Professional Documents
Culture Documents
Configuration User
Guide
PERPETUAL INNOVATION
OnGuard® 2010 Enterprise Setup & Configuration User Guide
Product version 6.4, item number DOC-500, revision 1.044, May 2010
Copyright © 1995-2010 Lenel Systems International, Inc. Information in this document is subject
to change without notice. No part of this document may be reproduced or transmitted in any form
or by any means, electronic or mechanical, for any purpose, without the express written
permission of Lenel Systems International, Inc.
Non-English versions of Lenel documents are offered as a service to our global audiences. We
have attempted to provide an accurate translation of the text, but the official text is the English
text, and any differences in the translation are not binding and have no legal effect.
The software described in this document is furnished under a license agreement and may only be
used in accordance with the terms of that agreement. Lenel and OnGuard are registered
trademarks of Lenel Systems International, Inc.
Microsoft, Windows, Windows Server, and Windows Vista are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries. Integral and
FlashPoint are trademarks of Integral Technologies, Inc. Crystal Reports for Windows is a
trademark of Crystal Computer Services, Inc. Oracle is a registered trademark of Oracle
Corporation. Other product names mentioned in this User Guide may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Portions of this product were created using LEADTOOLS © 1991-2010 LEAD Technologies, Inc.
ALL RIGHTS RESERVED.
OnGuard includes ImageStream® Graphic Filters. Copyright © 1991-2010 Inso Corporation. All
rights reserved. ImageStream Graphic Filters and ImageStream are registered trademarks of Inso
Corporation.
Enterprise Setup & Configuration User Guide
Table of Contents
Introduction .......................................................................13
Overview ......................................................................................................................... 21
Considerations/Recommendations ................................................................................. 21
revision 1 — 3
Table of Contents
Prerequisites ................................................................................................. 31
4 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 5
Table of Contents
Attach the Hardware Key (OnGuard License Server Computer Only) ............................ 84
6 — revision 1
Enterprise Setup & Configuration User Guide
Internet Information Services (IIS) for Windows Server 2003 ..................... 100
Internet Information Services (IIS) for Windows Server 2008 ..................... 102
revision 1 — 7
Table of Contents
8 — revision 1
Enterprise Setup & Configuration User Guide
Download All Cardholders to the New Regional Server Node ...................................... 129
Change the System Administrator Password for the Database .................. 147
Change the SYSTEM Account Password Using Database Setup ................................ 147
Write Down and Inform Administrators of the Password Change ................................. 148
revision 1 — 9
Table of Contents
Stop Replicator and All OnGuard Services on All Regional Server Nodes ................... 152
Manually Update SQL Server Data Sources to use SQL Server Native Client 10.0
Drivers ........................................................................................................................ 156
10 — revision 1
Enterprise Setup & Configuration User Guide
Appendices ......................................................................169
revision 1 — 11
Table of Contents
Running the License Server from the Command Line .................................................. 182
Index ...............................................................................................189
12 — revision 1
Introduction
Enterprise Setup & Configuration User Guide
Chapter 1: Overview
revision 1 — 15
1: Overview
AN W
AN
W
Badging
Mobile Badging Badging
Mobile Badging
WAN WAN
ISC ISC
Alarm Alarm
Readers Readers
Regional Server N-1 Regional Server N-2
Badging Badging
Mobile Badging Mobile Badging
16 — revision 1
Enterprise Setup & Configuration User Guide
• List Builder Entries. Entries in List Builder are capable of being modified
on a specific Regional Server Node. Using buildings and departments as an
example, two Regional Server Nodes representing California and New York
sites would be capable of setting up their own respective buildings and
departments at those particular Nodes.
revision 1 — 17
1: Overview
Terms to Know
• Replication Administration. An application that provides centralized
management and configuration of Enterprise systems and mobile stations. It
is available in both the Enterprise and standard versions of OnGuard, and the
software license determines whether the database can be configured as an
Enterprise system or a mobile station. On an Enterprise system, it is used to
manage the Master Server Node, Regional Server Nodes, and mobile
stations from one location. On a standard system, it is used to manage all
mobile stations.
18 — revision 1
Enterprise Setup & Configuration User Guide
We strongly advise you to read through the entire user guide before proceeding,
in order to understand how the system components and processes interact with
one another.
DO NOT RESTORE any Master, Regional Server, or Distributed ID database! This will
Warning likely corrupt the entire multiple server Enterprise due to the interaction between each
database. DO NOT RESTORE any database without first contacting Lenel.
revision 1 — 19
1: Overview
20 — revision 1
Enterprise Setup & Configuration User Guide
Overview
With multi-level Enterprise implementation, the system can grow rapidly to
include multiple geographically-located sites. The ability to determine object
locations based on well-planned standards and naming conventions is an
important consideration in regard to customer satisfaction and ease of use. As
such, a Standards & Conventions Team should be appointed to manage the
creation and enforcement of a Naming Convention as well as hardware and
software installation standards.
Considerations/Recommendations
Minimum recommendations should include at least a 2-3 character Master/
Regional Server Node prefix, followed by a 2-3 character segment prefix, and
then followed by a descriptive name for the object. Other options can include
detailed object names for each individual OnGuard object, i.e. ISC, readers,
alarm input, alarm output, access level, etc. This topic is covered in depth in the
Professional Engineering Service’s “Enterprise Planning Session” and Lenel
strongly recommends the full implementation of established guidelines.
revision 1 — 21
2: Before Installing an Enterprise Master or Regional Server Node
Database Planning
It is important to be able to determine the storage space for both the Master and
Regional Server databases so that the correct server hardware can be purchased.
An ODBC DSN will need to be created from each Regional Server Node to the
Master Server Node. These ODBC DSNs are created when a database is
configured as a Regional Server Node. Use the “Create New ODBC Data
Source” option when configuring the Regional Server Node or Distributed ID
Mobile Station.
If using Windows 7, Windows Server 2008, or Windows Vista with UAC turned
on, when you create ODBC data sources you will be prompted to allow or deny
the command. If you are running the application with a Windows account that
does not have administrator permissions you will be prompted for administrator
credentials.
22 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 23
2: Before Installing an Enterprise Master or Regional Server Node
• To log into a mobile unit because you have to actually see the transactions
• To do something simple and specific to a Regional Server Node, such as
view transactions or modify a transaction
• If you don’t have access to the Master
24 — revision 1
Enterprise Setup & Configuration User Guide
This chapter outlines the process for setting up Enterprise systems and
Distributed ID Management systems.
1. Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2. Install and Configure the Database Software.
• SQL Server 2008 users: For more information, refer to Chapter 4:
Microsoft SQL Server 2008 on page 31.
• Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 39.
3. Install the OnGuard 2010 Enterprise software.
a. Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
For detailed installation instructions, refer to Chapter 9: Installing
OnGuard 2010 Enterprise on page 81. After OnGuard 2010 Enterprise
has been installed, the Enterprise Master Server Node features can be
enabled.
b. Attach the hardware key on the OnGuard License Server computer. For
more information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 84.
c. Install the software license for this computer. For more information,
refer to the Installation Guide.
d. Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 86.
4. Configure the server to be a(n) OnGuard Enterprise Master. For more
information, refer to Configure the Master Server Node Database on
page 120.
revision 1 — 25
3: Server Configuration Overview
1. Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2. Install and Configure the Database Software.
• SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.
• Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 39.
3. Install the OnGuard 2010 Enterprise software.
a. Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
For detailed installation instructions, refer to Chapter 9: Installing
OnGuard 2010 Enterprise on page 81. After OnGuard 2010 Enterprise
has been installed, the Regional Server Node features can be enabled.
b. Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 84.
c. Install the software license for this computer. For more information,
refer to the Installation Guide.
d. Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 86.
4. Configure the server to be a(n) OnGuard Regional Server Node. For more
information, refer to Configure the Regional Server Node Database on
page 124.
5. Download all cardholders to the new Regional Server Node. For more
information, refer to Download All Cardholders to the New Regional Server
Node on page 129.
6. Optional: Schedule Replicator to run automatically.
26 — revision 1
Enterprise Setup & Configuration User Guide
1. Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2. Configure the computer for TCP/IP.
3. Install and Configure the Database Software.
• SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.
• Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 39.
4. Install the OnGuard 2010 Enterprise software.
a. Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
For detailed installation instructions, refer to Chapter 9: Installing
OnGuard 2010 Enterprise on page 81. After OnGuard 2010 Enterprise
has been installed, the Distributed ID Master Server features can be
enabled.
b. Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 84.
c. Install the software license for this computer. For more information,
refer to the Installation Guide.
d. Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 86.
5. Configure the server to be a Distributed ID Master Server. For more
information, refer to Configure a Distributed ID Master Server on page 136.
6. Using the System Administration software, define your access control
system hardware and monitoring environment. (For more information, refer
to the System Administration and Alarm Monitoring User Guides.)
revision 1 — 27
3: Server Configuration Overview
1. Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2. Configure the computer for TCP/IP.
3. Install and Configure the Database Software.
• SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.
• Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 39.
4. Install the OnGuard 2010 Enterprise software.
a. Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
For detailed installation instructions, refer to Chapter 9: Installing
OnGuard 2010 Enterprise on page 81. After OnGuard 2010 Enterprise
has been installed, the Distributed ID Mobile client features can be
enabled.
b. Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 84.
c. Install the software license for this computer. For more information,
refer to the Installation Guide.
d. Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 86.
5. Configure the server to be a Distributed ID Mobile client.
6. Using the System Administration software, define your access control
system hardware and monitoring environment. (For more information, refer
to the System Administration and Alarm Monitoring User Guides.)
28 — revision 1
Database
Management
Systems
Enterprise Setup & Configuration User Guide
OnGuard 2010 supports Microsoft SQL Server 2008. There are several editions
of SQL Server 2008; refer to the release notes for specific support information.
SQL Server 2008 Express Edition can be installed automatically during the
OnGuard installation or upgrade process. During the OnGuard installation or
upgrade process an option is presented asking if you would like to install SQL
Server 2008 Express Edition.
Important: If you have SQL Server 2005 Express installed on your system, the database
software will not be automatically upgraded during the OnGuard upgrade. If
you want to upgrade your database software, instructions for upgrading from
SQL Server 2005 Express to SQL Server 2008 Express are provided in this
chapter.
Note: When installing SQL Server 2008 on a computer running Windows Vista
you may receive warning messages if specific IIS components are disabled
which many of them are by default. For information on how to enable these
components refer to http://support.microsoft.com/kb/920201.
The following sections will show you how to install and upgrade SQL Server.
• SQL Server 2008 Express Edition on page 32.
– Installing SQL Server Management Tools on page 33
• SQL Server 2008 Standard Edition on page 33.
Prerequisites
The following prerequisites are required prior to installing SQL Server 2008. If
SQL Server 2008 Express is installed by the OnGuard installation, .NET
Framework and Windows Installer will be installed automatically.
• Microsoft .NET Framework 3.5 SP1
• Microsoft Windows Installer 4.5 or later
• Microsoft Windows PowerShell 1.0
Note: Windows PowerShell can be downloaded from the Microsoft Web site: http:/
/www.microsoft.com/windowsserver2003/technologies/management/
powershell/download.mspx.
revision 1 — 31
4: Microsoft SQL Server 2008
Important: SQL Server 2008 Express Edition can be installed or upgraded from MSDE
automatically during the OnGuard installation process. Manual instructions
are provided for upgrading from SQL Server 2005 Express in the following
section.
Important: When installing on Windows Vista, you may be presented with a user
account control dialog box asking you to click continue to proceed with the
installation. You must click continue to proceed with the installation.
32 — revision 1
Enterprise Setup & Configuration User Guide
8. In the Select Instance window, select the existing SQL Server installation
from the drop-down and click [Next].
9. In the Select Features window, click [Next].
10. In the Instance Configuration window, click [Next].
11. Review the Disk Space Requirements information and click [Next] if you
have sufficient space.
12. In the Error and Usage Report Settings window, deselect both options. Click
[Next].
13. The Upgrade Rules window will determine if there are any barriers to the
installation process. If there are no failures, click [Next].
14. In the Ready to Upgrade window, click [Upgrade] to begin the installation.
15. Once the setup process is complete, you will be notified that you need to
restart your computer to complete the process. Click [OK] to close the
message, then click [Next].
16. In the Complete window, click [Close] to exit.
17. You will receive another message to remind you to restart your computer.
Your computer will not automatically be restarted; you must manually restart
your computer to complete the upgrade process.
Installation Steps
To perform the installation, complete the following steps:
revision 1 — 33
4: Microsoft SQL Server 2008
Upgrade Steps
• Installing SQL Server 2008 on page 34.
• Set Memory Usage on page 37.
Note: SQL Server 2008 setup requires Microsoft .NET Framework 3.5 SP1 and
Windows Installer 4.5. If you do not have these prerequisites prior to
installing SQL Server 2008, the setup will prompt you before installing
them.
34 — revision 1
Enterprise Setup & Configuration User Guide
Note: For upgrades these features may already be selected and it may not be
possible to change the selections.
c. Click [Next].
9. In the Instance Configuration window:
• For new installations, select Default instance and click [Next].
• For upgrades, the Named instance should already be selected. Click
[Next].
10. Review the Disk Space Requirements information and click [Next] if you
have sufficient space.
11. The Server Configuration window is displayed.
• For new installations, select “NT AUTHORITY\SYSTEM” from the
Account Name column drop-down for SQL Server Agent and SQL
Server Database Engine. Click [Next].
• For upgrades, click [Next].
12. Upgrade only: In the Full-text Upgrade window, click [Next].
13. Installation only: In the Database Engine Configuration window:
a. Select the Mixed Mode radio button.
b. Enter and confirm a password for the SQL Server system administrator
account.
c. Click [Add].
d. In the Select Users or Groups window, click [Advanced].
e. Change the From this location field to the local machine by clicking
[Locations] and selecting the local machine from the list.
f. Click [Find Now], then select Administrators from the Search results
listing window.
g. Click [OK], then click [OK] again to close the Select Users or Groups
window.
h. The BUILTIN\Administrators group should now appear in the Specify
SQL Server administrators listing window. Click [Next].
14. In the Error and Usage Report Settings window, deselect both options. Click
[Next].
15. The Installation Rules or Upgrade Rules window will determine if there are
any barriers to the installation process. If there are no failures, click [Next].
16. In the Ready to Install or Ready to Upgrade window, click [Install] or
[Upgrade] to begin the installation.
17. After all installation progress has completed, click [Next].
18. In the Complete window, click [Close].
revision 1 — 35
4: Microsoft SQL Server 2008
19. Reboot the computer, even if you are not prompted to do so. This completes
the installation of SQL Server 2008. You can now go on to configure SQL
Server 2008.
1. Click the Windows Start button, then select All Programs > Microsoft SQL
Server 2008 > SQL Server Management Studio to start the SQL Server
Management Studio.
2. Select your method of authentication, provide credentials if required, and
click [Connect].
3. In the Object Explorer pane, expand the Databases folder. Right-click the
Databases folder and select New Database.
4. The New Database window is displayed. On the General page:
a. In the Database name field, type ACCESSCONTROL (this is case-
insensitive).
b. Set the Initial Size (MB) of the Data file to 50.
c. Set the Initial Size (MB) of the Log file to 10.
d. Scroll to the right in the Database files listing window and click the
browse button in the Autogrowth column of the log file row.
e. Select the Restricted File Growth (MB) radio button and set a
maximum log file size. The recommended maximum log file size is
2048.
f. Click [OK].
5. Select the Options page from the Select a page pane.
a. Change the Recovery model drop-down to “Simple”.
b. Change the Compatibility level drop-down to “SQL Server 2005 (90)”.
c. In the Other options list view, set the Auto Shrink, Auto Update
Statistics, Auto Create Statistics, and Recursive Triggers Enabled
drop-downs to “True”.
d. Click [OK].
Create a Login
1. In the Object Explorer pane of the SQL Server Management Studio, expand
the Security folder.
2. Right-click the Logins folder and select New Login.
3. In the General page of the Login window:
a. In the Login name field, type LENEL.
b. Select the SQL Server authentication radio button.
• For Password, type MULTIMEDIA.
• For Confirm password, type MULTIMEDIA.
36 — revision 1
Enterprise Setup & Configuration User Guide
Note: If you choose to select the Enforce password expiration check box, you
will be required by SQL Server to select a new login password at regular
intervals. When the login password is changed by SQL Server, it must also
be updated with the Lenel Login Driver. Failure to update the Login driver
will cause OnGuard not to function properly.
1. In the Object Explorer pane of the SQL Server Management Studio, right-
click on the OnGuard database and select New Query.
2. A query tab is displayed.
a. In the text window, type sp_changedbowner lenel
b. Press <F5> to execute the command.
c. The message “Command(s) completed successfully” is displayed in the
Messages tab.
3. Click the close (“X”) button to close the query tab, then click [No] when
prompted if you want to save the changes.
1. In the Object Explorer pane of the SQL Server Management Studio, right-
click on the database engine <ServerName> and select Properties.
2. Select the Memory option on the Select a page pane.
3. Set the Maximum server memory (in MB) option to be roughly one half of
your system’s actual memory. This will make sure that the database does not
use your entire system’s memory, which would needlessly slow down your
system.
revision 1 — 37
4: Microsoft SQL Server 2008
4. Click [OK].
Note: This procedure requires that the Recovery Model is set to “Simple” in the
Database Properties > Options page.
1. In the Object Explorer pane of the SQL Server Management Studio, right-
click the OnGuard database, then select Tasks > Shrink > Files.
2. The Shrink File window is displayed.
a. In the File type drop-down, select “Log”.
b. Select the Release unused space radio button.
c. Click [OK].
38 — revision 1
Enterprise Setup & Configuration User Guide
The following overview and instructions are for a standard Oracle 10g 10.2.0.1.0
Server installation. If your Oracle installation includes any customization or non-
default selections, your procedures will differ from those provided in this chapter.
Please make adjustments accordingly. If you are installing a different version of
Oracle or are installing Oracle on a different version of Windows, your windows
may be different.
Note: As a general warning, when installing and configuring Oracle 10g do not
close any Oracle windows while a program is running. Doing so can result in
configuration errors and loss of data. Instead, utilize the Oracle close or
cancel buttons.
Note: Oracle client must be installed on any machine running OnGuard. Oracle
client installs tools which are necessary for OnGuard to connect to the
database. This means if your Oracle server and OnGuard server are located
on the same machine, Oracle client must also be installed.
Important: If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.
revision 1 — 39
5: Installing & Configuring Oracle 10g Server Software
1. Install Oracle 10g (For more information, refer to Step 1: Install Oracle 10g
Server Software on page 42.)
Key points:
a. Install Oracle 10g Server from the Oracle 10g Server disc.
b. Use the default Oracle Home location.
c. Allow Oracle to make the path modifications in the registry.
d. Select the “Enterprise Edition” installation type.
e. Do not create a starter database during the installation.
2. Install the latest approved patch sets. Refer to the Lenel Web site for more
information.
3. Create the Lenel database. (For more information, refer to Step 3: Create the
Lenel Database on page 43.)
• In Oracle Database Configuration Assistant select “Create a database.”
• Select the “Custom Database” template.
• Specify the Global Database Name.
• Deselect all database components including the standard database
configuration features.
Note: If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
40 — revision 1
Enterprise Setup & Configuration User Guide
Notes: To change the database size, double-click the size field, enter the number of
M Bytes, and click [OK].
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 7: Create the Lenel User on page 56.)
USERS LENEL_DATA 50
TEMP LENEL_TEMP 50
SYSTEM SYSTEM 50
UNDOTBS1 UNDOTBS1 50
4. Run the Net Configuration Assistant. (For more information, refer to Step 4:
Run the Net Configuration Assistant on page 49.) Type LENEL as the New
Service Name.
5. Verify that the system works. (For more information, refer to Step 5: Verify
the System is Working on page 54.)
6. Install OnGuard 2010 Enterprise. (For more information, refer to Step 6:
Install OnGuard 2010 Enterprise on page 56.) DO NOT RUN DATABASE
SETUP YET!
7. Create the Lenel user by running the LenelUser.ora script, located in
C:\Program Files\OnGuard\DBSetup\New. (For more information, refer
to Step 7: Create the Lenel User on page 56.)
a. Log into SQL Worksheet using the SYSTEM account.
b. Load the LenelUser.ora script into SQL Worksheet and run it.
Note: Remember that if you changed the name of the LENEL_DATA and/or
LENEL_TEMP data spaces, you must change the defDataSpace and
revision 1 — 41
5: Installing & Configuring Oracle 10g Server Software
42 — revision 1
Enterprise Setup & Configuration User Guide
Note: The installation process may take several minutes or more depending on
your system resources.
1. Click the Windows Start button, then select Programs > Oracle -
OraDB10g_home1 > Configuration and Migration Tools > Database
Configuration Assistant. This launches the Oracle Database Configuration
Assistant.
2. The Welcome window is displayed. Click [Next].
3. The Operations window is displayed.
a. Verify the Create a database radio button is selected.
b. Click [Next].
revision 1 — 43
5: Installing & Configuring Oracle 10g Server Software
Note: The Change database configuration and Delete a database options are
enabled only if you have an existing database.
Note: Selecting a template that does not include datafiles gives you full control to
specify and change every database parameter.
b. Click [Next].
44 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 45
5: Installing & Configuring Oracle 10g Server Software
Note: If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
d. Click [Next].
12. The Initialization Parameters window is displayed.
a. Choose memory allocation settings that best suit your needs.
b. Select the Connection Mode tab.
c. Select the Dedicated Server Mode radio button.
d. Click [Next].
13. The Database Storage window is displayed.
a. Expand the tablespace tree.
b. Highlight any tablespace name.
14. Rename the tablespaces and specify a reasonable size for holding the
OnGuard information.
a. Enter the new tablespace name in the Name field.
b. Double-click the Size field.
The following table suggests appropriate tablespace names and minimum
sizes.
USERS LENEL_DATA 50
TEMP LENEL_TEMP 50
SYSTEM SYSTEM 50
UNDOTBS1 UNDOTBS1 50
46 — revision 1
Enterprise Setup & Configuration User Guide
Note: You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 7: Create the Lenel User on page 56.)
15. When you double-click the Size field, the Edit Datafile window is displayed.
To continue changing the tablespace size:
a. Enter the new size.
b. Click [OK].
revision 1 — 47
5: Installing & Configuring Oracle 10g Server Software
48 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 49
5: Installing & Configuring Oracle 10g Server Software
50 — revision 1
Enterprise Setup & Configuration User Guide
b. Click [Next].
revision 1 — 51
5: Installing & Configuring Oracle 10g Server Software
52 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 53
5: Installing & Configuring Oracle 10g Server Software
54 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 55
5: Installing & Configuring Oracle 10g Server Software
56 — revision 1
Enterprise Setup & Configuration User Guide
perform a custom install of the Oracle Client software and select the Enterprise
Manager 10g Java Console.
1. Click the Windows Start button, then select Programs > Oracle -
OraDB10g_home1 > Application Development > SQLPlus Worksheet.
2. Log in using the system account.
a. Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 48.)
b. Verify “Normal” is selected for Connect As.
c. Click [Close].
3. Verify Oracle connects properly. You should see “Connected” in the display
box, as shown.
revision 1 — 57
5: Installing & Configuring Oracle 10g Server Software
Note: Remember that if you changed the name of the LENEL_DATA and/or
LENEL_TEMP data spaces, you must change the defDataSpace and
defTempSpace variables in the LenelUser.ora script to the appropriate
tablespace names before running the script.
a. Select the File > Open menu option. The script loads into Oracle
SQLPlus Worksheet.
b. Navigate to C:\ Program Files\OnGuard\DBSetup\New.
c. Select LenelUser.ora.
Note: If the file is not displayed, type “*.ora” in the Filename field and click
[Open].
5. Verify there were no errors. You should see the following text:
“User created.”
58 — revision 1
Enterprise Setup & Configuration User Guide
“Grant succeeded.”
“Commit complete.”
For more information, refer to the Database Authentication for the Web
Applications chapter in the Installation Guide.
Note: If Windows single sign-on is used for database authentication, you must be
logged in as the domain user specified during the Oracle user creation.
revision 1 — 59
5: Installing & Configuring Oracle 10g Server Software
60 — revision 1
Enterprise Setup & Configuration User Guide
Important: If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.
Important: If installing the 64-bit version of Oracle you must also install the 32-bit
version of the client tools or OnGuard will not work properly.
1. Insert the Oracle 10g Client disc in your disc drive. This will launch the
Autorun program. Alternately you may launch the installation by executing
the setup.exe file on the disc.
2. Click [Install/Deinstall Products].
3. The Welcome window is displayed. Click [Next].
4. The Select Installation Type window is displayed.
a. Select the Administrator radio button.
b. Click [Next].
5. The Specify Home Details window is displayed.
a. Use the default settings or specify a different destination location.
b. Click [Next].
6. The Product-Specific Prerequisite Checks window is displayed.
a. Verify that the requirements are met.
b. Click [Next].
7. Review the summary and click [Install].
Note: The installation process may take several minutes or more depending on
your system resources.
revision 1 — 61
6: Configuring Oracle 10g Client Software
Note: If you are installing Oracle Client as part of the Oracle Server installation
instructions, you may click cancel and return to step Step 2: Install the Latest
Approved Patch Sets on page 43.
10. In the Service Name window, enter the global database name and click
[Next].
62 — revision 1
Enterprise Setup & Configuration User Guide
11. In the Select Protocols window, verify that TCP is highlighted and click
[Next].
12. In the Host name field, type the name of the computer that Oracle is
installed on, and then click [Next].
13. Select the Yes, perform a test radio button and click [Next].
14. The [Change Login] button window is displayed.
a. Click [Change Login].
b. Enter the LENEL user credentials for the Oracle database.
c. Click [OK].
15. After successfully testing the service, click [Next].
16. Verify the Net Service Name is “LENEL”, and then click [Next].
17. Select the No radio button, and click [Next].
18. Click [Next] through the remaining messages and then click [Finish].
19. The original installation window displays a completed message. Click
[Exit].
20. Install the latest approved Patch Set. The list of approved patch sets can be
found on the Lenel Web site at: http://www.lenel.com/support/downloads/
onguard#compatibility-charts.
revision 1 — 63
6: Configuring Oracle 10g Client Software
64 — revision 1
Enterprise Setup & Configuration User Guide
The following overview and instructions are for a standard Oracle 11g
Server installation. If your Oracle installation includes any customization
or non-default selections, your procedures will differ from those provided
in this chapter. Please make adjustments accordingly. If you are installing
a different version of Oracle or are installing Oracle on a different version
of Windows, your windows may be different.
Note: As a general warning, when installing and configuring Oracle 11g do not
close any Oracle windows while a program is running. Doing so can result in
configuration errors and loss of data. Instead, utilize the Oracle close or
cancel buttons.
Note: If the OnGuard server is not located on the same computer as Oracle 11g
Server, then Oracle 11g Client must be installed on the OnGuard server to
allow it to connect to the database. Oracle 11g Client must also be installed
on all OnGuard clients.
Important: If installing the 64-bit version of Oracle you must also install the 32-bit
version of the client tools or OnGuard will not work properly.
Important: If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.
Important: You cannot install Oracle 11g on a server with the IP address set to DHCP.
revision 1 — 65
7: Installing & Configuring Oracle 11g Server Software
1. Install Oracle 11g (For more information, refer to Step 1: Install Oracle 11g
Server Software on page 68.)
Key points:
a. Install Oracle 11g Server from the Oracle 11g Server disc.
b. Allow Oracle to make the path modifications in the registry.
c. Select the Basic Installation method.
d. Select the “Enterprise Edition” installation type.
e. Do not create a starter database during the installation.
2. Install the latest approved patch sets. Refer to the Lenel Web site for more
information.
3. Create the Lenel database. (For more information, refer to Step 3: Create the
Lenel Database on page 70.)
• In Oracle Database Configuration Assistant select “Create a database.”
• Select the “Custom Database” template.
• Specify the Global Database Name.
• Deselect all database components including the standard database
configuration features.
Note: If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
• On the Memory tab, select “Custom” and use the default values for
shared pool, buffer cache, and java pool.
• Rename the database storage files and expand their sizes to match the
table below.
66 — revision 1
Enterprise Setup & Configuration User Guide
Notes: To change the database size, double-click the size field, enter the number of
M Bytes, and click [OK].
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 6: Create the Lenel User on page 74.)
USERS LENEL_DATA 50
TEMP LENEL_TEMP 50
SYSTEM SYSTEM 50
UNDOTBS1 UNDOTBS1 50
4. Run the Net Configuration Assistant. (For more information, refer to Step 2:
Run the Net Configuration Assistant on page 70.) Type LENEL as the New
Service Name.
5. Verify that the system works. (For more information, refer to Step 4: Verify
the System is Working on page 74.)
6. Install OnGuard 2010. (For more information, refer to Step 5: Install
OnGuard 2010 on page 74.) DO NOT RUN DATABASE SETUP YET!
7. Create the Lenel user by running the LenelUser.ora script, located in
C:\Program Files\OnGuard\DBSetup\New. (For more information, refer
to Step 6: Create the Lenel User on page 74.)
a. Log into SQL Worksheet using the SYSTEM account.
b. Load the LenelUser.ora script into SQL Worksheet and run it.
Note: Remember that if you changed the name of the LENEL_DATA and/or
LENEL_TEMP data spaces, you must change the defDataSpace and
revision 1 — 67
7: Installing & Configuring Oracle 11g Server Software
68 — revision 1
Enterprise Setup & Configuration User Guide
Note: The installation process may take several minutes or more depending on
your system resources.
revision 1 — 69
7: Installing & Configuring Oracle 11g Server Software
70 — revision 1
Enterprise Setup & Configuration User Guide
Note: The Change database configuration and Delete a database options are
enabled only if you have an existing database.
Note: Selecting a template that does not include datafiles gives you full control to
specify and change every database parameter.
b. Click [Next].
revision 1 — 71
7: Installing & Configuring Oracle 11g Server Software
Note: If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
d. Click [Next].
12. The Initialization Parameters window is displayed. Make your choices and
click [Next].
13. The Security Settings window is displayed.
a. Select the Revert to pre-11g default security settings radio button.
b. Select the Revert audit settings to pre-11g defaults check box.
c. Select the Revert password profile settings to pre-11g defaults check
box.
14. Next choose whether to enable automatic maintenance tasks. Click [Next].
15. The Database Storage window is displayed.
a. Expand the tablespace tree.
b. Highlight any tablespace name.
16. Rename the tablespaces and specify a reasonable size for holding the
OnGuard information.
a. Enter the new tablespace name in the Name field.
b. Double-click the Size field.
The following table suggests appropriate tablespace names and minimum
sizes.
USERS LENEL_DATA 50
TEMP LENEL_TEMP 50
SYSTEM SYSTEM 50
UNDOTBS1 UNDOTBS1 50
72 — revision 1
Enterprise Setup & Configuration User Guide
Note: You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 6: Create the Lenel User on page 74.)
17. When you double-click the Size field, the Edit Datafile window is displayed.
To continue changing the tablespace size:
a. Enter the new size.
b. Click [OK].
18. After Database Storage configuration is complete, click [Next].
19. The Creation Options window is displayed.
a. Verify the Create Database check box is selected.
b. Click [Finish].
20. The Confirmation window is displayed. Click [OK].
21. The Database Configuration Assistant window is displayed.
a. Click [Password Management] to manage your passwords.
b. Click [Exit], and the database will be created.
revision 1 — 73
7: Installing & Configuring Oracle 11g Server Software
74 — revision 1
Enterprise Setup & Configuration User Guide
Oracle server, you may perform a custom install of the Oracle Client
software and select the Enterprise Manager 11g Java Console.
1. Click the Windows Start button, then select Programs > Oracle -
OraDB11g_home1 > Application Development > SQLPlus Worksheet.
2. Log in using the system account.
a. Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 73.)
b. Verify “Normal” is selected for Connect As.
c. Click [Close].
3. Verify Oracle connects properly. You should see “Connected” in the display
box.
4. Run the script.
Note: Remember that if you changed the name of the LENEL_DATA and/or
LENEL_TEMP data spaces, you must change the defDataSpace and
defTempSpace variables in the LenelUser.ora script to the appropriate
tablespace names before running the script.
a. Select the File > Open menu option. The script loads into Oracle
SQLPlus Worksheet.
b. Navigate to C:\ Program Files\OnGuard\DBSetup\New.
c. Select LenelUser.ora.
Note: If the file is not displayed, type “*.ora” in the Filename field and click
[Open].
revision 1 — 75
7: Installing & Configuring Oracle 11g Server Software
Note: If Windows single sign-on is used for database authentication, you must be
logged in as the domain user specified during the Oracle user creation.
76 — revision 1
Enterprise Setup & Configuration User Guide
Important: If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.
Important: If installing the 64-bit version of Oracle you must also install the 32-bit
version of the client tools or OnGuard will not work properly.
1. Insert the Oracle 11g Client disc in your disc drive. This will launch the
Autorun program. Alternately you may launch the installation by executing
the setup.exe file on the disc.
2. The Welcome screen is displayed. Click [Next].
3. The Select Installation Method screen is displayed.
a. Select the Administrator radio button.
b. Click [Next].
4. The Product-Specific Prerequisite Checks window is displayed.
a. Verify that the requirements are met.
b. Click [Next].
5. The Install Location screen is displayed.
a. Verify the Oracle base and software location information is correct.
b. Click [Next].
6. The Product-Specific Prerequisite Check screen is displayed.
a. Verify that the prerequisistes are met.
b. Click [Next].
7. Review the summary and click [Install]. The installation process may take
several minutes or more depending on your system resources.
8. The Oracle Net Configuration Assistant: Welcome screen is displayed. Click
[Next].
9. When the Oracle Net Configuration installation is complete, click [Finish].
revision 1 — 77
8: Configuring Oracle 11g Client Software
78 — revision 1
OnGuard
Installation and
Configuration
Enterprise Setup & Configuration User Guide
Note: Internet Information Services (IIS) is required for use of the web
applications, but is not included on the Supplemental Materials disc. IIS can
be installed from Control Panel > Add or Remove Programs > Add/
Remove Windows Components. The Windows installation disc may be
required.
Installation Procedures
revision 1 — 81
Installing OnGuard 2010 Enterprise
setup.exe from the disc drive. Alternatively, you can navigate to the disc
manually and then run setup.exe.
3. The Microsoft .NET Framework 3.5 SP1 installation wizard begins. Click
[Install] to begin installation. Microsoft .NET Framework 3.5 SP1 must be
installed for some OnGuard features to work correctly.
4. When prompted, read the Software License Agreement. If you agree to its
terms:
a. Select the I accept the license agreement radio button.
b. Click [Server] or [Client], depending on the computer on which you are
installing.
5. Next, you will be prompted to enter the system type information:
• If you want to install the typical installation features which are pre-
selected in the setup program, select the Typical System radio button..
• If you want to include or exclude certain features, select the Custom
System radio button. With this option selected, a window is displayed
allowing you to select your features. You must do a custom install to use
the browserbased clients. Before installing browser-based applications
your system must have IIS installed and meet other requirements.
Installing the browser-based applications without meeting the proper
requirements may result in major system problems. For more
information, refer to Configuring the Web Application Server on
page 99.
6. Select the database type that your access control system will use.
7. Click [Next].
8. The System Location Information window will be displayed.
• Either accept the default installation directory or click [Browse] and
specify a different destination folder.
• Accept the default location of the License Server or click [Browse] and
specify a different location.
• In the Port field, enter the number of the port to be used for access
control system communication. It is recommended that you accept the
default value of 8189.
Notes: If you accept the default port setting of 8189, it is written into the ACS.INI
file. If you want to enter a port setting other than 8189, it is written into both
the ACS.INI file AND the
…OnGuard\LicenseServerConfig\Server.Properties file. This file will
only be created during the install if the port setting is changed. If you want to
change the port setting in the ACS.INI file after the installation (either to a
82 — revision 1
Enterprise Setup & Configuration User Guide
new setting or back to 8189), then you must also change it in the
Server.Properties file.
To make changes in the ACS.INI file on a Windows Vista or Windows 7 computer
you must right-click on the ACS.INI file and run it as The Administrator.
Notes: Click the name of a feature on the left to display its description on the right.
Below the Feature Description the disk space requirements of the selected
feature are displayed.
10. Click the icon to the left of a feature to display a popup menu of installation
choices for that feature. Click [Next].
11. Click [Install] to begin the installation.
12. A check is performed behind-the-scenes to determine if a language pack is
installed. If an old language pack is installed, the following message is
displayed:
• If you wish to cancel the installation and remove the language pack by
yourself, click [Cancel].
• If you wish to remove the language pack and continue the installation,
click [Remove & Continue].
13. After Windows configures OnGuard, the status and progress bar will be
updated.
Important: Lenel software requires certain security adjustments to the operating system to
function more securely. If needed, the Security Utility runs during installation. Please
review the Security Utility release notes provided prior to running this utility, which
then makes these adjustments automatically. Upon agreeing to this disclaimer, the
user is assuming responsibility for any security issues that may occur due to these
revision 1 — 83
Installing OnGuard 2010 Enterprise
A hardware key is only needed on the server running License Server. Each client
computer running OnGuard 2010 Enterprise uses a software license instead of a
hardware key.
Note: If you are using a software license you do not need to configure a hardware key nor
must you install Sentinel drivers. For more information, refer to Install Your
OnGuard License on page 86.
If you are using a hardware key that attaches to the parallel port, no special
configuration is needed for the hardware key; simply attach the hardware key to
the parallel port.
If you are using a hardware key that attaches to the USB port, then you must
install a driver in order for Windows to recognize the device.
Important: You must install the driver for the hardware key BEFORE attaching the USB
hardware key to the computer.
84 — revision 1
Enterprise Setup & Configuration User Guide
1. Install the SafeNet USB hardware key driver by doing the following:
a. Navigate to the SafeNet directory on the Supplemental disc and then double-
click the .exe file. This can be found by navigating through the following
folders on the supplemental disc: /License Key Drivers/SafeNet.
b. The InstallShield Wizard starts. Click [Next].
c. The wizard continues, and the License Agreement window opens.
Select the I accept the terms in the license agreement radio button,
and then click [Next].
d. The wizard continues, and the Setup Type window opens. Select the
Custom radio button, and then click [Next].
e. The Custom Setup window opens. Make sure only the Parallel Driver
and the USB System Driver get installed. You do not need to install any
of the Sentinel Servers. Click on both the Sentinel Protection Server and
Sentinel Keys Server and select, “This feature will not be available.”
[Click Next].
f. Click [Install].
g. The wizard completes. Click [Finish] to exit.
2. Install the USB hardware key by doing the following:
a. Attach the USB hardware key to any available USB port.
b. The Found New Hardware wizard starts. Click [Next].
c. The hardware is detected, and the Found New Hardware wizard
completes. Click [Finish]. The hardware key is now configured and
ready to be used.
3. Depending on your configuration, you may need to restart your comuter so
that License Administration recognizes the hardware key. Otherwise, you
may receive an error in License Administration saying that the necessary
hardware device was not found.
Configure Authentication
An authentication method with the database must be configured for browser-
based applications to work properly. Create an account in both Windows and the
database system for use with single sign-on authentication. For more
information, refer to Chapter 10: Database Authentication for Web Applications
on page 91.
revision 1 — 85
Installing OnGuard 2010 Enterprise
Important: The Security Utility also needs to be run whenever any update to the
operating system takes place.
1. Click Start > Programs > OnGuard 2010 > Security Utility.
2. Click [More Info] to review the Security Utility release notes.
3. Click [Agree] if you agree with the disclaimer notice.
4. Follow the on screen instructions and click [Apply] when ready.
86 — revision 1
Enterprise Setup & Configuration User Guide
Licenses for Hardware: Hardware licenses are based on the number of con-
trollers for a given panel class. For example, instead of having different licenses
for different types of panels in the same class (such as fire) a single license covers
all the different panels that are in the same class.
Important: In order for the alarm to be reported to monitoring stations there must be at
least one panel configured and marked online. The panel does not need to
exist or actually be online in Alarm Monitoring, it simply needs to exist in
the System Status view.
3. In the Username field, type a valid username. When logging in for the first
time, the Username is admin.
4. In the Password field, type a valid password that corresponds to the
username entered. When logging in for the first time, the password is admin.
5. Click [Log In]. The License Administration options will be displayed.
revision 1 — 87
Installing OnGuard 2010 Enterprise
Note: After logging in for the first time, you are strongly encouraged to modify the
default username and password as soon as possible to discourage
unauthorized use.
6. The first time you log in you are strongly encouraged to change the
password. To do this, click the “Change Your Password” hyperlink.
7. The Administrator Properties page is displayed. You can change the user
name, password, or both. This user name and password is only used for the
License Administration application.
a. To change the user name, enter a new value in the Username field.
b. To change the password, enter a new value in the Password field.
c. If you are changing the password, you must reenter the password in the
Confirm Password field.
d. Click [Update]. A message will be displayed that indicates whether the
administrator properties were successfully updated.
88 — revision 1
Enterprise Setup & Configuration User Guide
The license will be installed. The entry that is displayed in the Installed Licenses
drop-down listbox indicates the name of the product that the license controls, and
will be updated to include the new license.
Important: The installation and upgrade process assumes your OnGuard database is
called “AccessControl.” If this is not the case you need to modify the
revision 1 — 89
Installing OnGuard 2010 Enterprise
1. Click the Windows Start button, then select Programs > OnGuard 2010 >
Database Setup.
2. If upgrading the database, the Choose Task window opens. Select the action
you would like to perform. Click [Continue]. The choices include:
• Add/remove missing system data for current build - If you feel that you are
missing system data, selecting this will add information back into the build.
• Compare database schema [no data] - Checks to see if the schema has
changed. This does not compare data. This would be useful to run before
upgrading to see if any schema changes have occurred, though it is not
necessary.
• Upgrade database - Select to upgrade your database.
3. A warning message appears and reminds you to back up your database.
4. A Database Setup Progress window opens that states which database you are
upgrading to which version. You must select [Execute] to continue.
5. The database will install. If upgrading the database, the system will be
checked for anomalies. Anomalies are database features that are unknown to
OnGuard and can include custom tables, triggers, stored procedures, etc. Not
all users will encounter anomalies. When prompted to take action on
anomalies, the items listed should be familiar to the person performing the
upgrade. Select all items that you know should exist and click [Continue].
Failure to select known anomalies may result in the failure of custom
functionality.
6. When the database setup has been completed successfully you will receive a
message telling you that to use the OnGuard web applications you will need
to run the Form Translator Utility. If you plan on running the browser-based
applications click [Yes]. Otherwise, click [No].
7. Login to Form Translator. Enter in the OnGuard “sa” login information for
the fields, which include User Name, Password, and Directory. Click [OK].
90 — revision 1
Enterprise Setup & Configuration User Guide
Note: When used in this chapter, Windows authentication refers to the use of a
single log on to gain access to both Windows and the database.
1. Click the Windows Start button, then select Programs > Microsoft SQL
Server 2008 > SQL Server Management Studio. This launches the SQL
Server Management Studio.
2. In the Object Explorer pane of the SQL Server Management Studio, expand
the Security folder.
3. Right-click the Logins folder and select New Login.
4. In the General page of the Login window:
revision 1 — 91
10: Database Authentication for Web Applications
Note: If you do not want to use Windows authentication you can also store the
Lenel credentials in the Web.config file. For more information, refer to
Provide Credentials in the Protected File on page 96.
92 — revision 1
Enterprise Setup & Configuration User Guide
Note: The version folder name may vary depending on the version of .NET you
have installed.
revision 1 — 93
10: Database Authentication for Web Applications
Note: If the Delegation tab is not available on a Windows Server 2003 domain
controller, you may need to raise the domain functional level. Consult your
IT administrator for more information.
Restart IIS
After completing the above steps for configuring reports for Area Access
Manager (Browser-based Client), restart IIS.
94 — revision 1
Enterprise Setup & Configuration User Guide
1. Click the Windows Start button, then select Programs > Oracle (this may
be different depending on your installation) > Application Development
> SQLPlus Worksheet.
2. Log in using the system account.
3. Type or paste (with modifications) the following script into the worksheet:
revision 1 — 95
10: Database Authentication for Web Applications
Application.config
The application.config file can be used to store the Lenel user credentials for
access to the database when Windows authentication is not used. This is not the
recommended configuration, however with ACL the login credentials can be
secured. The user account that runs the LS Application Server service must have
read permission for the file.
96 — revision 1
Enterprise Setup & Configuration User Guide
Web.config
The Web.config file contains user credentials only if reports are generated from
the browser-based Area Access Manager and Windows authentication is not
being used.
Read permission must be configured for the account running the Web Service.
This is the ASPNET account if running IIS 5.0 or the account configured as the
Identity for the application pool that it is in if running IIS 6.0.
Note: For information on storing Lenel user credentials for Crystal Reports, see
Browser-based Reports on page 104.
Oracle Users
Oracle users must also edit the sqlnet.ora file to specify the authentication
method.
revision 1 — 97
10: Database Authentication for Web Applications
Note: If you are using Windows authentication this procedure is not necessary for
browser-based reports.
98 — revision 1
Enterprise Setup & Configuration User Guide
Note: The OnGuard server must have port 80 open for client connections.
revision 1 — 99
11: Configuring the Web Application Server
The Form Translator utility must be run after the Web Application Server is
installed. The Web Application Server enables the browser-based applications to
be run.
Note: Form Translator must also be run after forms are modified using
FormsDesigner. Form Translator is only installed on the server. If you are
editing forms from a client, you must run Form Translator on the server for
the browser-based and smart client-based applications to continue to
function properly.
100 — revision 1
Enterprise Setup & Configuration User Guide
Default IIS directories and permissions are used. Consult your system
administrator to ensure that your security requirements are met. For more
information, refer to Creating Virtual Directories on page 101.
Use of SSL to ensure security across the network when using browser-based
applications is highly recommended. Refer to IIS documentation for additional
IIS and SSL configuration if desired. Once SSL has been configured, several files
must be updated with the new URL. For more information, refer to Configure
SSL on page 102.
revision 1 — 101
11: Configuring the Web Application Server
• Select the Directory Security tab. In Windows XP, under Anonymous access and
authentication control, click [Edit]. Integrated Windows authentication should be
selected. In Windows 2003, under Authentication and access control, click [Edit].
Integrated Windows authentication should be selected.
Configure SSL
Refer to IIS documentation for SSL configuration instructions. Once SSL has
been configured with IIS, URLs need to be changed from http to https.
Specifically, follow the procedures for updating the following files:
• Updating the Preferences.js File for SSL on page 104
• Configuring the Services.config File on page 111
• Configuring the FlexApplicationConfiguration.xml File on page 112
• Configuring the SilverlightApplicationConfiguration.xml File on page 112
• Configuring the ClickOnce Files on page 112
Default IIS directories and permissions are used. Consult your system
administrator to ensure that your security requirements are met. For more
information, refer to Creating Virtual Directories on page 101.
Use of SSL to ensure security across the network when using browser-based
applications is highly recommended. Refer to IIS documentation for additional
IIS and SSL configuration if desired. Once SSL has been configured, several files
must be updated with the new URL. For more information, refer to Configure
SSL on page 102.
102 — revision 1
Enterprise Setup & Configuration User Guide
2. In the Computer Management tree, expand Roles > Web Server (IIS) >
Internet Information Services.
3. On The Internet Information Services (IIS) Manager window, expand Sites >
Default Web Site and click lnl.og.web.
4. Make sure that the ASP.NET version is set to 2.0 which it should be by
default. To check:
a. Double-click .NET Compilation.
b. Expand Assemblies. The system version should be 2.0.
Configure SSL
Refer to IIS documentation for SSL configuration instructions. Once SSL has
been configured with IIS, URLs need to be changed from http to https.
Specifically, follow the procedures for updating the following files:
• Updating the Preferences.js File for SSL on page 104
• Configuring the Services.config File on page 111
• Configuring the FlexApplicationConfiguration.xml File on page 112
• Configuring the SilverlightApplicationConfiguration.xml File on page 112
• Configuring the ClickOnce Files on page 112
Authentication
An authentication method with the database must be configured for browser-
based applications to work properly. Create an account in both Windows and the
revision 1 — 103
11: Configuring the Web Application Server
database system for use with single sign-on authentication. For more
information, refer to Database Authentication for Web Applications on page 91.
1. Open the Windows services from Control Panel > Administrative Tools >
Services.
2. Locate the LS Application Server service in the list. Right-click the service
and select Properties.
3. On the Log On tab, select This account and click [Browse].
4. Type the user name of the Windows account in the Enter the object name
to select text box and click [Check Names].
5. Click [OK] to exit the Select User dialog and [OK] to save the changes to the
LS Application Server properties.
Browser-based Reports
Area Access Manager has the ability to generate reports with a browser-based
client. Additional configuration steps are necessary to enable reports in Internet
Explorer:
• Crystal .NET Components must be installed on the Web Application Server.
• Additional steps are required for Crystal Reports to access the database. Either NT
authentication must be configured or the Lenel user credentials must be stored in the
Web.config file and protected with security. For more information, refer to Configure
Authentication for Reports in Area Access Manager on page 97.
• By default, the Reports option is hidden from the browser-based Area Access Man-
ager. The Preferences.js file must be edited to show the Reports button.
• The IIS user must be able to access the temp folder (typically C:\Windows\temp).
104 — revision 1
Enterprise Setup & Configuration User Guide
• Oracle users must grant full control of the Oracle folder to the user running the Web
Service.
revision 1 — 105
11: Configuring the Web Application Server
106 — revision 1
Enterprise Setup & Configuration User Guide
Client Configuration
Additional configuration steps are necessary for browser-based applications on
the client.
Item Setting
b. Click [OK].
6. On the Advanced tab, select Multimedia > Play animations in web pages.
7. Click [OK] to close the Internet Properties dialog.
revision 1 — 107
11: Configuring the Web Application Server
Note: Using Windows to store a username and password for the application will
override the Automatic logon with current username and password
setting in Internet Explorer.
b. Click [OK].
6. Click [OK].
Application URL
108 — revision 1
Enterprise Setup & Configuration User Guide
Application URL
Note: If SSL is configured the Web address will begin with https.
Accessing ClickOnce
If you are using ClickOnce for Visitor Management Front Desk or Kiosk, the
following URLs are also needed.
Application URL
Create Bookmarks
Create favorites in Internet Explorer or shortcuts in the Start menu to enable users
to easily access the browser-enabled applications.
revision 1 — 109
11: Configuring the Web Application Server
110 — revision 1
Enterprise Setup & Configuration User Guide
Visitor Management Host, Administration, Front Desk, and Kiosk are installed
with the Web Application Server.
Using SSL
After installing the Web Application Server through a custom installation,
additional configuration is needed to use SSL.
1. Navigate to C:\Inetpub\wwwroot\lnl.og.services\IdvmWebHost.
2. There are four possible security policies, with corresponding files:
revision 1 — 111
12: Visitor Management Installation
Prerequisites
Before using ClickOnce, make sure the computer has Microsoft .NET
Framework 3.5 with Service Pack 1.
Additionally, the Kiosk requires Windows XP and the Touch-It Virtual Keyboard
software.
Note: For more information, refer to the Kiosk documentation in the Visitor
Administration User Guide.
112 — revision 1
Enterprise Setup & Configuration User Guide
ClickOnce Setup
To utilize ClickOnce, OnGuard must first be installed on the server. Doing so will install a
folder, FrontDeskClickOnce for Front Desk, or KioskClickOnce for the Kiosk, with
the required files. In most typical installations, the folder will be
C:\Inetpub\wwwroot\FrontDeskClickOnce or
C:\Inetpub\wwwroot\KioskClickOnce.
The Touch-It Virtual Keyboard is not installed with Clickonce. It must be
installed separately.
Methods of Deployment
One option for deployment is to make it available through a shared network location. To
do this, move the ClickOnce directory to the appropriate location on your network.
Another option is to deploy through the server. With this method, the application
can be installed on the computer by accessing the files with a browser.
Server Name
The name of the server is usually configured during the installation process. However, if
you wish to change it, this can be done in the serviceModelClient.config.deploy file. This
is located in C:\inetpub\wwwroot\FrontDeskClickOnce\config for Front Desk or
C:\inetpub\wwwroot\KioskClickOnce\config for Kiosk.
Using SSL
The configuration files will also need to be changed when using SSL.
revision 1 — 113
12: Visitor Management Installation
5. Remove the comment markers <!-- and --> surrounding that section to
enable the code.
6. For the address in that same section, change http to https.
Installation
Once the ClickOnce deployment site has been created and configured, it is possible to
install the application.
Note: To use this method of installation, JavaScript should be enabled for the
browser. If it is not, contact your administrator for assistance.
114 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 115
12: Visitor Management Installation
Note: For more information about configuring the system, refer to the Visitor
Management Front Desk and Visitor Administration User Guides.
116 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 117
13: Applying Hot Fixes in Enterprise
118 — revision 1
Enterprise Setup & Configuration User Guide
Master Segment 1
Segment 2 Segment 3
Regional Regional
Server 1 Server 2
revision 1 — 119
14: Enterprise Configuration
1. Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2. Install and Configure the Database Software.
• SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.
• Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 39.
• Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 65.
3. Install the OnGuard 2010 Enterprise software.
a. Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
OnGuard 2010 Enterprise is installed with the “Standard” settings. For
detailed installation instructions, refer to Chapter 9: Installing OnGuard
2010 Enterprise on page 81. After OnGuard 2010 Enterprise has been
installed, the Enterprise Master Server Node features can be enabled.
b. Attach the hardware key on the OnGuard License Server computer. For
more information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 84.
c. Install the software license for this computer. For more information,
refer to the Installation Guide.
d. Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 86.
120 — revision 1
Enterprise Setup & Configuration User Guide
You are now ready to configure the Master Server Node database. To do this:
1. Start and log into Replication Administration on the Master Server Node.
2. When you log into Replication Administration for the first time, it detects
that you have a standard database. The following message is displayed.
Click [Yes].
Note: Each Enterprise system must have one instance of the ID Allocation Service
running. It is highly recommended to run the ID Allocation Service on a
Master Server, Distributed ID Master Server, or Master Server-level client.
The ID Allocation Service will only function if the ACS.INI file on the
computer running the service is pointed to the Master Server.
revision 1 — 121
14: Enterprise Configuration
Note: You can modify this value after the Master has been created by clicking
“Enterprise Server Configuration” in Available Views after selecting the
Master Server Node in the System Tree.
e. Click [OK].
4. The following message is displayed. Click [Yes].
122 — revision 1
Enterprise Setup & Configuration User Guide
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.
6. If your database does not contain any data, skip ahead to step 7. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.
The Regional Server Node database that is created will be segmented. The
default segment will be named that of the server network name. Each Regional
Server Node will have its own initial segment and can be further segmented.
Hardware can be added not only on a Regional Server Node database, but may
also be added to a Master Server database. To save time when configuring
numerous access panels or readers, use the wizards in System Administration.
revision 1 — 123
14: Enterprise Configuration
• If you want to configure (add) several access panels, use the Configure
Access Panels Wizard which is available by selecting Wizards from the
Application menu in System Administration. The wizard provides detailed
instructions to guide you through the configuration process.
• If you want to configure (add) several readers, use the Configure Readers
Wizard which is available by selecting Wizards from the Application menu
in System Administration. The wizard provides detailed instructions to guide
you through the configuration process. The wizard cannot be used to add
biometric or wireless readers.
1. Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.
2. Install and Configure the Database Software.
• SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.
• Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 39.
• Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 65.
3. Install the OnGuard 2010 Enterprise software.
a. Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
OnGuard 2010 Enterprise is installed with the “Standard” settings. For
detailed installation instructions, refer to Chapter 9: Installing OnGuard
2010 Enterprise on page 81. After OnGuard 2010 Enterprise has been
installed, the Regional Server Node features can be enabled.
b. Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 84.
c. Install the software license for this computer. For more information,
refer to the Installation Guide.
d. Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 86.
124 — revision 1
Enterprise Setup & Configuration User Guide
You are now ready to configure the Regional Server Node database. To do this:
Note: Each Enterprise system must have one instance of the ID Allocation Service
running. It is highly recommended to run the ID Allocation Service on a
Master Server, Distributed ID Master Server, or Master Server-level client.
The ID Allocation Service will only function if the ACS.INI file on the
computer running the service is pointed to the Master Server.
revision 1 — 125
14: Enterprise Configuration
Note: You can modify this value after the Regional Server Node has been created
by clicking “Enterprise Server Configuration” in Available Views after
selecting the Regional Server Node in the System Tree.
f. In the Parent server workstation name field, specify the name of the
Regional Server Node that this node is the child of.
126 — revision 1
Enterprise Setup & Configuration User Guide
Note: When the parent server is running an Oracle database, the Parent server
workstation name field must be set to the Oracle Service Name (SID
Service Name).
g. In the ODBC Data Source to parent server field, specify the ODBC
Data Source. This will be used by Replicator to move data between
nodes.
h. In the Workstation name where the Login Driver is running field,
specify the name of the server that contains the Login Driver.
i. Click [OK].
4. The following message is displayed. Click [Yes].
revision 1 — 127
14: Enterprise Configuration
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.
7. If your database does not contain any data, skip ahead to step 8. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.
128 — revision 1
Enterprise Setup & Configuration User Guide
over time. New pre-allocated IDs may be obtained at ANY time after the
Regional Server Node is configured.
9. Click [Allocate New IDs Now] when you are ready to continue.
10. The following message is displayed. Click [OK].
1. Download all cardholders to the new Regional Server Node. For more
information, refer to Download All Cardholders to the New Regional Server
Node on page 129.
2. Schedule Replication to run automatically. For more information, refer to
Schedule Replicator to Run Automatically on page 130.
3. Make sure to perform all necessary maintenance on a regular basis. For more
information, refer to Chapter 18: Enterprise System Administration on
page 161.
revision 1 — 129
14: Enterprise Configuration
initial download. Lenel’s strategy for this makes use of the “Default Access
Group” assignment for Badge Types. This allows you to assign default access
levels on a per Badge Type basis for badges that are manually entered at the
Regional Server Node as well as for badges which are added elsewhere in the
Enterprise system and downloaded via the Replicator application.
If you wish to automatically assign access levels when downloading new badges
(see the appropriate manuals or help files for more information on how to
perform these tasks):
When you are ready to download all cardholders to your Regional Server Node:
130 — revision 1
Enterprise Setup & Configuration User Guide
The ACS.INI file is a control file that sits on each computer that runs ANY
OnGuard software. This can be a client or a server. The ACS.INI file is located
within the Windows directory on a computer. In Windows XP, this directory is
often [Drive]:\\WINDOWS. Substitute the letter of the hard drive that Windows
is installed on for [Drive].
There are many sections within the ACS.INI file. Each section is denoted within
the file by the following syntax:
[Section]
The settings that relate to the Replicator are found within the Distributed
Exchange section in the ACS.INI file. They are:
CheckInterval 180 How often the Replicator Service checks the schedule to see if a
task needs to be executed
LastChecked <Date Set by Last time this INI file was checked
Replicator>
revision 1 — 131
14: Enterprise Configuration
132 — revision 1
Enterprise Setup & Configuration User Guide
Downloads may be full (everything) or incremental (only the changes since the
last download).
Master
Database Database
Database
Key:
Upload/Download, Wired or Wireless Network Connections
revision 1 — 133
15: Distributed ID Management Systems
134 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 135
15: Distributed ID Management Systems
136 — revision 1
Enterprise Setup & Configuration User Guide
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.
7. If your database does not contain any data, skip ahead to step 8. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.
revision 1 — 137
15: Distributed ID Management Systems
Station requires that no cardholder data exists, so you must delete the default
record in the database. To do this:
a. Select the Cardholders option from the Administration menu.
b. Click [Search], then [OK]. There should be only one sample record
for Lisa Lake. If this is not true, something is wrong with your
installation!
c. Click [Delete], then [OK].
3. Start and log into Replication Administration on the Distributed ID/Mobile
Station.
4. When you log into Replication Administration for the first time, it will detect
that you have a standard database. A message will prompt you to decide
whether you want to make the system a Distributed ID Server. Click [Yes].
5. The System Settings form is displayed.
138 — revision 1
Enterprise Setup & Configuration User Guide
3) For ODBC Data Source Name, type a name for the DSN. The
recommended name is LenelMaster.
4) Select the correct Database Type for the master database server. If
it’s SQL Server, type the computer name of the server, or click
[Browse] to select a server.
5) Click [OK].
b. In the This System’s Distributed ID Setting drop-down, select
“Distributed ID/Mobile Station.”
c. Specify the Master server workstation name.
d. Select the ODBC Data Source to master server.
e. Specify the Workstation name where the Login Driver is running.
f. Specify the Workstation name where Replicator is running.
g. In the Virtual server name configuration section, select whether the
station uses a virtual server name (also known as the failover name).
This setting only pertains to systems using a fault tolerance/disaster
recovery solution such as NEC ExpressCluster or Microsoft Clustering.
• By default the This server uses a virtual server name checkbox is
deselected, which indicates that the station name specified is the
actual machine name of the station.
• If you specified a failover name for the station in the fault
tolerance/disaster recovery solution, then you will need to select the
This server uses a virtual server name checkbox and enter the
failover name used to identify the station in the fault tolerance/
disaster recovery system rather than the actual machine name.
Note: You can modify this value after the station has been created on the Enterprise
Server Configuration form. The Enterprise Server Configuration form is
displayed by clicking it beneath the station in the System Tree.
revision 1 — 139
15: Distributed ID Management Systems
naming scheme and you wish to proceed using the current database name,
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.
9. If your database does not contain any data, skip ahead to step 10. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.
10. The Pre-Allocated ID Ranges form is displayed. This allows you to adjust
the amount of pre-allocated IDs for each record type that you wish to “grab”
for the region initially. You can also adjust the “Low Water Mark”, which is
the amount of remaining IDs below which new IDs will automatically be
“grabbed” again. There is normally no need to change these default settings;
however you may wish to adjust the number of Cardholder and Badge IDs
you wish to allocate depending on how many new Cardholders/Badges you
expect to be added at the Distributed ID/Mobile Station over time. New pre-
140 — revision 1
Enterprise Setup & Configuration User Guide
allocated IDs may be obtained at ANY time after the Distributed ID/Mobile
Station is configured.
11. Click [Allocate New IDs Now] when you are ready to continue.
12. The following message is displayed. Click [OK].
revision 1 — 141
15: Distributed ID Management Systems
142 — revision 1
Enterprise Setup & Configuration User Guide
Note: The strong password enforcement feature in OnGuard also checks the Lenel
database user’s password when logging into applications. Database user
passwords apply to SQL Server Express, SQL Server, and Oracle. For
information on changing your database password refer to Change the
Database Password on page 145.
The following table summarizes the OnGuard default accounts and passwords:
revision 1 — 143
16: Accounts and Passwords
Password Standards
When creating a strong password keep the following guidelines in mind:
• Passwords cannot be blank
• Passwords cannot be the same as the user name (for example, SA, SA)
• Passwords cannot be Lenel keywords.
• Although not required, your password should contain numbers, letters, and symbols.
Spaces are also acceptable. (for example, August 18, 1967)
• OnGuard user passwords are not case-sensitive.
• Database passwords conform to the rules of the specific database being used; pass-
words in SQL Server and Oracle 11g are case-sensitive. Passwords in Oracle 10g and
earlier are case-insensitive.
• The maximum value for a strong password is 127 characters. The minimum value is 1.
Note: For Oracle databases the following account usernames and passwords are
not allowed to be used together:
144 — revision 1
Enterprise Setup & Configuration User Guide
Note: If you disable the option to enforce strong passwords, you will no longer
continue to receive a message stating your password is weak every time you
log into an application until you change your OnGuard password to meet the
password standards.
b. The icon appears in the system tray. Right-click the icon, then select
Open.
revision 1 — 145
16: Accounts and Passwords
c. The Login Driver window opens. From the Edit menu, select Change
Password.
2. If the password is considered weak, the Database Server Account Passwords
window is displayed. Refer to Password Standards on page 144 to determine
a secure password.
3. Click [Continue]. If you wish to change the password for a database server
account now, that is, “LENEL”, select the account from the list, then click
[Change Password].
a. The Change Password window is displayed. In the Old password field,
type your current password. For security reasons, your password is not
displayed as you type it.
b. In the New password field, type the new password.
c. In the Confirm password field, type the new password again. Because
the password can’t be seen while you type, this gives you an extra
assurance that you typed it correctly.
d. When the password is changed, it must be changed in the Login Driver
and on the database server. If the Login Driver and the database server
are running on the same machine, proceed to step e.
If the Login Driver and the database server are not running on the same
machine, the When I change this password on the Login Driver, do
not change the password on the database server. I will change the
password manually on the database server. check box appears in the
Change Password window. (If they are on the same machine, this check
box does not appear.)
• If the check box is not selected (default), the password will be
changed in both places. However, the password is sent as plain text
over the network. This is the only case where the password is
passed across the network in plain text when changing the
password.
• If the check box is selected, the password in the Login Driver will
be changed, but you will need to change the password manually on
the database server. For more information, refer to Change the
Lenel Account Password on page 145.
e. Click [OK] to save the new password.
4. Exit the LS Login Driver application and restart the service.
146 — revision 1
Enterprise Setup & Configuration User Guide
About Accounts
The System Administrator should create a unique account for each user of the
applications. The System Administrator can also, for each user, create a list of
permissions, which specifies precisely which screens, fields, and buttons the user
can access.
During initial installation of the application, default accounts are created. These
include:
sa sa system account
admin sample
user sample
badge sample
These are provided as samples. You may change the passwords and use the
accounts, or remove them. The exception to this is the system account, SA. By
definition this account has permission to do anything in the system. A user with
system access has unlimited access to the application. You cannot delete or
change the system account except to modify the password, which you are
strongly encouraged to do as soon as possible to discourage unauthorized use.
The first time you log into OnGuard to configure the application, you should log
in as SA and your password should be SA.
1. Change the system account password in the database using Database Setup.
2. Write down and inform administrators of the password change.
revision 1 — 147
16: Accounts and Passwords
148 — revision 1
Upgrading an
Enterprise System
Enterprise Setup & Configuration User Guide
This section describes how to upgrade your Enterprise system. The general
approach that must be followed to upgrade an Enterprise system to OnGuard
2010 Enterprise is:
1. Make sure that all pending transactions have been processed.
2. If you are not using Visitor Management, please proceed to step 3. As an
upgrade requirement for Enterprise customers using Visitor Management, all
signed-out visits at each Regional Server Node and the Master Server Node
must be archived prior to performing the upgrade. Failure to do so will cause
all historic visits to lose their date/time information upon a full replication/
download.
3. Stop all OnGuard services, including LS Replicator, on the Master and
Regional Server Nodes.
4. Back up all databases.
5. Make sure that the Master and Regional Server Nodes have the latest
approved Windows service pack and Windows updates (see the release notes
for specifics). Upgrade any machines that do not. Refer to the release notes
for the versions of Windows that are supported. The release notes are located
on the root directory of the OnGuard 2010 Enterprise disc.
6. On the Master and Regional Server Nodes, upgrade all databases to SQL
Server 2008 with the latest supported service pack as indicated by the release
notes.
7. Install DirectX 9.0 on the Master and Regional Server Nodes.
8. Upgrade the OnGuard software and databases in the following manner:
a. On the Enterprise Master Server Node, upgrade to OnGuard 2010
Enterprise.
b. On the Enterprise Master Server Node, upgrade the OnGuard database.
c. On all Regional Server Nodes, upgrade to OnGuard 2010 Enterprise.
d. On all Regional Server Nodes, upgrade the OnGuard database.
e. On all Mobile Stations, upgrade the OnGuard database.
9. Run the IntelligentVideo Database Upgrade Utility on any node that has an
IntelligentVideo Server configured on it. The tool is located in the Digital
Video > IntelligentVideo DB Upgrade folder on the Supplemental
revision 1 — 151
17: Upgrading to OnGuard 2010 Enterprise
Materials disc. For more information, refer to the readme.htm file located in
the same directory.
10. When the Master Server Node and all Regional Server Nodes have the same
database version, start Replicator on all Regional Server Nodes.
11. Confirm that Replication is working using Replication Administration. For
more information, refer to the Replication Administration User Guide.
12. Perform a full download if upgrading a region from an OnGuard release
before version 6.0 to a version 6.0 or later. Otherwise a full download is not
required.
13. Run the Universal Time Conversion Utility. For more information, refer to
Appendix F: Universal Time Conversion Utility on page 185.
Important: Once you upgrade OnGuard you are prompted to update your SQL Server
data sources to use SQL Server Native Client 10.0 drivers. If you choose not
to update your data sources automatically you will have to do so manually
before your system will function.
To upgrade OnGuard 2010 Enterprise, perform these steps in the order listed.
Important: OnGuard services should be shut down on all computers. These services
must not be restarted until the upgrade is complete. For those services that
are configured for automatic start up, temporarily change them to manual
152 — revision 1
Enterprise Setup & Configuration User Guide
start up. All services with the prefix LS and LPS should be shut down. Be
sure all OnGuard applications are closed on all workstations. Users should
not run any OnGuard applications during the installation process.
Notes: In order to run OnGuard 2010 Enterprise, the latest approved Windows
service pack and Windows updates (see release notes) are required!
Your upgrade procedure may vary slightly depending on what build of
OnGuard you have installed.
The cardholder, visitor and asset forms have been expanded and improved to
accommodate simplified localization, improved readability and expanded
contents on each tab. If you have a custom form, you may need to make
some cosmetic adjustments to your forms using FormsDesigner after
upgrading to take advantage of the new expansion. Note that the horizontal
revision 1 — 153
17: Upgrading to OnGuard 2010 Enterprise
Note: If you are using any custom .dll files you must back these up prior to
upgrading the OnGuard software. Back up the custom .dll files now.
Perform the following procedures first on the Master Server Node, then on all
Regional Server Nodes, and finally on all Mobile Stations:
1. Install (upgrade) to the latest OnGuard build. If you are using a version pre-
5.11.216, you must first upgrade your master server node to 5.11.216, then
upgrade your regions to the same version. From there, you may proceed to
upgrade your master and then regions to 6.1.
2. Install the software license.
3. If you plan on using the browser-based applications then configure database
authentication. This should be done before running Database Setup.
4. Run Database Setup.
1. Insert the OnGuard 2010 Enterprise disc into a disc drive on a computer
running the Windows operating system.
2. Click the Windows Start button. Click the Run... popup menu choice. In the
Run window, select setup.exe from the disc drive. Alternatively, you can run
setup.exe from Explorer.
3. The Microsoft .NET Framework 3.5 SP1 installation wizard begins. Click
[Install] to begin installation. Microsoft .NET Framework 3.5 SP1 must be
installed for some OnGuard features to work correctly.
4. When prompted, read the Software License Agreement. If you agree to its
terms:
a. Select the I accept the license agreement option.
b. Click [Next > ].
5. When prompted, click [Install].
6. A status meter will indicate the progress of the upgrade. Once the upgrade is
complete, click [Finish].
7. Depending on the components that were installed, you may need to reboot
the computer. If you are prompted to do so, reboot the computer.
For more information, refer to Install the New License on page 85.
154 — revision 1
Enterprise Setup & Configuration User Guide
After the Enterprise software has been upgraded, the OnGuard database must
also be updated using the Database Setup application (Lnl.OG.DatabaseStp.exe).
Important: The installation and upgrade process assumes your OnGuard database is
called “AccessControl.” If this is not the case you need to modify the
application.config file to correct this. For more information, refer to
Appendix A: The Application.config File on page 171.
revision 1 — 155
17: Upgrading to OnGuard 2010 Enterprise
Note: Remember that the Master Server Node and all Regional Server Nodes must
be updated to OnGuard 2010 Enterprise and their databases must be
upgraded before proceeding.
6. Run the IntelligentVideo Database Upgrade Utility on any node that has an
IntelligentVideo Server configured on it. The tool is located in the Digital
Video > IntelligentVideo DB Upgrade folder on the Supplemental
Materials disc. For more information, refer to the readme.htm file located in
the same directory.
156 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 157
17: Upgrading to OnGuard 2010 Enterprise
158 — revision 1
Enterprise System
Administration
Enterprise Setup & Configuration User Guide
DO NOT RESTORE any Master, Regional Server, or Distributed ID database! This will
Warning likely corrupt the entire multiple server Enterprise due to the interaction between each
database. DO NOT RESTORE any database without first contacting Lenel.
The administrator of the system must decide how often and at which time(s) each
of these tasks shall be performed. Some general points to keep in mind when
making these decisions are:
revision 1 — 161
18: Enterprise System Administration
162 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 163
18: Enterprise System Administration
Note: The size of the log files can also be viewed on the Enterprise System
Diagnostic Tool form in Replication Administration, which is displayed by
selecting the Enterprise System Diagnostic Tool option from the
Administration menu.
It is imperative that this task be done on a daily basis. If this task is neglected for even a
Warning week, failed transactions could build up and will cause your Enterprise system’s
performance to deteriorate.
164 — revision 1
Enterprise Setup & Configuration User Guide
5. When everything is running fine, the above log files will continue to grow to
an infinitely large size. You should purge these files periodically to prevent
them from occupying too much space on your hard drive. After the files have
been purged, they will automatically be recreated.
revision 1 — 165
18: Enterprise System Administration
166 — revision 1
Enterprise Setup & Configuration User Guide
Daily
• Perform routine backups of databases
• Monitor disk and database utilization
• Monitor CPU and bandwidth utilization
• Repair and maintain all failed transactions in a timely manner
Monthly
• Perform routine event archive and backup of events to tape
• Perform routine database maintenance (i.e. SQL Database Maintenance
Plan)
• Check all text file log sizes under the installation directory logs folder and
purge as necessary
Daily
• Perform routine backups of databases
• Monitor disk and database utilization
• Monitor CPU and bandwidth utilization
• Monitor replication
– Under Replication Schedule, check the start, end, and next start times to
make sure that Replicator is running normally
– Under Hardware, check to make sure that the hardware, user, and event
are being updated every time Replicator runs
– Under Enterprise, check all failed transactions and make sure that the
To-Do’s are being replicated
– Repair and maintain all failed transactions in a timely manner
Monthly
• Perform routine event archive and backup of events to tape
• Perform routine database maintenance (i.e. SQL Database Maintenance
Plan)
• Purge successfully replicated transactions
revision 1 — 167
19: Enterprise Maintenance Procedures
• Check all text file log sizes under the installation directory logs folder and
purge as necessary
168 — revision 1
Appendices
Enterprise Setup & Configuration User Guide
Note: You must show hidden files and folders to see the application.config file.
Note: If using the Configuration Editor utility: These settings are found in the
ConnectionString section of the App Settings sub-tab. To change it, select
[Edit] next to the ConnectionString field.
• Initial Catalog: This specifies the name of the database. If you installed
OnGuard, you specified this name during the installation. By default,
this is AccessControl.
revision 1 — 171
A: The Application.config File
Note: If using the Configuration Editor utility: These settings are found in their
corresponding sections of the App Settings sub-tab. To change them, edit
their field text.
Note: If using the Configuration Editor utility: The Error Log settings are found on
the Listeners sub-tab. To edit them, edit their corresponding field text.
172 — revision 1
Enterprise Setup & Configuration User Guide
ConnectionString
ConnectionString is used to point to the correct database location. There must be
only one uncommented ConnectionString entry in the application.config file.
By default, the line looks like this:
<add key=“ConnectionString” value=“Data
Source=COMPUTER1-DT; Integrated Security=SSPI; Initial
Catalog=AccessControl”></add>
The parameters for ConnectionString include the following:
Data Source
Data Source specifies the name of the computer that hosts the database. If the
database resides on the same computer where Database Setup will be run from
you can use the name of your computer.
Integrated Security
Integrated Security specifies how to authenticate with the database. This is done
by indicating integrated authentication or by providing credentials.
For SQL Server users to use integrated authentication (single sign-on), the
Integrated Security setting should be the following:
Integrated Security=SSPI
For Oracle users to use integrated authentication (single sign-on), the Integrated
Security setting should be the following:
Integrated Security=True
If Lenel credentials for authentication with the database are stored in the
application.config file then Integrated Security should be set to “No.” You must
also specify the user name and password. In this case, the modified
ConnectionString line would resemble the following:
<add key=“ConnectionString” value=“Data Source=COMPUTER1-DT;
Integrated Security=No; User ID=LENEL; Password=<password>; Initial
Catalog=AccessControl”></add>
Substitute the Lenel user password for <password>.
Initial Catalog
Initial Catalog is the name of the database. If you installed OnGuard, you
specified this name during the installation. By default, this is AccessControl.
revision 1 — 173
A: The Application.config File
DatabaseType
The Database Type specifies the type of database that will be used with the
OnGuard software. By default, the line resembles the following:
<add key=“DatabaseType” value=“SqlServer”></add>
Lnl.LicenseSystem.Client.Host
Lnl.LicenseSystem.Client.Host is used to specify the host name of the machine
running the License Server.
By default, the line looks like this:
<add key="Lnl.LicenseSystem.Client.Host" value="COMPUTER1-DT"></add>
Lnl.LicenseSystem.Client.Port
Lnl.LicenseSystem.Client.Port is used to specify the port the License Server is
listening on (8189 is the default).
By default, the line looks like this:
<add key="Lnl.LicenseSystem.Client.Port" value="8189"></add>
SRConnectionString
SRConnectionString is used to specify the path to where the .mdb file is installed.
By default, the line looks like this:
<add key=“SRConnectionString” value=“Provider=Microsoft.Jet.OLEDB.4.0;
Data Source=C:\Program Files\OnGuard\DBSetup\SR.mdb”></add>
Data Source
The path specified in the Data Source must be consistent with where OnGuard is
installed on the system.
SchemaOwner
SchemaOwner is used to specify the path to where the .mdb file is installed.
By default, the line looks like this:
<add key=“SchemaOwner” value=“dbo”></add>
For SQL Server, the default setting is “dbo”.
For Oracle, the default setting is “lenel”.
Error Log
The error log path is specified in the application.config file as well. It must be
set to the path where the logs directory was installed. It is specified in the
following line:
<add filename=“C:\Program Files\OnGuard\logs\LnlLogError.log”
name=“StandardLog” output=“file” severity=“error” type=“text”></add>
174 — revision 1
Enterprise Setup & Configuration User Guide
The default error log file for the browser-based client applications is
C:\Program Files\OnGuard\logs\LnlLogError.log. The LnlLogError.log
file is separate from the log file that the traditional OnGuard applications write
to, which is LenelError.log.
revision 1 — 175
A: The Application.config File
176 — revision 1
Enterprise Setup & Configuration User Guide
Custom Features
The following features are only available with a custom OnGuard installation.
Application Server
This feature installs the Application Server components into your IIS Web server
structure in order to serve Web versions of Area Access Manager, VideoViewer,
Visitor Management, and Visitor Administration. This feature is only supported
on systems running IIS.
Additional steps are required for the configuration of the Application Server. For
more information, refer to Chapter 11: Configuring the Web Application Server
on page 99.
revision 1 — 177
B: Custom Installation of OnGuard
Trusted Root Certification Authorities store. This will result in this computer
trusting the OnSSI self-issued certificate and any certificate derived from this
certificate. Consult your IT Administrator before installing this certificate.
This component must be installed on all OnGuard servers and clients that will
utilize the Send Video feature through the SkyPoint Base Server.
178 — revision 1
Enterprise Setup & Configuration User Guide
The OnGuard Communication Server program, which was installed if you chose
the Communication Server installation component, is the software driver for the
access panels. The Communication Server controls all access panels on a
workstation.
The Communication Server can be run as either a program or as a service, but not
as both (see Warning #2 that follows). Running it as a program means that you
will manually start the driver whenever you need it. Running it as a service
means that the driver will be started whenever you start Windows.
There are two ways that the Communication Server can be run on a server
running Windows:
1. Click the Windows Start button, point to Settings, then click Control Panel.
2. In the Control Panel window, double-click on Administrative Tools.
3. In the Administrative Tools window, double-click on Component Services.
4. In the Services listing window, select the LS Communication Server entry.
5. Right-click on the LS Communication Server entry and select the
Properties option from the right-click menu.
6. On the General tab in the Startup type drop-down list, select Automatic.
7. Click [Start].
8. Click [OK]
Running the Communication Server as a Windows service has some advantages in that the
Warning service is started automatically upon computer boot-up. For the Communication Server,
there MUST be a SYSTEM DSN named LENEL that points to the access control
database. This should occur automatically during OnGuard installation. If for some reason
it doesn’t, an error message will be displayed.
WITHOUT A LENEL SYSTEM DSN, THE SERVICE WILL NOT BE ABLE TO USE
THE DATABASE. THIS MEANS THAT THE ACCESS CONTROL SERVER WILL
NOT BE ABLE TO PERFORM A FULL DATABASE DOWNLOAD TO THE ACCESS
PANELS IN THE EVENT OF A POWER OR ACCESS PANEL FAILURE.
revision 1 — 179
C: Configuring the Communication Server
The Communication Server can be run only as a Service OR a program, but not as both
Warning simultaneously. If you are running the Communication Server as a Windows service, DO
NOT also run it as a program. If you are running the Communication Server as a Windows
service, you can run it as a program temporarily by highlighting the “LS Communication
Server” entry in the Services window and clicking [Stop].
180 — revision 1
Enterprise Setup & Configuration User Guide
The License Server has two main functions: it eliminates the hardware dongle on
all client computers and it allows for concurrent licensing of the OnGuard
software. The License Server is installed only on the server, not on client
machines.
A hardware dongle is only needed on the server. Each client computer running
OnGuard uses a software license instead of a hardware dongle.
Important: The License Server must be run under an administrator account. It MUST be
running whenever any OnGuard applications are running, as well as when
you wish to use the License Administration web application. If the License
Server is not running, OnGuard applications and the License Administration
application will not run.
There are two ways that the License Server can be run on a server running
Windows: as a regular application, or as a Windows service.
• The License Server is installed as a service by default when the OnGuard
applications are installed on a server running Windows. The License Server
will automatically be started when the server is running.
• The License Server can also be run as a regular application. This means that
the License Server must be started on the server manually, as you would any
other application.
revision 1 — 181
D: The License Server
setting, it was written into both the ACS.INI file AND the
…OnGuard\LicenseServerConfig\Server.Properties file. This file is only
created during the install if the port setting was changed. If you want to
change the port setting in the ACS.INI file after the installation (either to a
new setting or back to 8189), then you must also change it in the
Server.Properties file.
182 — revision 1
Enterprise Setup & Configuration User Guide
Region A
(Parent)
Region B Region C
(Child) (Child)
Since the Master Server Node can now host hardware, logging into
the Master Server will now allow you to monitor all Regions within
a single Alarm Monitoring instance. The old “Multi-Region Alarm
Monitoring” option allowed multiple instances of Alarm Monitor-
ing to be run on a single computer. This feature will still exist for
those who want to use this method of monitoring multiple connec-
tions but the name has been updated to better reflect functionality.
revision 1 — 183
E: Multi-Region Alarm Monitoring
184 — revision 1
Enterprise Setup & Configuration User Guide
Important: Before running the Universal Time Conversion Utility you should create a
backup of your database. For more information, refer to Chapter 4: Database
Backup and Restoration in the Upgrade Guide.
Important: Due to limitations regarding data collected during Daylight Saving Time, the
Universal Time Conversion Utility cannot be guaranteed to be 100%
accurate for those dates that fall within Daylight Saving Time. Any
inaccuracies, however, should not cause any problems for your system.
The purpose of the Universal Time Conversion (UTC) Utility is to collect non-
UTC dates and times that are contained in reports and convert them to use the
new standard UTC time.
Converting reports to use UTC Time allows users in multiple time zones to see
the same data but in their local time.
The conversion process should be the last step in the upgrade process. If you do
not run the utility then data collected in prior versions of OnGuard will not
display the correct time until the conversion is completed.
The setup process for the UTC Utility occurs after your system and database has
been completely upgraded and after any replication has been completed.
If you restore any archive prior to when the UTC Utility was first run, you will
have to run the utility again.
revision 1 — 185
F: Universal Time Conversion Utility
186 — revision 1
Enterprise Setup & Configuration User Guide
12. (For non-segmented systems only) On the Users screen, select the World
Time Zone that you intend to associate each of the system’s users with.
These include the administrator, badge operator, system account, and user.
You can also use the check box to assign the system World Time Zone to all
users.
Optionally you can use the Find User field to search for a specific system
user to change. Click [Next].
13. On the Save screen, the collected data is saved to the database. Select
whether you would like to run the conversion process now or at a later time.
If you choose to run the conversion process immediately, click [Next].
Otherwise, click [Close].
Optionally, you can generate a report of the collected World Time Zone data
by clicking [Generate Report]. This report is exported as a Comma
Separated Value (CSV) file which is best opened in Microsoft Excel.
14. On the Conversion screen, click [Close] once the conversion process has
completed.
revision 1 — 187
F: Universal Time Conversion Utility
188 — revision 1
Enterprise Setup & Configuration User Guide
Index
revision 1 — 189
Index
190 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 191
Index
install ........................................................... 31
Start
Replicator on all regions............................ 156
Step ..................................................................... 74
Stop
Replicator on all regions................... 117, 152
Strong password enforcement........................... 144
SYSTEM account password - change .............. 147
System setup checklist
Region Server ............................................ 125
T
Terms to know .................................................... 18
U
Universal Time Conversion Utility................... 185
Upgrade
all SQL Server databases ........................... 153
OnGuard database...................................... 155
OnGuard software...................................... 154
operating system ........................................ 153
USB devices
hardware key................................................ 84
User permissions
browser-based clients................................. 107
V
Verify no pending transactions exist ................ 152
VideoViewer (Browser-based client)
user permissions......................................... 106
Visitor Management installation....................... 111
VMware .............................................................. 87
W
Web Application Server
configuring................................................... 99
custom install ............................................... 99
192 — revision 1
Enterprise Setup & Configuration User Guide
revision 1 — 193
Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, New York 14534 USA
Tel 585.248.9720 Fax 585.248.9185
www.lenel.com
docfeedback@lenel.com