• Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom field is part of is part of a shared global entity definition. Related topics:

• "Add a custom field" on page 136 • "Managing global cardholders" on page 296

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

620

System

Custom data types The Custom data types tab lists all custom data types defined in your system and allows you to add new ones.

Each custom data type is characterized by the following properties:

• • • •

Custom data type. Name of the custom data type. Description. Optional data type description. Values. Enumeration of acceptable values (text strings) for this data type. Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom data type is part of a shared global entity definition.

Related topics:

• "Add a custom data type" on page 138 • "Modify a custom data type" on page 139 • "Managing global cardholders" on page 296

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

621

System

Events (Only visible to administrative users) The Events page allows you to define the following:

• "Event colors" on page 622 • "Custom events" on page 623 Event colors The Event colors tab allows you to assign different colors to different system events.

Event colors are used as visual cues in the Security Desk Monitoring task (event list and display tiles). For example, you can use red to indicate a critical event (someone attempted to use a stolen credential), and blue to indicate a less critical event (access granted). For more information, see “Monitoring” in the Genetec Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

622

System

Custom events The Custom events tab allows you to view and add custom events to your system.

Custom events are names and identifiers given to input events. They are used to configure custom event-to-actions. For example, for a zone entity, you can associate the state of an input (normal, active, trouble) to a custom event such as Illegal entry. This custom event can then be used in an event-to-action sequence. For more information, see "Managing zones" on page 160.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

623

System

Actions The Actions page allows you to create event-to-actions for your system, and search for the ones that have already been defined, by source entity (name and type), event type, and action type.

Event-to-action list Each row in this page corresponds to one event-to-action.

• • • •

Entity. Source entity, or the entity to which the event is attached. Event. Name of the event that would trigger the action. Action. Name of the action triggered by the event. Arguments. Information required for the action. For example, if the action is Trigger alarm, the argument is the alarm type that is triggered. Or, if the action is Send a message, the argument is the email recipient.

• Details. Additional details about the action. • Schedule. Schedule that regulates this event-to-action. Event occurring outside the time range covered by the schedule would not trigger any action. Related topics:

• "Using event-to-actions" on page 106

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

624

System

Logical ID The Logical ID page allows you to view and assign logical IDs to all entities defined in your system.

Show logical ID for Logical IDs must be unique across all entities of a same group. The different groups of entity types are listed in this drop-down list. NOTE Not all entity types can be selected by group. To view all entities, select All types.

Scroll through the pages using the

and

buttons.

To assign or change a logical ID, type in the box in the ID column. TIP You can also change the logical ID from the Identity tab of each entity’s configuration page.

For more information, see "Identity" on page 332.

Hide unassigned logical IDs Select this option to show only entities with a logical ID assigned.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

625

System

Alarm monitoring Assign a logical ID to the Alarm monitoring task in Security Desk. This allows the Security Desk user to call up the Alarm monitoring task with the keyboard. For more information, see “Alarm monitoring” in the Security Desk User Guide.

User password settings (Only visible to administrative users) The User password settings page is where you can enforce a minimum complexity on all user passwords created on your system, and to configure the advanced password expiry notification period (0 to 30 days).

NOTE The password complexity is not enforced on existing passwords.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

626

System

Activity trails (Only visible to administrative users) The Activity trails page allows you to select the types of activity (or events) to be logged for Activity trails task in Security Desk.

For more information, see "Investigating user related activity on the system" on page 182.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

627

System

Audio (Only visible to administrative users) The Audio page shows all the sound bites (.wav files) available to your system. Sound bites can be used to alert you on certain events, such as when you receive a new alarm, or to be used with the Play a sound action.

Security Center is installed with a default selection of sound bites (.wav files). You can add, delete, or rename any sound bite in the list. To add a new sound bite: 1 Click

, select a .wav file from the dialog box that appears, and click Open.

A new sound bite bearing the name of selected .wav file is added to the list. 2 (Optional) Select the new sound bite, and click 3 To listen to the new sound bite, click

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

to change its name.

.

628

System

Threat levels (Only visible to administrative users) The Threat levels page lists all threat levels configured in your system and allows you to add new ones, and to modify and delete existing ones.

Threat level list Each row in this page corresponds to one threat level.

• Threat level. Threat level name. • Description. Threat level description . • Color. Color identifying this threat level. The Security Desk background turns to this color when the threat level is set at the system level.

• Activation actions. Number of actions in the threat level activation list. These actions are executed by the system when the threat level is set.

• Deactivation actions. Number of actions in the threat level deactivation list. These actions are executed by the system when the threat level is cleared. For more information, see "Managing threat levels" on page 117.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

629

Video

Video The Video task allows you to configure the video management specific roles and the video units they control. System: Omnicast IP video surveillance License option: Omnicast Category: Administration

A B

C

D A

Selected entity (Axis PTZ).

B

Click an entity to view its configuration.

C

Configuration pane of the selected entity.

D

See "Contextual command toolbar" on page 17.

Related topics:

• "Administration task workspace overview" on page 16 • "What are the Omnicast entities?" on page 188 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

630

Video

• • • • •

"Archiver" on page 521 "Auxiliary Archiver" on page 543 "Media Router" on page 585 "Video unit" on page 494 "Camera (video encoder)" on page 368

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

631

Access control

Access control The Access control task allows you to configure the general settings for access control and the related entities such as Access Manager roles, access control units, access rules, cardholders, credentials, badge templates, and so on, that are not found in the Logical view. System: Synergis IP access control License option: Synergis Category: Administration The Access control task includes the following views: Roles and units

Shows the access control specific roles and the units they control in a hierarchy. For more information, see "Access Manager" on page 511 and "Access control unit" on page 337.

Cardholders

Lists all cardholders in alphabetical order. For more information, see "Cardholder" on page 395.

Cardholder groups

Lists all cardholder groups in alphabetical order. For more information, see "Cardholder group" on page 398.

Credentials

Lists all credentials in alphabetical order. For more information, see "Credential" on page 401.

Access rules

Lists all access rules in alphabetical order. For more information, see "Access rule" on page 349.

Badge templates

Lists all badge templates in alphabetical order. For more information, see "Badge template" on page 365.

General settings

Lets you configure the general settings pertaining to access control and to install and configure custom card formats.

Related topics:

• • • • • • • • •

"How does Synergis work?" on page 252 "Access Manager" on page 511 "Global Cardholder Synchronizer" on page 557 "Access control unit" on page 337 "Access rule" on page 349 "Badge template" on page 365 "Cardholder" on page 395 "Cardholder group" on page 398 "Credential" on page 401

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

632

Access control

Roles and units The Access control – Roles and units view shows the access control roles and the units they control in a hierarchy.

A

B

C

D A

Selected view (Roles and units).

B

Select an entity to configure.

C

Configuration pane of the selected entity.

D

See "Contextual command toolbar" on page 17.

Related topics:

• • • •

"Administration task workspace overview" on page 16 "Access Manager" on page 511 "Global Cardholder Synchronizer" on page 557 "Access control unit" on page 337

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

633

Access control

General settings The Access control – General settings view lets you configure the general settings pertaining to access control, and to install and configure custom card formats.

A

B

C

D A

Selected view (General settings).

B

List of card request reasons. See "Card request reasons" on page 635.

C

List of installed custom card formats. Click "Custom card formats" on page 635.

D

See "Contextual command toolbar" on page 17.

to open the Custom card format editor. See

Trigger event ‘Entity is expiring soon’ Cardholders and credentials can be set to expire on a certain date. Turn this option on (default=off) to have Security Center generate the Entity is expiring soon event n days before a cardholder or a credential expires. The purpose of this event is so that you can use it to trigger an action (such as Send a message) to warn someone of the upcoming expiry. NOTE Credentials associated to an expired cardholder will inherit the status of the latter (though this does not show in the configuration of any credential).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

634

Access control

Create incident before door state override Turn this option on (default=off) to prompt the Security Desk user to report an incident every time they lock or unlock a door manually, or override the unlock schedule assigned to the door. For more information, see “Manually controlling door access” and “Reporting an incident” in the Security Desk User Guide.

Card request reasons If a user does not have a printer on site, or close by when they are creating a cardholder from the Cardholder management task, they can request a credential card to be printed by another user on the system. In the Card request reasons section, you can create reasons for users to choose from to explain why they are requesting a card. For example, a common reason could be “no printer on site”.

• To add a card request reason, click . • To modify a card request reason, click . • To delete a request reason, click . For more information about requesting credentials, see “Request a credential card” in the Security Desk User Guide.

Maximum picture file size Set the maximum size of a picture file (such as a cardholder picture) saved in the Directory database. Large picture files (like the ones produced by digital cameras) can quickly use up the space in the Directory database and impact performance. When loading image files, Security Center automatically reduces the image size so their file size falls under the set limit. The default value is 20 KB. You can set this limit anywhere between 20 and 500 KB. NOTE This value is also used and modified by the Import tool. For more information, see "Import tool" on page 657.

Custom card formats Security Center allows you to define custom card formats. The custom card formats defined in your system are listed here. For more information, see "Using custom card formats" on page 287. You can add, delete, and modify custom card formats using the Custom card format editor. For more information, see Tools – "Custom card format editor" on page 670.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

635

Intrusion detection

Intrusion detection The Intrusion detection task allows you to configure the Intrusion Manager roles and the intrusion detection units they control System: Intrusion detection License option: Number of intrusion detection units > 0. Category: Administration

A B

C

D A

Selected entity (Bosh GV3).

B

Select an entity to configure.

C

Configuration pane of the selected entity.

D

See "Contextual command toolbar" on page 17.

Related topics:

• "Administration task workspace overview" on page 16 • "Managing intrusion panels" on page 155 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

636

Intrusion detection

• "Intrusion Manager" on page 563 • "Intrusion detection unit" on page 423

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

637

LPR

LPR The LPR task allows you to configure the general settings for LPR (license plate recognition) and the related entities such as LPR Manager roles, LPR units, hotlists, permits, overtime rules, and so on, that are not found in the Logical view. System: AutoVu IP license plate recognition License option: AutoVu Category: Administration The LPR task includes the following views: Roles and units

Shows the LPR Manager roles and the LPR and Patroller units they control as a hierarchy. For more information, see: • "LPR Manager" on page 567. • "LPR unit" on page 426. • "Patroller" on page 450.

Hotlists

Lists all hotlists in alphabetical order. For more information, see "Hotlist" on page 414.

Overtime rules

Lists all overtime rules in alphabetical order. For more information, see "Overtime rule" on page 439.

Parking facilities Lists all parking facilities in alphabetical order. For more information, see "Parking facility" on page 444. Permit restrictions

Lists all permit restrictions alphabetical order. For more information, see "Permit restriction" on page 457.

Permits

Lists all permits in alphabetical order. For more information, see "Permit" on page 453.

General settings

Lets your configure the general settings pertaining to license plate recognition and the generation of LPR hits.

Related topics:

• “About AutoVu” in the AutoVu Handbook.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

638

LPR

Roles and units The LPR – Roles and units view shows the LPR Manager roles and the units they control in a hierarchy.

A

B

C

D

A

Selected view (Roles and units).

B

Select an entity to configure.

C

Configuration pane of the selected entity.

D

See “Contextual command toolbar” in the Security Center Administrator Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

639

LPR

General settings The General settings view includes the following settings pages:

• • • • • •

"Applications" on page 640 "Hotlist" on page 642 "Overtime rule" on page 644 "Permit" on page 645 "Annotation fields" on page 646 "Updates" on page 647

Applications The Applications tab lets you configure how Security Desk displays maps in the Monitoring and Route playback tasks. You can also limit the number of logon attempts in Patroller, enforce Patroller privacy settings, and set the attributes a Patroller user must enter when enforcing a hit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

640

LPR

• Map type. Display-only field showing the type of map system supported by your Security Center license. The choices are Bing, MapInfo, and None.

• Color for reads. Click to select the color used to show license plate reads on maps. • Initial longitude/latitude. Set the default starting location for map view in Security Desk. You can type the coordinates in the fields or click Select and zoom in on a location and click Select. A red pushpin appears to indicate the selected position.

• Logon attempts before lockdown. You can specify the number of unsuccessful logon attempts a Patroller can make before the account is locked out. For example, if the limit is set to 3, Patroller users have three attempts to log on to Patroller with their username and password. On the fourth attempt, their accounts will be locked and they won’t be able to logon. Users with locked accounts must contact their administrators in order to have the password reset. Patroller must be connected to the Security Center server for the password to be reset.

• Privacy. You can configure Patroller to obscure plate numbers, or exclude plate, context, or wheel images from reads and hits so that the information is not stored in the LPR Manager database. These settings allow you to comply with privacy laws in your region: 

License plate, context, or wheel images. When switched to On, images are not sent to Security Center or included in offloaded data.

License plate. When switched to On, the plate number text string is replaced by asterisks (*) when sent to Security Center or in the offloaded data. At the hotlist level, you have the option of overriding these privacy settings for the purpose of sending an email with real data to a specific recipient (see "Advanced" on page 418). 

• Enforced hit attributes. Create text entry fields that Patroller users must enter text in when they enforce a hit. The information from the enforced hit text fields can be queried in the Security Desk hits report.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

641

LPR

Hotlist The Hotlist tab allows you to define the customized attributes, reasons, and categories that will appear in Patroller when the user adds a New wanted entry, or rejects or accepts a hit. The settings are downloaded to Patroller along with the selected hotlists when Patroller connects to Security Center. These settings are also available as filter options for hit reports in Security Desk.

• New wanted attributes. A new wanted is a hotlist item that is manually entered by the Patroller user. The new wanted attributes are attributes other than the standard ones (plate number, plate issuing state, category) that the Patroller user is asked to specify when entering a new wanted item in the Patroller. One category is pre-configured for you when you install Security Center. For more information, see “Configuring New wanted attributes and categories in the AutoVu Handbook.

• New wanted categories. List of hotlist categories that a Patroller user can pick from when entering a new wanted item. The category is the attribute that says why a license plate number is wanted in a hotlist. Several categories are pre-configured for you when you install Security Center.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

642

LPR

For more information, see “Configuring New wanted attributes and categories in the AutoVu Handbook. NOTE BOLO is an acronym for “be on the lookout”, sometimes referred to as an all-points

bulletin (APB).

• Hit reject reasons. List of reasons for rejecting hotlist hits. These values also become available as Reject reason filter options for generating hit reports in Security Desk. Several categories are pre-configured for you when you install Security Center. For more information, see “Configure hit accept and hit reject reasons” in the AutoVu Handbook.

• Hit accept reasons. Create a survey that contains information Patroller users must provide when they accept a hit. The information from the hit survey can be queried in the Security Desk Hit report. There are no pre-configured categories for this option. The category you see above is an example only. For more information, see “Configure hit accept and hit reject reasons” in the AutoVu Handbook.

• Enable “No infraction” button. Select this option to enable the No infraction button in the Patroller hit survey. This button allows the Patroller user to skip the hit survey after enforcing a hit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

643

LPR

Overtime rule The Overtime rule tab allows you to define the custom reject reasons for overtime hits. The values defined here are downloaded to Patrollers and are available as Reject reason filter options for generating hit reports in Security Desk. One category is pre-configured for you when you install Security Center.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

644

LPR

Permit The Permit tab allows you to define the custom reject reasons for permit hits, and to select the minimum elapsed time for shared permit violations (University Parking Enforcement only). The values defined here are downloaded to Patrollers and are available as Reject reason filter options for generating hit reports in Security Desk. One category is pre-configured for you when you install Security Center.

• Hit reject reasons. List of reasons for rejecting permit hits or shared permit hits. These values also become available as Reject reason filter options for generating hits reports in Security Desk.

• Maximum elapsed time for shared permit violation. This parameter defines the time period used by University Parking Enforcement Patrollers to generate shared permit hits. A shared permit hit is generated when two vehicles sharing the same permit ID are parked in the same parking zone within the specified time period. For example, let’s say you’re using the default 120 minutes (two hours), and license plates ABC123 and XYZ456 are sharing the same parking permit. If Patroller reads plate ABC123

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

645

LPR

at 9:00 A.M., and then reads plate XYZ456 at 11:01 A.M., Patroller does not raise a hit because the time exceeds the 120 minutes.

Annotation fields The Annotation fields tab allows you to define additional selectors to appear in Security Desk Reads or Hits report. To be valid, the selector must relate exactly to the information contained in the actual read or hit. EXAMPLE If you configure CarModel and CarColor as an Enforced hit attribute (see

"Applications" on page 640), the Patroller user will be asked to enter the car’s model and color when enforcing a hit, and the information will be stored with the hit. Specifying CarColor as an Annotation field will allow the values entered by the user to be displayed in a Hits report.

You can also add user custom fields to annotation fields in order to associate a user’s metadata with individual reads and hits. This allows you to query and filter for the user custom fields in Security Desk Reads and Hits reports. “Associate user custom fields with reads and hits” in the AutoVu Handbook

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

646

LPR

Updates The Updates tab allows you to update Patrollers and Sharp units with hotfixes or new sound files for hit alerts. You can also update services on Sharp units, and upgrade Sharp firmware. Before you can send updates, you need to receive the updates from Genetec and place them in the Updates folder under the LPR Root folder. For more information, see “Updating Patroller and Sharp units from Security Center” in the AutoVu Handbook.

• Collapse all. Collapses all items in the Entity field. • Expand all. Expands all items in the Entity field. • Update all. Update all units that are controlled by the currently-selected LPR Manager. This button updates only the units on the current tab. For example, if you’re on the Patroller and Sharp units tab, you’ll update all Patrollers and Sharp units on the list.

• Status. Shows the status of the update. The possible statuses are: 



Not available. Updater service is not supported (for example, Sharp versions 1.5 and 2.0 with less than 512 MB RAM). Entitled. The client machine can receive the update.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

647

LPR







Synchronizing. The client machine has started synchronizing with the server. Synchronized. All update files have been successfully downloaded to the client machine. The client machine is waiting for the update to be applied. Installing. Client machine has accepted the update, and has started replacing outdated files with new files.



Installed. The new updates have successfully been applied to the client machine.



Uninstalling. The update is being removed from the client machine.



Uninstalled. The update has been successfully removed from the client machine.

Error. An error occurred in the update process. Drop folder. Opens the required folder for you to copy the update file. For example, clicking the drop folder icon for a Patroller entity opens C:\Genetec\AutoVu\RootFolder\Updates\Patroller (default location). 



NOTE If Security Center is running on a computer that doesn’t have access to the server

computer, clicking the drop folder opens the My Documents folder on the local machine.

• Patrollers and Sharp units. Displays the Patrollers and Sharp units (fixed and mobile) that are eligible for an update.

• Update services. Displays the Sharp services that are eligible for an update. • Firmware upgrade. Displays the Sharp units that are eligible for a firmware upgrade.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

648

Plugins

Plugins The Plugins task allows you to configure plugin management roles and their related entities. Category: Administration

A B

C

D A

Currently selected entity (RF Code Asset Management Plugin).

B

Click an entity to view its configuration.

C

Configuration pane of the selected entity.

D

See "Contextual command toolbar" on page 17.

Related topics:

• "Administration task workspace overview" on page 16

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

649

16 Tools and utilities This section describes all tools and utilities available in Config Tool. They are presented in the same order as they appear in the Home page’s Tools page. NOTE The last three topics are not from the Tools page.

This section includes the following topics:

• • • • • • • • • •

"Security Desk" on page 651 "Access troubleshooter" on page 652 "Unit discovery tool" on page 653 "Unit replacement" on page 654 "Move unit" on page 655 "Import tool" on page 657 "Copy configuration tool" on page 668 "Custom card format editor" on page 670 "Options dialog box" on page 678 "Adding shortcuts to external tools" on page 692

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

650

Security Desk

Security Desk The Security Desk is the unified user interface for your Security Center system. Its user interface is designed to provide consistent operator workflow across all of the Security Center's main systems, Omnicast, Synergis, and AutoVu. Clicking on the Security Desk icon opens this application with the same credentials you are currently logged on with in Config Tool.

Security Desk tasks are organized into four main categories:

• Operation. Tasks related to the day-to-day Security Center operations. • Investigation. Tasks allowing you to query the Security Center databases, and those of federated systems, for critical information.

• Maintenance. Tasks pertaining to maintenance and troubleshooting. These tasks are also available from Config Tool. Related topics:

• Genetec Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

651

Access troubleshooter

Access troubleshooter You can detect and diagnose access configuration problems, using the Access troubleshooter tool. The Access troubleshooter allows you to:

•Find out who has the right to pass through an access point at a given date and time. See "Troubleshooting access points" on page 321.

•Find out who has the right to pass through an access point at a given •

date and time. See "Troubleshooting cardholder access rights" on page 322. Find out why a given cardholder can, or cannot use an access point at a given date and time. See "Diagnosing cardholder access rights based on credentials" on page 323.

Related topics:

• • • • • •

"Access control unit" on page 337 "Access rule" on page 349 "Cardholder" on page 395 "Cardholder group" on page 398 "Door" on page 404 "Elevator" on page 410

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

652

Unit discovery tool

Unit discovery tool The unit discovery tool is a generic tool that allows you to discover IP units connected to your network, based on their type (access control or video), manufacturer, and network properties (discovery port, IP address range, password, and so on). Once discovered, the units can be added to your system.

For information about discovering access control units when you do not know their IP address, see "Add access control units using the Unit discovery tool" on page 265. For information about discovering video units:

• "What is automatic discovery?" on page 196 • "Add video units using the Unit discovery tool" on page 196

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

653

Unit replacement

Unit replacement The unit replacement tool is used to replace a failed hardware device with a compatible one, while ensuring that the data associated to the old unit gets transferred to the new one.

You can replace access control units and video units using the Unit replacement tool.

• For information about replacing access control units, see "Replace access control units" on page 311.

• For information about replacing video units, see "Replace video units" on page 234.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

654

Move unit

Move unit Move unit is a generic tool used to move units from one manager role to another. The move preserves all unit configurations and data. After the move, the new manager immediately takes on the command and control function of the unit, while the old manager continues to manage the unit data collected before the move.

Related topics:

• "Unit replacement" on page 654

Moving units Before you begin: Please note the following:

• Video unit. The Archiver role must be on the same LAN as the video unit it controls. Unit manufacturer extensions are automatically created for the type of unit the Archiver needs to control. However, if you are using custom settings, such as custom logon credentials, you need to configure them manually on the new Archiver role. For more information, see "Archiver" on page 521.

• Intrusion detection units. The Intrusion Manager role must be on the same LAN as the intrusion detection unit it controls. Certain unit manufacturer extensions must be created and configured manually. If the intrusion panel is physically connected to a serial port on the server hosting the original role, make sure you do the same with the server hosting the new role. For more information, see "Intrusion Manager" on page 563.

• Access control units. The Access Manager role must be on the same LAN as the access control unit it controls. You must also create the unit manufacturer extension manually. For more information, see "Access Manager" on page 511.

• LPR units. The LPR Manager role must be on the same LAN as the LPR unit it controls. Also make sure that the discovery port configured on the LPR unit matches that of the new LPR Manager. For more information, see "LPR Manager" on page 567.

• Patroller units. The LPR Manager role must be able to connect through a wireless network by the Patroller it manages. The new LPR Manager must use the same settings (hotlists, permits, Patroller user groups, etc.) as the previous LPR Manager. For more information, see "LPR Manager" on page 567. You also need to reconfigure the Patroller so it will connect to the new LPR Manager (IP address and port for live connection, and update provider port). For more information, see “Patroller Config Tool reference” in the AutoVu Handbook. Once you’re done, restart the Patroller. It should be discovered by the new LPR Manager and update its hotlists and permits (if applicable).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

655

Move unit

To move units: 1 From the Home page, click Tools > Move unit. 2 From the drop-down list, select the Unit type you want to move. 3 Select the units you want to move. 4 Select the new manager role from the second drop-down list (Archiver role, Access Manager role, LPR Manager role, and so on). The new role must be different from the current role.

5 Click Move to start the process. When the operation is complete, if you made a mistake or need to move the units again, repeat Step 3 to Step 5. 6 Click Close.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

656

Import tool

Import tool The Import tool is a Synergis specific tool that allows you to import cardholders, cardholder groups, and credentials from a CSV file. The CSV file must be plain text with delimiters (commas, spaces, periods, and so on) to separate the fields. The delimited fields in the text files would represent values like first name, last name, cardholder group, path and filename of employee photo, and so on. NOTE The use of this tool is limited to administrative users.

Four import scenarios are offered by this tool:

• Import credentials alone (credential name, card format, facility code and card number, status, and the partition the credential belongs to).

• Import cardholders alone (cardholder name, description, picture, email, status, custom • •

fields, and the group and partition the cardholder belongs to). Import cardholders and credentials together (in this case, the cardholder and the credential are specified on the same line and automatically linked together). Replace old credentials with new ones (see "Replacing old credentials" on page 666).

NOTE The Import tool can also be called from a scheduled task via the Import from file action.

For more information, see "Scheduled task" on page 469. Related topics:

• "Custom fields" on page 619 • "Custom card format editor" on page 670

Sample import scenario Let’s import a file containing 3 new cardholders. The sample file we will import is called EmployeeData.csv and contains the following lines: #First name,Last name,Cardholder description,Cardholder email,Picture,Cardholder group,Cardholder status,Credential name,Facility code,Card number,Credential status Abdoulai,Koffi,Market Analyst,[email protected],C:\Data\Cardholder\Pictures\Abdoulai Koffi.png,Marketing,Yes,82968378,102,8,active Andrew,Smith,Sales Representative,[email protected],C:\Data\Cardholder\Pictures\Andrew Smith.png,Sales,Yes,82748590,101,12,active

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

657

Import tool

Audrey,Williams,Technical Writer,[email protected],C:\Data\Cardholder\Pictures\Audrey Williams.png,TechWriters,Yes,83748952,104,18,active This plain text file, EmployeeData.csv contains 4 rows of text. The first row is a comment line, listing the cardholder and credential fields that are included in the CSV file as a reference. The following three rows contain the fields that will be imported. You also can add additional custom fields if they have been created for cardholder or credentials in Security Center. For more information, see "Fields that can be imported from a CSV file" on page 662.

Going through the import steps 1 In the Config Tool, click Tools and select the Import tool. The Import tool window opens. 2 Enter the path to the CSV file you want to import, and click Next. The Settings page appears.

3 Set the Encoding type. This is the character encoding used by the selected CSV file. The default selection is the default encoding used on your PC. If you open the CSV file on your PC and see all the characters displayed correctly, you do not need to change the default settings. 4 Set the CSV field delimiters (Column, Decimal, Thousand). gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

658

Import tool

On first use, the tool takes the delimiter settings from Windows Regional Options (Control Panel > Region and Language > Additional settings). After the first use, the tool will remember the last delimiter settings you used. By default, Microsoft Excel also uses the field delimiters from Windows Regional Options when saving a CSV file. This can be overridden in Excel. It is recommended that you open the CSV file in WordPad to confirm the formatting delimiters obtained. When using a space as the Thousands separator, you can specify whether the space is nonbreaking or not. 5 Set where the import is to start. The first line in a CSV file is 1. You can choose to start the import at any line you want. For example, you can skip the first line and use it as column headings or a comment line. A comment line is a line with the hash character (#) in column 1. 6 (Optional) Set the maximum size for picture files. Large picture files (like the ones produced by digital cameras) can very quickly use up the configuration database and impact performance. To minimize the impact of large picture files, the Import tool automatically reduces their sizes before loading them. It does this by reducing the resolution of the image until its file size falls below the Maximum picture file size limit. The default value is taken from your access control system settings. Changing its value in the Import tool also changes your system settings. For more information, see Access control – General settings – "Maximum picture file size" on page 635. 7 Add the credential as part of the cardholder key. By default, the Import tool uses the combination of the first and last name to identify cardholders. If a cardholder already exists in the database, it is updated with the information read from the CSV file. If it does not, it is added. Using just the first and last names to differentiate cardholders might not be enough. One solution is to combine the credential information to the cardholder key. This is done by selecting the option Add credential to cardholder key. With this option, two lines from the CSV file refer to the same cardholder only if they contain the same cardholder first name, last name and credential data. NOTE This option is only applicable when both cardholders and credentials are imported

from the same CSV file. When this solution is not applicable, other cardholder information can be used to strengthen the cardholder identification. We will come to this solution in Step 14. 8 (Optional) Set the default Card format. The default card format is only used when no credential card format is specified in the CSV file or when the field identified as Card format in the CSV file is blank. 9 Select the desired Credential operation. You have two choices: 

Add. This is the default option.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

659

Import tool

All credentials read from the CSV file are added as entities to your system. If a credential already exists in your database, it will be updated. 

Replace. This option allows you to replace old credentials with new ones. In the Bindings page that comes next, you will find additional field options to specify the old (previous) and new credential values. For more information, see "Replacing old credentials" on page 666.

10 (Optional) Set the background transparency of the imported cardholder pictures. If the cardholder pictures you are importing were taken in front of a chroma key screen, you can make the picture background transparent. This is helpful if you created a badge template that has an image in the background. a Set the Transparency color option to ON. b Select the color of the chroma key screen the cardholder pictures were taken in front of (usually green or blue). c Set transparency percentage. 11 (Optional) Set a default Badge template for the imported cardholders. The badge templates available are ones you have already created in Config Tool. See "Defining badge templates" on page 289. 12 Click Next. The Bindings page appears.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

660

Import tool

The bindings windows displays sample data from the first row to be imported from your file. The first row to be imported is the Start line (see Step 5). 13 Bind each sample value to the database field that it should be imported to. For more information, see "Fields that can be imported from a CSV file" on page 662. If you need to skip a column in your CSV file, just leave the Binding column blank. NOTE The information read from the CSV file is used to create new entities in your system.

For entities like cardholders and credentials, a minimum amount of information is required. If the information is incomplete, you will not be able to move to the next step. For more information, see "About minimum required information" on page 664. 14 (Optional) Add more fields to the cardholder key. When you need more than the first and last name to differentiate cardholders, you can supplement the cardholder key with additional information. This is done by selecting the Key check box next to each field you want to add to the cardholder key. Not all fields can be part of the cardholder key. The check box is disabled if a field is not eligible. TIP The other method to strengthen the cardholder identification is to add the credential data to the cardholder key, as described in Step 7.

15 Click Next. The Import tool imports the contents of your CSV file into the database. A summary window will appear confirming the number of entities imported and the number of errors encountered. 16 Click

to copy and paste the contents of the report.

17 Click Close.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

661

Import tool

Fields that can be imported from a CSV file The following table describes all database fields that can be imported from a CSV file. Field name

Field type

Description

Card format

Unsigned integer or string

Credential card format.You can use one of the following values: • 0 = Standard 26 bits • 1 = HID H10306 34 Bits • 2 = HID H10302 37 Bits • 3 = HID H10304 37 Bits • 4 = HID Corporate 1000 (35 Bits) To specify a custom card format, you must spell it in exactly the same way as you created it. If no card format is specified in a CSV line, the default format specified on the import settings page is used.

{Format} - Field name

See "About card facility code and numbers" on page 665

You can specify a field in a specific card format, including custom card formats. For more information, see "Custom card format editor" on page 670.

{Format} - Field name (previous value)

See "About card facility code and numbers" on page 665

Field of an old credential to replace. These “(previous value)” choices appear only if you selected Replace as Credential operation. For more information, see "Replacing old credentials" on page 666.

Cardholder

As defined by the custom field

Cardholder custom field. For more information, see "Custom field limitations" on page 665.

Cardholder group

String

Name of the cardholder group the cardholder should belong to. If the cardholder group does not exist, it will be created in the same partition as the cardholder.

Credential

As defined by the custom field

Credential custom field. For more information, see "Custom field limitations" on page 665.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

662

Import tool

Field name

Field type

Description

Credential card data

String

The card data field allows the user to fill in the data for both standard and custom card formats. When this field is specified, the facility code and the card number fields are ignored. For all standard card formats, the string must contain the facility code followed by the card number. The accepted separators are the ‘/’ and ‘|’ characters. For example “35/20508” corresponds to Facility code= 35 and Card number = 20508. For a custom card format, the data should be arranged according to the custom card format definition.

Description

String

Cardholder entity description.

Email

String

Cardholder email address.

First name

String

Cardholder first name. This field is part of the default cardholder key.

Last name

String

Cardholder last name. This field is part of the default cardholder key.

Name

String

Credential entity name. If no name is specified, the default value “Imported credential” or “Unassigned imported credential” is used.

Partition

String

Name of the partition the cardholder should belong to. If the partition does not exist, it will be created. If it is not specified, the cardholder is put in the system partition. For more information, see "Differences between Public and System partitions" on page 91.

Partition

String

Name of the partition the credential should belong to. If the partition does not exist, it will be created. If it is not specified, the credential is put in the system partition. For more information, see "Differences between Public and System partitions" on page 91.

Picture

String

Path to a cardholder picture file (bmp, jpg, gif, or png). The path must reference a file located on the local machine or on the network.

PIN

Unsigned integer

Credential corresponding to a PIN. Valid range is between 0 and 65535.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

663

Import tool

Field name

Field type

Description

Status

Boolean

Cardholder status. The following values are accepted (not case sensitive): • 1, True, Yes = Profile enabled • 0, False, No = Profile disabled

Status

String

Credential status. The following values are accepted (not case sensitive): • Active • Inactive • Lost • Stolen • Expired

About minimum required information The information found in the CSV file must be coherent or it will not be accepted by the Import tool. When required information is missing, the Next button in the Bindings page is disabled. Each type of imported entity requires a minimum amount of information. The following table describes what is required for each type of entity. Entity type

Minimum information required

Credential

You have the choice of two credential keys: • Supply all fields required by a given card format. • Supply the Credential card data. If you choose a custom card format, all fields required by your card format must be bound to a column in the CSV file. Otherwise, the CSV file will be rejected. When credential are being imported, either one of these two keys must be present. If both keys are missing values, the line will be discarded. If both keys are present, only the card data is imported.

Cardholder

The default cardholder key is the combination of the cardholder’s first and last name. One of these two fields must be bound to a CSV column if cardholders are to be imported. When cardholders are being imported, all CSV lines must have a value in at least one of these two fields. If not, the line would be discarded.

Cardholder group

Only the cardholder group name is required. Missing the cardholder group will not cause a line to be discarded.

Partition

Only the partition name is required. Missing the partition name will not cause a line to be discarded.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

664

Import tool

Custom field limitations You can import cardholder and credential custom field values from CSV files with the following limitations:

• You cannot import custom fields using the Entity data type. • Custom fields using the Date data type must be imported with the format ‘YYYY-MM-DD’. • The Import tool performance decreases as the number of custom fields per imported record increases.

• When you have a large number of custom fields per record, the number of records you can import at once might also be limited. For example, if your records contain 100 custom fields each, including a 25 KB image data field, you can only import 1000 records at a time. For more information, see "Custom fields" on page 619.

About card facility code and numbers Depending on the card format, the facility code might not be necessary. The card number is always required. The valid number range for the facility code and card number is shown in the table below. This table describes the standard card formats supported by Security Center. Additional card formats can be added with the Custom card format editor. For more information, see "Custom card format editor" on page 670. Card format

Facility code range

Card number range

Standard 26 bits

0 to 255

0 to 65 535

HID H10306 34 Bits

0 to 65 535

0 to 65 535 (also known as “Card ID Numbers”)

HID H10302 37 Bits

Not requireda

0 to 34 359 738 367

HID H10304 37 Bits

0 to 65 535

0 to 524 287

HID Corporate 1000 (35 bits)

0 to 4095 (also known as “Company ID Code”

0 to 1 048 575 (also known as “Card ID Numbers”)

a. If HID H10302 37 Bits is the only card format referenced in your CSV file, it is preferable to bind the card number to the Security Center Card data field instead of the Card number field since the facility code is not required. Because a single value is stored in the Credential card data field, no separator character is needed.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

665

Import tool

About entity creations and updates Security Center supports multiple entities with the same name. If a cardholder already exists in Security Center with the same first and last name combination as one being imported, only the first matching cardholder found in the Security Center will be updated (for example, with a new description from the imported CSV file). If there are two cardholder groups with the same name (for example, created in two different partitions) and an imported cardholder is assigned to one of these cardholder groups, the cardholder will be assigned to the first cardholder group found. The same logic also applies to partitions. If the same cardholder is imported twice, each time with a different cardholder group, in the end, the cardholder will belong to both cardholder groups. Again, the same logic applies to partitions. However, the association between cardholders and credentials might be treated differently, depending on whether the credential is part of the cardholder key or not. For more information, see "Add the credential as part of the cardholder key." on page 659. EXAMPLE Suppose that the cardholder key is only composed of the cardholder’s first and last

names. The result of importing the following CSV file is the creation of a new cardholder: First name = Joe, Last name = Dalton, Email [email protected], and with two card credentials (12/555 and 12/556). First name

Last name

Facility code

Card number

Email

Joe

Dalton

12

555

[email protected]

Joe

Dalton

12

556

[email protected]

However, if the credential is also part of the cardholder key, the same CSV file will generate two separate cardholders with the same first name, last name and email address.

Replacing old credentials Using the Import tool, you can replace old credentials (for example, if you company wishes to replace the ID cards of all its employees with new ones). Before you begin: Create a CSV file with both old and new credential values. Each line must contain both the old credential and the new credential to replace it with. 1 Start the Import tool as usual. For more information, see "Going through the import steps" on page 658. 2 In the Settings page, select Replace as Credentials operation, and click Next. 3 In the Bindings page, bind the old credential values with the fields labelled as (previous value), the new credential values with the fields not labelled as (previous value).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

666

Import tool

NOTE The old and new credential must use the same card format. If the new credentials are to be assigned to the same cardholders, they must also be specified in the CSV file, and cannot be different than the current cardholder of the old credentials.

4 Click Next. The Import tool will change the status of the old credential to Inactive, while creating the new credential as Active. If the cardholders are also imported in the same file, the new credentials will be associated to the cardholders. The result of the operation will be displayed in a summary window. 5 Click

to copy and paste the contents of the report.

6 Click Close.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

667

Copy configuration tool

Copy configuration tool The copy configuration tool helps you save configuration time by copying the settings of one entity to many others that partially share the same settings. NOTE The use of this tool is limited to administrative users.

Using the copy configuration tool When you have many similar entities to configure, you can save time by copying the settings of one entity to others of the same type using the Copy configuration tool. 1 Select the Home page overview and select Tools from the Home menu. 2 Select the Copy configuration tool. The Copy configuration tool wizard window opens.

3 Select an entity type and click Next. 4 Select the source entity you want to copy the settings from, and click Next. 5 Select the options (groups of settings) you want to copy, and click Next.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

668

Copy configuration tool

6 Select the destination: entities you want to copy the settings to, and click Next. The copying process starts. 7 Click Close when the copying process is completed.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

669

Custom card format editor

Custom card format editor The custom card format editor is a Synergis-specific tool that allows you to define your own card formats. It is available from the Access control task, General settings view. NOTE This tool is only available to administrative users.

Related topics:

•"Using custom card formats" on page 287

Defining custom card formats The Custom card format editor allows you to define custom card formats manually or to import them from XML files. A

B

C D

E

F G

A

Fixed value field (indicated by the padlock

B

Card format name and description listed in the Access control task, General settings view.

C

Format used to display Credential code in reports.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

icon).

670

Custom card format editor

D

Select the card format type and length before defining the fields.

E

Field designated as the sequence generator (indicated by the plus

F

Validate the format with pre-enrolled credentials.

G

Import/export card format from XML file.

icon).

To define a new custom card format: 1 From the Home page in Config Tool, open the Access control task. 2 Select the General settings view. 3 Below Custom card formats, click (

) to open the Custom card format editor.

4 Enter the Name and Description of the custom card format. 5 Specify the Card format type and Format length. 

Wiegand (8 to 128 bits)



ABA (2 to 32 characters)

6 Define the data fields that constitute the custom card format. The total length of the fields cannot exceed the format length. 

For more information, see "Defining Wiegand fields" on page 672.



For more information, see "Defining ABA fields" on page 674.

7 (Optional) For Wiegand, you might have to add parity check bits to the format. For more information, see "Adding parity checks" on page 673. 8 (Optional) For Wiegand, you can designate one field as the sequence generator. The sequence generator is used in to let you enroll a range of credentials in bulk.

The field designated as the sequence generator allows you to define a range of values for bulk credential enrollment in Security Desk

For more information regarding the credential enrollment task, see “Credential enrollment” in the Security Desk User Guide. 1 (Optional) Enter the format string for printing the credential code.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

671

Custom card format editor

The credential code is the printed form of the credential data. It is an optional column that is available in most access control related reports. The Code format string tells the system how to print the credential data. To include a field in the credential code, the field name must be specified in the code format string as it is spelled in the card format field definition, between curly brackets “{ }”. The field names are case-sensitive. Any other characters in the format string that are not found between curly brackets are printed as is. For example, with the format string “{Facility}/{Card Number}”, a credential with the respective field values 230 and 7455 will be printed as “230/7455”. 2 (Optional) Validate the new custom card format with a pre-enrolled credential. Click Validate with credential, select a pre-enrolled credential from the Search tool, and click OK. 3 (Optional) Click Export to save the custom card format to an XML file. Exporting the custom card format to an XML file allows you to import that same card format definition to other Synergis systems. 4 Click OK to close the Custom card format editor dialog box. 5 Click Apply.

Defining Wiegand fields A Wiegand field is composed of a series of bits. The maximum field length is 63 bits. To add a new Wiegand field, click in the Wiegand fields section of the Custom card format editor dialog box. The following dialog appears.

The mask specifies the bits that are part of the field. The bits are named according to their respective position in the card format, starting from 0. You can enter the mask as a list of comma-separated bit positions or as a range of bit positions. For example, the mask “1,2,3,4,5,6,7,8” can also be written as “1-8” or “1-4,5-8”. Note that the order of the bits within the field is important. Therefore, “1,2,3,4” is not the same as “4,3,2,1”. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

672

Custom card format editor

As you define each field, it appears graphically in the Wiegand fields section.

NOTE The order of the fields within the format is important. It corresponds to the order that field values are read from the Credential card data when using the Import tool. For more information, see "Import cardholders from a flat file" on page 284.

Adding parity checks If you are defining a Wiegand card format, you can add parity checks to strengthen the validation of your credentials.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

673

Custom card format editor

To add a parity check: 1 Click

in the Parity checks section.

The Parity check dialog box opens.

2 Select the type of parity check (Even or Odd), the position of the Parity bit in the card format (starts at 0), and the bits that should be evaluated (Mask). The syntax of the parity check mask is the same as the data field mask, except that in this case, the order of the bits is not important. 3 Click OK. As parity checks are defined, they appear in the Parity checks list.

NOTE The order of the parity checks in the list is important. It corresponds to the order in

which the parity checks are evaluated. The mask of a subsequent parity check can include the parity bit of a previous parity check and their masks can overlap.

Defining ABA fields ABA field length is measured in characters (4 bits each). The maximum ABA field length is 18 characters, or up to the card format length, whichever comes first. The maximum ABA card format length is 32 characters or 128 bits.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

674

Custom card format editor

To add a new ABA field, click dialog box.

in the ABA fields section of the Custom card format editor

There are three types of ABA fields:

• Delimiter. This type of field specifies a delimiter character, typically used at the beginning or the end of the card format.

• Sized. This is a fixed-length field. The length is specified in characters (4 bits each). The field can contain a fixed value. The field length must be long enough to hold the fixed value.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

675

Custom card format editor

• Delimited. This is a variable length field. You must specify a maximum length (as 4-bit characters) and a delimiter character.

As you define each field, it appears graphically in the ABA fields section.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

676

Custom card format editor

NOTE The order of the fields within the format is important for two reasons: 



It defines the card format. It corresponds to the order the field values are read from the Credential card data when using the Import tool. For more information, see "Import cardholders from a flat file" on page 284.

Deleting a custom card format If a custom card format is deleted from Security Center, all credentials using that format appears as ‘Unknown’, but the credentials are still granted access at the doors.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

677

Options dialog box

Options dialog box The Options dialog box lets you configure the Config Tool options on your local workstation. The settings are saved one of the following ways:

•Saved as local settings for your Windows user profile •Saved as local settings for the workstation (applies to Config Tool and Security Desk, for all users) •Saved in the Directory database for your Security Center user profile Related topics:

• "Config Tool interface tour" on page 13 The Options dialog box contains the following option tabs: Tab

Description

See "General options" on page 679.

See "Keyboard shortcuts" on page 681.

See "Visual options" on page 683.

See "User interaction options" on page 685.

See "Video options" on page 688.

See "Performance options" on page 689.

See "Date and time options" on page 690.

See "External devices" on page 691.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

678

Options dialog box

General options The General tab allows you to configure the general behavior of Config Tool.

User logon options This group of settings controls the behavior of the Logon dialog box. The settings apply to the local workstation, and affect Security Desk and Config Tool for all users. Changes you make will only take effect the next time a user starts Security Desk or Config Tool.

• Force Windows credentials. (Active Directory required). Select this option to force the use of Windows credentials for logon. For this option to work, the users who are expected to log on via this machine must be imported from an Active Directory. For more information, see "Importing users from an Active Directory" on page 102.

• Force Directory to. Restrict the access of all users to a specified Directory. • Prevent connection redirection to different Directory servers. This option is meaningful only if you are using Directory load balancing. Select this option if you want to bypass the default load balancing behavior, and only connect to the Directory specified by the user in the connection dialog box.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

679

Options dialog box

CAUTION If you use the Force Directory to option, and a mistake has been made (for example

a typo in the Directory name), the next time the user tries to log on, they might be stuck in an endless loop, unable to connect to the wrong server. The logon attempts can be stopped by clicking Cancel, but no Directory field appears to correct the misspelled Directory name.

• The solution is to cancel the logon attempts, and the hold the CTRL key and SHIFT key while clicking Log on. This will force the Directory field to be displayed.

NOTE The same keyboard and mouse-click shortcut can be used to override the Force Windows credentials option if it has been applied.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

680

Options dialog box

Network options The network settings apply to the local workstation, and affect Security Desk and Config Tool for all users.

• Network card. If your computer is equipped with more than one network card, select the one used to communicate with Security Center applications.

• Network. Config Tool can automatically detect the network your workstation is connected to. If you have trouble getting your video feeds, set this option to Specific, and manually select the network you are on.

• Incoming UDP port range. Port range used for transmitting video to your workstation using multicast or unicast UDP.

Keyboard shortcuts The Keyboard shortcuts tab allows you to define or change the keyboard shortcuts mapped to frequently used commands in Config Tool. The keyboard shortcut configuration is saved as part of your user profile and applies to Security Desk and Config Tool.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

681

Options dialog box

Assign or change a keyboard shortcut A keyboard shortcut can only be assigned to a single command. Assigning an existing keyboard shortcut to a new command removes it from the previous command. 1 In the Command column, select the command you want to assign a keyboard shortcut to. If a keyboard shortcut is already assigned to this command, you must remove it before you can assign a new one. 2 Click Add an item (

) and press the desired key combination.

If the shortcut is already assigned to another command, you will get a popup message. 

Click Cancel to choose another shortcut.



Click Assign to assign the shortcut to the selected command.

3 Change another shortcut, or click Save to apply your changes.

Export your keyboard shortcut configuration You can export your keyboard shortcut configuration to an XML file and import it to another workstation. 1 At the bottom of the Keyboard shortcuts tab, click Export. 2 Select a file name in the dialog box that appears. 3 Click Save to close the file browser dialog box.

Import your keyboard shortcut configuration You can import the keyboard shortcut configuration exported from another workstation. 1 Click Import at the bottom of the Keyboard shortcuts tab. 2 Select a file name in the dialog box that appears. 3 Click Open. The file browser dialog box closes. 4 Click Save to save your changes, and close the Options dialog box.

Restore the default keyboard shortcut configuration 1 At the bottom of the Keyboard shortcuts tab, click the Restore default button. 2 Click Save to save your changes, and close the Options dialog box. For more information, see "Default keyboard shortcuts" on page 765.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

682

Options dialog box

Visual options The Visual tab allows you to configure the position of the taskbar inside the Config Tool window, and the icons displayed in the notification tray. The visual options are saved as part of your user profile and apply to Security Desk and Config Tool.

Taskbar

• Taskbar position. Select the edge (Top, Bottom, Right, Left) of the application window where you want the taskbar to be displayed. See "Home page overview" on page 14.

• Auto-hide the taskbar. Select this option to show the taskbar only when the mouse cursor hovers over the edge of the application window where the taskbar is set to appear. NOTE This option hides both the taskbar and the Notification tray.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

683

Options dialog box

Notification tray You can use the Tray options to control what to display in the notification tray.

From the drop-down list beside the icons in the Visual page of the Options dialog box, choose to Show, Hide, or Show notifications only for that item. The following table lists the notification tray icons, and what you can use them for: Icon

Name

Description

Clock

Shows the local time. Hover your mouse pointer over that area to see the current date in a tooltip. To customize the time display, see "Date and time options" on page 690.

CPU meter

Shows the CPU usage on your computer. Hover your mouse pointer over the icon to view the CPU usage percentage.

Session info

Shows the current username and Security Center Directory name. Click to toggle between the long and short display.

Volume

Shows the volume setting (0 to 100) of Config Tool. Click to adjust the volume using a slider, or to mute the volume.

Warning

Shows the number of messages (errors, warnings, and messages), and health events on your system. Double-click to open the Notifications dialog box to read and review the messages. For more information, see "Viewing system messages" on page 168. • If there are health errors, the icon turns red ( ). • If there are warnings, the icon turns yellow. • If there are only messages, the icon turns blue.

Firmware upgrade

Appears only when there are unit firmware upgrades currently under way. The upgrade count is displayed over the icon. Double-click the icon to view the details.

Database action

Appears only when there are database upgrades currently under way. The upgrade count is displayed over the icon. Double-click the icon to view the details.

Add unit status

Appears only when there are newly added units in the system. The unit count is displayed over the icon. Double-click the icon to view the details.

Card requests

Shows the number of pending requests for credential cards to be printed ( ). Double-click to open the Card requests dialog box and respond to the request. For more information, see “Respond to a card request” in the Security Desk User Guide.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

684

Options dialog box

Icon

Name

Description

Video file conversion

Shows the number of G64 files currently being converted to ASF format (

). Double-click to open the Conversion to ASF dialog box and

view the status of the conversion. When the icon changes to , the file conversion is complete. For more information, see “Convert video files to ASF” in the Security Desk User Guide. Video export

Shows the number of video sequences currently being exported ( ). Double-click to open the Export dialog box and view the status of the export. When the icon changes to , the export is complete. For more information, see “Export video” in the Security Desk User Guide.

User interaction options The User interaction tab allows you to configure the user interaction behavior in Config Tool.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

685

Options dialog box

System messages These settings are saved as part of your user profile and apply to Security Desk and Config Tool.

• Display warning if query may take a long time to execute. Select this option if you want Config Tool to display a warning message every time you are about to execute a query that might take a long time. See the sample message below.

• Ask for a name when creating a task. Select this option if you want Config Tool to ask you for a name every time you create a task that accepts multiple instances.

• Ask for confirmation before closing a task. Select this option if you want Config Tool to ask for confirmation every time you remove a task from the interface.

UI enhancement These settings are saved as part of your user profile and apply to Security Desk and Config Tool.

• Show logical ID. Select this option if you want the logical ID to be displayed in brackets after an entity name in the Logical view.

• Show Active Directory domain name where it is applicable. Displays username and domain name when Active Directory integration is used.

When an active task is updated When someone updates a public task you have in your active task list, Config Tool can behave one of three ways. This setting is saved as part of your user profile and applies to Security Desk and Config Tool.

• Ask user. Ask you before loading the updated task definition. • Yes. Reload without asking. • No. Never reload. Administrative tasks When you rename an entity that represents a hardware unit, such as an access control unit or a video unit, Config Tool can behave one of three ways. This settings is saved as part of your administrator user profile. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

686

Options dialog box

• Ask user. Ask you before renaming all related devices. • Yes. Rename all related devices without asking you. • No. Never rename the related devices. On application exit When you exit Config Tool, if you have unsaved changes to your active task list, Config Tool can behave one of three ways. This setting is saved as part of your user profile and applies to Security Desk and Config Tool.

• Ask user. Ask you before saving your task list. • Yes. Save without asking. • No. Never save. Advanced When you create new entities, they can automatically be added as members of a partition. This setting is saved as part of your user profile.

• From the drop-down list, select a default partition, and then click Save.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

687

Options dialog box

Video options The Video tab allows you to configure the options related to how video is handled in Config Tool.

Advanced settings The following video settings apply to the local workstation, and affect Security Desk and Config Tool for all users. However, they mainly apply to Security Desk. NOTE After changing those settings, you need to restart Security Desk.

• Out of process media components. Select whether the video signals are decoded by an inprocess or out-of-process component. 



An in-process component is an application (implemented as a .dll) that runs in the same processing space as the client application (Security Desk). The advantage of this option is that the video signals are decoded quickly. An out-of-process component is a stand-alone executable program (.exe) which resides on the local computer or a remote computer, and can be accessed by Security Desk. Since the processing is done outside of Security Desk’s memory, the advantage of this option is the increased stability and performance of the decoding.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

688

Options dialog box

• All in the same process. Selecting this option when the Out of process media components is turned ON means that regardless of the number of cameras being viewed, their video decoding are all handled by one decoding process.

• Components per process. This setting can be adjusted between 1 and 16. It refers to how many cameras can be decoded by a single decoding process. Setting this value to 1 means that each camera being displayed uses its own decoding process.

• Enable deinterlacing. Select this option to help reduce the jagged effect around straight lines during movement in interlaced video streams.

Performance options The Performance tab allows you to configure the options related to how queries are handled in Config Tool. These settings are saved as part of your user profile and apply to Security Desk and Config Tool.

Reports

• Maximum number of results. Whenever you generate a report using one of the reporting tasks, the maximum number of results that can be returned by the query is limited by the parameter you set here. This limit ensures stable performance when too many results are gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

689

Options dialog box

returned. When the query reaches the specified limit, it automatically stops with a warning message. The maximum value you can set is 2,000. TIP There is a way to bypass the limit of 2,000 results. You need to save your reporting task as a public task, and manually launch the action E-mail a report using the task you just saved as a parameter. This can be done from a scheduled task. In this case, the report is not displayed in Config Tool, and the number of results is limited to 10,000. For more information, see "Using scheduled tasks" on page 109.

Date and time options The Date and time tab allows you to configure the time display behavior on this workstation. These settings are saved as part of your user profile and apply to Security Desk and Config Tool.

Time zone abbreviations

• Display time zone abbreviations. Select this option to add the time zone abbreviation to all time displays.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

690

Options dialog box

External devices The External devices tab allows you to enable or disable access control devices, such as USB readers, signature pads, card scanners, and so on. For example, if you disable the option to use USB readers, then when you want to present a card credential, you can only use a door, not a USB reader on someone’s desk. These settings are saved locally for your Windows user profile. Next to each external device, set the option ON or OFF, and then click Save.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

691

Adding shortcuts to external tools

Adding shortcuts to external tools You can add shortcuts to frequently used external tools and applications in the Tools page in Config Tool, by modifying the ToolsMenuExtensions.xml file. This file is located in C:\Program files (x86)\Genetec Security Center 5.2\ on a 64 bit computer, and in C:\Program files\Genetec Security Center 5.2\ on a 32 bit computer.

The original content of this file looks as follows: Notepad c:\windows\notepad.exe c:\SafetyProcedures.txt Calculator c:\windows\system32\calc.exe Paint c:\windows\system32\mspaint.exe

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

693

17 User privileges This section describes all privilege hierarchies in Security Center by category. This section includes the following topics:

• • • • •

"Application privileges" on page 695 "General privileges" on page 696 "Administrative privileges" on page 697 "Task privileges" on page 704 "Action privileges" on page 708

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

694

Application privileges

Application privileges Application privileges

• •

Config Tool. Allows the user to run Config Tool. Security Desk. Allows the user to run Security Desk. 











• • • • •

grant access to the Security Center applications.

Change client views. Allows the user to change the Security Desk window size and position. Without this privilege, the user cannot log off or close Security Desk, and Security Desk stays locked in full screen mode. The Restore Down commands and the F11 key (used to switch between full screen and windowed mode) are also disabled. See also "Force Security Desk to run in full screen mode" on page 95. Change Security Desk options. Allows the user to change the Security Desk options through the Options dialog box (CTRL+O). Change tile content. Allows the user to change what is displayed in each tile. Change tile pattern. Allows the user to change the tile pattern. Change workspace. Allows the user to add and remove tasks from their active task list. The only exception to the rule is the Video file player task that does not need the user to be connected to the Directory to open. Start/Stop task cycling. Allows the user to start and stop task cycling, and to change the task dwell time. Web Client. Allows the user to use the Web Client.

Global Cardholder Synchronizer. Allows a sharing guest to log on via the Global Cardholder Synchronizer role to the local system. The local system is the sharing host. Log on using the SDK. Allows the user to run SDK applications. Mobile application. Allows a Mobile application to connect to the local system. Federation. Allows a federation role (Omnicast Federation or Security Center Federation) from the host system to connect to the local system. The local system is the one being federated.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

695

General privileges

General privileges General privileges

• • • •

grant access to the generic Security Center features.

View Web pages. Allows the user to view the URL associated to tile plugins in Security Desk. Change own password. Allows the user to change their own password. Print/export reports. Allows the user to print and save reports to files. Remove entries from a report. Allows the user to remove selected entries from reports in Security Desk.



Report incidents. Allows the user to report the incidents in the Security Desk. 

Modify reported incidents. Allows the user to modify incident reports in the Security Desk

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

696

Administrative privileges

Administrative privileges Administrative privileges Config Tool.

• • • • • •

grant access to the configuration of Security Center entities via

"Logical entities" on page 697 "Physical entities" on page 697 "Schedule Management" on page 700 "Access control management" on page 701 "Alarm management" on page 703 "LPR management" on page 703

Logical entities • View areas • View tile plugins View areas Allows the user to view area configurations.



Modify areas. Allows the user to modify area configurations. Add/delete areas. Allows the user to add or delete area entities.



View tile plugins Allows the user to view tile plugin configurations.



Modify tile plugins. Allows the user to modify tile plugin configurations. 

Add/delete tile plugins. Allows the user to add or delete tile plugin entities.

Physical entities • • • • • • • • •

View access control units View analog monitors View assets View cameras View cash registers View doors View elevators View LPR units View output behaviors

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

697

Administrative privileges

• • • • • •

View Patrollers View zones View camera sequence View video units View intrusion areas View intrusion detection units

View access control units Allows the user to view access control unit configurations.



Initiate access control unit firmware upgrade. Allows the user to initiate access control unit firmware upgrade.



Modify access control units. Allows the user to modify access control unit configurations and to swap units. For more information, see Unit swap utility on page 163. 



Add/delete access control units. Allows the user to add or delete access control units. This includes unit discovery and enrollment. For more information, see Unit discovery on page 142. Reset access control units. Allows the user to reset access control units.

View analog monitors Allows the user to view analog monitor configurations.



Modify analog monitors. Allows the user to modify analog monitor configurations.

View assets Allows the user to view asset configurations.



Modify assets. Allows the user to modify asset configurations. 

Add/delete assets. Allows the user to add or delete asset entities.

View cameras Allows the user to view camera configurations.



Modify Cameras. Allows the user to modify camera configurations. 

Analytic. Allows the user to modify edge video analytics rules and settings.

View cash registers Allows the user to view cash register configurations.



Modify cash registers. Allows the user to modify cash register configurations.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

698

Administrative privileges



Add/delete cash registers. Allows the user to add or delete cash register entities.

View doors Allows the user to view door configurations.



Modify doors. Allows the user to modify door configurations. 

Add/delete doors. Allows the user to add or delete door entities.

View elevators Allows the user to view elevator configurations.



Modify elevators. Allows the user to modify elevator configurations. 

Add/delete elevators. Allows the user to add or delete elevator entities.

View LPR units Allows the user to view LPR unit configurations.



Modify LPR units. Allows the user to modify LPR unit configurations. 



Add/delete elevators. Allows the user to add or delete LPR units. Reset LPR units. Allows the user to reset LPR units.

View output behaviors Allows the user to view output behavior configurations.



Modify output behaviors. Allows the user to modify output behavior configurations. 

Add/delete output behaviors. Allows the user to add or delete output behaviors.

View Patrollers Allows the user to view Patroller configurations.



Modify Patrollers. Allows the user to modify Patroller configurations. 

Add/delete Patrollers. Allows the user to add or delete Patrollers.

View zones Allows the user to view zone configurations.



Modify zones. Allows the user to modify zone configurations. 

Add/delete zones. Allows the user to add or delete zone entities.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

699

Administrative privileges

View camera sequence Allows the user to view camera sequence configurations.



Modify camera sequence. Allows the user to modify camera sequence configurations. 

Add/delete camera sequence. Allows the user to add or delete camera sequence entities.

View video units Allows the user to view video unit configurations.



Initiate video units firmware upgrade. Allows the user to initiate video unit firmware upgrade.



Modify video units. Allows the user to modify video unit configurations. 

Add/delete video units. Allows the user to add or delete video units.

View intrusion areas Allows the user to view intrusion detection area configurations.



Modify intrusion areas. Allows the user to modify intrusion detection area configurations. 

Add/delete intrusion areas. Allows the user to add or delete intrusion detection areas.

View intrusion detection units Allows the user to view intrusion detection unit configurations.



Modify intrusion detection units. Allows the user to modify intrusion detection unit configurations. 

Add/delete intrusion detection units. Allows the user to add or delete intrusion detection units.

Schedule Management • View scheduled tasks • View schedules View scheduled tasks Allows the user to view scheduled task configurations.



Modify scheduled tasks. Allows the user to modify scheduled task configurations. 

Add/delete scheduled tasks. Allows the user to add or delete scheduled tasks.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

700

Administrative privileges

View schedules Allows the user to view schedule configurations.



Modify schedules. Allows the user to modify schedule configurations. 

Add/delete schedules Allows the user to add or delete schedules.

Access control management • • • • • • •

Convert shared entities to local entities View access rules View badge templates View cardholder groups View cardholders View credentials View visitors

Convert shared entities to local entities Allows the user to convert shared global entities to local entities.

View access rules Allows the user to view access rule configurations.



Modify access rules. Allows the user to modify access rule configurations. 

Add/delete access rules. Allows the user to add or delete access rules.

View badge templates Allows the user to view badge template configurations.



Modify badge templates. Allows the user to modify badge template configurations. 

Add/delete badge templates. Allows the user to add or delete badge templates.

View cardholder groups Allows the user to view cardholder group configurations.



Modify cardholder groups. Allows the user to modify cardholder group configurations. 

Add/delete cardholder groups. Allows the user to add or delete cardholder groups.



Modify custom fields. Allows the user to modify the cardholder group custom fields.

View cardholders Allows the user to view cardholder configurations. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

701

Administrative privileges



Modify cardholders. Allows the user to modify cardholder configurations. 







Add/delete cardholders. Allows the user to add or delete cardholders. Change cardholder options. Allows the user to change the cardholder options, namely, Use extended grant time and Bypass antipassback rules. Change status. Allows the user to change the cardholder status, and activation and expiration dates. Modify credential information. Allows the user to modify the card format, facility code, card number and cardholder PIN.



Modify custom fields. Allows the user to modify the cardholder custom fields.



Modify name. Allows the user to change the cardholder name.



Take/edit picture. Allows the user to take or edit the cardholder picture.

View credentials Allows the user to view credential configurations.



Modify credentials. Allows the user to modify credential configurations. 





Add/delete credentials. Allows the user to add or delete credentials. Change status. Allows the user to change the credential status, and activation and expiration dates. Modify cardholder/credential association. Allows the user to assign and remove credentials from a cardholder.



Modify custom fields. Allows the user to modify the credential custom fields.



Modify name. Allows the user to change the credential name.



Print badges. Allows the user to print badges.



View advanced credential info. Allows the user to view the credential information such as the Wiegand fields (facility code and card number) and PINs.

View visitors Allows the user to view visitor configurations.



Modify visitors. Allows the user to modify visitor configurations. 

Check-in/check-out visitors. Allows the user to check-in and check-out visitors.



Modify custom fields. Allows the user to change the visitor custom fields.



Take/edit picture. Allows the user to take or edit the visitor picture.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

702

Administrative privileges

Alarm management • View alarms • View monitor groups View alarms Allows the user to view alarm configurations.



Modify alarms. Allows the user to modify alarm configurations. 

Add/delete alarms. Allows the user to add or delete alarm entities.

View monitor groups Allows the user to view monitor group configurations.



Modify monitor groups. Allows the user to modify monitor group configurations. 

Add/delete monitor groups. Allows the user to add or delete monitor group entities.

LPR management • View LPR rules View LPR rules Allows the user to view LPR rule configurations. These include hotlists, overtime rules, permits, permit restrictions, and parking facilities.



Modify LPR rules. Allows the user to modify LPR rule configurations. 

Add/delete LPR rules. Allows the user to add or delete LPR rules.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

703

Task privileges

Task privileges Task privileges

control the accessibility of the Security Desk tasks.

Manage private tasks Allows the user to manage private task configurations.

View public tasks Allows the user to view public task configurations.



Modify public tasks. Allows the user to modify public task configurations. 

Add/delete public tasks. Allows the user to add or delete public tasks.

Administration

• • • • • • •

Logical view. Allows the user to run the Logical view task. System. Allows the user to run the System task. Video management. Allows the user to run the Video task. Access control. Allows the user to run the Access control task. Intrusion detection. Allows the user to run the Intrusion detection task. LPR. Allows the user to run the LPR task. Plugins. Allows the user to run the Plugins task.

Operation

• • • • • •

• •

Monitoring. Allows the user to create/run monitoring tasks. Cardholder management. Allows the user to create/run cardholder management tasks. Visitor management. Allows the user to create/run visitor management tasks. People counting. Allows the user to create/run people counting tasks. Credential enrollment. Allows the user to create/run credential enrollment tasks. Inventory management. Allows the user to create/run the inventory management task. This privilege allows the user to create inventories, but not to modify or delete the offloaded reads. See Modify/delete LPR reads that are not part of an inventory under "Action privileges" on page 708. Hotlist and permit editor. Allows the user to create/run hotlist and permit editor tasks. Remote. Allows the user to monitor and control other Security Desk workstations and monitors using the Remote task.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

704

Task privileges

Investigation



Access control 

Area activities. Allows the user to create/run area activity reports.



Door activities. Allows the user to create/run door activity reports.



Cardholder activities. Allows the user to create/run cardholder activity reports.



Visitor activities. Allows the user to create/run visitor activity reports.



Area presence. Allows the user to create/run area presence reports.



Time and attendance. Allows the user to create/run time and attendance reports.



Credential activities. Allows the user to create/run credential activity reports.









Elevator activities. Allows the user to create/run elevator activity reports. Visit details. Allows the user to create/run visitor detail reports. Asset management



Asset activities. Allows the user to create/run asset activity reports.



Asset inventory. Allows the user to create/run asset inventory reports.



Intrusion detection 





Intrusion detection area activities. Allows the user to create/run intrusion detection area activity reports. Intrusion detection unit events. Allows the user to create/run intrusion detection unit event reports. LPR



Hits. Allows the user to create/run hit reports.



Reads. Allows the user to create/run read reports.



Route playback. Allows the user to create/run route playback tasks.



Inventory report. Allows the user to create/run parking facility inventory reports.





Credential request history. Allows the user to create/run credential request history reports.

Daily usage per Patroller. Allows the user to create/run daily usage per Patroller reports.



Logons per Patroller. Allows the user to create/run logons per Patroller report.



Reads/hits per day. Allows the user to create/run reads/hits per day reports.



Reads/hits per zone. Allows the user to create/run reads/hits per zone reports.



Zone occupancy. Allows the user to create/run zone occupancy reports. Video

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

705

Task privileges



Archives. Allows the user to create/run archive reports.



Bookmarks. Allows the user to create/run bookmark reports.



Motion search. Allows the user to create/run motion search reports.



Camera events. Allows the user to create/run camera event reports.



• • •

Forensic search. Allows the user to create/run forensic search reports. Transactions. Allows the user to create/run point of sale reports. Incidents. Allows the user to create/run incident reports. Zone activities. Allows the user to create/run zone activity reports.

Maintenance



Access control 

















• • • • •

Access control health history. Allows the user to create/run access control health history reports. Access control unit events. Allows the user to create/run access control unit event reports. Cardholder access rights. Allows the user to create/run cardholder access rights reports. Door troubleshooter. Allows the user to create/run Access troubleshooter reports. Access rule configuration. Allows the user to create/run access rule configuration reports. Cardholder configuration. Allows the user to create/run cardholder configuration reports. Credential configuration. Allows the user to create/run credential configuration reports. IO configuration. Allows the user to create/run IO configuration reports. Video



Archiver events. Allows the user to create/run archiver event reports.



Archive storage details. Allows the user to create/run archive storage detail reports. System status. Allows the user to create/run system status reports. Audit trails. Allows the user to create/run audit trail reports. Hardware inventory. Allows the user to create/run hardware inventory reports. Health history. Allows the user to create/run health history reports. Activity trails. Allows the user to create/run activity trail reports.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

706

Task privileges

Alarm Management

• •

Alarm monitoring. Allows the user to create/run the alarm monitoring task. Alarm report. Allows the user to create/run alarm reports.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

707

Action privileges

Action privileges Action privileges

control the actions that can be performed on the Security Center entities.

Set threat level Allows the user to manage threat level configurations.

Cameras

• • •

Audio (talk/listen). Allows the user to use the talk and listen commands. Block and Unblock video. Allows the user to block and unblock video streams from other users. Protect video from deletion. Allows the user to protect video against automatic deletion. Remove video protection. Allows the user to remove video protection.





View live video. Allows the user to view live video from cameras. 

Digital zoom. Allows the user to use the digital zoom function.



Override video quality. Allows the user to override the video quality settings.



Record manually. Allows the user to start/stop recordings manually.



Add bookmarks. Allows the user to add bookmarks. Edit bookmark. Allows the user to edit bookmarks.





Delete bookmark. Allows the user to delete bookmarks.



Save/print snapshots. Allows the user to save/print snapshots.



PTZ motor privileges Lock PTZ. Allows the user to lock the PTZ.





Use auxiliaries. Allows the user to use the auxiliary controls.











Set auxiliaries. Allows the use to rename the auxiliaries. Use patterns. Allows the user to use the camera patterns.





Override PTZ locks. Allows the user to override PTZ locks.

Edit patterns. Allows the user to edit or rename the camera patterns.

Use specific commands. Allows the user to use the PTZ specific commands and the menu mode. Perform basic operations. Allows the user to perform basic PTZ operations. Change focus and iris settings. Allows the user to change the focus and iris settings.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

708

Action privileges

Use presets. Allows the user to use the camera presets.



Edit presets. Allows the user to edit or rename the camera presets.



View playback. Allows the user to view playback video.



Export video. Allows the user to export recorded video.



Use ASF format. Allows the user to export to ASF format.



Access Control



Doors 

Explicitly unlock doors. Allows the user to explicitly unlock doors.



Override unlock schedules. Allows the user to override unlock schedules. Maintenance mode. Allows the user to put the door in maintenance mode.





Forgive antipassback violation. Allows the user to forgive antipassback violations.



Silence\Sound buzzer. Allows the user to silence or sound a door buzzer.

Alarms

• • • •

Acknowledge alarms. Allows the user to acknowledge alarms. Forward alarms. Allows the user to forward alarms. Snooze alarms. Allows the user to snooze alarms. Trigger alarms. Allows the user to trigger alarms.

Users

• • • • • • • •

Display entity in SD. Allows the user to display an entity in Security Desk. Email a report. Allows the user to email reports to other users. Play a sound. Allows the user to send and play sound files to other users. Send a message. Allows the user to send text messages to other users. Send an email. Allows the user to send emails to other users. Send/clear task. Allows the user to use the Send task/Clear tasks actions. Start/Stop camera sequence. Allows the use to start/stop a camera sequence. Trigger output. Allows the user to trigger output.

Macros



Execute Macros. Allows the user to execute macros.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

709

Action privileges

LPR reads/hits

• • •

View live covert hits. Allows the user to view live covert hits in Security Desk. Protect/unprotect LPR reads. Allows the user to protect/unprotect LPR reads and hits against automatic deletion. Modify/delete reads that are not part of an inventory. Allows the user to modify/ delete LPR reads that are not yet committed to a parking facility inventory.

Zones



Arm/Disarm zones. Allows the user to arm/disarm zones.

Areas



Reset people count. Allows the user to reset the people count.

Intrusion detection



Arm/Disarm intrusion detection areas. Allows the user to arm/disarm intrusion detection areas.



Trigger intrusion alarm. Allows the user to trigger alarms on intrusion panels.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

710

18 Reporting task reference This section lists the query filters and report pane columns available in Config Tool maintenance tasks. This section includes the following topics:

• "Query filters" on page 712 • "Report pane columns" on page 723

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

711

Query filters

Query filters Before generating a report, you must filter your query. This section lists the query filters available for each reporting task. This list is organized alphabetically by query filter. Associated application

Query filter

Associated reports

Accept reasons

• Hits

• Security Desk • Web Client

Reason selected by the Patroller user when enforcing a hit. Accept reasons are created and customized in Config Tool.

Access control units

• Access control unit events • IO configuration

• Config Tool • Security Desk

Select the access control units to investigate.

Access rule

• Access rule configuration

• Config Tool • Security Desk

Select the access rule to investigate.

Acknowledged by

• Alarm report

• Security Desk • Web Client

Users who acknowledged the alarm.

Acknowledged on

• Alarm report

• Security Desk • Web Client

Alarm acknowledgement time range. For more information, see.

Action taken

• Hits

• Security Desk • Web Client

Patroller hit actions (Accepted, Rejected, Not enforced) selected by the Patroller user. For fixed Sharps, a hit raised by the Hit Matcher module is always automatically Accepted and Enforced.

Acknowledgement type

• Alarm report

• Security Desk • Web Client

Check one of the following acknowledgement type options: • Alternate. Alarm was acknowledged by a user using the alternate mode. • Default. Alarm was acknowledged by a user, or auto-acknowledged by the system. • Forcibly. An administrator forced the alarm to be acknowledged.

Activation date

• Visit details

• Security Desk • Web Client

Time the visitor’s profile was activated.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

712

Query filters

Associated application

Query filter

Associated reports

Description

Activities

• Activity trails

• Config Tool • Security Desk • Web Client

Select the activities to investigate.

• Credential request history

• Security Desk

Select which badge printing activities to investigate. • Credential request. When a user requests a badge printing job. • Credential request cancelled. When a user cancels a badge printing job. • Credential request completed. When a user prints a badge from the queue.

Advanced search

• Inventory report

• Security Desk

By default, LPR images are not displayed in the Inventory report. To view images, click Get images. NOTE To prevent performance issues, plate images are not displayed if a report includes more than a thousand rows.

Alarm priority

• Alarm report

• Security Desk

Alarm priority. NOTE All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool.

Alarms

• Alarm report

• Security Desk • Web Client

Select the types of alarms you want to investigate. Alarms can be locally defined ( or imported from federated systems ( ).

),

Annotation fields

• Hits

• Security Desk • Web Client

Patroller hit annotations used by the Patroller user. For information about creating and configuring annotation fields, see the AutoVu Handbook.

Application

• Activity trails • Audit trails

• Config Tool • Security Desk • Web Client

Which client application was used for the activity.

Archiver

• Archiver events

• Config Tool • Security Desk

Select the Archivers to investigate.

Areas

• Area activities • Area presence • Time and attendance

• Security Desk • Web Client

Select the areas to investigate. NOTE For the Time and attendance and Area presence tasks, select a fully secured area.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

713

Query filters

Associated application

Query filter

Associated reports

Cameras

• Archives • Archive storage details • Bookmarks • Camera events • Forensic search

• Config Tool • Security Desk

Cardholders

• Area activities • Cardholder activities • Credential configuration • Credential request history • Door activities • Elevator activities • Time and attendance

• Config Tool • Security Desk • Web Client

Cardholder groups

• Cardholder configuration

• Config Tool • Security Desk • Web Client

Select the cardholder groups to investigate.

Compare with

• Inventory report

• Security Desk

Compare entities with a source entity (see "Source (entity)" on page 720).

Creation time

• Incidents

• Security Desk

Incidents created/reported within the specified time range.

Credentials

• Cardholder activities • Credential activities • Credential request history • Door activities • Elevator activities

• Security Desk • Web Client

Restrict the search to certain credentials.

Custom fields

• Most reports

• Config Tool • Security Desk • Web Client

If custom fields are defined for the entity you are investigating, they can be included in this report. NOTE You might not see the custom fields filter, depending on whether your user is configured to view that custom field.

Description

• Activity trails

• Config Tool • Security Desk • Web Client

Restrict the search to entries that contain this text string.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

Select the camera to investigate.

Restrict the search to certain cardholders. NOTE If you only select the All cardholders

cardholder group in the Cardholder activities task, federated cardholders are not included. This is because All cardholders is a local cardholder group that only covers local cardholders.

714

Query filters

Associated application

Query filter

Associated reports

Devices

• IO configuration

• Config Tool • Security Desk

Select the devices to investigate.

Doors

• Door activities

• Security Desk • Web Client

Select the doors to investigate.

Doors - Areas Elevators

• Cardholder access rights • Cardholder activities • Credential activities • Visitor activities

• Config Tool • Security Desk • Web Client

Restrict the search to activities that took place at certain doors, areas, and elevators.

Door side

• Door activities

• Security Desk

Door sides are named A and B by default, but your administrator could have given them different names. This filter allows you to search by door side.

Elevators

• Elevator activities

• Security Desk

Select the elevators to investigate.

Entities

• Audit trails

• Config Tool • Security Desk • Web Client

Select the entities you want to investigate. You can filter the entities by name and by type.

Expiration date

• Visit details

• Security Desk • Web Client

Time the visitor’s profile expired.

Events

• Access control unit events • Activity trails • Archiver events • Area activities • Camera events • Cardholder activities • Credential activities • Door activities • Elevator activities • Intrusion detection area activities • Intrusion detection unit events • Visitor activities • Zone activities

• Config Tool • Security Desk • Web Client

Select the events of interest. The event types available depend on the task you are using.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

715

Query filters

Associated application

Query filter

Associated reports

Event timestamp

• Access control health history • Access control unit events • Activity trails • Archiver events • Archive storage details • Area activities • Camera events • Cardholder activities • Credential activities • Door activities • Elevator activities • Health history • Health statistics • Hits • Intrusion detection area activities • Intrusion detection unit events • Zone activities

• Config Tool • Security Desk • Web Client

Define the time range for the query. For more information, see.

First name

• Visit details

• Security Desk • Web Client

Visitor’s first name.

Health event

• Health history

• Config Tool • Security Desk • Web Client

Name of the health event.

Health severity

• Health history

• Config Tool • Security Desk • Web Client

Severity level of the health event: • Information • Warning • Error

Hit rules

• • • • •

• Security Desk • Web Client

Select the hit rules to include in the report.

Hits Reads Reads/hits per day Reads/hits per zone Zone occupancy

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

716

Query filters

Associated application

Query filter

Associated reports

Hit type

• Hits • Reads/hits per day • Reads/hits per zone

• Security Desk

Select the type of hits to include in the report: Permit, Shared permit, Overtime, and Hotlist.

Impacted

• Activity trails

• Config Tool • Security Desk • Web Client

The entities that were impacted by this activity.

Incident time

• Incidents

• Security Desk

Incidents reported within the specified time range. The incident time corresponds to the event or alarm timestamp the incident refers to. If the incident does not refer to any event or alarm, then the incident time corresponds to the creation time.

Initiator

• Activity trails

• Config Tool • Security Desk • Web Client

User responsible for the activity.

Intrusion detection areas

• Intrusion detection area activities

• Security Desk • Web Client

Select the intrusion detection areas to investigate.

Intrusion detection units

• Intrusion detection unit events

• Security Desk

Select the intrusion detection units to investigate.

Investigated by

• Alarm report

• Security Desk

Which user put the alarm into the under investigation state.

Investigated on

• Alarm report

• Security Desk

Specify a time range when the alarm was put into the under investigation state.

Last name

• Visit details

• Security Desk • Web Client

Visitor’s last name.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

717

Query filters

Associated application

Query filter

Associated reports

License plate

• Hits • Inventory report • Reads

• Security Desk • Web Client

Enter a Full or Partial license plate number. If you choose Partial, a search for “AB” returns plates that have “AB” anywhere in the license plate number. If you choose Full, you can enter the full license plate number, or you can use the following wildcard characters: • Asterisk (*). Represents any number of unknown characters. Use it when searching for documents or files for which you have only partial names. For example, if you enter “ABC*” as your search term, the search might return “ABC123”, “ABC5”, “ABC002”, and so on. If you enter “*XYZ”, the search might return “1XYZ”, “245XYZ”, “00XYZ”, and so on. • Question mark (?). Represents only one unknown character. Use it when you have a list of files with very similar names, or when you are unsure of a few characters. For example, if you enter “ABC12?” as your search term, the search might return “ABC123”, “ABC127”, “ABC12P”, and so on. The question mark only covers one character, but you can enter as many question marks in a search string as you want. You can use the asterisk and the question mark anywhere in a search, and you can also use them together. NOTE License plate search does not support fuzzy matching. For example, if you are searching for a plate with ABC characters, Security Center only finds plates with the ABC characters. It does not find plates numbers with the characters A8C, ABO, or 4BC.

Location

• Inventory report • IO configuration

• Config Tool • Security Desk

• In the Inventory report task: Specify the location in the parking facility you want to view. You can select the entire facility, or specify the sectors and rows within the facility. • In the IO configuration task: Specify the areas where the devices are located.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

718

Query filters

Query filter

Associated reports

LPR units Patrollers

• • • •

Machine

Hits Reads Reads/hits per day Reads/hits per zone

Associated application

Description

• Security Desk • Web Client

Restrict the search to Patroller units (including all their fitted LPR units) and/or LPR units representing fixed Sharp cameras on the Patroller unit.

• Health history

• Config Tool • Security Desk • Web Client

Select a computer that was having health issues to investigate.

Message

• Bookmarks

• Security Desk

Enter any text you want to find in the bookmark. A blank string finds all the bookmarks.

Modified by

• Audit trails

• Config Tool • Security Desk • Web Client

User responsible for the entity modification.

Modification time

• Audit trails • Incidents

• Config Tool • Security Desk • Web Client

• In the Audit trails task: Entities modified within the specified time range. • In the Incidents task: Incidents modified within the specified time range.

Notes

• Incidents

• Security Desk

Enter text to find incidents with a description starting or containing the specified text.

Offload timestamp

• Hits • Reads

• Security Desk • Web Client

The date and time that the Patroller offloaded the reads/hits to Security Center. For more information, see.

Overtime and permit restriction

• Zone occupancy

• Security Desk

(For University Parking Enforcement only) For University Parking Enforcement, both rules have parking lots configured and each parking lot can be defined in terms of a number of parking spaces. This allows the occupancy to be estimated.

Patrollers

• Daily usage per Patroller • Logons per Patroller • Zone occupancy

• Security Desk • Web Client

Restrict the search to Patroller units (including all their fitted LPR units).

Printing users

• Credential request history

• Security Desk

Restrict the search to specific users that printed a badge.

References

• Incidents

• Security Desk

Incidents referencing all the selected entities.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

719

Query filters

Associated application

Query filter

Associated reports

Region

• Hits • Reads

• Security Desk

Specify one or more geographic regions on the map.

Reject reason

• Hits • Reads/hits per day • Reads/hits per zone

• Security Desk • Web Client

Reason selected by the Patroller user when rejecting a hit. Reject reasons are created and customized in Config Tool. NOTE This filter only affects the value in the Rejected hits column.

Requesting users

• Credential request history

• Security Desk

Restrict the search to specific users that requested to print a badge.

Rule

• Reads

• Security Desk • Web Client

Hit rule that matched the plate read.

Source (entity)

• Access control health history • Alarm report • Health history • Health statistics • Inventory report

• Config Tool • Security Desk • Web Client

Source entity of the event. In the Alarm report task, this filter represents the source entity that triggered the alarm in the case of an event-to-action, or the user who triggered the alarm manually.

Source group

• Hardware inventory • Health history • Health statistics

• Config Tool • Security Desk • Web Client

Source entity type of the event.

State

• Alarm report

• Security Desk • Web Client

Current state of the alarm. • Active. Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane. • Acknowledged. Alarm was acknowledged by a user, or auto-acknowledged by the system. • Under investigation. Alarm with an acknowledgement condition that is still active was put under investigation. • Acknowledgement required. Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

720

Query filters

Associated application

Query filter

Associated reports

Status

• Cardholder configuration • Credential configuration • Visit details

• Config Tool • Security Desk • Web Client

The status of the cardholder or visitor’s profile: • Active • Expired • Inactive In the Credential configuration task, the following statuses are also available: • Lost • Stolen

• Archive storage details

• Config Tool • Security Desk

Select the video file status you want to investigate: • Unprotected. Video files that are not protected against the Archiver’s routine cleanup. These files can be deleted once their retention period expires, or when the Archiver runs out of disk space, depending on your Archiver role settings. • Protection ending. Video files that you unprotected less than 24 hours ago. • Protected. Video files that are protected. They are not be deleted even when the disk is full. For these files, you can also specify a protection end date.

Time range

• Bookmarks • Daily usage per Patroller • Forensic search • Logons per Patroller • Reads/hits per day • Reads/hits per zone • Time and attendance • Zone occupancy

• Security Desk

The time range for the report. For more information, see.

Triggered on

• Alarm report

• Security Desk • Web Client

Alarm trigger time range.

Triggering event

• Alarm report

• Security Desk • Web Client

Events used to trigger the alarm.

Units

• Hardware inventory

• Config Tool • Security Desk

Select the access control, video, intrusion detection, and LPR units to investigate.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

721

Query filters

Associated application

Description

• Security Desk • Web Client

Select the Patroller user name, or the Patrollers’ parent user groups.

• Visitor activities

• Security Desk • Web Client

Select the visitors to investigate.

• Zone activities

• Security Desk • Web Client

Select the zones to investigate.

Query filter

Associated reports

Users

• • • • •

Visitor

Zones

Hits Logons per Patroller Reads Reads/hits per day Reads/hits per zone

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

722

Report pane columns

Report pane columns The results of your investigation or maintenance query are listed in the report pane. You can choose what information to view by showing or hiding columns in the report pane. This section lists the columns available for each reporting task. This list is organized alphabetically by column. Column

Associated reports

Associated application

Accept reasons

• Hits

• Security Desk

Reason selected by the Patroller user when enforcing a hit. Accept reasons are created and customized in Config Tool.

Access point

• Access rule configuration • Cardholder activities • Credential activities • IO configuration • Visitor activities

• Config Tool • Security Desk • Web Client

Access point involved (only applicable to areas, doors, and elevators).

Access Manager

• IO configuration

• Config Tool • Security Desk

Access Manager controlling the unit.

Access rules

• Access rule configuration

• Config Tool • Security Desk

Name of the access rule.

Acknowledged by

• Alarm report

• Security Desk • Web Client

User who acknowledged the alarm. When the alarm is acknowledge automatically by the system, Service is indicated.

Acknowledged on

• Alarm report

• Security Desk • Web Client

Time the alarm was acknowledged.

Action

• Inventory report

• Security Desk

The change in the vehicle state: added, removed, or no change.

Activation date

• Visit details

• Security Desk • Web Client

Time the visitor’s profile was activated.

Activity name

• Activity trails • Credential request history

• Config Tool • Security Desk • Web Client

Type of activity.

Address

• Hits • Reads

• Security Desk • Web Client

Location of the LPR read.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

723

Report pane columns

Column

Associated reports

Associated application

Alarm

• Alarm monitoring • Alarm report

• Security Desk • Web Client

Alarm entity name.

Algorithm ID

• Forensic search

• Security Desk

Bosch forensic value. For more information, see the manufacturer documentation.

Annotation fields

• Hits

• Security Desk • Web Client

Any annotation field defined in System > LPR Settings in the Config Tool. Shown in brackets. For information about creating and configuring annotation fields, see the AutoVu Handbook.

Archiver

• Camera events

• Security Desk

Archiver role name.

Area

• Area activities • Area presence • Time and attendance

• Security Desk • Web Client

Area name.

Arrival

• Inventory report

• Security Desk

The first time the vehicle was read. This is used to calculate the elapsed time if a vehicle is read a second time, for example the next day.

Availability

• Health statistics

• Config Tool • Security Desk • Web Client

The percentage of time available for a given entity.

Calculation status

• Health statistics

• Config Tool • Security Desk • Web Client

If health statistics area unavailable, the reason is shown here.

Camera

• Archives • Archive storage details • Bookmarks • Camera events • Forensic search • Motion search

• Config Tool • Security Desk

Camera name.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

724

Report pane columns

Associated application

Column

Associated reports

Card format

• • • •

Area activities Cardholder activities Credential activities Credential configuration • Door activities • Elevator activities • Visitor activities

• Config Tool • Security Desk • Web Client

Cardholder

• Area activities • Area presence • Cardholder access rights • Cardholder activities • Cardholder configuration • Credential activities • Credential configuration • Door activities • Door troubleshooter • Elevator activities • Visitor activities

• Config Tool • Security Desk • Web Client

Cardholder activation date

• Cardholder configuration

• Config Tool • Security Desk • Web Client

Time the cardholder’s profile was activated.

Cardholder expiration date

• Cardholder configuration

• Config Tool • Security Desk • Web Client

Time the cardholder’s profile expired.

Cardholder status

• Cardholder configuration • Credential configuration

• Config Tool • Security Desk • Web Client

The cardholder’s profile status.

Check-in date

• Visit details

• Security Desk • Web Client

Time the visitor was checked in (can correspond to the arrival time).

Check-out date

• Visit details

• Security Desk • Web Client

Time the visitor was checked out (can correspond to the departure time).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

Credential card format.

Cardholder entity name. NOTE Format is First name + Last name for

European languages, and Last name + First name for Asian languages.

725

Report pane columns

Associated application

Description

• Hits • Reads • Inventory report

• Security Desk • Web Client

Wide angle color image of the vehicle captured by the context camera.

Controlling

• IO configuration

• Config Tool • Security Desk

Door controlled by the device.

Created by

• Incidents

• Security Desk

User who originally reported the incident.

Creation time

• Incidents

• Security Desk

Time the incident was reported.

Credential

• • • •

Area activities Cardholder activities Credential activities Credential configuration • Credential request history • Door activities • Elevator activities

• Config Tool • Security Desk • Web Client

Credential name used by the cardholder.

Credential activation date

• Credential configuration

• Config Tool • Security Desk

Time the cardholder’s credential was activated.

Credential code

• • • •

Area activities Cardholder activities Credential activities Credential configuration • Door activities • Elevator activities • Visitor activities

• Config Tool • Security Desk • Web Client

Facility code and card number.

Credential expiration date

• Credential configuration

• Config Tool • Security Desk

Time the cardholder’s credential expired.

Credential status

• Credential configuration

• Config Tool • Security Desk

The status of the credential.

Custom fields

• Most reports

• Config Tool • Security Desk • Web Client

If custom fields are defined for the entity you are investigating, they can be included in the report. NOTE You might not see the custom fields filter, depending on whether your user is configured to view that custom field.

Column

Associated reports

Context image

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

726

Report pane columns

Associated application

Column

Associated reports

Date

• Time and attendance • Daily usage per Patroller • Logons per Patroller • Reads/hits per day

• Security Desk • Web Client

The date. For Daily usage per Patroller and Logons per Patroller tasks, this column represents the day of the Patroller shift.

Date/time queued

• Credential request history

• Security Desk

The date and time that the badge printing job was requested.

Denied access by

• Cardholder access rights

• Config Tool • Security Desk

Access rules denying access to at least one of the selected entities to the cardholder.

Description

• • • • •

• Config Tool • Security Desk • Web Client

Event description. In the Activity trails task, this column represents the activity description. In the Audit trails task, this column represents the description of the entity modification.

Device

• Access control health history • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hits • Intrusion detection area activities • Intrusion detection unit events • IO configuration • Reads • Visitor activities

• Config Tool • Security Desk • Web Client

Device involved on the unit (reader, REX input, IO module, Strike relay, etc.). NOTE In the Intrusion detection activities task, this column is empty if the event is an input bypass.

Door

• Door activities

• Security Desk • Web Client

Door name.

Drive

• Archive storage details

• Config Tool • Security Desk

The drive on the server where the Archiver role is running.

Edited

• Inventory report

• Security Desk

Vehicle license plate and state were edited by a user in Security Desk.

Camera events Activity trails Archiver events Audit trails Health history

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

727

Report pane columns

Column

Associated reports

Associated application

Elapsed time

• Inventory report

• Security Desk

The difference between the Arrival time and the Event timestamp.

Elevator

• Elevator activities

• Security Desk

Elevator name.

Email address

• • • •

• Config Tool • Security Desk • Web Client

Cardholder’s email address.

• • • • •

Area activities Area presence Cardholder activities Cardholder configuration Credential activities Credential configuration Door activities Elevator activities Visitor activities

Description

End time

• Archives • Archive storage details • Forensic search • Motion search

• Config Tool • Security Desk

End of the time range, playback sequence, or video sequence.

Enforced hits

• Reads/hits per day • Reads/hits per zone

• Security Desk • Web Client

Number of enforced hits.

Entity

• Audit trails

• Config Tool • Security Desk • Web Client

Name of the entity affected by the modification.

Entity type

• Audit trails

• Config Tool • Security Desk • Web Client

Type of entity affected by the modification.

Error number

• Health history

• Config Tool • Security Desk

Identification number of the health error.

Expected downtime

• Health statistics

• Config Tool • Security Desk • Web Client

How many days/hours/minutes the entity has been offline or unavailable through user intent or Maintenance mode. For example, deactivating a server role, or disconnecting a client application causes expected down-time. Expected down-time is never used in the Availability percentage calculation.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

728

Report pane columns

Associated application

Column

Associated reports

Expiration date

• Visit details

• Security Desk • Web Client

Time the cardholder or visitor’s profile expired.

External instance ID

• Alarm report

• Security Desk • Web Client

Only for federated alarms. The original alarm instance ID on the federated system.

Event

• Access control health history • Access control unit events • Archiver events • Area activities • Camera events • Cardholder activities • Credential activities • Door activities • Elevator activities • Forensic search • Incidents • Intrusion detection area activities • Intrusion detection unit events • Visitor activities • Zone activities

• Config Tool • Security Desk • Web Client

Event name.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

729

Report pane columns

Associated application

Column

Associated reports

Event timestamp

• Access control health history • Access control unit events • Activity trails • Archiver events • Area activities • Bookmarks • Camera events • Cardholder activities • Credential activities • Door activities • Elevator activities • Health history • Hits • Intrusion detection area activities • Intrusion detection unit events • Inventory report • Reads • Visitor activities • Zone activities

• Config Tool • Security Desk • Web Client

Date and time that the event occurred.

Event type

• Forensic search

• Security Desk

Bosch forensic value. For more information, see the manufacturer documentation.

Failures

• Health statistics

• Config Tool • Security Desk • Web Client

How many failures have occurred.

File name

• Archive storage details

• Config Tool • Security Desk

Name of the video file.

File size

• Archive storage details

• Config Tool • Security Desk

Size of the video file.

Firmware version

• Access control health history • Hardware inventory

• Config Tool • Security Desk

Firmware version installed on the unit that generated the event.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

730

Report pane columns

Associated application

Column

Associated reports

Description

First name

• Area activities • Area presence • Cardholder access rights • Cardholder activities • Cardholder configuration • Credential activities • Credential configuration • Credential request history • Door activities • Door troubleshooter • Elevator activities • Time and attendance • Visit details • Visitor activities

• Config Tool • Security Desk • Web Client

Cardholder or visitor’s first name.

Floor

• Elevator activities

• Security Desk

Elevator floor name.

From/to

• Zone occupancy

• Security Desk

Date and timestamp of read vehicles within the zone.

Granted access by

• Cardholder access rights

• Config Tool • Security Desk

Access rules granting the cardholder access to at least one of the selected entities (area, door, etc.).

Health event

• Health history

• Config Tool • Security Desk • Web Client

Name of the health event.

Hits

• Reads/hits per day • Reads/hits per zone

• Security Desk • Web Client

Number of hits. NOTE If the Hit rules and Hit type query filters

are used, this value might not be the total number of hits in the day. Icon

• Access rule configuration

• Config Tool • Security Desk

Graphical representation of the affected entity type.

ID

• Alarm monitoring • Alarm report

• Security Desk • Web Client

Alarm instance number. Uniquely identifies each alarm instance.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

731

Report pane columns

Associated application

Column

Associated reports

Impacted entity

• Activity trails

• Config Tool • Security Desk • Web Client

Which entities were impacted by this activity.

Impacted entity type

• Activity trails

• Config Tool • Security Desk • Web Client

The type of entity impacted by this activity.

Incident time

• Incidents

• Security Desk

The timestamp of the referenced alarm or event. If no event is referenced, it corresponds to the incident creation time.

Initiator

• Activity trails • Audit trails

• Config Tool • Security Desk • Web Client

• In the Activity trails task: Who performed the activity. • In the Audit trails task: Who made entity modification.

Initiator application

• Activity trails • Audit trails

• Config Tool • Security Desk • Web Client

• In the Activity trails task: The application used for this activity. • In the Audit trails task: The application used to make the change.

Initiator application version

• Activity trails • Audit trails

• Config Tool • Security Desk • Web Client

The version number of the application. This field is empty if the activity is initiated by a role entity.

Initiator machine

• Activity trails • Audit trails

• Config Tool • Security Desk • Web Client

• In the Activity trails task: Which computer the activity was performed on. • In the Audit trails task: The computer used to make the change. NOTE If the entity change was initiated from a Mobile app, this column represents the phone identification number (for example, a serial number).

Initiator type

• Activity trails • Audit trails

• Config Tool • Security Desk • Web Client

• In the Activity trails task: The type of entity that initiated the activity. • In the Audit trails task: The type of entity initiating the entity modifications.

Instances

• Daily usage per Patroller

• Security Desk • Web Client

Total number of times the Patroller application is opened during the day.

Intrusion detection area

• Intrusion detection area activities

• Security Desk • Web Client

Intrusion detection area name.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

732

Report pane columns

Associated application

Column

Associated reports

Intrusion detection unit

• Intrusion detection area activities • Intrusion detection unit events

• Security Desk • Web Client

Intrusion detection unit involved.

Investigated by

• Alarm report

• Security Desk

Which user put the alarm into the under investigation state.

Investigated on

• Alarm report

• Security Desk

The timestamp when the alarm was put into the under investigation state.

IP address

• Access control health history • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hardware inventory • Health history • IO configuration • Visitor activities

• Config Tool • Security Desk • Web Client

IP address of the unit or computer that generated the event.

Last access

• Area presence

• Security Desk • Web Client

Time the cardholder entered the area.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

733

Report pane columns

Associated application

Column

Associated reports

Last name

• Area activities • Area presence • Cardholder access rights • Cardholder activities • Cardholder configuration • Credential activities • Credential configuration • Credential request history • Door activities • Door troubleshooter • Elevator activities • Time and attendance • Visit details • Visitor activities

• Config Tool • Security Desk • Web Client

Cardholder or visitor’s last name.

Latitude

• Hits • Reads

• Security Desk

The coordinates of where the LPR event occurred.

Length

• Archive storage details

• Config Tool • Security Desk

Length of the video sequence contained in the video file, in hours, minutes, and seconds.

Location

• Cardholder activities • Credential activities • Visitor activities

• Security Desk • Web Client

Location (area) where the activity took place.

Log on/Log off

• Logons per Patroller

• Security Desk • Web Client

Log on and log off timestamp.

Longest shutdown (%)

• Daily usage per Patroller

• Security Desk • Web Client

Percentage of Longest shutdown over the total number of minutes in a day.

Longest shutdown (min.)

• Daily usage per Patroller

• Security Desk • Web Client

Single longest number of minutes in a day that the Patroller application is closed.

Longest stop (%)

• Daily usage per Patroller

• Security Desk • Web Client

Percentage of longest stop time over operating time.

Longest stop (min.)

• Daily usage per Patroller

• Security Desk • Web Client

Single longest number of minutes in operating time when the vehicle is stationary.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

734

Report pane columns

Associated application

Column

Associated reports

Longitude

• Hits • Reads

• Security Desk

The coordinates of where the LPR event occurred.

Lot

• Reads • Zone occupancy

• Security Desk

Parking zone where a given parking regulation is in force.

Machine

• Health history

• Config Tool • Security Desk • Web Client

Computer where the health event occurred.

Manual capture

• Reads • Inventory report

• Security Desk • Web Client

Displays the plate number entered manually by the Patroller user.

Manually removed

• Inventory report

• Security Desk

Vehicle was removed manually (towed) from the parking facility.

Manufacturer

• Access control health history • Hardware inventory • IO configuration

• Config Tool • Security Desk

Manufacturer of the unit.

Member

• Access rule configuration

• Config Tool • Security Desk

Name of the affected entity.

Member of

• Cardholder access rights • Cardholder configuration

• Config Tool • Security Desk

All groups the cardholder belongs to.

Message

• Bookmarks

• Security Desk

Bookmark message (might be blank if no message was written).

Model

• Hardware inventory

• Config Tool • Security Desk

Model of the unit involved.

Modification time

• Audit trails • Incidents

• Config Tool • Security Desk • Web Client

• In the Audit trails task: Time the entity was last modified. • In the Incidents task: Time the incident was last modified.

Modified by

• Incidents

• Security Desk

User who last modified the incident.

MTBF

• Health statistics

• Config Tool • Security Desk • Web Client

Mean time between failures (in hours).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

735

Report pane columns

Associated application

Column

Associated reports

MTTR

• Health statistics

• Config Tool • Security Desk • Web Client

Mean time to recovery (in hours).

Not enforced hits

• Reads/hits per day • Reads/hits per zone

• Security Desk • Web Client

Number of hits that were not enforced.

Notes

• Incidents

• Security Desk

Incident description. Point to this field to see the formatted text in a tooltip.

Occurrence count

• Health history

• Config Tool • Security Desk • Web Client

Number of times this health event occurred on the selected entity.

Occurrence period

• Access control unit events • Alarm monitoring • Alarm report • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Intrusion detection area activities • Intrusion detection unit events • Visitor activities • Zone activities

• Security Desk • Web Client

Period when the event occurred.

Offload timestamp

• Hits • Reads

• Security Desk • Web Client

The date and time that the Patroller offloaded the reads/hits to Security Center.

Operating time

• Daily usage per Patroller

• Security Desk • Web Client

Total number of minutes in a day that the Patroller application is open.

Parking

• Inventory report

• Security Desk

Parking facility name.

Password

• Hardware inventory

• Config Tool • Security Desk

Strength of the password on the unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

736

Report pane columns

Associated application

Column

Associated reports

Patroller

• Hits • Reads • Inventory report

• Security Desk • Web Client

Patroller entity name. The Patroller entity name field is not populated for fixed Sharp cameras. In the Inventory report task, this column represents the Patroller entity that read the plate. If a handheld device was used, XML import is shown instead.

Percentage occupancy

• Zone occupancy

• Security Desk

Percentage of occupied places within the parking zone.

Permit name

• Reads

• Security Desk

Name of the permit list under the permit restriction.

Physical address

• Hardware inventory • Health history

• Config Tool • Security Desk

The MAC address of the equipment's network interface.

Physical name

• IO configuration

• Config Tool • Security Desk

Device name.

Picture

• Area activities • Area presence • Cardholder access rights • Cardholder activities • Cardholder configuration • Credential activities • Credential configuration • Credential request history • Door activities • Door troubleshooter • Elevator activities • Time and attendance • Visit details • Visitor activities

• Config Tool • Security Desk • Web Client

Cardholder or visitor’s picture.

PIN

• Credential configuration

• Config Tool • Security Desk

Credential PIN.

Plate image

• Hits • Reads • Inventory report

• Security Desk • Web Client

License plate image captured by the LPR camera.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

737

Report pane columns

Associated application

Column

Associated reports

Plate origin

• Hits • Reads • Inventory report

• Security Desk • Web Client

State that issued the license plate.

Plate read

• Hits • Reads • Inventory report

• Security Desk • Web Client

The license plate read generated by the Sharp unit.

Preview

• Archives

• Security Desk

Timeline showing where video is available during the selected time range.

Print reason

• Credential request history

• Security Desk

Reason why the badge printing job was requested.

Priority

• Alarm monitoring • Alarm report

• Security Desk • Web Client

Alarm priority. NOTE All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool.

Protected

• Hits • Reads

• Security Desk • Web Client

Record is not purged from the database of its parent AutoVu LPR Manager ES when the Hit Retention period (for this record) expires.

Protection status

• Archive storage details

• Config Tool • Security Desk

Protection status of the video file.

Reads

• Reads/hits per day • Reads/hits per zone

• Security Desk • Web Client

Number of license plate reads.

References

• Incidents

• Security Desk

List of entities referenced by the incident.

Reject reason

• Hits

• Security Desk • Web Client

Reason selected by the Patroller user when rejecting a hit.

Rejected hits

• Reads/hits per day • Reads/hits per zone

• Security Desk • Web Client

Number of hits that were rejected.

Requester email

• Credential request history

• Security Desk

Email address of the user who requested the badge printing job.

Role

• Hardware inventory

• Config Tool • Security Desk

Role type that manages the selected unit.

Row

• Inventory report

• Security Desk

Row name.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

738

Report pane columns

Associated application

Column

Associated reports

RTP packet lost high

• Health statistics

• Config Tool • Security Desk • Web Client

The number of Real-time Transport Protocol packets lost.

Rule

• Hits • Reads

• Security Desk • Web Client

Hit rule that matched the plate read.

Sector

• Inventory report

• Security Desk

Sector name.

Severity

• Health history

• Config Tool • Security Desk • Web Client

Severity level of the health event: • Information • Warning • Error

Side

• Door activities

• Security Desk • Web Client

Door side name.

Side-Direction

• Area activities

• Security Desk • Web Client

Entrance or exit.

Source (entity)

• Access control health history • Alarm monitoring • Alarm report • Archiver events • Archive storage details • Bookmarks • Health history • Health statistics • Incidents • Motion search

• Config Tool • Security Desk • Web Client

Source entity associated to the alarm or event. • In the Alarm monitoring and Alarm report tasks, this column represents the source entity that triggered the alarm, when the alarm is triggered by an event-to-action. It shows a username when the alarm is triggered manually. • In the video investigation tasks, this column represents the name of the system the camera belongs to. • In the Incidents task, this column is empty if the incident is not based on an alarm or event.

Source time

• Alarm monitoring • Alarm report

• Security Desk • Web Client

Time of the alarm triggering event. The only time Source time and Triggering time are different is when the event occurred while the access control unit was offline.

Spaces

• Zone occupancy

• Security Desk

Number of spaces in the parking lot.

Start time

• Archives • Archive storage details • Forensic search • Motion search

• Config Tool • Security Desk

Beginning of the time range, playback sequence, or video sequence.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

739

Report pane columns

Column

Associated reports

Associated application

State

• Alarm monitoring • Alarm report

• Security Desk • Web Client

Current state of the alarm. • Active. Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane. • Acknowledged (Default). Alarm was acknowledged using the default mode. • Acknowledged (Alternate). Alarm was acknowledged using the alternate mode. • Acknowledged (Forcibly). Alarm was forced to be acknowledged by an administrator. • Under investigation. Alarm with an acknowledgement condition that is still active was put under investigation. • Acknowledgement required. Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.

Supplemental credential

• • • • • •

• Security Desk • Web Client

A second credential is sometimes necessary. For example, when both a card and a PIN are required to access a door or elevator.

Thumbnails

• Archives • Bookmarks

• Security Desk

Thumbnail images of the recorded video during the selected time range.

Time zone

• Access control health history • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hardware inventory • Visitor activities

• Config Tool • Security Desk • Web Client

Time zone of the unit.

To/from

• Zone occupancy

• Security Desk

Date and timestamp of read vehicles within the zone.

Total shutdown (%)

• Daily usage per Patroller

• Security Desk • Web Client

Percentage of Total shutdown over the number of minutes in a day.

Area activities Cardholder activities Credential activities Door activities Elevator activities Visitor activities

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

740

Report pane columns

Column

Associated reports

Associated application

Total shutdown (min.)

• Daily usage per Patroller

• Security Desk • Web Client

Total number of minutes in a day that the Patroller application is closed. The total shutdown value plus the operating time value equals 1440 minutes.

Total stop (%)

• Daily usage per Patroller

• Security Desk • Web Client

Percentage of total stop time over operating time.

Total stop (min.)

• Daily usage per Patroller

• Security Desk • Web Client

Total number of minutes in operating time when the vehicle is stationary.

Total time

• Time and attendance

• Security Desk

Total time spent in that area on that date by the cardholder.

Track ID

• Forensic search

• Security Desk

Bosch forensic value. For more information, see the manufacturer documentation.

Triggering event

• Alarm monitoring • Alarm report

• Security Desk • Web Client

Event that triggered the alarm (if triggered through an event-to-action). Manual action is indicated when the alarm was manually triggered by a user.

Trigger time

• Alarm monitoring • Alarm report

• Security Desk • Web Client

Time the alarm was triggered in Security Center

Type

• Access rule configuration

• Config Tool • Security Desk

Affected entity type.

Unexpected downtime

• Health statistics

• Config Tool • Security Desk • Web Client

How many days/hours/minutes the entity has been offline or unavailable after not having been set in Maintenance mode. Unexpected down-time is not caused by user intent.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

741

Report pane columns

Associated application

Column

Associated reports

Unit

• Access control health history • Access control unit events • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hardware inventory • Hits • IO configuration • Reads • Visitor activities

• Config Tool • Security Desk • Web Client

Access control, video, intrusion detection, or LPR unit involved. NOTE In the Hits and Reads tasks, this query filter represents the LPR unit that read the plate and populated for a Patroller (for example, Patroller - Left, Patroller - Right, etc.), and for a fixed Sharp.

Unit type

• Access control health history • Access control unit events • Area activities • Cardholder activities • Credential activities • Door activities • Elevator activities • Hardware inventory • IO configuration • Visitor activities

• Config Tool • Security Desk • Web Client

Type or model of unit involved.

Up-time

• Health statistics

• Config Tool • Security Desk • Web Client

How many days/hours/minutes the entity has been online and available.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

742

Report pane columns

Associated application

Column

Associated reports

User

• Credential request history • Hits • Intrusion detection area activities • Intrusion detection unit events • Logons per Patroller

• Security Desk • Web Client

Name of the user who triggered the event. The user name is empty if the event was not triggered from Security Desk. NOTE For the Hits and Logons per Patroller tasks, this query filter represents the Patroller user name.

• Hardware inventory report

• Config Tool • Security Desk

The user name used to connect to the unit.

Vehicles

• Zone occupancy

• Security Desk

Number of vehicles that were read within the zone.

Weekday

• Time and attendance

• Security Desk

Weekday corresponding to the date (see Date).

Wheel image

• Hits • Reads

• Security Desk

Image of the vehicle wheels. Used for virtual tire-chalking.

Zone

• Reads/hits per zone • Zone activities • Zone occupancy

• Security Desk • Web Client

Zone name. In the Reads/hits per zone task, this column represents the parking zone where the LPR event occurred. In the Zone occupancy task, this column represents the name of the Overtime or Permit restriction.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Description

743

19 Events and actions in Security Center This section lists all Security Center events and actions in alphabetical order. Each event and action is covered with a general description of its purpose and usage, and describes the entity it is associated with. This section includes the following topics:

• "Event types" on page 745 • "Action types" on page 758

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

744

Event types

Event types All events in Security Center are associated with a source entity, which is the main focus of the event. For more information, see "What is an event?" on page 106. Security Center supports the following event types: Event

Source entity

Description

A door of an interlock has an unlock schedule configured

door

A door that is part of an interlock configuration has an unlock schedule configured. This invalidates the interlock.

A door of an interlock is in maintenance mode

door

A door that is part of an interlock configuration is in maintenance mode. This disables the interlock.

Ability to write on a drive has been restored

Archiver role

Ability to write on a drive has been restored.

AC fail

access control unit

AC has failed.

Access denied: Antipassback violation

cardholder, door, elevator, or area

A cardholder requested access to an area that they have already entered, or requested access to leave an area that they were never in.

Access denied: Denied by access rule

cardholder, door, elevator, or area

The cardholder is denied access according to the access rule.

Access denied: Expired credential

cardholder, door, elevator, or area

An expired credential has been used.

Access denied: Inactive cardholder

cardholder, door, elevator, or area

A cardholder with an inactive profile has attempted to access a door or area.

Access denied: Inactive credential

cardholder, door, elevator, or area

A credential with an inactive profile has been used.

Access denied: Insufficient privileges

cardholder, door, elevator, or area

The cardholder is denied access because they do not have the required user level. This event only applies to the Synergis Master Controller.

Access denied: Invalid PIN

cardholder, door, elevator, or area

A card and PIN are required to enter an area, and the cardholder entered an invalid PIN.

Access denied: Lost credential

cardholder, door, elevator, or area

A credential that has been declared as lost has been used.

Access denied: No access rule assigned

cardholder, door, elevator, or area

The cardholder is denied access because they are not assigned any access rights.

Access denied: Out of schedule

cardholder, door, elevator, or area

The access rule associated with this cardholder does not apply during this date/time in the schedule.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

745

Event types

Event

Source entity

Description

Access denied: Stolen credential

cardholder, door, elevator, or area

A credential that has been declared as stolen has been used.

Access denied: Unassigned credential

cardholder, door, elevator, or area

A credential has been used that has not been assigned to a cardholder.

Access denied: Unknown credential

cardholder, door, elevator, or area

A credential has been used that is unknown in the Security Center system.

Access granted

cardholder, door, elevator, or area

Access has been granted through a door to a cardholder according to the access rules governing the door or area. For a perimeter door of an interlock: When an authorized cardholder accesses a door of an interlock, Security Center might generate an Access granted event for the door even though the door does not unlock (due to another perimeter door already being open).

Alarm acknowledged

alarm or system-wide

An alarm has been acknowledged by a user, or autoacknowledged by the system.

Alarm acknowledged (alternate)

alarm or system-wide

An alarm has been acknowledged by a user using the alternate mode.

Alarm being investigated

alarm or system-wide

An alarm with a acknowledgement condition that is still active has been put into the under investigation state.

Alarm condition cleared

alarm or system-wide

The acknowledgement condition of an alarm has been cleared.

Alarm forcibly acknowledged

alarm or system-wide

An administrative user has forced an alarm to be acknowledged.

Alarm triggered

alarm or system-wide

An alarm has been triggered.

An interlock cannot be in hard antipassback mode

area

An interlock cannot be in hard antipassback mode. This is an illegal configuration.

An interlock cannot have perimeter floors

area

An interlock cannot have perimeter floors, because elevator floors always allow free exit.

Antipassback disabled: Elevator on area perimeter

area

An elevator floor has been added to the perimeter of an area.

Antipassback disabled: Invalid settings

area

Antipassback disabled: Invalid settings.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

746

Event types

Event

Source entity

Description

Antipassback disabled: Not supported when unit is in mixed mode

area

Units have been set to mixed mode. Antipassback is available according to the unit’s operating mode. For more information about unit limitations, see the Security Center Release Notes.

Antipassback disabled: Unit is offline

area

At least one unit is in offline mode, disabling antipassback. Antipassback is available according to the unit’s operating mode. Refer to the Security Center Release Notes for more information about unit limitations.

Antipassback violation

area

An access request was made to enter an area with a credential that is already inside the area, or to exit an area with a credential that was never in the area.

Antipassback violation forgiven

area

A security operator has granted access to an individual responsible for a passback violation.

Application connected

application or external system

Directory or Access Manager has connected to the Security Center.

Application lost

application or external system

Directory or Access Manager service has been lost.

Archiving disk changed

Archiver role

The Allotted space on one of the disks assigned for archive storage for this Archiver has been used up, and the Archiver has switched to the next disk in line. The names of the previous disk and current disk are indicated in the Description field.

Archiving queue full

Archiver role

The Archiver is unable to write the video stream (packets) to disk as fast as the encoder sends it, or there is not enough CPU to process the video stream received from a camera. A problem with the Archiver database also triggers this event. The name of the camera whose packets are lost is indicated in the Description field.

Archiving stopped

Archiver role

Archiving has stopped because the disks allocated for archiving are full. This event always accompanies a Disks full event.

Audio alarm

camera

A noise has been detected by the camera.

Battery fail

access control unit

The unit battery has failed.

Block camera started

camera

A user has blocked a video stream from other users in the system.

Block camera stopped

camera

A user has unblocked a video stream from other users in the system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

747

Event types

Event

Source entity

Description

Camera not archiving

camera

The camera is on an active archiving schedule but the Archiver is not receiving the video stream.

Camera tampering

camera (video analytics)

A dysfunction has occurred, potentially due to camera tampering, resulting in a partial or complete obstruction of the camera view, a sudden change of the field of view, or a loss of focus.

Cannot write on the specified location

Archiver role

The Archiver cannot write to a specific drive. The path to the drive is indicated in the Description field.

Cannot write to any drive

Archiver role

The Archiver is unable to write to any of the disk drives. This situation can arise for the following reasons: When write accesses to shared drives are revoked. When shared drives are inaccessible. When shared drives no longer exist. When this happens, archiving is stopped. The Archiver re-evaluates the drive status every 30 seconds.

Client application rollback failed

application

Client application rollback failed.

Client application rollback succeeded

application

Client application rollback succeeded.

Client application update failed

application

Client application update failed.

Client application update succeeded

application

Client application update succeeded.

Custom event

system-wide

See System – General settings – "Custom events" on page 623.

Database lost

Any role

The connection to the role database was lost. If this event is related to a role database, it might be because the data server is down or cannot be reached by the role server. If the event is related to the Directory database, the only action you can use is Send an email, because all other actions require a working connection the Directory database.

Database recovered

Any role

The connection to the role database has been recovered.

Deadbolt locked

door, zone

The deadbolt on a door has been locked.

Deadbolt unlocked

door, zone

The deadbolt on a door has been unlocked.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

748

Event types

Event

Source entity

Description

Disk load is over 80%

Archiver role

More than 80% of the disk space allocated for archiving has been used, caused by under-evaluating the disk space required, or by another application that is taking more disk space than it should. If 100% of the allotted disk space is used, the Archiver starts to delete old archive files prematurely in order to free disk space for new archive files, starting with the oldest files.

Disks full

Archiver role

All disks allotted for archiving are full and the Archiver is unable to free disk space by deleting existing video files. This event can occur when another application has used up all the disk space reserved for Omnicast, or when the Delete oldest files when disks full option is not selected in the Server Admin. When this happens, archiving is stopped. The Archiver re-evaluates the disk space every 30 seconds.

Door closed

door

The door has closed.

Door forced open

door

The door has been forced open. This event is unavailable with a readerless door.

Door locked

door

The door has locked.

Door locked: Maintenance completed

door

The door has been taken out of maintenance mode. For more information, see Door - "Properties" on page 405.

Door manually unlocked

door

In Security Desk, a user has manually unlocked a door.

Door open too long

door

The door has been held open for too long. To enable this event, you must set the property “Trigger a ‘Door open too long’ event” in the Properties tab of a Door entity in Config Tool.

Door opened

door

The door has opened.

Door unlocked

door

The door has been unlocked.

Door unlocked: Maintenance started

door

The door has been put into maintenance mode. For more information, see Door - "Properties" on page 405.

Door warning: Unit is offline

door

The unit associated to this door has gone offline.

Doorknob in place

door

The doorknob is in place and the door is closed.

Doorknob rotated

door

The doorknob has rotated. Event related to a camera that is recording directly on the unit.

Edge storage medium failure Elevator warning: Unit is offline

elevator

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

The unit associated to this elevator has gone offline.

749

Event types

Event

Source entity

Description

Entity has expired

credential

A credential or its associated cardholder has expired (its status is now Expired).

Entity is expiring soon

credential

The Security Center generates this event to warn you that the expiry date of an entity is approaching. The number of days of advance warning provided by this event must be set.

Entity warning

system-wide

A health warning has been issued for this entity.

Entry assumed

cardholder, door, or area

A cardholder was granted access to a door, elevator, or area, and it is assumed that they entered.

Entry detected

cardholder, door, or area

A cardholder was granted access to a door, elevator, or area, and their entry is detected.

File deleted

camera

A video file associated to a camera has been deleted because the retention period has ended, or the archive storage disk was full.

First person in

area

A cardholder has entered an empty area.

Floor accessed

elevator or area

An elevator floor button has been pressed.

Glass break

input/zone

Glass has broken.

Hardware tamper

elevator or door

The tamper input on a unit has been triggered.

Health event

Health monitor role

A health event has occurred.

Interlock is not supported by the unit

access control unit

Interlock is not supported by the unit.

Interlock lockdown off

access control unit

Interlock lockdown has been turned off.

Interlock lockdown on

access control unit

Interlock lockdown has been turned on.

Interlock override off

access control unit

Interlock override is off.

Interlock override on

access control unit

Interlock override is on.

Intrusion detection area alarm activated

intrusion detection area

Intrusion detection area alarm activated.

Intrusion detection area arming

intrusion detection area

Intrusion detection area arming.

Intrusion detection area arming postponed

intrusion detection area

Intrusion detection area arming postponed.

Intrusion detection area canceled alarm

intrusion detection area

Intrusion detection area canceled alarm.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

750

Event types

Event

Source entity

Description

Intrusion detection area cancelled postponed request

intrusion detection area

Intrusion detection area cancelled postponed request.

Intrusion detection area custom event

intrusion detection area

Intrusion detection area custom event.

Intrusion detection area disarm request

intrusion detection area

Intrusion detection area disarm request.

Intrusion detection area disarmed

intrusion detection area

Intrusion detection area disarmed.

Intrusion detection area duress

intrusion detection area

Intrusion detection area duress.

Intrusion detection area entry delay activated

intrusion detection area

Intrusion detection area entry delay activated.

Intrusion detection area forced arming

intrusion detection area

Intrusion detection area forced arming.

Intrusion detection area input bypass activated

intrusion detection area

Intrusion detection area input bypass activated.

Intrusion detection area input bypass deactivated

intrusion detection area

Intrusion detection area input bypass deactivated.

Intrusion detection area input trouble

intrusion detection area

Intrusion detection area input trouble.

Intrusion detection area master arm request

intrusion detection area

Intrusion detection area master arm request.

Intrusion detection area master armed

intrusion detection area

Intrusion detection area master armed.

Intrusion detection area perimeter arm request

intrusion detection area

Intrusion detection area perimeter arm request.

Intrusion detection area perimeter armed

intrusion detection area

Intrusion detection area perimeter armed.

Intrusion detection area postponed arming request

intrusion detection area

Intrusion detection area postponed arming request.

Intrusion detection unit input bypass activated

intrusion detection unit

Intrusion detection unit input bypass activated.

Intrusion detection unit input bypass deactivated

intrusion detection unit

Intrusion detection unit input bypass deactivated.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

751

Event types

Event

Source entity

Description

Intrusion detection unit input trouble

intrusion detection unit

Intrusion detection unit input trouble.

Invalid custom encryption values

Archiver role

This warning is issued by the Archiver on startup and every 5 minutes if one of the custom encryption values (initial fingerprint or encryption key) specified in the Server Admin is invalid.

Last person out

area

The last cardholder has exited an area.

License plate in sight

LPR unit or Patroller

A complete license plate has been sighted in the camera.

License plate hit

restriction, LPR unit, or Patroller

A license plate read has been matched to a hotlist, an overtime rule, or a permit restriction.

License plate out of sight

LPR unit or Patroller

A license plate previously sighted in the camera has moved out of sight.

License plate read

LPR unit or Patroller

A license plate has been read.

License plate reading

LPR unit or Patroller

A clearer or more reliable reading of a sighted license plate is available.

Live bookmark added

camera

A user has added a bookmark to a live video. For more information about adding bookmarks, see the Genetec Security Desk User Guide.

Lock released

access control unit

Event related to a zone entity.

Lock secured

access control unit

Event related to a zone entity.

Loitering

camera (video analytics)

Loitering activity has been detected in the camera.

Macro aborted

macro

Execution of a macro has failed.

Marco completed

macro

Execution of a macro has been completed normally.

Macro started

macro

Execution of a macro has begun.

Manual station activated

door

Someone has pulled the door emergency release (manual pull station).

Manual station reverted to normal state

door

The door emergency release (manual pull station) has been restored to it normal operating position.

Motion

camera

There is motion detected.

Motion off

camera

This event is issued following a Motion on event when motion (measured in terms of number of motion blocks) has dropped below the “motion off threshold” for at least 5 seconds.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

752

Event types

Event

Source entity

Description

Motion on

camera

This event is issued when positive motion detection has been made.

Multiple units are configured for the interlock

area

All doors that are part of an interlock configuration must be controlled by the same unit.

No entry detected

cardholder, door, elevator, or area

A cardholder was granted access to a door, elevator, or area, but no entry is detected.

No match

hotlist

A vehicle has not been matched to the hotlist associated to the Sharp unit.

No RTP packet lost in the last minute

camera

The Archiver has received all the RTP packets in the last minute.

Object condition changed

camera (video analytics)

An object has suddenly changed direction or speed, such as when a person starts running or slips.

Object crossed line

camera (video analytics)

An object has crossed a predefined tripwire.

Object detected

camera (video analytics)

An object is in the camera field of view.

Object entered

camera (video analytics)

An object has entered the camera field of view.

Object exited

camera (video analytics)

An object has exited the camera field of view.

Object following route

camera (video analytics)

An object is following a predetermined route, in a specific direction.

Object left

camera (video analytics)

An object has entered and exited the camera field of view.

Object merged

camera (video analytics)

Two separate objects in the camera field of view have merged.

Object removed

camera (video analytics)

An object has been removed from the camera field of view.

Object separated

camera (video analytics)

An object within the camera field of view has separated into two objects.

Object stopped

camera (video analytics)

A moving object has stopped.

Offload failed

Patroller

An offload from Patroller to Security Center has failed.

Offload successful

Patroller

An offload from Patroller to Security Center was successful.

People count reset

area

The number of people counted in an area has been reset to 0.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

753

Event types

Event

Source entity

Description

People counting disabled: Unit is offline

area

A unit has gone offline, thus disabling people counting.

Person falling

camera (video analytics)

A person falling has been detected in the camera.

Person running

camera (video analytics)

A person running has been detected in the camera.

Person sliding

camera (video analytics)

A person sliding has been detected in the camera.

Playback bookmark added

camera

A user has added a bookmark to a recorded video. For more information about adding bookmarks, see the Genetec Security Desk User Guide.

Protection threshold exceeded

Archiver role

The Protected video threshold configured in the Server Admin is been exceeded. The percentage of disk space occupied by protected video files can be monitored from the Config Tool.

PTZ activated

camera (PTZ)

A user started using the PTZ after it has been idle. The Description field indicates the user who activated the PTZ. This event is regenerated every time a different user takes control of the PTZ, even when the PTZ is still active.

PTZ locked

camera (PTZ)

A user has tried to move the PTZ while it is being locked by another user with a higher PTZ priority. The Description field indicates the machine, application type, and user who currently holds the lock.

PTZ stopped

camera (PTZ)

The PTZ has not been manipulated by any user after a predetermined period of time. The Description field indicates the user who last used the PTZ.

PTZ zoom by user

camera (PTZ)

A user started zooming the PTZ. The Description field indicates the user who performed the zoom. Subsequent PTZ zoom by user events are generated if another user zooms the PTZ, or if the original user zooms the PTZ after the Idle delay has expired.

PTZ zoom by user stopped

camera (PTZ)

The PTZ has not been zoomed by any user after a predetermined period of time. The Description field indicates the user who last zoomed the PTZ.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

754

Event types

Event

Source entity

Description

Receiving RTP packets from multiple sources

camera

The Archiver is receiving more than one video stream for the same camera. IMPORTANT When this rare situation arises, the Archiver cannot tell which stream is the correct one simply by looking at the source IP address because of the NAT (Network Address Translation), so an arbitrary choice is made. This can result in the wrong video stream being archived. However, the source IP address and port number of both streams are indicated in the Description field, and the two sources are labeled Archived and Rejected. You can find the faulty unit that is causing this conflict.

Recording started (alarm)

camera

The recording on a camera has been started as the result of an alarm being triggered.

Recording started (continuous)

camera

The recording on a camera has been started by a continuous archiving schedule.

Recording started (external)

camera

The recording on a camera has been started by the Start recording action. This action could have been triggered by another event or executed from a macro.

Recording started (motion)

camera

The recording on a camera has been started through motion detection.

Recording started (user)

camera

The recording on a camera has been started manually by a user.

Recording stopped (alarm)

camera

The recording on a camera has stopped because the alarm recording time has elapsed.

Recording stopped (continuous)

camera

The recording on a camera has stopped because it is no longer covered by a continuous archiving schedule.

Recording stopped (external)

camera

The recording on a camera has been stopped by the Stop recording action. This action could have been triggered by another event or executed from a macro.

Recording stopped (motion)

camera

The recording on a camera has stopped because the motion has ceased.

Recording stopped (user)

camera

The recording on a camera has been stopped manually by a user.

Request to exit

door

Someone has pressed the door release button or has triggered a request to exit motion detector. The request to exit event has special filtering to make this feature compatible with motion detection request to exit hardware. Set these properties in the Config Tool > Door > Properties tab.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

755

Event types

Event

Source entity

Description

Request to exit normal

door

No request to exit is being made.

RTP packets lost

camera

There are RTP packets that the Archiver never received. This could happen if the packets have been lost on the network, or if the Archiver does not have enough CPU to process all the packets received on the network card. The Description field indicates the number of packets lost since the last time this event was issued (no more than once every minute).

Scheduled controlled access

elevator

The schedule for controlled access to elevator floors now applies.

Scheduled free access

elevator

The schedule for free access to elevator floors now applies.

Scheduled lock

door

The door unlock schedule has expired, the lock is now re-asserted (door is locked).

Scheduled unlock

door

The door lock is unlocked due to a programmed unlock schedule.

Signal lost

camera

The unit signal has been lost.

Signal recovered

camera

The unit signal has been recovered.

Synchronization completed: External system

external system

The synchronization of an external system has completed.

Synchronization error: External system

external system

The synchronization of an external system has resulted in an error.

Synchronization started: External system

external system

The synchronization of an external system has started.

Tailgating

camera (video analytics)

Two people have entered a secured area following each other very closely.

Threat level cleared

System, area

A threat level has been cleared on your system or on specific areas.

Threat level set

System, area

A threat level has been set on your system or on specific areas.

Transmission lost

camera

The Archiver is still connected to the camera, but it has not received any video packets for more than 5 seconds.

Undefined video analytics event

camera (video analytics)

A video analytics event has been issued, but it is not yet mapped to a Security Center event.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

756

Event types

Event

Source entity

Description

Unit connected

unit

The connection to a unit has been established or restored. Event related to a camera that is recording directly on the unit.

Unit failed to respond to edge video request Unit lost

unit

The connection to a unit has been lost.

Update failed

Patroller, Mobile Sharp

An update on Patroller or a Mobile Sharp unit has failed, or a file could not be synchronized on a Patroller computer.

Update installation completed

Patroller, Mobile Sharp

An update has completed on Patroller or a Mobile Sharp unit, and no reboot is required.

Update installation started

Patroller, Mobile Sharp

A user has started an updated on Patroller by clicking the “Update” icon.

Updated published

Patroller, Mobile Sharp

An update has been processed, and is ready to be deployed to Patroller.

Update uninstallation completed

Patroller, Mobile Sharp

A rollback on Patroller or a Mobile Sharp unit has completed.

Update uninstallation started

Patroller, Mobile Sharp

A user has started a rollback on Patroller by clicking the “Rollback” icon.

User logged off

user

A user has logged off of a Security Center application.

User logged on

user

A user has logged on to a Security Center application.

VRM connection attempt

The Archiver has attempted to connect to a VRM unit.

VRM connection failure

The Archiver has failed to connect to a VRM unit.

Window closed

input/zone

A physical window has closed.

Window opened

input/zone

A physical window has opened.

Zone armed

zone

A zone has been armed.

Zone disarmed

zone

A zone has been disarmed.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

757

Action types

Action types All actions in Security Center are associated with a target entity, which is the main entity affected by the action. Additional parameters are indicated in the Description column. All parameters must be configured for an action to be valid. For more information, see "Create an event-to-action" on page 107. Security Center supports the following actions: Action

Target entity

Description

Add bookmark

camera

Adds a bookmark to a camera recording. Additional parameter: • Message. Bookmark text.

Arm intrusion detection area

intrusion detection area

Arms an intrusion detection area. Additional parameters: • Mode: Either Master arm or Perimeter arm. • When. Either immediately or with a delay.

Arm zone

virtual zone

Arms a virtual zone.

Block and unblock video

camera

Blocks or unblocks a camera from other users in the system. Additional parameters: • Block/Unblock. Select whether the action will block or unblock the camera. • End. Select how long to block the video for:  For. The video is blocked from users for the selected amount of time.  Indefinitely. The video is blocked from users until you manually unblock it. • User level. Select a minimum user level. All users with a level lower than the one you select are blocked from viewing video.

Cancel postpone intrusion detection area arming

intrusion detection area

Cancels the postponed arming of an intrusion detection area.

Clear tasks

Security Desk (Destination)

Clears the task list in the specified Security Desk monitors. Additional parameter: • Destination. Online Security Desk application.  User. All monitors of all Security Desk applications connected with the specified username.  Monitor. Specific Security Desk monitor identified by a machine name and a monitor ID.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

758

Action types

Action

Target entity

Description

Disarm intrusion detection area

intrusion detection area

Disarms an intrusion detection area.

Disarm zone

virtual zone

Disarms a virtual zone.

Display a camera on an analog monitor

analog monitor

Displays a camera in an analog monitor in a canvas tile. Additional parameters: • Camera. Select which camera to display in the analog monitor. The camera must be supported by the analog monitor, and use the same video format. • Analog monitor. Select an analog monitor to display the camera in.

Display an entity in the Security Desk

users (Recipients)

Displays a list of entities in the Security Desk canvas of selected users, in terms of one entity per tile. This action is ignored if a user does not have a Monitoring task open in Security Desk. Additional parameters: • Entities. List of entities to display. Each entity is displayed in a separate tile. • Display option  View in a free tile. Only use free tiles.  Force display in tiles. Display in free tiles first. When there are no more free tiles, use the busy tiles following the tile ID sequence.

Email a report

users (Recipients)

Sends a report (based on a saved reporting task) as an email attachment to a list of users. Additional parameters: • Report. Public reporting task used as report template. • Format. Report format, either PDF or Excel.

Forgive antipassback violation

cardholder or cardholder group

Forgives an antipassback violation for a cardholder, or cardholder group.

Go home

dome camera

Commands the selected dome camera to go to its home position. Not all dome cameras support this feature.

Go to preset

dome camera

Commands the dome camera to go to the specified preset position. Additional parameter: • Preset. Preset position (number) to go to.

Import from file

user (Recipient)

Imports a file and sends the import results to a user. Additional parameter: • File name. Opens the Import tool window, where you can select the file that is used to import the data. For more information, see "Import tool" on page 657.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

759

Action types

Action

Target entity

Description

Override with event recording quality

camera

Sets the Boost quality on event recording to ON for the selection camera and applies the custom boost quality recording settings. Selecting this option overrides the general settings for event recording. The effect of this action lasts as long as it is not modified by another action, such as Recording quality as standard configuration, or until the Archiver restarts.

Override with manual recording quality

camera

Sets the Boost quality on manual recording to ON for the selection camera and applies the custom boost quality recording settings. Selecting this option overrides the general settings for event recording. The effect of this action lasts as long as it is not modified by another action, such as Recording quality as standard configuration, or until the Archiver restarts.

Play a sound

user or user group

Plays a sound bite in a user or user group’s Security Desk. This action is ignored if the user is not running Security Desk. Additional parameter: • Sound to play. Sound file (.wav) to play. For the user to hear the sound bite, the same sound file must be installed on the PC where Security Desk is running. The standard alert sound files that come with the installation are located in C:\Program files\Genetec Security Center 5.2\Audio.

Postpone intrusion detection area arming

intrusion detection area

Postpones the intrusion detection area arming. Additional parameters: • Arming mode: Either Master arm or Perimeter arm. • Postpone for. Set how long to postpone the arming for, in seconds. • Arming delay. Set the arming delay in seconds.

Recording quality as standard configuration

camera

Cancels the effect of the Override with manual/event recording quality actions and restores the standard recording configuration.

Reset area people count

area

Resets the people counter in an area.

Reset external system

Omnicast Federation role

Forces the Omnicast Federation role to reconnect to the remote Omnicast system.

Run a macro

macro

Starts the execution of a macro. Additional parameter: • Context: Specific value settings for the context variables.

Run a pattern

dome camera

Commands the dome camera to run the specified pattern. Additional parameter: • Pattern. Pattern number to run.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

760

Action types

Action

Target entity

Description

Send a message

user or user group (Recipient)

Sends a pop-up message to a user’s Security Desk. This action is ignored if the user is not running Security Desk. Additional parameter: • Message. Text to be to displayed in the pop-up message.

Send an email

user, user group, cardholder, cardholder group (Recipient)

Sends an email to users or cardholders. The selected user must have an email address configured, and the mail server must be properly configured for Security Center, or the action is ignored. Additional parameter: • Message. The email text to be sent to the recipient.

Send task

Security Desk (Destination)

Sends and adds a public task to a Security Desk application. Additional parameters: • Task. Public task to send. • Destination. Online Security Desk application.  User. All Security Desk connected with that user.  Monitor. Specific Security Desk monitor identified by a machine name and a monitor ID.

Set reader mode

cardholder, credential

(Only available when creating threat levels) Sets a reader mode for accessing doors when a threat level is set. Additional parameters: • Location. The areas where this reader mode applies when a threat level is set. • Reader mode. Select whether access is granted using a card and PIN, or card or PIN, for the selected areas.

Set the door maintenance mode

door

Sets the Unlocked for maintenance status of a door to on or off. Additional parameter: • Maintenance. Desired maintenance mode (On or Off).

Set threat level

system, area

Sets a threat level on your Security Center system, or on specific areas. Additional parameters: • Area. Select which areas to set the threat level on. Can be your entire system, or specific areas. • Threat level. Select which threat level to set.

Silence buzzer

door

Resets the Buzzer output defined for a door. This action sets the Buzzer option to None in the Hardware tab of a door in Config Tool.

Sound buzzer

door

Sets the Buzzer output defined for a door. The buzzer sound is specified under the Buzzer option in the Hardware tab of a door in Config Tool.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

761

Action types

Action

Target entity

Description

Start applying video protection

camera

Starts protecting upcoming video recordings against deletion. The protection is applied on all video files needed to store the protected video sequence. Since no video file can be partially protected, the actual length of the protected video sequence depends on the granularity of the video files. When multiple Start applying video protection actions are applied on the same video file, the longest protection period is kept. Additional parameters: • Keep protected for. Duration of the video protection.  Specific. Sets the protection period in number of days.  Infinite. The protection can only be removed manually from the Archive storage details task. • Protect video for next. Duration of the video to protect.  Specific. Sets the duration in minutes and hours.  Infinite. All future recordings are protected until the action Stop applying video protection is executed.

Start recording

camera

Starts recording on the specified camera. This action is ignored if the camera is not on an active recording schedule. Recordings started by this action cannot be stopped manually by a user. Additional parameter: • Recording duration. Sets the duration of the video recording.  Default. Sets the duration to follow the value defined in Default manual recording length configured for the camera.  Infinite. The recording can only be stopped by the Stop recording action.  Specific. Sets the recording duration in seconds, minutes, and hours.

Stop applying video protection

camera

Stops protecting upcoming video recordings against deletion. This action does not affect the video archives that are already protected. Additional parameter: • Stop in. Sets the video protection to stop Now or in a Specific amount of time in minutes and hours.

Stop recording

camera

Stops recording on the specified camera. This action only works if the recording was started by the Start recording action. Additional parameter: • Stop in. Sets the recording to stop Now or in a Specific amount of time in seconds, minutes and hours.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

762

Action types

Action

Target entity

Description

Temporarily override unlock schedules

door

Temporarily locks or unlocks a door for a given period of time. Additional parameters: • Lock mode. Select Unlocked or Locked.  For. Amount of time in minutes or hours.  From/To. Date and time range to unlock the door.

Trigger alarm

alarm

Triggers an alarm. NOTE Triggering an alarm might generate additional events, depending on the alarm configuration. Additional parameters: • Acknowledgement condition. Event type that must be triggered before the alarm can be acknowledged. • User acknowledgement required. Select whether the alarm must be manually acknowledged, or if it is automatically acknowledged by the system after the acknowledgement condition is cleared.

Trigger intrusion alarm

intrusion detection area

Triggers a physical alarm on an intrusion detection area. Additional parameter: • Recipient type. Type of alarm trigger, either the intrusion detection area or a specific alarm input.

Trigger output

output pin (unit)

Triggers an output behavior on an output pin of a unit. For example, an action can be configured to trigger the output pin of a unit (controller or input/output module). Additional parameter: • Output behavior. Select the output behavior to trigger.

Trigger synchronization

role (that needs synchronization)

Starts a synchronization process on the specified role (Active Directory or Global Cardholder Synchronizer).

Unlock door explicitly

door

Temporarily unlocks a door for five seconds, or the Standard grant time configured for that door.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

763

20 Keyboard shortcuts in Config Tool Learn about the default keyboard shortcuts available in Config Tool. This section includes the following topics:

• "Default keyboard shortcuts" on page 765

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

764

Default keyboard shortcuts

Default keyboard shortcuts This table lists the default keyboard shortcuts you can use in Config Tool. This list is categorized alphabetically by command. NOTE You can change the keyboard shortcuts in the Keyboard shortcuts tab of the Options dialog

box. See "Keyboard shortcuts" on page 681. Command

Description

Shortcut

Apply changes

Apply the changes made to your current configuration tab.

CTRL+S

Exit application

Close Config Tool.

ALT+F4

Full screen

Toggle between displaying Config Tool in full screen and windows mode.

F11

Go to next page

Switch to the next Config Tool task tab.

CTRL+TAB

Go to previous page

Switch to the previous Config Tool task tab.

CTRL+SHIFT+TAB

Help

Open the online help.

F1

Home page

Go to the Home page. For more information, see "Home page overview" on page 14.

CTRL+GRAVE ACCENT (‘)

Options

Open the Options dialog box.

CTRL+O

Select columns

Select which columns to show/hide in the report pane.

CTRL+SHIFT+C

Add a bookmark

Add a bookmark to video in the selected tile (for live video only).

B

Copy statistics of the currently selected video tile

Copy the statistics of the selected tile.

CTRL+SHIFT+X

Show statistics overlay on the video tile

Show/hide the statistics summary of the video in the selected tile.

CTRL + SHIFT + A

Show status overlay on the video tile

Show/hide the status summary of the video in the selected tile.

CTRL+SHIFT+D

Go to preset

Jump to a PTZ preset you select.

SHIFT+

Pan left

Pan the PTZ camera image to the left.

LEFT ARROW

General commands

Camera commands

PTZ commands

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

765

Default keyboard shortcuts

Command

Description

Shortcut

Pan right

Pan the PTZ camera image to the right.

RIGHT ARROW

Tilt down

Tilt the PTZ camera image down.

DOWN ARROW

Tilt up

Tilt the PTZ camera image up.

UP ARROW

Zoom in

Zoom in the PTZ camera image.

Hold the PLUS SIGN (+)

Zoom out

Zoom out the PTZ camera image.

Hold the HYPHEN (-) key

Rename task

Rename the selected task.

F2

Save as

Save a task under a different name and scope (private or public).

CTRL+T

Save workspace

Save the task list so that it is automatically restored the next time you log on to the system with the same user name.

CTRL+SHIFT+S

Saved tasks

Open the Public tasks page from the Home page. For more information, see "Home page overview" on page 14.

CTRL+N

Task commands

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

766

Part VII Appendices Learn about the user privileges, event and action types, license options, and HID access control units available in Security Center. This part includes the following appendices: •

Appendix A, “License options” on page 768



Appendix B, “Default Security Center ports” on page 776



Appendix C, “HID reference” on page 781



Appendix D, “Bosch reference” on page 803



Appendix E, “Honeywell reference” on page 805

A License options This section describes all Security Center software license options, and how to view your license information. This section includes the following topics:

• "Viewing license information from Config Tool" on page 769 • "Viewing license information from Server Admin" on page 770 • "License option descriptions" on page 771

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

768

Viewing license information from Config Tool

Viewing license information from Config Tool From the Home page in Config Tool, click About.

NOTE You might not see all the tabs shown in this sample screen shot if your license does not support all the solution components.

• License. This tab tells you when your software license expires, and gives you the information you need to provide when contacting Genetec Technical Assistance Center: System ID, Package name, Service maintenance agreement (SMA) number, and so on. IMPORTANT Seven days before your license expires, you receive a warning message.

• Security Center. This tab shows all generic Security Center options. A feature is either supported or limited by a maximum use count. For the latter, the Support column shows the current use vs. the maximum allowed.

• • • • • •

Synergis. This tab is shown only if Synergis (access control) is supported. Omnicast. This tab is shown only if Omnicast (video surveillance) is supported. AutoVu. This tab is shown only if AutoVu (LPR) is supported. Mobile. This tab is shown only if Security Center Mobile is supported. Certificates. This tab lists all the supported software certificates, such as plugin certificates. Purchase order. This tab reproduces your order.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

769

Viewing license information from Server Admin

Viewing license information from Server Admin 1 Log on to your main server using Server Admin. For more information, see "Open Server Admin using Internet Explorer" on page 48. 2 Select the Directory tab, scroll to the License section, and click License information.

NOTE You might not see all the tabs shown in this sample screen shot if your license does not support all the solution components.

• Overview. This tab tells you when your software license expires and gives you the information you need to provide when contacting Genetec Technical Assistance Center: System ID, Package name, Service maintenance agreement (SMA) number, and so on.

• Security Center. This tab shows all generic Security Center options. A feature is either supported or limited by a maximum use count.

• • • • •

Synergis. This tab is shown only if Synergis (access control) is supported. Omnicast. This tab is shown only if Omnicast (video surveillance) is supported. AutoVu. This tab is shown only if AutoVu (LPR) is supported. Mobile devices. This tab is shown only if Security Center Mobile is supported. Certificates. This tab lists all the supported software certificates, such as plugin certificates.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

770

License option descriptions

License option descriptions This section describes the meaning of all Security Center license options. A feature is either supported or limited by a maximum use count. For the latter, only the Config Tool shows the current use vs. the maximum allowed. TIP Some options feature an On/Off switch. If you do not use that option in your system, turn the switch OFF to simplify the user interface.

This section includes the following topics:

• • • • • •

"Security Center license options" on page 771 "Synergis license options" on page 772 "Omnicast license options" on page 773 "AutoVu license options" on page 774 "Mobile license options" on page 774 "Certificate license options" on page 775

Security Center license options This section describes the generic Security Center license options.

• Macros. Allows you to create macros in your system. For more information, see "Using macros" on page 110.

• Threat level. Allows you to create threat levels in Config Tool, as well as set threat levels in Security Desk.

• Remote Security Desk. Allows you to remotely monitor and control other Security Desk workstations and monitors, using the Remote task on your local Security Desk.

• Alarms. Allows you to create and manage alarms in Config Tool, and use the Alarm monitoring and Alarm report tasks in Security Desk.

• Hot actions. Allows you to trigger hot actions in Security Desk. • Audio. Allows you to configure sounds bites on your system in Config Tool, and use them in event-to-actions.

• Partitions. Allows you to configure and use partitions in Security Center. • Intrusion detection. Allows you to configure intrusion detection entities in Config Tool, as well as monitor intrusion detection entities in Security Desk.

• Time zone. Allows you to configure the unit time zone when a Location property tab is displayed, as in video unit configuration for example.

• Automatic email notifications. Allows you to set up an email server for email notifications, including: 

Receiving email notifications from the Watchdog.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

771

License option descriptions



Using Send an email and Email a report actions.

• Web SDK. Allows you to create Web-based SDK roles. For more information, see "Supporting cross-platform development" on page 164.

• Plan Manager Basic. Allows you to use Plan Manager in Basic mode. For more information about Plan Manager, see the Plan Manager User Guide.

• Plan Manager Standard. Allows you to use Plan Manager in Standard mode. For more information about Plan Manager, see the Plan Manager User Guide.

• Plan Manager Advanced. Allows you to use the Advanced configuration of Plan Manager in Advanced mode. For more information about Plan Manager, see the Plan Manager User Guide.

• Number of custom fields. Maximum number of custom fields that you are allowed to define. For more information, see System – General settings – "Custom fields" on page 619.

• Number of federated systems. Maximum number of federated systems allowed, counting both Omnicast 4.x and Security Center systems. For more information, see "Federating remote systems" on page 128.

• Number of Security Desk connections. Maximum number of simultaneous Security Desk connections allowed on your system.

• Number of Active Directories. Maximum number of Active Directory domains that can be synchronized with your system. For more information, see "Importing users from an Active Directory" on page 102.

• Number of additional Directory servers. Maximum number of Directory servers you can have in addition to your main server to set up a high availability system. For more information, see "Configuring Directory failover and load balancing" on page 66.

• Number of intrusion detection units. Maximum number of intrusion panels supported on your system. For more information, see "Managing intrusion panels" on page 155.

• Number of input pins. Maximum number of input pins that can be configured for doors, elevators, and zones.

• Number of output pins. Maximum number of input pins that can be configured can be configured for doors, elevators, and zones.

• Number of cash registers. Maximum number of cash registers that you can import from an external point of sale system. For more information, see "Point of Sale" on page 595.

Synergis license options This section describes the Synergis access control license options.

• Card requests. Allows users to request card credentials to be printed by other users on the system. Also allows you to create request reasons in Config Tool.

• Import Tool. Allows you to import cardholders and credentials from a flat file. For more information, see "Import tool" on page 657.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

772

License option descriptions

• Antipassback. Allows you to configure areas with antipassback restrictions. For more information, see "Configure antipassback" on page 280.

• • • • •

People counting. Allows you to use the People counting task in Security Desk. Badge template. Allows you to define badge templates in your system. USB enrollment reader. Allows you to detect and use USB readers on your system. Visitors. Allows you to use the Visitor management task in Security Desk. Number of cardholders and visitors. Maximum number of cardholders and visitors allowed on your system, including those imported from Active Directories. For more information, see "Configuring cardholders and cardholder groups" on page 283.

• Number of readers. Maximum number of readers that can be configured for doors and elevators on your system.

• Number of Access Managers. Maximum number of Access Manager roles that can be created on your system. For more information, see "Configuring the Access Manager role" on page 260.

• Number of Global Cardholder Synchronizers. Number of Global Cardholder Synchronizer roles allowed on your system. For more information, see "Managing global cardholders" on page 296.

Omnicast license options This section describes the Omnicast video surveillance license options.

• Number of cameras. Maximum number of cameras allowed on your system. Both cameras managed locally by your system and those federated from remote systems are counted.

• Number of OVReady cameras. Maximum number of OVReady cameras (with video analytics capabilities) allowed on your system.

• Number of panoramic cameras. Number of panoramic cameras allowed on your system. • Number of DVR inputs. Number of video inputs from DVRs (digital video recorders) allowed on your system.

• Number of analog monitors. Maximum number of analog monitors allowed on your system.

• Number of Auxiliary Archivers. Number of Auxiliary Archiver roles allowed on your system. For more information, see "Configuring the Auxiliary Archiver role" on page 204.

• Audio. Allows your system to stream audio and enables all audio features on your system. • Forensic search. Enables the Forensic search task in Security Desk. • Trickling. Enables data to be transferred in small amounts at specific or pre-determined time from the edge-recording units to the Archiver. For more information, see "Configuring video units for trickling" on page 197.

• Camera blocking. Allows you to block video from other users on the system. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

773

License option descriptions

AutoVu license options This section describes the AutoVu LPR license options.

• • • •

Security Desk map. Type of map engine supported in Security Desk: Bing or MapInfo. Geocoder. Type of map engine used by the LPR Manager for geocoding: Bing or MapInfo. Microsoft Bing license expiration date. Bing license expiration date. Data import. Allows data to be imported from AutoVu 4.3 systems. For more information, see "Data import" on page 583.

• XML import. Allows you to import data from third-party applications. For more information, see "XML import" on page 578.

• Number of LPR Managers. Maximum number of LPRManager roles allowed on your system.

• Number of fixed Sharp units. Maximum number of fixed Sharp units allowed on your system.

• Number of Patrollers - Law Enforcement. Maximum number of Patrollers configured for Law Enforcement allowed on your system.

• Number of Patrollers - City Parking Enforcement. Maximum number of Patrollers configured for City Parking Enforcement allowed on your system.

• Number of Patrollers - University Parking Enforcement. Maximum number of Patrollers configured for University Parking Enforcement allowed on your system.

• Number of Patrollers - MLPI. Maximum number of Patrollers configured for Mobile License Plate Inventory allowed on your system.

• Number of Patrollers equipped with maps. Maximum number of Patrollers equipped with maps allowed on your system.

Mobile license options This section describes the Genetec Security Center Mobile license options.

• Number of mobile device servers. Maximum number of Mobile Servers allowed on your system.

• Number of mobile devices. Maximum number of simultaneous Mobile app connections allowed on your system.

• Number of Web Clients. Maximum number of Web Client connections allowed on your system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

774

License option descriptions

Certificate license options This section describes the certificate license options. Each certificate is identified by an application/plugin name and the publisher name. The option specifies the maximum number of simultaneous connections from each type of application on your system.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

775

B Default Security Center ports This section describes all default ports used by Security Center. Make sure these ports are open and redirected for firewall and network address translation purposes. This section includes the following topics:

• • • •

"Common communication ports" on page 777 "AutoVu-specific ports" on page 778 "Synergis-specific ports" on page 779 "Omnicast-specific ports" on page 780

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

776

Common communication ports

Common communication ports The following table lists the default network ports used by Security Center applications. Computer

Inbound

Main server

TCP 5500

Outbound

Port usage

Directory connection requests

Expansion servers

TCP 5500

Directory connection requests

Client workstations

TCP 5500

Directory connection requests

TCP 4502

Communication between servers

All servers (hosting any role)

TCP 4502

Intrusion Manager

TCP 3001

HTTP 80

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Connection via Server Admin TCP 3001

Bosch intrusion panels

777

AutoVu-specific ports

AutoVu-specific ports The following table lists the default network ports used by Security Center/AutoVu applications. Computer

Inbound

LPR Manager

Outbound

Port usage

UDP 5000

Fixed Sharp unit discovery

TCP 8731

Fixed Sharp units and Patrollers

TCP 8832

Patroller hotfix requests

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

778

Synergis-specific ports

Synergis-specific ports The following table lists the default network ports used by Security Center/Synergis applications. Computer

Inbound

Outbound

Port usage

Access Manager

UDP/TCP 4070

UDP/TCP 4070

HID VertX controllers

TCP 20

TCP 21, 23

HID VertX controllers

TCP 4050

HID VertX controllers

For information about HID hardware setup, see "Refer to HID’s documentation for initial hardware setup" on page 782.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

779

Omnicast-specific ports

Omnicast-specific ports The following table lists the default network ports used by Security Center/Omnicast applications. Computer

Inbound

Archiver

TCP 555 UDP 15000–16000

Outbound

Live and playback stream requests UDP 15000–16000

TCP & UDP UDP 47806

Port usage

Live unicast streams (audio & video) Vendor specific ports for events and unit discovery

UDP 47806

Live audio & video multicast streams

TCP 554 or HTTP 80

Typical port used to request video from a unit

Telnet 5602

Telnet Console connection requests

Auxiliary Archiver

TCP 558

Playback stream requests

Media Router

TCP 554

Live and playback stream requests

Redirector

TCP 560

Live and playback stream requests

UDP 8000–12000

Live audio & video unicast streams

UDP 47806

Security Desk & Config Tool

UDP 47806

Live audio & video multicast streams

TCP 555

Communication with Archiver

UDP 6000–6500

Live audio & video unicast streams

UDP 47806

Live multicast video streams

UDP 47807

Live multicast audio streams TCP 554–560

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Live and playback audio/video requests

780

C HID reference This section describes additional information concerning the setup and configuration of HID access control units. This section includes the following topics:

• • • • • • • • •

"Network configuration" on page 782 "Using the HID Discovery GUI utility" on page 783 "HID initial configurations" on page 784 "Special considerations when configuring HID units" on page 785 "Interpreting the Power and Comm LEDs on an HID unit" on page 787 "Supported features and models" on page 788 "Access control unit modes of operation" on page 791 "Access control unit configuration" on page 799 "Wiring diagrams" on page 800

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

781

Network configuration

Network configuration HID VertX (V1000, V2000), and Edge devices are IP devices that can acquire their network address automatically when your network has a DHCP server (the default). They can also be configured with static addresses (recommended).

Refer to HID’s documentation for initial hardware setup HID device documentation can be found in the Documentation\Controllers folder of your Security Center installation package:

• HID VertX 

HID VertX OEM Quick Installation Guide V100, V200, V300, V1000, and V2000 for configuration information.

HID VertX Install Wiring Diagram Example for wiring examples. HID Edge device 





HID EdgeReader Wiring Instructions for wiring examples.

HID documentation can also be downloaded from www.HIDglobal.com. The discovery port of an HID unit is fixed at 4070. Once it is discovered, the unit is assigned to an Access Manager that uses the ports shown in the following table to control it. Computer

Inbound

Outbound

Port usage

Access Manager

UDP/TCP 4070

UDP/TCP 4070

HID VertX controllers

TCP 20

TCP 21, 23

HID VertX controllers

TCP 4050

HID VertX controllers

The initial discovery can be performed with either the Security Center’s Unit Discovery Tool (see "Unit discovery tool" on page 653), or with the HID Discovery GUI. NOTE The Security Center’s Unit Discovery Tool does not let you assign or modify the IP configuration of an HID unit. If you do not have a DHCP server on your network, or if you want to modify the initial IP configuration of the HID unit, this should be done with the HID Discovery GUI. It can be downloaded from http://www.hidglobal.com/downloads/ DiscoveryClient.zip.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

782

Using the HID Discovery GUI utility

Using the HID Discovery GUI utility The HID Discovery GUI utility is a Windows application designed to scan a local network and report what HID devices are found. Typically, is used to perform the initial discovery and apply IP configurations to your HID hardware before enrolling them into your Security Center system. To use the HID Discovery GUI: 1 Launch the utility. The HID Discovery GUI can be found in your Windows Start menu > All Programs > VertX Toolbox > Discovery GUI. 2 When the application launches, it immediately scans the local network.

The following columns are displayed: 





Type. HID device model. MAC Address. MAC address of the device’s network interface (also used as serial number). Host Name. Name assigned to the device (by default, same as “Type”).

3 To cause the unit’s LED to blink so it can be identified, click the Blink ON button. 4 To go to the unit’s configuration Web page, click the Configure Unit hyperlink. 5 To re-scan the network to find HID devices, click the Refresh

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

button.

783

HID initial configurations

HID initial configurations If no DHCP server is present, you need to assign a static IP configuration to the unit. As long as an HID unit has a valid IP configuration, it can be “seen” by the Security Center’s Access Manager, and you know the username and password to connect to the unit, everything else can be done once it has been enrolled into Security Center. To prepare your unit for enrollment into Security Center: 1 Launch the HID Discovery GUI and scan for devices on your network. 2 If you do not find the desired results, disconnect your workstation’s network cable from the wall (or switch) and plug it directly into the HID unit.

The address 169.254.242.121 is the factory-assigned default address for every HID device. Even if the unit has been configured with an IP configuration, it still listens on this address for (possible) troubleshooting needs. 3 If a change in IP configuration is required, this is performed from the device’s configuration Web page. You can open the device’s Web page one of the following ways: 

In the HID Discovery GUI, click the Configure Unit hyperlink.



Type http://169.254.242.121 in your Web browser.

4 Authentication is required to connect to an HID unit’s web page. By default: 

User Name: root



Password: pass

5 The first page displayed from the HID unit will be it’s Basic Setup page. It is on this page that you can assign the device’s IP configuration. CAUTION If no DNS server is present on your network, you must use the unit’s own IP address for the Primary DNS Server value. Furthermore, the Basic Central Station’s IP address should be set to the IP address of your Security Center server running the Access Manager role.

6 Scroll down, and click the link to Change Login Password. (NB: This refers to the user admin not the user root) 7 Scroll to the bottom of the page, and click Submit. The unit applies the new IP configuration, and reboot. The unit is now ready to be enrolled in Security Center. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

784

Special considerations when configuring HID units

Special considerations when configuring HID units Some special considerations should be taken into account when working with HID inputs and outputs. This section includes the following topics:

• • • •

"For HID V1000 units" on page 785 "Other HID hardware" on page 785 "HID factory default input settings" on page 785 "Modify input configurations" on page 786

For HID V1000 units It is not recommended to use an HID VertX V1000 inputs and outputs for special purpose requirements such as:

• • • • •

A door: REX, door sensor, door lock Interlock override or lockdown Elevator control floor tracking Door buzzer IO linking (Hardware zone)

Instead, you should use the inputs and outputs from the V1000’s sub-panels (V200’s, V300’s) for these purposes.

Other HID hardware Any unused inputs (including AC Fail, Battery Fail and REX) can be used for other purposes except the Tamper and Door Monitor inputs. These two types of inputs can only be used for their specified purpose.

HID factory default input settings HID units have the following configurations applied to the inputs:

• The door monitor input is configured by default as normally closed (NC), and not



supervised (no EOL resistors). This means that if nothing is connected to the door monitor input, the unit will emit beeps to signal that the door is open. To correct this, connect the door monitor input to an actual door monitor, or reconfigure the input to normally open (NO). See illustration below. All other inputs are configured as normally open (NO), not supervised (no EOL resistors).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

785

Special considerations when configuring HID units

Modify input configurations 1 Select the unit from the Config Tool’s Roles view task, and click the Properties tab. 2 In the Additional settings section, modify the Contact type / Supervision mode of the inputs and outputs attached to the unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

786

Interpreting the Power and Comm LEDs on an HID unit

Interpreting the Power and Comm LEDs on an HID unit HID units are equipped with 2 status LEDS; One is labelled Power, and the other is labelled Comm. You can find these LED’s on top of the face plate for V1000’s and V2000’s. For Edge and Edge Plus devices, the LED’s are found on the bottom of the unit. Table 22-2: V1000, V2000 and Edge Reader power & Comm LED’s LED indicator

Power

Comm

State

Description

Off

Check input voltage to the unit

Solid red

No network activity

Blinking (Red/Off)

Network activity

Solid green

All interfaces found (eg. V100, V200, V300)

Solid red

No interfaces found

Blinking (Red/Green)

Some interfaces were found (the duty cycle changes according to the number of interfaces found).

Blinking (Amber/Green)

The unit is in “Locate me” mode (somebody clicked the “Identify” button).

For VertX V1000 units: If the Comm LED indicator is off, update the firmware for the interface (V100) part of the unit. Table 22-3: VertX interface boards (sub-panels) V100, V200, V300 LED indicator

State

Description

Solid red

OK

Anything other than solid red

Check input voltage

Blinking (Red/Green)

RS-485 bus activity

Amber

Firmware download in progress

Power

Comm

If the Comm LED indicator for an interface board is off, verify the wiring for the RS-485 bus. Then try updating the firmware.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

787

Supported features and models

Supported features and models Please refer to the tables below to confirm which Security Center features are supported by which models of HID access control units.

Supported access control software and hardware This section describes the supported HID access control features in Security Center.

Supported HID keypad reader options Card and PIN operation depends on the type of unit and the keypad reader installed. For both HID iCLASS and Prox readers, the “Keypad configuration setting option” is selected at the time of purchase. Supported options include the following:

• Option 00: “Keypad configuration setting option” of 00 = Buffer one key, no parity, 4-bit •

message. Option 14: “Keypad configuration setting option” of 14 = Buffer one to five keys (Standard 26-bit output). This reader option is also known as “Galaxy Mode”. HID keypad reader option

Unit type

HID: V1000 with V100 V2000 EdgePlus E400

HID: EdgeReader ER40 EdgeReader  ERP40 EdgeReader  ERW400

Online mode

Mixed mode

Offline mode

Card or PIN.

Observation

“Keypad configuration setting option” of 14

Not applicable.

Card or PIN.

“Keypad configuration setting option” of 00

Not applicable.

Card or PIN. Card and PIN on schedule. When offschedule, operation reverts to card only.

An unknown PIN will not generate the Access denied: Unknown credential event in Security Center. The reader cannot be used to enroll PINs for credential creation.

These units cannot be ordered with a keypad.

Not applicable.

Card only.



Card only.

The keypad readers can be used to enroll PINs.

For HID SmartID keypad readers (SK10), the following option is required to support card and PIN functionality:

• Option 02PIN-0000: “Pincode Wiegand 4 bit per key no parity”. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

788

Supported features and models

PIN length Currently, PINs cannot have more than five digits.

Supported HID hardware For firmware version requirements, see the Security Center release notes.

• • • •

iCLASS EdgeReader (POE) ER40, ERP40, ERW400 integrated reader and controller EdgePlus (POE) E400 controller VertX V2000 reader interface/network gateway VertX V1000 network gateway 

VertX V100 reader interface



VertX V200 input interface



VertX V300 output interface

Card readers:

• HID units support most industry standard card readers that output card data using the Wiegand protocol (up to 128-bit card formats). For card and keypad readers, see "Access control unit configuration" on page 799.

• • HID SmartID readers (MIFARE and DESFire) are also supported. Supported RF Ideas USB enrollment readers

The RF Ideas readers only support card data formats up to 64 bits. The following USB enrollment readers are supported:

• pcProx HID USB reader for enrolling proximity cards • AIR ID Enroll iCLASS ID# USB reader for enrolling HID iCLASS cards • AIR ID Enroll 14443/15693 CSN USB reader for enrolling a MIFARE card using the CSN (card serial number)

Support for Power over Ethernet (PoE) The following units support PoE (15.4W): Unit type

Support

HID V1000, V100, V200, V300

Not supported

HID V2000

Not supported

HID EdgeReader / EdgePlus

Supported

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

789

Supported features and models

Unit cardholder and reader capacity The number of cardholders (or credentials) that a unit can support offline is as follows: Unit type

Supported number of cardholders

HID V1000 / V100

22,000, up to 125,000 cardholders with full memory upgrade.

HID V2000

22,000, up to 125,000 cardholders with full memory upgrade.

HID EdgeReader / EdgePlus

22,000 cardholders (maximum). No memory upgrades are possible.

The number of readers that a unit can support is as follows: Unit type

Supported number of readers

HID V1000 / V100

64 readers with 32 V100 reader interface modules 32 doors configured as card in/card out 64 doors configured as card in/REX out

HID V2000

2 readers 1 door configured as card in/card out 2 doors configured as card in/REX out

HID EdgeReader / EdgePlus

1 reader 1 door configured as card in/REX out

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

790

Access control unit modes of operation

Access control unit modes of operation This section describes the supported HID access control unit modes of operation in Security Center. This section includes the following topics:

• "About offline, mixed, and online modes of operation" on page 791 • "Supported modes of operation per unit type" on page 791

About offline, mixed, and online modes of operation When the Security Center’s Access Manager role and an HID unit can communicate over an IP network, the HID unit will be, by definition, in Mixed mode. If the network connection is disrupted, the unit will fall into offline mode. Online mode is not supported for HID units. Unit operating mode

Description

Mixed mode

The unit makes access control decisions locally based on information downloaded from Security Center/Synergis during unit synchronization. Access events are reported to Security Center/Synergis in real-time.

Offline

Communication with Security Center/Synergis has been lost. The unit makes access control decisions locally, based on information downloaded from Security Center/Synergis during unit synchronization. Access granted and access denied events are logged in the unit and are uploaded to the Security Center/Synergis when the network connection is re-established.

Online

The unit is under the direct real-time control of Security Center/Synergis. Security Center/Synergis makes all access control decisions. This mode is not available with HID VertX and Edge units.

Supported modes of operation per unit type The following table summarizes which modes of operation are supported by unit type: Unit

Online Mode

Mixed Mode

Offline Mode

HID V1000/V100

Not supported

Supported

Supported

HID V2000

Not supported

Supported

Supported

HID EdgeReader/  EdgePlus

Not supported

Supported

Supported

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

791

Access control unit modes of operation

The features available for the HID mixed and HID offline modes of operation are as follows:

• • • • • • • • • • • • • • • • •

Action: Silence buzzer or Sound buzzer (event-to-action) Antipassback Card and PIN Elevator control Elevator floor tracking Event-to-action with Trigger output action Extended grant time Hard antipassback (passback violation event generated and access is denied) Interlock IO Linking Lockdown Override People Counting Readerless Door (use an IO module for a REX, door state, and door lock only) Soft Antipassback (passback violation event generated and access is granted) Strict Antipassback Timed antipassback

Action: Silence buzzer or Sound buzzer (event-to-action) Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported

For operation, the mixed and offline modes require the following:

• All inputs and outputs must belong to the same HID controller (one VertX V1000, one V2000, or one Edge). NOTE The Action feature is not available with a readerless door.

Antipassback Operating mode

Feature availability

HID mixed mode

Depends on the antipassback settings enabled with the Config Tool.

HID offline mode

Depends on the antipassback settings enabled with the Config Tool.

For operation, the mixed and offline modes require the following: gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

792

Access control unit modes of operation

• All units used for this feature must be assigned to the same Access Manager. • The interlock feature must be disabled. Interlock (including the lockdown and override functions) and antipassback are mutually exclusive; both features cannot be enabled for an area at the same time.

HID VertX antipassback The antipassback feature works best once the access control system has been configured and the system is operational and relatively static. It is recommended to enable antipassback once the following entities have been properly configured in Security Center and are not expected to change on a daily basis:

• • • • • • •

Unit time zones Doors and associated readers Areas (groups of doors) Elevators and associated floors (including unlocking schedules) Cardholder groups Schedules (including card and PIN schedules) Access rules

The following section provides guidelines for configuring, enabling, and managing the antipassback with HID VertX controllers (units):

• You must use either the V1000 or V2000 for antipassback. 

V2000: Antipassback is only supported for an area with a single door having both entry and exit readers.

V1000: Antipassback is supported for multiple areas, with each area supporting multiple doors with entry and exit readers. Limitation in the number of doors is based on the number of V100 modules installed. Antipassback is not recommended with the Edge product line for the following reasons: 







Only a single reader can be specified for either entry or exit (not both) while antipassback typically requires both entry and exit readers. Peer-to-peer communication between Edge devices is not supported by Security Center.

• An area with antipassback must be configured for readers wired to, and doors managed by, the same unit (V1000 or V2000) because 

Antipassback functions are handled by the unit (V1000 or V2000).

The Security Center does not support peer-to-peer communication between either VertX V1000 or V2000 devices. Antipassback can be reset using the following methods: 





A unit synchronization operation

An action (manually or with an event-to-action) The following system behavior will reset a unit’s antipassback state: 



gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

793

Access control unit modes of operation





Initial unit synchronization when the Security Center services are started or restarted. Unit synchronization following the loss and recovery of a connection with the unit (V1000 or V2000).

Unit synchronization following certain configuration changes (see below for more details). Manual synchronization of the unit through the Config Tool page. 



Card and PIN Operating mode

Feature availability

HID mixed mode

Depends on the card reader hardware options which are selected at the time of purchase. See "Supported HID keypad reader options" on page 788 for more details.

HID offline mode

Depends on the card reader hardware options which are selected at the time of purchase. See "Supported HID keypad reader options" on page 788 for more details.

For operation, the mixed and offline modes require the following:

• All reader interfaces/inputs/outputs for a door should belong to the same HID controller (HID Edge, VertX V2000, or Vertx V100 interface module).

Elevator control Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported

For operation, the mixed and offline modes require the following:

• All interface modules used for elevator control (HID VertX V100, V200, and V300) must be assigned to the same VertX V1000. Reader, inputs and outputs must be assigned to the same V2000 (max. of 4 floors) or Edge (max. of 2 floors). All units used for this feature must be assigned to the same Access Manager.

• • The reader interface, inputs, and outputs must be connected to the same HID controller

(VertX V1000, V2000, or Edge). A maximum of 1 elevator cab reader can be assigned per HID controller (VertX V1000, V2000, or Edge).

HID VertX elevator control The use of HID VertX controllers (V1000 and V2000) for elevator control is subject to the following:

• A VertX controller should be dedicated to the control of a single elevator cab. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

794

Access control unit modes of operation

• Once a VertX controller has been assigned to perform elevator control, it should only be •

used for that purpose. Door and zone control should not be mixed with elevator control, even when the unit has unused readers, inputs and outputs. When elevator floors are operating under controlled access mode, schedules from different access rules applied to different floors are merged when the rules are granted to a same cardholder.

EXAMPLE Suppose that the configuration set in Config Tool is such that Bob should be granted

access to floor 1 from 9 a.m. to 10 a.m. through access rule 1, and to floor 2 from 10 a.m. to 11 a.m. through access rule 2. When Bob presents his card in the elevator, the VertX controller will actually grant access to Robert from 9 a.m. to 11 a.m. on both floors.

Elevator floor tracking Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Not Supported. Event reporting is unavailable. Events are not regenerated when the unit reconnects to Synergis and switches from offline to either the online or the mixed mode of operation.

For operation, the mixed mode requires the following:

• All units used for this feature must be assigned to the same Access Manager. Event-to-action with Trigger output action Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Partially Supported

For operation, the mixed and offline modes require the following:

• All units used for this feature must be assigned to the same Access Manager. Extended grant time Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

795

Access control unit modes of operation

Hard antipassback (passback violation event generated and access is denied) Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported

NOTE Antipassback using the HID units is available with the VertX V2000 (area with a single

door) and the VertX V1000 (multiple areas and multiple doors per area). Antipassback with the HID Edge products is not supported.

Interlock Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported

For operation, the mixed and offline modes require the following:

• The antipassback feature must be disabled. Interlock (including the lockdown and override functions) and antipassback are mutually exclusive; both features cannot be enabled for an area at the same time. The inputs of an HID VertX V1000 must be not used for this feature.

• • All perimeter doors of an interlocked area must be assigned to the same HID controller (one VertX V1000 or one V2000).

NOTE If a perimeter door of an interlock is open, when an authorized cardholder accesses a second perimeter door of the same interlock, an Access Granted event for the second door might be generated, even through the second door does not unlock.

IO Linking Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported

For operation, the mixed and offline modes require the following:

• The inputs of an HID VertX V1000 must be not used for this feature. • All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

796

Access control unit modes of operation

Lockdown Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported

NOTE The Lockdown feature is only supported for areas where the Interlock feature is enabled.

Override Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported

NOTE The Override feature is only supported for areas where the Interlock feature is enabled.

People Counting Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Not Supported. If a unit assigned to one of the perimeter doors of an area is in this mode of operation, the feature is disabled for the entire area.

For operation, the mixed mode requires the following:

• All units used for this feature must be assigned to the same Access Manager. Readerless Door (use an IO module for a REX, door state, and door lock only) Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Supported NOTE There are no door activity reports during the time period when the unit is in this mode of operation.

For operation, the mixed and offline modes require the following:

• The inputs of an HID VertX V1000 must be not used for this feature. • All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

797

Access control unit modes of operation

NOTE A readerless door does not generate a Door forced open event. A readerless door also does not support the buzzer feature.

Soft Antipassback (passback violation event generated and access is granted) Operating mode

Feature availability

HID mixed mode

Supported

HID offline mode

Not Supported. Event reporting is unavailable. Events are not regenerated when the unit reconnects to Synergis and switches from offline to either the online or the mixed mode of operation.

Strict Antipassback With HID units, Hard and Strict antipassback are one in the same, as there is no distinction between the two. See "Hard antipassback (passback violation event generated and access is denied)" on page 796.

Timed antipassback Operating mode

Feature availability

HID mixed mode

Not Supported. All perimeter doors of an area must be in online mode.

HID offline mode

Not Supported. All perimeter doors of an area must be in online mode.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

798

Access control unit configuration

Access control unit configuration This section describes the supported HID access control unit configurations in Security Center.

General versus dedicated inputs When a unit is used to control a door, some inputs must be used only for their intended purpose (dedicated inputs). For example, if a door has a REX sensor or a door sensor, the unit’s inputs intended for these sensors must be used. If the door does not have a REX sensor or a door sensor, sometimes the unit input channels intended for these inputs can be used as general-purpose inputs. This is shown in the table below. Unit

Input

When used as

Required configuration

HID units (V100, V2000, and Edge devices)

REX

A REX input signal

When any unit REX input is used for a REX, you must also set: Automatically grant request to exit in the door Properties tab, which generates Request to exit events when the input is triggered. Events are logged, and can be used for event-to-actions. The input configuration in the Door, Unit tab to program the unit to react to a REX input by releasing the lock.

Another purpose (a general purpose input)

Deselect Automatically grant request to exit in the Door, Properties tab. Configure the input for a zone, interlock, etc.

A door position sensor input (door open or door closed).

Set this in the input configuration in the Door, Unit tab.

HID units (V100, V2000, and Edge devices)

Door Monitor

NOTE This input cannot be used as a

general purpose input.

Configuring a door with reader A door with a reader assigned to a V2000, V100, or an Edge device, must have all inputs (for example door contact, REX) and outputs (for example door lock) associated to that same device. Inputs and outputs must not be distributed across several devices.

Configuring a door with two door sensors It is not recommended to configure a door with two door sensors (or door contacts) without physically wiring the sensors in series. In the Security Center, only a single door sensor should be configured per door.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

799

Wiring diagrams

Wiring diagrams The following wiring diagrams can also be found at http://www.hidglobal.com/.

HID Edge reader & Edge Plus

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

800

Wiring diagrams

HID VertX V1000

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

801

Wiring diagrams

HID VertX V2000

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

802

D Bosch reference This section describes additional information concerning the setup and configuration of Bosch GV2, GV3, and GV4 series intrusion panels. This section includes the following topics:

• "How Bosch intrusion panel integration works" on page 804

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

803

How Bosch intrusion panel integration works

How Bosch intrusion panel integration works Bosch intrusion panels are integrated to Security Center using the Intrusion Manager role. The Intrusion Manager role receives events from the intrusion panel over an IP network or serial connection, reports them live in Security Desk, and logs them in a database for future reporting. The role also relays user commands to the intrusion panel (such as arming and disarming the intrusion detection areas), and triggers the outputs connected to the panel through event-toactions (for example, an Intrusion area master armed event in Security Center can trigger an output on the intrusion panel). For more information about setting up your Bosch intrusion panel in Security Center, see the Bosch Intrusion Panel Integration Guide, found in the Documentation\Controllers folder of your Security Center installation package.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

804

E Honeywell reference This section describes additional information concerning the setup and configuration of Honeywell Galaxy Dimension series control panels. This section includes the following topics:

• "How Galaxy Dimension control panel integration works" on page 806

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

805

How Galaxy Dimension control panel integration works

How Galaxy Dimension control panel integration works Honeywell Galaxy Dimension series control panels are integrated to Security Center using the Intrusion Manager role. The Intrusion Manager role receives events from the control panel over an IP network, reports them live in Security Desk, and logs them in a database for future reporting. The role also relays user commands to the control panel (such as arming and disarming the intrusion detection areas), and triggers the outputs connected to the panel through event-to-actions (for example, an Intrusion detection area master armed event in Security Center can trigger an output on the panel). For more information about setting up your Galaxy Dimension control panel in Security Center, see the Honeywell Galaxy Control Panel Integration Guide, found in the Documentation\Controllers folder of your Security Center installation package.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

806

Glossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Security Center is the unified platform for all Genetec’s IP security solutions, which include AutoVu™, Omnicast™, and Synergis™ modules. The definitions in this glossary pertain to all three modules.

A accepted user

A user who has read access over all entities contained in a partition. This allows the user to view them in all entity browsers. Additional access rights may be granted through user privileges.

Access control health history

Type of maintenance task that reports on access control unit malfunction events. See also Health history.

access control unit

Type of entity that represents an access control device, such as Synergis Master Controller (SMC) or an HID VertX controller, that communicates directly with the Access Manager over an IP network. Access control units usually control other slave units (or interface modules) such as the HID VertX V100 and V200, and the Mercury MR50 and MR52, which are connected to door sensors and readers. See also Access Manager, interface module and Synergis Master Controller.

Access control unit events Type of maintenance task that reports on events pertaining to selected access control units. Access Manager

Type of role that manages and monitors access control units on the system.

access point

Any monitored point that can be used to enter or exit a secured area, usually a door side or an elevator floor. Note that an elevator floor can only be used as an entry point.

access rule

Type of entity that defines the access control logic which grants or denies passage to a cardholder through an access point, based on a schedule.

Access rule configuration

Type of maintenance task that reports on entities and access points affected by a given access rule.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

807

Glossary

Access troubleshooter

Tool that helps you detect and diagnose access configuration problems. It allows you to find out about the following: • Who are allowed to use an access point at a given time • Which access points a cardholder is allowed to use at a given time • Why a given cardholder can or cannot use an access point at a given time.

access right

access right. (1) Type of rights a user has over entities in the system (view, add, modify, delete), which are defined by a combination of partitions and user privileges. (2) The right a cardholder has to pass through an access point at a given date and time.

action

User-programmable function that can be triggered as an automatic response to an event (door held open for too long, object left unattended) or executed according to a specific time table. See also event and event-to-action.

active alarm

An alarm that has not yet been acknowledged. See also alarm.

Active Directory

Active Directory (AD). (1) A directory service created by Microsoft. (2) Type of role that imports users and cardholders from an Active Directory and keeps them synchronized.

Activity trails

Type of maintenance task that reports on the user activity related to video and LPR functionality. This task can provide information such as who played back which video recordings, who used the Hotlist and permit editor, who enabled hotlist filtering, and much more.

Advanced Systems Format Advanced Systems Format or ASF (formerly Advanced Streaming Format) is a Microsoft streaming format associated with Windows Media Player. agent

Subprocess created by a Security Center role to run simultaneously on multiple servers for the purpose of sharing its load. See also redirector agent.

alarm

Type of entity that describes a particular trouble situation that requires immediate attention and how it should be handled in Security Center. Namely, its priority, what entities (usually cameras and doors) best describe it, who should be notified, how it should be displayed to the user, and so on.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

808

Glossary

alarm acknowledgement

User response to an alarm. There are two variants of alarm acknowledgement in Security Center: • Default acknowledgement • Alternate acknowledgement Each variant is associated to a different event so that specific actions can be programmed based on the alarm response selected by the user. See also action and event.

Alarm monitoring

Type of operation task that allows you to monitor and respond to alarms (acknowledge, forward, snooze, among other things) in real time, as well as review past alarms. See also monitor group.

alarm panel

Another name for intrusion panel. See also intrusion panel.

Alarm report

Type of investigation task that allows you to search and view current and past alarms.

analog monitor

Type of entity that represents a monitor that displays video from an analog source, such as a video decoder or an analog camera. This term is used in Security Center to refer to monitors not controlled by a computer. See also monitor group and video decoder.

antipassback

Access restriction placed on a secured area that prevents a cardholder from entering an area that they have not yet exited from, and vice-versa.

Archive storage details

Type of maintenance task that reports on the video files (file name, start and end time, file size, protection status, and so on) used to store video archive, and which allows you to change the protection status of those files, among other things.

Archiver

Type of role that is responsible for the discovery, status polling, and control of video units. The Archiver also manages the video archive, and performs motion detection when it is not done on the unit itself. See also Auxiliary Archiver and video unit.

Archiver events

Type of maintenance task that reports on events pertaining to selected Archiver roles.

Archives

Type of investigation task that allows you to find and view available video archives by camera and time range.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

809

Glossary

area

Type of entity that represents a concept or a physical location (room, floor, building, and so on) used for the logical grouping of entities in the system. See also Logical view. When Synergis is enabled, the area entity can also be used to configure a secured area with access rules and access control behavior. See also antipassback and interlock.

Area activities

Type of investigation task that reports on area related activities (access granted, access denied, first person in, last person out, antipassback violation, and so on).

Area presence

Type of investigation task that provides a snapshot of all cardholders and visitors currently present in a selected area.

ASF

See Advanced Systems Format.

asset

Type of entity that represents any valuable object with an RFID tag attached, allowing it to be tracked by an asset management software. See also RFID tag.

asynchronous video

Simultaneous playback video from more than one camera that are not synchronized in time.

audio decoder

Device or software that decodes compressed audio streams for playback. Synonym of "speaker".

audio encoder

Device or software that encodes audio streams using a compression algorithm. Synonym of "microphone".

Audit trails

Type of maintenance task that reports on the configuration changes who made them, on selected entities in the system.

automatic discovery

The process by which IP units on a network are automatically discovered by Security Center. This is done by broadcasting a discovery request on the discovery port and waiting for all listening units to respond with a packet that contains connection information about itself. Security Center uses the information to automatically configure the connection to the unit, thus enabling communication. Not all units support this feature. See also unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

810

Glossary

AutoVu

AutoVu™ is the IP license plate recognition (LPR) system of Security Center that automates the reading and verification of vehicle license plates. AutoVu Sharp cameras capture license plate images, and send the data to Patroller or Security Center to verify against lists of vehicles of interest (hotlists) and vehicles with permits (permit lists). You can install AutoVu in a fixed configuration (e.g. on a pole in a parking lot), or in a mobile configuration (e.g. on a police car). You can use AutoVu for scofflaw and wanted vehicle identification, city-wide surveillance, parking enforcement, parking permit control, vehicle inventory, security, and access control.

AutoVu LPR Processing Unit

Processing component of the SharpX system. The LPR Processing Unit is available with two or four camera ports, with one dedicated processor per camera (if using SharpX) or per two cameras (if using SharpX VGA). This ensures maximum, per-camera, processing performance. The LPR Processing Unit is sometimes referred to as the "trunk unit" because it is typically installed in a vehicle's trunk. See also LPR camera and SharpX.

Auxiliary Archiver

Type of role that supplements the video archive produced by the Archiver. Unlike the latter, the Auxiliary Archiver is not bound to any particular discovery port. Therefore, it can archive any camera in the system, including the federated ones (Security Center 5.x systems only). The Auxiliary Archiver depends on the Archiver to communicate with the video units. It cannot operate on its own. See also Archiver and discovery port.

B Badge designer

Tool that allows you to design and modify badge templates.

Badge printer

Tool that allows you to print badges in bulk, based on a badge template and a list of cardholders or credentials.

badge template

Entity type used to configure a printing template for badges.

bit rate

Data transfer rate expressed in kilobits per second (Kbps).

block face (2sides)

Type of parking regulation characterizing an overtime rule. A block face is the length of a street between two intersections. A vehicle is in violation if it is seen parked within the same block over a specified period of time. Moving the vehicle from one side of the street to the other does not make a difference.

bookmark

Short text used to mark a specific position in a recorded video sequence that can be used to search for that video sequence at a later stage.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

811

Glossary

Bookmarks

Type of investigation task that searches for bookmarks related to selected cameras within a specified time range.

Breakout box

Genetec's proprietary connector box for AutoVu mobile solutions that use Sharp version 2.0 cameras. The breakout box provides power and network connectivity to the Sharp units and the in-vehicle computer. Currently, the AutoVu SharpX system is the preferred solution for a mobile AutoVu installation.

broadcast

Communication between a single sender and all receivers on a network

C camera

Type of entity that represents a single video source on the system. The video source can be an IP camera or an analog camera connected to the video encoder of a video unit. Multiple video streams can be generated from the same video source. See also video encoder.

camera blocking

Omnicast feature that lets you restrict the viewing of video (live or playback) from certain cameras to users with a minimum user level. See also user level.

Camera events

Type of investigation task that reports on events pertaining to selected cameras within a specified time range.

camera sequence

Type of entity that defines a list of cameras that are displayed one after another in a rotating fashion within a single tile in Security Desk.

canvas

One of the panes found in the Security Desk's task workspace. The canvas is used to display multimedia information, such as videos, maps, and pictures. It is further divided into three panels: the tiles, the dashboard, and the properties. See also tile.

card and pin

An access point mode that requires a cardholder to present their card and then enter a personal identification number (PIN).

cardholder

Type of entity that represents a person who can enter and exit secured areas by virtue of their credentials (typically access cards) and whose activities can be tracked.

Cardholder access rights

Type of maintenance task that reports on which cardholders and cardholder groups are granted or denied access to selected areas, doors, and elevators.

Cardholder activities

Type of investigation task that reports on cardholder activities (access denied, first person in, last person out, antipassback violation, and so on).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

812

Glossary

Cardholder configuration Type of maintenance task that reports on cardholder properties (first name, last name, picture, status, custom properties, and so on). cardholder group

Type of entity that configures the common access rights of a group of cardholders.

Cardholder management

Type of operation task that allows you to create, modify, and delete cardholders, as well as manage their credentials, including temporary replacement cards.

cash register

Type of entity that represents a single cash register (or terminal) in a point of sale system. See also point of sale system.

certificate

Additional license information that is required to run plugins or SDK-based applications.

City Parking Enforcement Patroller software installation that is configured for city parking enforcement: the enforcement of parking permit and/or overtime restrictions. See also overtime rule and permit. City Parking Enforcement A "City Parking Enforcement" installation of a Patroller application that also with Wheel Imaging includes wheel imaging. The use of maps and of the Navigator is mandatory. See also City Parking Enforcement. compatibility pack

See Omnicast compatibility pack.

Config Tool

Security Center administrative application used to manage all Security Center users, and configure all Security Center entities such as areas, cameras, doors, schedules, cardholders, Patroller/LPR units, and hardware devices.

Conflict resolution utility Tool that helps you resolve conflicts caused by importing users and cardholders from an Active Directory. context camera

A camera connected to an LPR unit that produces a wider angle color image of the vehicle whose license plate was read by the LPR camera. See also LPR camera and LPR unit.

controlled exit

Credentials are necessary to leave a secured area.

controller module

Processing component of Synergis Master Controller with IP capability, preloaded with the controller firmware and the web-based administration tool, Controller Portal. See also Controller Portal, four-port RS-485 module, and Synergis Master Controller.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

813

Glossary

Controller Portal

Web-based administration tool hosted on every Synergis Master Controller unit, used to configure, administer, and upgrade the controller firmware. See also controller module and Synergis Master Controller.

Copy configuration tool

Tool that copies the configuration of one entity to many other entities.

covert hit

Read (captured license plate) that is matched to a covert hotlist. Covert hits are not displayed on the Patroller screen, but can be displayed in the Security Desk by a user with proper privileges.

covert hotlist

Hotlist hidden from the AutoVu Patroller users. Reads matching a covert hotlist generate covert hits.

credential

Type of entity that represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time.

Credential activities

Type of investigation task that reports on credential related activities (access denied due to expired, inactive, lost, or stolen credential, and so on).

credential code

A textual representation of the credential showing the credential data (typically the Facility code and the Card number). For credentials using custom card formats, the user can choose what to include in the credential code.

Credential configuration

Type of maintenance task that reports on credential properties (status, assigned cardholder, card format, credential code, custom properties, and so on).

Credential management

Type of operation task that allows you to create, modify, and delete credentials, and print badges. It also allows you to enroll large numbers of card credentials into the system, either by scanning them at a designated card reader, or by entering a range of values.

custom event

An event added after the initial system installation. Events defined at system installation are called system events. Custom events can be user-defined or automatically added through plugin installations. Unlike system events, custom events may be renamed and deleted.

custom field

User defined property associated to an entity type to store additional information that is useful to your particular organization.

D Daily usage per patroller

Type of investigation task that reports on the daily usage statistics of a selected Patroller (operating time, longest stop, total number of stops, longest shutdown, and so on) for a given date range.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

814

Glossary

dashboard

One of the three panels that belong to the canvas in Security Desk. It contains the graphical commands (or widgets) pertaining to the entity displayed in the current tile. See also widget.

database

Collection of data that is organized so that its contents can easily be accessed, managed, and updated.

database server

An application that manages databases and handles data requests made by client applications. Security Center uses Microsoft SQL Server as its database server.

debounce

The amount of time an input can be in a changed state (for example, from active to inactive) before the state change is reported. Electrical switches often cause temporarily unstable signals when changing states, possibly confusing the logical circuitry. Debouncing is used to filter out unstable signals by ignoring all state changes that are shorter than a certain period of time (in milliseconds).

dewarping

Transformation used to straighten a digital image taken with a fish-eye lens.

DHCP server

A DHCP (Dynamic Host Configuration Protocol) server provides configuration parameters necessary for a unit to automatically connect to an IP network. DHCP automatically supplies the unit with an IP address, the network mask, a gateway IP address, and a DNS server IP address.

Directory

The main role that identifies your system. It manages all entity configurations and system wide settings in Security Center. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server. All other servers in Security Center must connect to the main server and are called expansion servers. See also expansion server, main server, and server.

Directory Manager

The role that manages the Directory failover and load balancing in order to produce the high availability characteristics in Security Center. See also Directory server and high availability.

Directory server

Any one of the multiple servers simultaneously running the Directory role in a high availability configuration. See also Directory, high availability, and server.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

815

Glossary

discovery port

Port used by certain Security Center roles (Access Manager, Archiver, LPR Manager) to find the units they are responsible for on the LAN. No two discovery ports can be the same on one system. See also automatic discovery.

district

Type of parking regulation characterizing an overtime rule. A district is a geographical area within a city. A vehicle is in violation if it is seen within the boundaries of the district over a specified period of time.

door

Type of entity that represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides named by default “A” and “B”. Each side is an access point (entrance or exit) to a secured area.

Door activities

Type of investigation task that reports on door related activities (access denied, door forced open, door open too long, hardware tamper, and so on).

door contact

A door contact monitors the state of a door, whether it is open or closed. It can also be used to detect improper state (door open too long).

door controller

See access control unit.

door side

Every door has two sides, named by default "A" and "B". Each side is an access point to an area. For example, passing through side A leads into an area, and passing through side B leads out of that area. For the purposes of access management, the credentials necessary to pass through a door in one direction are not necessarily the same to pass through in the opposite direction.

Door troubleshooter

Type of maintenance task that lists all the cardholders who have access to a particular door side or elevator floor at a specific date and time.

Driver Development kit

Driver Development Kit (DDK). An SDK for creating device drivers.

duress

A special code used to disarm an alarm system that quietly alerts the monitoring station that the alarm system was disarmed under threat.

E edge recording

Video is recorded on the unit itself, eliminating the need to constantly stream video to a centralized server. See also Archiver.

electric door strike

An electric device that releases the door latch when current is applied.

elevator

Type of entity that provides access control properties to elevators. For an elevator, each floor is considered an entry point for the area corresponding to that floor.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

816

Glossary

Elevator activities

Type of investigation task that reports on elevator related activities (access denied, floor accessed, unit is offline, hardware tamper, and so on).

enforce

To take action following a confirmed hit. For example, a parking officer can enforce a scofflaw (unpaid parking tickets) violation by placing a wheel boot on the vehicle.

entity

Entities are the basic building blocks of Security Center. Everything that requires configuration is represented by an entity. An entity may represent a physical device, such as a camera or a door, or an abstract concept, such as an alarm, a schedule, a user, or a software module.

entity tree

The graphical representation of Security Center entities in a tree structure illustrating the hierarchical nature of their relationships. See also Logical view.

event

Indicates the occurrence of an activity or incident, such as access denied to a cardholder or motion detected on a camera. Events are automatically logged in Security Center, and can be programmed to trigger actions, conferring intelligent behavior to the system. Every event mainly focuses on one entity, called the event source. See also event-to-action.

event-to-action

The coupling of an action to an event to confer automatic and intelligent behavior to the system.

expansion server

Any server machine in a Security Center system that does not host the Directory role. The purpose of the expansion server is to add to the processing power of the system. See also main server and server.

F failover

A backup operational mode in which a role (system function) is automatically transferred from its primary server to a secondary server that is on standby when the primary server becomes unavailable, either through failure or through scheduled downtime. See also high availability and load balancing.

federated entity

Any entity that is imported from an independent system via a federation role.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

817

Glossary

federated system

A independent system (Omnicast or Security Center) that is unified under your local Security Center via a federation role, so that the local users can view and manipulate its entities as if they belong to the local system. See also Omnicast Federation and Security Center Federation.

Federation

The Federation™ is a virtual system formed by joining multiple remote independent Genetec IP security systems together. The purpose of the Federation is to allow the users on your local system (the Federation host) to access the entities belonging to independent systems as if they were on your local system.

four-port RS-485 module

RS-485 communication component of Synergis Master Controller with four ports (or channels) named A, B, C, and D. The number of interface modules you can connect to each channel depends on the type of hardware you have. See also controller module, interface module, and Synergis Master Controller.

frame

A single video image.

free access

Access point state where no credentials are necessary to enter a secured area. The door is unlocked. This is typically used during normal business hours, as a temporary measure during maintenance, or when the access control system is first powered up and is yet to be configured.

free exit

Access point state where no credentials are necessary to leave a secured area. The person releases the door by turning the doorknob, or by pressing the REX button, and walks out. An automatic door closer shuts the door so it can be locked after being opened.

G G64

G64 is the native data format used by all archiving roles (Archiver and Auxiliary Archiver) to store video files. This data format incorporates all information related to the video data, including audio, bookmarks, timestamps, motion and event markers, and supports watermarking. See also ASF, video file, and video watermarking.

Genetec Plan Manager Server

Windows service that runs Plan Manager Server modules.

Genetec Server

Windows service at the core of Security Center architecture that must be installed on every computer that is part of the Security Center's pool of servers. Every such server is a generic computing resource capable of taking on any role (set of functions) you assign to it.

See also Plan Manager Server.

See also server. gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

818

Glossary

geocoding

The process of finding associated geographic coordinates (latitude and longitude) from a street address. See also reverse geocoding.

ghost camera

Entity used as a stand in camera that is automatically created by the Archiver when video archives are detected for a camera whose definition has been deleted from the Directory, either accidentally or because the physical device no longer exists. Ghost cameras cannot be configured. They only exist so users can reference the video archive that would otherwise not be associated to any camera. See also camera.

ghost Patroller

Entity automatically created by the LPR Manager when the AutoVu license includes the XML Import module. In Security Center, all LPR data must be associated to a Patroller entity or an LPR unit corresponding to a fixed Sharp camera. When you import LPR data from an external source via a specific LPR Manager using the XML Import module, the system uses the ghost entity to represent the LPR data source. You can formulate queries using the ghost entity as you would with a normal entity. See also Patroller.

GIS

Geographic information system (GIS) is a third party map provider that Plan Manager can connect to, to bring maps and all types of geographically referenced data to Security Center. See also KML, OGC, and WMS.

Global Cardholder Synchronizer

Type of role that ensures the two-way synchronization of shared cardholders and their related entities between the local system (sharing participant) and the central system (sharing host). See also sharing guest and sharing host.

global entity

Entity that is shared across multiple independent Security Center systems by virtue of its membership to a global partition. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. See also global partition.

global partition

Partition that is shared across multiple independent Security Center systems by the partition owner, called the sharing host. See also global entity, partition, and sharing guest.

GUID

A globally unique identifier, or GUID, is a special type of identifier used in software applications to provide a unique reference number.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

819

Glossary

H H.264

H.264/MPEG-4 AVC (Advanced Video Coding) is a standard for video compression.

Hardware inventory

Type of maintenance task that reports on the characteristics (unit model, firmware version, IP address, time zone, and so on) of access control, video, intrusion detection, and LPR units in your system.

hardware zone

A subtype of zone entity where the IO linking is done by hardware. A hardware zone is controlled by a single access control unit and works only in mixed and offline mode. Hardware zones cannot be armed or disarmed from Security Desk. See also virtual zone and zone.

Health history

Type of maintenance task that reports on health issues. See also Health statistics and Health Monitor.

Health Monitor

The central role that monitors system entities such as servers, roles, units, and client applications for health issues. See also Health history and Health statistics.

Health statistics

Type of maintenance task that gives you an overall picture of the health of your system. See also Health history and Health Monitor.

high availability

Design approach used to enable a system to perform at a higher than normal operational level. This often involves failover and load balancing. See also failover and load balancing.

HIP

A hardware integration package, or HIP, is an update that can be applied to Security Center. It enables the management of new functionalities (for example, new video unit types), without requiring an upgrade to the next Security Center release.

hit

License plate read that matches a hit rule (hotlist, overtime rule, permit, or permit restriction). A Patroller user can choose to reject or accept a hit. An accepted hit can subsequently be enforced. See also enforce.

hit rule

Type of LPR rule used to identify vehicles of interest (called "hits") using license plate reads. The hit rules include the following types: hotlist, overtime rule, permit, and permit restriction. hit, hotlist, overtime rile, permit, and permit restriction.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

820

Glossary

Hits

Type of investigation task that reports on hits reported within a selected time range and geographic area. See also hit and hotlist.

hot action

An action mapped to a PC keyboard function key (Ctrl+F1 through Ctrl+F12) in Security Desk for quick access.

hotlist

Type of entity that defines a list of wanted vehicles, where each vehicle is identified by a license plate number, the issuing state, and the reason why the vehicle is wanted (stolen, wanted felon, Amber alert, VIP, and so on). Optional vehicle information might include the model, the color, and the vehicle identification number (VIN). See also hit rule.

Hotlist and permit editor

Type of operation task used to edit an existing hotlist or permit list. A new list cannot be created with this task, but after an existing list has been added to Security Center, users can edit, add, or delete items from the list, and the original text file is updated with the changes. See also hotlist and permit.

hotspot

Type of map object that represents an area on the map that requires special attention. Clicking on a hotspot displays associated fixed and PTZ cameras. See also map object.

HTTPS

Secure Hypertext Transfer Protocol for the World Wide Web that provides safe data transmission by encrypting and decrypting information sent over the Internet.

I I-frame

Synonym of intra-frame and key frame. See also key frame.

illuminator

A light in the Sharp unit that illuminates the plate, thereby improving the accuracy of the images produced by the LPR camera. See also LPR camera.

Immersive view

Plan Manager feature that lets you 'walk' inside a building or a city in a first person view.

Import tool

Tool that allows you to import cardholders, cardholder groups, and credentials from a CSV (Comma Separated Values) file.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

821

Glossary

inactive entity

An entity that is shaded in red in the entity browser. It signals that the real world entity it represents is either not working, offline, or incorrectly configured. See also entity.

incident

Any incident reported by a Security Desk user. Incident reports can use formatted text and include events and entities as support material. See also Incidents.

Incidents

Type of investigation task that allows you to search, review, and modify incident reports.

interface module

A third-party device that communicates with Synergis Master Controller over IP, USB, or RS-485, and provides input, output, and reader connections to the controller module. See also controller module, four-port RS-485 module, and Synergis Master Controller.

interlock

Access restriction placed on a secured area that permits only one door to be open at any given time. When one perimeter door is open, all other perimeter doors are locked.

intra-frame

Synonym of I-frame and key frame. See also key frame.

intrusion detection area

Type of entity that corresponds to a zone or a partition (group of sensors) on an intrusion panel. See also intrusion detection unit.

Intrusion detection area activities

Type of investigation task that reports on activities (master arm, perimeter arm, duress, input trouble, and so on) in selected intrusion detection areas.

intrusion detection unit

Type of entity that represents an intrusion panel (or alarm panel) that is monitored and controlled by Security Center. See also Intrusion Manager.

Intrusion detection unit events

Type of investigation task that reports on events (AC fail, battery fail, unit lost, input trouble, and so on) pertaining to selected intrusion detection units.

Intrusion Manager

Type of role that monitors and controls intrusion panels. It also logs the intrusion events in a database for intrusion activity reports. See also intrusion detection unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

822

Glossary

intrusion panel

A wall-mounted unit where the alarm sensors (motion sensors, smoke detectors, door sensors, and so on) and wiring of the intrusion alarms are connected and managed. See also intrusion detection unit.

Inventory management

Type of operation task that allows you to add and reconcile license plate reads to a parking facility inventory.

Inventory report

Type of investigation task that allows you to view a specific inventory (vehicle location, vehicle length of stay, and so on) or compare two inventories of a selected parking facility (vehicles added, vehicles removed, and so on).

IO configuration

Type of maintenance task that reports on the IO configurations (controlled access points, doors, and elevators) of access control units.

IO linking

IO (input/output) linking is controlling an output relay based on the combined state (normal, active, or trouble) of a group of monitored inputs. A standard application would be to sound a buzzer (via an output relay) when any window on the ground floor of a building is shattered (assuming that each window is monitored by a "glass break" sensor connected to an input). See also zone.

IP

The protocol that routes data packets through a local area network (LAN) and the Internet.

IP address

An IP Address is a unique numeric address for a specific computer or computing device connected to the Internet, or to a LAN. See also IPv4 and IPv6.

IP camera

A video unit incorporating a camera. See also video unit.

IPv4

First generation IP protocol using a 32-bit address space.

IPv6

New generation IP protocol extending the address space from 32 to 128 bits.

J K key frame

A key frame (or I-frame, or intra-frame) is a frame that contains a complete image by itself as opposed to a usual frame that only holds information that changed compared to the previous frame. It is used as reference in video image compression.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

823

Glossary

KML

Keyhole Markup Language (KML) is a file format used to display geographic data in an Earth browser such as Google Earth and Google Maps. See also GIS.

L Law Enforcement

Patroller software installation that is configured for law enforcement: the matching of license plate reads against lists of wanted license plates (hotlists). The use of maps is optional. See also hotlist.

license key

Software key used to unlock the Security Center software. The license key is specifically generated for each computer where the Directory role is installed. You need the System ID (which identifies your system) and the Validation key (which identifies your computer) in order to obtain your license key.

license plate inventory

List of license plate numbers of vehicles found in a parking facility within a given time period, showing where each vehicle is parked (sector and row). See also Inventory report.

license plate read

License plate number captured from a video image using LPR technology. See also hit and License Plate Recognition.

License Plate Recognition Image processing technology used to read license plate numbers. License Plate Recognition (LPR) converts license plate numbers cropped from camera images into a database searchable format. See also LPR camera and OCR equivalence. live hit

A hit matched by the Patroller and immediately sent to the Security Center over a wireless network.

live read

A license plate captured by the Patroller and immediately sent to the Security Center over a wireless network.

load balancing

Distribution of workload across multiple computers. See also failover and high availability.

logical ID

Unique IDs assigned to each entity in the system for ease of reference. Logical IDs are only unique within a particular entity type.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

824

Glossary

Logical view

Browser view that organizes all viewable entities in Security Desk (such as areas, cameras, doors, elevators, maps, and so on) according to their logical relationships. Areas are used as logical groupings for other entities. Each area may represent a concept or a physical location. See also Security Desk.

Logons per Patroller

Type of investigation task that reports on the logon records of a selected Patroller.

long term

Type of parking regulation characterizing an overtime rule. The "long term" regulation uses the same principle as the "same position" regulation, but the parking period is over 24 hours. No more than one overtime rule may use the long term regulation in the entire system.

LPR

See License Plate Recognition.

LPR camera

A camera connected to an LPR unit that produces high resolution close-up images of license plates. See also context camera and SharpX.

LPR Manager

Type of role that manages and controls Patrollers and fixed Sharp units. The LPR Manager manages the data (reads and hits) collected by the LPR units it controls and updates the configuration of the mobile units (Patrollers) every time they begin a new shift.

LPR rule

Method used by Security Center/AutoVu for processing a license plate read. An LPR rule can be a "hit rule" or a "parking facility". See also hit rule and parking facility.

LPR unit

Type of entity that represents a hardware device dedicated to the capture of license plate numbers. An LPR unit is typically connected to an LPR camera and a context camera. These cameras can be incorporated to the unit or external to the unit. See also AutoVu LPR Processing Unit, License Plate Recognition, LPR Manager, and Sharp unit.

M macro

Type of entity that encapsulates a C# program that adds custom functionalities to Security Center.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

825

Glossary

main server

The only server in a Security Center system hosting the Directory role. All other servers on the system must connect to the main server in order to be part of the same system. In an high availability configuration where multiple servers host the Directory role, it is the only server that can write to the Directory database. See also Directory server, expansion server, and server.

manual capture

When license plate information is entered into the system by the user, and not by the LPR.

manufacturer extension

Manufacturer specific settings for access control units, video units, and intrusion detection units.

Map Data Server

Plan Manager server module that manages the Plan Manager database. It must run on the Plan Manager’s main server. See also Plan Manager Server.

Map Generator

Plan Manager server module that imports raster and vector maps to Plan Manager database. See also Plan Manager configuration.

map link

Type of map object that lets you jump to either another map or another area of the same map. See also map object.

Map mode

Security Desk canvas operating mode where the main area of the canvas is used to display a geographical map.

map object

A graphical object displayed on a Plan Manager map, such as a camera, a door, or a hyperlink, that allows you to monitor and control your Security Center system, or to navigate through your maps. See also hotspot, map link, and Plan Manager Client.

Map Tile Server

Plan Manager server module that sends map files to Security Desk. See also Plan Manager Client and Plan Manager Server.

master arm

Arming an intrusion detection area in such a way that all sensors attributed to the area would set the alarm off if one of them is triggered. Some manufacturers call this arming mode “Away arming”.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

826

Glossary

Media Router

The central role that handles all stream (audio and video) requests in Security Center. It establishes streaming sessions between the stream source (camera or Archiver) and its requesters (client applications). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks, and servers).

metadata

Metadata is data about data. Any data that describes or enriches the raw data.

Migration tool

Tool used to migrate Omnicast 4.x systems to Security Center 5. This tool must be executed on every server computer where Omnicast 4.x components are installed.

mixed mode

Access control unit operation mode where all access control decisions are made by the unit locally based on information downloaded from the Access Manager during unit synchronization. Access events are reported to the Access Manager in real-time. See also offline mode, online mode.

M-JPEG

Motion JPEG (M-JPEG) is an informal name for a class of video formats where each video frame of a digital video sequence is separately compressed as a JPEG image.

MLPI

See Mobile License Plate Inventory.

Mobile Admin

Web-based administration tool used to configure the Mobile Server. See also Mobile Server.

Mobile app

The client component of Security Center Mobile installed on mobile devices. Mobile app users connect to Mobile Server to receive alarms, view live video streams, view the status of doors, and more, from Security Center. See also mobile device, Mobile Server, and Web Client.

Mobile Data Computer

Mobile Data Computer (MDC). Tablet computer or ruggedized laptop used in patrol vehicles to run the AutoVu Patroller application. The MDC is typically equipped with a touch-screen with a minimum resolution of 800 x 600 pixels and wireless networking capability.

mobile device

Any handheld device that can connect to Wi-Fi or wireless carrier networks, such as a smartphone, tablet, and so on, on which the Mobile app is installed. See also Mobile app.

Mobile License Plate Inventory

Patroller software installation that is configured for collecting license plates and other vehicle information for creating and maintaining a license plate inventory for a large parking area or parking garage. See also license plate inventory and parking facility.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

827

Glossary

Mobile Server

The server component of Security Center Mobile that connects Mobile apps and Web Clients to Security Center. The Mobile Server connects to Security Center, and synchronizes the data and video between Security Center and supported Mobile client components. See also Mobile Admin, Mobile app, and Web Client.

monitor group

Type of entity used to designate analog monitors for alarm display. Besides the monitor groups, the only other way to display alarms in real time is to use the Alarm monitoring task in Security Desk. See also Alarm monitoring and analog monitor.

monitor ID

ID used to uniquely identify a workstation screen controlled by Security Desk.

Monitoring

Type of operation task that allows you to monitor and respond to real time events pertaining to selected entities of interest.

motion detection

The software component that watches for changes in a series of video images. The definition of what constitutes motion in a video can be based on highly sophisticated criteria.

Motion search

Type of investigation task that searches for motion detected in specific areas of a camera's field of view.

motion zone

User defined areas within a video image where motion should be detected.

Move unit

Tool used to move units from one manager role to another. The move preserves all unit configurations and data. After the move, the new manager immediately takes on the command and control function of the unit, while the old manager continues to manage the unit data collected before the move.

MPEG-4

A patented collection of methods defining compression of audio and visual (AV) digital data.

multicast

Communication between a single sender and multiple receivers on a network.

N NAT

See network address translation.

Navigator

Genetec's proprietary in-vehicle device that provides GPS coordinates and odometer readings to Patroller. The Patroller uses this information to provide precise reverse geocoding to vehicles and reads. See also reverse geocoding.

network

Entity type used to capture the characteristics of a network for stream routing purposes.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

828

Glossary

network address translation

The process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device, for the purpose of remapping one IP address space into another.

Network view

Browser view that illustrates your network environment by showing each server under the network they belong to.

new wanted

In Patroller, a manually entered hotlist item. When you are looking for a plate that does not appear in the hotlists loaded in the Patroller, you can enter the plate in order to raise a hit if the plate is captured.

O OCR equivalence

The interpretation of OCR equivalent characters performed during license plate recognition. OCR equivalent characters are visually similar, depending on the plate’s font. For example, the letter “O” and the number “0”, or the number “5” and the letter “S”. There are several pre-defined OCR equivalent characters for different languages. See also Optical Character Recognition.

offline mode

Access control unit operation mode when the communication with the Access Manager has been lost. The unit makes access control decisions locally, based on information downloaded from the Access Manager during unit synchronization. Access events are logged in the unit and are uploaded to the Access Manager when the network connection is re-established. See also mixed mode and online mode.

OGC

Open Geospacial Consortium (OGC) is a standards organization for geographic information systems. See also GIS and WMS.

Omnicast

Omnicast™ is the IP video surveillance system of Security Center that provides seamless management of digital video. Omnicast allows for multiple vendors and CODEC (coder/decoder) to be used within the same installation, providing the maximum flexibility when selecting the appropriate hardware for each application.

Omnicast compatibility pack

Software component that you need to install to make Security Center compatible with an Omnicast 4.x system.

Omnicast Federation

Type of role that imports entities from an independent Omnicast 4.x system so that its cameras and events can be used by your local Security Center users.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

829

Glossary

online mode

Access control unit operation mode where the unit is under the direct real-time control of the Access Manager. The Access Manager makes all access control decisions. This mode is not available with HID VertX and Edge units. See also mixed mode and offline mode.

Optical Character Recognition

Optical Character Recognition (OCR) is the technology used to translate the characters found in images into machine editable text. See also OCR equivalence.

output behavior

Type of entity that defines a custom output signal format such as a pulse with a delay and duration.

overtime rule

Type of entity that defines a parking time limit and the maximum number of violations enforceable within a single day. Overtime rules are used in city and university parking enforcement. For university parking, an overtime rule also defines the parking zone where these restrictions apply. See also hit rule and parking zone.

P parking facility

Type of entity that defines a large parking area as a number of sectors and rows for the purpose of inventory tracking. See also Mobile License Plate Inventory.

parking lot

A polygon that defines the location and shape of a parking area on a map. By defining the number of parking spaces inside the parking lot, Security Center can calculate its percentage of occupancy during a given time period. See also parking zone.

parking zone

General concept used to designate the area where a given parking regulation (overtime rule, permit, or permit restriction) is enforced. When used in the context of university parking enforcement, the parking zone must be explicitly defined as a list of parking lots. See also parking lot.

partition

Type of entity that defines a set of entities that are only visible to a specific group of users. For example, a partition could include all doors, elevators, and cameras in one building. See also accepted user and partition manager.

partition manager

An accepted user of a partition who has full administrative rights over the partition and its members. A partition manager can add, modify, and delete all entities within the partition, including users and user groups.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

830

Glossary

Patroller

Patroller. (1) Type of entity that represents a patrol vehicle equipped with the Patroller software. (2) AutoVu software application installed on an in-vehicle computer. Patroller connects to Security Center and is controlled by the LPR Manager. Patroller verifies license plates read from LPR cameras against lists of vehicles of interest (hotlists) and vehicles with permits (permit lists). It also collects data for time-limited parking enforcement. Patroller alerts you of hotlist or permit hits so that you can take immediate action. See also LPR camera and LPR Manager.

Patroller Config Tool

Patroller administrative application used to configure Patroller-specific settings such as: adding Sharp cameras to the in-vehicle LAN; enabling features such as Manual Capture or New Wanted; and specifying that a username and password are needed to log on to Patroller.

People counting

Type of operation task that keeps count in real time of the number of cardholders in all secured areas of your system.

perimeter arm

Arming an intrusion detection area in such a way that only sensors attributed to the area perimeter would set the alarm off if triggered. Other sensors such as motion sensors inside the area will be ignored.

permit

Type of entity that defines a single parking permit holder list. Each permit holder is characterized by a permit ID, a license plate number, a license issuing state, and optionally, a permit validity range (effective date and expiry date). Permits are used in both city and university parking enforcement. See also City Parking Enforcement and University Parking Enforcement.

permit hit

A hit that is generated when a read (license plate number) does not match any entry in a permit or when it matches an invalid permit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

831

Glossary

permit restriction

Type of entity that applies time restrictions to a series of parking permits for a given parking zone. Permit restrictions are only used in university parking enforcement. Different time restrictions can be associated to different permits. For example, a permit restriction may limit the parking in zone A from Monday to Wednesday for permit P1 holders, and from Thursday to Sunday for permit P2 holders. A plate read generates a permit hit in the following instances: • Does not match any entry in the list • Matches one or more permit in the list that are not valid in the parking zone • Matches an invalid permit • Matches a valid permit, but the permit is not valid at that time • Matches a valid permit number, but the permit is temporarily not allowed to park. Additionally, a shared permit hit occurs when two plates sharing the same permit ID are read in the same parking zone within a specific time period. See also parking zone, permit, and permit hit.

Plan Manager

Security Center feature that lets you create and integrate interactive maps into your system, for access control, video streaming and intrusion detection. It uses digital maps to represent the physical locations of monitored inputs such as cameras, doors, areas and zones. See also Plan Manager Client and Plan Manager Server.

Plan Manager Client

Plan Manager client component that runs as a plugin for Security Desk. It enables operators to use maps to monitor and control cameras, doors, and other security devices, and administrators to create map objects. See also map object, Map Tile Server, and tile plugin.

Plan Manager configuration

Administrative task used to set up Plan Manager Server and configure the map hierarchy. See also Plan Manager Server.

Plan Manager Server

Plan Manager server component that includes three modules: Map Data Server, Map Generator, and Map Tile Server. See also Map Data Server, Map Generator, Map Tile Server, and Plan Manager configuration.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

832

Glossary

Plate Reader

Software component of the Sharp unit that processes the images captured by the LPR camera to produce license plate reads, and associates each license plate read with a context image captured by the context camera. The Plate Reader also handles the communications with the Patroller and the LPR Manager. If an external wheel imaging camera is connected to the Sharp unit, the Plate Reader also captures wheel images from this camera. See also LPR Manager, Patroller, and Sharp unit.

Plugin

Plugin. There are two definitions: (1) Proper noun – Type of role that hosts a specific plugin. (2) Common noun – A software module that adds a specific feature or service to a larger system.

Point of Sale

Type of role that imports transaction data from an external point of sale system so that transaction reports can be generated from Security Desk for investigation purposes. See also point of sale system.

point of sale system

Point of sale (POS) typically refers to the hardware and software used for checkouts - the equivalent of an electronic cash register. Point of sale systems are used in supermarkets, restaurants, hotels, stadiums, and casinos, as well as almost any type of retail establishment. Today's POS systems handle a vast array of features, including, but not limited to, detailed transaction capture, payment authorization, inventory tracking, loss prevention, sales audit and employee management.

Portable Archive Player

Self-contained video player that can play exported Security Center video files on computers that do not have Security Center installed. See also video file.

primary server

The default server chosen to perform a specific function (or role) in the system. To increase the system's fault-tolerance, the primary server can be protected by a secondary server on standby. When the primary server becomes unavailable, the secondary server automatically takes over. See also failover.

private IP address

An IP address chosen from a range of addresses that are only valid for use on a LAN. The ranges for a private IP address are: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.16.255.255, and 192.168.0.0 to 192.168.255.255. Routers on the Internet are normally configured to discard any traffic using private IP addresses.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

833

Glossary

private task

Entity that represents a saved type of task that is visible only to the user who created it. See also public task and task.

properties panel

One of the three panels found in the Security Desk canvas. It is used to show the metadata associated to the entity displayed in the current tile.

Public partition

A special partition created at system installation that has the unique characteristic that all its members are visible to all users on the system, regardless whether they are accepted users or not.

public task

Entity that represents a saved task that can be shared among multiple Security Center users. See also private task and task.

Q R read

See license plate read.

reader

A sensor that reads the credential for an access control system. For example, this can be a card reader, or a biometrics scanner.

Reads

Type of investigation task that reports on license plate reads performed within a selected time range and geographic area.

Reads/hits per day

Type of investigation task that reports on license plate reads performed within a selected time range and geographic area.

Reads/hits per zone

Type of investigation task that reports on the number of reads and hits per day for a selected date range.

recording mode

The criteria by which the Archiver schedules the recording of video streams. There are four possible recording modes: • Off (no recording allowed) • Manual (record only on user requests) • Continuous (always record) • On motion/manual (record according to motion detection settings or on user request).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

834

Glossary

recording state

Current recording status of a given camera. There are four possible recording states: • Enabled

• • •

Disabled Currently recording (unlocked) Currently recording (locked).

redirector

Server assigned to host a redirector agent created by the Media Router role.

redirector agent

Agent created by the Media Router role to redirect data streams from one IP endpoint to another.

redundant archiving

Option that allows a copy of all the video streams of an Archiver role to be archived simultaneously on the standby server as a protection against data loss.

Remote

Type of operation task that allows you to remotely monitor and control other Security Desks that are part of your system, using the Monitoring task and the Alarm monitoring task. See also Monitoring and Alarm monitoring.

Report Manager

Type of role that automates report emailing and printing based on schedules.

report pane

A section in the Security Desk's task workspace used to display information in a tabular form. The rows may correspond to query results or real-time events. See also task workspace.

request to exit

Request to exit (REX). (1) Door release button normally located on the inside of a secured area that when pressed, allows a person to exit the secured area without having to show any credential. This can also be the signal from a motion detector. (2) The signal received by the controller for a request to exit.

reverse geocoding

AutoVu feature that translates a pair of latitude and longitude into a readable street address. See also geocoding and Navigator.

RFID tag

Radio Frequency Identification tag. A device that communicates location data, and other data related to the location, of an object to which it is attached.

role

A software module that performs a specific function (or job) within Security Center. Roles must be assigned to one or more servers for their execution. See also server.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

835

Glossary

Role view

Browser view that lists all roles on your system with the devices they control as child entities.

route

Entity used to configure the transmission capabilities between two end points in a network for the purpose of routing media streams.

Route playback

Type of investigation task that replays the route followed by a Patroller on a given date on a map.

S same position

Type of parking regulation characterizing an overtime rule. A vehicle is in violation if it is seen parked at the exact same spot over a specified period of time. The Patroller must be equipped with GPS capability in order to enforce this type of regulation.

schedule

Type of entity that defines a set of time constraints that can be applied to a multitude of situations in the system. Each time constraint is defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed range, daytime, and nighttime). See also standard schedule and twilight schedule.

scheduled task

Type of entity that defines an action that executes automatically on a specific date and time, or according to a recurring schedule.

secondary server

Any alternate server on standby intended to replace the primary server in the case the latter becomes unavailable. See also failover and primary server.

Security Center

Security Center is the unified security platform that seamlessly blends Genetec's IP security and safety systems within a single innovative solution. The systems unified under Security Center include Genetec's Omnicast IP video surveillance system, Synergis IP access control system, and AutoVu IP license plate recognition (LPR) system. See also Security Desk.

Security Center Federation Type of role that imports entities from an independent Security Center system so that its entities can be used by your local Security Center users. Security Center Mobile

Security Center Mobile is a feature of Genetec’s unified platform that lets you remotely connect to your Security Center system over a wireless IP network. Supported Mobile client components include a platform-independent, unified Web Client, as well as various Mobile apps for smartphones and tablets. See also Mobile Admin, Mobile app, Mobile Server, and Web Client.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

836

Glossary

security clearance

Numerical value used to further restrict the access to an area when a threat level is in effect. Cardholders can only access (enter or exit) an area if their security clearance is equal or higher than the minimum security clearance set on the area. See also threat level.

Security Desk

Security Desk is the unified user interface of Security Center. It provides consistent operator flow across all of the Security Center’s main systems, Omnicast, Synergis, and AutoVu. Security Desk’s unique task-based design lets operators efficiently control and monitor multiple security and public safety applications. See also Security Center.

selector

One of the panes found in the Security Desk's task workspace. The selector contains different sets of tools, grouped in tabs, to help you find and select the information you need to work on. See also task workspace.

server

Type of entity that represents a server machine on which Genetec Server is installed. See also expansion server, Genetec Server, and main server.

Server Admin

Web application running on every server machine in Security Center that allows you to configure the settings of Genetec Server. Server Admin also allows you to configure the Directory role on the main server.

sharing guest

Security Center system that is given the rights to view and modify entities shared by another system, called the sharing host. See also Global Cardholder Synchronizer and global partition.

sharing host

Security Center system that owns partitions that are shared with other Security Center systems, called sharing guests. See also global partition.

Sharp EX

Sharp unit that includes an integrated image processor and supports two standard definition NTSC or PAL inputs for external cameras (LPR and context cameras). See also context camera, LPR camera, and Sharp unit.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

837

Glossary

Sharp Portal

Web-based administration tool used to configure Sharp cameras for fixed or mobile AutoVu systems. From a Web browser, you log on to a specific IP address (or the Sharp name in certain cases) that corresponds to the Sharp you want to configure. When you log on, you can configure options such as selecting the LPR context (e.g. Alabama, Oregon, Quebec, etc), selecting the read strategy (e.g. fast moving or slow moving vehicles), viewing the Sharp’s live video feed, and more. See also Sharp unit.

Sharp unit

Genetec's proprietary LPR unit that integrates license plate capturing and processing components, as well as digital video processing functions, inside a ruggedized casing. See also context camera, PlateReaderServer, LPR camera, Sharp EX, Sharp VGA, Sharp XGA, SharpX, and.

Sharp VGA

Sharp unit that integrates the following components: an infrared illuminator; a standard definition (640 x 480) LPR camera for plate capture; an integrated image processor; an NTSC or PAL color context camera with video streaming capabilities. See also context camera, LPR camera, and Sharp unit.

Sharp XGA

Sharp unit that integrates the following components: an infrared illuminator; a high-definition (1024 x 768) LPR camera for plate capture; an integrated image processor; an NTSC or PAL color context camera with video streaming capabilities and optional internal GPS. See also context camera, LPR camera, and Sharp unit.

SharpX

Camera component of the SharpX system. The SharpX camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome LPR camera (1024 x 946 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The LPR data captured by the SharpX camera unit is processed by a separate hardware component called the AutoVu LPR Processing Unit. See also AutoVu LPR Processing Unit.

SharpX VGA

Camera component of the SharpX system. The SharpX VGA camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome LPR camera (640 x 480 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The LPR data captured by the SharpX VGA camera unit is processed by a separate hardware component called the AutoVu LPR Processing Unit. See also AutoVu LPR Processing Unit.

SMC

See Synergis Master Controller.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

838

Glossary

Software Development Kit Software Development Kit (SDK). Allows end-users to develop custom applications or custom application extensions for Security Center. SSL

Secure Sockets Layer is a protocol used to secure applications that need to communicate over a network.

standard schedule

A subtype of schedule entity that may be used in all situations. Its only limitation is that it does not support daytime or nighttime coverage. See also twilight schedule.

standby server

See secondary server.

stream

stream. (1) Video stream. (2) Entity representing a specific video quality configuration on a camera.

strict antipassback

Antipassback option. When enabled, a passback event is generated when a cardholder attempts to leave an area that they were never granted access to. When disabled, Security Center only generates passback events for cardholders entering an area that they never exited. See also timed antipassback.

synchronous video

Simultaneous live video or playback video from more than one camera that are synchronized in time.

Synergis

Synergis™ is the IP access control system of the Security Center designed to offer end-to-end IP connectivity, from access control reader to client workstation. Synergis™ seamlessly integrates a variety of access control capabilities including, but not limited to, badge design, visitor management, elevator control, zone monitoring and more.

Synergis Master Controller Genetec's access control unit that supports a variety of third party readers and (SMC) interface modules over IP, USB, and RS-485. SMC is seamlessly integrated to Security Center, and is capable of making the access control decisions independently of the Access Manager. See also access control unit, controller module, and four-port RS-485 module. system event

A system event is a standard Security Center event defined at system installation. Unlike custom events, system events cannot be renamed or deleted. See also custom event.

System status

Type of maintenance task that monitors the status of all entities of a given type in real time, and allows you to interact with them.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

839

Glossary

T tailgating

A person who enters a secure area without presenting a credential, by following behind another person who has presented their credential.

task

The central concept on which the entire Security Center user interface is built. Each task corresponds to one aspect of your work as a security professional. For example, use a monitoring task to monitor system events in real-time, use an investigation task to discover suspicious activity patterns, or use an administration task to configure your system. All tasks can be customized and multiple tasks can be carried out simultaneously. See also private task and public task.

task cycling

Security Desk feature that automatically cycles through all tasks in the active task list following a fixed dwell time.

task workspace

Area in the Security Center client application window reserved for the current task. The workspace is typically divided into three panes: • canvas • selector • report pane See also canvas, report pane, and selector.

taskbar

User interface element of the Security Center client application window, composed of the Home button and the task list. The taskbar can be configured to appear on either edge of the application window.

threat level

Emergency handling procedure that a Security Desk operator can enact on one area or the entire system to deal promptly with a potentially dangerous situation, such as a fire or a shooting.

tile

An individual window within the tile panel, used to display a single entity. The entity displayed is typically the video from a camera, a map, or anything of a graphical nature. The look and feel of the tile depends on the displayed entity. See also tile panel.

tile ID

The number displayed at the upper left corner of the tile. This number uniquely identifies each tile within the tile panel. See also tile and tile panel.

Tile mode

Security Desk canvas operating mode where the main area of the canvas is used to display the tile panel and the dashboard.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

840

Glossary

tile panel

Panel within the canvas used to display multimedia information, such as videos, maps and pictures. The tile panel is composed of individual display windows called tiles. See also canvas and tile.

tile pattern

Predefined tile arrangements within the tile panel. See also tile panel.

tile plugin

Type of entity that represents an application that runs inside a Security Desk tile. Examples of tile plugins include a web browser (available as standard Security Center feature) and Plan Manager Client. See also Plan Manager and plugin.

Time and attendance

Type of investigation task that reports on who has been inside a selected area and the total duration of their stay within a given time range.

timed antipassback

Antipassback option. When Security Center considers a cardholder to be already in an area, a passback event is generated when the cardholder attempts to access the same area again during the time delay defined by Timeout. When the time delay has expired, the cardholder can once again pass into the area without generating a passback event. See also strict antipassback.

timeline

A graphic illustration of a video sequence, showing where in time, motion, and bookmarks are found. Thumbnails can also be added to the timeline to help the user select the segment of interest.

Transmission Control Protocol

The Transmission Control Protocol (TCP) is a connection-oriented protocol used to send data over an IP network. The TCP/IP protocol defines how data can be transmitted in a secure manner between networks. TCP/IP is the most widely used communications standard and is the basis for the Internet.

trickling

The process of transferring data in small amounts.

twilight schedule

A subtype of schedule entity that supports both daytime and nighttime coverages. A twilight schedule may not be used in all situations. Its primary function is to control video related behaviors. See also standard schedule.

U unicast

Communication between a single sender and a single receiver over a network.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

841

Glossary

Uniform Resource Locator A URL (Uniform Resource Locator, previously Universal Resource Locator) is the unique address for a file that is accessible on the Internet. The URL contains the name of the protocol (http:, ftp:, file:) to be used to access the file resource, a domain name that identifies a specific computer on the Internet, and a path name, a hierarchical description that specifies the location of a file in that computer. unit

A hardware device that communicates over an IP network that can be directly controlled by a Security Center role. We distinguish four types of units in Security Center: • Access control units, managed by the Access Manager role

• • •

Video units, managed by the Archiver role LPR units, managed by the LPR Manager role Intrusion detection units, managed by the Intrusion Manager role.

See also access control unit, Access Manager, Archiver, Intrusion Manager, LPR Manager, LPR unit, and video unit. Unit discovery tool

Tool that allows you to discover IP units connected to your network, based on their type (access control or video), manufacturer, and network properties (discovery port, IP address range, password, and so on). Once discovered, the units can be added to your system.

Unit replacement

Tool used to replace a failed hardware device with a compatible one, while ensuring that the data associated to the old unit gets transferred to the new one. For an access control unit, the configuration of the old unit is copied to the new unit. For a video unit, the video archive associated to the old unit is now associated to the new unit, but the unit configuration is not copied.

University Parking Enforcement

Patroller software installation that is configured for university parking enforcement: the enforcement of scheduled parking permits or overtime restrictions. The use of maps is mandatory. Hotlist functionality is also included. See also overtime rule, permit, and permit restriction.

unreconciled read

MLPI license plate read that has not been committed to an inventory. See also Mobile License Plate Inventory.

user

Type of entity that identifies a person who uses Security Center applications and defines the rights and privileges that person has on the system. Users can be created manually or imported from an Active Directory. See also Active Directory and user group.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

842

Glossary

User Datagram Protocol

The User Datagram Protocol (UDP) is a connectionless protocol used to exchange data over an IP network. UDP is more efficient than TCP for video transmission because of lower overhead.

user group

Type of entity that defines a group of users who share common properties and privileges. By becoming member of a group, a user automatically inherits all the properties of the group. A user can be member of multiple user groups. User groups can also be nested. See also user.

user level

A numeric value assigned to users to restrict their ability to perform certain operations, such as controlling a camera PTZ, viewing the video feed from a camera, or to stay logged on when a threat level is set. The smaller the value, the higher the priority. See also threat level, user, and user group.

user privilege

Privileges that control what operations a user is allowed to perform in Security Center, independent of what entities they can access, and within the constraints set by the software license. User privileges can be inherited from user groups. See also access right, partition, user, and user group.

V validation key

Serial number uniquely identifying a computer that must be provided to obtain the license key. See also license key.

vehicle identification number

All vehicles have a manufacturer assigned vehicle identification number (VIN). This is usually visible from outside the vehicle as a small plate on the dashboard. A VIN can be included as additional information with license plate entries in a hotlist or permit list, to further validate a hit and ensure that it is the correct vehicle.

video analytics

The software technology that is used to analyze video for specific information about its content. Examples of video analytics include counting the number of people going through a door, license plate recognition, detection of unattended objects, or the direction of people walking or running.

video archive

Video archive includes both the recorded audio/video footage and the database that documents those recordings (source camera, timestamps, events, bookmarks, and so on).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

843

Glossary

video encoder

Device that converts an analog video source to a digital format using a standard compression algorithm (H.264, MPEG-4, MPEG-2 or M-JPEG). The video encoder is one of the many devices found on a video encoding unit. See also camera and video unit.

video decoder

Device that converts a digital video stream into analog signals (NTSC or PAL) for display on an analog monitor. The video decoder is one of the many devices found on a video decoding unit. See also analog monitor and video unit.

video file

File created by an archiving role (Archiver or Auxiliary Archiver) to store archived video. The file extension is G64. You need the Security Desk or the Portable Archive Player to read video files. See also Archiver, Auxiliary Archiver, and G64.

Video file player

Type of investigation task that browses through your file system for video files (G64) and allows you to play, convert to ASF, and verify the authenticity of these files.

video sequence

Any recorded video stream of a certain duration.

video unit

Type of entity that represents a video encoding or decoding device capable of communicating over an IP network and incorporating one or more video encoders. They come in a wide variety of brands and models. Some support audio, others support wireless communication. The high-end encoding models come with their own recording and video analytics capabilities. See also Archiver, video decoder, and video encoder.

video watermarking

Process by which a digital signature (watermark) is added to each recorded video frame to ensure its authenticity. If anyone later tries to make changes to the video (add, delete or modify a frame), the signatures will no longer match, thus, showing that the video has been tampered with.

virtual zone

A subtype of zone entity where the IO linking is done by software. The input and output devices may belong to different units of different types. A virtual zone is controlled by the Zone Manager and only works online. It can be armed and disarmed from Security Desk. See also hardware zone and zone.

Visit details

Type of investigation task that reports on the stay (check-in and check-out time) of current and past visitors.

Visitor activities

Type of investigation task that reports on visitor activities (access denied, first person in, last person out, antipassback violation, and so on).

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

844

Visitor management

Type of operation task that allows you to check in, check out, and modify visitors, as well as manage their credentials, including temporary replacement cards.

visual tracking

Visual tracking is a feature in Security Desk that allows you to follow an individual across different areas of your company without ever loosing sight of that individual, as long as the places this person goes through are monitored by cameras. This feature displays transparent overlays on the video to show you where you can click to switch to adjacent cameras.

VSIP port

The VSIP port is the name given to the discovery port of Verint units. A given Archiver can be configured to listen to multiple VSIP ports. See also discovery port.

W watchdog

Security Center service installed alongside the Genetec Server service on every server computer, whose sole purpose is to monitor the operation of Genetec Server, and to restart it if abnormal conditions are detected.

Web-based SDK

Type of role that exposes the Security Center SDK methods and objects as Web services to support cross-platform development.

Web Client

The client component of Security Center Mobile that provides access to Security Center features from a Web browser. Web Client users connect to Mobile Server to configure and monitor various aspects of your Security Center system. See also Mobile Server.

wheel imaging

Virtual tire-chalking technology that takes images of the wheels of vehicles to prove whether they have moved between two license plate reads.

widget

A component of the graphical user interface (GUI) with which the user interacts.

Wiegand

An electrical interface standard and format used between a reader and controller (from the original Wiegand card reader).

Windows Communication Windows Communication Foundation (WCF) is a communication Foundation architecture used to enable applications, in one machine or across multiple machines connected by a network, to communicate. AutoVu Patroller uses WCF to communicate wirelessly with Security Center.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

845

WMS

Web Map Service (WMS) is a standard protocol for serving over the Internet, georeferenced map images that are generated by a map server using data from a GIS database. See also GIS and OGC.

X Y Z zone

Type of entity that monitors a set of inputs and triggers events based on their combined states. These events can be used to control output relays. See also hardware zone, IO linking, and virtual zone.

Zone activities

Type of investigation task that reports on zone related activities (zone armed, zone disarmed, lock released, lock secured, and so on).

Zone Manager

Type of role that manages virtual zones and triggers events or output relays based on the inputs configured for each zone. It also logs the zone events in a database for zone activity reports.

Zone occupancy

Type of investigation task that reports on the number of vehicles parked in a selected parking zone, and the percentage of occupancy (for university parking only). See also University Parking Enforcement.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

846

Index A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A ABA field, defining, 674 about entity tree, 85 Logical view, 85 System entity, 85 accepted user, partitions, 92, 449 access control setting entity expiration, 634 troubleshooting configurations, 320 Access control health history, about, 308 access control unit about, 337 adding using Unit discovery tool, 265 configuring, 267 connection parameters, 344 renaming, 345 SMC, 267 synchronizing about, 267 modes, 348 viewing events, 309 viewing health events, 308 viewing IO configurations, 310 viewing properties, 184 wiring doors, 268 Access control unit events, about, 309 access denied events, investigating, 325 Access diagnosis, using, 323 access granted events, investigating, 325 Access Manager about, 260, 511 adding, 260 configuring, 260 keeping events, 512 resolving conflicts, 515 access rights gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

troubleshooting, 323 viewing, 325 access rule about, 349 applying, 277 configuring, 281 creating, 281 viewing configurations, 317 Access rule configuration about, 317 generating report, 317 Access troubleshooter about, 294, 320, 652 limitations, 320 troubleshooting access requirements, 323 cardholder access rights, 322 doors, 321 accessing storage devices, 226 action about, 106 action privileges, users, 708 actions action types, 758–763 reference list, 758 task-related, 24 activating Genetec Server Directory, 478 roles, 51 user profiles, 483 Active Directory about, 516 encrypted communication, 144 importing cardholders, 284 importing ccredentials, 287 importing users, 102 synchronizing entities, 142 active tasks, list, 485 active tasks, updating, 686 847

Index

Activity trails about, 182 generating report, 182 adding accepted partition users, 92 access control units, 261 Access Mangers, 260 Archivers, 193 area members, 279 cameras to camera sequences, 218 cameras to doors, 270 cash registers, 597 expansion servers, 47 parition members, 448 parity checks, 673 partition members, 92 secondary servers, 64, 534 tasks, 22 tasks to favorites, 24 video units, 194, 244 administrative privileges, users, 697 Administrators user group, about, 97 advanced settings Archiver, 541 video units, 532 alarm about, 351 attached entities, 353 automatic acknowledgement, 355 automatic video recording, 356 broadcast mode, 353 configuring, 112 creating incidents on acknowlegement, 355 entities, 111 managing, 111 procedure, 355 protecting recorded video, 356 reactivation threshold, 354 recipients, 353 responding, 115 schedules, 355 setting priority, 352 testing, 112 triggering, 113 troubleshooting, 112 video display options, 355 Alarm Monitoring, assigning Logical IDs, 626 analyzing report results, 30 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

antipassback about, 361 configuring, 280 application privileges, users, 695 applying access rules for elevators, 277 custom filters, 43 custom filters using search tool, 43 name filters, 43 architecture Security Center system, 6 Synergis system, 252 archive database, about, 224 archive storage about, 224 accessing, 226 estimating requirements, 225 managing, 225 monitoring, 226 Archive storage details about, 233 protecting video files, 231 archive viewing, user limitations, 487, 492 Archiver about, 521 adding, 193 Bosch VRM settings, 531 camera details, 540 configuring, 193 servers, 534 standby archiving, 535 discovering video units, 529 failover, 227 limitation, 229 protected video file statistics, 539 recording modes, 522 recording options, 523, 545 settings advanced, 541 database, 536 network card, 538 storage, 536 video units, 528 statistics, 538 what is, 193 Archiver events, about, 249 Archiver role, searching for events, 249 archives 848

Index

viewing storage details, 233 area about, 360 adding members, 279 antipassback properties, 361 associating doors, 279 configuring, 278 creating, 278 interlock properties, 362 viewing cardholder access rights, 325 arming delaying arming, 505 hardware zones, 505 virtual zones, 508 zones, 160 assigning Keyboard shortcuts, 682 associating access control units to hardware zones, 503 doors to areas, 279 hardware zone states to events, 504 virtual zone states to events, 508 virtual zones to Zone Managers, 507 audio alarm, about, 391 Audit trails, about, 181 automatic stream selection, video units, 211 automating alarm acknowledgement, 355 database backup, 58 disk cleanup, 225 system behavior, 103 video recording on alarms, 356 AutoVu ports used (default), 778 Auxiliary Archiver about, 543 recording modes, 545 settings database, 548 network, 548 storage, 548

B backing up databases, 57 video archives, 227

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Badge designer, about, 366 badge template about, 365 Badge designer tool, 366 creating, 289 preview, 293 best practices configuring cameras, 209, 220 configuring system administrators, 97 deploying Omnicast, 190 deploying Synergis, 256 resolving reader issues, 327 solving HID unit issues, 314 system configuration, 90 wiring doors to access control units, 268 bit rate camera settings, 372 setting priority, 372 video unit settings, 497 boosting recording quality manual recording, 376 settings, 376 special events, 212 system events, 376 broadcast mode, about, 353 buzzer, configuring, 269

C camera about, 209, 220, 368 audio alarm events, 391 boost quality settings, 376 boosting quality on event recording, 376 on manual recording, 376 configuring, 209, 220 motion detection, 379 lens type, 392 linking speakers/microphones, 391 not recording, 241 rotating images, 392 setting bit rate, 372 bit rate priority, 372 connection type, 374

849

Index

video quality, 370 stream usage, 373 tampering, 391 visual tracking, 388 camera details, Archiver, 540 camera recording, troubleshooting, 241 camera sequence about, 393 adding cameras, 218 configuring cameras, 218 creating, 218 removing cameras, 218 camera tampering, about, 391 cannot add video units, troubleshooting, 244 cannot delete video units, troubleshooting, 247 cardholder about, 395 configuring, 283 creating, 283 importing from Active Directory, 284 from flat file, 284 managing, 284 setting picture size, 284, 635 troubleshooting access rights, 322 viewing access rights, 325 viewing properties, 318 Cardholder access rights, about, 325 Cardholder configuration, about, 318 cardholder group about, 398 configuring, 283 creating, 284 viewing access rights, 325 viewing member properties, 318 Cardholder troubleshooter about, 322 using, 322 cash register about, 400 adding, 597 CCTV matrix integration, 190 using, 129 changing role servers, 50 taskbar position, 27 user password, 10, 483 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

video file protection status, 231 checking macro syntax, 430 choosing zone type, 163 closing Security Center, 10 closing Security Desk options, 687 columns reference list, 723 reordering, 33 resizing, 32 selecting, 32 showing/hiding, 32 Comm LED, about, 787 command port, about, 497 common configuration tabs about, 332 Cameras tab, 334 Custom fields tab, 335 Identity tab, 332 Location tab, 336 concurrent logons, limiting, 484 Config Tool interface, 13 configuration changes, investigating, 181 configuring Access Manager, 260 access rules, 281 alarms, 112 antipassback, 280 Archiver, 193 Archiver servers, 534 areas, 278 automatic disk cleanup, 225 camera sequences, 218 cameras, 209, 220 cardholder groups, 283 cardholders, 283 credentials, 285 database notifications, 57 Directory, 473 door buzzers, 269 doors, 268 elevator floors, 275 elevator relays, 276 elevators, 274 entities, 85 entity tree, 86 federated entities, 129 850

Index

full screen mode, 95 Genetec Server, 476 hardware zones, 162 HID units, 799 inputs, 503 interlock, 280 Media Router, 202 motion detection, 379 output pins, 498 partitions, 90 PTZ, 390 readerless doors, 269 role groups, 135 roles, 49 Saved tasks page, 23 Security Center/Patroller communication, 571 servers, 48 standby archiving, 535 user groups, 96 user password expiration, 484 user privileges, 99 users, 93 video streams, 210 virtual zones, 162 visual tracking, 212 conflict resolution utility, using, 149 connecting Security Center, 9 connection parameters access control units, 344 federated Omnicast systems, 592 federated Security Center systems, 603 contacting technical support, 869 contextual command toolbar, 17 converting expansion servers to main servers, 478 main servers to expansion servers, 49, 479 primary servers to expansion servers, 534 Copy configuration tool about, 668 using, 668 countdown buzzer, about, 505 create event-to-actions, 107 creating access rules, 281 areas, 278 badge templates, 289 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

camera sequences, 218 cardholder groups, 284 cardholders, 283 credentials, 285 databases, 55 doors, 268 entities, manually, 37 incidents for door state overrides, 635 on alarm alcknowledgement, 355 intrusion detection areas, 159 Intrusion Managers, 156 macros, 110 network entities, 83 parent user groups, 98 partitions, 91 roles, 50 tasks, 22 user groups, 97 users, 94 credential about, 401 configuring, 285 creating, 285 enrolling, 287 importing from Active Directory, 287 from flat file, 287 information, 402 state, 402 viewing properties, 319 Credential configuration, about, 319 cross-platform development about, 164 Web-based SDK, 164 CSV file importing, 658 fields, 662 custom card format benefits, 287 using, 287, 635 Custom card format editor about, 670 adding parity checks, 673 defining ABA fields, 674 formats, 670 Wiegand fields, 672 851

Index

deleting custom card formats, 677 custom data type add, 138 configuration tab, 621 modify, 139 properties, 621 what is, 138 custom field add, 136 configuration tab, 619 properties, 619 purpose, 136 standard data types, 619 custom fields importing limitations, 665 custom filter, applying, 43 cycling tasks, 24

D database backing up automatic, 58 manual, 57 configuring notifications, 57 creating, 55 deleting, 59 finding version, 56 managing, 52 relocating, 53 restoring, 58 settings, 52 archiving, 536, 548 database failover backup and restore, 72 automatically reconnect to master database, 73 contingency backup, 72 configuring, 72 database server, about, 53 date and time options configuring, 690 displaying time zone abbreviations, 690 date coverage, setting, 464 deactivating Genetec Server Directory, 479 roles, 51 user profiles, 483

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

default network, 83 schedule, 104 user, 94 defining ABA fields, 674 custom card formats, 670 partitions, 91 schedules, 105 Wiegand fields, 672 delaying hardware zone arming, 505 virtual zone arming, 508 deleting current task, 25 custom card formats, 677 databases, 59 discovered entities, 45 entities, 45, 88 intrusion detection unit logs, 424 partition members, 448 tasks, 24 deleting video units, 247 demo license, acquiring, 869 deploying Omnicast, 190 Synergis, 256 determining Web service address, 606 diagnosing entities, 180 impossible to establish video session error, 239 video streams, 235 waiting for signal error, 237 Directory about, 551 configuring, 473 troubleshooting connection problems, 679 Directory Availability Manager, what is, 66 Directory Manager about, 552 Directory server, what is, 66 disarming zones, 160 discovered entities about, 39 deleting, 45 discovery port, video units, 497 displaying Security Desk in full screen, 24 852

Index

document information, ii documentation. See production documentation door about, 357, 404, 432 adding cameras, 270 behavior, 405 buzzer, 269 configuring, 268 creating, 268 door state override incidents, 635 troubleshooting, 326 troubleshooting access rights, 324 unlock schedules, 406 viewing cardholder access rights, 325 wiring, 268 See also readerless door Door troubleshooter about, 321, 324 generating a report, 324 using, 321 duplicating entities, 87

E editing keyboard shortcuts, 682 elevator about, 410 access rules, applying, 277 configuring, 274 floors, 275 relays, 276 hardware requirements, 274 viewing cardholder access rights, 325 enabling task cycling, 485 encryption communication Security Center and Active Directory, 144 enrolling credentials, 287 intrusion panels, 156 enryption key, setting up, 230 entities availability, 171 basic information, 38 configuring, 85 creating

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

network entities, 83 creating manually, 37 deleting, 45 diagnosing, 180 discovering, 39 duplicating, 87 entity types, 331–505 renaming, 85, 87 searching, 42 by custom filter, 43 by name, 43 using global search, 42 using search tool, 43 state types, 179 viewing, 85 entity states about, 179 red, 85 troubleshooting, 179 yellow, 85 entity tree configuring, 86 deleting entities, 88 duplicating entities, 87 reorganizing, 87 entity tree, about, 85 entity types access control unit, 337 access rule, 349 alarm, 351 analog monitor, 357, 432 area, 360 badge template, 365 camera, 368 camera sequence, 393 cardholder, 395 cardholder group, 398 cash register, 400 credential, 401 door, 404 elevator, 410 hardware zone, 502 hotlist, 414 intrusion detection area, 421 intrusion detection unit, 423 LPR unit, 426 macro, 429 network, 434 853

Index

output behavior, 437 overtime rule, 439 parking facility, 444 partition, 447 Patroller, 450 permit, 453 permit restriction, 457 public task, 461 role, 462 schedule, 463 scheduled task, 469 server, 471 tile plugin, 480 user, 482 user group, 489 video unit, 494 virtual zone, 506 entity, what is, 36 error impossible to establish video session, 239 waiting for signal, 237 error messages, investigating, 170 estimating archive storage requirements, 225 evaluating zone states, 503 event about, 106 custom events, 106 event types, 745–757 event recording, boosting quality, 376 event types, reference list, 745 event-to-action compared to scheduled task, 109 create, 107 search, 108 using, 106 See also event, action exceptions federated alarms, 130 execution context, defining, 431 expanding Security Desk full screen, 24 expansion server adding, 47 what is, 7 exporting keyboard shortcut configurations, 682 report results, 31

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

F F11 command, disabling, 95 failover how does it work?, 61 limitation, Archiver, 229 load planning, 228 third-party solutions, 60 favorites adding tasks, 24 removing tasks, 24 features, Omnicast system, 187 federated entity configuring, 129 exceptions, 130 identifying, 128 using, 129 what is, 128 Federating Omnicast systems, 131 Security Center systems, 133 Federation about, 128 advanced settings, 134 Omnicast Federation, 131 types of, 128 Federation host, definition, 128 filtering report queries, 712 finding Archiver role events, 249 database information, 56 who made configuration changes, 181 See also searching firmware upgrade, video units, 496 flat file importing cardholders, 284 importing credentials, 287 floor, elevators, 275 full screen mode configuring as default, 95 full screen, enabling for Security Desk, 24

G general privileges, users, 696 generating Access rule configuration report, 317 Activity trails report, 182 854

Index

Door troubleshooter report, 324 reports, 30 generating reports maximum results, 30 Genetec Server activating Directory, 478 configuring, 476 deactivating Directory, 479 expansion servers, 7 main server, 7 what is, 7 geocoding, about, 574 global cardholder management, what is, 296 Global Cardholder Synchronizer about, 557 connection parameters, 558 shared partitions, 559 synchronization options, 559 Global Cardholder Synchronizer, what is?, 298 global search, using, 42

H H.264 issues, solving, 248 Hardware inventory, about, 184 hardware matrix, integration, 190 hardware requirements HID units, 782 hardware requirements, elevators, 274 hardware zone about, 161, 502 arming on a schedule, 505 using a switch key, 505 associating access control units, 503 zone states to events, 504 configuring, 162 countdown buzzer, 505 delaying arming, 505 evaluating zone state, 503 setting reactivation threshold, 504 See also zone Health history, about, 170 health issues, viewing, 168 Health Monitor about, 560

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Health Monitor, what is, 75 health monitoring maintenance mode, 80 health monitoring, what is, 75 Health statistics, about, 171 HID Discovery GUI utility about, 783 using, 783 HID Edge plus, wiring, 800 HID Edge reader, wiring, 800 HID unit configuring, 799 door with reader, 799 door with two sensors, 799 inputs, 799 network, 782 discovering, 783 features available, 792 interpreting Comm LED, 787 Power LED, 787 operation modes, 791 setting up, 784 hardware, 782 special considerations default input settings, 785 HID hardware, 785 HID V1000 units, 785 supported software/hardware, 788 troubleshooting, 314 discovery issues, 315 enrollment issues, 315 wiring diagrams, 800 HID VertX units wiring VertX V1000, 801 VertX V2000, 802 hiding columns, 32 dashboard, 24 report pane, 24 selector, 24 taskbar, 27 unassigned logical IDs, 625 high availability how does it work?, 60 what is, 60 Home page, 14 855

Index

hotlist about, 414 HTTPS communication, 497

I idenfitying federated entities, 128 identifying system instabilities, 171 idle delay, PTZ, 390 image rotation, about, 392 Import tool about, 657 custom field limitations, 665 import scenarios, 657 importing CSV file fields, 662 CSV files, 658 entities, 664 replacing old credentials, 666 importing cardholders from Active Directory, 284 cardholders from flat file, 284 credentials from Active Directory, 287 credentials from flat file, 287 CSV file fields, 662 CSV files, 658 entities, 664 macros from files, 430 users from Active Directory, 102 importing keyboard shortcut configurations, 682 Impossible to establish video session, error, 239 information messages, investigating, 170 inheriting user privileges, 100 inputs, configuring, 503 instabilities, identifying in system, 171 interface, about, 13 interlock about, 362 configuring, 280 intrusion detection area about, 155, 421 creating, 159 properties, 422 intrusion detection unit about, 155, 423 deleting logs, 424 interface types, 424

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

renaming peripherals, 158 synchronizing clock, 424 intrusion detection, entity types, 155 Intrusion Manager about, 156, 563 creating, 156 keeping events, 564 limitations, 156 intrusion panel enrolling, 156 managing, 155 investigating malfunction events, 170 system configuration changes, 181 user activity, 182 investigation tasks generating reports, 30 IO configuration, about, 310 IO configurations, viewing, 310 IO linking, about, 160 IP address, video unit, 496 IPv4, display modes, 436 IPv6, about, 436

K keeping events Access Manager, 512 Intrusion Manager, 564 Zone Manager, 609 key switch, zone arming, 505 keyboard shortcuts assigning, 682 configuring, 681 editing, 682 exporting configurations, 682 importing configurations, 682 restoring default configurations, 682

L launching Walkthrough wizard, 272 lens type, about, 392 level, users, 486, 491 license information viewing from Config Tool, 769 viewing from Server Admin, 770 856

Index

licensing, 869 limitations importing custom fields, 665 Intrusion Manager, 156 motion detection, 385 Omnicast Federation, 131 limiting concurrent user logons, 484 report results, 600 linking map files to maps, 165 microphones to cameras, 391 speakers to cameras, 391 Web pages to maps, 165 Live video, dialog box, 213 PTZ commands, 214 loading saved tasks, 23 location, setting, 40 lock delay, PTZ, 391 log in, video unit credentials, 530 log off, Security Center, 10 log on basic authentication, 9 supervised, 487, 492 user schedules, 484 using Windows credentials, 153 using Windows credentials in a multi-AD environment, 153 logging on options, 679 wrong Directory, 679 logical ID hiding unassigned entities, 625 showing, 625 logical ID, showing, 686 Logical view about, 85 entity tree, 86 managing, 85 logs, deleting, 424 LPR Manager about, 567 configuring Security Center/Patroller communication, 571 enabling hotlist filtering, 574 enabling permit filtering, 574 geocoding, 574 importing data, 583 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

managed hotlists and permits, 572 matching license plate reads, 573 providing Patroller updates, 582 XML exporting, 579 XML importing, 578 LPR unit about, 426 LPR unit, viewing properties, 184

M macro about, 429 checking syntax, 430 creating, 110 defining execution contexts, 431 importing from files, 430 using, 110 main server converting to expansion servers, 49 what is, 7 maintenance mode, 80 maintenance tasks generating reports, 30 malfunction events, investigating, 170 managing alarms, 111 archive storage, 225 cardholders, 284 database, 52 intrusion panels, 155 Logical view, 85 Network view, 82 roles, 47 servers, 47 software security, 89 threat levels, 117 video archives, 224 zones, 160 manual recording, boosting quality, 376 map linking map files, 165 Web pages, 165 map file, linking to maps, 165 matching license plate reads, 573 maximum results, Security Desk reports, 30

857

Index

Media Router about, 585 configuring, 202 redirecting video streams, 586 RTSP port, 588 RTSP port conflict, 203 setting multicast port number, 588 what is, 202 microphone linking to cameras, 391 properties, 500 monitoring archive storage usage, 226 resource availability, 171 status of entities, 177 status of system, 177 system health, 171 Monitoring task viewing tiles only, 24 motion block, about, 380 motion detection about, 379 configuring, 379 drawing motion zones, 383 event types, 386 H.264 streams, 382 limitations, 385 motion blocks, 380 positive motion detection, 380 testing, 384 motion zones, drawing, 383 Move unit, about, 655

N name filter, applying, 43 nesting partitions, 93 network about, 434 IPv4 display modes, 436 IPv6 address, 436 proxy server, 436 routes, 436 settings, 374 transmission capabilities, 435 network card settings, Archiver, 538 network entities

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

about, 83 creating, 83, 84 network options, configuring, 681 Network view managing, 82 purpose, 82 what is, 82 Network view, what is, 82 notification settings, video unit, 530 notification tray viewing system messages, 168 NTP settings, video unit, 532

O offline video units troubleshooting, 236 Omnicast deploying prerequisities, 190 procedure, 191 entities, 188 features, 187 federating, 131 ports used (default), 780 what is, 187 Omnicast Federation about, 131, 590 connection parameters, 592 defining role groups, 591 limitations, 131 receiving information, 592 opening Server Admin, 48 Options dialog box about, 678 date/time display, 690 general options network, 681 user logon, 679 keyboard shortcuts, 681 performance options, 689 user interaction, 685 video options, 688 visual options, 683 ordinal pattern, schedules, 468 organizing video stream settings, 210

858

Index

output behavior, about, 437 output pin, settings, 498 overtime rule about, 439 overtime violations, 442 overtime violations, about, 442 overwriting databases, 55

P parition manager promoting users, 93 parity check, defining, 673 parking facility about, 444 partition about, 89, 447 adding accepted users, 92, 449 members, 92, 448 configuring, 90 creating, 91 defining, 91 deleting members, 448 nesting, 93 promoting users to managers, 93 public partition, 91 purpose, 91 system partition, 91 user privileges, 101 partition manager, about, 91 partition user, promoting, 93 password changing, 10, 483 expiration, 484 Patroller about, 450 performance options configuring, 689 limiting report results, 689 perimeter door, configuring, 279 permanently saving tasks, 26 permit about, 453 permit restriction about, 457

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

picture size, cardholders, 284, 635 playback video troubleshooting, 240 Plugin about, 594 Point of Sale about, 595 adding cash registers, 597 retrieving database information, 596 saving transaction data, 596 ports AutoVu-specific, 778 common to Security Center, 777 Omnicast-specific, 780 Synergis-specific, 779 positive motion detection, about, 380 Power LED, about, 787 preventing system failures, 171 primary server switching to secondary server, 534 printing report results, 31 private task saving, 24 using, 23 privilege templates about, 101 purpose, 101 usage tips, 101 using, 101 privileges, users, 694–710 product documentation, about, 868 promoting partition users to managers, 93 protected video file statistics, 539 protecting alarm video recordings, 356 video archives, 227 protecting video files, 231 proxy server, about, 436 PTZ configuring, 390 using idle delay, 390 lock delay, 391 PTZ commands advanced configuration, 214 Center-on-click, 214 testing, 214 859

Index

Zoom-box, 214 PTZ coordinates, dialog box, 214 public parition, about, 91 public task saving, 24 using, 23 public task, about, 461

Q query filters reference list, 712 Query tab query filters available, 712

R reactivation threshold alarms, 354 hardware zone, 504 virtual zone, 508 readerless door, configuring, 269 receiving information Omnicast Federation, 592 Security Center Federation, 603 recipients, alarms, 353 recording modes, Archiver, 522 recording modes, Auxiliary Archiver, 545 recording options, Archiver, 523, 545 red entity state, about, 85 redirecting video streams, 586 redundant archiving, using, 227 reference list action types, 758 event types, 745 query filters, 712 report columns, 723 relay settings, configuring, 276 relocating databases, 53 remote connection, enabling on SQL Server, 54 remote user, controlling, 487, 492 removing tasks from favorites, 24 removing cameras from camera sequences, 218 renaming access control units, 345 entities, 85, 87 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

intrusion detection unit peripherals, 158 renaming tasks, 24 reordering columns, 33 tasks, 25 reorganzing, entity tree, 87 replacing old credentials, 666 report analyzing results, 30 columns available, 723 exporting, 31 filtering query, 712 printing, 31 saving, 31 saving templates, 30 viewing results, 723 Report Manager about, 599 limiting results, 600 report pane columns available, 723 reordering columns, 33 resizing columns, 32 showing/hiding columns, 32 working with, 29 report results analyzing, 30 report results, limiting, 689 reporting tasks generating reports, 30 resizing columns, 32 resolving conflicts Access Manager, 515 how to, 149 overlapping schedules, 105 resources, monitoring availability, 171 responding, alarms, 115 restoring databases, 58 default keyboard shortcuts, 682 video archives, 227 retrieving Point of Sale system data, 596 role about, 49, 462 activating/deactivating, 51 changing servers, 50 configuring, 49 creating, 50 860

Index

managing, 47 role types, 510–610 troubleshooting, 51 what is, 7 role group configuring, 135 defining, 591 setting, 602 what is, 134 role types Access Manager, 511 Active Directory, 516 Archiver, 521 Auxiliary Archiver, 543 Directory, 551 Directory Manager, 552 Global Cardholder Synchronizer, 557 Health Monitor, 560 Intrusion Manager, 563 LPR Manager, 567 Media Router, 585 Omnicast Federation, 590 Plugin, 594 Point of Sale, 595 Report Manager, 599 Security Center Federation, 601 Web-based SDK, 605 Zone Manager, 608 routes, network, 436 RTSP port, about, 203, 588

S Saved tasks page configuring, 23 saving active task list, 687 open tasks, 24 report results, 31 report templates, 30 tasks, 24 workspace, 24 saving Point of Sale transaction data, 596 schedule about, 463 default schedule, 104 definition, 103

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

ordinal patterns, 468 resolving conflicts, 105 setting date coverage, 464 time coverage, 464 time range, 465 time zones, 104 twilight schedule, 104 user logon, 484 using, 103 scheduled task about, 469 compared to event-to-action, 109 create, 109 using, 109 what is, 109 schedules defining, 105 scheduling alarms, 355 hardware zone arming, 505 search event-to-actions, 108 search box using, 43 search box, using, 42 search tool, using, 43 searching for Archiver role events, 249 entities, 42 by name, 43 global search, 42 tasks, by name, 42 video files, 233 secondary server switching to primary server, 534 secondary server, adding, 64, 534 secure communication, video units, 497 Security Center about, 3 action types, 758 architecture, 6 changing user password, 10 closing, 10 common ports used, 777 connecting, 9 event types, 745 federating, 133 861

Index

logging off, 10 logging on, 9, 153 ports, default, 776–780 system features, 4 Security Center Federation about, 601 connection parameters, 603 receiving information, 603 setting role groups, 602 Security Desk displaying full screen, 24 Security Desk, about, 651 selecting columns, 32 Server Admin open using Config Tool, 48 using Internet Explorer, 48 using, 473 servers about, 471 configuring, 48 Directory, 473 Genetec Server, 476 managing, 47 using Server Admin, 473 setting alarm priorities, 352 bit rate priority, 372 camera bit rate priority, 372 camera bit rates, 372 camera connection type, 374 camera video quality, 370 entity expiration, 634 hardware zone reactivation threshold, 504 location, 40 multicast port number, 588 picture size, 284, 635 schedule date coverage, 464 schedule time coverage, 464 time ranges, 465 user group privileges, 493 user levels, 486, 491 user privileges, 488 video unit bit rates, 497 virtual zone reactivation threshold, 508 setting up HID units, 784 sharing guest, what is?, 298 gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

sharing host, what is?, 297 showing columns, 32 logical IDs, 625 tiles only, 24 SMC units about, 267 software security about, 89 managing, 89 sorting tasks, 24, 25 speaker linking to cameras, 391 properties, 499 SQL Server, remote connection, 54 starting task cycling, 24 state types, entities, 179 status, user profiles, 483 stopping task cycling, 24 storage settings, Archiver, 536 storage settings, Auxiliary Archiver, 548 stream usage, about, 373 supervised log on, about, 487, 492 supporting cross-platform development, 164 synchronization modes, access control units, 348 synchronizing access control units, 267 entities with Active Directory, 142 intrusion detection unit clocks, 424 Synergis about, 252 architecture, 252 deploying alone, 258 prerequisities, 256 procedure, 257 with Omnicast, 259 entities, 253 ports used (default), 779 testing system, 294 unique model, 254 System entity, about, 85 system health monitoring, 171 troubleshooting, 170 862

Index

system messages about, 168 viewing, 168 system messages, display options, 686 system partition, about, 91 System status about, 177 monitoring entity statuses, 177 system, monitoring status, 177

T task adding, 22 adding to favorites, 24 administration tasks, 611–630 commands, 24 creating, 22 deleting, 24 loading saved tasks, 23 removing from favorites, 24 renaming, 24 reordering, 25 saving, 24 as private task, 24 as public task, 24 layout, 24 tasks permanently, 26 sorting, 25 working with, 24 task cycling starting, 24 stopping, 24 task cycling, enabling, 485 task list saving on exit, 687 sorting, 24 task privileges, users, 704 task types maintenance tasks Access control health history, 308 Access control unit events, 309 Access rule configuration, 317 Activity trails, 182 Archive storage details, 233 Archiver events, 249 Audit trails, 181

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

Cardholder access rights, 325 Cardholder configuration, 318 Credential configuration, 319 Door troubleshooter, 324 Hardware inventory, 184 Health history, 170 Health statistics, 171 IO configuration, 310 System status, 177 taskbar changing position, 27 display options, 683 hiding, 27 technical support, contacting, 869 testing alarms, 112 motion detection, 384 threat level managing, 117 purpose, 117 threat, definition, 117 tile plugin about, 480 time coverage, setting, 464 time range daily time, 465 setting, 465 specific dates, 467 twilight, 467 weekly, 466 time zone displaying abbreviations, 690 time zones, warning about, 104 tips privilege templates, 101 tool types Access troubleshooter, 652 Copy configuration tool, 668 Custom card format editor, 670 Import tool, 657 Move unit, 655 Options dialog box, 678 Security Desk, 651 Unit Discovery tool, 653 Unit replacement, 654 Tools Access troubleshooter, 320 Tools menu, 692 863

Index

transmission capabilities, network, 435 trickling, what is, 198 triggering alarms, 113 troubleshooting access configuration problems, 320 access requirements, 323 access rights to doors, 324 access rule configurations, 317 Access troubleshooter, 294 alarms, 112 cameras not recording, 241 cannot add video units, 244 cannot delete video units, 247 cardholder access rights, 322 doors, 321, 326 credentials, 326 readers, 327 Request to exit, 326 entity states, 179 H.264 video stream, 248 HID units, 314 impossible to establish video session error, 239 malfunction events, 170 offline video units, 236 playback video, 240 roles, 51 system health, 170 unstable entities, 171 video streams, 235 waiting for signal, 237 troushooting user logon, 679 twilight schedule, about, 104

U UI component Logical view, 85 UI element Home page, 14 Tools menu, 692 task workspace administration, 16 contextual command toolbar, 17 Unit discovery tool about, 653 adding

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

access control units, 265 video units, 196 Unit replacement, about, 654 unprotecting video files, 231 upgrading video unit firmware, 496 user about, 89, 93, 482 activating, 483 changing password, 10, 483 configuring, 93 controlling remote workstations, 487, 492 creating, 94 deactivating, 483 enabling task cycling, 485 entering personal information, 483 importing from Active Directory, 102 investigating activity, 182 limitations, archive viewing, 487, 492 limiting concurrent logons, 484 logon schedules, 484 password expiration, 484 setting level, 486, 491 setting privileges, 488 supervised log on, 487, 492 user group about, 89, 97, 489 configuring, 96 creating, 97 creating parent user groups, 98 members, 490 setting privileges, 493 user interaction options configuring, 685 displaying system messages, 686 exiting Security Desk, 687 renaming devices, 686 showing logical IDs, 686 updating public tasks, 686 user logon options, 679 troubleshooting, 679 user password changing, 10, 483 configuring expiration, 484 user privileges about, 99, 488 action privileges, 708 864

Index

administrative privileges, 697 application privileges, 695 configuring, 99 general privileges, 696 hierarchy, 99 inheriting, 100 partitions, 101 settings, 99 task privileges, 704 templates, 101 using Access troubleshooter, 323 Archiver failover, 227 Cardholder troubleshooter, 322 Copy configuration tool, 668 custom card formats, 287, 635 Door troubleshooter, 321 event-to-actions, 106 federated entities, 129 global search, 42 HID Discovery GUI utility, 783 macros, 110 ordinal patterns, 468 partitions, 91 redundant archiving, 227 scheduled tasks, 109 schedules, 103 search box, 42, 43 search tool, 43 Server Admin, 473 SSL connection, 606 Web-based SDK, 164

V video archive about, 224 archive database, 224 Archiver failover, 227 backing up, 227 encryption key, 230 failover load planning, 228 hardware failure protection, 227 managing, 224 protecting, 227 redundant archiving, 227 restoring, 227

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

routine cleanup protection, 229 storage, 224 storage failure protection, 227 tampering protection, 229 video display options, alarms, 355 video encoder, about, 368 video file changing protection status, 231 protecting, 231 searching, 233 unprotecting, 231 viewing properties, 233 video options configuring, 688 video protection, alarms, 356 video quality testing, 213 video quality, cameras, 370 video recording on alarms, 356 video stream automatic stream selection, 211 boosting recording quality, 212 configuring, 210 diagnosing, 235 organizing settings, 210 video unit about, 494 adding manually, 194 using Unit discovery tool, 196 advanced settings, 532 authenticating, 497 automatic discovery, 196 bit rate settings, 497 cannot add, 244 cannot delete, 247 command port, 497 discovery port, 497 discovery settings, 529 enabling UPnP, 497 IP address, 496 notification settings, 530 NTP settings, 532 peripherals configuring output pins, 498 microphone properties, 500 settings, 498 speaker properties, 499 865

Index

secure communication, 497 setting login credentials, 530 settings, 528 SSL settings, 531 troubleshooting offline units, 236 upgrading firmware, 496 viewing properties, 184 viewing access control unit events, 309 access control unit health events, 308 access rule configurations, 317 active task list, 485 archive storage details, 233 cardholder access rights, 325 cardholder properties, 318 credential properties, 319 entities, 85 health issues, 168 IO configurations, 310 license information from Config Tool, 769 from Server Admin, 770 report results, 723 system messages, 168 unit properties, 184 warnings, 168 virtual zone about, 161, 506 arming, 508 associating zone states to events, 508 configuring, 162 delaying arming, 508 evaluating zone state, 507 setting reactivation threshold, 508 Zone Manager, 507 See also zone visual options configuring, 683 taskbar, 683 visual tracking about, 388 configuring, 212

W Waiting for signal, error, 237 Walkthrough wizard

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

about, 271 launching, 272 modes, 272 purpose, 271 warning messages investigating, 170 viewing, 168 Watchdog, about, 478 Web page, linking to maps, 165 Web-based SDK about, 164, 605 determining Web service address, 606 using, 164 SSL connection, 606 Wiegand field, defining, 672 wiring diagrams HID Edge plus, 800 HID Edge reader, 800 HID VertX V1000, 801 HID VertX V2000, 802 wiring doors, 268 working with report pane, 29 tasks, 24

X XML exporting, 579 importing, 578

Y yellow state, entities, 85

Z zone about, 160 arming, 160 choosing zone type, 163 disarming, 160 hardware zone about, 161, 502 configuring, 162 IO linking, 160 managing, 160 866

Index

virtual zone about, 161, 506 configuring, 162 Zone Manager about, 161, 608 associating zones, 507 keeping events, 609

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

867

Where to find product documentation You can find our product documentation in the following locations:

• Installation package. The documentation is available in the Documentation folder of the installation package. Some of the documents also have a direct download link to the latest version of the document.

• Genetec Technical Assistance Portal (GTAP). The latest version of the documentation is available from the GTAP Documents page. Note, you’ll need a username and password to log on to GTAP.

• Help. Security Center client and web-based applications include help, which explain how the product works and provide instructions on how to use the product features. Patroller and the Sharp Portal also include context-sensitive help for each screen. To access the help, click Help, press F1, or tap the ? (question mark) in the different client applications.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

868

Technical support Genetec Technical Assistance Center (GTAC) is committed to providing its worldwide clientele with the best technical support services available. As a Genetec customer, you have access to the Genetec Technical Assistance Portal (GTAP), where you can find information and search for answers to your product questions.

• Genetec Technical Assistance Portal (GTAP). GTAP is a support website that provides indepth support information, such as FAQs, knowledge base articles, user guides, supported device lists, training videos, product tools, and much more. Prior to contacting GTAC or opening a support case, it is important to look at this website for potential fixes, workarounds, or known issues. You can log in to GTAP or sign up at https://gtap.genetec.com.

• Genetec Technical Assistance Center (GTAC). If you cannot find your answers on GTAP, you can open a support case online at https://gtap.genetec.com. For GTAC's contact information in your region see the Contact page at https://gtap.genetec.com. NOTE Before contacting GTAC, please have your System ID (available from the About button in your client application) and your SMA contract number (if applicable) ready.

• Licensing. 





For license activations or resets, please contact GTAC at https://gtap.genetec.com. For issues with license content or part numbers, or concerns about an order, please contact Genetec Customer Service at [email protected], or call 1-866-684-8006 (option #3). If you require a demo license or have questions regarding pricing, please contact Genetec Sales at [email protected], or call 1-866-684-8006 (option #2).

Additional resources If you require additional resources other than the Genetec Technical Assistance Center, the following is available to you:

• GTAP Forum. The Forum is an easy to use message board that allows clients and Genetec staff to communicate with each other and discuss a variety of topics, ranging from technical questions to technology tips. You can log in or sign up at https://gtapforum.genetec.com.

• Technical training. In a professional classroom environment or from the convenience of your own office, our qualified trainers can guide you through system design, installation, operation, and troubleshooting. Technical training services are offered for all products and for customers with a varied level of technical experience, and can be customized to meet your specific needs and objectives. For more information, go to http://www.genetec.com/Services.

gtap.genetec.com | Security Center Administrator Guide 5.2 EN.500.003-V5.2.C1(1) | Last updated: April 19, 2013

869

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF