Enterprise

Enterprise Setup &
Configuration User
Guide

PERPETUAL INNOVATION

OnGuard® 2010 Enterprise Setup & Configuration User Guide
Product version 6.4, item number DOC-500, revision 1.048, October 2010
Copyright © 1995-2010 Lenel Systems International, Inc. Information in this document is subject
to change without notice. No part of this document may be reproduced or transmitted in any form
or by any means, electronic or mechanical, for any purpose, without the express written
permission of Lenel Systems International, Inc.
Non-English versions of Lenel documents are offered as a service to our global audiences. We
have attempted to provide an accurate translation of the text, but the official text is the English
text, and any differences in the translation are not binding and have no legal effect.
The software described in this document is furnished under a license agreement and may only be
used in accordance with the terms of that agreement. Lenel and OnGuard are registered
trademarks of Lenel Systems International, Inc.
Microsoft, Windows, Windows Server, and Windows Vista are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries. Integral and
FlashPoint are trademarks of Integral Technologies, Inc. Crystal Reports for Windows is a
trademark of Crystal Computer Services, Inc. Oracle is a registered trademark of Oracle
Corporation. Other product names mentioned in this User Guide may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Portions of this product were created using LEADTOOLS © 1991-2010 LEAD Technologies, Inc.
ALL RIGHTS RESERVED.
OnGuard includes ImageStream® Graphic Filters. Copyright © 1991-2010 Inso Corporation. All
rights reserved. ImageStream Graphic Filters and ImageStream are registered trademarks of Inso
Corporation.

Enterprise Setup & Configuration User Guide

Table of Contents
Introduction .......................................................................13
Chapter 1: Overview ..................................................................15
Enterprise Application Example .................................................................... 16
Enterprise System Benefits ........................................................................... 17
Open Architecture Technology ........................................................................................ 17
Core Technology Features .............................................................................................. 17

Terms to Know .............................................................................................. 18
About this User Guide ................................................................................... 19
Other Referenced User Guides ..................................................................... 19

Chapter 2: Before Installing an Enterprise Master or Regional
Server Node .............................................................................21
Perform the Common Pre-installation Steps ................................................. 21
Standards and Conventions .......................................................................... 21
Overview ......................................................................................................................... 21
Considerations/Recommendations ................................................................................. 21

Database Planning ........................................................................................ 22
Master Database Planning .............................................................................................. 22
Regional Server Node Database Planning ..................................................................... 22

Overview of ODBC DSN Connections .......................................................... 22

Chapter 3: Server Configuration Overview .............................25
Enterprise System Setup Overview .............................................................. 25
Enterprise Master Server Node System Setup ............................................................... 25

revision 1 — 3

Table of Contents

Regional Server Node System Setup ............................................................................. 26

Distributed ID Management System Setup Overview ................................... 26
Distributed ID Master Server Setup ................................................................................ 27
Distributed ID/Mobile Station Setup ................................................................................ 28

Database Management Systems ........................................29
Chapter 4: Microsoft SQL Server 2008 ....................................31
Prerequisites ................................................................................................. 31
SQL Server 2008 Express Edition ................................................................ 32
Upgrading to SQL Server 2008 Express Edition ............................................................. 32
Installing SQL Server Management Tools ...................................................................... 33

SQL Server 2008 Standard Edition ............................................................... 34
Installation Steps ............................................................................................................. 34
Upgrade Steps ................................................................................................................ 34
Installing SQL Server 2008 ............................................................................................. 34
Configuring SQL Server 2008 ......................................................................................... 37

Chapter 5: Installing & Configuring Oracle 10g Server
Software ......... ..........................................................................41
Oracle 10g Server Software Configuration Overview ................................... 42
Oracle 10g Server Software Installation and Configuration .......................... 44
Step 1: Install Oracle 10g Server Software ..................................................................... 44
Step 2: Install the Latest Approved Patch Sets ............................................................... 45
Step 3: Create the Lenel Database ................................................................................. 45
Step 4: Run the Net Configuration Assistant ................................................................... 51
Step 5: Verify the System is Working .............................................................................. 56

4 — revision 1

Enterprise Setup & Configuration User Guide

Step 6: Install OnGuard 2010 Enterprise ........................................................................ 58
Step 7: Create the Lenel User ......................................................................................... 58
Step 8: Configure Authentication .................................................................................... 61
Step 9: Install Your OnGuard License ............................................................................. 61
Step 10: Run Database Setup ........................................................................................ 61

Chapter 6: Configuring Oracle 10g Client Software ...............63
Oracle 10g Client Installation and Configuration ........................................... 63
Step 1: Install Oracle 10g Client ...................................................................................... 63
Step 2: Install OnGuard 2010 Enterprise Software ......................................................... 66

Chapter 7: Installing & Configuring Oracle 11g Server
Software ......... ..........................................................................67
Oracle 11g Server Software Configuration Overview ................................... 68
Oracle 11g Server Software Installation and Configuration .......................... 70
Step 1: Install Oracle 11g Server Software ..................................................................... 70
Step 2: Create the Lenel Database ................................................................................. 71
Step 3: Run the Net Configuration Assistant ................................................................... 74
Step 4: Verify the System is Working .............................................................................. 75
Step 5: Install OnGuard 2010 .......................................................................................... 75
Step 6: Create the Lenel User ......................................................................................... 75
Step 7: Configure Authentication .................................................................................... 76
Step 8: Run Database Setup .......................................................................................... 77

Chapter 8: Configuring Oracle 11g Client Software ...............79
Oracle 11g Client Installation and Configuration ........................................... 79
Step 1: Install Oracle 11g Client ...................................................................................... 79
Step 2: Install OnGuard 2010 Enterprise Software ......................................................... 80

revision 1 — 5

Table of Contents

OnGuard Installation and Configuration ..........................81
Chapter 9: Installing OnGuard 2010 Enterprise ......................83
OnGuard 2010 Enterprise Installation Prerequisites ..................................... 83
Installation Procedures .................................................................................. 83
Install the OnGuard 2010 Enterprise Software ............................................................... 83
Attach the Hardware Key (OnGuard License Server Computer Only) ............................ 86
Install the New License ................................................................................................... 87
Configure Authentication ................................................................................................. 87
Set Up Your OnGuard Database .................................................................................... 88

Running the Security Utility ........................................................................... 88
Install Your OnGuard License ....................................................................... 88
Log into the License Administration Application .............................................................. 89
Changing Administrator Properties for the License Administration Application .............. 90
Install a New License ...................................................................................................... 91

Run Database Setup ..................................................................................... 91

Chapter 10: Database Authentication for Web Applications .93
Windows Authentication with SQL Server ..................................................... 93
Configure Windows Authentication with SQL Server ...................................................... 93
Configure Authentication for Reports in Area Access Manager ...................................... 95

Windows Authentication with Oracle ............................................................. 97
Create a new Windows user ........................................................................................... 97
Add the Windows user to Oracle ..................................................................................... 97
Verify the Integrated Security Setting .............................................................................. 98

Provide Credentials in the Protected File ...................................................... 98

6 — revision 1

Enterprise Setup & Configuration User Guide

Securing Files with the Access Control List .................................................................... 99
Store the Lenel User Credentials .................................................................................... 99

Chapter 11: Configuring the Web Application Server .......... 103
Custom Install the Web Application Server ................................................. 103
Running Form Translator ............................................................................ 104
Internet Information Services (IIS) for Windows Server 2003 ..................... 104
.Net Configuration with SQL Server .............................................................................. 105
Serving Dynamic Content with Windows Server 2003 .................................................. 105
Creating Virtual Directories ........................................................................................... 105
Configure SSL ............................................................................................................... 106

Internet Information Services (IIS) for Windows Server 2008 ..................... 106
.Net Configuration with SQL Server .............................................................................. 107
Serving Dynamic Content with Windows Server 2008 .................................................. 107
Creating Virtual Directories ........................................................................................... 107
Configure SSL ............................................................................................................... 107

Authentication ............................................................................................. 108
Configure the LS Application Server Service Log On Account ..................................... 108

Area Access Manager and VideoViewer Browser-based Clients ............... 108
Browser-based Reports ................................................................................................ 108
Configuration Download Service ................................................................................... 110
OnGuard User Permissions .......................................................................................... 111

Client Configuration ..................................................................................... 111
Internet Browser Security Level .................................................................................... 112
Configure Single Sign-on for Browser-based clients ..................................................... 112
Accessing the Browser-based Applications .................................................................. 113
Create Bookmarks ........................................................................................................ 114

revision 1 — 7

Table of Contents

Chapter 12: Visitor Management Installation ........................ 115
Using SSL ................................................................................................... 115
Security and Authentication .......................................................................................... 115

ClickOnce for Front Desk and Kiosk ........................................................... 116
Prerequisites ................................................................................................................. 116

ClickOnce Setup ......................................................................................... 117
Methods of Deployment ................................................................................................ 117
Installation ..................................................................................................................... 118

Workaround for Security Policies ................................................................ 119
Support Two Security Policies ...................................................................................... 119

Chapter 13: Applying Hot Fixes in Enterprise ......................121
How to Properly Apply a Hot Fix to an Enterprise System .......................... 121
Step 1: Log out of all Lenel Applications ....................................................................... 121
Step 2: Run Replication ................................................................................................ 121
Step 3: Stop Replicator and All OnGuard Services ....................................................... 121
Step 4: Back Up All Databases (if Requested) ............................................................. 121
Step 5: Apply Hot Fix to Master Server ......................................................................... 121
Step 6: Apply Hot Fix to Regional Servers .................................................................... 122
Step 7: Perform Full Download ..................................................................................... 122

Chapter 14: Enterprise Configuration ....................................123
Master Server Node Configuration Overview .............................................. 123
Master Server Node Login ............................................................................................ 123

Configure the Master Server Node Database ............................................. 124
Regional Server Node Configuration Overview .......................................... 127
Configure the Regional Server Node Database .......................................... 128
8 — revision 1

Enterprise Setup & Configuration User Guide

Configure the Regional Server Node .......................................................... 133
Download All Cardholders to the New Regional Server Node ...................................... 133
Schedule Replicator to Run Automatically .................................................................... 134
Replicator Settings in the ACS.INI File ......................................................................... 135
Enterprise Ongoing Administration ............................................................................... 135

Chapter 15: Distributed ID Management Systems ................137
Distributed ID Master Server Description ...................................................................... 137
Distributed ID/Mobile Station Description ...................................................................... 138

Distributed ID Mobile Master Server Setup Overview ................................. 138
Distributed ID/Mobile Station Setup Overview ............................................ 139
Configure a Distributed ID Management System ........................................ 140
Configure a Distributed ID Master Server ..................................................................... 140
Configure a Distributed ID/Mobile Station ..................................................................... 141

Chapter 16: Accounts and Passwords .......... ........................147
Password Standards ................................................................................... 148
Enable/Disable Strong Password Enforcement ............................................................ 148

Change the Database Password ................................................................ 149
Change the Lenel Account Password ........................................................................... 150

About Accounts ........................................................................................... 151
Change the System Administrator Password for the Database .................. 151
Change the SYSTEM Account Password Using Database Setup ................................ 151
Write Down and Inform Administrators of the Password Change ................................. 152

revision 1 — 9

Table of Contents

Upgrading an Enterprise System ....................................153
Chapter 17: Upgrading to OnGuard 2010 Enterprise ...........155
Upgrading to OnGuard 2010 Enterprise ..................................................... 156
Verify No Pending Transactions Exist ........................................................................... 156
Archive Visits if using Visitor Management ................................................................... 156
Stop Replicator and All OnGuard Services on All Regional Server Nodes ................... 156
Back Up All Databases ................................................................................................. 157
Upgrade the Operating System ..................................................................................... 157
Upgrade All Databases ................................................................................................. 157
Install DirectX 9.0 .......................................................................................................... 157
Upgrade the OnGuard Software and Databases .......................................................... 157
Upgrade OnGuard pre-5.11.216 to version 5.11.216 .................................................... 159
Upgrade OnGuard 5.11.216 to OnGuard 2010 ............................................................. 159
Manually Update SQL Server Data Sources to use SQL Server Native Client 10.0
Drivers ........................................................................................................................ 160
Start Replicator on All Regional Servers ....................................................................... 160
Confirm that Replication is Working .............................................................................. 161
Perform a Full Download ............................................................................................... 161
Run the Universal Time Conversion Utility .................................................................... 161

Enterprise System Administration ..................................163
Chapter 18: Enterprise System Administration ....................165
Scheduling Issues for an Enterprise System .............................................. 165
Important Administrative Tasks for an Enterprise System .......................... 167
Administrative Tasks for All Servers ............................................................................. 167

10 — revision 1

Enterprise Setup & Configuration User Guide

Additional Administrative Tasks for Regional Server Nodes ......................................... 168

Chapter 19: Enterprise Maintenance Procedures .................171
Master Server Node Maintenance .............................................................. 171
Daily .............................................................................................................................. 171
Monthly .......................................................................................................................... 171

Regional Server Node Maintenance ........................................................... 171
Daily .............................................................................................................................. 171
Monthly .......................................................................................................................... 171

Appendices ......................................................................173
Appendix A: The Application.config File ...............................175
Modifying the Application.config File ........................................................... 175
Application.config File Settings ................................................................... 177
ConnectionString ........................................................................................................... 177
DatabaseType ............................................................................................................... 178
Lnl.LicenseSystem.Client.Host ..................................................................................... 178
Lnl.LicenseSystem.Client.Port ...................................................................................... 178
SRConnectionString ...................................................................................................... 178
SchemaOwner .............................................................................................................. 178
Error Log ....................................................................................................................... 178

Appendix B: Custom Installation of OnGuard ......................181
Performing a Custom Installation ................................................................ 181
First Time and Existing OnGuard Installation ................................................................ 181

Custom Features ......................................................................................... 181
Application Server ......................................................................................................... 181

revision 1 — 11

Table of Contents

Device Discovery Console ............................................................................................ 181
SkyPoint Integration - Advanced Features .................................................................... 181

Appendix C: Configuring the Communication Server .........183
Appendix D: The License Server ............................................185
ACS.INI Settings Related to the License Server ......................................... 185
License Server Procedures ......................................................................... 186
Running the License Server from the Command Line .................................................. 186
Running the License Server in Windows ...................................................................... 186
Determining if the License Server is Running ............................................................... 186

Appendix E: Multi-Region Alarm Monitoring ........................187
Appendix F: Universal Time Conversion Utility ....................191
Universal Time Conversion Utility Enterprise Considerations ..................... 191
Run the Universal Time Conversion Utility .................................................. 192

Index ...............................................................................................195

12 — revision 1

Introduction

Enterprise Setup & Configuration User Guide

Chapter 1:

Overview
OnGuard® Enterprise combines independent multiple-site access control, alarm
monitoring and ID badging into a single, distributed, enterprise-wide, security
management solution. OnGuard Enterprise allows security managers to monitor
multiple corporate sites worldwide simultaneously from a single, centralized
location. This feature is especially critical for large multi-national corporations
that need to be able to access any facility – whether it’s across the world or across
town – at any given time, using a single ID card. Growing corporations require
scalable security systems as they add new facilities worldwide, and OnGuard
Enterprise allows them to monitor new sites from a central location.
The OnGuard Enterprise advanced system design allows mid- to large-sized
multinational organizations to maintain both a central Enterprise database server
and multiple autonomous Regional database servers that operate independently
of the central server. Each Regional Server Node site has its own access control
system. The central server is used for analysis and reporting, and has the ability
to view all sites. The cardholder database is global; cardholder records are shared
among all sites. Cardholders and their badges can be updated anywhere in the
system, and the changes will be distributed to all sites. Information stored on
each Regional Server Node’s database is synchronized with the Enterprise server
on a predetermined basis, offering consistently updated personnel information
and access control field data for optimum security and access control.
Making changes to any forms on an Enterprise system, except for cosmetic
changes, requires a full download to be made using Replicator by all Regional
Server Nodes. Be sure that there are NO transactions from Regional Server
Nodes that need to be replicated to the Master Server Node. These transactions
will be lost after you make a FormsDesigner change! Also, FormsDesigner
changes are contained only on the Master Server Node.
The Replication Administration application provides centralized management
and configuration of Enterprise systems and mobile stations. It is available in
both the Enterprise and standard versions of OnGuard, and the software license
determines whether the database can be configured as an Enterprise system or a
mobile station. On an Enterprise system, it is used to manage the Master Server,
Regional Server Nodes, and mobile stations from one location. On a standard
system, it is used to manage all mobile stations.
An example of an Enterprise application is illustrated on the following page.

revision 1 — 15

Overview

Enterprise Application Example

CORPORATE
HUMAN RESOURCES
DATABASE

MASTER SERVER

AN
W

W
AN

ENTERPRISE REGION #N

ENTERPRISE REGION #1
NODE # 1 DATABASE

NODE # N DATABASE

Field Hardware

Field Hardware

Intelligent System Controller

Enterprise Regional
Server #1

Intelligent System Controller

Alarm Panel & Alarms

Alarm Panel & Alarms

Readers

Readers

Enterprise Regional
Server #2

Alarm Monitoring

System Administration
Alarm Monitoring

Alarm Monitoring

System Administration
Alarm Monitoring

Badging

Mobile Badging

Badging

Mobile Badging

WAN

WAN

REGION # N- 1 DATABASE

Field Hardware

ISC

ISC

Alarm

Alarm

Readers

Readers
Regional Server N-1

System Administration
Alarm Monitoring

Badging

16 — revision 1

REGION # N- 2 DATABASE

Field Hardware

Alarm Monitoring

Mobile Badging

Regional Server N-2

System Administration
Alarm Monitoring

Badging

Alarm Monitoring

Mobile Badging

Enterprise Setup & Configuration User Guide

Enterprise System Benefits
The OnGuard Enterprise Solution offers numerous benefits to large organizations
with multiple secured facilities, including:
•

Central Database for Monitoring, Reporting and Investigation.
Synchronization of data between central and node servers allows for crucial
monitoring, reporting, investigative inquiries, and up-to-date information.

•

Unlimited Expansion and Scalability. Each Regional Server Node can
configure an unlimited number of client workstations and card readers.
Additionally, the central server is capable of connecting an unlimited
number of Regional Server Nodes. These Regional Server Nodes are also
capable of connecting an unlimited number of multi-level Regional Server
Nodes.

•

Central Command with Local Autonomous Control. Regional Server
Nodes operate independently, yet synchronize with the central server
regularly to maintain a constantly up-to-date database of worldwide
information.

•

Interface to Third Party Human Resource Systems. Using the
DataExchange features in the FormsDesigner application, cardholder data
can be imported into the central server, modified, and distributed to all
Regional Server Nodes.

•

List Builder Entries. Entries in List Builder are capable of being modified
on a specific Regional Server Node. Using buildings and departments as an
example, two Regional Server Nodes representing California and New York
sites would be capable of setting up their own respective buildings and
departments at those particular Nodes.

•

Real-Time Viewing and Alarm Monitoring. OnGuard now provides
Multi-Region or Enterprise-Wide Alarm Monitoring capabilities. Each client
workstation can connect and log into any Regional Server Node, and with
proper permission, can view cardholder information, execute reports, and
monitor alarms in real-time. Within a single instance of Alarm Monitoring,
full hardware control and event monitoring is available.

Open Architecture Technology
Lenel’s open architecture technology, which uses SQL Server technologies, is
compliant with worldwide industry standards for PCs, readers and ODBC
databases. The underlying database architecture and software design inherent to
the OnGuard system, which is required to implement the Enterprise Solution,
combines Lenel’s engineering expertise and understanding of how to effectively
integrate software, networking and database architecture.

Core Technology Features
•

BackOffice Compliant. Compatible with current and future PC, database,
and networking technologies.

revision 1 — 17

Overview

•

Visual C++ Coded. Advanced software manages multi-server capabilities.

•

Distributed Open-Architecture. Enables integration with any existing or
legacy system.

•

ODBC-Compliant. Integrates with all standard database applications and
allows for advanced reporting and investigative functions.

•

Simplified Graphical User Interface (GUI). Requires little training on the
part of systems administrators and IT managers.

Terms to Know

18 — revision 1

•

Replication Administration. An application that provides centralized
management and configuration of Enterprise systems and mobile stations. It
is available in both the Enterprise and standard versions of OnGuard, and the
software license determines whether the database can be configured as an
Enterprise system or a mobile station. On an Enterprise system, it is used to
manage the Master Server Node, Regional Server Nodes, and mobile
stations from one location. On a standard system, it is used to manage all
mobile stations.

•

Enterprise Master Server Node. A central repository for cardholder,
visitor, asset, and hardware information. Updates to cardholder, visitor,
asset, and hardware made at a Regional Server Node(s) are replicated to the
Master Server Node using the Replicator application. The Master Server
Node may be perceived as the “parent” to all of the nodes, and is now
capable of having hardware attached to it. The Master Server Node must
have an SQL Server or Oracle database.

•

Enterprise Regional Server Node. An “independent” OnGuard Access
Control server that is configured with an Enterprise Master or Regional
Server Node for the purpose of replicating data to the above Node (or
Master) and sharing cardholder updates. There is no limit to the amount or
levels of nodes that may be configured to and above or beneath one another.
A Regional Server Node may be perceived as either a “parent” or “child” of
any other Node, including the Master. The node must have an SQL Server or
Oracle database.

•

Distributed ID Master. A server that allows Distributed ID/Mobile
Badging clients to attach and exchange cardholder updates. This type of
server is NOT used in an Enterprise configuration; it is described here for
completeness.

•

Distributed ID Station or Mobile Badging Station. A(n) OnGuard system
with its own database whose only purpose is to capture and update
cardholder information. It is configured with a Distributed ID Master Server
which coordinates all Distributed ID activity. “Mobile Badging Station”
typically refers to a laptop computer configured with OnGuard and SQL
Server Express database software, and used with a digital camera to

Enterprise Setup & Configuration User Guide

remotely capture cardholder photos and information and upload them to the
Master Server Node. It can be a SQL Server Express or SQL Server
database. It doesn’t even have to be a server, it can be a Windows
workstation.

About this User Guide
This user guide includes information on how to set up an Enterprise system,
including logging in for the first time and creating the Enterprise databases for
the Master, Regional Server Nodes, and Mobiles. For information on the
Replication Administration application, refer to the Replication Administration
User Guide.
We strongly advise you to read through the entire user guide before proceeding,
in order to understand how the system components and processes interact with
one another.

Warning

DO NOT RESTORE any Master, Regional Server, or Distributed ID database! This will
likely corrupt the entire multiple server Enterprise due to the interaction between each
database. DO NOT RESTORE any database without first contacting Lenel.

Other Referenced User Guides
This user guide covers installing, configuring, and maintaining your Enterprise
system. In addition to this user guide, you should also consult the following user
guides:
•

Replication Administration User Guide. The Replication Administration
User Guide covers all aspects of the Replication Administration application,
which is used to monitor and administrate Enterprise systems.

•

Replicator User Guide. The Replicator User Guide describes the Replicator
application, which is used to upload and download information between the
various servers in your system.

revision 1 — 19

Overview

20 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 2:

Before Installing an Enterprise Master
or Regional Server Node

Perform the Common Pre-installation Steps
Before continuing with your Enterprise installation, you should have already:
•

Installed Windows on your server and performed all required networking
and configuration. The server should be configured on the network with the
computer name, Network Domain or Workgroup, and user account(s) you
will need to run the server in its operating environment.

•

Installed Microsoft SQL Server or Oracle.

Standards and Conventions
Overview
With multi-level Enterprise implementation, the system can grow rapidly to
include multiple geographically-located sites. The ability to determine object
locations based on well-planned standards and naming conventions is an
important consideration in regard to customer satisfaction and ease of use. As
such, a Standards & Conventions Team should be appointed to manage the
creation and enforcement of a Naming Convention as well as hardware and
software installation standards.
Establishing standards and conventions will allow the Enterprise System to
function smoothly and logically, and make future growth painless. When
working with multiple integrators and across international boundaries, it is vital
that Standards and Conventions are well-documented and rigorously enforced.

Considerations/Recommendations
Minimum recommendations should include at least a 2-3 character Master/
Regional Server Node prefix, followed by a 2-3 character segment prefix, and
then followed by a descriptive name for the object. Other options can include
detailed object names for each individual OnGuard object, i.e. ISC, readers,
alarm input, alarm output, access level, etc. This topic is covered in depth in the
Professional Engineering Service’s “Enterprise Planning Session” and Lenel
strongly recommends the full implementation of established guidelines.

revision 1 — 21

%HIRUH,QVWDOOLQJDQ(QWHUSULVH0DVWHURU5HJLRQDO6HUYHU1RGH

Database Planning
It is important to be able to determine the storage space for both the Master and
Regional Server databases so that the correct server hardware can be purchased.

Master Database Planning
The Master database starts out as a standard database on the Master Server Node,
which is then converted to an Enterprise database. It stores the transactions that
are replicated from the Regional Server Nodes. The Master Server Node must be
large enough to store the transactions for all Regional Server Nodes. Therefore,
the size of the Master Server Node depends on the number of Regional Server
Nodes and the amount of transactions that will occur on each server.

Regional Server Node Database Planning
Just as a Master database does, a Regional Server Node database also starts out as
a standard database, which is then converted to an Enterprise database. A
Regional Server Node database stores transactions that will be replicated
(copied) to the Master database. Like the Master Database, the size of the
Regional Server Node Database depends on the number of children servers and
the amount of transactions that will occur on each of its children servers.
Transactions include hardware-generated events and user transactions. Each
transaction is approximately 300 bytes.

Overview of ODBC DSN Connections
Before you install a Master or Regional Server Node, it is good to be familiar
with how ODBC DSN connections function on an Enterprise system. An ODBC
DSN will need to exist to access the database on the Master Server Node and on
all the Regional Server Nodes. An ODBC DSN is created during the OnGuard
software installation. The ODBC is used by Replication Administration to
configure the database as an Enterprise database.
An ODBC DSN will need to be created from each Regional Server Node to the
Master Server Node. These ODBC DSNs are created when a database is
configured as a Regional Server Node. Use the “Create New ODBC Data
Source” option when configuring the Regional Server Node or Distributed ID
Mobile Station.
If using Windows 7, Windows Server 2008, or Windows Vista with UAC turned
on, when you create ODBC data sources you will be prompted to allow or deny
the command. If you are running the application with a Windows account that
does not have administrator permissions you will be prompted for administrator
credentials.

22 — revision 1

Enterprise Setup & Configuration User Guide

The following is a diagram of how ODBC DSNs work on a(n) OnGuard
Enterprise system:

ODBC DSN Connections on an Enterprise System
Master

Enterprise Master

Enterprise Region
Distributed ID Master

Regional
Server 1

Distributed ID Mobile

Regional
Server 2

Mobile 1

Regional
Server 3

Mobile 2

ODBC DSNs will automatically be created from every workstation running
Replication Administration to each server viewed in Replication Administration.
The following diagram illustrates this:

Replication Administration and ODBC
DSN Connections on an Enterprise
System
Enterprise Master

Enterprise Region
Distributed ID Master

Distributed ID Mobile

Regional
Server 1

Mobile 1

Master

Replication
Administration

Regional
Server 2

Regional
Server 3

Mobile 2

Typically Replication Administration is connected to the Enterprise Master
Server Node, and all Regional Server Nodes are also shown. You can also
connect directly to Regional Server Nodes, where Distributed ID Mobile Stations
will be shown. Why would you do this? There are a number of reasons,
including:
•

To change a schedule that is specific to a Regional Server Node

revision 1 — 23

%HIRUH,QVWDOOLQJDQ(QWHUSULVH0DVWHURU5HJLRQDO6HUYHU1RGH

24 — revision 1

•

To log into a mobile unit because you have to actually see the transactions

•

To do something simple and specific to a Regional Server Node, such as
view transactions or modify a transaction

•

If you don’t have access to the Master

Enterprise Setup & Configuration User Guide

Chapter 3:

Server Configuration Overview
This chapter outlines the process for setting up Enterprise systems and
Distributed ID Management systems.

Enterprise System Setup Overview
An Enterprise system consists of a Master Server Node and one or more
Regional Server Nodes.

Enterprise Master Server Node System Setup
On the Enterprise Master Server Node computer:
1.

Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.

2.

Install and Configure the Database Software.

3.

•

SQL Server 2008 users: For more information, refer to Chapter 4:
Microsoft SQL Server 2008 on page 31.

•

Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.

Install the OnGuard 2010 Enterprise software.
a.

Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
For detailed installation instructions, refer to Chapter 9: Installing
OnGuard 2010 Enterprise on page 83. After OnGuard 2010 Enterprise
has been installed, the Enterprise Master Server Node features can be
enabled.

4.

b.

Attach the hardware key on the OnGuard License Server computer. For
more information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.

c.

Install the software license for this computer. For more information,
refer to the Installation Guide.

d.

Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.

Configure the server to be a(n) OnGuard Enterprise Master. For more
information, refer to Configure the Master Server Node Database on
page 124.

revision 1 — 25

Server Configuration Overview

Regional Server Node System Setup
On each Regional Server Node computer:
1.

Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.

2.

Install and Configure the Database Software.

3.

•

SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.

•

Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.

Install the OnGuard 2010 Enterprise software.
a.

Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
For detailed installation instructions, refer to Chapter 9: Installing
OnGuard 2010 Enterprise on page 83. After OnGuard 2010 Enterprise
has been installed, the Regional Server Node features can be enabled.

b.

Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.

c.

Install the software license for this computer. For more information,
refer to the Installation Guide.

d.

Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.

4.

Configure the server to be a(n) OnGuard Regional Server Node. For more
information, refer to Configure the Regional Server Node Database on
page 128.

5.

Download all cardholders to the new Regional Server Node. For more
information, refer to Download All Cardholders to the New Regional Server
Node on page 133.

6.

Optional: Schedule Replicator to run automatically.

Distributed ID Management System Setup Overview
A Distributed ID Management system consists of a Distributed ID Master Server,
and one or more Distributed ID/Mobile Stations.

26 — revision 1

Enterprise Setup & Configuration User Guide

Distributed ID Master Server Setup
On the Distributed ID Master Server:
1.

Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.

2.

Configure the computer for TCP/IP.

3.

Install and Configure the Database Software.

4.

•

SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.

•

Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.

Install the OnGuard 2010 Enterprise software.
a.

Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
For detailed installation instructions, refer to Chapter 9: Installing
OnGuard 2010 Enterprise on page 83. After OnGuard 2010 Enterprise
has been installed, the Distributed ID Master Server features can be
enabled.

b.

Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.

c.

Install the software license for this computer. For more information,
refer to the Installation Guide.

d.

Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.

5.

Configure the server to be a Distributed ID Master Server. For more
information, refer to Configure a Distributed ID Master Server on page 140.

6.

Using the System Administration software, define your access control
system hardware and monitoring environment. (For more information, refer
to the System Administration and Alarm Monitoring User Guides.)

revision 1 — 27

Server Configuration Overview

Distributed ID/Mobile Station Setup
On each Distributed ID/Mobile Station:
1.

Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.

2.

Configure the computer for TCP/IP.

3.

Install and Configure the Database Software.

4.

•

SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.

•

Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.

Install the OnGuard 2010 Enterprise software.
a.

Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
For detailed installation instructions, refer to Chapter 9: Installing
OnGuard 2010 Enterprise on page 83. After OnGuard 2010 Enterprise
has been installed, the Distributed ID Mobile client features can be
enabled.

28 — revision 1

b.

Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.

c.

Install the software license for this computer. For more information,
refer to the Installation Guide.

d.

Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.

5.

Configure the server to be a Distributed ID Mobile client.

6.

Using the System Administration software, define your access control
system hardware and monitoring environment. (For more information, refer
to the System Administration and Alarm Monitoring User Guides.)

Database
Management
Systems

Enterprise Setup & Configuration User Guide

Chapter 4:

Microsoft SQL Server 2008
OnGuard 2010 supports Microsoft SQL Server 2008. There are several editions
of SQL Server 2008; refer to the release notes for specific support information.
SQL Server 2008 Express Edition can be installed automatically during the
OnGuard installation or upgrade process. During the OnGuard installation or
upgrade process an option is presented asking if you would like to install SQL
Server 2008 Express Edition.

Important:

If you have SQL Server 2005 Express installed on your system, the database
software will not be automatically upgraded during the OnGuard upgrade. If
you want to upgrade your database software, instructions for upgrading from
SQL Server 2005 Express to SQL Server 2008 Express are provided in this
chapter.

Note:

When installing SQL Server 2008 on a computer running Windows Vista
you may receive warning messages if specific IIS components are disabled
which many of them are by default. For information on how to enable these
components refer to http://support.microsoft.com/kb/920201.

The following sections will show you how to install and upgrade SQL Server.
• SQL Server 2008 Express Edition on page 32.
– Installing SQL Server Management Tools on page 33
• SQL Server 2008 Standard Edition on page 34.

Prerequisites
The following prerequisites are required prior to installing SQL Server 2008. If
SQL Server 2008 Express is installed by the OnGuard installation, .NET
Framework and Windows Installer will be installed automatically.
• Microsoft .NET Framework 3.5 SP1
• Microsoft Windows Installer 4.5 or later
• Microsoft Windows PowerShell 1.0

Note:

Windows PowerShell can be downloaded from the Microsoft Web site: http:/
/www.microsoft.com/windowsserver2003/technologies/management/
powershell/download.mspx.

revision 1 — 31

Microsoft SQL Server 200

SQL Server 2008 Express Edition
Important:

SQL Server 2008 Express Edition can be installed or upgraded from MSDE
automatically during the OnGuard installation process. Manual instructions
are provided for upgrading from SQL Server 2005 Express in the following
section.

Important:

When installing on Windows Vista, you may be presented with a user
account control dialog box asking you to click continue to proceed with the
installation. You must click continue to proceed with the installation.

Upgrading to SQL Server 2008 Express Edition
This section describes the upgrade of SQL Server 2005 Express to SQL Server
2008 Express Edition. Other versions may have different steps.
Important:

Before upgrading SQL Server, be sure to back up your database!

When performing an upgrade, there should be nothing connected, that is, no
clients logged on. There can be no software connections to the database when the
upgrade is performed, so all OnGuard LS and LPS services including the LS

32 — revision 1

Enterprise Setup & Configuration User Guide

Communication Server must be stopped. To perform the upgrade you must have
the latest service pack approved for use with OnGuard applied.
1.

On the OnGuard disc, navigate to the Temp\SQLExpress directory and run:
•

SQLEXPR_x86_ENU.exe for 32-bit systems or

•

SQLEXPR_x64_ENU.exe for 64-bit systems.

2.

The SQL Server Installation Center is displayed. Click Installation from the
left pane, then click Upgrade from SQL Server 2000 or SQL Server 2005.

3.

The Setup Support Rules window will identify potential problems that might
occur during installation. You must correct any failures before setup can
continue. If no problems are identified, click [OK].

4.

In the Product Key window, click [Next].

5.

In the License Terms window:
a.

If you agree with the license terms, select I accept the license terms.

b.

Click [Next].

6.

In the Setup Support Files window, click [Install].

7.

After the setup files have been installed, the Setup Support Rules will run
again to identify potential issues. You must resolve any failures before setup
can continue. Once the check has completed successfully, click [Next].

8.

In the Select Instance window, select the existing SQL Server installation
from the drop-down and click [Next].

9.

In the Select Features window, click [Next].

10. In the Instance Configuration window, click [Next].
11. Review the Disk Space Requirements information and click [Next] if you
have sufficient space.
12. In the Error and Usage Report Settings window, deselect both options. Click
[Next].
13. The Upgrade Rules window will determine if there are any barriers to the
installation process. If there are no failures, click [Next].
14. In the Ready to Upgrade window, click [Upgrade] to begin the installation.
15. Once the setup process is complete, you will be notified that you need to
restart your computer to complete the process. Click [OK] to close the
message, then click [Next].
16. In the Complete window, click [Close] to exit.
17. You will receive another message to remind you to restart your computer.
Your computer will not automatically be restarted; you must manually restart
your computer to complete the upgrade process.

Installing SQL Server Management Tools
SQL Server Management Studio is required if the server intends to use Database
Authentication or Windows single sign-on. The SQL Server Management Studio
software and instructions for installation are available on the Supplemental
Materials disc.

revision 1 — 33

Microsoft SQL Server 200

SQL Server 2008 Standard Edition
The instructions that follow are for the Standard edition. The installation and
upgrade steps for SQL Server 2008 are very similar. Special considerations for
upgrades are noted in the appropriate steps. When performing an upgrade, there
should be nothing connected, that is: no clients logged on. There can be no
software connections to the database when the upgrade is performed, so all
OnGuard LS and LPS services including the LS Communication Server must be
stopped.
Before upgrading SQL Server, be sure to back up your database!

Installation Steps
To perform the installation, complete the following steps:
1.

Installing SQL Server 2008 on page 34.

2.

Configuring SQL Server 2008 on page 37.
a.

Create the Database on page 37.

b.

Create a Login on page 37.

c.

Run New Query on page 38.

d.

Set Memory Usage on page 38

Upgrade Steps
• Installing SQL Server 2008 on page 34.

• Set Memory Usage on page 38.

Installing SQL Server 2008
Note:

SQL Server 2008 setup requires Microsoft .NET Framework 3.5 SP1 and
Windows Installer 4.5. If you do not have these prerequisites prior to
installing SQL Server 2008, the setup will prompt you before installing
them.

1.

34 — revision 1

Insert the SQL Server 2008 disc.
•

If autorun is enabled, the SQL Server Installation Center is
automatically opened.

•

If the SQL Server Installation Center does not automatically appear,
click the Windows Start button, then select Run. In the Run window,

Enterprise Setup & Configuration User Guide

browse for setup.exe on the disc drive. Alternatively, you can run
setup.exe from Windows Explorer.
2.

The SQL Server Installation Center is displayed. Click Installation from the
left pane, then:
•

For new installations, click New SQL Server stand-alone installation
or add features to an existing installation.

•

For upgrades, click Upgrade from SQL Server 2000 or SQL Server
2005.

3.

The Setup Support Rules window is displayed. You must correct any failures
before setup can continue. If no problems are identified, click [OK].

4.

The Product Key window is displayed. Enter your product key and click
[Next].

5.

In the License Terms window:

6.

a.

If you agree with the license terms, select I accept the license terms.

b.

Click [Next].

The Setup Support Files step will install any of the listed components that
are missing from your system.
a.

Click [Install].

b.

Once the prerequisite installation is complete, click [Next].

7.

Upgrade only: In the Select Instance window, select the Instance to
upgrade from the drop-down and click [Next].

8.

In the Feature Selection window:
a.

Under Instance Features, select Database Engine Services, SQL
Server Replication, and Full-Text Search.

b.

Under Shared Features, select Management Tools - Basic and
Management Tools - Complete.

revision 1 — 35

Microsoft SQL Server 200

Note:

For upgrades these features may already be selected and it may not be
possible to change the selections.

c.
9.

Click [Next].

In the Instance Configuration window:
•

For new installations, select Default instance and click [Next].

•

For upgrades, the Named instance should already be selected. Click
[Next].

10. Review the Disk Space Requirements information and click [Next] if you
have sufficient space.
11. The Server Configuration window is displayed.
•

For new installations, select “NT AUTHORITY\SYSTEM” from the
Account Name column drop-down for SQL Server Agent and SQL
Server Database Engine. Click [Next].

•

For upgrades, click [Next].

12. Upgrade only: In the Full-text Upgrade window, click [Next].
13. Installation only: In the Database Engine Configuration window:
a.

Select the Mixed Mode radio button.

b.

Enter and confirm a password for the SQL Server system administrator
account.

c.

Click [Add].

d.

In the Select Users or Groups window, click [Advanced].

e.

Change the From this location field to the local machine by clicking
[Locations] and selecting the local machine from the list.

f.

Click [Find Now], then select Administrators from the Search results
listing window.

g.

Click [OK], then click [OK] again to close the Select Users or Groups
window.

h.

The BUILTIN\Administrators group should now appear in the Specify
SQL Server administrators listing window. Click [Next].

14. In the Error and Usage Report Settings window, deselect both options. Click
[Next].
15. The Installation Rules or Upgrade Rules window will determine if there are
any barriers to the installation process. If there are no failures, click [Next].
16. In the Ready to Install or Ready to Upgrade window, click [Install] or
[Upgrade] to begin the installation.
17. After all installation progress has completed, click [Next].
18. In the Complete window, click [Close].
19. Reboot the computer, even if you are not prompted to do so. This completes
the installation of SQL Server 2008. You can now go on to configure SQL
Server 2008.

36 — revision 1

Enterprise Setup & Configuration User Guide

Configuring SQL Server 2008
Create the Database
1.

Click the Windows Start button, then select All Programs > Microsoft SQL
Server 2008 > SQL Server Management Studio to start the SQL Server
Management Studio.

2.

Select your method of authentication, provide credentials if required, and
click [Connect].

3.

In the Object Explorer pane, expand the Databases folder. Right-click the
Databases folder and select New Database.

4.

The New Database window is displayed. On the General page:

5.

a.

In the Database name field, type ACCESSCONTROL (this is caseinsensitive).

b.

Set the Initial Size (MB) of the Data file to 50.

c.

Set the Initial Size (MB) of the Log file to 10.

d.

Scroll to the right in the Database files listing window and click the
browse button in the Autogrowth column of the log file row.

e.

Select the Restricted File Growth (MB) radio button and set a
maximum log file size. The recommended maximum log file size is
2048.

f.

Click [OK].

Select the Options page from the Select a page pane.
a.

Change the Recovery model drop-down to “Simple”.

b.

Change the Compatibility level drop-down to “SQL Server 2005 (90)”.

c.

In the Other options list view, set the Auto Shrink, Auto Update
Statistics, Auto Create Statistics, and Recursive Triggers Enabled
drop-downs to “True”.

d.

Click [OK].

Create a Login
1.

In the Object Explorer pane of the SQL Server Management Studio, expand
the Security folder.

2.

Right-click the Logins folder and select New Login.

3.

In the General page of the Login window:
a.

In the Login name field, type LENEL.

b.

Select the SQL Server authentication radio button.
•

For Password, type MULTIMEDIA.

•

For Confirm password, type MULTIMEDIA.

revision 1 — 37

Microsoft SQL Server 200

Note:

The SQL Server password is case-sensitive.

c.

Note:

Deselect the Enforce password policy, Enforce password expiration,
and User must change password at next login check boxes.

If you choose to select the Enforce password expiration check box, you
will be required by SQL Server to select a new login password at regular
intervals. When the login password is changed by SQL Server, it must also
be updated with the Lenel Login Driver. Failure to update the Login driver
will cause OnGuard not to function properly.

4.

Select Server Roles from the Select a page pane.
a.

We recommend that you select (check):
•
•

5.

Select User Mapping from the Select a page pane.
a.

Select the following databases from the Users mapped to this login list:
•
•

b.
6.

dbcreator
serveradmin

master
tempdb

Click [OK].

The new login will appear in the Logins folder.

Run New Query
1.

In the Object Explorer pane of the SQL Server Management Studio, rightclick on the OnGuard database and select New Query.

2.

A query tab is displayed.

3.

a.

In the text window, type sp_changedbowner lenel

b.

Press <F5> to execute the command.

c.

The message “Command(s) completed successfully” is displayed in the
Messages tab.

Click the close (“X”) button to close the query tab, then click [No] when
prompted if you want to save the changes.

Set Memory Usage

38 — revision 1

1.

In the Object Explorer pane of the SQL Server Management Studio, rightclick on the database engine <ServerName> and select Properties.

2.

Select the Memory option on the Select a page pane.

3.

Set the Maximum server memory (in MB) option to be roughly one half of
your system’s actual memory. This will make sure that the database does not

Enterprise Setup & Configuration User Guide

use your entire system’s memory, which would needlessly slow down your
system.
4.

Click [OK].

Truncate the Log File
Note:

This procedure requires that the Recovery Model is set to “Simple” in the
Database Properties > Options page.

1.

In the Object Explorer pane of the SQL Server Management Studio, rightclick the OnGuard database, then select Tasks > Shrink > Files.

2.

The Shrink File window is displayed.
a.

In the File type drop-down, select “Log”.

b.

Select the Release unused space radio button.

c.

Click [OK].

revision 1 — 39

Microsoft SQL Server 200

40 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 5:

Installing & Configuring Oracle 10g
Server Software
The following overview and instructions are for a standard Oracle 10g 10.2.0.1.0
Server installation. If your Oracle installation includes any customization or nondefault selections, your procedures will differ from those provided in this chapter.
Please make adjustments accordingly. If you are installing a different version of
Oracle or are installing Oracle on a different version of Windows, your windows
may be different.

Note:

As a general warning, when installing and configuring Oracle 10g do not
close any Oracle windows while a program is running. Doing so can result in
configuration errors and loss of data. Instead, utilize the Oracle close or
cancel buttons.

Note:

Oracle client must be installed on any machine running OnGuard. Oracle
client installs tools which are necessary for OnGuard to connect to the
database. This means if your Oracle server and OnGuard server are located
on the same machine, Oracle client must also be installed.

Important:

If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.

revision 1 — 41

Installing & Configuring Oracle 10g Server Software

Oracle 10g Server Software Configuration Overview
The following steps are necessary to install and configure Oracle Server for use
with OnGuard:
1.

Note:

42 — revision 1

Install Oracle 10g (For more information, refer to Step 1: Install Oracle 10g
Server Software on page 44.)
Key points:
a.

Install Oracle 10g Server from the Oracle 10g Server disc.

b.

Use the default Oracle Home location.

c.

Allow Oracle to make the path modifications in the registry.

d.

Select the “Enterprise Edition” installation type.

e.

Do not create a starter database during the installation.

2.

Install the latest approved patch sets. Refer to the Lenel Web site for more
information.

3.

Create the Lenel database. (For more information, refer to Step 3: Create the
Lenel Database on page 45.)
•

In Oracle Database Configuration Assistant select “Create a database.”

•

Select the “Custom Database” template.

•

Specify the Global Database Name.

•

Deselect all database components including the standard database
configuration features.

If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
•

Choose Dedicated Server Mode for the connection mode.

•

Rename the database storage files and expand their sizes to match the
table below.

Enterprise Setup & Configuration User Guide

Notes:

To change the database size, double-click the size field, enter the number of
M Bytes, and click [OK].
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 7: Create the Lenel User on page 58.)

Old Tablespace names

New Tablespace
names

Size (MB)

USERS

LENEL_DATA

50

TEMP

LENEL_TEMP

50

SYSTEM

SYSTEM

50

UNDOTBS1

UNDOTBS1

50

4.

Note:

Run the Net Configuration Assistant. (For more information, refer to Step 4:
Run the Net Configuration Assistant on page 51.) Type LENEL as the New
Service Name.
The Service Name is not case-sensitive.

5.

Verify that the system works. (For more information, refer to Step 5: Verify
the System is Working on page 56.)

6.

Install OnGuard 2010 Enterprise. (For more information, refer to Step 6:
Install OnGuard 2010 Enterprise on page 58.) DO NOT RUN DATABASE
SETUP YET!

7.

Create the Lenel user by running the LenelUser.ora script, located in
C:\Program Files\OnGuard\DBSetup\New. (For more information, refer
to Step 7: Create the Lenel User on page 58.)
a.

Note:

You must be logged in as SYSTEM to run the script.
b.

Note:

Log into SQL Worksheet using the SYSTEM account.

Load the LenelUser.ora script into SQL Worksheet and run it.

Remember that if you changed the name of the LENEL_DATA and/or
LENEL_TEMP data spaces, you must change the defDataSpace and

revision 1 — 43

Installing & Configuring Oracle 10g Server Software

defTempSpace variables in the LenelUser.ora script to the appropriate
tablespace names before running the script.

8.

Configure authentication. (For more information, refer to Step 8: Configure
Authentication on page 61.)

9.

Install your OnGuard license.

10. Run Database Setup.

Oracle 10g Server Software Installation and
Configuration
The following installation and configuration steps are for Oracle 10g 10.2.0.1.0.
Steps may vary for other versions of Oracle.

Step 1: Install Oracle 10g Server Software
1.

Insert the Oracle 10g Server disc into your disc drive to launch the Autorun
program. Click [Install/Deinstall Products]. Alternately you may launch the
installation by executing the setup.exe file on the disc.

2.

The Installation Method window is displayed.

3.

4.

5.

6.

7.

44 — revision 1

a.

Choose Advanced Installation.

b.

Click [Next].

The Select Installation Type window is displayed.
a.

Verify the Enterprise Edition radio button is selected.

b.

Click [Next].

The Specify Home Details window is displayed.
a.

Use the default settings or specify a different destination location.

b.

Click [Next].

The Product-Specific Prerequisite Checks window is displayed.
a.

Verify that the requirements are met.

b.

Click [Next].

The Select Configuration Option window is displayed.
a.

Select the Install database Software only radio button.

b.

Click [Next].

The Summary window is displayed.
a.

Review the space requirements to make sure you have enough available
disk space on the drive you will install Oracle on.

b.

Click [Install].

Enterprise Setup & Configuration User Guide

Note:

The installation process may take several minutes or more depending on
your system resources.

8.

The End of Installation window is displayed. Click [Exit].

9.

A message box is displayed. Click [Yes] to exit.

10. If you intend to install the OnGuard server on the same machine as the
Oracle server it is necessary to install Oracle Client software at this time.
Once the client software installation is complete, return to these instructions
to continue configuring Oracle. For more information, refer to Configuring
Oracle 10g Client Software on page 63.

Step 2: Install the Latest Approved Patch Sets
Install the latest approved patch sets. The list of approved patch sets can be found
on the Lenel Web site at: http://www.lenel.com/support/downloads/
onguard#compatibility-charts.

Step 3: Create the Lenel Database
Use this procedure only after you install Oracle10g.
1.

Click the Windows Start button, then select Programs > Oracle OraDB10g_home1 > Configuration and Migration Tools > Database
Configuration Assistant. This launches the Oracle Database Configuration
Assistant.

2.

The Welcome window is displayed. Click [Next].

3.

The Operations window is displayed.
a.

Verify the Create a database radio button is selected.

b.

Click [Next].

revision 1 — 45

Installing & Configuring Oracle 10g Server Software

Note:

The Change database configuration and Delete a database options are
enabled only if you have an existing database.

4.

Note:

The Database Templates window is displayed.
a.

Select the Custom Database radio button.

b.

Click [Next].

Selecting a template that does not include datafiles gives you full control to
specify and change every database parameter.

5.

Specify a Global Database Name.
a.

Note:

The Global Database Name is not case-sensitive.

b.

46 — revision 1

Type LENEL in the Global Database Name field.

Click [Next].

Enterprise Setup & Configuration User Guide

Note:

The Oracle System Identifier (SID) automatically populates.

6.

The Oracle Database Assistant continues. Select the management options
that best suit your needs. Click [Next].

7.

Next choose the passwords you would like to use for the different accounts.
Click [Next].

8.

Next choose the storage options that best suit your needs. Click [Next].

9.

Next choose the database file location. Click [Next].

10. Choose a recovery option. Click [Next].
11. The Database Content window is displayed.
a.

Deselect all database components.

b.

Click [Standard Database Components...]

c.

Deselect each component and click [OK].

revision 1 — 47

Installing & Configuring Oracle 10g Server Software

Note:

If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
d.

Click [Next].

12. The Initialization Parameters window is displayed.
a.

Choose memory allocation settings that best suit your needs.

b.

Select the Connection Mode tab.

c.

Select the Dedicated Server Mode radio button.

d.

Click [Next].

13. The Database Storage window is displayed.
a.

Expand the tablespace tree.

b.

Highlight any tablespace name.

14. Rename the tablespaces and specify a reasonable size for holding the
OnGuard information.
a.

Enter the new tablespace name in the Name field.

b. Double-click the Size field.
The following table suggests appropriate tablespace names and minimum
sizes.

48 — revision 1

Old Tablespace
names

New
Tablespace
names

New size (MB)

USERS

LENEL_DATA

50

TEMP

LENEL_TEMP

50

SYSTEM

SYSTEM

50

UNDOTBS1

UNDOTBS1

50

Enterprise Setup & Configuration User Guide

Note:

You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 7: Create the Lenel User on page 58.)
15. When you double-click the Size field, the Edit Datafile window is displayed.
To continue changing the tablespace size:
a.

Enter the new size.

b.

Click [OK].

16. After Database Storage configuration is complete, click [Next].
17. The Creation Options window is displayed.
a.

Verify the Create Database check box is selected.

b.

Click [Finish].

18. The Confirmation window is displayed. Click [OK].

revision 1 — 49

Installing & Configuring Oracle 10g Server Software

19. The Database Configuration Assistant window is displayed.

50 — revision 1

a.

Click [Password Management] to manage your passwords.

b.

Click [Exit], and the database will be created.

Enterprise Setup & Configuration User Guide

Step 4: Run the Net Configuration Assistant
1.

Click the Start button, then select Programs > Oracle OraDB10g_home1> Configuration and Migration Tools > Net
Configuration Assistant. This launches the Net Configuration Assistant.

2.

The Net Configuration Assistant Welcome window is displayed.

3.

4.

a.

Verify the Listener configuration radio button is selected.

b.

Click [Next].

Add an Oracle Net listener.
a.

Select the Add radio button.

b.

Click [Next].

The Listener Name window is displayed.
a.

Verify the Listener name is “LISTENER.”

b.

Click [Next].

revision 1 — 51

Installing & Configuring Oracle 10g Server Software

5.

6.

7.

The Select Protocols window is displayed.
a.

Verify TCP is a selected protocol.

b.

Click [Next].

The TCP/IP Protocol window is displayed.
a.

Select the Use the standard port number of 1521 radio option.

b.

Click [Next].

The More Listeners window is displayed.
a.

52 — revision 1

Verify the No radio button is selected.

Enterprise Setup & Configuration User Guide

b.

Click [Next].

8.

Listener configuration is complete, click [Next].

9.

The Net Configuration Assistant Welcome window is displayed.
a.

Select the Naming Methods configuration radio button.

b.

Click [Next].

10. The Select Naming Methods window is displayed.
a.

In the Available Naming Methods drop-down list select “Easy Connect
Naming.”

b.

Click the right arrow button

c.

Repeat steps a and b for “Local Naming.”

d.

Click [Next].

.

revision 1 — 53

Installing & Configuring Oracle 10g Server Software

11. The Naming Methods Configuration Done window is displayed. Click
[Next].
12. The Net Configuration Assistant Welcome window is displayed.
a.

Select the Local Net Service Name configuration radio button.

b.

Click [Next].

13. The Net Service Name Configuration window is displayed.

54 — revision 1

a.

Select the Add radio button.

b.

Click [Next].

Enterprise Setup & Configuration User Guide

14. Identify the service name for the database.

Note:

a.

Type LENEL in the Service Name field.

b.

Click [Next].

The Service Name is not case-sensitive.

15. The Select Protocols window is displayed.
a.

Verify TCP is highlighted.

b.

Click [Next].

16. The TCP/IP Protocol window is displayed.

Note:

a.

Enter the host name in the Host name field.

b.

Select the Use the standard port number of 1521 radio button.

c.

Click [Next].

The host name is not case-sensitive.

revision 1 — 55

Installing & Configuring Oracle 10g Server Software

Step 5: Verify the System is Working
1.

56 — revision 1

The Test window is displayed.
a.

Select the Yes, perform a test radio button.

b.

Click [Next].

Enterprise Setup & Configuration User Guide

Note:

It is strongly suggested to perform a connection test.

2.

Click [Change Login].

3.

The Change Login window is displayed.
a.

Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 47.)

b.

Click [OK].

4.

After successfully testing the service click [Next].

5.

The Net Service Name window is displayed.
a.

Verify the Net Service Name is “LENEL.”

b.

Click [Next].

revision 1 — 57

Installing & Configuring Oracle 10g Server Software

6.

The Net Service Name Configuration wizard continues.
a.

Select the No radio button.

b.

Click [Next].

c.

Click [Next].

d.

Click [Finish].

Step 6: Install OnGuard 2010 Enterprise
Install the OnGuard 2010 Enterprise software next. DO NOT RUN DATABASE
SETUP YET!

Step 7: Create the Lenel User
The following instructions are for creating the Lenel user with the SQLPlus
Worksheet. If you do not have SQLPlus Worksheet on the Oracle server, you may

58 — revision 1

Enterprise Setup & Configuration User Guide

perform a custom install of the Oracle Client software and select the Enterprise
Manager 10g Java Console.
1.

Click the Windows Start button, then select Programs > Oracle OraDB10g_home1 > Application Development > SQLPlus Worksheet.

2.

Log in using the system account.

Important:

You must be logged in as SYSTEM to run the script!

a.

Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 50.)

b.

Verify “Normal” is selected for Connect As.

c.

Click [Close].

3.

Verify Oracle connects properly. You should see “Connected” in the display
box, as shown.

4.

Run the script.

revision 1 — 59

Installing & Configuring Oracle 10g Server Software

Note:

Remember that if you changed the name of the LENEL_DATA and/or
LENEL_TEMP data spaces, you must change the defDataSpace and
defTempSpace variables in the LenelUser.ora script to the appropriate
tablespace names before running the script.

Note:

a.

Select the File > Open menu option. The script loads into Oracle
SQLPlus Worksheet.

b.

Navigate to C:\ Program Files\OnGuard\DBSetup\New.

c.

Select LenelUser.ora.

If the file is not displayed, type “*.ora” in the Filename field and click
[Open].

d.

5.

60 — revision 1

Click [Open]. Click the

button to run the script.

Verify there were no errors. You should see the following text:
“User created.”

Enterprise Setup & Configuration User Guide

“Grant succeeded.”
“Commit complete.”

Step 8: Configure Authentication
Oracle requires the configuration of an authentication method for Database Setup
to run successfully. There are two options for authentication:
•

Create a new Oracle user with Windows authentication credentials for single
sign-on.

•

Provide the Lenel user credentials in the application.config file.

For more information, refer to the Database Authentication for the Web
Applications chapter in the Installation Guide.

Step 9: Install Your OnGuard License
You must have a license to run the OnGuard software. The license comes to you
from Lenel and has the extension *.xml, *.lic, or *.lic.xml. Licenses only need to
be installed one per system and are usually installed on the server. For more
information refer to the Installation Guide.

Step 10: Run Database Setup
After you install OnGuard 2010 Enterprise and you create the default Lenel user
you can run Database Setup.
Note:

If Windows single sign-on is used for database authentication, you must be
logged in as the domain user specified during the Oracle user creation.

revision 1 — 61

Installing & Configuring Oracle 10g Server Software

62 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 6:

Configuring Oracle 10g Client
Software

Important:

If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.

Oracle 10g Client Installation and Configuration
Step 1: Install Oracle 10g Client
1.

Insert the Oracle 10g Client disc in your disc drive. This will launch the
Autorun program. Alternately you may launch the installation by executing
the setup.exe file on the disc.

2.

Click [Install/Deinstall Products].

3.

The Welcome window is displayed. Click [Next].

4.

The Select Installation Type window is displayed.

5.

6.

7.
Note:

a.

Select the Administrator radio button.

b.

Click [Next].

The Specify Home Details window is displayed.
a.

Use the default settings or specify a different destination location.

b.

Click [Next].

The Product-Specific Prerequisite Checks window is displayed.
a.

Verify that the requirements are met.

b.

Click [Next].

Review the summary and click [Install].
The installation process may take several minutes or more depending on
your system resources.

8.

After the installation is complete, the Net Configuration Assistant Welcome
window is displayed.

revision 1 — 63

Configuring Oracle 10g Client Software

Note:

If you are installing Oracle Client as part of the Oracle Server installation
instructions, you may click cancel and return to step Step 2: Install the Latest
Approved Patch Sets on page 45.

9.

a.

Verify that Perform typical configuration is NOT selected.

b.

Click [Next].

The Select Naming Methods window is displayed.
a.

Verify that “Local Naming” is listed under Selected Naming Methods.

b.

Select “Easy Connect Naming” from the Available Naming Methods
list and click [>].

c.

Click [Next].

10. In the Service Name window, enter the global database name and click
[Next].

64 — revision 1

Enterprise Setup & Configuration User Guide

11. In the Select Protocols window, verify that TCP is highlighted and click
[Next].
12. In the Host name field, type the name of the computer that Oracle is
installed on, and then click [Next].

13. Select the Yes, perform a test radio button and click [Next].
14. The [Change Login] button window is displayed.
a.

Click [Change Login].

b.

Enter the LENEL user credentials for the Oracle database.

c.

Click [OK].

15. After successfully testing the service, click [Next].
16. Verify the Net Service Name is “LENEL”, and then click [Next].
17. Select the No radio button, and click [Next].
18. Click [Next] through the remaining messages and then click [Finish].
19. The original installation window displays a completed message. Click
[Exit].
20. Install the latest approved Patch Set. The list of approved patch sets can be
found on the Lenel Web site at: http://www.lenel.com/support/downloads/
onguard#compatibility-charts.

revision 1 — 65

Configuring Oracle 10g Client Software

Step 2: Install OnGuard 2010 Enterprise Software
You may now install OnGuard.

66 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 7:

Installing & Configuring Oracle 11g
Server Software
The following overview and instructions are for a standard Oracle 11g
Server installation. If your Oracle installation includes any customization
or non-default selections, your procedures will differ from those provided
in this chapter. Please make adjustments accordingly. If you are installing
a different version of Oracle or are installing Oracle on a different version
of Windows, your windows may be different.

Note:

As a general warning, when installing and configuring Oracle 11g do not
close any Oracle windows while a program is running. Doing so can result in
configuration errors and loss of data. Instead, utilize the Oracle close or
cancel buttons.

Note:

If the OnGuard server is not located on the same computer as Oracle 11g
Server, then Oracle 11g Client must be installed on the OnGuard server to
allow it to connect to the database. Oracle 11g Client must also be installed
on all OnGuard clients.

Important:

If installing the 64-bit version of Oracle you must also install the 32-bit
version of the client tools or OnGuard will not work properly.

Important:

If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.

Important:

You cannot install Oracle 11g on a server with the IP address set to DHCP.

revision 1 — 67

Installing & Configuring Oracle 1g Server Software

Oracle 11g Server Software Configuration Overview
The following steps are necessary to install and configure Oracle Server
for use with OnGuard:
1.

Note:

68 — revision 1

Install Oracle 11g (For more information, refer to Step 1: Install Oracle 11g
Server Software on page 70.)
Key points:
a.

Install Oracle 11g Server from the Oracle 11g Server disc.

b.

Allow Oracle to make the path modifications in the registry.

c.

Select the Basic Installation method.

d.

Select the “Enterprise Edition” installation type.

e.

Do not create a starter database during the installation.

2.

Install the latest approved patch sets. Refer to the Lenel Web site for more
information.

3.

Create the Lenel database. (For more information, refer to Step 2: Create the
Lenel Database on page 71.)
•

In Oracle Database Configuration Assistant select “Create a database.”

•

Select the “Custom Database” template.

•

Specify the Global Database Name.

•

Deselect all database components including the standard database
configuration features.

If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
•

On the Memory tab, select “Custom” and use the default values for
shared pool, buffer cache, and java pool.

•

Rename the database storage files and expand their sizes to match the
table below.

Enterprise Setup & Configuration User Guide

Notes:

To change the database size, double-click the size field, enter the number of
M Bytes, and click [OK].
You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 6: Create the Lenel User on page 75.)

Old Tablespace names

New Tablespace
names

Size (MB)

USERS

LENEL_DATA

50

TEMP

LENEL_TEMP

50

SYSTEM

SYSTEM

50

UNDOTBS1

UNDOTBS1

50

4.

Note:

Run the Net Configuration Assistant. (For more information, refer to Step 3:
Run the Net Configuration Assistant on page 74.) Type LENEL as the New
Service Name.
The Service Name is not case-sensitive.

5.

Verify that the system works. (For more information, refer to Step 4: Verify
the System is Working on page 75.)

6.

Install OnGuard 2010. (For more information, refer to Step 5: Install
OnGuard 2010 on page 75.) DO NOT RUN DATABASE SETUP YET!

7.

Create the Lenel user by running the LenelUser.ora script, located in
C:\Program Files\OnGuard\DBSetup\New. (For more information, refer
to Step 6: Create the Lenel User on page 75.)
a.

Note:

You must be logged in as SYSTEM to run the script.
b.

Note:

Log into SQL Worksheet using the SYSTEM account.

Load the LenelUser.ora script into SQL Worksheet and run it.

Remember that if you changed the name of the LENEL_DATA and/or
LENEL_TEMP data spaces, you must change the defDataSpace and

revision 1 — 69

Installing & Configuring Oracle 1g Server Software

defTempSpace variables in the LenelUser.ora script to the appropriate
tablespace names before running the script.

8.

Configure authentication. (For more information, refer to Step 7: Configure
Authentication on page 76.)

9.

Install your OnGuard license.

10. Run Database Setup.

Oracle 11g Server Software Installation and
Configuration
The following installation and configuration steps are for Oracle 11g.
Steps may vary for other versions of Oracle.

Step 1: Install Oracle 11g Server Software
1.

Insert the Oracle 11g Server disc into your disc drive to launch the Autorun
program. Click [Install/Deinstall Products]. Alternately you may launch the
installation by executing the setup.exe file on the disc.

2.

The Installation Method window is displayed.

3.

4.

70 — revision 1

a.

Choose Basic Installation.

b.

Review the default Oracle Base and Home locations and modify if
desired.

c.

Select “Enterprise Edition” from the Installation Type drop-down.

d.

Deselect the Create Starter Database check box.

e.

Click [Next].

The Product-Specific Prerequisite Checks window is displayed.
a.

Verify that the requirements are met.

b.

Click [Next].

The Summary window is displayed.
a.

Review the space requirements to make sure you have enough available
disk space on the drive you will install Oracle on.

b.

Click [Install].

Enterprise Setup & Configuration User Guide

Note:

The installation process may take several minutes or more depending on
your system resources.

5.

The End of Installation window is displayed. Click [Exit].

6.

A message box is displayed. Click [Yes] to exit.

7.

Install the latest approved Patch Set. The list of approved patch sets can be
found on the Lenel Web site at: http://www.lenel.com/support/downloads/
onguard#compatibility-charts.

Step 2: Create the Lenel Database
1.

Click the Windows Start button, then select Programs > Oracle OraDB11g_home1 > Configuration and Migration Tools > Database
Configuration Assistant. This launches the Database Configuration
Assistant.

2.

The Welcome window is displayed. Click [Next].

3.

The Operations window is displayed.

Note:

a.

Verify the Create a database radio button is selected.

b.

Click [Next].

The Change database configuration and Delete a database options are
enabled only if you have an existing database.

4.

Note:

The Database Templates window is displayed.
a.

Select the Custom Database radio button.

b.

Click [Next].

Selecting a template that does not include datafiles gives you full control to
specify and change every database parameter.

5.

Specify a Global Database Name.
a.

Note:

Type LENEL in the Global Database Name field.

The Global Database Name is not case-sensitive.

b.

Click [Next].

revision 1 — 71

Installing & Configuring Oracle 1g Server Software

Note:

The Oracle System Identifier (SID) automatically populates.

6.

The Oracle Database Assistant continues. Select the management options
that best suit your needs. Click [Next].

7.

Choose the passwords you would like to use for the different accounts. Click
[Next].

8.

Next choose the storage options that best suit your needs. Click [Next].

9.

Next choose the database file location. Click [Next].

10. Choose a recovery option. Click [Next].
11. The Database Content window is displayed.

Note:

a.

Deselect all database components.

b.

Click [Standard Database Components].

c.

Deselect each component and click [OK].

If your database will be managed locally, you may want to select the
Enterprise Manager Repository component.
d.

Click [Next].

12. The Initialization Parameters window is displayed. Make your choices and
click [Next].
13. The Security Settings window is displayed.
a.

Select the Revert to pre-11g default security settings radio button.

b.

Select the Revert audit settings to pre-11g defaults check box.

c.

Select the Revert password profile settings to pre-11g defaults check
box.

14. Next choose whether to enable automatic maintenance tasks. Click [Next].
15. The Database Storage window is displayed.
a.

Expand the tablespace tree.

b.

Highlight any tablespace name.

16. Rename the tablespaces and specify a reasonable size for holding the
OnGuard information.
a.

Enter the new tablespace name in the Name field.

b. Double-click the Size field.
The following table suggests appropriate tablespace names and minimum
sizes.

72 — revision 1

Old Tablespace
names

New
Tablespace
names

New size (MB)

USERS

LENEL_DATA

50

Enterprise Setup & Configuration User Guide

Note:

Old Tablespace
names

New
Tablespace
names

New size (MB)

TEMP

LENEL_TEMP

50

SYSTEM

SYSTEM

50

UNDOTBS1

UNDOTBS1

50

You can specify other names in the Name field. If you do, you must set the
defDataSpace variable in the LenelUser.ora file to the new Name. (For
more information, refer to Step 6: Create the Lenel User on page 75.)
17. When you double-click the Size field, the Edit Datafile window is displayed.
To continue changing the tablespace size:
a.

Enter the new size.

b.

Click [OK].

18. After Database Storage configuration is complete, click [Next].
19. The Creation Options window is displayed.
a.

Verify the Create Database check box is selected.

b.

Click [Finish].

20. The Confirmation window is displayed. Click [OK].
21. The Database Configuration Assistant window is displayed.
a.

Click [Password Management] to manage your passwords.

b.

Click [Exit], and the database will be created.

revision 1 — 73

Installing & Configuring Oracle 1g Server Software

Step 3: Run the Net Configuration Assistant
1.

Click the Start button, then select Programs > Oracle OraDB11g_home1> Configuration and Migration Tools > Net
Configuration Assistant. This launches the Net Configuration Assistant.

2.

The Net Configuration Assistant Welcome window is displayed.

3.

4.

5.

6.

7.

a.

Verify the Listener configuration radio button is selected.

b.

Click [Next].

Add an Oracle Net listener.
a.

Select the Add radio button.

b.

Click [Next].

The Listener Name window is displayed.
a.

Verify the Listener name is “LISTENER.”

b.

Click [Next].

The Select Protocols window is displayed.
a.

Verify TCP is a selected protocol.

b.

Click [Next].

The TCP/IP Protocol window is displayed.
a.

Select the Use the standard port number of 1521 radio option.

b.

Click [Next].

The More Listeners window is displayed.
a.

Verify the No radio button is selected.

b.

Click [Next].

8.

Listener configuration is complete, click [Next].

9.

The Net Configuration Assistant Welcome window is displayed.
a.

Select the Naming Methods configuration radio button.

b.

Click [Next].

10. The Select Naming Methods window is displayed.
a.

In the Available Naming Methods drop-down list select “Easy Connect
Naming.”

b.

Click the right arrow button.

c.

Repeat steps a and b for “Local Naming.”

d.

Click [Next].

11. The Naming Methods Configuration Done window is displayed. Click
[Finish].

74 — revision 1

Enterprise Setup & Configuration User Guide

Step 4: Verify the System is Working
1.

Click the Start button, then select Programs > Oracle OraDB11g_home1> Configuration and Migration Tools > Net
Configuration Assistant. This launches the Net Configuration Assistant.

2.

The Net Configuration Assistant Welcome window is displayed.

3.

4.

a.

Select the Local Net Service Name configuration radio button.

b.

Click [Next].

The Net Service Name Configuration window is displayed.
a.

Select the Test radio button.

b.

Click [Next].

The Test window is displayed.
a.

Select the local net service name from the drop-down.

b.

Click [Next].

5.

Click [Change Login].

6.

The Change Login window is displayed.
a.

Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 72.)

b.

Click [OK].

7.

After successfully testing the service click [Next].

8.

The Net Service Name window is displayed.

9.

a.

Verify the Net Service Name is “LENEL.”

b.

Click [Next].

The Net Service Name Configuration wizard continues.
a.

Select the No radio button.

b.

Click [Next].

c.

Click [Next].

d.

Click [Finish].

Step 5: Install OnGuard 2010
Install the OnGuard 2010 software next. DO NOT RUN DATABASE
SETUP YET!

Step 6: Create the Lenel User
The following instructions are for creating the Lenel user with the
SQLPlus Worksheet. If you do not have SQLPlus Worksheet on the

revision 1 — 75

Installing & Configuring Oracle 1g Server Software

Oracle server, you may perform a custom install of the Oracle Client
software and select the Enterprise Manager 11g Java Console.
1.

Click the Windows Start button, then select Programs > Oracle OraDB11g_home1 > Application Development > SQLPlus Worksheet.

2.

Log in using the system account.

Important:

You must be logged in as SYSTEM to run the script!

a.

Type the SYSTEM username and password. (This is the same username
and password that you set the password for in step 7 on page 73.)

b.

Verify “Normal” is selected for Connect As.

c.

Click [Close].

3.

Verify Oracle connects properly. You should see “Connected” in the display
box.

4.

Run the script.

Note:

Remember that if you changed the name of the LENEL_DATA and/or
LENEL_TEMP data spaces, you must change the defDataSpace and
defTempSpace variables in the LenelUser.ora script to the appropriate
tablespace names before running the script.

Note:

a.

Select the File > Open menu option. The script loads into Oracle
SQLPlus Worksheet.

b.

Navigate to C:\ Program Files\OnGuard\DBSetup\New.

c.

Select LenelUser.ora.

If the file is not displayed, type “*.ora” in the Filename field and click
[Open].

d.
5.

Click [Open]. Click the

button to run the script.

Verify there were no errors. You should see the following text:
“User created.”
“Grant succeeded.”
“Commit complete.”

Step 7: Configure Authentication
Oracle requires the configuration of an authentication method for
Database Setup to run successfully. There are two options for
authentication:

76 — revision 1

•

Create a new Oracle user with Windows authentication credentials for single
sign-on.

•

Provide the Lenel user credentials in the application.config file.

Enterprise Setup & Configuration User Guide

For more information, refer to the Database Authentication for Web
Applications chapter in the Installation Guide.

Step 8: Run Database Setup
After you install OnGuard 2010 and you create the default Lenel user you
can run Database Setup.
Note:

If Windows single sign-on is used for database authentication, you must be
logged in as the domain user specified during the Oracle user creation.

revision 1 — 77

Installing & Configuring Oracle 1g Server Software

78 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 8:

Configuring Oracle 11g Client
Software

Important:

If you are using Windows Vista or Windows 7 you may need to run Oracle
applications, such as the Net Configuration Assistant, as administrator for
configuration changes to persist.

Oracle 11g Client Installation and Configuration
Step 1: Install Oracle 11g Client
Important:

If installing the 64-bit version of Oracle you must also install the 32-bit
version of the client tools or OnGuard will not work properly.

1.

Insert the Oracle 11g Client disc in your disc drive. This will launch the
Autorun program. Alternately you may launch the installation by executing
the setup.exe file on the disc.

2.

The Welcome screen is displayed. Click [Next].

3.

The Select Installation Method screen is displayed.

4.

5.

6.

a.

Select the Administrator radio button.

b.

Click [Next].

The Product-Specific Prerequisite Checks window is displayed.
a.

Verify that the requirements are met.

b.

Click [Next].

The Install Location screen is displayed.
a.

Verify the Oracle base and software location information is correct.

b.

Click [Next].

The Product-Specific Prerequisite Check screen is displayed.
a.

Verify that the prerequisistes are met.

b.

Click [Next].

7.

Review the summary and click [Install]. The installation process may take
several minutes or more depending on your system resources.

8.

The Oracle Net Configuration Assistant: Welcome screen is displayed. Click
[Next].

9.

When the Oracle Net Configuration installation is complete, click [Finish].

revision 1 — 79

Installing & Configuring Oracle 11g Server Software

10. The End of Installation screen is displayed. Click [Exit].
11. Install the latest approved Patch Set. The list of approved patch sets can be
found on the Lenel Web site at: http://www.lenel.com/support/downloads/
onguard#compatibility-charts.

Step 2: Install OnGuard 2010 Enterprise Software
You may now install OnGuard. For more information, refer to Chapter 9:
Installing OnGuard 2010 Enterprise on page 83.

80 — revision 1

OnGuard
Installation and
Configuration

Enterprise Setup & Configuration User Guide

Chapter 9:

Installing OnGuard 2010 Enterprise

OnGuard 2010 Enterprise Installation Prerequisites
Before you install OnGuard you must first install the third-party requirements
from the OnGuard Supplemental Materials disc. Windows Service Packs are also
required but are not provided on the Supplemental Materials disc. See the
OnGuard release notes on the Installation disc to see which service packs are
required for your operating system. Adobe Reader is not required but highly
recommended as you need it to read the OnGuard documentation.
1.

Insert the OnGuard Supplemental Materials disc into a disc drive on a
computer running the Windows operating system.

2.

Install the components that are needed from the prerequisites section:

•

Adobe Reader - required to read the OnGuard help documentation

•

Crystal .NET Components - Required if installing the browser-based
applications. This is not necessary for Windows Vista installations.

•

Microsoft .NET Framework 3.5 SP1 - Required for some applications to work
correctly. While installed automatically during the OnGuard installation some
systems have shown that installing it beforehand increases the speed of the OnGuard
installation significantly.

•

Microsoft DirectX - Required on all machines running OnGuard except if
using Windows Vista.

3.

Install your database system.

4.

Restart your computer.

Note:

Internet Information Services (IIS) is required for use of the web
applications, but is not included on the Supplemental Materials disc. IIS can
be installed from Control Panel > Add or Remove Programs > Add/
Remove Windows Components. The Windows installation disc may be
required.

Installation Procedures
Install the OnGuard 2010 Enterprise Software
1.

Insert the OnGuard 2010 Enterprise disc into a disc drive on a computer
running the Windows operating system.

2.

If auto-run is enabled, simply click the [Install Now] button. If not, click the
Start button, then select Run. In the dialog box, browse to the disc and select

revision 1 — 83

Installing OnGuard 2010 Enterprise

setup.exe from the disc drive. Alternatively, you can navigate to the disc
manually and then run setup.exe.
3.

The Microsoft .NET Framework 3.5 SP1 installation wizard begins. Click
[Install] to begin installation. Microsoft .NET Framework 3.5 SP1 must be
installed for some OnGuard features to work correctly.

4.

When prompted, read the Software License Agreement. If you agree to its
terms:

5.

6.

a.

Select the I accept the license agreement radio button.

b.

Click [Server] or [Client], depending on the computer on which you are
installing.

Next, you will be prompted to enter the system type information:
•

If you want to install the typical installation features which are preselected in the setup program, select the Typical System radio button..

•

If you want to include or exclude certain features, select the Custom
System radio button. With this option selected, a window is displayed
allowing you to select your features. You must do a custom install to use
the browserbased clients. Before installing browser-based applications
your system must have IIS installed and meet other requirements.
Installing the browser-based applications without meeting the proper
requirements may result in major system problems. For more
information, refer to Configuring the Web Application Server on
page 103.

Choose the database option that best describes how the database will be
installed and configured. Before selecting an option, check the system's
database configuration and verify that you are not installing or reinstalling a
database that your system does not require. If you are unsure of your
system's database configuration contact the System Administrator. Installing
or reinstalling a database incorrectly can cause your system to work
improperly. The choices for database configurations are:
•

SQL Server/SQL Server Express - select this option if your system
already has a SQL Server or SQL Server Express database installed or if
a database will be manually created after the installation process.

•

New SQL Server Express - select this option if you would like the
installation process to automatically install SQL Server Express and
configure a database.
Oracle Server - select this option if your system already has an Oracle
database installed or if a database will be manually created after the
installation process.

•

•

Notes:

84 — revision 1

Demo System - select this option if you would like the installation
process to automatically install SQL Server Express and configure a
demo server and database.

SQL Server 2008 Express Edition can be installed automatically during the
OnGuard installation process. During the installation process you may install
SQL Server 2008 Express by selecting the New SQL Server Express or
Demo System option. If you plan to use SQL Server 2008 Express Edition
then it is highly recommended that you install it automatically with one of
these options. If a non-default instance of SQL Server 2008 Express Edition
is already installed, a warning message appears asking to verify your choice.
Installing or reinstalling a database incorrectly can cause your system to
work improperly.

Enterprise Setup & Configuration User Guide

7.

Click [Next].

8.

The System Location Information window will be displayed.

Notes:

•

Either accept the default installation directory or click [Browse] and
specify a different destination folder.

•

Accept the default location of the License Server or click [Browse] and
specify a different location.

•

In the Port field, enter the number of the port to be used for access
control system communication. It is recommended that you accept the
default value of 8189.
If you accept the default port setting of 8189, it is written into the ACS.INI
file. If you want to enter a port setting other than 8189, it is written into both
the ACS.INI file AND the
…OnGuard\LicenseServerConfig\Server.Properties file. This file will
only be created during the install if the port setting is changed. If you want to
change the port setting in the ACS.INI file after the installation (either to a
new setting or back to 8189), then you must also change it in the
Server.Properties file.
To make changes in the ACS.INI file on a Windows Vista or Windows 7 computer
you must right-click on the ACS.INI file and run it as The Administrator.

9.

Notes:

•

In the Provide the location of your [SQL/Oracle/SQL Server
Express] Database section, accept the default location or click
[Browse] and specify a different location.

•

If you selected the Complete System radio button in the previous
window, click [Install], and the OnGuard installation will begin. If you
selected the Custom System radio button, the [Install] button is
replaced by a [Next] button. Click [Next].

The Custom Setup window will be displayed. Select the access control
system features you wish to have installed.
Click the name of a feature on the left to display its description on the right.
Below the Feature Description the disk space requirements of the selected
feature are displayed.

10. Click the icon to the left of a feature to display a popup menu of installation
choices for that feature. Click [Next].
11. Click [Install] to begin the installation.
12. A check is performed behind-the-scenes to determine if a language pack is
installed. If an old language pack is installed, the following message is
displayed:

revision 1 — 85

Installing OnGuard 2010 Enterprise

•

If you wish to cancel the installation and remove the language pack by
yourself, click [Cancel].

•

If you wish to remove the language pack and continue the installation,
click [Remove & Continue].

13. After Windows configures OnGuard, the status and progress bar will be
updated.
Important:

Lenel software requires certain security adjustments to the operating system to
function more securely. If needed, the Security Utility runs during installation. Please
review the Security Utility release notes provided prior to running this utility, which
then makes these adjustments automatically. Upon agreeing to this disclaimer, the
user is assuming responsibility for any security issues that may occur due to these
adjustments. For more information, refer to Running the Security Utility on

page 88.

14. Once the installation is complete, click [Finish].
15. Depending on the components that you chose to install, you may need to
reboot the computer. If you are prompted to do so, reboot the computer.

Attach the Hardware Key (OnGuard License Server
Computer Only)
OnGuard software is protected by a hardware security key. There are two types
of hardware security keys available for use with OnGuard: parallel port and USB.
You may request either. Remember to physically attach the hardware key
(“dongle” adapter) directly to the respective port on the computer that has
License Server installed in order for the software to run properly.
A hardware key is only needed on the server running License Server. Each client
computer running OnGuard 2010 Enterprise uses a software license instead of a
hardware key.
Note:

If you are using a software license you do not need to configure a hardware key nor
must you install Sentinel drivers. For more information, refer to Install Your

OnGuard License on page 88.

Configuring a Parallel Port Hardware Key
If you are using a hardware key that attaches to the parallel port, no special
configuration is needed for the hardware key; simply attach the hardware key to
the parallel port.

Configure a USB Hardware Key
If you are using a hardware key that attaches to the USB port, then you must
install a driver in order for Windows to recognize the device.
Important:

86 — revision 1

You must install the driver for the hardware key BEFORE attaching the USB
hardware key to the computer.

Enterprise Setup & Configuration User Guide

To configure a USB hardware key:
1.

2.

3.

Install the SafeNet USB hardware key driver by doing the following:
a.

Navigate to the SafeNet directory on the Supplemental disc and then doubleclick the .exe file. This can be found by navigating through the following
folders on the supplemental disc: /License Key Drivers/SafeNet.

b.

The InstallShield Wizard starts. Click [Next].

c.

The wizard continues, and the License Agreement window opens.
Select the I accept the terms in the license agreement radio button,
and then click [Next].

d.

The wizard continues, and the Setup Type window opens. Select the
Custom radio button, and then click [Next].

e.

The Custom Setup window opens. Make sure only the Parallel Driver
and the USB System Driver get installed. You do not need to install any
of the Sentinel Servers or Sentinel Security Runtime. Click on Sentinel
Protection Server, Sentinel Keys Server, and Sentinel Security Runtime
and select, “This feature will not be available.” [Click Next].

f.

Click [Install].

g.

The wizard completes. Click [Finish] to exit.

Install the USB hardware key by doing the following:
a.

Attach the USB hardware key to any available USB port.

b.

The Found New Hardware wizard starts. Click [Next].

c.

The hardware is detected, and the Found New Hardware wizard
completes. Click [Finish]. The hardware key is now configured and
ready to be used.

Depending on your configuration, you may need to restart your comuter so
that License Administration recognizes the hardware key. Otherwise, you
may receive an error in License Administration saying that the necessary
hardware device was not found.

You are now ready to install the software license!

Install the New License
Install your new license using the License Administration Application. For more
information, refer to Install Your OnGuard License on page 88.

Configure Authentication
An authentication method with the database must be configured for browserbased applications to work properly. Create an account in both Windows and the
database system for use with single sign-on authentication. For more
information, refer to Chapter 10: Database Authentication for Web Applications
on page 93.

revision 1 — 87

Installing OnGuard 2010 Enterprise

Set Up Your OnGuard Database
Set up your OnGuard database using the Database Setup Application. For more
information, refer to Run Database Setup on page 91.

Running the Security Utility
Lenel software requires certain security adjustments to the operating system to function
more securely. If needed, the Security Utility runs during installation. Please review the
Security Utility release notes provided prior to running this utility, which then makes these
adjustments automatically. Upon agreeing to this disclaimer, the user is assuming
responsibility for any security issues that may occur due to these adjustments.

Important:

The Security Utility also needs to be run whenever any update to the
operating system takes place.

To run the Security Utility manually:
1.

Click Start > Programs > OnGuard 2010 > Security Utility.

2.

Click [More Info] to review the Security Utility release notes.

3.

Click [Agree] if you agree with the disclaimer notice.

4.

Follow the on screen instructions and click [Apply] when ready.

Install Your OnGuard License
You must have a license to run the OnGuard software. The license comes to you
from Lenel and has the extension *.xml, *.lic, or *.lic.xml. Licenses only need to
be installed one per system and are usually installed on the server. To use License
Administration, you may need to update your Internet browser security settings
to allow pop-ups and add the license server to the list of trusted sites.
Information regarding your dongle or software license ID, referred to as your
System ID, can be found in the Help > About section of the OnGuard applications.
Below are listed several license elements that should be noted.
Software Licenses: OnGuard now utilizes a software license, which works
without the need for a hardware dongle. When using a software license you are
able to use License Administration to activate, return, or repair your license.
It is important that access to licensing.lenel.com is allowed through your proxy if
you wish to be able to activate and deactivate licenses. If it is not you will have to
use activate by phone.

88 — revision 1

Enterprise Setup & Configuration User Guide

Software licenses can only be used on a physical computer or in a VMware ESX
virtual environment. In a VMware ESX virtual environment, only the License
Server is supported. The License Server must be used with a software-based
license and not with a dongle-based license. For more information, refer to the
VMware Products Compatibility Guide, located at https://customer.lenel.com/
?q=filemanager/active&#38;fid=2087. (You will need a Lenel login to gain
access to this site.)
Licenses for Hardware: Hardware licenses are based on the number of controllers for a given panel class. For example, instead of having different licenses
for different types of panels in the same class (such as fire) a single license covers
all the different panels that are in the same class.
Expired Licenses: An alarm is generated when the system license is set to
expire. This alarm is dependent on linkage server being configured and run- ning
on a host workstation. Although not required, it is advised that this alarm be
configured to be e-mailed to the system administrator to ensure proper
notification. For more information, see the Acknowledge Alarms chapter in the
Alarm Monitoring User Guide.
Important:

In order for the alarm to be reported to monitoring stations there must be at
least one panel configured and marked online. The panel does not need to
exist or actually be online in Alarm Monitoring, it simply needs to exist in
the System Status view.

Log into the License Administration Application
1.

Make sure that the License Server is running. The License Server must be
run wherever you wish to use License Administration.

2.

Click the Windows Start button, then select Programs > OnGuard 2010 >
License Administration. If your browser has JavaScript support enabled, a
new window will open with the License Administration application in it.
Otherwise, follow the directions in the browser’s window and click the
hyperlink to continue. The License Administration application will then
open in the same browser window. You must have cookie support enabled
for this to work.

Note:

The URL for License Administration is: http://
LICENSESERVERHOST:9999/ Replace LICENSESERVERHOST with the
name of the machine the License Server is running on. For example, if the
machine running the License Server is named alpha, the License
Administration URL will be: http://alpha:9999/

3.

In the Username field, type a valid username. When logging in for the first
time, the Username is admin.

4.

In the Password field, type a valid password that corresponds to the
username entered. When logging in for the first time, the password is admin.

5.

Click [Log In]. The License Administration options will be displayed.

revision 1 — 89

Installing OnGuard 2010 Enterprise

Note:

After logging in for the first time, you are strongly encouraged to modify the
default username and password as soon as possible to discourage
unauthorized use.

6.

The first time you log in you are strongly encouraged to change the
password. To do this, click the “Change Your Password” hyperlink.

7.

The Administrator Properties page is displayed. You can change the user
name, password, or both. This user name and password is only used for the
License Administration application.
a.

To change the user name, enter a new value in the Username field.

b.

To change the password, enter a new value in the Password field.

c.

If you are changing the password, you must reenter the password in the
Confirm Password field.

d.

Click [Update]. A message will be displayed that indicates whether the
administrator properties were successfully updated.

Changing Administrator Properties for the License
Administration Application
After logging in for the first time, you are strongly encouraged to modify the
default username and password as soon as possible to discourage unauthorized
use. To change the username and password, do the following:
1.

Log into the License Administration application.

2.

Click the Administrator Properties… hyperlink. The administrator properties
will be displayed in the right half of the window.

3.

You can change the user name, password, or both.

4.

90 — revision 1

a.

To change the user name, enter a new value in the Username field.

b.

To change the password, enter a new value in the Password field.

c.

If you are changing the password, you must reenter the password in the
Confirm Password field.

Click [Update]. A message will be displayed that indicates whether the
administrator properties were successfully updated.

Enterprise Setup & Configuration User Guide

Install a New License
1.

Obtain a new license file from Lenel. Be sure that you know where the
license file is saved, as you will need to know the location to successfully
install the license.

2.

Make sure that the License Server is running.

3.

Start the License Administration application.

4.

Log into the License Administration application.

5.

Click the Install New License… hyperlink.

6.

In the License file field, enter the name and location of the file containing
the license that you want to install. You can use [Browse…] to locate the file.

7.

Click [Next].

8.

View the license and make sure that it is the correct license.

9.

Scroll down to the bottom of the window and click [Next]. If the license is
not the correct license, click [Back] to go back and choose another license
file.

10. Read the terms of the license agreement and select the Yes radio button if
you agree with the terms of the license.
11. Click [Finish].
The license will be installed. The entry that is displayed in the Installed Licenses
drop-down listbox indicates the name of the product that the license controls, and
will be updated to include the new license.

Run Database Setup
The Database Setup program sets up the database and installs the reports needed.
This only needs to be run on a server.
Important:

If using Windows Vista, Windows 7, Windows Server 2008, or Windows
Server 2008 R2 you may have to run Database Setup and the Form
Translator utility with the option “Run the program as an administrator”
enabled.

Important:

The installation and upgrade process assumes your OnGuard database is
called “AccessControl.” If this is not the case you need to modify the

revision 1 — 91

Installing OnGuard 2010 Enterprise

application.config file to correct this. For more information, refer to
Appendix A: The Application.config File on page 175.

92 — revision 1

1.

Click the Windows Start button, then select Programs > OnGuard 2010 >
Database Setup.

2.

If upgrading the database, the Choose Task window opens. Select the action
you would like to perform. Click [Continue]. The choices include:
•

Add/remove missing system data for current build - If you feel that you are
missing system data, selecting this will add information back into the build.

•

Compare database schema [no data] - Checks to see if the schema has
changed. This does not compare data. This would be useful to run before
upgrading to see if any schema changes have occurred, though it is not
necessary.

•

Upgrade database - Select to upgrade your database.

3.

A warning message appears and reminds you to back up your database.

4.

A Database Setup Progress window opens that states which database you are
upgrading to which version. You must select [Execute] to continue.

5.

The database will install. If upgrading the database, the system will be
checked for anomalies. Anomalies are database features that are unknown to
OnGuard and can include custom tables, triggers, stored procedures, etc. Not
all users will encounter anomalies. When prompted to take action on
anomalies, the items listed should be familiar to the person performing the
upgrade. Select all items that you know should exist and click [Continue].
Failure to select known anomalies may result in the failure of custom
functionality.

6.

When the database setup has been completed successfully you will receive a
message telling you that to use the OnGuard web applications you will need
to run the Form Translator Utility. If you plan on running the browser-based
applications click [Yes]. Otherwise, click [No].

7.

Login to Form Translator. Enter in the OnGuard “sa” login information for
the fields, which include User Name, Password, and Directory. Click [OK].

Enterprise Setup & Configuration User Guide

Chapter 10: Database Authentication for Web
Applications
The following situations require the configuration of a method of authentication:
•

Systems with Oracle databases. For Oracle installation instructions, refer to
the Advanced Installation Topics guide.

•

Systems using browser-based OnGuard applications.

There are two methods of authentication available:
1.

Authenticate Windows with the database.
•

2.
Note:

Configure Windows Authentication with SQL Server on page 93

Provide Credentials in the Protected File on page 98
When used in this chapter, Windows authentication refers to the use of a
single log on to gain access to both Windows and the database.

Windows Authentication with SQL Server
SQL requires authentication configuration for browser-based applications to run
successfully.

Configure Windows Authentication with SQL Server
The following process will take you through the process of configuring Windows
authentication.

Create a new Windows user
Create a new Windows user to run the LS Application Server according to your
IT policy. You may also choose to utilize an existing Windows user for
authentication.

revision 1 — 93

Database Authentication for Web Applications

Add the Windows user to SQL Server
1.

Click the Windows Start button, then select Programs > Microsoft SQL
Server 2008 > SQL Server Management Studio. This launches the SQL
Server Management Studio.

2.

In the Object Explorer pane of the SQL Server Management Studio, expand
the Security folder.

3.

Right-click the Logins folder and select New Login.

4.

In the General page of the Login window:

5.

6.

a.

In the Login name field, type server-name\username, where servername is the name of the server and username is the name of the
Windows user.

b.

Select the Windows authentication radio button.

Click [Search] to launch the Select User or Group dialog. This dialog is used
to verify that the Login name is correct.
a.

In the Enter the object name to select text box, enter the user name.

b.

Click [Check Names]. If the user is found it will appear underlined.

c.

Click [OK].

Select User Mapping from the Select a page pane.
a.

Select (check) the <Server Name>lenel database from the Users
mapped to this login list.

b.

In the Database role membership for: <Server Name>lenel list
select (check):
•
•

c.

db_owner
public

Click [OK].

The new login will appear in the Logins folder.
Verify the Integrated Security Setting
Verify that the application.config file is configured for Windows authentication.
1.

2.

94 — revision 1

Open the application.config file to edit.
•

On Windows XP or Windows Server 2003: Navigate to C:\Documents
and Settings\All Users\Application Data\lnl

•

On Windows Vista, Windows 7, Windows Server 2008, or Windows
Server 2008 R2: Navigate to C:\ProgramData\lnl. You may need to
show hidden folders.

Find the <add key=“ConnectionString” ...> line and verify
that Integrated Security is set to SSPI.

Enterprise Setup & Configuration User Guide

Configure Authentication for Reports in Area Access
Manager
If you want to use reports with Area Access Manager (Browser-based Client),
additional steps are required for Windows authentication.
Note:

If you do not want to use Windows authentication you can also store the
Lenel credentials in the Web.config file. For more information, refer to
Provide Credentials in the Protected File on page 98.

Edit the Web.config File
1.

Navigate to C:\Inetpub\wwwroot\lnl.og.webservice and edit the Web.config
file.

2.

Find the <system.web> line and add the following line below it:
<identity impersonate=“true” />

3.

Find the <add key=“reportDSN” ... > line and verify that the value
is equal to the DSN name for connection to the database.

4.

Find the <add key=“reportDatabase” ... > line and verify it is
set to the correct database name. By default this value is set to
AccessControl.

5.

Find the <add key=“reportDatabaseUsername” ... > line
verify that the value is empty.

6.

Find the <add key=“reportDatabasePassword” ... > line and
verify that the value is empty.

7.

Save and exit the file.

Disable Anonymous Access in Windows
1.

Right-click My Computer and select Manage.

2.

Expand Services and Applications > Internet Information Services.

3.

Right-click Web Sites and select Properties.

4.

Select the Directory Security tab.

5.

In the Authentication and access control section, click [Edit].

6.

a.

Deselect (uncheck) the Enable anonymous access check box.

b.

Select the Integrated Windows Authentication check box.

c.

Click [OK].

d.

Click [OK].

The Inheritance Overrides dialog is displayed.
a.

Click [Select All].

b.

Click [OK].

revision 1 — 95

Database Authentication for Web Applications

Edit the Machine.config File
Windows XP users must also modify the machine.config file.
1.

Note:

Browse to the following folder:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG
The version folder name may vary depending on the version of .NET you
have installed.

2.

Open machine.config for editing.

3.

Search for the following line:
<processModel autoConfig=“true”

4.

Add the following immediately following autoConfig=“true”:
userName=“system” password=“AutoGenerate”

5.

This should result in a string such as:
<processModel autoConfig=“true” userName=“system”
password=“AutoGenerate”/>

6.

Save and exit the file.

Configure Windows Delegation for Remote Databases
If the OnGuard database is located on a different computer than the LS
Application Server, Windows delegation must be configured. The following
instructions are for domain controllers running on Windows Server 2003.
1.

On the domain controller, open Active Directory Users and Computers.

2.

In the console tree, under the domain name, click Computers.

3.

Right-click the Web server, then click Properties.

4.

On the Delegation tab, select the Trust this computer for delegation to
specified services only radio button.

Note:

96 — revision 1

If the Delegation tab is not available on a Windows Server 2003 domain
controller, you may need to raise the domain functional level. Consult your
IT administrator for more information.

5.

Select the Use Kerberos only radio button.

6.

Click [Add], and add the service running the database. For example, the
mssqlserver service and the computer name running the database server.

7.

Click [OK].

Enterprise Setup & Configuration User Guide

Restart IIS
After completing the above steps for configuring reports for Area Access
Manager (Browser-based Client), restart IIS.
1.

In Computer Management, expand Services and Applications.

2.

Right-click Internet Information Services and select All Tasks > Restart
IIS.

Windows Authentication with Oracle
Oracle requires authentication configuration for Database Setup and the browserbased applications to run successfully.

Create a new Windows user
Create a new Windows user to run the LS Application Server according to your
IT policy. You may also choose to utilize an existing Windows user for
authentication.

Add the Windows user to Oracle
To configure Windows authentication with Oracle, a new Oracle user must be
created with Windows authentication credentials.
1.

Click the Windows Start button, then select Programs > Oracle (this may
be different depending on your installation) > Application Development
> SQLPlus Worksheet.

2.

Log in using the system account.

Important:

You must be logged in as SYSTEM to run the script!

3.
Important:

Type or paste (with modifications) the following script into the worksheet:
Modifications must be made in two places that the string
OPS$DOMAIN\DOMAINUSER is found. Replace both instances of
DOMAIN with the name of the domain and DOMAINUSER with the name
of a user that will be logged in to Windows when Database Setup is run. You
must make sure that your DOMAINUSER and DOMAIN are both entirely
in uppercase letters or you may encounter problems accessing certain
applications.

CREATE USER "OPS$DOMAIN\DOMAINUSER" PROFILE "DEFAULT"
IDENTIFIED EXTERNALLY DEFAULT TABLESPACE "LENEL_DATA"

revision 1 — 97

Database Authentication for Web Applications

TEMPORARY TABLESPACE "LENEL_TEMP" ACCOUNT UNLOCK;
GRANT CONNECT, RESOURCE, DBA TO
"OPS$DOMAIN\DOMAINUSER";
COMMIT;
4.

Execute the script.

5.

Navigate to the sqlnet.ora file located at
$ORACLE_HOME\Network\Admin and edit it.

6.

Verify that authentication is set to “NTS” in the following line:

SQLNET.AUTHENTICATION_SERVICES=(NTS)

Verify the Integrated Security Setting
Verify that the application.config file is configured for Windows authentication.
1.

2.

Open the application.config file to edit.
•

On Windows XP: Navigate to C:\Documents and Settings\All
Users\Application Data\lnl

•

On Windows Vista or Windows 7: Navigate to
C:\ProgramData\lnl

Find the <add key=“ConnectionString” ...> line and verify
that Integrated Security is set to True.

Provide Credentials in the Protected File
Windows authentication with the non-embedded application server is the
recommended method of configuration. Another method is to store the
authentication information in the application.config file. When this method is
used, additional steps are necessary to secure the file with Access Control Lists
(ACL). When ACL is used the information within the file is very secure.

98 — revision 1

Important:

This authentication method requires advanced knowledge of Windows
security and is not recommended.

Important:

When providing credentials in a protected file, the ODBC authentication
method must not be set to Windows authentication. This is the default
configuration unless the ODBC was manually created.

Enterprise Setup & Configuration User Guide

Securing Files with the Access Control List
The Access Control List (ACL) is a highly secure method of protecting
information stored within a file. OnGuard can be configured to store user
credentials within a file which must be secured to protect the information. This
configuration can be performed on the Security tab of the file properties dialog.
Right-click on the file and select Properties.
The account that administers the system should have read and write access any
file containing user credentials so that they can maintain the file information. In
addition, certain other accounts must have access to the files.
• The application.config file is used by the LS Application Service to determine where
the database is and how to authenticate (by indicating integrated authentication or providing credentials).
• The Web.config file can be used to store the Lenel user credentials when reports are
used with Area Access Manager through a browser. This is only necessary if you are
not using Windows authentication.

Application.config
The application.config file can be used to store the Lenel user credentials for
access to the database when Windows authentication is not used. This is not the
recommended configuration, however with ACL the login credentials can be
secured. The user account that runs the LS Application Server service must have
read permission for the file.

Web.config
The Web.config file contains user credentials only if reports are generated from
the browser-based Area Access Manager and Windows authentication is not
being used.
Read permission must be configured for the account running the Web Service.
This is the ASPNET account if running IIS 5.0 or the account configured as the
Identity for the application pool that it is in if running IIS 6.0.

Store the Lenel User Credentials
The following instructions are for storing the Lenel user credentials in the
application.config file for authentication with the database.

revision 1 — 99

Database Authentication for Web Applications

Note:

For information on storing Lenel user credentials for Crystal Reports, see
Browser-based Reports on page 108.

1.

Open the application.config file to edit.
•

On Windows XP: Navigate to C:\Documents and Settings\All
Users\Application Data\lnl

•

On Windows Vista, Windows 7, or Windows Server 2008 R2: Navigate
to C:\ProgramData\lnl

2.

Find the <add key=“ConnectionString” ...> line and add the
following to the existing information inside of the quotes (“”) in the value
attribute where <password> is the LENEL user password:
User ID=LENEL;Password=<password>;

3.

On the same line, change the Integrated Security value to: Integrated
Security=No;

4.

Save and exit the file.

Oracle Users
Oracle users must also edit the sqlnet.ora file to specify the authentication
method.
1.

Navigate to \oracle\product\10.1.0\Db_1\NETWORK\ADMIN and edit
the sqlnet.ora file.

2.

Verify that authentication is set to “None” in the following line:
SQLNET.AUTHENTICATION_SERVICES=(None)

Configure Authentication for Reports in Area Access
Manager
If you want to use reports with Area Access Manager (Browser-based Client)
without using Windows authentication, credentials also must be provided and
secured in the Web.config file.

100 — revision 1

Enterprise Setup & Configuration User Guide

Note:

If you are using Windows authentication this procedure is not necessary for
browser-based reports.

1.

Navigate to C:\Inetpub\wwwroot\lnl.og.webservice and edit the Web.config
file.

2.

Find the <add key=“reportDSN” ... > line and verify that the value
is equal to the DSN name for connection to the database.

3.

Find the <add key=“reportDatabase” ... > line and verify it is
set to the correct database name. By default this value is set to
AccessControl.
•

If you are using SQL with a different database name, edit the value to
equal the name of the SQL database.

•

If you are using Oracle, the reportDatabase key is not required should
not be specified. Remove <Server Name>lenel from the value and
set it equal to “”.

4.

Find the <add key=“reportDatabaseUsername” ... > line and
set the value to “LENEL”.

5.

Find the <add key=“reportDatabasePassword” ... > line and
set the value to the LENEL account password.

6.

The user that the Web Application Service is running under needs
permission to create and delete files from the directory set in the
reportTemporaryFilePath line.

7.

a.

Find the following line and either leave the default path or type a
different directory location: <add
key=“reportTemporaryFilePath”
value=“C:\Temp\LnlWebServiceReports\”></add>

b.

Create the Windows directory specified in the reportTemporaryFilePath
value.

c.

Grant permission to create and delete files in the directory to the user
that the Web Application Service is running under.

Save and exit the Web.config file.

revision 1 — 101

Database Authentication for Web Applications

102 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 11: Configuring the Web Application
Server
Important:

When installing or upgrading OnGuard, you must choose to do a custom
installation to install the Web Application Server, which is required on the
server to use browser-based applications. The Web Application Server
feature requires IIS running on Windows Server 2003 or Windows Server
2008; the Web Application Server is not recommended for use on Windows
XP, Windows Vista, or Windows 7 because the number of client connections
to IIS is limited.

The Web Application Server feature enables the use of browser-based
applications on client machines that may not have OnGuard installed. The Web
Application Server deploys the minimal software needed for the Web
applications on first use, communicates with the OnGuard database, and provides
streaming help to the client. Additional configuration steps are necessary to
provide the Web Application Server with the credentials to access the OnGuard
database.
When used in this chapter, single sign-on refers to the use of a single log on to
gain access to both Windows and the database. The application service runs
under this Windows account and uses the same credentials to access the OnGuard
database.
Note:

The OnGuard server must have port 80 open for client connections.

Custom Install the Web Application Server
After IIS has been installed, use the OnGuard “Custom Installation” to install the
Web Application Server component. This step can be performed during the initial
installation of OnGuard or as a modification to an existing system. For more
information, refer to Appendix B: Custom Installation of OnGuard on page 181.

revision 1 — 103

Configuring the Web Application Server

Running Form Translator
Important:

If using Windows Vista, Windows 7, Windows Server 2008, or Windows
Server 2008 R2 you may have to run the Form Translator utility with the
option “Run the program as an administrator” enabled.

The Form Translator utility must be run after the Web Application Server is
installed. The Web Application Server enables the browser-based applications to
be run.
Note:

Form Translator must also be run after forms are modified using
FormsDesigner. Form Translator is only installed on the server. If you are
editing forms from a client, you must run Form Translator on the server for
the browser-based and smart client-based applications to continue to
function properly.

To run the Form Translator follow these steps:
1.

Navigate to the OnGuard installation directory.

2.

Run Lnl.Tools.FormTranslator.exe.

3.

Log into Form Translator. Enter in the OnGuard “sa” login information for
the fields, which include User Name, Password, and Directory. Click [OK].
If Form Translator happens to fail simply follow these instructions again and
consult your Lenel representative.

Internet Information Services (IIS) for Windows Server
2003
Important:

104 — revision 1

Managing an Internet Information Services (IIS) Server requires an
advanced IT understanding of security and IIS Application management.
The installation guidelines offered in this manual are the minimum steps
required to utilize IIS with OnGuard. As such, Lenel is not responsible for
IIS configuration and maintenance other than the steps outlined for OnGuard
functionality. Technical Support assistance will be provided specific to the
installation, enablement, and base functionality of IIS per OnGuard
requirements. Additional support services should be managed by the
customer's IT department, and it is recommended that they are involved
early in the implementation process to ensure corporate standards are met.

Enterprise Setup & Configuration User Guide

Default IIS directories and permissions are used. Consult your system
administrator to ensure that your security requirements are met. For more
information, refer to Creating Virtual Directories on page 105.
Use of SSL to ensure security across the network when using browser-based
applications is highly recommended. Refer to IIS documentation for additional
IIS and SSL configuration if desired. Once SSL has been configured, several files
must be updated with the new URL. For more information, refer to Configure
SSL on page 106.

.Net Configuration with SQL Server
1.

Right-click My Computer and select Manage.

2.

In the Computer Management tree, expand Services and Applications >
Internet Information Services > Web Sites > Default Web Site.

3.

Right-click lnl.og.web and select Properties.

4.

Select the ASP.NET tab.

5.

In the ASP.NET version drop-down, select 2.0.

6.

Repeat steps 3 through 5 for lnl.og.webservices.

Serving Dynamic Content with Windows Server 2003
By default Windows Server 2003 only serves static content. If the Web
Application Server is running Windows Server 2003, it must be configured to
serve dynamic content. Consult your system administrator regarding the security
implications of enabling dynamic content.
1.

Right-click My Computer and select Manage.

2.

In the Computer Management tree, expand Services and Applications >
Internet Information Services and select Web Service Extensions.

3.

From the listing window, select ASP.NET v2.0 and click [Allow].

Creating Virtual Directories
OnGuard browser-based applications are installed under the default IIS directory.
This step is optional; some system users may require that they be located in an
alternate directory and must follow this procedure. Refer to IIS documentation
for instructions on how to create new virtual directories. The following
information is provided for configuration of new virtual directories.
Two virtual directories should be created: Lnl.OG.WebService and Lnl.OG.Web.
• Lnl.OG.WebService maps to the Local Path [Root-IIS-Path]\Lnl.OG.WebService\ and
Lnl.OG.Web maps to the Local Path [Root-IIS-Path]\Lnl.OG.Web\.
• Each virtual directory should have the Read, Log visits, and Index this resource permissions selected.
• Application name should be Lnl.OG.Web for the Lnl.OG.Web VD and should be
blank for the Lnl.OG.Webservice VD.
• Execute permissions should have Scripts only selected.

revision 1 — 105

Configuring the Web Application Server

• Application pool should be DefaultAppPool.If using a 64-bit operating system, it
should be be LSAppPool32bit.
• Select the Directory Security tab. In Windows XP, under Anonymous access and
authentication control, click [Edit]. Integrated Windows authentication should be
selected. In Windows 2003, under Authentication and access control, click [Edit].
Integrated Windows authentication should be selected.

Configure SSL
Refer to IIS documentation for SSL configuration instructions. Once SSL has
been configured with IIS, URLs need to be changed from http to https.
Specifically, follow the procedures for updating the following files:
• Updating the Preferences.js File for SSL on page 108
• Configuring the Services.config File on page 115
• Configuring the FlexApplicationConfiguration.xml File on page 116
• Configuring the SilverlightApplicationConfiguration.xml File on page 116
• Configuring the ClickOnce Files on page 116

Internet Information Services (IIS) for Windows Server
2008
Important:

Managing ans Internet Information Services (IIS) Server requires an
advanced IT understanding of security and IIS Application management.
The installation guidelines offered in this manual are the minimum steps
required to utilize IIS with OnGuard. As such, Lenel is not responsible for
IIS configuration and maintenance other than the steps outlined for OnGuard
functionality. Technical Support assistance will be provided specific to the
installation, enablement, and base functionality of IIS per OnGuard
requirements. Additional support services should be managed by the
customer's IT department, and it is recommended that they are involved
early in the implementation process to ensure corporate standards are met.

Default IIS directories and permissions are used. Consult your system
administrator to ensure that your security requirements are met. For more
information, refer to Creating Virtual Directories on page 105.
Use of SSL to ensure security across the network when using browser-based
applications is highly recommended. Refer to IIS documentation for additional
IIS and SSL configuration if desired. Once SSL has been configured, several files
must be updated with the new URL. For more information, refer to Configure
SSL on page 106.

106 — revision 1

Enterprise Setup & Configuration User Guide

.Net Configuration with SQL Server
Systems running versions of OnGuard newer than 5.12.012 should update their
.NET version. By default for Windows Server 2008 the ASP.NET version is
already set to 2.0. To check if it is 2.0:
1.

Right-click My Computer and select Manage.

2.

In the Computer Management tree, expand Roles > Web Server (IIS) >
Internet Information Services.

3.

On The Internet Information Services (IIS) Manager window, expand Sites >
Default Web Site and click lnl.og.web.

4.

Make sure that the ASP.NET version is set to 2.0 which it should be by
default. To check:
a.

Double-click .NET Compilation.

b.

Expand Assemblies. The system version should be 2.0.

Serving Dynamic Content with Windows Server 2008
By default Windows Server 2008 serves static and dynamic content. There is no
configuration needed.

Creating Virtual Directories
OnGuard browser-based applications are installed under the default IIS directory.
This step is optional; some system users may require that they be located in an
alternate directory and must follow this procedure. Refer to IIS documentation
for instructions on how to create new virtual directories. The following
information is provided for configuration of new virtual directories.
Two virtual directories should be created: Lnl.OG.WebService and Lnl.OG.Web.
• Lnl.OG.WebService maps to the Physical Path [Root-IIS-Path]\Lnl.OG.WebService\
and Lnl.OG.Web maps to the Physical Path [Root-IIS-Path]\Lnl.OG.Web\.
• Once the virtual directories is created, right-click the virtual directory in the tree and
select Convert to Application and click [OK].
• Application pool should be DefaultAppPool.
• On The Internet Information Services (IIS) Manager window, double-click Authentication and make sure that the status of Anonymous Authentication and Integrated
Windows authentication is set to “Enabled.”

Configure SSL
Refer to IIS documentation for SSL configuration instructions. Once SSL has
been configured with IIS, URLs need to be changed from http to https.
Specifically, follow the procedures for updating the following files:
• Updating the Preferences.js File for SSL on page 108
• Configuring the Services.config File on page 115
• Configuring the FlexApplicationConfiguration.xml File on page 116
• Configuring the SilverlightApplicationConfiguration.xml File on page 116
• Configuring the ClickOnce Files on page 116

revision 1 — 107

Configuring the Web Application Server

Authentication
An authentication method with the database must be configured for browserbased applications to work properly. Create an account in both Windows and the
database system for use with single sign-on authentication. For more
information, refer to Database Authentication for Web Applications on page 93.

Configure the LS Application Server Service Log On
Account
Once the single sign-on account has been created in Windows and the database
system, the Application Server service must be configured to run under the
Windows account.This Windows user must also have read/write access to the
OnGuard directory so that they can write to the log files.
1.

Open the Windows services from Control Panel > Administrative Tools >
Services.

2.

Locate the LS Application Server service in the list. Right-click the service
and select Properties.

3.

On the Log On tab, select This account and click [Browse].

4.

Type the user name of the Windows account in the Enter the object name
to select text box and click [Check Names].

5.

Click [OK] to exit the Select User dialog and [OK] to save the changes to the
LS Application Server properties.

Area Access Manager and VideoViewer Browser-based
Clients
Updating the Preferences.js File for SSL

For Area Access Manager and VideoViewer browser-based clients, the
preferences.js file needs to be changed to use SSL.
1.

Navigate to C:\Inetpub\wwwroot\lnl.og.web\ and edit the Preferences.js file.

2.

Locate the line
var g_lnl_pfx_webservice_serverAddress
and change http to https.

Browser-based Reports
Area Access Manager has the ability to generate reports with a browser-based
client. Additional configuration steps are necessary to enable reports in Internet
Explorer:
• Crystal .NET Components must be installed on the Web Application Server.

108 — revision 1

Enterprise Setup & Configuration User Guide

• Additional steps are required for Crystal Reports to access the database. Either NT
authentication must be configured or the Lenel user credentials must be stored in the
Web.config file and protected with security. For more information, refer to Configure Authentication for Reports in Area Access Manager on page 100.
• By default, the Reports option is hidden from the browser-based Area Access Manager. The Preferences.js file must be edited to show the Reports button.
• The IIS user must be able to access the temp folder (typically C:\Windows\temp).
• Oracle users must grant full control of the Oracle folder to the user running the Web
Service.

Install the Crystal .NET Components
The Crystal .NET Components installation is located on the Supplemental
Materials disc. This installation must be performed on the Web Application
Server only. The Crystal .NET Components must be installed for the Windows
user that the Web Application Service runs under.

Configure Authentication for Reports in Area Access
Manager
Authentication must be configured for reports in order to use them with Area
Access Manager (Browser-based Client). Configuration steps vary depending on
whether you are using Windows Authentication or providing credentials in a
protected file. For more information, refer to Database Authentication for Web
Applications on page 93.

Enable the Reports Option
Use the following steps to display the [Reports] button in the browser-based Area
Access Manager:
1.

Navigate to C:\Inetpub\wwwroot\lnl.og.web\ and edit the
Preferences.js file.

2.

Add the following line to the file:
var g_lnl_og_aam_showReportsTask = true;

3.

Save and exit the file.

revision 1 — 109

Configuring the Web Application Server

Set Oracle Folder Permissions
Oracle database users must grant full control permissions for the Oracle root
directory to the user running the Web Service.
1.

Navigate to the Oracle root directory.

2.

Right-click the directory and select Sharing and Security.

3.

On the Security tab, select the user that runs the Web Service from the
Group or user names list.

4.

In the Permissions list, select the check box to allow Full Control to the
user.

5.

Click [Advanced].

6.

Select the Replace permission entries on all child objects with entries
shown here that apply to child objects check box.

7.

Click [Apply].

Configuration Download Service
The “configuration download service” (LnlConfigDownloadService.exe) is
used to send updates to the controllers when changes are made to access level
assignments using the Area Access Manager (Browser-based Client).
This service will check the database once a minute (the default setting) to see if
there are any new changes to process and it will then send down these changes to
the hardware. To change the default setting so the service checks the database at
other time intervals, add the following lines to the ACS.INI file (the
“LoopDelay” is in milliseconds):
[ConfigDownloadService]
LoopDelay=60000
This service needs to run if Area Access Manager (Browser-based Client) is
being used.
Only one instance of the “configuration download service” can exist in a system.
Important:

To make changes in the ACS.INI file on a Windows Vista or Windows 7
computer you must right-click on the ACS.INI file and run it as The
Administrator.

Configure the Configuration Download Service Host

110 — revision 1

1.

In System Administration, navigate to Administration > System options.

2.

On the General System Options form, click [Modify].

3.

Select a workstation in the Configuration Download Service host dropdown box or browse for one in the system.

Enterprise Setup & Configuration User Guide

OnGuard User Permissions
User accounts must be configured with permissions to access to the browserbased client applications.

VideoViewer (Browser-based Client)
The following user permissions must be configured for each user account that
will access the VideoViewer:
• System Permission Group > Video Hardware > Video Devices
• System Permission Group > Access Control Hardware > Alarm Panels
• System Permission Group > Users, Directories, Certification Authorities, Logical
Access > Permission Groups
• Monitor Permission Group > Monitor > View
• Monitor Permission Group > Monitor > Live Video
• Monitor Permission Group > Control > Control
• Monitor Permission Group > Control > Camera PTZ (If you wish to grant permission
to use PTZ)

Video Player Installation
A file download and installation will be required the first time video is accessed
through a browser on a client without OnGuard installed.

Viewing Reports in Area Access Manager
Adobe Reader is required to view reports on a client workstation.

Client Configuration
Additional configuration steps are necessary for browser-based applications on
the client.

revision 1 — 111

Configuring the Web Application Server

Internet Browser Security Level
The security level must be specified for the OnGuard server that the Web site is
hosted on. A custom level must be defined with specific options.
1.

From the Tools menu in Internet Explorer, select Internet Options.

2.

Select the Security tab.

3.

Select the Trusted sites icon and click [Sites].
a.

Type the URL for the OnGuard server that the Web site is hosted on.

b.

Click [Add].

c.

Click [Close].

4.

Set the Security level for this zone slider to Medium-low.

5.

Click [Custom Level...].
a.

Locate the following settings in the list and verify that they are set
correctly:

Item

Setting

ActiveX controls and plug-ins > Automatic prompting
for ActiveX controls

Enable

Downloads > File Download

Enable

Miscellaneous > Access data sources across domains

Prompt

Scripting > Active Scripting

Enable

b.

Click [OK].

6.

On the Advanced tab, select Multimedia > Play animations in web pages.

7.

Click [OK] to close the Internet Properties dialog.

Configure Single Sign-on for Browser-based clients
Single sign-on can optionally be configured for browser-based clients. The
following Internet Explorer settings must be configured on each client

112 — revision 1

Enterprise Setup & Configuration User Guide

workstation that will use single sign-on authentication to connect to the browserbased applications. Additional steps must be performed on the server.
1.

From the Tools menu in Internet Explorer, select Internet Options.

2.

On the Security tab, select the Trusted Sites icon and click [Sites...].

3.

The Trusted sites dialog is displayed.
a.

In the Add this Web site to the zone field, enter the domain name of
the Web application server.

b.

Click [Add].

c.

Click [Close].

4.

Click [Custom level...]

5.

The Security Settings - Trusted Sites Zone dialog is displayed.
a.

Note:

Set the User Authentication > Logon setting to Automatic logon with
current username and password.

Using Windows to store a username and password for the application will
override the Automatic logon with current username and password
setting in Internet Explorer.

b.
6.

Click [OK].

Click [OK].

Accessing the Browser-based Applications
To access browser-based applications from a client, it is necessary to know the
server name and the location of the application on the Web Application Server.
For the Area Access Manager and VideoViewer browser-based clients, the IP
address is also acceptable in place of the server name. There is not a central log in
location for all OnGuard browser-based applications. The following addresses
should be used to access the browser-based applications from a client, where
<server-name> equals the name or IP address of the Web application server.
Important:

If accessing with an IP address, IDVM may not work properly.

Application

URL

Area Access Manager

http://<server name>/lnl.og.web/
lnl_og_aam.aspx

VideoViewer

http://<server name>/lnl.og.web/
lnl_og_videoviewer.aspx

Visitor Management
Host

http://<server name>/IdvmHost
Or, if manual sign-on is being used:
http://<server-name>/idvmhost/
?useAutomaticSSO=false

revision 1 — 113

Configuring the Web Application Server

Application

URL

Visitor Management
Administration

http://<server name>/AdminApp

Note:

If SSL is configured the Web address will begin with https.
For Visitor Management Host, additional steps are required to configure
automatic single sign-on. The user logging in must be a cardholder. This
cardholder must be paired with a user’s directory account.

Accessing ClickOnce
If you are using ClickOnce for Visitor Management Front Desk or Kiosk, the
following URLs are also needed.
Application

URL

ClickOnce for Front
Desk

http://<server name>/FrontDeskClickOnce

ClickOnce Kiosk

http://<server name>/KioskClickOnce

Create Bookmarks
Create favorites in Internet Explorer or shortcuts in the Start menu to enable users
to easily access the browser-enabled applications.

114 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 12: Visitor Management Installation
Visitor Management Host, Administration, Front Desk, and Kiosk are installed
with the Web Application Server.

Using SSL
After installing the Web Application Server through a custom installation,
additional configuration is needed to use SSL.

Security and Authentication
For Visitor Management Host, the services.config file needs to be changed to use
SSL. The services.config file is the default configuration, which is HTTP with
Windows authentication.
Configuring the Services.config File

If you do not plan to use SSL, then you do not have to perform this procedure.
1.

Navigate to C:\Inetpub\wwwroot\lnl.og.services\IdvmWebHost.

2.

There are four possible security policies, with corresponding files:

Security policy

File

No transport security,
Windows Authentication not
required

HttpServices.config

Transport security, Windows
Authentication not required

HttpsServices.config

Transport security, Windows
Authentication required

HttpsWithWindowsAuthenticationServi
ces.config

No transport security,
Windows Authentication
required

HttpWithWindowsAuthenticationServic
es.config

3.

a.

To configure transport security and require Windows Authentication,
locate the file, HttpsWithWindowsAuthenticationServices.config.

b.

Select the file name and rename it to services.config.

Save the file.

revision 1 — 115

Visitor Management Installation

Configuring the FlexApplicationConfiguration.xml File

For Visitor Management Host, the FlexApplicationConfiguration.xml file
needs to be changed to use SSL.
1.

Navigate to C:\Inetpub\wwwroot\lnl.og.services\WebHost and edit the
FlexApplicationConfiguration.xml file.

2.

Locate the URL.

3.

Change http to https.

4.

Save the file.

Configuring the SilverlightApplicationConfiguration.xml File

For Visitor Administration, the SilverlightApplicationConfiguration.xml file
needs to be changed to use SSL.
1.

Navigate to C:\Inetpub\wwwroot\AdminApp and edit the
FlexApplicationConfiguration.xml file.

2.

Locate the URL.

3.

Change http to https.

4.

Save the file.

Configuring the ClickOnce Files

Additional changes need to be made to the Front Desk and Kiosk ClickOnce files
(serviceModelClient.config.deploy) to use SSL. For more information, refer to
ClickOnce Setup on page 117.

ClickOnce for Front Desk and Kiosk
Visitor Management Front Desk and Kiosk can be deployed using ClickOnce. This
facilitates simple installation or upgrade of the application. The applications can be
deployed from the server or a shared network location.

Prerequisites
Before using ClickOnce, make sure the computer has Microsoft .NET
Framework 3.5 with Service Pack 1.
Additionally, the Kiosk requires Windows XP and the Touch-It Virtual Keyboard
software.
Note:

116 — revision 1

For more information, refer to the Kiosk documentation in the Visitor
Administration User Guide.

Enterprise Setup & Configuration User Guide

ClickOnce Setup
To utilize ClickOnce, OnGuard must first be installed on the server. Doing so will install a
folder, FrontDeskClickOnce for Front Desk, or KioskClickOnce for the Kiosk, with
the required files. In most typical installations, the folder will be
C:\Inetpub\wwwroot\FrontDeskClickOnce or
C:\Inetpub\wwwroot\KioskClickOnce.

The Touch-It Virtual Keyboard is not installed with Clickonce. It must be
installed separately.

Methods of Deployment
One option for deployment is to make it available through a shared network location. To
do this, move the ClickOnce directory to the appropriate location on your network.

Another option is to deploy through the server. With this method, the application
can be installed on the computer by accessing the files with a browser.

Server Name
The name of the server is usually configured during the installation process. However, if
you wish to change it, this can be done in the serviceModelClient.config.deploy file. This
is located in C:\inetpub\wwwroot\FrontDeskClickOnce\config for Front Desk or
C:\inetpub\wwwroot\KioskClickOnce\config for Kiosk.

revision 1 — 117

Visitor Management Installation

Using SSL
The configuration files will also need to be changed when using SSL.

1.

Locate the following file:
Navigate to C:\inetpub\wwwroot\FrontDeskClickOnce\config and
edit the serviceModelClient.config.deploy file for Front Desk.
Navigate to C:\inetpub\wwwroot\KioskClickOnce\config and edit the
serviceModelClient.config.deploy file for Kiosk.

2.

Locate the section that states
<!-- Points to the endpoint that supports a
security policy with HTTP and Windows
Authentication enabled-->
•

3.

Comment markers <!-- and --> are used to indicate a portion of the
code that will be ignored.

Comment out the endpoint address section of code for http by surrounding it
with comment markers.
a.

Type <!-- at the beginning of the section, before <endpoint
address="http...

b.

Type --> at the end of the section, after
“BasicHttpBinding_IIdvmService”></endpoint>.

4.

Locate the section that states
<!-- Points to the endpoint that supports a
security policy with HTTPS and Windows
Authentication enabled-->
The code for https is commented out by default.

5.

Remove the comment markers <!-- and --> surrounding that section to
enable the code.

6.

For the address in that same section, change http to https.

Installation
Once the ClickOnce deployment site has been created and configured, it is possible to
install the application.
Installing the Application via Network

118 — revision 1

1.

Obtain the location of the deployment site.

2.

Navigate to the directory, FrontDeskClickOnce for Front Desk. Navigate
to the directory, KioskClickOnce for Kiosk.

3.

To install Front Desk, run Lnl.OG.VM.FrontDesk.View.application. To
install Kiosk, run Lnl.OG.VM.Kiosk.View.application.

4.

Click [Install].

Enterprise Setup & Configuration User Guide

Installing the Application via Server

Note:

To use this method of installation, JavaScript should be enabled for the
browser. If it is not, contact your administrator for assistance.

1.

Use a browser to go to the address,
http://<server name>/FrontDeskClickOnce for Front Desk or http://<server
name>/KioskClickOnce for the Kiosk,
where <server name> is the name of the OnGuard server. If SSL has been
configured, the URL will start with https://...

2.

Click [Install].

The progress bar will indicate when installation is complete.

Workaround for Security Policies
A Front Desk or Kiosk error may occur, stating, “The HTTP request is unauthorized with
client authentication scheme ‘Negotiate’. The authentication header received from the
server was ‘Negotiate,NTLM’” This error occurs because only one security policy is
typically supported by the Windows Communication Foundation (WCF) service for
Visitor Management, regardless of the IIS setting to support both anonymous and
Windows Authentication.

Support Two Security Policies
Two security policies may be supported, requiring two webservices, two virtual
directories, and two copies of the service file.
Creating Two Copies of the Service File

1.

Navigate to C:\Inetpub\wwwroot\Lnl.OG.Services. Copy the directory,
IdvmWebHost.

2.

Name the copied directory IdvmAnonWebHost.

3.

In the IdvmAnonWebHost directory, locate the HttpServices.config file
and rename it to Services.config.

Creating a New Virtual Directory

1.

In IIS, create a new virtual directory named Lnl.OG.AnonServices.

2.

For the path, browse to and select the new directory,
C:\Inetpub\wwwroot\Lnl.OG.Services\IdvmAnonWebHost.

revision 1 — 119

Visitor Management Installation

Updating the ClickOnce Deployment

1.

Navigate to C:\Inetpub\wwwroot. Copy the directory,
FrontDeskClickOnce for Front Desk. Copy the directory, KioskClickOnce
for Kiosk.

2.

Name the copied directory AnonFrontDeskClickOnce for Front Desk or
AnonKioskClickOnce for Kiosk.

3.

Locate the following file:
Navigate to C:\inetpub\wwwroot\AnonFrontDeskClickOnce\config
and edit the serviceModelClient.config.deploy file for Front Desk.
Navigate to C:\inetpub\wwwroot\AnonKioskClickOnce\config and
edit the serviceModelClient.config.deploy file for Kiosk.

4.

Locate the section that states
<!-- Points to the endpoint that supports a
security policy with HTTP and Windows
Authentication enabled-->
•

5.

Comment markers <!-- and --> are used to indicate a portion of the
code that will be ignored.

Comment out the endpoint address section of code for http by surrounding it
with comment markers.
a.

Type <!-- at the beginning of the section, before <endpoint
address="http...

b.

Type --> at the end of the section, after
“BasicHttpBinding_IIdvmService”></endpoint>.

6.

Locate the section that states
<!-- Points to the endpoint that supports a
security policy with HTTP and anonymous -->
This code is commented out by default.

7.

Remove the comment markers <!-- and --> surrounding that section to
enable the code.

8.

In IIS, create a new virtual directory named AnonFrontDeskClickOnce for
Front Desk or AnonKioskClickOnce for Kiosk.

9.

For the path, browse to and select the new directory,
C:\Inetpub\wwwroot\AnonFrontDeskClickOnce for Front Desk or
C:\Inetpub\wwwroot\AnonKioskClickOnce forKiosk.

From a non-domain account, start Internet Explorer and go to:
• http://<server name>/AnonFrontDeskClickOnce for Front Desk or
• http://<server name>/AnonKioskClickOnce for Kiosk

Install the application. After doing so, you should be able to log in and use the
application.
Note:

120 — revision 1

For more information about configuring the system, refer to the Visitor
Management Front Desk and Visitor Administration User Guides.

Enterprise Setup & Configuration User Guide

Chapter 13: Applying Hot Fixes in Enterprise

How to Properly Apply a Hot Fix to an Enterprise System
Step 1: Log out of all Lenel Applications
Ensure that all users are logged out of all Lenel applications before proceeding.

Step 2: Run Replication
Open Replicator and run Replication on Regional Server Nodes to complete all
Upload and Download transactions.

Step 3: Stop Replicator and All OnGuard Services
1.

Confirm that no “To Do” and/or “Failed” transactions exist on the Regional
Server Nodes. If they do, run Replicator until none remain.

2.

Stop Replicator and all OnGuard services on the Master and Regional Server
Nodes.

Step 4: Back Up All Databases (if Requested)
1.

If the release note instructions or installation procedure for the hot fix
prompts you to back up your database, proceed to do so to both prevent data
loss and verify the integrity of the backup. Refer to “Database Backup and
Restoration” in the Installation Guide for more information.

2.

Be sure that everyone is off the system. It is especially important that no
cardholder operations are taking place.

Step 5: Apply Hot Fix to Master Server
1.

Run the Hot Fix Installer on the Master Server.

2.

Verify that the LS License Server and LS Login Driver services are started.

3.

Run Database Setup on the Master Server to update the database (unless not
required, per the specifications of the Hot Fix notes).

4.

Start up the OnGuard services on the Master Server.

revision 1 — 121

Visitor Management Installation

Step 6: Apply Hot Fix to Regional Servers
1.

Run the Hot Fix Installer on the Regional Server Nodes.

2.

Verify that the LS License Server and LS Login Driver services are started.

3.

Run Database Setup on the Regional Server Nodes to update the databases
(unless not required, per the specifications of the Hot Fix notes).

4.

Start up the OnGuard services on the Regional Server Nodes.

Step 7: Perform Full Download
1.

122 — revision 1

You will now be prompted to perform a full download if the hot fix has been
applied. Depending on the hot fix, a full download may be required.

Enterprise Setup & Configuration User Guide

Chapter 14: Enterprise Configuration

Master Server Node Configuration Overview
When OnGuard Enterprise installs, it installs a standard database. To configure a
standard database to become an Enterprise Master Server Node database, you
must use the Replication Administration application. The database cannot
contain any cardholders, hardware, or card formats; if it does, they will be
deleted when the standard database is converted to an Enterprise database.
The Enterprise Master Server database is automatically segmented. The default
segment will be named that of the server network name. The Master Server Node
will have its own segments along with two dynamic segments.
Dynamic recursive segments allow the system to be constantly updated when
additional segments are added. There are two dynamic segment types, recursive
and non-recursive. The dynamic recursive segment includes all segments on the
owning server and all child server's segments inclusively. The dynamic nonrecursive segment includes all segments on the owning server.
Enterprise Segmentation Example

Master

Segment 1

Segment 2

Segment 3

Regional
Server 1

Regional
Server 1-1
Segment 4

Regional
Server 2

Regional
Server 1-2

Regional
Server 2-1

Regional
Server 2-2

Segment 5

Master Server Node Login
You may log into the Master Server Node in either of the following ways:
•

<All Segments - [master display name] - Recursive>: If you log in as an
All Segment Recursive, you will have access to all the Master Server
Segments as well as all the Regional Server Node segments.

revision 1 — 123

Enterprise Configuration

•

<All Segments - [master display name]>: If you log in as an All Segment ,
you will have access to all segments in the Master Server only.

•

Single Segment: If you log into a single segment, whether it is the Master
Server Node or an Regional Server Node, you will see only the information
for that particular segment.

•

Segment Group: If you log into a segment group, you will see only the
information for the segments that make up that particular segment group.

Configure the Master Server Node Database
Before you can configure the Master Server Node database, you must do the
following on the Master Server Node computer:
1.

Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.

2.

Install and Configure the Database Software.

3.

•

SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.

•

Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.

•

Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 67.

Install the OnGuard 2010 Enterprise software.
a.

Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
OnGuard 2010 Enterprise is installed with the “Standard” settings. For
detailed installation instructions, refer to Chapter 9: Installing OnGuard
2010 Enterprise on page 83. After OnGuard 2010 Enterprise has been
installed, the Enterprise Master Server Node features can be enabled.

124 — revision 1

b.

Attach the hardware key on the OnGuard License Server computer. For
more information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.

c.

Install the software license for this computer. For more information,
refer to the Installation Guide.

d.

Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.

Enterprise Setup & Configuration User Guide

You are now ready to configure the Master Server Node database. To do this:

Note:

1.

Start and log into Replication Administration on the Master Server Node.

2.

When you log into Replication Administration for the first time, it detects
that you have a standard database. The following message is displayed.
Click [Yes].

3.

The System Settings form is displayed. On the System Settings form:

a.

In the This System’s Enterprise Setting drop-down list, select
“Enterprise Master Server.”

b.

In the Enterprise server display name field, you may specify a userfriendly name for the server node.

c.

In the Workstation name where ID Allocation Service is running,
specify the workstation that this node will connect to retrieve its Ids.

Each Enterprise system must have one instance of the ID Allocation Service
running. It is highly recommended to run the ID Allocation Service on a
Master Server, Distributed ID Master Server, or Master Server-level client.
The ID Allocation Service will only function if the ACS.INI file on the
computer running the service is pointed to the Master Server.

d.

In the Virtual server name configuration section, select whether the
Master Server Node uses a virtual server name (also known as the
failover name). This setting only pertains to systems using a fault

revision 1 — 125

Enterprise Configuration

tolerance/disaster recovery solution such as NEC ExpressCluster or
Microsoft Clustering.

Note:

By default the This server uses a virtual server name checkbox is
deselected, which indicates that the server name specified is the
actual machine name of the Master Server Node.

•

If you specified a failover name for the Master Server Node in the
fault tolerance/disaster recovery solution, then you will need to
select the This server uses a virtual server name checkbox and
enter the failover name used to identify the Master Server Node in
the fault tolerance/disaster recovery system rather than the actual
machine name.

You can modify this value after the Master has been created by clicking
“Enterprise Server Configuration” in Available Views after selecting the
Master Server Node in the System Tree.

e.

126 — revision 1

•

Click [OK].

4.

The following message is displayed. Click [Yes].

5.

The recommended naming scheme for new databases is “<Server
name>Lenel.” If the name of the database you are configuring follows this
naming scheme, no warning message is displayed and you can skip ahead to
step 6. If the database you are configuring is not named according to this
naming scheme and you wish to proceed using the current database name,

Enterprise Setup & Configuration User Guide

click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.

6.

If your database does not contain any data, skip ahead to step 7. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.

7.

The following message is displayed. Click [OK].

Congratulations, you created an Enterprise database on the Master Server
Node! You may now log into Replication Administration and see the Master
Server Node, or proceed to setting up your Regional Server Nodes.

Regional Server Node Configuration Overview
When OnGuard Enterprise installs, it installs a standard database. To configure a
standard database to become a Regional Server Node database, you must use the
Replication Administration application. The database cannot contain any
cardholders, hardware, or card formats; if it does, they will be deleted when the
standard database is converted to an Enterprise database.
The Regional Server Node database that is created will be segmented. The
default segment will be named that of the server network name. Each Regional
Server Node will have its own initial segment and can be further segmented.
Hardware can be added not only on a Regional Server Node database, but may
also be added to a Master Server database. To save time when configuring
numerous access panels or readers, use the wizards in System Administration.

revision 1 — 127

Enterprise Configuration

•

If you want to configure (add) several access panels, use the Configure
Access Panels Wizard which is available by selecting Wizards from the
Application menu in System Administration. The wizard provides detailed
instructions to guide you through the configuration process.

•

If you want to configure (add) several readers, use the Configure Readers
Wizard which is available by selecting Wizards from the Application menu
in System Administration. The wizard provides detailed instructions to guide
you through the configuration process. The wizard cannot be used to add
biometric or wireless readers.

Configure the Regional Server Node Database
Before you can configure the Regional Server Node database(s), you must do the
following on each Regional Server Node:
1.

Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root directory of the
OnGuard 2010 Enterprise disc.

2.

Install and Configure the Database Software.

3.

•

SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.

•

Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.

•

Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 67.

Install the OnGuard 2010 Enterprise software.
a.

Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
OnGuard 2010 Enterprise is installed with the “Standard” settings. For
detailed installation instructions, refer to Chapter 9: Installing OnGuard
2010 Enterprise on page 83. After OnGuard 2010 Enterprise has been
installed, the Regional Server Node features can be enabled.

128 — revision 1

b.

Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.

c.

Install the software license for this computer. For more information,
refer to the Installation Guide.

d.

Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.

Enterprise Setup & Configuration User Guide

You are now ready to configure the Regional Server Node database. To do this:

Note:

1.

Start and log into Replication Administration on a Regional Server Node.

2.

When you log into Replication Administration for the first time, it detects
that you have a standard database. The following message is displayed.
Click [Yes].

3.

The Enterprise Settings form is displayed.

a.

In the This System’s Enterprise Setting drop-down list, select
“Regional Server Node.”

b.

In the Regional Server Node Name field, you may specify a userfriendly name for the server node.

c.

In the Workstation name where ID Allocation Service is running,
specify the workstation that this node will connect to retrieve its Ids.

Each Enterprise system must have one instance of the ID Allocation Service
running. It is highly recommended to run the ID Allocation Service on a
Master Server, Distributed ID Master Server, or Master Server-level client.
The ID Allocation Service will only function if the ACS.INI file on the
computer running the service is pointed to the Master Server.

d.

In the Workstation name where Replicator is running field, specify
the name of the workstation that will be running the Replicator Service
for this Regional Server Node.

revision 1 — 129

Enterprise Configuration

Note:

This setting allows the Replication Administration application to
communicate with each Regional Server Node. There should be one instance
of the Replicator Service service running per Regional Server Node.

e.

Note:

•

By default the This server uses a virtual server name checkbox is
deselected, which indicates that the server name specified is the
actual machine name of the Regional Server Node.

•

If you specified a failover name for the Regional Server Node in the
fault tolerance/disaster recovery system, then you will need to
select the This server uses a virtual server name checkbox and
enter the failover name used to identify the Regional Server Node
in the fault tolerance/disaster recovery system rather than the actual
machine name.

You can modify this value after the Regional Server Node has been created
by clicking “Enterprise Server Configuration” in Available Views after
selecting the Regional Server Node in the System Tree.

f.

130 — revision 1

In the Virtual server name configuration section, select whether the
Regional Server Node uses a virtual server name (also known as a
failover name). This setting only pertains to systems using a fault
tolerance/disaster recovery solution such as NEC ExpressCluster or
Microsoft Clustering.

In the Parent server workstation name field, specify the name of the
Regional Server Node that this node is the child of.

Enterprise Setup & Configuration User Guide

Note:

When the parent server is running an Oracle database, the Parent server
workstation name field must be set to the Oracle Service Name (SID
Service Name).

g.

In the ODBC Data Source to parent server field, specify the ODBC
Data Source. This will be used by Replicator to move data between
nodes.

h.

In the Workstation name where the Login Driver is running field,
specify the name of the server that contains the Login Driver.

i.

Click [OK].

4.

The following message is displayed. Click [Yes].

5.

Authentication to the Master Server Node is required when creating a new
Regional Server Node. Log on to the Master Server Node using the SA
account or the single sign-on account linked to the SA account. Click [OK].

6.

The recommended naming scheme for new databases is “<Server
name>Lenel.” If the name of the database you are configuring follows this
naming scheme, no warning message is displayed and you can skip ahead to
step 6. If the database you are configuring is not named according to this
naming scheme and you wish to proceed using the current database name,

revision 1 — 131

Enterprise Configuration

click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.

132 — revision 1

7.

If your database does not contain any data, skip ahead to step 8. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.

8.

The Pre-Allocated ID Ranges form is displayed. This allows you to adjust
the amount of pre-allocated IDs for each record type that you wish to “grab”
for the Regional Server Node initially. You can also adjust the “Low Water
Mark”, which is the amount of remaining IDs below which new IDs will
automatically be “grabbed” again. There is normally no need to change these
default settings; however you may wish to adjust the number of Cardholder
and Badge IDs you wish to allocate depending on how many new
Cardholders/Badges you expect to be added at the Regional Server Node

Enterprise Setup & Configuration User Guide

over time. New pre-allocated IDs may be obtained at ANY time after the
Regional Server Node is configured.

9.

Click [Allocate New IDs Now] when you are ready to continue.

10. The following message is displayed. Click [OK].

Configure the Regional Server Node
After the Regional Server Node database has been created, you must:
1.

Download all cardholders to the new Regional Server Node. For more
information, refer to Download All Cardholders to the New Regional Server
Node on page 133.

2.

Schedule Replication to run automatically. For more information, refer to
Schedule Replicator to Run Automatically on page 134.

3.

Make sure to perform all necessary maintenance on a regular basis. For more
information, refer to Chapter 18: Enterprise System Administration on
page 165.

Download All Cardholders to the New Regional Server
Node
Your next step for configuring your Regional Server Node involves doing your
initial Cardholder download using the OnGuard Replicator application.
In many installations it is desirable to automatically assign default access levels
to all new badges which are added to a Regional Server Node, including the

revision 1 — 133

Enterprise Configuration

initial download. Lenel’s strategy for this makes use of the “Default Access
Group” assignment for Badge Types. This allows you to assign default access
levels on a per Badge Type basis for badges that are manually entered at the
Regional Server Node as well as for badges which are added elsewhere in the
Enterprise system and downloaded via the Replicator application.
If you wish to automatically assign access levels when downloading new badges
(see the appropriate manuals or help files for more information on how to
perform these tasks):
1.

On the Regional Server Node, log into the System Administration
application. Add all Access Levels you will need on the Access Levels tab.
You do NOT need the reader or timezone assignments for these levels at this
time. You only need to enter in the names that you will be using for these
Access Levels. As you modify these levels later by adding reader + timezone
assignments, badges with those levels assigned will automatically receive
that access.

2.

On the Access Groups page, add groups which group the levels you need to
assign to each Badge Type. It is recommended that you use segment-wide
(“<All Segments - [master display name] - Recursive>”) groups for this
purpose, which will serve you better should you decide to further segment
the system at a Regional Server Node.

3.

On the Badge Type page, modify each Badge Type and select the Default
Access Group that you wish to automatically assign to the Badge Type.

When you are ready to download all cardholders to your Regional Server Node:
1.

Exit any Lenel applications that you currently have running.

2.

Start the Replicator application by clicking Start > Programs > OnGuard
2010 > Replicator (see the Replicator User Guide or online help for more
information on this application).

3.

Log into the Regional Server Node database.

4.

In the “Download cardholders/assets” section, make sure “Download
cardholders/assets” is checked.

5.

Click the Full download radio button.

6.

If you have default access groups for badge types and wish to automatically
assign them at this time, make sure the “Add default access group when a
badge is added” is checked.

7.

Press [Execute]. Answer all prompts accordingly to begin your download,
and verify that the process completes successfully.

Schedule Replicator to Run Automatically
It is extremely desirable to have Replicator run unattended and automatically at
scheduled intervals. Clearly, it is vital to have someone check the log on a regular
basis and deal with errors, but the actual execution of Replicator should be
automated. Replicator can be run either in its interactive application mode (by
starting it from the menu), or as a Windows service. By running it as a service,
you can automate Replicator’s execution.

134 — revision 1

Enterprise Setup & Configuration User Guide

Replicator can also be scheduled to run using the Scheduler in System
Administration. For more information, refer to “Schedule Replication” in the
Replicator Schedule Form chapter of the Replication Administration User Guide.

Replicator Settings in the ACS.INI File
Important:

To make changes in the ACS.INI file on a Windows Vista or Windows 7
computer you must right-click on the ACS.INI file and run it as The
Administrator.

The ACS.INI file is a control file that sits on each computer that runs ANY
OnGuard software. This can be a client or a server. The ACS.INI file is located
within the Windows directory on a computer. In Windows XP, this directory is
often [Drive]:\\WINDOWS. Substitute the letter of the hard drive that Windows
is installed on for [Drive].
There are many sections within the ACS.INI file. Each section is denoted within
the file by the following syntax:
[Section]
The settings that relate to the Replicator are found within the Distributed
Exchange section in the ACS.INI file. They are:
Component (key)
name

Default value

Description

CheckInterval

180

How often the Replicator Service checks the schedule to see if a
task needs to be executed

LastChecked

<Date Set by
Replicator>

Last time this INI file was checked

Enterprise Ongoing Administration
Please refer to Chapter 18: Enterprise System Administration on page 165 for
information pertaining to ongoing administration tasks for an Enterprise system.

revision 1 — 135

Enterprise Configuration

136 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 15: Distributed ID Management Systems
Distributed ID Management allows secondary databases to be used for badging
cardholders, which are then uploaded to a master database. Uploads and
downloads can be:
•

Run as a scheduled background task, with successes and failures logged.
Administrators can be alerted via e-mail or pager if an error is encountered.

•

Run manually.

Downloads may be full (everything) or incremental (only the changes since the
last download).
A Distributed ID Management consists of a Distributed ID Master Server, as well
as one or more Distributed ID/Mobile Stations. In this configuration if access
control is being used, it is contained in the Distributed ID Master database.
Distributed ID/Mobile Stations are used only for adding, modifying, and deleting
cardholder information (cardholder, badges, access level assignments, and
multimedia capture). They can optionally print badges as well.
The following diagram illustrates a typical Distributed ID Management
configuration:
Distributed ID Management System

Distributed ID Master Server

Database

Master
Database

Database

Mobile Station 1

Mobile Station 2
Key:
Upload/Download, Wired or Wireless Network Connections

Distributed ID Master Server Description
The Distributed ID Master Server acts as the master server for the mobile and
distributed ID servers. Its characteristics include:
•

Maintains any controls needed for allocating IDs for distributing ID
activities

•

Receives uploads and provides downloads required for all mobile/distributed
ID stations associated with the Distributed ID Master Server.

•

Allows editing of all types of records.

•

Can only have Distributed ID/Mobile Stations attached to it - it CANNOT
manage Enterprise Regional Servers.

revision 1 — 137

Distributed ID Management Systems

Distributed ID/Mobile Station Description
A Distributed ID/Mobile Station only allows remote ID management only. It can
be a “Mobile Station” or a “Distributed ID Station”. A “Mobile Station” is
considered a portable laptop computer, whereas a “Distributed ID Station” is
considered a large-scale server that has a semi-permanent network connection
available. Both of these servers act the same in a Distributed ID Management
system. That is, they both upload and download the same information.
Distributed ID/Mobile Station characteristics include:
•

Must use ID controls to prevent duplicate IDs with the Distributed ID Master
Server and all other Distributed ID/Mobile Stations.

•

Performs uploads and receives downloads for all Distributed ID/Mobile
stations associated with this Distributed ID/Mobile Station.

•

Only allows editing of cardholder-related records for ID management.

Distributed ID Mobile Master Server Setup Overview
1.

Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root of the OnGuard 2010
Enterprise disc.

2.

Install and Configure the Database Software.

3.

138 — revision 1

•

SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.

•

Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.

•

Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 67.

Install the OnGuard 2010 Enterprise software.
a.

Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network. OnGuard 2010 Enterprise is
installed with the “Standard” settings. For detailed installation
instructions, refer to Chapter 9: Installing OnGuard 2010 Enterprise on
page 83. After OnGuard 2010 Enterprise has been installed, the
Distributed ID Master Server features can be enabled.

b.

Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more

Enterprise Setup & Configuration User Guide

information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.
c.

Install the software license for this computer. For more information,
refer to the Installation Guide.

d.

Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.

4.

Configure the server to be a Distributed ID Master Server. For more
information, refer to Configure a Distributed ID Master Server on page 140.

5.

Using the System Administration software, define your access control
system hardware and monitoring environment. (For more information, refer
to the System Administration and Alarm Monitoring User Guides.)

Distributed ID/Mobile Station Setup Overview
1.

Install Windows. Refer to the release notes for the versions of Windows that
are supported. The release notes are located on the root of the OnGuard 2010
Enterprise disc.

2.

Install and Configure the Database Software.

3.

•

SQL Server users: For more information, refer to Chapter 4: Microsoft
SQL Server 2008 on page 31.

•

Oracle 10g users: For more information, refer to Chapter 5: Installing &
Configuring Oracle 10g Server Software on page 41.

•

Oracle 11g users: For more information, refer to Chapter 7: Installing &
Configuring Oracle 11g Server Software on page 67.

Install the OnGuard 2010 Enterprise software.
a.

Install the OnGuard software on the workstation designated as the
server prior to installing OnGuard on each of the other (client)
workstations on the OnGuard network.
OnGuard 2010 Enterprise is installed with the “Standard” settings. For
detailed installation instructions, refer to Chapter 9: Installing OnGuard
2010 Enterprise on page 83. After OnGuard 2010 Enterprise has been
installed, the Distributed ID Mobile client features can be enabled.

4.

b.

Make sure that the hardware key is attached to the OnGuard License
Server computer, and that the License Server is running. For more
information, refer to Attach the Hardware Key (OnGuard License
Server Computer Only) on page 86.

c.

Install the software license for this computer. For more information,
refer to the Installation Guide.

d.

Run the Database Setup application. For more information, refer to Set
Up Your OnGuard Database on page 88.

Configure the Distributed ID/Mobile Station database and perform the initial
configuration and synchronization. This includes designating the server as a
Distributed ID/Mobile Station using Replication Administration, and preallocating a set number of Cardholder IDs and Badge IDs (if using automatic

revision 1 — 139

Distributed ID Management Systems

badge ID generation) for the Distributed ID/Mobile Station to use. The
Distributed ID Master keeps track of which range(s) were allocated to each
Distributed ID/Mobile Station, so that they can be validated before uploads
occur. For more information, refer to Configure a Distributed ID/Mobile
Station on page 141.
5.

Using the System Administration software, define your access control
system hardware and monitoring environment. (For more information, refer
to the System Administration and Alarm Monitoring User Guides.)

Configure a Distributed ID Management System
To configure a Distributed ID Management system you must:
1.

Set up the Distributed ID Mobile Master server by completing all steps in
Distributed ID Mobile Master Server Setup Overview on page 138.

2.

Set up Distributed ID/Mobile Stations by completing all steps in Distributed
ID/Mobile Station Setup Overview on page 139 on each Distributed ID/
Mobile Station.

Configure a Distributed ID Master Server

140 — revision 1

1.

Start and log into Replication Administration on the Distributed ID Master
Server.

2.

When you log into Replication Administration for the first time, it will detect
that you have a standard database. A message will prompt you to decide
whether you want to make the system a Distributed ID Server. Click [Yes].

3.

The Distributed ID Settings form is displayed. In the This System’s
Distributed ID Setting drop-down list, select “Distributed ID Master
Server.”

4.

Click [OK].

5.

The following message is displayed. Click [Yes].

6.

The recommended naming scheme for new databases is “<Server
name>Lenel.” If the name of the database you are configuring follows this
naming scheme, no warning message is displayed and you can skip ahead to
step 7. If the database you are configuring is not named according to this
naming scheme and you wish to proceed using the current database name,

Enterprise Setup & Configuration User Guide

click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.

7.

If your database does not contain any data, skip ahead to step 8. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.

8.

The following message is displayed. Click [OK].

The next step is to configure the Distributed ID/Mobile Station:

Configure a Distributed ID/Mobile Station
1.

2.

Run the OnGuard setup on the Distributed ID/Mobile Station. Choose a
“Server installation”. When selecting components, check only the following
options:
•

ID CredentialCenter

•

Database Setup

•

License System Server

•

Login Driver

•

Replicator

•

Replication Administration

•

Universal Time Conversion Utility

•

Documentation

After the installation is complete and the computer has been rebooted, open
the ID CredentialCenter program. Configuring a Distributed ID/Mobile

revision 1 — 141

Distributed ID Management Systems

Station requires that no cardholder data exists, so you must delete the default
record in the database. To do this:
a.

Select the Cardholders option from the Administration menu.

b.

Click [Search], then [OK]. There should be only one sample record
for Lisa Lake. If this is not true, something is wrong with your
installation!

c.

Click [Delete], then [OK].

3.

Start and log into Replication Administration on the Distributed ID/Mobile
Station.

4.

When you log into Replication Administration for the first time, it will detect
that you have a standard database. A message will prompt you to decide
whether you want to make the system a Distributed ID Server. Click [Yes].

5.

The System Settings form is displayed.

a.

Create a new ODBC DSN that points to the Distributed ID Master
server:
1) Click [Create New ODBC Data Source].
2) If using Windows 7, Windows Server 2008, or Windows Vista with
UAC turned on, the Create ODBC Data Source dialog will be
displayed. Click the [Create ODBC Data Source] button. You will
be prompted to allow or deny the command. If you are running the
application with a Windows account that does not have
administrator permissions you will be prompted for administrator
credentials.

142 — revision 1

Enterprise Setup & Configuration User Guide

3) For ODBC Data Source Name, type a name for the DSN. The
recommended name is LenelMaster.
4) Select the correct Database Type for the master database server. If
it’s SQL Server, type the computer name of the server, or click
[Browse] to select a server.
5) Click [OK].

Note:

b.

In the This System’s Distributed ID Setting drop-down, select
“Distributed ID/Mobile Station.”

c.

Specify the Master server workstation name.

d.

Select the ODBC Data Source to master server.

e.

Specify the Workstation name where the Login Driver is running.

f.

Specify the Workstation name where Replicator is running.

g.

In the Virtual server name configuration section, select whether the
station uses a virtual server name (also known as the failover name).
This setting only pertains to systems using a fault tolerance/disaster
recovery solution such as NEC ExpressCluster or Microsoft Clustering.
•

By default the This server uses a virtual server name checkbox is
deselected, which indicates that the station name specified is the
actual machine name of the station.

•

If you specified a failover name for the station in the fault
tolerance/disaster recovery solution, then you will need to select the
This server uses a virtual server name checkbox and enter the
failover name used to identify the station in the fault tolerance/
disaster recovery system rather than the actual machine name.

You can modify this value after the station has been created on the Enterprise
Server Configuration form. The Enterprise Server Configuration form is
displayed by clicking it beneath the station in the System Tree.

h.

It is also recommended you set the Database selection for this
workstation’s login to “Allow User to Select.”

i.

Click [OK].

6.

Authentication to the Master server is required when creating a new
Distributed ID/Mobile Station. Log on to the Master server using the SA
account or the single sign-on account linked to the SA account. Click [OK].

7.

The following message is displayed. Click [Yes].

8.

The recommended naming scheme for new databases is “<Server
name>Lenel.” If the name of the database you are configuring follows this
naming scheme, no warning message is displayed and you can skip ahead to
step 9. If the database you are configuring is not named according to this

revision 1 — 143

Distributed ID Management Systems

naming scheme and you wish to proceed using the current database name,
click [Yes]. Otherwise, click [No] and create a new database that follows the
recommended naming scheme.

9.

If your database does not contain any data, skip ahead to step 10. If the
following message is displayed, then your database already has data in it.
Click [Yes] to remove all existing data.

10. The Pre-Allocated ID Ranges form is displayed. This allows you to adjust
the amount of pre-allocated IDs for each record type that you wish to “grab”
for the region initially. You can also adjust the “Low Water Mark”, which is
the amount of remaining IDs below which new IDs will automatically be
“grabbed” again. There is normally no need to change these default settings;
however you may wish to adjust the number of Cardholder and Badge IDs
you wish to allocate depending on how many new Cardholders/Badges you
expect to be added at the Distributed ID/Mobile Station over time. New pre-

144 — revision 1

Enterprise Setup & Configuration User Guide

allocated IDs may be obtained at ANY time after the Distributed ID/Mobile
Station is configured.

11. Click [Allocate New IDs Now] when you are ready to continue.
12. The following message is displayed. Click [OK].

Your computer is now configured to perform mobile badging. However, if you
want to download all existing cardholder information from the Distributed ID
Master Server, you must do so by using the Replicator application and
performing a Full Download of the cardholder records. Once you run a Full
Download of cardholder records for the first time, you can then do Incremental
Downloads as needed, to download only changes that have occurred since your
last Full Download. For more information, refer to the Replicator User Guide.

revision 1 — 145

Distributed ID Management Systems

146 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 16: Accounts and Passwords
OnGuard 2010 Enterprise includes strong password enforcement, which checks
the user’s password against the OnGuard password standards. This functionality
is designed to enhance password security as well as encourage users to
implement single sign-on. If single sign-on is used (automatic or manual)
OnGuard does not enforce password standards.
Note:

The strong password enforcement feature in OnGuard also checks the Lenel
database user’s password when logging into applications. Database user
passwords apply to SQL Server Express, SQL Server, and Oracle. For
information on changing your database password refer to Change the
Database Password on page 149.

The following table summarizes the OnGuard default accounts and passwords:

OnGuard Default Accounts and Passwords
Description

User
name

Password

How to change
the password

Default system
administrator account.
This is the account that
is used initially to log
into the main OnGuard
applications, such as
System
Administration.

SA

SA

For more
information,
refer to About
Accounts on

OnGuard database.
This is the actual
OnGuard SQL Server
Express, SQL Server,
or Oracle database.

LENEL

page 151.

MULTIMEDI
A

For more
information,
refer to Change
the Database
Password on
page 149.

License
Administration
account. This is the
account that is used
initially to log into the
License
Administration
application.

ADMI
N

ADMIN

For more
information,
refer to Install
Your OnGuard
License on
page 46.

For more
information,
refer to Install
Your OnGuard
License on
page 88.

revision 1 — 147

Accounts and Passwords

Password Standards
When creating a strong password keep the following guidelines in mind:
•
•
•
•

Passwords cannot be blank
Passwords cannot be the same as the user name (for example, SA, SA)
Passwords cannot be Lenel keywords.
Although not required, your password should contain numbers, letters, and symbols.
Spaces are also acceptable. (for example, August 18, 1967)
• OnGuard user passwords are not case-sensitive.
• Database passwords conform to the rules of the specific database being used; passwords in SQL Server and Oracle 11g are case-sensitive. Passwords in Oracle 10g and
earlier are case-insensitive.
• The maximum value for a strong password is 127 characters. The minimum value is 1.

Note:

For Oracle databases the following account usernames and passwords are
not allowed to be used together:
System and Manager
Internal and Oracle
Sys and Change_On_Install

Database Passwords on an Enterprise System
All regions start out with the same database password (MULTIMEDIA). It is
highly recommended that you change the database password. If the database
password is changed on one region (Region 1) in an Enterprise system, it is still
possible to log into another region (Region 2) from Region 1. This is because a
login driver location is stored for each Enterprise server (each DSN). Multiple
registry entries are stored in “HKEY_CURRENT_USER\Software\Lenel”. All
entries begin with the prefix “LoginDrvLoc_” and are followed by their DSN.
For example, “LoginDrvLoc_MasterServer”.
The OnGuard software checks the license server workstation and then the
database server for the Login Driver. Once the Login Driver is found and the
password is retrieved, if you can’t be logged into the database you will be
prompted to enter the Login Driver location for the DSN that is currently
specified in the ACS.INI file. If the Login Driver Location window is displayed:
1.

Enter the Login driver location.

2.

Click [OK]. The registry will then be updated with the specified Login
Driver location, and the software will attempt to open the database again
using the password from this new login driver. If this is successful, you will
be allowed to log in. Otherwise, an error message will be displayed.

Enable/Disable Strong Password Enforcement
Strong password enforcement is enabled/disabled in System Administration or
ID CredentialCenter. When you install OnGuard, by default strong password
enforcement is enabled. When you upgrade, by default strong password

148 — revision 1

Enterprise Setup & Configuration User Guide

enforcement is disabled. To manually enable or disable strong password
enforcement:

Note:

1.

Select System Options from the Administration menu.

2.

Select the General System Options tab.

3.

Click [Modify].

4.

Select or deselect the Enforce strong passwords check box.
If you disable the option to enforce strong passwords, you will no longer
continue to receive a message stating your password is weak every time you
log into an application until you change your OnGuard password to meet the
password standards.

Change the Database Password
In addition to user accounts and passwords, your OnGuard system has a database
password. During installation, this password is set to MULTIMEDIA. When you
log on, the application checks your database server (SQL Server, Oracle, or SQL
Server Express) for this password before allowing you to use the database. This
is done “behind the scenes.”
It is highly recommended that this password be changed. Although all the
machines in an Enterprise or Distributed ID system start out using the same
database password (MULTIMEDIA), the database password does not need to be
the same on all machines. The procedure for changing the database password
varies depending on whether the Login Driver is running on the same computer
that the database is located on, and which options you choose to use. The SQL
Server, Oracle, or SQL Server Express password and the password in the Login
Driver must be the same or you will not be able to log into any OnGuard
applications.
• If the Login Driver and the database are on different computers, you have two options:

•

Change the database password, and change the password in the Login
Driver manually later

•

Change both the database password and the Login Driver password at
once. If you choose this option, the password will be sent over the
network as plain text.

revision 1 — 149

Accounts and Passwords

Change the Lenel Account Password
1.

To change the Lenel account password using the Login Driver:
a.

Stop the LS Login Driver service, and then run it as an application.

b.

The
icon appears in the system tray. Right-click the icon, then select
Open.

c.

The Login Driver window opens. From the Edit menu, select Change
Password.

2.

If the password is considered weak, the Database Server Account Passwords
window is displayed. Refer to Password Standards on page 148 to determine
a secure password.

3.

Click [Continue]. If you wish to change the password for a database server
account now, that is, “LENEL”, select the account from the list, then click
[Change Password].
a.

The Change Password window is displayed. In the Old password field,
type your current password. For security reasons, your password is not
displayed as you type it.

b.

In the New password field, type the new password.

c.

In the Confirm password field, type the new password again. Because
the password can’t be seen while you type, this gives you an extra
assurance that you typed it correctly.

d.

When the password is changed, it must be changed in the Login Driver
and on the database server. If the Login Driver and the database server
are running on the same machine, proceed to step e.
If the Login Driver and the database server are not running on the same
machine, the When I change this password on the Login Driver, do
not change the password on the database server. I will change the
password manually on the database server. check box appears in the
Change Password window. (If they are on the same machine, this check
box does not appear.)
•

Note:

A connection to the Login Driver is required to connect successfully to the
database. The Login Driver can be run on either the database server or the
license server.

•

e.
4.

150 — revision 1

If the check box is not selected (default), the password will be
changed in both places. However, the password is sent as plain text
over the network. This is the only case where the password is
passed across the network in plain text when changing the
password.

If the check box is selected, the password in the Login Driver will
be changed, but you will need to change the password manually on
the database server. For more information, refer to Change the
Lenel Account Password on page 150.

Click [OK] to save the new password.

Exit the LS Login Driver application and restart the service.

Enterprise Setup & Configuration User Guide

About Accounts
The System Administrator should create a unique account for each user of the
applications. The System Administrator can also, for each user, create a list of
permissions, which specifies precisely which screens, fields, and buttons the user
can access.
During initial installation of the application, default accounts are created. These
include:
User name

Password

Type

sa

sa

system account

admin

sample

user

sample

badge

sample

These are provided as samples. You may change the passwords and use the
accounts, or remove them. The exception to this is the system account, SA. By
definition this account has permission to do anything in the system. A user with
system access has unlimited access to the application. You cannot delete or
change the system account except to modify the password, which you are
strongly encouraged to do as soon as possible to discourage unauthorized use.
The first time you log into OnGuard to configure the application, you should log
in as SA and your password should be SA.

Change the System Administrator Password for the
Database
It is very important that you have a secure password for your database
administrator account. For SQL Server Express and SQL Server databases, this
account is “SA.” Oracle has several default administrator accounts, including
INTERNAL, SYS, and SYSTEM. These passwords must be changed to a secure
password if strong password enforcement is enabled. Two steps are required to
change the system administration password:
1.

Change the system account password in the database using Database Setup.

2.

Write down and inform administrators of the password change.

Change the SYSTEM Account Password Using Database
Setup
To change the SYSTEM account password using Database Setup, follow the
same instructions listed in Change the Lenel Account Password on page 150,

revision 1 — 151

Accounts and Passwords

with the following exception: in step 3 on page 150, select the system account
from the list (“SA” by default), then click [Change Password].

Write Down and Inform Administrators of the Password
Change

152 — revision 1

1.

It is essential that you do NOT lose this password. If you do not have the
system administration password, you can potentially lose your entire
database since no one may gain access to the information.

2.

Write down the password and store in a secure place that won’t get lost.

3.

Inform other system administrators of the password.

4.

BE SURE to inform the customer that you have changed the system
password.

5.

Explain the importance of the password to the customer and recommend
they keep it secure and not allow it to be “common knowledge.”

Upgrading an
Enterprise System

Enterprise Setup & Configuration User Guide

Chapter 17: Upgrading to OnGuard 2010
Enterprise
This section describes how to upgrade your Enterprise system. The general
approach that must be followed to upgrade an Enterprise system to OnGuard
2010 Enterprise is:
1.

Make sure that all pending transactions have been processed.

2.

If you are not using Visitor Management, please proceed to step 3. As an
upgrade requirement for Enterprise customers using Visitor Management, all
signed-out visits at each Regional Server Node and the Master Server Node
must be archived prior to performing the upgrade. Failure to do so will cause
all historic visits to lose their date/time information upon a full replication/
download.

3.

Stop all OnGuard services, including LS Replicator, on the Master and
Regional Server Nodes.

4.

Back up all databases.

5.

Make sure that the Master and Regional Server Nodes have the latest
approved Windows service pack and Windows updates (see the release notes
for specifics). Upgrade any machines that do not. Refer to the release notes
for the versions of Windows that are supported. The release notes are located
on the root directory of the OnGuard 2010 Enterprise disc.

6.

On the Master and Regional Server Nodes, upgrade all databases to SQL
Server 2008 with the latest supported service pack as indicated by the release
notes.

7.

Install DirectX 9.0 on the Master and Regional Server Nodes.

8.

Upgrade the OnGuard software and databases in the following manner:

9.

a.

On the Enterprise Master Server Node, upgrade to OnGuard 2010
Enterprise.

b.

On the Enterprise Master Server Node, upgrade the OnGuard database.

c.

On all Regional Server Nodes, upgrade to OnGuard 2010 Enterprise.

d.

On all Regional Server Nodes, upgrade the OnGuard database.

e.

On all Mobile Stations, upgrade the OnGuard database.

Run the IntelligentVideo Database Upgrade Utility on any node that has an
IntelligentVideo Server configured on it. The tool is located in the Digital
Video > IntelligentVideo DB Upgrade folder on the Supplemental

revision 1 — 155

Upgrading to OnGuard 2010 Enterprise

Materials disc. For more information, refer to the readme.htm file located in
the same directory.
10. When the Master Server Node and all Regional Server Nodes have the same
database version, start Replicator on all Regional Server Nodes.
11. Confirm that Replication is working using Replication Administration. For
more information, refer to the Replication Administration User Guide.
12. Perform a full download if upgrading a region from an OnGuard release
before version 6.0 to a version 6.0 or later. Otherwise a full download is not
required.
13. Run the Universal Time Conversion Utility. For more information, refer to
Appendix F: Universal Time Conversion Utility on page 191.

Upgrading to OnGuard 2010 Enterprise
Important:

Once you upgrade OnGuard you are prompted to update your SQL Server
data sources to use SQL Server Native Client 10.0 drivers. If you choose not
to update your data sources automatically you will have to do so manually
before your system will function.

To upgrade OnGuard 2010 Enterprise, perform these steps in the order listed.

Verify No Pending Transactions Exist
Verify that all pending transactions have been processed before proceeding.

Archive Visits if using Visitor Management
All signed-out visits at each Regional Server Node and the Master Server Node
must be archived prior to performing the upgrade. Failure to do so will cause all
historic visits to lose their date/time information upon a full replication/download
when using Visitor Management.

Stop Replicator and All OnGuard Services on All
Regional Server Nodes

Important:

156 — revision 1

1.

Confirm that no “To Do” and/or “Failed” transactions exist on the Regional
Server Nodes. If they do, run Replicator until none remain.

2.

Stop all OnGuard services, including LS Replicator, on the Master and
Regional Server Nodes.
OnGuard services should be shut down on all computers. These services
must not be restarted until the upgrade is complete. For those services that
are configured for automatic start up, temporarily change them to manual

Enterprise Setup & Configuration User Guide

start up. All services with the prefix LS and LPS should be shut down. Be
sure all OnGuard applications are closed on all workstations. Users should
not run any OnGuard applications during the installation process.

Back Up All Databases
1.

Back up every database before proceeding, and verify the integrity of the
backup. Refer to “Database Backup and Restoration” in the Installation
Guide for more information

Be sure that everyone is off the system. It is especially important that no
cardholder operations are taking place.

Upgrade the Operating System
Upgrade the operating system on the Master and Regional Server Nodes. To run
OnGuard 2010 Enterprise, the latest approved Windows service pack and
Windows updates (see release notes) are required! Refer to the release notes for
the versions of Windows that are supported. The release notes are located on the
root directory of the OnGuard 2010 Enterprise disc.

Upgrade All Databases
On the Master and Regional Server Nodes, upgrade all databases to SQL Server
2008 with the latest supported service pack as indicated by the release notes.

Install DirectX 9.0
Install DirectX 9.0 on the Master and Regional Server Nodes.

Upgrade the OnGuard Software and Databases
Notes:

In order to run OnGuard 2010 Enterprise, the latest approved Windows
service pack and Windows updates (see release notes) are required!
Your upgrade procedure may vary slightly depending on what build of
OnGuard you have installed.
The cardholder, visitor and asset forms have been expanded and improved to
accommodate simplified localization, improved readability and expanded
contents on each tab. If you have a custom form, you may need to make
some cosmetic adjustments to your forms using FormsDesigner after
upgrading to take advantage of the new expansion. Note that the horizontal

revision 1 — 157

Upgrading to OnGuard 2010 Enterprise

divider bar can now be slightly lowered in FormsDesigner to make more
room for controls that are viewable on all pages.

Note:

If you are using any custom .dll files you must back these up prior to
upgrading the OnGuard software. Back up the custom .dll files now.

Perform the following procedures first on the Master Server Node, then on all
Regional Server Nodes, and finally on all Mobile Stations:
1.

Install (upgrade) to the latest OnGuard build. If you are using a version pre5.11.216, you must first upgrade your master server node to 5.11.216, then
upgrade your regions to the same version. From there, you may proceed to
upgrade your master and then regions to 6.1.

2.

Install the software license.

3.

If you plan on using the browser-based applications then configure database
authentication. This should be done before running Database Setup.

4.

Run Database Setup.

Refer to the detailed instructions that follow.

Upgrade OnGuard 5.11.216 and Later to 2010 Enterprise
1.

Insert the OnGuard 2010 Enterprise disc into a disc drive on a computer
running the Windows operating system.

2.

Click the Windows Start button. Click the Run... popup menu choice. In the
Run window, select setup.exe from the disc drive. Alternatively, you can run
setup.exe from Explorer.

3.

The Microsoft .NET Framework 3.5 SP1 installation wizard begins. Click
[Install] to begin installation. Microsoft .NET Framework 3.5 SP1 must be
installed for some OnGuard features to work correctly.

4.

When prompted, read the Software License Agreement. If you agree to its
terms:
a.

Select the I accept the license agreement option.

b.

Click [Next > ].

5.

When prompted, click [Install].

6.

A status meter will indicate the progress of the upgrade. Once the upgrade is
complete, click [Finish].

7.

Depending on the components that were installed, you may need to reboot
the computer. If you are prompted to do so, reboot the computer.

Install the Software License for This Computer
For more information, refer to Install the New License on page 87.

158 — revision 1

Enterprise Setup & Configuration User Guide

Upgrade the OnGuard Database
After the Enterprise software has been upgraded, the OnGuard database must
also be updated using the Database Setup application (Lnl.OG.DatabaseStp.exe).
To upgrade the OnGuard database:
Important:

The installation and upgrade process assumes your OnGuard database is
called “AccessControl.” If this is not the case you need to modify the
application.config file to correct this. For more information, refer to
Appendix A: The Application.config File on page 175.

Upgrade OnGuard pre-5.11.216 to version 5.11.216
1.

Click the Windows Start button, navigate to Programs > OnGuard 2010
and select Database Setup.

2.

The Welcome window will be displayed. Click [Continue].

3.

In the Choose Task window:
a.

Select the Upgrade database option.

b.

Click [Continue].

4.

When presented with the option to continue or exit, click [Exit] upon
successful completion.

5.

Proceed to now upgrade your Regional Server Nodes to version 5.11.216,
and click [Exit] upon successful completion.

6.

Proceed to upgrade the Master Server Node database to the current version
of OnGuard Enterprise 2010, followed by upgrading the Regional Server
Nodes as well.

Upgrade OnGuard 5.11.216 to OnGuard 2010
1.

Click the Windows Start button, navigate to Programs > OnGuard 2010
and select Database Setup.

2.

The Welcome window will be displayed. Click [Continue].

3.

In the Choose Task window:
a.

Select the Upgrade database option.

b.

Click [Continue].

4.

Click [Exit] upon successful completion.

5.

Proceed to now upgrade your Regional Server Nodes to the current version,
and click [Exit] upon successful completion.

revision 1 — 159

Upgrading to OnGuard 2010 Enterprise

Note:

Remember that the Master Server Node and all Regional Server Nodes must
be updated to OnGuard 2010 Enterprise and their databases must be
upgraded before proceeding.

6.

Run the IntelligentVideo Database Upgrade Utility on any node that has an
IntelligentVideo Server configured on it. The tool is located in the Digital
Video > IntelligentVideo DB Upgrade folder on the Supplemental
Materials disc. For more information, refer to the readme.htm file located in
the same directory.

Manually Update SQL Server Data Sources to use SQL
Server Native Client 10.0 Drivers
This is an optional step that only needs to be performed if you did not
automatically update the data sources at the end of the OnGuard upgrade. To
manually update the SQL Server data sources you need to delete the data sources
and re-add them using the SQL Server Native Client 10.0 drivers. To do this:
1.

In the Administrative Tools section of Control Panel, open Data Sources
(ODBC).

2.

On the User DSN, System DSN, or File DSN tab select any SQL Server data
source used by OnGuard and click [Configure].

3.

Make note of the name, description, and server configurations of the data
source. Click [Cancel].

4.

Delete the data source by selecting it and clicking [Remove].

5.

Click [Add]. The Create New Data Source window opens.

6.

Select the SQL Server Native Client 10.0 driver and click [Finish].

7.

Enter the name, description, and server as it was entered in the data source
you deleted and that you made note of in step 3. The name must be entered
exactly as it was or the data source will not work properly. Click [Next].

8.

Finish entering the configurations for the data source. When complete, click
[Finish].

9.

A summary of the data source will appear. Click [OK] to complete the
creation of the data source.

10. Repeat steps 1-9 for each SQL Server data source used by OnGuard on the
User DSN, System DSN, and File DSN tabs.

Start Replicator on All Regional Servers

160 — revision 1

1.

Verify that the Master Server Node and all Regional Server Nodes have the
same database version.

2.

Start Replicator on all Regional Server Nodes. To do this, click the Windows
Start button, navigate to Programs > OnGuard 2010, and select
Replicator.

Enterprise Setup & Configuration User Guide

Confirm that Replication is Working
Test the functionality (especially using Replicator) and confirm that replication is
working in Replication Administration. You can confirm that replication is in
place by simply adding a dummy access panel at each Regional Server Node
(mark it offline) and then wait for replication to move the bogus panel up to the
master. Once you have confirmed that the bogus panel appears on the Master
Server Node, you may delete it from the Regional Server Node (which will
automatically remove it from the master during replication).
Test a cardholder as well. Do this by adding a dummy cardholder at each
Regional Server Node and then wait for replication to move the bogus cardholder
up to the master. Once you have confirmed that the bogus cardholder appears on
the Master Server Node, you may delete it from the Regional Server Node
(which will automatically remove it from the master during replication).

Perform a Full Download
Perform a full download if upgrading a region from an OnGuard release before
version 6.0 to a version 6.0 or later. Otherwise a full download is not required.
For more information on performing a full download see the Replicator User
Guide.

Run the Universal Time Conversion Utility
For more information, refer to Appendix F: Universal Time Conversion Utility
on page 191.

revision 1 — 161

Upgrading to OnGuard 2010 Enterprise

162 — revision 1

Enterprise System
Administration

Enterprise Setup & Configuration User Guide

Chapter 18: Enterprise System Administration

Scheduling Issues for an Enterprise System
OnGuard Enterprise system is a very powerful system that allows for distributed
access control management in many different Regional Server Nodes, including
Regional Server Nodes located around the world. There are several automated
tasks involving the Regional Server Nodes and the Enterprise Master Server
Node that must be scheduled with care in order to provide the desired
functionality with appropriate load balancing. The main scheduled tasks of
concern are:

Warning

1.

The Lenel Replicator upload and download tasks.
The Replicator application provides the distribution of Enterprise
information (such as hardware, events, cardholder, and asset information)
throughout all Regional Server Nodes and the Master. Cardholder, asset, and
visitor information can be changed at any server and will be distributed back
up to the Master database and out to all Regional Server Nodes. These tasks
are run on the Regional Server Node.

2.

Backup of the servers.
It is imperative that the SQL Server database on all servers be backed up on
a regular basis to be used for disaster recovery. Backup must be run on both
the Master and all Regional Server Nodes.

DO NOT RESTORE any Master, Regional Server, or Distributed ID database! This will
likely corrupt the entire multiple server Enterprise due to the interaction between each
database. DO NOT RESTORE any database without first contacting Lenel.

The administrator of the system must decide how often and at which time(s) each
of these tasks shall be performed. Some general points to keep in mind when
making these decisions are:
•

Running Replicator several times a day reduces multiple-change
conflicts. Where network bandwidth allows, it is often desirable to
incrementally upload and download cardholder changes several times during
the course of a day with the Replicator program. It is recommended that
administrative policies be in place to minimize or completely prevent
modifications to the same cardholders or badges in multiple Regional Server
Nodes. However, in an Enterprise system, it is possible for the same
cardholders and badges to be modified at several Regional Server Nodes on
the same day. Scheduling Replicator to run more often than once per day will
help to minimize the occurrence of conflicts when the same record is
modified at two different Regional Server Nodes and uploaded to the Master.
The current resolution of this type of “collision” is that “the last one in wins”
– meaning the last Regional Server Node to upload changes to that record
will overwrite any existing record. For example:
Record Overwrite Scenario: Regional Server Node1 changes the
deactivate date for badge ID 100. Before receiving the updates from
Regional Server Node1, Regional Server Node2 changes the PIN for badge

revision 1 — 165

Enterprise System Administration

ID 100. Regional Server Node1 does a Replicator upload to upload the
badge change, then Regional Server Node2 does an upload of its badge
change for badge ID 100. Since Regional Server Node2 had not received
Regional Server Node1’s changes, the badge record it uploads has old
deactivate date. Regional Server Node1’s change is lost.
No Overwrite Case Scenario: Regional Server Node1 changes the
deactivate date for badge ID 100. A few hours later its automated Replicator
uploads the change to the Master database. An hour later the automated
Replicator on Regional Server Node2 incrementally downloads Regional
Server Node1’s changes to badge ID 100. Then Regional Server Node2
updates the PIN for badge ID 100 and uploads its change. Since the changes
from Regional Server Node1 were uploaded and downloaded to Regional
Server Node2 in a timely manner, no changes were lost.
•

All Replicator tasks including uploads and downloads should be run at
least every 24 hours.

•

You may wish to have cardholder information replicated more
frequently, depending on how close your Regional Server Nodes are.

•

Backups should be done on a server when there is minimal activity on
the database. Running a backup on a database can significantly decrease the
performance of applications attached to the database. Therefore, backups on
a server should not be scheduled to run at the same time as another task is
running or during normal or peak activity. A backup on a Regional Server
Node should not be scheduled to conflict with the Replicator task nor during
normal business hours. Ideally, the backup of the Master database should not
conflict with any of the Regional Server Nodes’ Replicator tasks.

Implementing a(n) OnGuard Enterprise system requires careful planning of how
these tasks will be scheduled on all Regional Server Nodes throughout the
system. The administrators of the system should be aware of these issues and the
overall scheduling strategy of your organization. A planned schedule must be
drawn up based on estimates of how long each task will take, bearing in mind
that network bandwidth may vary from Node to Node so that task duration will
vary in kind. These estimates must then be verified on a regular basis against the
live system to ensure reasonable accuracy.
A well-balanced schedule has no scheduled tasks that involve the Master
database occur simultaneously. This will result in the best performance for the
task. Most importantly, there are NO tasks scheduled to occur while the Master
database is being backed up.
A few other scheduling notes:
•

166 — revision 1

Technically, there is no problem with having multiple Regional Server
Nodes do a Replicator Upload/Download at the same time. However, aside
from potential performance issues, depending on timing all changes from all
Regional Server Nodes will not make it to all other Regional Server Nodes
(for example, Regional Server Node1 starts its incremental cardholder
download process before Regional Server Node2 has finished its cardholder
uploads).

Enterprise Setup & Configuration User Guide

•

The main impedance to performance on Regional Server Nodes or the
Master Server Node is the database backup. This is the only task that ideally
should be run when no or very little activity is happening on the database.

Important Administrative Tasks for an Enterprise System
Compared to the rich features provided by a(n) OnGuard Enterprise system, the
administrative tasks are relatively simple. However, it is imperative that these
tasks be done on a regular basis as documented here to ensure the ongoing
robustness and smooth operation of the system.

Administrative Tasks for All Servers
1.

Check the results of backups. The results of your backup process should be
verified on a daily basis to ensure there is a current backup to use for disaster
recovery.

2.

Check the Integrity of SQL Server database(s). On at least a weekly
basis, basic maintenance of the SQL Server database(s) should be
performed:
•

Using the SQL Server Enterprise Manager, expand the Regional Server
Node’s database by clicking the “+” next to its name in the Server
Manager tree.

•

Expand the databases.

•

Right-click on the <ServerName>Lenel database, and then select New
Query.

•

In the query editor type the following command:
dbcc checkdb

3.

•

Press <F5> to execute the query.

•

You will see various output in the Messages display – search for any
reported errors. For more information on the dbcc command, see SQL
Server Books Online.

Check the Size of the SQL Server database(s). On at least a weekly basis,
the size of the database should be monitored:
•

Using the SQL Server Enterprise Manager, expand the Regional Server
Node’s server by clicking the “+” next to its name in the Server
Manager tree.

•

Expand the databases and select the <ServerName>Lenel database.
Information about the database is displayed at the right of the tree list.

•

Click on the Space Allocated hotlink menu item at the top of the right
window containing database information.

•

Verify that BOTH the database and the transaction logs are not growing
to unusual sizes. If these values are growing larger than what you
expect, this may indicate that replication may be failing or some other
serious problem may be occurring.

revision 1 — 167

Enterprise System Administration

Note:

The size of the log files can also be viewed on the Enterprise System
Diagnostic Tool form in Replication Administration, which is displayed by
selecting the Enterprise System Diagnostic Tool option from the
Administration menu.
•

If the <ServerName>Lenel database is getting full, this is probably
just an indication that you are storing a large number of events. This
ought to be verified. If the Transaction Log Space is getting full, the
“Truncate Log on Checkpoint” option may not be turned on, or the
LogReader agent may be failing (Regional Server Nodes only).
On a Regional Server Node, the above steps must be repeated for the
“distribution” database. If the “distribution” database is getting full, the
database may not be big enough for your system OR the replication
Push Agent may be failing.

4.

Maintenance of Replicator . On a Regional Server Node, all cardholder,
asset, and visitor changes generate a transaction that is later uploaded to the
Master database. On the master database, cardholder, asset, and visitor are
stored for every Regional Server Node for download. After are processed by
a Regional Server Node’s Replicator program, they are marked as either
Successful or Failed. System administrators must determine why any Failed
have failed (see “Administrative Tasks for Regional Server Nodes” in this
user manual) and periodically purge “Successful” to clear space in the
table. To view and manage cardholder :
a.

Run the Replication Administration program and log into the desired
database.

b.

Beneath the Master in the Enterprise Tree, click “Enterprise
Transactions”.

Additional Administrative Tasks for Regional Server
Nodes
1.

Warning

168 — revision 1

Check the results of Replicator execution on the Regional Server Nodes.
On a daily basis, the results of any scheduled Replicator program runs
should be verified.
a.

Run the Replication Administration program.

b.

Select the desired Regional Server Node in the Enterprise Tree, and
proceed to click “Enterprise Transactions” under Available Views.

c.

The Enterprise form opens. Use it to view . This screen provides
various tools to view, filter, and sort . Be sure to look for failed and
determine the cause of the failure.

d.

Once you have addressed the failure, retry the transaction so that it
becomes a “To do” transaction and gets processed accordingly the next
time Replicator runs.

It is imperative that this task be done on a daily basis. If this task is neglected for even a
week, failed transactions could build up and will cause your Enterprise system’s
performance to deteriorate.

Enterprise Setup & Configuration User Guide

2.

Check the results of Replicator execution on the Master. On a daily
basis, perform the steps described in step 1. On a daily basis, the results of
any scheduled Replicator program runs should be verified. Perform the
above steps on the Master Server Node as well, checking for failed
Cardholder and Asset transactions.
Details about downloaded to Regional Server Nodes can be viewed by
logging into the master database and following the above procedure.

3.

On Regional Server Nodes you should also check to make sure
Hardware as well as log-related data (i.e. events) are being processed.

4.

a.

Run the Replication Administration program and log into the Regional
Server Node’s database.

b.

Select the Regional Server Node in the Enterprise Tree, and proceed to
click “Hardware Transactions” in Available Views.
•

Make sure the timestamp of the next transaction for the Log Record
Transaction is not much older than the last time the Replicator
executed the “Upload Events, User ” task. (This date is usually
about the same as or after the date the Replicator task last executed.
You can check the last time the Replicator executed the task by
clicking the “Replicator Schedule” tab.)

•

Make sure the timestamp of the next transaction for the Hardware
is not much older than the last time the Replicator executed the
“Upload Events, User ” task. (This date is usually about the same as
or after the date the Replicator task last executed. You can check the
last time the Replicator executed the task by clicking the
“Replicator Schedule” tab.)

If you need information or details about what has occurred during Enterprise
operations, you can view the information in the following four text file logs:

Log name

Description

Replicator.log

General operations for the entire process

ReplicatorSys.log

System download

ReplicatorUpDown.log

Incremental upload and download of Cardholder and Asset

ReplicatorUpLog.log

Upload of log-related information (Events and User )

5.

When everything is running fine, the above log files will continue to grow to
an infinitely large size. You should purge these files periodically to prevent
them from occupying too much space on your hard drive. After the files have
been purged, they will automatically be recreated.

revision 1 — 169

Enterprise System Administration

170 — revision 1

Enterprise Setup & Configuration User Guide

Chapter 19: Enterprise Maintenance Procedures

Master Server Node Maintenance
Daily
•

Perform routine backups of databases

•

Monitor disk and database utilization

•

Monitor CPU and bandwidth utilization

•

Repair and maintain all failed transactions in a timely manner

Monthly
•

Perform routine event archive and backup of events to tape

•

Perform routine database maintenance (i.e. SQL Database Maintenance
Plan)

•

Check all text file log sizes under the installation directory logs folder and
purge as necessary

Regional Server Node Maintenance
Daily
•

Perform routine backups of databases

•

Monitor disk and database utilization

•

Monitor CPU and bandwidth utilization

•

Monitor replication
– Under Replication Schedule, check the start, end, and next start times to
make sure that Replicator is running normally
– Under Hardware, check to make sure that the hardware, user, and event
are being updated every time Replicator runs
– Under Enterprise, check all failed transactions and make sure that the
To-Do’s are being replicated
– Repair and maintain all failed transactions in a timely manner

Monthly
•

Perform routine event archive and backup of events to tape

•

Perform routine database maintenance (i.e. SQL Database Maintenance
Plan)

•

Purge successfully replicated transactions

revision 1 — 171

Enterprise Maintenance Procedures

•

172 — revision 1

Check all text file log sizes under the installation directory logs folder and
purge as necessary

Appendices

Enterprise Setup & Configuration User Guide

Appendix A:

The Application.config File
The application.config file is an OnGuard configuration file that is used mainly
to configure database information.
The application.config file is located in C:\Documents and Settings\All
Users\Application Data\Lnl in Windows XP and Windows Server 2003 or
C:\ProgramData\Lnl in Windows Vista, Windows 7, Windows Server 2008,
and Windows Server 2008 R2. By default, the Application Data folder is hidden
in the operating system. If you need guidance in configuring your system to show
hidden files and folders, please consult Microsoft Windows help.
You may use the Configuration Editor utility, located in the OnGuard directory,
to edit the application.config file. You would use this utility if you feel more
comfortable using a user interface instead of Notepad to edit configuration files.
Editing the application.config file and using the Configuration Editor utility
should only be done in extreme circumstances and ideally under the supervision
of a Lenel representative.

Modifying the Application.config File
1.

Note:

Navigate to the application.config file. Do this by:
•

On Windows XP and Windows Server 2003: Navigate to
C:\Documents and Settings\All Users\Application Data\lnl

•

On Windows Vista, Windows 7, Windows Server 2008, and Windows
Server 2008 R2: Navigate to C:\ProgramData\lnl

•

Click the Start button, then select All Programs > OnGuard 2010 >
Configuration Editor.

You must show hidden files and folders to see the application.config file.

2.

3.

Open the application.config file. Do this by:
•

Using Notepad to open the application.config file and edit the desired
settings.

•

Open the Configuration Editor utility. The application.config file opens
automatically.

The settings most commonly edited in the application.config file are:

revision 1 — 175

The Application.config File

Note:

Note:

Note:

If using the Configuration Editor utility: These settings are found in the
ConnectionString section of the App Settings sub-tab. To change it, select
[Edit] next to the ConnectionString field.

•

Initial Catalog: This specifies the name of the database. If you installed
OnGuard, you specified this name during the installation. By default,
this is AccessControl.

•

ConnectionString: This specifies the location of the database you will
be using and the authentication method.
“Data Source=” for SQL Server, the Data Source points to the name
of the machine that hosts the database. If the database resides on the
same machine where database setup will be run from you can use
the name of your machine (that is, COMPUTER1-DT). For Oracle,
the Data Source reflects the SID Service Name.

–

“InitialCatalog=” is the name of the database. If you installed
OnGuard, you specified this name during the installation. By
default, this is AccessControl. If your database is not called
AccessControl you must change this line to have your database’s
name.

If using the Configuration Editor utility: These settings are found in their
corresponding sections of the App Settings sub-tab. To change them, edit
their field text.

•

DatabaseType: This specifies the type of database being used.

•

SchemaOwner: The default is “dbo” for SQL, and “Lenel” for Oracle.

•

SRConnectionString: This refers to the path to the .mdb file.

If using the Configuration Editor utility: The Error Log settings are found on
the Listeners sub-tab. To edit them, edit their corresponding field text.

•

Name: Specifies the name of the listener and must be unique.

•

Filename: Specifies the filename where the log messages are written.

•

Type: Specifies the type of message to be written out in the log.

•

176 — revision 1

–

–

“Singleline” is used to produces a single line of text (usually for
verbose or information type logs).

–

“Text” is used for logs that need more details including a stack trace
(usually for error messages).

Severity - Indicates what level of messages should be written to the log
file
–

“Error” specifies that only errors will be written to the log file

–

“Warning” specifies that only warnings and errors will be written to
the log file

Enterprise Setup & Configuration User Guide

4.

–

“Information” specifies that informational messages as well as
warnings and errors will be written to the log file

–

“Verbose” specifies that everything plus additional verbose tracing
messages will be written to the log file. This generates a lot of
output and should only be enabled for troubleshooting purposes
when instructed by technical support.

Save and close the application.config file. To save using the Configuration
Editor utility, navigate to File > Save.

Application.config File Settings
The following sections describe the most commonly changed settings in the
application.config file in detail. If using the Configuration Editor utility the
fields below may appear slightly different as only the pertinent information is
shown.

ConnectionString
ConnectionString is used to point to the correct database location. There must be
only one uncommented ConnectionString entry in the application.config file.
By default, the line looks like this:
<add key=“ConnectionString” value=“Data
Source=COMPUTER1-DT; Integrated Security=SSPI; Initial
Catalog=AccessControl”></add>
The parameters for ConnectionString include the following:

Data Source
Data Source specifies the name of the computer that hosts the database. If the
database resides on the same computer where Database Setup will be run from
you can use the name of your computer.

Integrated Security
Integrated Security specifies how to authenticate with the database. This is done
by indicating integrated authentication or by providing credentials.
For SQL Server users to use integrated authentication (single sign-on), the
Integrated Security setting should be the following:
Integrated Security=SSPI
For Oracle users to use integrated authentication (single sign-on), the Integrated
Security setting should be the following:

revision 1 — 177

The Application.config File

Integrated Security=True
If Lenel credentials for authentication with the database are stored in the
application.config file then Integrated Security should be set to “No.” You must
also specify the user name and password. In this case, the modified
ConnectionString line would resemble the following:
<add key=“ConnectionString” value=“Data Source=COMPUTER1-DT;
Integrated Security=No; User ID=LENEL; Password=<password>; Initial
Catalog=AccessControl”></add>
Substitute the Lenel user password for <password>.

Initial Catalog
Initial Catalog is the name of the database. If you installed OnGuard, you
specified this name during the installation. By default, this is AccessControl.

DatabaseType
The Database Type specifies the type of database that will be used with the
OnGuard software. By default, the line resembles the following:
<add key=“DatabaseType” value=“SqlServer”></add>

Lnl.LicenseSystem.Client.Host
Lnl.LicenseSystem.Client.Host is used to specify the host name of the machine
running the License Server.
By default, the line looks like this:
<add key="Lnl.LicenseSystem.Client.Host" value="COMPUTER1-DT"></add>

Lnl.LicenseSystem.Client.Port
Lnl.LicenseSystem.Client.Port is used to specify the port the License Server is
listening on (8189 is the default).
By default, the line looks like this:
<add key="Lnl.LicenseSystem.Client.Port" value="8189"></add>

SRConnectionString
SRConnectionString is used to specify the path to where the .mdb file is installed.
By default, the line looks like this:
<add key=“SRConnectionString” value=“Provider=Microsoft.Jet.OLEDB.4.0;
Data Source=C:\Program Files\OnGuard\DBSetup\SR.mdb”></add>

178 — revision 1

Enterprise Setup & Configuration User Guide

Data Source
The path specified in the Data Source must be consistent with where OnGuard is
installed on the system.

SchemaOwner
SchemaOwner is used to specify the path to where the .mdb file is installed.
By default, the line looks like this:
<add key=“SchemaOwner” value=“dbo”></add>
For SQL Server, the default setting is “dbo”.
For Oracle, the default setting is “lenel”.

Error Log
The error log path is specified in the application.config file as well. It must be
set to the path where the logs directory was installed. It is specified in the
following line:
<add filename=“C:\Program Files\OnGuard\logs\LnlLogError.log”
name=“StandardLog” output=“file” severity=“error” type=“text”></add>
The default error log file for the browser-based client applications is
C:\Program Files\OnGuard\logs\LnlLogError.log. The LnlLogError.log
file is separate from the log file that the traditional OnGuard applications write
to, which is LenelError.log.

revision 1 — 179

Enterprise Setup & Configuration User Guide

Appendix B:

Custom Installation of OnGuard
Performing a custom installation allows you to install as few or as many
OnGuard features and applications as you wish.

Performing a Custom Installation
First Time and Existing OnGuard Installation
1.

Begin installing the OnGuard software.

2.

During the installation you are prompted to choose the system type. Select
Custom.

3.

You will be prompted with the custom setup screen. Choose which features
to install.

4.

Continue with the installation by following the installation steps.

Custom Features
The following features are only available with a custom OnGuard installation.

Application Server
This feature installs the Application Server components into your IIS Web server
structure in order to serve Web versions of Area Access Manager, VideoViewer,
Visitor Management, and Visitor Administration. This feature is only supported
on systems running IIS.
Additional steps are required for the configuration of the Application Server. For
more information, refer to Chapter 11: Configuring the Web Application Server
on page 103.

Device Discovery Console
This feature enables the discovery and maintenance of devices on a network or
system. For more information, refer to the Device Discovery Console User
Guide.
If the Device Discovery Console is selected for installation, WinPcap will also be
installed. This is a third-party utility that is needed for the discovery of cameras.
WinPcap has a separate license agreement.

revision 1 — 181

Custom Installation of OnGuard

SkyPoint Integration - Advanced Features
This component installs a security certificate required for communication with
the SkyPoint Base Server. The certificate will be installed to your system’s
Trusted Root Certification Authorities store. This will result in this computer
trusting the OnSSI self-issued certificate and any certificate derived from this
certificate. Consult your IT Administrator before installing this certificate.
This component must be installed on all OnGuard servers and clients that will
utilize the Send Video feature through the SkyPoint Base Server.

182 — revision 1

Enterprise Setup & Configuration User Guide

Appendix C:

Configuring the Communication Server
The OnGuard Communication Server program, which was installed if you chose
the Communication Server installation component, is the software driver for the
access panels. The Communication Server controls all access panels on a
workstation.
The Communication Server can be run as either a program or as a service, but not
as both (see Warning #2 that follows). Running it as a program means that you
will manually start the driver whenever you need it. Running it as a service
means that the driver will be started whenever you start Windows.
There are two ways that the Communication Server can be run on a server
running Windows:
To run the Communication Server as a regular application in windows:
1.

Click the Windows Start button, point to Programs, point to OnGuard
2010, then click Communication Server.

2.

The Communication Server will start. There is no visual indication that the
Communication Server is running, but the Lnlcomsrvr.exe process will be
listed in the Task Manager on the Processes tab.

To run the Communication Server as a service:

Warning

1.

Click the Windows Start button, point to Settings, then click Control Panel.

2.

In the Control Panel window, double-click on Administrative Tools.

3.

In the Administrative Tools window, double-click on Component Services.

4.

In the Services listing window, select the LS Communication Server entry.

5.

Right-click on the LS Communication Server entry and select the
Properties option from the right-click menu.

6.

On the General tab in the Startup type drop-down list, select Automatic.

7.

Click [Start].

8.

Click [OK]

Running the Communication Server as a Windows service has some advantages in that the
service is started automatically upon computer boot-up. For the Communication Server,
there MUST be a SYSTEM DSN named LENEL that points to the access control
database. This should occur automatically during OnGuard installation. If for some reason
it doesn’t, an error message will be displayed.
WITHOUT A LENEL SYSTEM DSN, THE SERVICE WILL NOT BE ABLE TO USE
THE DATABASE. THIS MEANS THAT THE ACCESS CONTROL SERVER WILL
NOT BE ABLE TO PERFORM A FULL DATABASE DOWNLOAD TO THE ACCESS
PANELS IN THE EVENT OF A POWER OR ACCESS PANEL FAILURE.

revision 1 — 183

Custom Installation of OnGuard

Warning

184 — revision 1

The Communication Server can be run only as a Service OR a program, but not as both
simultaneously. If you are running the Communication Server as a Windows service, DO
NOT also run it as a program. If you are running the Communication Server as a Windows
service, you can run it as a program temporarily by highlighting the “LS Communication
Server” entry in the Services window and clicking [Stop].

Enterprise Setup & Configuration User Guide

Appendix D:

The License Server
The License Server has two main functions: it eliminates the hardware dongle on
all client computers and it allows for concurrent licensing of the OnGuard
software. The License Server is installed only on the server, not on client
machines.
A hardware dongle is only needed on the server. Each client computer running
OnGuard uses a software license instead of a hardware dongle.
Concurrent licensing allows you more flexibility of where OnGuard applications
are run. Each OnGuard application has a separate concurrent license count. The
software license is based on the number of computers you wish to run each
separate OnGuard application at the same time. For example, a ten-user
concurrent license for Alarm Monitoring will allow Alarm Monitoring to run on
ten computers at the same time, although Alarm Monitoring may be installed on
more than ten computers.

Important:

The License Server must be run under an administrator account. It MUST be
running whenever any OnGuard applications are running, as well as when
you wish to use the License Administration web application. If the License
Server is not running, OnGuard applications and the License Administration
application will not run.

There are two ways that the License Server can be run on a server running
Windows: as a regular application, or as a Windows service.
•

The License Server is installed as a service by default when the OnGuard
applications are installed on a server running Windows. The License Server
will automatically be started when the server is running.

•

The License Server can also be run as a regular application. This means that
the License Server must be started on the server manually, as you would any
other application.

ACS.INI Settings Related to the License Server
Entries for the Host and Port are automatically entered into the ACS.INI file
when OnGuard is installed. Normally, you should not have to open the ACS.INI
file to adjust these settings. However, if you change the computer that the
License Server is running on, you may need to change the Host and/or Port
settings. The settings are as follows:
•

Host: this should be set to the name of the machine running the License
Server

•

Port: this should be set to the number of the port the License Server is
listening on -- use 8189, which is the default value. If you accepted the
default, it was written into the ACS.INI file. If you entered a different

revision 1 — 185

7KH/LFHQVH6HUYHU

setting, it was written into both the ACS.INI file AND the
…OnGuard\LicenseServerConfig\Server.Properties file. This file is only
created during the install if the port setting was changed. If you want to
change the port setting in the ACS.INI file after the installation (either to a
new setting or back to 8189), then you must also change it in the
Server.Properties file.
Important:

To make changes in the ACS.INI file on a Windows Vista or Windows 7
computer you must right-click on the ACS.INI file and run it as The
Administrator.

License Server Procedures
Running the License Server from the Command Line
1.

Click the Windows Start button, then select Command Prompt.

2.

Change to the directory that contains the License Server executable. This is
the directory where you installed OnGuard, which is C:\Program
Files\OnGuard by default.

3.

Run the command LicenseServer -interactive. This will start the License
Server.

4.

To stop the License Server, press CTRL-C.

Running the License Server in Windows
1.

Click the Windows Start button, then select Programs > OnGuard 2010 >
License Server.

2.

The License Server will start. There is no visual indication that the License
Server is running, but the LicenseServer.exe process will be listed in the
Task Manager on the Processes tab.

Determining if the License Server is Running

186 — revision 1

1.

In Windows, hold down <Ctrl>, <Alt>, <Delete> consecutively, so that they
are all pressed at the same time.

2.

The Windows Security window will open. Click [Task Manager…].

3.

The Windows Task Manager window will open.

4.

Click the Processes tab.

5.

If the LicenseServer.exe process is listed in the window, then the License
Server is running. If LicenseServer.exe is not listed, then it is not running.

Enterprise Setup & Configuration User Guide

Appendix E:

Multi-Region Alarm Monitoring
Multi-Region Alarm monitoring in OnGuard 2010 Enterprise allows for full
hardware control and event monitoring under a single instance of alarm
monitoring. See the diagram and accompanying text below for further
explanation.

Region A
(Parent)

Region B

Region C

(Child)

(Child)

To monitor hardware and events from both Region B and Region C, you would
log into the parent Region for both (Region A). This process is the same for any
number of levels; the login is to the mutual parent of all of the Regions that you
wish to monitor.
Since the Master Server Node can now host hardware, logging into the Master
Server will now allow you to monitor all Regions within a single Alarm
Monitoring instance. The old “Multi-Region Alarm Monitoring” option allowed
multiple instances of Alarm Monitoring to be run on a single computer. This
feature will still exist for those who want to use this method of monitoring
multiple connections but the name has been updated to better reflect
functionality.
Additional useful notes:
•

ODBC connections between all points are not required.

•

Name resolution to all communication servers utilized in the Regional
Server Node(s) you wish to monitor is required. This should exist by
default, provided the system is within a single domain.

revision 1 — 187

Custom Installation of OnGuard

–

–

•

If branches of hardware are appearing offline, name resolution to that
hardware’s communication(s) server would be the first troubleshooting
step.
If you lose connectivity to the communication server once an alarm is
received, you will not be able to acknowledge it until the
communication is restored.

Alarm Replication
– Default alarms do not replicate.
– User defined (“custom”) default alarms (no specific hardware defined)
are not replicated throughout the Enterprise. For example, customize
“Door Forced Open” for a priority of = 60, will not replicate.
– Device specific custom alarms (associated with hardware) are replicated
throughout the Enterprise.
•

•

Alarm Acknowledgement Actions configured for a Region will trigger at
that Region, regardless of where the alarm is acknowledged
•

–
–
•

For example, “Door Forced Open AT THE FRONT DOOR” for a priority
of = 255, will replicate.

For example, “Configure Door Forced Open at the front door” to activate a
siren at the door. Even if this alarm is acknowledged at a different Region,
the siren at the correct door will activate.

The icon indicating associated Alarm Acknowledgement Actions has
been removed due to system performance considerations.
During the acknowledgement process, the user will still receive a pop
up notification of what actions will occur prior to acknowledgement.

Monitor Zones will replicate bi-directionally throughout the entire
Enterprise
– Monitor Zones can only be edited on the ‘owning’ Region and its
parent. The logged in user must also have the necessary segment
permissions to edit the monitoring zone.
– To create a Monitor Zone that includes devices from multiple Regions,
log into the mutual parent server node to create the zone.
– If you log into a Monitor Zone at a lower level than where it was
created, you will only see hardware in the Monitor Zone contained at
that level and down.
•

For example, Monitor Zone is created at Region A which includes
hardware from Region A, B, & C.

•

Monitor Zone replicates to all Regions.

•

If I log into the Monitor Zone at Region C, you will only see hardware in
the Zone for Region C.
If Region C has children whose devices were also included in the Monitor
Zone, you would also see those.
In conclusion, when you log into a Monitor Zone, you only see hardware
that your Regional Server Node is aware of. Since hardware does not
replicate “down”, you would never see hardware from a level above yours
or from a Regional Server Node which would need to replicate to you
through a top-level node.

•

188 — revision 1

Video associations and viewing does not change; it is based on hardware
permission rights.

Enterprise Setup & Configuration User Guide

revision 1 — 189

190 — revision 1

Enterprise Setup & Configuration User Guide

Appendix F:

Universal Time Conversion Utility

Important:

Before running the Universal Time Conversion Utility you should create a
backup of your database. For more information, refer to Chapter 4: Database
Backup and Restoration in the Upgrade Guide.

Important:

Due to limitations regarding data collected during Daylight Saving Time, the
Universal Time Conversion Utility cannot be guaranteed to be 100%
accurate for those dates that fall within Daylight Saving Time. Any
inaccuracies, however, should not cause any problems for your system.

The purpose of the Universal Time Conversion (UTC) Utility is to collect nonUTC dates and times that are contained in reports and convert them to use the
new standard UTC time.
Converting reports to use UTC Time allows users in multiple time zones to see
the same data but in their local time.
The conversion process should be the last step in the upgrade process. If you do
not run the utility then data collected in prior versions of OnGuard will not
display the correct time until the conversion is completed.
The setup process for the UTC Utility occurs after your system and database has
been completely upgraded and after any replication has been completed.
If you restore any archive prior to when the UTC Utility was first run, you will
have to run the utility again.

Universal Time Conversion Utility Enterprise
Considerations
Before running the Universal Time Conversion Utility on an Enterprise system
you must:
•

Complete all replication.

•

Make sure that all of your regional node information has been uploaded to
the master node.

Once replication is complete you must run the UTC utility on the master node
and then perform a system download to the regional nodes.
On the regional nodes you can configure the linkage server and default system
time zone after the system download is complete. If user replication is enabled,

revision 1 — 191

Universal Time Conversion Utility

all user time zone data must be collected at the master node and downloaded to
the regional nodes. If user replication is not enabled, you can configure the user
time zones on the regional nodes as well.

Run the Universal Time Conversion Utility
1.

Click the Start button, then select All Programs > OnGuard 2010 >
Universal Time Conversion Utility. The Universal Time Conversion
Utility starts.

2.

Enter your System Administrator login credentials used to access OnGuard.

3.

On the Welcome screen, read the warning regarding database backups and
select a radio button for your response. If you have created a backup, click
[Next]. To begin the conversion process.

4.

On the System screen, use the drop-down to select the World Time Zone that
will be used as the default time zone in the system. Click [Next].

5.

If you have a Linkage Server host configured, then, on the Linkage Server
screen, select the World Time Zone that will be used by the items associated
with the Linkage Server and click [Next]. You will only see the Linkage
Server screen if your system has the Linkage Server host configured. Click
[Next].

6.

If you have segmented system then, on the Segments screen, choose the
World Time Zone that will be used for the segments.

7.

On the Workstations screen, select the World Time Zone that will be used for
each of the system’s workstations. The options are:
•

Use the system world time zone for all workstations - sets the World
Time Zone on all workstations to match the one set as the default
System World Time Zone.

•

Use the associated segment world time zone for all workstations sets the World Time Zone on all workstations to match the one set on the
segment.
Click [Next].

8.

On the Controllers screen, select the World Time Zone that you intend to
associate with each of the system’s controllers. You may be asked to restart
the communication server before the changes take effect. Click [Next].

9.

If you have a segmented system then proceed to step 10. If you do not have a
segmented system then proceed to step 12.

10. On the Multi-segmented Users screen, select the World Time Zone to
associate with multi-segmented system users. Optionally you can use the
Find User field to search for a specific system user to change. You can also
use the check box to assign the system world time zone to all users. Click
[Next].
11. On the Single Segment Users screen, select the World Time Zone that you
intend to associate with each of the single-segmented system users. These
include the administrator, badge operator, system account, and user. You can

192 — revision 1

Enterprise Setup & Configuration User Guide

also use the check boxes to assign the system or segment world time zone to
all users.
Optionally you can use the Find User field to search for a specific system
user to change. You can also use the segment drop-down
to associate users with the time zone associated with a specific segment.
Click [Next].
12. (For non-segmented systems only) On the Users screen, select the World
Time Zone that you intend to associate each of the system’s users with.
These include the administrator, badge operator, system account, and user.
You can also use the check box to assign the system World Time Zone to all
users.
Optionally you can use the Find User field to search for a specific system
user to change. Click [Next].
13. On the Save screen, the collected data is saved to the database. Select
whether you would like to run the conversion process now or at a later time.
If you choose to run the conversion process immediately, click [Next].
Otherwise, click [Close].
Optionally, you can generate a report of the collected World Time Zone data
by clicking [Generate Report]. This report is exported as a Comma
Separated Value (CSV) file which is best opened in Microsoft Excel.
14. On the Conversion screen, click [Close] once the conversion process has
completed.

revision 1 — 193

Universal Time Conversion Utility

194 — revision 1

Enterprise Setup & Configuration User Guide

Index
A
About accounts ................................................. 151
About this user guide .......................................... 19
Accounts
about .......................................................... 151
ADMIN...................................................... 147
Lenel .......................................................... 147
SA .............................................................. 147
table of accounts ........................................ 147
ACS.INI file
License Server settings .............................. 185
Replicator settings ..................................... 135
Administrative tasks for servers
masters and regions.................................... 167
check backups..................................... 167
check SQL Server database ................ 167
maintain Replicator transactions ........ 168
regions........................................................ 168
check the results of Replicator execution
on the master ........................ 169
check the results of the Replicator
execution on all regions ....... 168
ensure Hardware transaction and log
related data are being
processed .............................. 169
Application server
custom installation ..................................... 181
Application.config ............................................ 175
file settings................................................. 177
modifying................................................... 175
Attach
hardware key................................................ 86
Authentication................................................... 108
B
Backup all databases ......................................... 157
Before installing an Enterprise master or region
server............................................................ 21
Benefits of an Enterprise system ........................ 17
Browser-based clients
configuration.............................................. 111
user permissions......................................... 111
Browser-based reports ...................................... 108
C
Change
database password ..................................... 149
Lenel account password............................. 150

SYSTEM account password using Database
Setup ................................................... 151
system administrator password for the
database .............................................. 151
CheckInterval ACS.INI file setting .................. 135
Checklists
region system setup ................................... 129
ClickOnce ......................................................... 117
Client
Oracle 10g.................................................... 63
Oracle 11g.................................................... 79
Command line - running License Server from . 186
Communication Server - configure................... 183
Concurrent licensing ......................................... 185
Configuration Download Service ..................... 110
Configuration Editor utility .............................. 175
Configure
Communication Server .............................. 183
Distributed ID/Mobile Badging System .... 137
Mobile Badging Station............................. 141
Oracle 10g client software ........................... 63
Oracle 10g server software .......................... 41
Oracle 11g client software ........................... 79
Oracle 11g server software .......................... 67
server to be a Distributed ID Master ......... 140
SQL Server 2008 ......................................... 37
Confirm that Replication is working ................ 161
Create
database ....................................................... 37
login ............................................................. 37
Create the Lenel user
SQL Server .................................................. 37
Custom installation ........................................... 181
Application server...................................... 181
Device Discovery Console ........................ 181
SkyPoint integration .................................. 181
D
Daily maintenance
Master Server............................................. 171
Region Server ............................................ 171
Database authentication for the Web
applications .................................................. 93
Database Setup
change SYSTEM account password.......... 151
running on an Oracle 10g server.................. 61
running on an Oracle 11g server.................. 77
Default accounts and passwords table .............. 147
Deployment....................................................... 117
Determining if the License Server is running ... 186

revision 1 — 195

Index

Device Discovery Console
custom installation ..................................... 181
Dongle........................................................ 86, 185
parallel port.................................................. 86
USB ............................................................. 86
Download all cardholders to the new Enterprise
region ......................................................... 133
DSN connections ................................................ 22
E
Enterprise
application example ..................................... 16
maintenance procedures............................. 171
region ongoing administration................... 135
system administration ................................ 165
system benefits............................................. 17
technology features...................................... 17
Error .................................................................. 119
F
Form Translator ................................................ 104
H
Hardware key ...................................................... 86
parallel ......................................................... 86
USB ............................................................. 86
I
IIS............................................................. 104, 106
Install
DirectX ...................................................... 157
Microsoft SQL Server 2008......................... 31
new OnGuard license................................... 87
OnGuard Enterprise for a Master
Server......................................... 121, 123
OnGuard Enterprise for a Region Server... 128
OnGuard on an Oracle 10g server ............... 58
OnGuard on an Oracle 11g server ............... 75
OnGuard software........................................ 83
Oracle 10g client software ........................... 63
Oracle 10g server software .......................... 44
Oracle 11g client software ........................... 79
Oracle 11g server software .......................... 70
software license ......................................... 158
SQL Server (new installations)
configuring SQL Server ....................... 37
SQL Server 2008 (new installations)
create a login......................................... 37
run new query ....................................... 38
Installation ........................................................ 118
custom........................................................ 181
Installation prerequisites ..................................... 21

196 — revision 1

Internet Information Services ........................... 104
L
LastChecked ACS.INI file setting .................... 135
Lenel account password
change........................................................ 150
Lenel database
configure for Oracle 10g server................... 45
configure for Oracle 11g server................... 71
Lenel user
create on Oracle 10g server ......................... 58
create on Oracle 11g server ......................... 75
License
install ........................................................... 87
License Server
ACS.INI settings........................................ 185
attach the hardware key ............................... 86
determine if running .................................. 186
overview .................................................... 185
procedures.................................................. 186
running from the command line ................ 186
running in Windows .................................. 186
Log files
Replicator.log ............................................ 169
ReplicatorSys.log....................................... 169
ReplicatorUpDown.log.............................. 169
ReplicatorUpLog.log ................................. 169
Login Driver ..................................................... 150
Login for SQL Server ......................................... 37
M
Maintenance
daily for Master Server .............................. 171
daily for Region Server.............................. 171
monthly for Master Server......................... 171
monthly for Region Server ........................ 171
Master Server
installation prerequisites .............................. 21
maintenance ............................................... 171
daily .................................................... 171
monthly............................................... 171
Mobile Badging Station
configuring................................................. 141
definition...................................................... 18
Monthly............................................................. 171
N
Net Configuration Assistant
running on Oracle 10g server ...................... 51
running on Oracle 11g server ...................... 74
New Query - running .......................................... 38

Enterprise Setup & Configuration User Guide

O
ODBC DSN connections .................................... 22
OnGuard............................................................ 147
install ........................................................... 83
installing on Oracle 10g client..................... 66
installing on Oracle 10g server .................... 58
installing on Oracle 11g client..................... 80
new install.................................................... 83
set up OnGuard database ............................. 88
Open architecture technology ............................. 17
Oracle 10g client
configure software ....................................... 63
install OnGuard software............................. 66
install software............................................. 63
Oracle 10g server
configure the Lenel database ....................... 45
create the Lenel user .................................... 58
install OnGuard............................................ 58
install software............................................. 44
installing ...................................................... 41
run Database Setup ...................................... 61
run the Net Configuration Assistant ............ 51
software configuration overview ................. 42
verify that the system works ........................ 56
Oracle 11g client
configure software ....................................... 79
install OnGuard software............................. 80
install software............................................. 79
Oracle 11g server
configure the Lenel database ....................... 71
create the Lenel user .................................... 75
install OnGuard............................................ 75
install software............................................. 70
installing ...................................................... 67
run Database Setup ...................................... 77
run the Net Configuration Assistant ............ 74
software configuration overview ................. 68
verify that the system works ........................ 75
Overview of Enterprise ....................................... 15
Overview of ODBC DSN connections ............... 22
P
Parallel port dongle ............................................. 86
Password change
inform administrators of the password
change................................................. 152
write down ................................................. 152
Passwords
case sensitivity ........................................... 148
change database password ......................... 147
change Lenel account password ................ 150
change the database password ................... 149
change the SYSTEM account password using

Database Setup ................................... 151
change the system administrator password for
the database ........................................ 151
enforcement when using single sign-on .... 147
Login Driver .............................................. 150
maximum length ........................................ 148
minimum length......................................... 148
Oracle......................................................... 148
standards .................................................... 148
strong password enforcement .................... 148
table of default passwords ......................... 147
Perform the common pre-installation steps ........ 21
R
Region Server
administrative tasks ................................... 168
installation prerequisites .............................. 21
maintenance
daily .................................................... 171
monthly............................................... 171
system setup checklist ............................... 129
Replicator
frequency to run......................................... 165
reducing multiple-change conflicts ........... 165
scheduling .................................................. 134
settings in the ACS.INI file ....................... 135
transaction maintenance ............................ 168
upload and download tasks........................ 165
Replicator settings in the ACS.INI file............. 135
Replicator.log file ............................................. 169
ReplicatorSys.log file........................................ 169
ReplicatorUpDown.log file............................... 169
ReplicatorUpLog.log file .................................. 169
Restoring a database .................................. 19, 165
Run
License Server from the command line ..... 186
License Server in Windows ....................... 186
New Query................................................... 38
S
Schedule
Replicator to run automatically ................. 134
Scheduling issues for an Enterprise system ...... 165
Security policy .................................................. 119
Setting up
OnGuard database........................................ 88
SkyPoint integration
custom installation ..................................... 181
Software license........................................... 15, 18
SQL Server
configure SQL Server .................................. 37
create database ............................................. 37
create login .................................................. 37

revision 1 — 197

Index

create the Lenel user .................................... 37
SQL Server 2008
install ........................................................... 31
Start
Replicator on all regions............................ 160
Step ..................................................................... 75
Stop
Replicator on all regions................... 121, 156
Strong password enforcement........................... 148
SYSTEM account password - change .............. 151
System setup checklist
Region Server ............................................ 129
T
Terms to know .................................................... 18
U
Universal Time Conversion Utility................... 191
Upgrade
all SQL Server databases ........................... 157
OnGuard database...................................... 159
OnGuard software...................................... 158
operating system ........................................ 157
USB devices
hardware key................................................ 86
User permissions
browser-based clients................................. 111
V
Verify no pending transactions exist ................ 156
VideoViewer (Browser-based client)
user permissions......................................... 111
Visitor Management installation....................... 115
VMware .............................................................. 89
W
Web Application Server
configuring................................................. 103
custom install ............................................. 103

198 — revision 1

Enterprise Setup & Configuration User Guide

revision 1 — 199

Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, New York 14534 USA
Tel 585.248.9720 Fax 585.248.9185
www.lenel.com
[email protected]