Advanced Installation Topics
Advanced Installation Topics
Advanced Installation Topics
PERPETUAL INNOVATION
Lenel OnGuard® 2013 Advanced Installation Topics, product version 6.6
This guide is item number DOC-100, revision 3.034, July 2012
Copyright © 1995-2012 Lenel Systems International, Inc. Information in this document is subject to change
without notice. No part of this document may be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without the express written permission of Lenel Systems
International, Inc.
Non-English versions of Lenel documents are offered as a service to our global audiences. We have attempted
to provide an accurate translation of the text, but the official text is the English text, and any differences in the
translation are not binding and have no legal effect.
The software described in this document is furnished under a license agreement and may only be used in
accordance with the terms of that agreement. Lenel and OnGuard are registered trademarks of Lenel Systems
International, Inc.
Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. Integral and FlashPoint are trademarks of Integral
Technologies, Inc. Crystal Reports for Windows is a trademark of Crystal Computer Services, Inc. Oracle is a
registered trademark of Oracle Corporation. Other product names mentioned in this User Guide may be
trademarks or registered trademarks of their respective companies and are hereby acknowledged.
Portions of this product were created using LEADTOOLS © 1991-2012 LEAD Technologies, Inc. ALL
RIGHTS RESERVED.
OnGuard includes ImageStream® Graphic Filters. Copyright © 1991-2012 Inso Corporation. All rights
reserved. ImageStream Graphic Filters and ImageStream are registered trademarks of Inso Corporation.
Table of Contents
CHAPTER 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
The Installation Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
CHAPTER 8 VMware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
VMware Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
The Advanced Installation Topics Guide focuses on those aspects of the OnGuard installation that are
not part of normal procedures. Topics covered include:
• Installing Oracle and SQL Server databases
• How to perform a remote installation
• How to use SNMP with OnGuard
• Ports used by OnGuard
• OnGuard Services
Installation Guide. DOC-110. A comprehensive guide that includes instructions for installing the
OnGuard software. This guide also includes information on the current SQL Server version and the
browser-based client applications
Upgrade Guide. DOC-120. A short and sequential guide on upgrading and configuring an access
control system that utilizes SQL or SQL Server Express system.
Enterprise Setup & Configuration User Guide. DOC-500. A guide that includes instructions for
installing database software, the access control system Enterprise software, and how to setup complex
Enterprise systems.
The following overview and instructions are for a standard Oracle 10g 10.2.0.1.0 Server installation.
If your Oracle installation includes any customization or non-default selections, your procedures will
differ from those provided in this chapter. Please make adjustments accordingly. If you are installing
a different version of Oracle or are installing Oracle on a different version of Windows, your windows
may be different.
If you are using Windows 7 you might need to run Oracle applications, such as the Net Configuration
Assistant, as an Administrator for configuration changes to persist.
If installing the 64-bit version of Oracle you must also install the 32-bit version of the client tools or
OnGuard will not work properly.
Oracle client must be installed on any machine running OnGuard. Oracle client installs tools which
are necessary for OnGuard to connect to the database. This means if your Oracle server and OnGuard
server are located on the same machine, Oracle client must also be installed.
As a general warning, when installing and configuring Oracle 10g do not close any Oracle windows
while a program is running. Doing so can result in configuration errors and loss of data. Instead,
utilize the Oracle close or cancel buttons.
3. Create the Lenel database. (For more information, refer to Step 3: Create the Lenel Database on
page 14.)
• In Oracle Database Configuration Assistant select “Create a database.”
• Select the “Custom Database” template.
• Specify the Global Database Name.
• Deselect all database components including the standard database configuration features.
Note: If your database will be managed locally, you may want to select the Enterprise
Manager Repository component.
• Choose Dedicated Server Mode for the connection mode.
• Rename the database storage files and expand their sizes to match the table below.
Notes: To change the database size, double-click the size field, enter the number of M Bytes,
and click [OK].
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For more
information, refer to Step 7: Create the Lenel User on page 25.)
New Tablespace
Old Tablespace names names Size (MB)
USERS LENEL_DATA 50
TEMP LENEL_TEMP 50
SYSTEM SYSTEM 50
UNDOTBS1 UNDOTBS1 50
4. Run the Net Configuration Assistant. (For more information, refer to Step 4: Run the Net
Configuration Assistant on page 18.) Type LENEL as the New Service Name.
Note: Remember that if you changed the name of the LENEL_DATA and/or LENEL_TEMP
data spaces, you must change the defDataSpace and defTempSpace variables in the
LenelUser.ora script to the appropriate tablespace names before running the script.
8. Configure authentication. (For more information, refer to Step 8: Configure Authentication on
page 27.)
Note: The installation process may take several minutes or more depending on your system
resources.
8. The End of Installation window is displayed. Click [Exit].
9. A message box is displayed. Click [Yes] to exit.
10. If you intend to install the OnGuard server on the same machine as the Oracle server it is
necessary to install Oracle Client software at this time. Once the client software installation is
complete, return to these instructions to continue configuring Oracle. For more information, refer
to Configuring Oracle 10g Client Software on page 31.
Note: The Change database configuration and Delete a database options are enabled only
if you have an existing database.
Note: Selecting a template that does not include datafiles gives you full control to specify and
change every database parameter.
6. The Oracle Database Assistant continues. Select the management options that best suit your
needs. Click [Next].
7. Next choose the passwords you would like to use for the different accounts. Click [Next].
8. Next choose the storage options that best suit your needs. Click [Next].
9. Next choose the database file location. Click [Next].
10. Choose a recovery option. Click [Next].
11. The Database Content window is displayed.
a. Deselect all database components.
b. Click [Standard Database Components...]
c. Deselect each component and click [OK].
Note: If your database will be managed locally, you may want to select the Enterprise
Manager Repository component.
d. Click [Next].
12. The Initialization Parameters window is displayed.
a. Choose memory allocation settings that best suit your needs.
b. Select the Connection Mode tab.
c. Select the Dedicated Server Mode radio button.
d. Click [Next].
13. The Database Storage window is displayed.
a. Expand the tablespace tree.
b. Highlight any tablespace name.
14. Rename the tablespaces and specify a reasonable size for holding the OnGuard information.
a. Enter the new tablespace name in the Name field.
b. Double-click the Size field.
The following table suggests appropriate tablespace names and minimum sizes.
New
Old Tablespace Tablespace
names names New size (MB)
USERS LENEL_DATA 50
TEMP LENEL_TEMP 50
SYSTEM SYSTEM 50
UNDOTBS1 UNDOTBS1 50
Note: You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For more
information, refer to Step 7: Create the Lenel User on page 25.)
15. When you double-click the Size field, the Edit Datafile window is displayed. To continue
changing the tablespace size:
a. Enter the new size.
b. Click [OK].
11. The Naming Methods Configuration Done window is displayed. Click [Next].
12. The Net Configuration Assistant Welcome window is displayed.
a. Select the Local Net Service Name configuration radio button.
b. Click [Next].
b. Click [Next].
Note: Advanced Oracle users, who do not want to use the LenelUser.ora script, can create a
custom user. For more information, refer to Create a Restricted Lenel User on page 27.
1. Click the Windows Start button, then select Programs > Oracle - OraDB10g_home1 >
Application Development > SQLPlus Worksheet.
2. Log in using the system account.
3. Verify Oracle connects properly. You should see “Connected” in the display box, as shown.
Note: Remember that if you changed the name of the LENEL_DATA and/or LENEL_TEMP
data spaces, you must change the defDataSpace and defTempSpace variables in the
LenelUser.ora script to the appropriate tablespace names before running the script.
a. Select the File > Open menu option. The script loads into Oracle SQLPlus Worksheet.
b. Navigate to C:\ Program Files\OnGuard\DBSetup\New.
c. Select LenelUser.ora.
Note: If the file is not displayed, type *.ora in the Filename field and click [Open].
5. Verify there were no errors. You should see the following text:
“User created.”
“Grant succeeded.”
“Commit complete.”
Note: If Windows single sign-on is used for database authentication, log in as the domain user
specified during the Oracle user creation.
Alternatively, if the LENEL_RESTRICTEDUSER_ROLE has not been created, enter the commands
described in Create a Restricted User Role on page 28.
Then run the following commands:
CREATE USER LENEL IDENTIFIED BY "MULTIMEDIA" DEFAULT TABLESPACE
LENEL_DATA TEMPORARY TABLESPACE LENEL_TEMP;
GRANT CONNECT, RESOURCE, LENEL_RESTRICTEDUSER_ROLE TO LENEL;
Commit;
Note: The Lenel user provides OnGuard functionality only. Any database level
administration, such as backups and restores, must be performed by a different user with
those permissions.
IMPORTANT: If you are using Windows 7, you might need to run Oracle applications, such as
the Net Configuration Assistant, as an Administrator for configuration changes
to persist.
Note: The installation process may take several minutes or more depending on your system
resources.
8. After the installation is complete, the Net Configuration Assistant Welcome window is
displayed.
Note: If you are installing Oracle Client as part of the Oracle Server installation instructions,
you may click cancel and return to step Step 2: Install the Latest Approved Patch Sets
on page 14.
a. Verify that Perform typical configuration is NOT selected.
b. Click [Next].
10. In the Service Name window, enter the global database name and click [Next].
11. In the Select Protocols window, verify that TCP is highlighted and click [Next].
12. In the Host name field, type the name of the computer that Oracle is installed on, and then click
[Next].
13. Select the Yes, perform a test radio button and click [Next].
14. The [Change Login] button window is displayed.
a. Click [Change Login].
b. Enter the LENEL user credentials for the Oracle database.
c. Click [OK].
15. After successfully testing the service, click [Next].
16. Verify the Net Service Name is “LENEL”, and then click [Next].
17. Select the No radio button, and click [Next].
18. Click [Next] through the remaining messages and then click [Finish].
19. The original installation window displays a completed message. Click [Exit].
20. Install the latest approved Patch Set. The list of approved patch sets can be found on the Lenel
Web site at: http://www.lenel.com/support/downloads/onguard#compatibility-charts.
The following overview and instructions are for a standard Oracle 11g Server installation. If your
Oracle installation includes any customization or non-default selections, your procedures will differ
from those provided in this chapter. Make adjustments accordingly. If you are installing a different
version of Oracle or are installing Oracle on a different version of Windows, your windows might be
different.
If installing the 64-bit version of Oracle you must also install the 32-bit version of the client tools or
OnGuard will not work properly.
If you are using Windows 7, you might need to run Oracle applications, such as the Net Configuration
Assistant, as an Administrator for configuration changes to persist.
You cannot install Oracle 11g on a server with the IP address set to DHCP.
When installing and configuring Oracle 11g, do not close any Oracle windows while a program is
running. Doing so can result in configuration errors and loss of data. Instead, utilize the Oracle close
or cancel buttons.
If the OnGuard server is not located on the same computer as Oracle 11g Server, then Oracle 11g
Client must be installed on the OnGuard server to allow it to connect to the database. Oracle 11g
Client must also be installed on all OnGuard clients.
5. Create the Lenel user. For more information, refer to Step 5: Create the Lenel User on page 39.
6. Install OnGuard 2013.
7. Configure authentication. For more information, refer to Step 7: Configure Authentication on
page 40.
8. Run Setup Assistant. For more information, refer to Step 8: Run Setup Assistant on page 40.
Note: The installation process may take several minutes or more depending on your system
resources.
9. The Finish window opens. Click [Close].
10. Install the latest approved Patch Set. The list of approved patch sets can be found on the Lenel
Web site at: http://www.lenel.com/support/downloads/onguard#compatibility-charts.
b. Click [Next].
4. The Listener Name window opens.
a. Confirm that the Listener name is LISTENER.
b. Click [Next].
5. The Select Protocols window opens.
a. Confirm that TCP is a selected protocol.
b. Click [Next].
6. The TCP/IP Protocol window opens.
a. Select the Use the standard port number of 1521 radio option.
b. Click [Next].
7. The More Listeners window opens.
a. Confirm that the No radio button is selected.
b. Click [Next].
8. The Listener Configuration Done window opens. Click [Next].
9. The Oracle Net Configuration Assistant: Welcome window opens.
a. Select the Naming Methods configuration radio button.
b. Click [Next].
10. The Select Naming Methods window opens.
a. In the Available Naming Methods list, select Easy Connect Naming.
b. Click the right arrow button.
c. Repeat steps a and b for Local Naming.
d. Click [Next].
11. The Naming Methods Configuration Done window opens. Click [Next].
12. Click [Finish].
Note: The Change database configuration and Delete a database options are enabled only
if you have an existing database.
4. The Database Templates window opens.
a. Select the Custom Database radio button.
b. Click [Next].
Note: Selecting a template that does not include datafiles gives you full control to specify and
change every database parameter.
5. Specify a Global Database Name.
Note: If your database will be managed locally, you might want to select the Enterprise
Manager Repository component.
d. Click [Next].
11. The Initialization Parameters window opens. Leave the default settings on the Memory, Sizing,
Character Sets, and Connection Mode tabs, and then click [Next].
12. The Database Storage window opens.
13. Rename the tablespaces and specify a reasonable size for holding the OnGuard information.
a. Enter the new tablespace name in the Name field.
b. Double-click the Size field, enter the new size, and then click [OK].
The following table identifies the necessary tablespace names and minimum sizes.
New
Old Tablespace Tablespace
names names New size (MB)
USERS LENEL_DATA 50
TEMP LENEL_TEMP 50
SYSTEM SYSTEM 50
UNDOTBS1 UNDOTBS1 50
Note: You can specify other names in the Name field. If you do, you must set the
defDataSpace variable to the new Name. For more information, refer to Step 5: Create
the Lenel User on page 39.
14. After Database Storage configuration is complete, click [Next].
15. The Creation Options window opens.
a. Confirm that the Create Database check box is selected.
b. Click [Finish].
16. The Confirmation window opens. Confirm the configuration, and then click [OK].
17. The Database Configuration Assistant window opens and shows the database creation progress.
a. When the dialog opens, click [Password Management] and then configure each user’s
password and whether the account is locked.
b. Click [OK], and then click [Exit]. The database creation finishes.
IMPORTANT: Advanced Oracle users who do not want to grant the Lenel user the DBA role
can restrict the Lenel users’ roles and system privileges by following step 4. If
the LENEL user is restricted, then it provides OnGuard functionality only. Any
database level administration, such as backups and restores, must be performed
by a different user with higher database roles and system privileges.
4. To create the Lenel user with the desired level of roles and system privileges, at the SQL prompt,
run the following command(s):
a. @@<Path to OnGuard Install Disc>\program
files\OnGuard\DBSetup\New\LenelUser.ora or
b. If the LENEL_RESTRICTEDUSER_ROLE has not been created, enter the commands
described in Create a Restricted User Role on page 41.
Then run the following commands:
CREATE USER LENEL IDENTIFIED BY "MULTIMEDIA" DEFAULT
TABLESPACE LENEL_DATA TEMPORARY TABLESPACE LENEL_TEMP;
GRANT CONNECT, RESOURCE, LENEL_RESTRICTEDUSER_ROLE TO LENEL;
Commit;
Note: If you are not using the LENEL_DATA and LENEL_TEMP data spaces, you must
change the LENEL_DATA and LENEL_TEMP references on the CREATE USER line
to the desired table spaces you want to use. Contact your database administrator for
details.
5. Verify there were no errors. You should see the following text:
“User created.”
“Grant succeeded.”
“Commit complete.”
6. Exit SQL.
Note: If Windows single sign-on is used for database authentication, log in as the domain user
specified during the Oracle user creation.
IMPORTANT: If you are using Windows 7, you might need to run Oracle applications, such as
the Net Configuration Assistant, as an Administrator for configuration changes
to persist.
IMPORTANT: If installing the 64-bit version of Oracle, you must also install the 32-bit
version of the client tools or OnGuard will not work properly.
1. Insert the Oracle 11g Client disc in your disc drive. This will launch the Autorun program.
Alternately, you can launch the installation by executing the setup.exe file on the disc.
2. The Select Installation Type window opens.
a. Select the Administrator radio button.
b. Click [Next].
3. The Select Product Languages window opens. Move the desired languages to the right pane
using the arrow buttons, and then click [Next].
4. The Specify Installation Location window opens.
a. Verify the Oracle Base and Software Location information is correct.
b. Click [Next].
5. The Perform Prerequisite Checks window opens, followed by the Summary window.
a. Verify that the requirements are met.
b. Click [Finish].
The installation process may take several minutes or more depending on your system resources.
6. The Finish window opens. Click [Close].
7. Install the latest approved Patch Set. The list of approved patch sets can be found on the Lenel
Web site at: http://www.lenel.com/support/downloads/onguard#compatibility-charts.
Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the database
and database log files. (Standard OnGuard log files are not encrypted.)
The encryption uses a database encryption key (DEK), which is stored in the database boot record for
availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the
master database of the server or an asymmetric key protected by an EKM module. TDE protects data
“at rest,” meaning the data and log files. It provides the ability to comply with many laws,
regulations, and guidelines established in various industries.
For detailed information, refer to “Understanding Transparent Data Encryption” http://
msdn.microsoft.com/en-us/library/bb934049.aspx.
IMPORTANT: TDE does not provide encryption across communication channels. For more
information about how to encrypt data across communication channels, refer to
“Encrypting Connections to SQL Server” http://msdn.microsoft.com/en-us/
library/ms189067.aspx.
Enabling TDE
To utilize TDE for the OnGuard database, the system should have Windows Server 2008 and SQL
Server 2008 R2 installed.
To enable TDE, refer to the section, “Using Transparent Database Encryption” in the article,
“Understanding Transparent Data Encryption” http://msdn.microsoft.com/en-us/library/
bb934049.aspx.
Note: Encryption is CPU intensive. Therefore, servers with high CPU usage will suffer
performance loss.
• WARNING! • These features should only be used for client installations. Lenel does not
recommend or support centralized installation or upgrading of servers because
servers require additional care and attention.
IMPORTANT: After enabling the automatic client updates feature, all Security Utility system
modifications and license terms are accepted automatically on the client
workstation being updated.
Notes: At startup, Client Update application checks to see if server components are installed on
the client workstation. If the application finds any server component other than the
Communication Server, then the client update is cancelled and the user sees an error
message.
For information on troubleshooting automatic client update functionality, refer to Client
Update Troubleshooting in the System Administration User Guide.
This functionality only applies to new releases and cumulative hotfixes; incremental
updates are not distributed by this service. This is because incremental updates are
typically applied to a subset of client workstations, and therefore should not be forced
onto all client workstations.
Hotfix packages always contain the base installation plus the hotfix. This would allow,
for example, a client workstation with OnGuard 6.4 to update directly to OnGuard 6.5
Hotfix 1.
Note: When the OnGuard update installation completes, the client installation package (.MSI
file) is deleted from the client workstation automatically.
Notes: This workflow assumes that the OnGuard server workstation is already installed and
configured to run the LS Client Update Server service, as described in Client Update
Form Procedures in the System Administration User Guide.
This workflow also assumes that the server and client are version 6.5 or later.
1. The client user attempts to login to an OnGuard application, and then receives a message that the
OnGuard installation is out of date, and asks if the user wants to upgrade now or later. If user
selects later, the OnGuard application closes.
If the user selects now, the OnGuard application closes and the LS Client Update service
application launches.
Notes: The user always has the option to cancel a client update that is in progress.
If the user cancels while in the download queue (refer to Step 4) and then initiates a
client update again, the user is placed at the back of the queue.
If the user cancels while the installation package is downloading and then initiates a
client update again, the download continues from where it left off (download is queued
if the maximum concurrent downloads is reached, as described in Step 4).
If the user cancels an installation that is in progress, the user can run the installation
package again.
2. The LS Client Update service application attempts to reach the LS Client Update Server service
location, and displays an error message if unsuccessful.
3. Once the connection is made, the LS Client Update service application requests a download of
the OnGuard installation package.
Notes: Before requesting the download, the LS Client Update service checks to see if the
installation package already exists on the client workstation. If it does, the process skips
to Step 7.
If the download begins but fails (due to timeout, network outage, cancelled by client,
and so on), the download will resume from where it left off when the user restarts the
download.
4. The LS Client Update Server service either starts downloading the OnGuard installation package
and logs a Download Started transaction in the User Transaction Log, or places the client in the
download queue.
If the maximum number of concurrent client downloads is reached, the LS Client Update service
application informs the user of the position in the queue. The server logs a Queued for Download
transaction in the User Transaction Log.
5. The LS Client Update service application receives the installation package, and verifies it was
not corrupted during transfer.
6. The LS Client Update service application notifies the LS Client Update Server service that the
download was successful. The server logs a Download Finished transaction in the User
Transaction Log.
7. The LS Client Update service application starts installing the OnGuard client update with no user
prompts (unattended installation mode). The client also notifies the LS Client Update Server
service to log an Installation Started transaction in the User Transaction Log.
Note: If the installation fails, the user can retry the installation. Users are notified that the
installation has failed. After fixing the cause of the failure, the user clicks [Retry].
8. Once the installation is complete, the LS Client Update service application notifies the LS Client
Update Server service to log an Installation Finished transaction in the User Transaction Log.
9. The LS Client Update service application deletes the installation package from the client
workstation.
10. The LS Client Update service application notifies the user that the installation is complete. The
user then closes the application.
Note: To run a detailed report of the client update statistics, refer to Running a Client Update
Report in the System Administration User Guide.
Notes: This workflow assumes that the OnGuard server workstation is already installed and
configured to run the LS Client Update Server service, as described in Client Update
Form Procedures in the System Administration User Guide.
This workflow also assumes that the required LS Client Update service application file
was placed manually on client workstations with versions of OnGuard earlier than 6.5,
or on workstations that do not have OnGuard installed at all. The required file is:
Lnl.OG.AutoUpgrade.Client.exe.
This file can be found on the OnGuard disc, in the \program files\OnGuard directory.
This same directory also contains the installation package.txt file, which describes the
purpose and process for using the application file, and which can be distributed to the
client workstations along with the application file.
In addition, Microsoft .NET Framework 4.0 must be installed before running the LS
Client Update Service application manually.
The application file is small enough that it can be easily distributed as an e-mail
attachment.
Note: The application prompts users who do not have Administrator privileges to provide an
administrator’s user name and password. The Client Update workflow will not proceed
without an administrator’s login information.
2. The LS Client Update service application asks the user for the LS Client Update Server service
location, and the port to use. For client workstations that do not already have OnGuard installed,
the application allows the user to select the Installation type:
• Typical client (all features)
• Monitoring client
• Badging and credential client
3. The LS Client Update service application attempts to reach the LS Client Update Server service
location, and displays an error message if unsuccessful.
4. Once the connection is made, the LS Client Update service application requests a download of
the OnGuard installation package.
Notes: Before requesting the download, the LS Client Update service checks to see if the
installation package already exists on the client workstation. If it does, the process skips
to Step 8.
If the download begins but fails (due to timeout, network outage, cancelled by client,
and so on), the download will resume from where it left off when the user restarts the
download.
5. The LS Client Update Server service either starts downloading the OnGuard installation package
and logs a Download Started transaction in the User Transaction Log, or informs the user of the
position in the download queue.
6. The LS Client Update service application receives the installation package, and verifies it was
not corrupted during the transfer.
7. The LS Client Update service application notifies the LS Client Update Server service that the
download was successful. The server logs a Download Finished transaction in the User
Transaction Log.
8. The LS Client Update service application starts installing the OnGuard client update with the
normal user prompts. The client also notifies the LS Client Update Server service to log an
Installation Started transaction in the User Transaction Log.
Note: If the installation fails, the user can retry the installation. Users are notified that the
installation has failed. After fixing the cause of the failure, the user clicks [Retry].
9. Once the installation is complete, the LS Client Update service application notifies the LS Client
Update Server service to log an Installation Finished transaction in the User Transaction Log.
10. The LS Client Update service application deletes the installation package from the client
workstation.
11. The LS Client Update service application notifies the user that the installation is complete. The
user then closes the application.
Note: To run a detailed report of the client update statistics, refer to “Running a Client Update
Report” in the System Administration User Guide.
2. Verify the Administration Installation Wizard was successful. For more information, refer to
Verify the Administration Installation Wizard was Successful on page 55.
3. Perform a pilot rollout of the software with a group of users.
4. Mass deploy the OnGuard package on client machines. For more information, refer to Deploy the
Centralized OnGuard Installation on page 55.
Note: You will need to know the type and location of the database, the location of the License
Server, and which OnGuard components you wish to install to complete this wizard.
To create a setup image for the client:
1. Insert the OnGuard 2012 disc. Depending on whether autorun is enabled a splashscreen may
appear. If a splashscreen appears, exit out of it.
2. Click the Start button, then select Run.
3. In the Open field, type:
D:/setup.exe /a
Substitute your CD/DVD-ROM drive letter for D:.
4. The Administration Wizard starts. Click [Next].
5. The Client Information window is displayed.
a. Select whether the system database will be SQL or Oracle.
b. Specify the workstation name where the system database that clients will use resides.
c. Specify the workstation name that hosts the system’s License Server.
d. Click [Next].
6. The Client Application Selection window is displayed.
a. Select or deselect the check boxes to select which client applications will be included in the
custom package.
b. Click [Next].
7. The Network Information window is displayed.
a. Select the Network location for this image by clicking [Change].
b. The Change Current Destination Folder window is displayed. Specify the location where
you would like to save the package, then click [OK].
c. Click [Create].
8. The Installation Wizard Progress window is displayed. A window is displayed that indicates that
the installation was successful. Click [Finish].
9. You can repeat steps 1-8 for each additional configuration you wish to create. Each time the
Administration Installation Wizard is run, a configuration (customized *.MSI file) will be
created. Be sure to use a unique, descriptive name for each configuration so that you can easily
distinguish one from another.
VMware provides a way to create a virtual machine. OnGuard server software and the
Communication Server are certified to run on VMware ESXi.
VMware Installation
Installation of VMware ESXi should be performed according to the manufacturer documentation. Be
sure the physical server (host) and storage array are listed on the hardware compatibility list for ESXi
to meet the minimum requirements.
Also, take into consideration the minimum requirements of the applications that will be installed on
the virtual machine (guest).
5. Once the virtual machine has been created, install OnGuard according to the instructions in the
Installation Guide.
SNMP (Simple Network Management Protocol) is used primarily for managing and monitoring
devices on a network. This is achieved through the use of get and set requests which access and
modify variables on a given device, as well as SNMP traps which are used to notify Managers of
changes as they occur. The device which is being managed or monitored is called the Agent. The
application that is doing the managing or monitoring is called the Manager. You can think of a
Manager as the coach of a team, and Agents as all the players on the team. The following diagram
illustrates how OnGuard can be used as an SNMP Manager:
OnGuard
Database
SNMP
Agent
T raps
SNM P
SNMP
SNMP Traps
Agent
SNM P
T raps
SNMP
Alarm Monitoring Workstation Agent
Agents generate trap messages, which are sent to a Manager to indicate that something has changed.
Trap messages generally contain the system uptime, the trap type, and the enterprise number.
OnGuard uses Enterprise specific trap messages to send alarms to SNMP Managers. OnGuard
generates trap messages, but does not listen for messages from SNMP Managers. The following
diagram illustrates how OnGuard can be used as an SNMP Agent:
SNMP
Agent
r a ps
SNMP T
SNMP
SNMP Traps
Agent
SNMP
Traps
SNMP Manager OnGuard
system
Configuring OnGuard as an SNMP Agent requires the use of DataConduIT and the DataConduIT
Queue Server, as shown in the diagram that follows.
OnGuard system
Internal
architecture OnGuard
of OnGuard Database
system
Linkage Server
DataConduIT
SNMP
SNMP SNMP
Agent Agent
Third-party
SNMP Manager
Why use SNMP with OnGuard? This depends on whether you are using OnGuard as an SNMP
Manager or as an SNMP Agent.
Configuring SNMP
The following steps must be completed before you configure OnGuard as either an SNMP Manager
or an SNMP Agent:
1. Install the Windows SNMP components. You will need your Windows CD to complete this
procedure. For more information, refer to Install the Windows SNMP Components on page 62.
2. Install a license with SNMP support.
5. Click [Details].
6. The Management and Monitoring Tools window opens. Verify that the Simple Network
Management Protocol check box is selected, and then click [OK].
7. Click [Next].
8. The Configuring Components window opens. The status bar is updated as the installation
proceeds.
10. A message indicating that you have successfully completed the Windows Components Wizard is
displayed. Click [Finish].
b. Click [OK].
4. In the Name field, type a name for the SNMP Manager.
5. Select whether the SNMP Manager will be online.
a. Allow the Online check box to remain selected if you want the SNMP Manager to be ready
for use. When an SNMP Manager is online, the Communication Server listens for trap
messages from SNMP Agents.
b. Deselect the Online check box if the SNMP Manager is not ready for use. When an SNMP
Manager is not online, the Communication Server does not listen for trap messages from
SNMP Agents.
6. On the Location sub-tab, select the Workstation (or server) that the SNMP Manager is or will be
running on in order to receive events. The Communication Server must be present on the
specified workstation. You can either type the name in the field, or use the [Browse] button to
view a list of available workstations.
Notes: You are required to enter the workstation’s NetBIOS name. (The NetBIOS name is
specified when Windows networking is installed/configured.)
Only one SNMP Manager is allowed to run on each Communication Server. You can
have several Communication Servers running with an SNMP Manager on each one and
have all Agents in that part of the network configured to report to the local Manager.
This would help localize network traffic.
7. Click [OK].
Add Agents
If OnGuard receives an event from an Agent that has not been defined, it will automatically add an
Agent for it and have the default name set to the IP address of the Agent. You can then go in and
modify the Name to whatever you want. On a segmented system, Agents are added to the Manager’s
segment by default, but they can also be assigned to different segments as well.
To add an Agent manually:
1. In System Administration, select SNMP Managers from the Additional Hardware menu. The
SNMP Managers folder opens.
2. Click the SNMP Agents tab.
3. Click [Add].
4. In the Name field, type a name for the SNMP Agent.
5. In the IP address field, enter the IP address of the SNMP Agent.
6. (Optional) In the Location field, enter the location of the SNMP Agent.
7. (Optional) In the Description field, enter a description of the SNMP Agent.
8. Click [OK].
9. Repeat steps 1-8 for all Agents you wish to add.
company that has an application (hardware or software) that reports events has an enterprise number.
(Lenel’s is 15714). This allows them to control and define all variables under this number.
The enterprise number is used as part of the Object Identifier (OID). A company’s enterprise OID is
1.3.6.1.4.1 followed by their enterprise number (1.3.6.1.4.1.15714 for Lenel). MIB files allow labels
to be applied to the numbers in an OID. Using the standard MIB files for SNMP, the enterprise OID
would be iso.org.dod.internet.private.enterprises followed by the label for the company’s enterprise
number provided by their MIB file. In this MIB file, you define all other variables that you will be
using. These variables are identified by OIDs. The SNMP Trap Messages DataConduIT Message
Queue type allows OnGuard to report events through SNMP trap messages. OnGuard uses the
lenel.mib file to specify the variables to use. For example, one variable in the lenel.mib file is
1.3.6.1.4.1.15714.1.1.2.1, which translates to:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).lenel(15714).onGuard
(1).event(1).hardwareEvent(2).description(1)
If the lenel.mib file is loaded, the variable in the previous example is shown on the SNMP
Management Information Base form.
• SNMPv2-SMI.txt
• SNMPv2-TC.txt
• SNMPv2-TM.txt
Notes: This location can be changed in the ACS.INI file by adding the following setting:
[SNMPManager]
MIBDir=“drive:\absolute\path\to\MIB\directory”
To make changes in the ACS.INI file on a Windows 7 computer, you must right-click
on the ACS.INI file and run it as an Administrator.
This directory is processed when a MIB file is loaded in order to load modules that may be
imported into the MIB file being loaded. Only files containing imported modules should be
saved in this directory. In most cases, the default files in this directory are sufficient. If additional
files are required, determine which additional files define the modules imported by the MIB file
and place them in this directory.
If a MIB file for an imported module is not present in this directory and the processor encounters
an undefined identifier in the MIB file it’s parsing, it will log an error to MIBProcessor.log in the
OnGuard logs directory.
3. In System Administration, select SNMP Managers from the Additional Hardware menu. The
SNMP Managers folder opens.
4. Click the SNMP Management Information Base tab.
5. Click [Add].
6. The Open window is displayed. Navigate to the MIB file you wish to load, and then click [Open].
In this example, the lenel.mib file is being loaded.
Note: After a MIB file has been loaded into OnGuard, the actual file is no longer needed.
SNMP Reports
Reports are run from System Administration or ID CredentialCenter. For more information, please
refer to the Reports Folder chapter in the System Administration or ID CredentialCenter User Guide.
There are two SNMP-related reports that can be run:
• SNMP Agents - lists all SNMP Agents sorted by segment and name
• SNMP Management Information Base Configuration - lists all MIB data grouped by enterprise
The SNMP Management Information Base Configuration report lists each node’s label and OID
(Object ID) description. If configured, the following additional options will also be listed:
• Use in alarm description
• Include label with value
• Use leaf node only for label
Note: For more information, please refer to the DataConduIT Message Queues Folder in the
System Administration User Guide.
b. Click [OK].
4. On the General sub-tab:
a. In the Queue name field, type the name of the queue. The name is case-sensitive.
b. In the SNMP manager field, type the name of the queue manager.
c. Note that the Queue type and Operation that you selected are displayed, but cannot be
modified.
5. On the Settings sub-tab:
a. If you wish to have photo, signature, and fingerprint information sent in messages, select the
Include photos and signature in messages check box.
Note: Including photo information in the messages makes the size of the message sent much
larger.
b. Select whether a message will be sent when cardholder, badge, visitor, and linked accounts
are added, modified, or deleted.
c. If you wish to have a message sent when an access event occurs, select the Send a message
when access events occur check box.
d. If you wish to have a message sent when a security event occurs, select the Send a message
when security events occur check box.
6. Using the Advanced sub-tab is optional and for advanced users. On the Advanced sub-tab you
may:
a. Type an object event WMI query directly into the Object event WMI query textbox.
b. Type an access and security event WMI query directly into the Access and security event
WMI query textbox.
7. Click [OK].
IMPORTANT: To use OnGuard over the Internet, you must have purchased the optional
Citrix XenApp application.
Procedures
The basic procedure for installing Citrix XenApp on a Windows 2008 R2 Server is:
1. Perform the pre-installation procedures. For more information, refer to Step 1: Perform the Pre-
Installation Set-up Procedures on page 74.
2. Create the Citrix database. For more information, refer to Step 2: Create the Citrix Database on
page 74.
3. Install Citrix. For more information, refer to Step 3: Install Citrix on the Server on page 75.
4. Configure the License Server. For more information, refer to Step 4: Configure the License
Server on page 75.
5. Configure XenApp. For more information, refer to Step 5: Configure XenApp on page 76.
6. Configure the Web interface. For more information, refer to Step 6: Configure the Web Interface
on page 77.
7. Publish the OnGuard applications. For more information, refer to Step 7: Publish the OnGuard
Applications on page 78.
8. Install the Citrix clients. For more information, refer to Step 8: Install the Citrix Clients on
page 78.
9. Install OnGuard. For more information, refer to Step 9: Install OnGuard on page 78.
10. Access the applications from a client workstation. For more information, refer to Step 10: Access
the Applications from a Client Workstation on page 79.
Note: Do not install any Windows updates, which might cause compatibility issues, especially
with Service Pack 1.
1. Use a Microsoft SQL Server 2008 R2 clean install as your starting point.
2. Select Start > Administrative Tools > Server Manager, click [Roles], scroll to Role Services,
and then confirm that Web Server, Health and Diagnostics, Logging Tools, and Tracing are
installed. If not, contact your System Administrator.
3. Open Administrative Tools > Roles > Add Roles. The Add Roles Wizard opens. Click [Next].
4. Select Remote Desktop Services, then click [Next], and then click [Next] again. Then select:
a. Remote Desktop Session Host
b. Remote Desktop Licensing
c. Remote Desktop Web Access, then click [Next], and then click [Next] again.
i. Select Do not require Network Level Authentication, and then click [Next].
ii. Select the Licensing Mode, and then click [Next].
iii. Administrators is the group allowed to Remote Desktop. Click [Next]
iv. Select Audio and video playback and Audio recording redirection during the
Configure Client Experience section of the wizard, and then click [Next].
v. Do not Configure a discovery scope for this license server. Click [Next], and then
click [Install].
vi. Restart the server.
5. Under Roles Summary, click [Add Roles].
a. Click [Next] on the Select Server Roles page.
b. Select Application Server, and then click [Add Required Features].
c. Click [Next], and then click [Next] again.
d. Click [Install]
e. Click [Close].
6. Under Web Services (IIS), click [Add Role Services].
a. In the Select Role Services dialog, confirm that all options under IIS 6 Management
Compatibility are selected. If they are not, select them and then click [Next].
b. Click [Install].
c. Click [Close].
7. In the Server Manager, click [Configure IE ESC] (located in the Security Information area of
Server Manager). Select Off for both Administrators and Users, and then click [OK].
2. Enter the Server name, and select <Windows Authentication>. Click [Connect].
3. In the Object Explorer pane, expand the Databases folder.
4. Right-click the Databases folder and select New Database.
5. Name the database CitrixMetaFrame.
6. Click [OK].
Refer to the OnGuard Installation Guide for more information about installing a SQL Server data-
base.
Notes: When installing Citrix, you might need an ISO mounting application.
Ensure that your Remote Desktop services license is current.
Make sure your Citrix license is current. When you obtain this license, make sure your
server name is exact as you specify. It is case sensitive.
Note: Now that the server roles are configured, first configure the License Server, followed by
the XenApp and Web Interface. This ensures you have a proper license.
Note: Disregard the Inconsistent Server Host ID message, if shown. This issue will be
corrected in a later step.
9. Restart the Citrix Licensing Service.
a. Click Start > Administrative Tools > Services.
b. Right-click Citrix Licensing and then click Restart.
10. Go back to the License Administration Console and click [Dashboard] next to Administration on
the top-right area of the window. If everything is correct, you will see your Citrix license along
with a Citrix startup license. It should look similar to this:
• Citrix Start-up License | Server
• Citrix XenApp (Presentation Server) Advanced | Concurrent User
• Citrix XenApp (Presentation Server) Enterprise | Concurrent User
• Citrix XenApp (Presentation Server) Platinum | Concurrent User
• Citrix XenApp (Presentation Server) Standard | Concurrent User
Note: Before installing OnGuard, try publishing Notepad or Calculator to confirm that
publishing works correctly.
1. Select Start > All Programs > Citrix > Management Consoles > Citrix Delivery Services
Console.
2. Under Actions on the right side, configure and run discovery.
a. Click Next.
b. Uncheck Single Sign-on.
c. Click Next.
d. Click Next.
e. Click Finish.
3. Expand the farm name in the Object Explorer pane, right-click Applications, and then select
Publish Application.
4. Click [Next].
5. Enter the Display name and click [Next].
6. Click [Next].
7. Click Browse under the command line, find the application you want to publish, and then click
next.
8. Click [Add], double-click servers, double-click the servers you want to add, and then make sure
they are listed in Selected Items. Click [OK] and then click [Next].
9. Select Allow anonymous users and click [Next].
10. Click [Next].
11. Click [Finish].
To access your site, enter the server name in Internet Explorer and then log in. You should see and
be able to launch the applications.
Note: You must choose the Existing SQL option during installation. You must set up the
database yourself using the SQL 2008 Studio Manager.
2. Publish your OnGuard applications as described in Step 7: Publish the OnGuard Applications on
page 78. However, before clicking [Finish], click [Configure advanced application settings now].
3. Click [Next] four times.
4. Deselect Enable legacy audio and then click [Next].
5. Change the maximum color quality to 16-bit and then click [Finish].
6. Repeat steps 2 through 5 for each OnGuard application you install.
IMPORTANT: To make changes in the ACS.INI file on a Windows 7 computer, you must
right-click on the ACS.INI file and run it as an Administrator.
Note: Most of the following ports use the Transport Control Protocol (TCP). Ports 45303,
45307, and 46308 use the User Datagram Protocol (UDP). Port 9111 uses the Hypertext
Transfer Protocol (HTTP) protocol.
80 Web Server Web OnGuard Only used Used for Web Applications
(IIS) browser server with to communicate with the
OnGuard Web Service. Check IIS
5.12 and configuration for the correct
later port configuration.4
135 DCOM Initial Any DCOM LNVR; All OnGuard Cannot be changed.
Connections application OnGuard Versions
443 Web Server Web OnGuard Only used Used when SSL is utilized
(IIS) SSL browser server with for the Web Applications.
OnGuard Port 443 is used for secure
5.12 and web browser
later communication.4
2000 Digital Video Web Video LNVR OnGuard 5.7 To change, update Registry
- live video Viewer; and later Setting on Video Recorder
streams Alarm HKEY_CLASSES_ROOT\
Monitoring; Spider\Resources\Spider\
Video TCPSHAREPARAM.
Viewer;
Remote
Monitoring;
Intelligent
Video
Server; Area
Access
Manager
3001 Connected Comm Connected OnGuard 5.0 The default port the
controllers Server controllers and later Communications Server
uses to communicate with
controllers. Configurable
within System
Administration.
4003 Login Driver Apps and Login driver OnGuard 5.0 Can be changed in ACS.INI
RPC services that and later [Service] section
login to the LoginRpcPort1
OnGuard
database
4006 Video Server System Archive OnGuard 5.7 Can be changed in ACS.INI
RPC Admin; Server and later [Service] section
Linkage VideoServerRpcPort1
Server
4009- Alarm Comm Alarm OnGuard 5.9 Used for the Guard Tour,
4057 Monitoring Server Monitoring and later Grant-Deny Popup and
RPC Failure to Acknowledge/
Forward Alarm features
only. One port used per
Monitoring instance on a
given machine (typically
4009). Can be changed in
ACS.INI [Service] section
AcsmntrRpcMinPort,
AcsmntrRpcMaxPort2,3
4070 HID Edge Comm HID Edge OnGuard 6.1 Used for bi-directional
device Server devices and later communication between
communicati OnGuard Communication
on Server and HID Edge
devices. Can be changed in
the ACS.INI file under the
[HID VertX] section
Listening Port1
8189 License All client License OnGuard 5.7 To change the License
Server apps Server and later Server port:
1. The value for the Port
key in the [License
Server] section of the
ACS.INI file must be
changed on every
OnGuard machine.
The default is:
[License Server]
Port=8189
2. The following must be
added to the
LicenseServerConfig\
Server.properties file
(file content is case-
sensitive!):
Port=8189 where
'8189' is replaced by
the desired port
number.
(This line is not present
by default. The whole
file is not present by
default; it is created
when the admin
username or password
is changed.)
8888 Software License Lenel’s OnGuard 6.1 Port used for online
License Server at public and later activation and deactivation
customer License of software based licensing.
site Admin site This port must be open to
activate a software-based
(FLEXnet) license.
9111 Application Web hosted App Server OnGuard Used for communication
Server (as a apps 5.12 and with the Application Server
Windows later service.
Service) Lnl.OG.ApplicationServer.S
ervice.exe.config contains
the Application Server port
configuration. The Web
Service web.confg file
indicates to the Web
Service how to connect to
the Application Server
(including which port). Uses
the HTTP protocol.
1 To change these ports, the ACS.INI settings must be changed on all machines (server and clients).
2 To change these ports for a given monitoring station, the ACS.INI settings only need to be changed
on that machine.
3 Each port in this range is used for the same purpose, and most of these ports are usually unused. This
port range is reserved so that multiple instances of Alarm Monitoring can run on one PC in a terminal
services environment. Because each instance of Alarm Monitoring running on one PC requires a
unique port, the next available port in this range is used.
4 These ports are used by the LNL-2220 and LNL-3300 when connected to the network.
g. This setting is only required if the user wishes to configure the LSVS from a remote machine. This step is
not necessary if the configuration application is launched from the host where the streaming server is
installed.
h. This port number must be the same on all remote monitoring and OnGuard client machines in the system.
If the user wishes to use a different value, all machines must be updated at the same time. On the OnGuard
client, this can be changed by editing the “MonitorUDPPort” registry value under
HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard. On RM machines, the same value must be
updated in the registry under HKEY_LOCAL_MACHINE\Software\Lenel\RemoteMonitor.
i. This port range can be changed by launching the LnrNI utility on the OnGuard client machine, selecting
the “Remote Monitor Network Settings” tab and entering a different port range.
j. Cameras have built-in web servers. Typically they use HTTP port 80, but the user can configure it to use
any arbitrary port number. The camera tab in the digital video folder in System Administration allows you
to specify which port LNVR will connect to. For more information, refer to the Digital Video Folder
chapter in the System Administration User Guide for more information.
k. Currently this is only supported for Sony cameras. FTP protocol is used to retrieve video from In-Camera
Storage. By default this protocol uses TCP port 21 to establish the connection. This port can be changed in
the camera configuration. FTP protocol also uses a separate TCP/IP connection for actual data transfer and
this connection can be established on just about any port. Therefore, using In-Camera Storage through
firewalls might cause problems.
DCOM uses TCP port 135 to establish new connections. TCP port 135 must be open on the server.
Once a client connects to that port, the Windows DCOM/RPC subsystem determines the type of the
actual communications. This type can be either TCP/IP or UDP/IP based on the machine settings.
These settings can be changed with the following steps:
1. Run dcomcnfg from the command line.
2. Expand to Console Root > Component Services > Computers > My Computer.
3. Right-click on My Computer and select Properties.
4. Select the Default Protocols tab.
5. Select UDP/IP or TCP/IP or both. For each option, the port range can also be limited. If the port
range is not limited, DCOM will use any random port between 1024 and 65000. It is
recommended to limit the port range for systems using firewalls.
The following Microsoft Knowledge Base article provides background information for configuring
DCOM: http://msdn2.microsoft.com/en-us/library/ms809327.aspx
For additional information about DCOM, refer to the Microsoft Windows documentation.
The LnrNI utility is used to configure the ports that should be used for each type of communication.
When launched on a client, the LnrNI utility defines the mode that will be used to receive live video
from the LNVR. It attempts each type of connection in the order they are listed on the Client Network
Settings tab. If the connection is unsuccessful after 3 seconds it will move to the next connection type
until all three have been tried: multicast, UDP/IP, and TCP/IP. TCP/IP is the fallback mechanism and
cannot be disabled.
The LnrNI utility also determines which network card should be used by the video software if the
machine is multihomed, meaning it has different IP addresses due to multiple active network
adapters.
The following is a table of OnGuard services and those services that run on OnGuard installations. \
Number per
OnGuard Startup
Name Definition system Type Notes
Application Server Used to provide the One per Automatic Only installed when a
application server region. custom installation is
for the web based performed and the
applications. Application Server
component is selected.
Client Update The Client Update One per Manual - Only client workstations
Server Server is used to server. Run if the are upgraded
automatically service is automatically. Server
update client being used workstations still require
workstations. manual updates. By
default, this functionality
is disabled. Only applies
to new releases and
cumulative hotfixes;
incremental updates are
not distributed by this
server.
Number per
OnGuard Startup
Name Definition system Type Notes
Config Download The Config One per Automatic Needed only for the Area
Service Download service is region. Must Access Manager
used to propagate be run on the (Browser-based Client)
configuration same application.
changes down to machine as
the hardware from the
the web based Application
applications. Server.
Number per
OnGuard Startup
Name Definition system Type Notes
License Server The License server One Automatic The OnGuard License
controls which Server is typically run on
features the OnGuard servers but
computer is can be configured on a
licensed to use. separate machine.
Number per
OnGuard Startup
Name Definition system Type Notes
Linkage Server The Linkage Server One Automatic Only one instance of
is responsible for Linkage Server may be
directing automatic running on each regional
email/paging and/or master database;
messages in typically on the database
response to specific server.
alarms, as well as
linking “marked”
video segments on
a video recorder
with the associated
alarm/event logged
in the Database.
Login Driver The login driver One - The Automatic The Lenel Login Driver is
allows OnGuard to service is run a service that is used to
log in and access on the change the OnGuard
the database. computer on database password
which the (NOT the user
database passwords). The service
resides. is run on the computer
on which the database
resides.
LnrCapSvc Records video from One per Automatic Must be running in order
CCTV devices. LNVR. for the LNVR to connect
to video sources and to
store information to the
disk. It also services live
video retrieval requests.
Number per
OnGuard Startup
Name Definition system Type Notes
LpsSearchSvc Performs video One per IVS Automatic Must be installed in order
analytics + one per to perform any video
processing. OnGuard searches. Should be run
client + one on all machines, servers
per LNVR. and clients, that will need
to perform video
searches.
Number per
OnGuard Startup
Name Definition system Type Notes
Video Archive The Video Archive Depending Automatic - A digital video recorder
Server Server is a system on the Run if device can only
service that is number of Digital communicate to one
responsible for recorders Video Video Archive Server.
purging or archiving and physical Archiving is
video data from archive being used
multiple video servers you
servers onto one or have.
more designated
storage devices.
The Database Installation Utility is used to attach an SQL Server Express/SQL Server database for
use with the OnGuard software. The Database Installation Utility copies the existing database data
files (MDF and LDF), attaches the database, and updates the Lenel Data Source Name (DSN) to point
to the correct database. It does not create the tables in a new database - Database Setup must be run.
The Database Installation Utility is run automatically at the end of the OnGuard installation when
either a new SQL Server Express database or a demo database has been selected. It is also installed on
the local machine in the OnGuard installation directory so that it can be run manually after the
installation has completed.
Browse
Click to select the Path to database files.
Database name
The name of the database that will be used with the OnGuard software. When the Database
Installation Utility is run automatically during the OnGuard installation, the Database name and
the Path to database files are determined based on the choice of the SQL Server Express or
Demo database.
Browse
Click to select the Path to copy database files to.
Connect
When the Database Installation Utility opens, it attempts to connect to the database for the DSN
that is currently specified in the [Database] section in the ACS.INI file. For example, if the
following is specified in the [Database] section:
Connect=“ODBC;DSN=Lenel” then the Database Installation Utility will attempt to connect to
the database associated with the Lenel DSN.
If the database connection succeeds, the [Connect] button is grayed out. If the database connection
fails, an error message that says, “The DSN selected in your ACS.INI is invalid. Please check
your ODBC configuration.” is displayed and the [Connect] button is enabled. If this message is
displayed, open the ACS.INI file and specify the correct DSN, save and close the ACS.INI file,
and click the [Connect] button. If the connection is successful, the [Connect] button will become
grayed out.
OK
Created or attaches the specified database.
Close
Closes the Database Installation Utility without performing any function.
IMPORTANT: To make changes in the ACS.INI file on a Windows 7 computer, you must
right-click on the ACS.INI file and run it as an Administrator.
1. In Windows Explorer, navigate to the OnGuard installation directory (C:\Program
Files\OnGuard by default), and then double-click on the DatabaseInstallationUtility.exe file to
run it.
2. The Database Installation Utility window is displayed. When the Database Installation Utility
opens, it attempts to connect to the database for the DSN that is currently specified in the
[Database] section in the ACS.INI file. For example, if the following is specified in the
[Database] section:
Connect=“ODBC;DSN=Lenel” then the Database Installation Utility will attempt to connect to
the database associated with the Lenel DSN.
• If the database connection succeeds, the [Connect] button is grayed out. Proceed to step 3.
• If the database connection fails, an error message that says, “The DSN selected in your
ACS.INI is invalid. Please check your ODBC configuration.” is displayed and the [Connect]
button is enabled. If this message is displayed, open the ACS.INI file and specify the correct
DSN, save and close the ACS.INI file, and click the [Connect] button. If the connection is
successful, the [Connect] button will become grayed out. Proceed to step 3.
3. Click [Browse...] to choose the path to the database files.
4. The Open window is displayed. Navigate to the DBSetup folder in the OnGuard installation
directory, select the MDF file that you wish to attach, and then click [Open]. MDF files you may
wish to attach include:
• The default empty SQL Server Express database AccessControl_Data.mdf.
• The OnGuard demo database AccessControlDemo_Data.mdf.
5. In the Database name field, type AccessControl or any other name you wish to use, as
shown.
6. The recommended path is the default path specified in the Path to copy database files to field.
This default path is where the files would be stored if you were using the SQL Server user
interface (which does not come with SQL Server Express) to create a database.
• If you do not change the default setting in the Path to copy database files to field and a
database with the name you specified already exists, the database will be overwritten.
• If you do change the default setting, a new database will be created in that location.
9. The DSN is updated to point to the database, and a message is displayed that indicates that the
database was successfully installed. Click [OK].
IMPORTANT: After attaching a database, you must run Database Setup to create the tables in
the database.
Since SQL Server Express doesn’t provide an interface for accessing the database engine, use the
following procedure to log into the database directly using the ODBC connection created for
OnGuard:
11. From the Start menu, select Run. Click [Browse…]. Browse to the OnGuard folder and select the
‘ACCESSDB.exe’ application. Click [Open] and then [OK] to run this application.
12. From the Management menu, select Datasource > Connect.
a. On the Machine DataSource tab, select “Lenel”. Click [OK].
b. You will be prompted for the database “sa” login ID and password. Enter the credentials and
click [OK].
c. The screen will return to the main window.
d. From the SQL menu, select Statement. Enter the following statement in the text box:
sp_changedbowner lenel
Click [OK] when you are ready to execute the statement.
e. If the command returns highlighted, then it completed without error.
13. Log into any OnGuard application and verify that the change was successful.
The following appendix will detail the manual creation of an ODBC connection for SQL. These
instructions are primarily for reference purposes because the OnGuard installation automatically
creates the necessary ODBC connection to the database.
If using Windows 7 with UAC turned on, you might receive an error when creating an ODBC with
OnGuard applications. This error occurs when you are not running the application as an
Administrator. To work around this issue, run the application as Administrator or create the ODBC
manually as described in this appendix.
IMPORTANT: When manually creating an ODBC connection you must use the SQL Native
Client driver.
Note: File locations may vary depending on your operating system and configuration.
IMPORTANT: To make changes in the ACS.INI file on a Windows 7 computer, you must
right-click on the ACS.INI file and run it as an Administrator.
1. Edit the ACS.INI file. The ACS.INI file is located at C:\WINDOWS\ACS.INI.
2. Update the following line in the [DataBase] section:
Connect=”ODBC;DSN=<DSNName>”
Change <DSNName> to the name of the new DSN for the ODBC connection to the OnGuard
database.
3. Save and close the ACS.INI file.
Note: Steps 4 and 5 are necessary only for systems using the web applications.
4. Edit the C:\Inetpub\wwwroot\lnl.og.webservice\web.config file.
5. Find and update the following line:
<add key="reportDSN" value="<DSNName">
Change <DSNName> to the name of the new DSN for the ODBC connection to the OnGuard
database.
Troubleshooting
If you experience problems connecting to the OnGuard database, check the ODBC connection to be
sure that it is configured correctly.
1. From Administrative Tools in Windows, open Data Sources (ODBC).
2. The ODBC Data Source Administrator window is displayed. Select the System DSN tab.
3. Select the DSN used to connect to the OnGuard database from the list view.
4. Verify in the System Data Sources listing window that the DSN driver is SQL Native Client.
Note: If the DSN driver is not SQL Native Client, delete the System DSNand create a new
ODBC connection using the SQL Native Client driver. For more information, refer to
Creating an ODBC Connection for SQL on page 107.
5. Click [Configure].
6. Verify that the name of the Server is correct in the drop-down.
7. Click [Next].
8. Check that the correct method of authentication is selected and verify the credentials if using
SQL Server authentication.
Note: If you select Windows NT authentication it may impact your ability to store credentials
in a file as a means of authentication. Selecting SQL Server authentication does not
impact your ability to use Windows authentication with the Web applications. Refer to
the Installation Guide for more information about database authentication with the Web
applications.
9. Click [Next].
10. Verify that Change the default database to check box is selected and that the OnGuard database
is selected in the drop-down.
11. Click [Next].
12. Click [Finish].
13. The ODBC Microsoft SQL Server Setup dialog is displayed.
a. Click [Test Data Source]. A success message should be displayed.
b. Click [OK] to exit each of the dialogs.
The following appendix will show you how to set up and configure a capture station.
Subject
Badging
Workstation Bounce Back Umbrella
Exit
12
ft.
BACKDROP
FIXED DIFFUSED LIGHT
CAMERA
TRIPOD
4.5 FEET
Distance Variable
TABLE
(1.5 feet recommended)
BACKDROP
LIGHT
TABLE
4.5 FEET
STAND
Note: Optimally the subject should fill the pre-sized crop window, so no additional cropping
adjustments need be made.
Why manual white balance? With light or gray colors the Auto White Balance adjusts incorrectly.
That is why the CAM-CCP-500K should be setup for Manual White Balance. It is necessary to White
balance the camera to obtain a default white balance setting and is maintained for consistent picture
quality.
Installation of CAM-24Z704-USB/CAM-20Z704-USB
To install the USB camera simply plug it in, connect the USB cord to the workstation, and install the
drivers that come with the camera. For more information refer to the Badging Image Capture Camera
User Guide that came with the camera.
Note: Though there is a connection for S-video Out it is strongly recommended that you use
the USB connection.
Configuration of CAM-24Z704-USB/CAM-20Z704-USB
1. Start the application you will be using to capture photos/signatures/badge layout graphics.
2. Launch the capture dialog from within that application by selecting the [Capture] button on a
form that accesses the Multimedia Capture module.
3. On the Photo sub-tab of the Multimedia Capture module, select Digital Camera from the
Capture Source dropdown box.
4. On the Digital Camera Settings sub-tab, select AF Imaging Grabber 1 from the Twain Source
dropdown box.
IMPORTANT: Make sure that the Show User Interface check box IS selected.
Using CAM-24Z704-USB/CAM-20Z704-USB
1. To use, click Get Photo on the Multimedia Capture module. The AF Image Grabber 1 control
box opens.
2. Click Take Picture to take the picture. The AF Image Grabber 1 control box closes and you see
the picture on the Multimedia Capture Module screen.
3. Click [OK] and the picture is added to the Cardholder screen.
AF Image Grabber 1
TELE
Zooms in. The camera has a 16:1 optical zoom range along with an 8x digital zoom.
WIDE
Zooms out.
Calibrate Camera
Automatically adjusts the camera settings to provide the best quality image under certain lighting
conditions. For more information refer to the Badging Image Capture Camera User Guide that
came with the camera.
Lighting Setup
Advanced Setup
After the capture station has been setup, some testing must be performed to determine the optimal
illumination settings for image capture. You may have to adjust the lights, drapes, or other elements
in the capture environment.
With a test subject, view the live image on the screen with all the room lights on. Set the selector
switch on the back of the camera to iris (all the way to the left). With the arrows on back of the
camera adjust the iris all the way down, the live image on the screen should become dark if not black.
The arrows located at the bottom of the camera can be use in one of two manners. If you push and
hold the arrow, it will zoom all the way in or out. If you push the arrow button momentarily, it will
move in and out incrementally. While viewing the screen, increase the iris until the subject is visible.
Increase the iris a little more, until the screen image is about the same brightness as the real view of
the subject. Take a test picture. Label this “test 1, all lights”. From here we will adjust the room
environments lighting and make minor adjustments to the iris if needed while continuing to save the
sample captures at (test 2, test 3 etc.).
Steps to improving capture quality:
1. Turn on all the lights in the room.
2. Open the Capture dialog and center on a test subject with the camera.
3. Adjust the iris all the way down, and then adjust it until the screen image is about the same
brightness as the real viewable image.
4. Set the White Balance. (Set the selector switch on the back of the camera to WB. Hold a white
piece of paper in front of the camera so there is only white showing on the screen. Using the
arrows on the back of the camera adjust the white balance until the image in the capture window
is white.)
5. Take a test picture. Save this as a cardholder labeled “Test1: all lights”.
6. Turn off all the lights.
7. Take another picture. Save this as a cardholder labeled “Test2: no lights”.
8. Continue testing until a desired lighting quality is captured on the screen. Be sure to label each
test with a number and a description of what you did. Adjust your environments based on the
environmental considerations below. Continue to take pictures, save them, and use them as
references until the best conditions are determined.
A Client
AccessControl_Data.mdf file ..................... 103 Oracle 10g ................................................ 31
AccessControlDemo_Data.mdf file .......... 103 Oracle 11g ................................................ 43
ACS.INI file Configure
updating the DSN ................................. 108 capture station ....................................... 111
Attach Oracle 10g client software .................... 31
SQL Server Express database ............. 102 Oracle 10g server software ................... 11
Oracle 11g client software .................... 43
B Oracle 11g server software ................... 35
Continuous lighting diagram ...................... 114
Badging room layout .................................... 113
Basic camera setup (CAM-CCP-500K) .... 115
D
C Database Installation Utility
field table ............................................... 101
CAM-20Z704-USB/CAM-21Z704-USBP
overview ................................................. 101
using ........................................................ 117
CAM-24Z704-USB/CAM-20Z704-USB procedures .............................................. 102
configuration ......................................... 116 window ................................................... 101
Database owner
CAM-CCP-500K image capture kit .......... 115
change in SQL Server Express ........... 105
Camera
capture quality ....................................... 111 Database Setup
running on an Oracle 10g server .......... 27
setting up a CAM-CCP-500K ............ 115
Capture station running on an Oracle 11g server .......... 40
Demo database .............................................. 103
configure ................................................ 111
Diffused lighting ........................................... 114
set up ....................................................... 111
setup specifications .............................. 112
CCP-500 (back view) ................................... 115 E
Citrix Environmental considerations affecting flash &
creating database and DSN ................... 74 camera capture quality ................. 111
installing Citrix MetaFrame on the Environmental considerations and factors
server ........................................ 75 leading to poor lighting ............... 119
installing required applications ............ 74
overview ................................................... 73 F
publishing OnGuard as a web Final adjustments for continuous lighting 114
application ................................ 76 Final adjustments for fixed diffused
lighting ........................................... 114
V
VMware ............................................................ 57
W
Windows Terminal Services/Citrix
overview ........................................... 73