stonelock gateway installation manual - stonelock: …€¦ · · 2018-01-04the migration...
TRANSCRIPT
StoneLock Gateway Installation Manual
v.1.4
2
TABLE OF CONTENTS
SECTION 1 INSTALLATION PREREQUISITS
SECTION 1.1 SYSTEM REQUIREMENTS SECTION 1.2 PACS REQUIREMENTS SECTION 1.3 MIGRATION
SECTION 2 STONELOCK GATEWAY
SECTION 2.1 INSTALLING THE STONELOCK GATEWAY WINDOWS VIRTUAL SYSTEM SECTION 2.2 INSTALLING THE STONELOCK GATEWAY LINUX SYSTEM SECTION 2.3 INSTALLING THE STONELOCK GATEWAY HARDWARE SYSTEM SECTION 2.4 ESTABLISHING A SECURE SSH TUNNEL FOR PACS COMMUNICATION SECTION 2.5 CLUSTERING FOR ENTERPRISE
SECTION 3 PACS INTEGRATION SETUP
SECTION 3.1 AMAG SYMMETRY SECTION 3.1.1 AMAG SHIM SETUP SECTION 3.1.2 SETTING UP DEVICES IN SYMMETRY SECTION 3.1.3 SETTING UP SYMMETRY USERS AS STONELOCK USERS SECTION 3.1.4 REMOVING AN SYMMETRY USER FROM A STONELOCK DEVICE SECTION 3.2 AVIGILON ACM SECTION 3.2.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO ACM SECTION 3.2.2 SETTING UP DEVICES IN ACM SECTION 3.2.3 SETTING UP ACM USERS AS STONELOCK USERS SECTION 3.2.4 REMOVING AN ACM USER FROM A STONE LOCK DEVICE SECTION 3.3 GENETEC SECURITY CENTER THIS SPACE INTENTIONALLY LEFT BLANK SECTION 3.4 HIRSCH VELOCITY SECTION 3.4.1 HIRSCH SHIM SETUP SECTION 3.4.2 SETTING UP DEVICES IN VELOCITY
3
SECTION 3.4.3 SETTING UP VELOCITY USERS AS STONELOCK USERS SECTION 3.4.4 REMOVING A VELOCITY USER FROM A STONELOCK DEVICE SECTION 3.5 HONEYWELL PROWATCH SECTION 3.5.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO PROWATCH SECTION 3.5.2 SETTING UP DEVICES IN PROWATCH SECTION 3.5.3 SETTING UP PROWATCH USERS AS STONELOCK USERS SECTION 3.5.4 REMOVING A PROWATCH USER FROM A STONELOCK DEVICE SECTION 3.6 LENEL ONGUARD SECTION 3.6.1 LENEL SHIM SETUP SECTION 3.6.2 SETTING UP DEVICES IN ONGUARD SECTION 3.6.3 SETTING UP ONGUARD USERS AS STONELOCK USERS SECTION 3.6.4 REMOVING AN ONGUARD USER FROM A STONELOCK DEVICE SECTION 3.7 S2 SECTION 3.7.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO S2 Section 3.7.2 Setting up Devices in S2. Section 3.7.3 Setting up S2 Users as StoneLock Users Section 3.7.4 Removing a S2 user from a StoneLock Device SECTION 3.8 SOFTWARE HOUSE CCURE 9000 SECTION 3.8.1 CCURE SHIM SETUP NON-ENTERPRISE SECTION 3.8.2 CCURE SHIM SETUP ENTERPRISE SECTION 3.8.3 SETTING UP DEVICES IN CCURE SECTION 3.8.4 SETTING UP A STONELOCK OPERATOR IN CCURE SECTION 3.8.5 SETTING UP CCURE USERS AS STONELOCK USERS SECTION 3.8.6 EVENTS IN MONITORING CLIENT SECTION 3.8.7 REMOVING A CCURE USER FROM A STONELOCK DEVICE
SECTION 4 STONELOCK WEB CLIENT (WITH PACS INTEGRATION)
SECTION 4.1 PREPARING A USER PROFILE FOR ENROLLMENT SECTION 4.2 ENROLLMENT SECTION 4.3 VERIFICATION TRANSACTIONS SECTION 4.4 HEALTH MONITORING SECTION 4.5 MANAGEMENT TRANSACTIONS SECTION 4.6 GATEWAY LOG
4
SECTION 4.7 ANALYSIS
SECTION 5 STONELOCK WEB CLIENT (STANDALONE)
SECTION 5.1 CREATING AN ACCESS GROUP SECTION 5.2 REMOVING AN ACCESS GROUP SECTION 5.3 CREATING A DEVICE SECTION 5.4 DELETING A DEVICE SECTION 5.5 ADDING A NEW USER SECTION 5.6 EDITING A USER SECTION 5.7 DELETING A USER SECTION 5.8 ENROLLMENT SECTION 5.9 VERIFICATION TRANSACTIONS SECTION 5.10 HEALTH MONITORING SECTION 5.11 MANAGEMENT TRANSACTIONS SECTION 5.12 GATEWAY LOG SECTION 5.13 ANALYSIS
Section 1 Installation Prerequisites Section 1.1 System Requirements
• Native Linux based o Ubuntu 14 though 17 o Debian 8 and 9 o RHEL 6 and 7 o Fedora 17 through 26 o CentOS 6 and 7
• Windows VirtualBox based o Windows 7, Windows 10, Windows Server 2012, 64Bit System. o Minimum 32 GB RAM o Minimum 15GB Hard Drive space available. o Single available NIC
• Hardware based o Network drop.
Section 1.2 PACS Requirements
5
Each PACS system has its own prerequisite before the StoneLock Gateway integration will run. These prerequisites are not available from StoneLock and must be obtained through the Access Control manufacturer.
• AMAG Symmetry – Open XML, Data Connect
• Avigilon ACM – N/A
• Genetec Security Center – Coming soon
• Hirsch Velocity – Velocity SDK
• Honeywell ProWatch - HSDK
• Lenel OnGuard - DataConduIT
• S2 – Coming soon
• Software House CCURE 9000 – Site License, Victor Web Services license.
Section 1.3 Migration These procedures can be used to migrate all user templates in the following scenarios:
• Upgrading from a previous non-gateway integration to the StoneLock gateway.
• Upgrading from the SLN (StoneLock Network Software) to the StoneLock Gateway.
• Moving between PACS, i.e. From CCURE to Avigilon. These steps are not required if a StoneLock integration has not been installed prior to the StoneLock Gateway, or if the previous Install was the StoneLock Gateway and the PACS is not changing. Before starting a migration, you will need to get a list of all of the users in the StoneLock devices and their StoneLock IDs. In order to merge the profiles with the new integration the StoneLock IDs will need to remain the same. Note: Before performing the Migration procedure, read through steps 1-9 carefully. Failure to follow the steps can lead to the loss of all user templates in the StoneLock devices forcing re-enrollment. Back up your current database. Users may be pulled off the device temporality as they are migrated with the new integration. To not interrupt activity, it is recommended that this migration be performed during off peak hours.
1. Stop the previous integration driver. 2. Preform the StoneLock Gateway install per Section 2 of the StoneLock Gateway Installation manual. 3. Do NOT create the StoneLock Devices in the PACS at this time. Doing so will cause the Gateway to delete the users. 4. Do NOT start the shim for the PACS. Note: If you are using the pre-gateway integration with the same PACS, the devices created with the old integration will not affect this process. This applies to the devices created per the StoneLock Gateway Installation manual. 5. Open a terminal session in the StoneLock Gateway.
a. Type cd /sl_applications and hit enter.
6
b. Type sudo ./sl_migration and hit enter. i. The password is slgateway.
The migration application will run and move the users to the migration archive in the StoneLock Gateway. The application will stop itself and the command line will be redisplayed. Do NOT proceed to Step 6 until the command line is present.
6. Perform the PACS setup per Section 3 of the StoneLock Gateway Installation Manual. Note: You can now create the new devices based on the PACS setup instructions. Enter the StoneLock ID (User ID) for the users exactly as they were in the StoneLock Device. If the PACS does not have the ability to create the StoneLock ID, continue to step 7 and enter the StoneLock ID in step 8. 7. Start the StoneLock Gateway service.
a. In a Terminal Session in the Gateway enter systemctl start slg.service and hit enter. b. The password is slgateway.
8. In the Token Management tab of the StoneLock Web Client, enter the StoneLock ID (User ID) for each user exactly as it was in the StoneLock device prior to the Migration process.
9. Restart the StoneLock Gateway service a. In a Terminal Session in the StoneLock Gateway, enter systemctl restart slg.service and hit enter. b. The password is slgateway.
The users will now be pushed back to each device based on the Access associated in the PACS. Provided the same StoneLock ID (User ID) was used for each user, the templates will still be on the devices.
Section 2 StoneLock Gateway The StoneLock Gateway is designed to allow multiple StoneLock devices integrate with existing PACS systems. It is a Linux based solution that can run natively in a Linux environment, in Windows via VirtualBox, or on a standalone piece of hardware. If the Gateway is to be run in a Linux environment, a separate piece of hardware, or if running the virtual system, the Windows services for Lenel OnGuard, AMAG Symmetry, and Hirsch Velocity will need to be installed on the server housing the PACS. See Section 2.4. The StoneLock Gateway handles all communication to and from the StoneLock devices.
Section 2.1 Installing the StoneLock Gateway Windows Virtual System
7
1. Installation of the StoneLock Gateway requires the StoneLock Gateway installation kit. The installation kit consists of one file: * ** a. StoneLock_Gateway.MSI
*See Section 3.8 Software House CCURE 9000 for the additional file requirements for the CCURE integration. ** See Section 3.1 AMAG Symmetry for the additional file requirements for the AMAG integration.
2. Before starting: a. Ensure that the person installing the software has a Windows login which has administrator rights to the server and is a
valid user of the PACS the StoneLock Gateway is being installed with. b. Verify that every StoneLock device is on the network and can be reached, via ping, from the location the StoneLock
Gateway will be installed. 3. Setting up the Computer to run the installation kit.
Note it may be necessary to run the msi as an administrator. If your system is not already set up to allow an msi to run as an administrator do the following steps a-n. If your system already allows msi files to be run as an administrator, skip to step 4. a. Click on Start menu and search for “Run”. b. Open “Run”. c. Type regedit in the “Open” field and click OK.
Fig 2.1.1
d. Click the arrow next to HKEY_CLASSES_ROOT.
8
Fig 2.1.2 e. Scroll down until you find Msi.Package.
Fig 2.1.3
f. Click the arrow to the left of Msi.Package. g. Right click on shell. h. Click on New Key and create new Key. i. Name the Key runas.
Fig 2.1.4
j. Right click on “Default”, click Modify and type Install as $administrator in the Value data field. Click OK.
Fig 2.1.5
k. Right click on runas, click New Key and create new Key.
9
l. Name the Key command.
Fig 2.1.6
m. Right click on “Default”, click Modify and type msiexec /i “%1” Click OK.
Fig 2.1.7
n. Click on File then exit. 4. Run the StoneLock_Gateway.msi as an administrator.
Note: A CMD window will pop up and stay up through the process of the install. If you see the Successfully processed line show 0 files and the Failed processing line show 1, stop the install. Uninstall the StoneLock Gateway using the Windows Uninstall Programs and Features. Once uninstalled verify Steps 1-4 were accomplished and repeat step 4.
10
Fig 2.1.8 5. A 7-Zip setup box will appear. Click Install.
Note: If you already have 7-zip installed on the system click Cancel.
2.1.9
6. If you get the message “You must restart your system to complete the installation. Restart now?” Click No.
Fig 2.1.10
7. When the green bar is full it will show 7-Zip 16.04 (x86) is installed. Click Close.
11
Fig 2.1.11
8. Oracle VM VirtualBox 5.1.14 Setup will appear. Click Next.
a. If you already have VirtualBox installed on the system click Cancel.
Fig 2.1.12
9. Click next on the Custom set up screen. Use the default install options.
12
Fig 2.1.13
10. Click next on the feature setup box. Use the default install options.
13
Fig 2.1.14
11. Click Install on the Ready to Install screen. 12. Uncheck the “Start Oracle VM VirtualBox 5.1.14 after installation” box. Click Finish.
14
Fig 2.1.15
7-Zip will unpack the necessary files to run the Gateway. When the install hits 100% the install application will quit, and go back to the desktop. Wait until this has fully completed before proceeding to step 19.
15
Fig 2.1.18
13. Double click on the Oracle VM VirtualBox desktop icon. 14. Click on Settings.
Fig 2.1.19
15. Click on Network. 16. Click on the “Attached to” dropdown. 17. Select the network adapter for the computer from the list.
Note: Depending on the network infrastructure, the Attached to drop down may need Bridged or NAT, etc.… If unsure, get with the local Network support team.
16
Fig 2.1.20
18. Click on Advanced. 19. Click on the Promiscuous Mode dropdown. 20. Select “Allow All”. Click OK.
Fig 2.1.21
21. Click the green Start arrow to launch the VirtualBox VM.
17
22. VirtualBox will open in a new window. Note: The VM will display messages along the top of the screen warning that the mouse and keyboard are not connected. Ignore these messages and click the “x” on the top right. The mouse and keyboard are automatically synced between the VM and the computer where the VM is installed. Note: The Lubuntu operating system, in the VM, may display a system error message. If this is displayed click “cancel”. This message is a nuisance message and has no bearing on the operation of the StoneLock Gateway.
23. Find the IP of the StoneLock Gateway. To obtain the IP of the VirtualBox VM, left click the icon of two monitors on the bottom right of the screen and click on Connection Information. See Fig 2.1.23. Write this IP down. It will be needed for Section 4 StoneLock Web Client.
Note: The VM defaults to DHCP. If the local network does not support DHCP, click on the Edit Connection link and change the IPv4 to a static IP address on the local network. Do not change it to the same IP address as the Windows machine that the VM is installed on.
Fig 2.1.23
24. Minimize the VirtualBox VM and prcoceed to Section 3 to set up the integraion with your PACS system. Note: Do not proceed with step 25 unitl you have completed the setup with the PACS.
25. Proceed to Section 2.4 to set up tunnel communication between the StoneLock Gateway and the PACS system. 26. Power the VirtualBox VM down by clicking the “X” in the top right of the window. 27. Select the Power Off the Machine option. Click OK. 28. In the VirtualBox VM click the black down facing arrow next to the green Start arrow. 29. Select the Headless Start option.
a. This will start the StoneLock Gateway in the background. 30. Close the VirtualBox Manager.
18
Fig 2.1.24
Section 2.2 Installing the StoneLock Gateway Linux System The StoneLock Gateway can be installed directly on a Linux system. The install kit for the StoneLock Gateway Linux System consists of a single file. * **
• sl_gateway_build_X_X_X.tar.bz
*See Section 3.8 Software House CCURE 9000 for the additional file requirements for the CCURE integration. ** See Section 3.1 AMAG Symmetry for the additional file requirements for the AMAG integration.
1. Place the sl_gateway_build_X_X_X.tar.bz file on the Linux system. It can be placed in any folder. 2. In a terminal session cd into the folder that the tar file was opened in.
19
3. Type sudo tar -xzvf sl_gateway_build_X_X_X.tar.bz and hit enter. Replace the (X) with the version number listed in the file
name.
4. In terminal cd into the build_package directory created by Step 3.
5. Type sudo ./builder_script.sh and hit enter. The install will begin. When the command prompt reappears, the install is
complete. 6. Find the IP Address of the Linux Server/computer.
a. Open a Terminal session i. Type ifconfig at the prompt and hit enter. ii. The IP Address will be listed at the top after inet addr:
b. Write the IP Address down for later. 7. Type systemctl status slg.service and hit enter. 8. Ensure is shows the slg.service is running. If not type systemctl start slg.service at the command prompt and hit enter. 9. Repeat Step 5 for the following services:
a. systemctl start slg_web_server.service b. systemctl start sl_cluster.service
10. At the prompt type cd /etc/stone_lock and hit enter. 11. Type gedit config.gateway.json and hit enter. 12. The configuration file will open in a new window. 13. If the PACS system adds an offset number to the cards, add that offset number in the card_number_offset field.
a. This field is defaulted to 0 for no offset applied. 14. Change the Network Subnets field to include all of the subnets which have StoneLock devices. The StoneLock Gateway can
communicate to devices on multiple subnets via the network router. 15. If using TLS, click the check box next to TLS Enabled. 16. Enter the password for the certificate in the TLS Encryption Password Seed box. 17. Enter the activation length of the certificate in the TLS Certificate Active Days box.
20
Fig 2.3.1
18. At the prompt in the Terminal session type systemctl restart slg_web_server.service and hit enter. 19. Proceed to Section 3 to set up the PACS communication 20. Proceed to Section 2.4 to set up the Tunnel to communicate to the PACS. 21. If connecting multiple StoneLock Gateways together follow Section 2.5 Clustering for Enterprise. 22. At the prompt in the Terminal session type systemctl restart slg_service and hit enter.
Section 2.3 Installing the StoneLock Gateway Hardware System The StoneLock Gateway comes preloaded on an Intel NUC. The NUC can be installed at any location provided it has a hardwired network connection available.
1. Connect the NUC to a keyboard, mouse, monitor, and the local network. 2. Turn on the NUC by pressing the power button on the top of the NUC. 3. Find the IP Address of the NUC using one of the following:
a. Left Click on the double arrows in the top right of the display. i. Left Click on Connection Information. ii. The IP Address of the NUC is displayed in the IPv4 section.
b. Left Click on the Power Icon on the top right of the display. i. Left Click on System Settings.
21
ii. Left Click on Network. iii. Left Click on Wired at the left. iv. The IP Address is displayed in the IPv4 Address field.
c. Open a Terminal session by clicking on the Terminal Icon on the left or using Ctrl-Alt-T. i. Type ifconfig at the prompt and hit enter. ii. The IP Address will be listed at the top after inet addr:
d. Write the IP Address down for later. 4. Open a Terminal session if not already open by clicking on the Terminal Icon on the left or using Ctrl-Alt-T. 5. Type systemctl status slg.service and hit enter.
a. Ensure is shows the slg.service is running. If not type systemctl start slg.service and hit enter. i. The password is slgateway.
6. Repeat Step 5 for the following services: a. systemctl start slg_web_server.service b. systemctl start sl_cluster.service
7. At the prompt type cd /etc/stone_lock and hit enter. 8. Type sudo gedit config.gateway.json and hit enter. 9. The configuration file will open in a new window. 10. If the PACS system adds an offset number to the cards, add that offset number in the card_number_offset field.
a. This field is defaulted to 0 for no offset applied. 11. Change the Network Subnets field to include all of the subnets which have StoneLock devices. The StoneLock Gateway can
communicate to devices on multiple subnets via the network router. 12. If using TLS, click the check box next to TLS Enabled. 13. Enter the password for the certificate in the TLS Encryption Password Seed box. 14. Enter the activation length of the certificate in the TLS Certificate Active Days box.
22
Fig 2.3.1
15. At the prompt in the Terminal session type systemctl restart slg_web_server.service and hit enter. a. The password is slgateway.
16. Proceed to Section 3 to set up the PACS communication 17. Proceed to Section 2.4 to set up the Tunnel to communicate to the PACS. 18. If connecting multiple StoneLock Gateways together follow Section 2.5 Clustering for Enterprise. 19. At the prompt in the Terminal session type systemctl restart slg.service and hit enter.
a. The password is slgateway.
Section 2.4 Establishing a Secure SSH Tunnel for PACS Communication The Windows services for Lenel OnGuard, AMAG Symmetry, and Hirsch Velocity are required to run on the same server as the PACS system. The SSH Tunnel allows the StoneLock Gateway to be installed on a separate Windows or Linux server, or on a separate piece of hardware like the StoneLock Gateway Hardware System. The StoneLock Gateway VirtualBox VM also uses the Tunnel to communicate with the PACS system, even if installed on the same server.
1. Open Notepad as an Administrator. 2. Select File and click Open 3. Navigate to the Program Files>StoneLock folder. 4. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt)
23
5. Select the config_XXXX.XML file that correlates to the correct PACS and click Open. o config_amag o config_hirsch o config_lenel
6. Enter the IP Address of the machine/server housing the StoneLock Gateway in the <external_ditrectory> field. Example: If the StoneLock Gateway is at 192.168.1.231, the external directory field will be: <external_directory>\\192.168.1.231\SLGateway_SAMBA</external_directory>
Fig 2.4.1 7. Select File and click Save. 8. Close the Notepad session.
The Secure SSH Tunnel is now set up. When the PACS setup is complete, the Shim will push the data via the tunnel to the Gateway.
Section 2.5 Clustering for Enterprise Multiple StoneLock Gateways can be connected together to push user templates between the gateways. This capability allows the StoneLock Gateway to be Enterprise compatible. This feature also allows the ability to move a user template between different PACS systems, provided the StoneLock ID (User ID) is the same in the different systems. For a CCURE Enterprise system, the StoneLock Gateway would be installed on each SAS that a StoneLock device is installed on. For a Lenel Enterprise System, the StoneLock Gateway would be installed on each Region that a StoneLock device is installed on.
1 Ensure the Users have the same StoneLock ID (User ID) on each gateway. a. The StoneLock Gateway Cluster service uses the StoneLock ID (User ID) to match users in the archive. The users template will not be
merged if the StoneLock ID (User ID) does not match.
24
2 Open a Terminal session in the StoneLock Gateway. 3 At the prompt type systemctl stop sl_cluster.service. and hit enter.
a. The password is slgateway.
4 At the prompt type cd /etc/stone_lock and hit enter. 5 Type sudo gedit config_cluster.json and hit enter.
a. The password is slgateway. 6 The configuration file will open in a separate window. Enter the IP Address of the other StoneLock Gateways. Not to include the current
Gateway. a. The default number of members in the configuration file is 4. Add additional members as needed by following the same format
used for the default members.
Fig 2.5.1
7 Click Save then the red X in the top corner. 8 At the prompt in the Terminal session type systemctl start sl_cluster.service and hit enter.
a. The password is slgateway. 9 Repeat Steps 1-9 for all gateways that will be communicating to each other.
25
Section 3 PACS Integration Setup The following sections will show how to setup the StoneLock Gateway with the following PACS.
• AMAG Symmetry
• Avigilon ACM
• Genetec Security Center
• Hirsch Velocity
• Honeywell ProWatch
• Lenel OnGuard
• S2
• Software House CCURE 9000
Section 3.1 AMAG Symmetry Section 3.1.1 AMAG Shim Setup The StoneLock Gateway uses a windows service named AMAG_Shim to communicate between Symmetry and the gateway. The AMAG_Shim will be installed in one of two ways.
• The StoneLock_Gateway.MSI o Part of the Main VirtualBox VM install.
• The StoneLock_Shims.MSI o Run the MSI file. The Shim will be installed in the Program Files\StoneLock folder.
The person installing the AMAG_Shim will need the valid Windows user name and password to access the AMAG Symmetry.
1. Open a CMD prompt. 2. Type ipconfig and hit enter to find the IP address of the server/computer that Symmetry is installed on.
26
Fig 3.1.1.1 3. Write this IP address down for a later step. 4. Open Notepad as an Administrator. 5. Select File and click Open 6. Navigate to the Program Files>StoneLock folder. 7. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 8. Select the AMAG_Shim.exe.config file and click Open. 9. In the line that begins with <endpoint address= replace the IP address with the IP address recorded in step 3 above.
27
Fig 3.1.1.2 10. Select File and click Save. 11. Select File and click Open. 12. Navigate to the Program Files>StoneLock folder. 13. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 14. Select the config_amag.xml file and click Open. 15. In the <userpwd> feild, enter the user name and password for the Symmetry log on.
Note: This file defaults to the AMAG default user name and password of installer:install. If that is still active you do not need to change this field.
16. Enter the name of the server that houses the AMAG databases in the <datasource> field.
28
Fig 3.1.1.3
17. Select File and click Save. 18. Open the Windows Services application. 19. Scroll down to the AMAG_Shim service.
Fig 3.1.1.6 20. Right click on the AMAG_Shim service click on Properties. 21. Click on the Log On tab. 22. Click on the circle next to This account.
29
23. Enter the account information that has access to Symmetry.
Fig 3.1.1.7 24. Click on the General tab. 25. Select applicable Startup type, from the Startup Type dropdown, for the location.
a. Automatic is recommended in the event of a computer/server reboot. 26. Click Apply. 27. Click OK. 28. Start the AMAG_Shim service.
Section 3.1.2 Setting up Devices in Symmetry Any users in Symmetry can be set up as a StoneLock device reader.
1. Open the reader in Symmetry that the StoneLock device will be associated with. 2. At the end of the reader name in the Description field enter an underscore _ followed by the last six digits of the device MAC
address. These six digits are also the serial number of the control box.
30
Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:03:2f. If that device is to be associated with Symmetry Reader Test, the reader name in Symmetry will be test_10:03:2f. See Fig 3.1.2.1
Fig 3.1.2.1
3. Click Ok to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in Symmetry and display it in the Remote Enrollment and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.
Note: The reader needs to be included in an active Clearance in Symmetry in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.
Section 3.1.3 Setting up Symmetry Users as StoneLock Users Any Symmetry user that has been assigned an access right that includes a Symmetry reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client.
31
The following changes to an Employee or Card are automatically updated on the StoneLock device.
• First Name
• Last Name
• Card Number
• Card Status. The following status messages will display on the StoneLock device based on the Card status:
o Card Status of Card Lost- Illegal User (Will display as Alarm Blacklist in the Symmetry Alarm Monitoring and the StoneLock Web Client)
o Card Status of Stop- Illegal User (Will display as Alarm Blacklist in the Symmetry Alarm Monitoring and the StoneLock Web Client)
o Card Status of Inactive- Illegal User (Will display as Alarm Blacklist in the Symmetry Alarm Monitoring and the StoneLock Web Client)
Note: Denied events for Card Status and Verification failures will be displayed in the Alarm Monitoring window of Symmetry. Successful events will be displayed in the Activity Monitoring Window along with the Successful events from the Panel.
Fig 3.1.3.1
• The User ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrollment.
Section 3.1.4 Removing a Symmetry user from a StoneLock Device Symmetry users are associated to StoneLock devices based on their Access Rights in Symmetry. To delete that user from a StoneLock device, remove that Access Right from that user then click update device in the StoneLock Web Client when the user is removed from the tree. The device associated with that Access Right will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in Symmetry. See Section 4 StoneLock Web Client.
32
Section 3.2 Avigilon ACM Section 3.2.1 Configuring the Gateway to communicate to ACM
1. Bring up a Terminal session. In Ubuntu use Ctrl-Alt-T on the keyboard. 2. At the command line in the Terminal window type cd /etc/stone_lock/ Hit enter.
Fig 3.2.1.1
3. Type sudo gedit config_avigilon.xml Hit enter. Type in slgateway for the password and hit enter.
Fig 3.2.1.2
4. In the <acm url> field enter the IP address for the Avigilon ACM. a. This can be found by looking at the URL used to access ACM or login to ACM click Settings>Appliance>Ports. The
address is listed under Ethernet ports.
33
Fig 3.2.1.3
5. Click Save. 6. On the comand line in the terminal type systemctl enable avglshim.service then hit enter. Type slgateway for the password and
hit enter. It may require it to be entered twice.
Fig 3.2.1.4 7. On the comand line in the terminal type systemctl start avglshim.service then hit enter. Type slgateway for the password and hit
enter.
34
Fig 3.2.1.5
Section 3.2.2 Setting up Devices in ACM Any door in ACM can be set up as a StoneLock device reader.
1. Click on the Physical Access tab in ACM 2. Click on Doors and Click on the +Add New Door button. 3. Enter a device name, based on the naming convention rules of ACM. 4. Under the Alt Name field assign the last six characters of the devices’ MAC address. The last six characters of the MAC address
will always be the six characters of the control units’ serial number. For example, the Alt Name in Fig 3.2.2.1 is 10:03:3a. The serial number listed on the sticker of the control box for that device is C-10033A.
Fig 3.2.2.1
35
5. Set the Door mode to Card Only, or Card and Pin. Note: This does not affect the Verification mode on the device. This is a required setting in ACM to enable the StoneLock Device to become Active in the StoneLock Gateway.
6. Click Save. 7. Add the door to the correct Access Group. The schedules for that door, and all StoneLock users assigned to that Access Group,
will automatically be pushed to that door.
Section 3.2.3 Setting up ACM Users as StoneLock Users 1. Select the ACM user from the Identity list that will become a StoneLock user. 2. Under the External System ID, enter the number that will be that users StoneLock ID. This number may be from 2-18 numbers
long. See Fig 3.2.3.1 Note: the StoneLock device will allow IDs from 1-18 numbers long, but the External System ID field will not accept a single digit.
Users are pushed to each StoneLock device on the network based on their Access Group assigned in ACM.
Fig 3.2.3.1 The following changes to an Identity or Token are automatically updated on the StoneLock device:
• First Name
• Last Name
• Token Internal Number (This is the number that is sent to the device for the card number of the user).
• Token Status. The following status messages will display on the StoneLock device based on the token status. o Token Status of Expired- Expired User (Will display as Expired in the StoneLock Web Client).
o Token Status of Inactive- Illegal User (Will display as Blacklist in the StoneLock Web Client)
o Token Status of Not Yet Active- Illegal User (Will display as Blacklist in the StoneLock Web Client)
36
• The External System ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrollment.
See Section 4 StoneLock Web Client for enrollment and device user type.
Section 3.2.4 Removing an ACM user from a StoneLock Device ACM users are associated to StoneLock devices based on their Access Group in ACM. To delete that user from a StoneLock device remove that Access Group from that user. The device associated with that Access Group will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in ACM. See Section 4 StoneLock Web Client.
Section 3.3 Genetec Security Center This Space Intentionally Left Blank
Section 3.4 Hirsch Velocity The StoneLock Gateway integration with Velocity requires a valid SDK license obtained from Hirsch directly. To install the SDK license, refer to the documentation provided by Hirsch.
Section 3.4.1 Hirsch Shim Setup The StoneLock Gateway uses a windows service named Hirsch_Shim to communicate between Velocity and the Gateway. The person installing the Hirsch_Shim will need the valid Windows user name and password to access the Velocity SDK.
1. Navigate to the Hirsch PSG folder were the Velocity SDK is installed in. 2. Open the Velocity SDK folder. 3. Copy the sdklicense.txt file. 4. Move the copy of the sdklicense.txt file to the StoneLock folder created by the StoneLock Gateway install. This defaults to
“C:Program Files\StoneLock”. You will see the Hirsch_Shim.exe file in this same folder. They need to be located in the same folder.
5. Open Notepad as an Administrator. 6. Select File and click Open 7. Navigate to the Program Files>StoneLock folder. 8. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 9. Select the config_hirsch.xml file and click Open.
37
10. Enter the name of the server that houses the Hirsch databases in the <datasource> field.
Fig 3.4.1.1
11. Select File and click Save. 12. Open the Windows Services application. 13. Scroll down to the Hirsch_Shim service.
Fig 3.4.1.2 14. Right click on the Hirsch_Shim service click on Properties. 15. Click on the Log On tab. 16. Click in the circle next to this account. 17. Enter the account information that has access to Velocity.
38
Fig 3.4.1.3 18. Select the General tab. 19. Select applicable Startup type for the location.
a. Automatic is recommended should the event of a computer/server reboot be required. 20. Click Apply. 21. Click OK. 22. Start the Hirsch_Shim service.
Section 3.4.2 Setting up Devices in Velocity Any reader in Velocity can be set up as a StoneLock device reader.
1. Open the Door in Velocity that will be associated with the StoneLock reader. 2. Click on the Entry Reader tab. 3. In the Reader name field, enter the last six digits of the device MAC address. These six digits are also the serial number of the
control box. Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:03:2f. The reader name in Velocity will be 10:03:2f.
39
Fig 3.4.2.1
4. Click Ok to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in Velocity and display it in the Remote Enrollment and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.
Note: The Door needs to be included in an active Door Group in Velocity in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.
Section 3.4.3 Setting up Velocity Users as StoneLock Users Any Velocity user assigned a Function that includes a Velocity Door Group associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client.
40
Prior to a user being enrolled on a StoneLock device they will need to have a StoneLock ID created and have their card number associated to their profile. See Sections 4.1 Assigning a StoneLock ID to a User and Section 4.2 Assigning a card to a User. The following changes to an Employee or Card are automatically updated on the StoneLock device.
• First Name
• Last Name
• Card Number
• Card Status. The following status messages will display on the StoneLock device based on the Card status: o Card Status of Disable- Illegal User (Will display as Blacklist in the StoneLock Web Client)
o Card Status of Lost- Lost Card (Will display as lost Card in the StoneLock Web Client)
o Card Status of Stolen- Illegal User (Will display as Blacklist in the StoneLock Web Client)
o Card Status of Destroyed- Illegal User (Will display as Blacklist in the StoneLock Web Client)
o Card Status of Expired- Expired User (Will display as Blacklist in the StoneLock Web Client)
• The User ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrollment.
See Section 4 StoneLock Web Client for enrollment and device user type.
Section 3.4.4 Removing a Velocity user from a StoneLock Device Velocity users are associated to StoneLock devices based on their Function in Velocity. To delete that user from a StoneLock device, remove that Function from that user. The device associated with that Door Group will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in Velocity. See Section 4 StoneLock Web Client.
41
Section 3.5 Honeywell ProWatch The StoneLock Gateway integration with ProWatch requires a valid HSDK license. To set up the HSDK refer to the HSDK setup manual provided by Honeywell.
Section 3.5.1 Configuring the Gateway to talk to ProWatch The StoneLock Gateway uses the URL of the HSDK Application Module to communicate to ProWatch.
1. In ProWatch click on Database Configuration. 2. Click on the Application Module link. 3. Open and connect to the Application Module created for the StoneLock integration. Enter the Username and Password for the
Application Module.
Fig 3.5.1.1 4. Click on the Subscribed Objects tab. Write down the URL listed in the Start from URL: field. You will not need the http://.
42
Fig 3.5.1.2
5. Bring up a Terminal session in the StoneLock Gateway. In Ubuntu use Ctrl-Alt-T on the keyboard. 6. At the comand lind in the Terminal window type cd /etc/stone_lock/ Hit enter.
Fig 3.5.1.3
7. Type sudo gedit config_honeywell.xml Hit enter. Type in slgateway for the passwrd and hit enter.
43
Fig 3.5.1.4
8. In the <acm url> field enter the URL for the ProWatch HSDK Application Module that was writen down in step 4. You will need to enter pacs after the URL. See Fig 3.5.1.5.
9. In the <userpwd> field enter the user name and password that has access to the HSDK Application Module. Enter a : between the user name and password.
Example: User name- user, password- password would be entered as user:password. See Fig 3.5.1.5.
Fig 3.5.1.5
10. Click Save. 11. Click the “x” to close the gedit session. 12. On the comand line in the terminal type systemctl enable honeywell.service then hit enter. Type slgateway for the password and
hit enter. It may require it to be entered twice.
44
Fig 3.5.1.6 13. On the comand line in the terminal type systemctl start honeywell.service then hit enter. Type slgateway for the password and
hit enter.
Fig 3.5.1.7
Section 3.5.2 Setting up Devices in ProWatch Any reader in ProWatch can be set up as a StoneLock device reader.
1. Select the reader in ProWatch which will be associated with the StoneLock device. 2. Open the reader and click on the Define Logical Device tab.
45
3. At the end of the reader name in the Description field enter an underscore _ followed by the last six digits of the device MAC address. These six digits are also the serial number of the control box.
Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:03:2f. If that device is to be associated with ProWatch reader Entrance 2, the reader name in ProWatch will be Entrance 2_10:03:2f. See Fig 3.5.2.1
Fig 3.5.2.1
4. Click Ok to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in ProWatch and display it in the Remote Enrollment and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.
Note: The reader needs to be included in an active Clearance Code in ProWatch in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.
Section 3.5.3 Setting up ProWatch Users as StoneLock Users Any ProWatch user that has been assigned a Clearance Code that includes a ProWatch reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client.
46
Before these users can be enrolled on a StoneLock device they will need to have their card number associated with their profile. See Sections 4.1 Assigning a StoneLock ID to a User and Section 4.2 Assigning a card to a User.
1. In ProWatch click on Administration. 2. Click the + next to Badge Utilities. 3. Click on Badge Fields. 4. Right Click under the Badge Fields table and select Add Badge Field.
Fig 3.5.3.1
5. Enter STONELOCK_ID in the Colum Name field. 6. Enter StoneLock ID in the Display Name field. 7. Change Data Type to varchar 8. Click OK. 9. Click on the + next to Executables. 10. Double click on Badge Builder.
a. This will open a separate program.
47
Fig 3.5.3.2
11. Click on the + on Badge Profiles. 12. Click on the + on General Fields. 13. Click on Badge Information. 14. Find StoneLock ID in the Description field on the left. 15. Drag and drop the StoneLock ID field from the column and place it in the Badge Information screen on the right.
48
Fig 3.5.3.3
16. Close the Badge Builder Application. The StoneLock ID field is now available in the Advanced Badge Manager. Note: If the Advance Badge Manager is open you will need to close it and reopen it before the added field will appear.
17. Open the Advance Badge Manager application. 18. Select the ProWatch user that will be assigned a StoneLock ID. 19. Click Edit. 20. According to internal policies, assign the user a StoneLock ID which may be from 1-18 numbers long. 21. Click Save.
Users are pushed to each StoneLock device on the network based on their Clearance Code assigned in ProWatch.
The following changes to an Employee or Card are automatically updated on the StoneLock device:
• First Name
• Last Name
• Card Number
• Card Status. The following status messages will display on the StoneLock device based on the Card status. o Card Status of Disabled- Illegal User (Will display as Blacklist in the StoneLock Web Client)
o Card Status of Expired- Expired User (Will display as Expired in the StoneLock Web Client)
o Card Status of Lost- Lost Card User (Will display as Lost Card in the StoneLock Web Client)
o Card Status of Stolen- Illegal User (Will display as Blacklist in the StoneLock Web Client)
49
o Card Status of Terminated- Illegal User (Will display as Blacklist in the StoneLock Web Client)
o Card Status of Unaccounted- Illegal User (Will display as Blacklist in the StoneLock Web Client)
o Card Status of Void- Illegal User (Will display as Blacklist in the StoneLock Web Client)
• The User ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrollment.
See Section 4 StoneLock Web Client for enrollment and device user type.
Section 3.5.4 Removing a ProWatch user from a StoneLock Device ProWatch users are associated to StoneLock devices based on their Clearance Code in ProWatch. To remove that user from a StoneLock device remove that Clearance Code from that user. The device associated with that Access Group will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in ProWatch. See Section 4 StoneLock Web Client.
Section 3.6 Lenel OnGuard The StoneLock Gateway integration with OnGuard requires a valid DataConduIT license. To set up DataConduIT refer to the DataConduIT setup manual provided by Lenel.
Section 3.6.1 Lenel Shim Setup The StoneLock Gateway uses a windows service named Lenel_Shim to communicate between DataConduIT and the gateway. The person installing the Lenel_Shim will need the OnGuard DataConduIT Directory authentication user name and password. This can be
found in OnGuard > System Administration > Administration > Directories. If this is using a Domain you will need to use the fully qualified domain name with the user name.
1. Open Notepad as an Administrator. 2. Select File and click Open 3. Navigate to the Program Files>StoneLock folder. 4. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 5. Select the config_Lenel.xml file and click Open.
50
6. Enter the name of the server that houses the Lenel databases in the <datasource> field.
Fig 3.6.1.1
7. Select File and click Save. 8. Open the Windows Services application. 9. Scroll down to the Lenel_Shim service.
Fig 3.6.1.2 10. Right click on the Lenel_Shim service click on Properties. 11. Click on the Log On tab.
51
12. Click on the circle next to This account. 13. Enter the account information that has access to OnGuard via DataConduIT.
Fig 3.6.1.3 14. Click on the General tab. 15. Select applicable Startup type, from the Startup Type dropdown, for the location.
b. Automatic is recommended in the event of a computer/server reboot. 16. Click Apply. 17. Click OK. 18. Start the Lenel_Shim service.
Section 3.6.2 Setting up Devices in OnGuard Any reader in OnGuard can be set up as a StoneLock device reader.
1. Go to Access Control > Readers and Doors in OnGuard. 2. Find the reader that will be associated with the StoneLock device. 3. Select Modify to enable editing of that reader. 4. At the end of the reader name enter an underscore _ followed by the last six digits of the device MAC address. These six digits
are also the serial number of the control box.
52
Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:03:2f. If that device is to be associated with OnGuard reader Front Door, the reader name in OnGuard will be Front Door_10:03:2f. See Fig 3.6.2.1.
Fig 3.6.2.1
5. Click Ok to save the reader name change. Click OK on Confirm Record Modify window. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in OnGuard and display it in the Remote Enrollment and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.
Note: The reader needs to be included in an active Access Level in OnGuard in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.
Section 3.6.3 Setting up OnGuard Users as StoneLock Users Any OnGuard user that has been assigned an Access Level that includes an OnGuard reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client. Before these users can be enrolled on a StoneLock device they will need to have a StoneLock ID created and have their card number associated with their profile. See Sections 4.1 Assigning a StoneLock ID to a User and Section 4.2 Assigning a card to a User. The following changes to an Employee or Card are automatically updated on the StoneLock device.
• First Name
• Last Name
• Card Number
• Card Status. The following status messages will display on the StoneLock device based on the Card status:
o Card Status of Lost- Lost Card User (Will display as Lost Card in the StoneLock Web Client)
53
o Card Status of Returned- Illegal User (Will display as Blacklist in the StoneLock Web Client) o User created statuses in OnGuard for a status other than Active, Lost, or Returned- Illegal User (Will display as
Blacklist in the StoneLock Web Client)
• The User ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrolment.
See Section 4 StoneLock Web Client for enrollment and device user type.
Section 3.6.4 Removing an OnGuard User from a StoneLock Device OnGuard users are associated to StoneLock devices based on their Access Level in OnGuard. To remove that user from a StoneLock device remove that Access Level from that user. The device associated with that Access Level will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in OnGuard. See Section 4 StoneLock Web Client.
Section 3.7 S2 Section 3.7.1 Configuring the Gateway to communicate to S2
1. Bring up a Terminal session. In Ubuntu use Ctrl-Alt-T on the keyboard. 2. At the command line in the Terminal window type cd /etc/stone_lock/ Hit enter.
54
Fig 3.7.1.1
3. Type sudo gedit config_S2.xml Hit enter. Type in slgateway for the password and hit enter.
Fig 3.7.1.2
4. In the <server url> field enter the IP address for the S2 Network Controller. a. This can be found by looking at the URL used to access S2.
55
Fig 3.7.1.3
5. Click Save. 6. On the comand line in the terminal type systemctl enable s2.service then hit enter. Type slgateway for the password and hit
enter. It may require it to be entered twice.
Fig 3.7.1.4 7. On the comand line in the terminal type systemctl start s2.service then hit enter. Type slgateway for the password and hit enter.
56
Fig 3.7.1.5
Section 3.7.2 Setting up Devices in S2. Any reader in S2 can be set up as a StoneLock device reader.
5. Select the reader in S2 which will be associated with the StoneLock device. 6. Open the reader and click on rename if it is an existing reader. 7. At the end of the reader name in the Name field enter an underscore _ followed by the last six digits of the device MAC address.
These six digits are also the serial number of the control box. Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:02:b6. If that device is to be associated with S2 reader Office Door, the reader name in S2 will be Office Door_10:02:b6. See Fig 3.7.2.1
57
Fig 3.7.2.1
8. Click Save to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in S2 and display it in Device and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.
Note: The reader needs to be included in an active Access Level in S2 in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.
Section 3.7.3 Setting up S2 Users as StoneLock Users Any S2 user that has been assigned an Access Level that includes a S2 reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client. The following changes to an Employee or Card are automatically updated on the StoneLock device:
• First Name
• Last Name
• Card Number
• Card Status. The following status messages will display on the StoneLock device based on the Card status. o Card Status of Disabled- Illegal User (Will display as Blacklist in the StoneLock Web Client)
58
o Card Status of Expired- Illegal User (Will display as Blacklist in the StoneLock Web Client)
o Card Status of Lost- Lost Card User (Will display as Lost Card in the StoneLock Web Client)
• The User ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrollment.
See Section 4 StoneLock Web Client for enrollment and device user type.
Section 3.7.4 Removing a S2 user from a StoneLock Device S2 users are associated to StoneLock devices based on their Access Level in S2. To remove that user from a StoneLock device remove that Access Level from that user. The device associated with that Access Level will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in S2. See Section 4 StoneLock Web Client.
Section 3.8 Software House CCURE 9000 The StoneLock Gateway integration with CCURE 9000 requires a valid CCURE site license provided by Software House. To set up the site license refer to the setup manual provided by Software House. In addition to the StoneLock_Gateway.msi file, the CCURE integration requires two more msi file. One file depends on which version of CCURE the integration is being installed with, 2.40 or 2.50. The other file is to enable communication between the CCURE server and the StoneLock Gateway. The files are:
• 2.40- NMS_SLG_Server_0240_Build_3.0.XXXXXX.0.msi
• 2.50- NMS_SLG_Server_0250_Build_3.0.XXXXXX.0.msi
• StoneLock_CCure_Tunnel.MSI See Section 2.4 Establishing a Secure SSH Tunnel for PACS Communication Note: CCURE is required to be stopped and started at different times during the installation. The Configuration tool will do this automatically for you. Make sure that the install is done only during a time that the CCURE services can be stopped.
59
3.8.1 CCURE Shim Setup Standalone The StoneLock Gateway uses a CCURE Server Component service named NMS CCURE 9000 Stone Lock Server Component to communicate between CCURE and the Gateway. The person installing the service will need to have a log on with Admin access to CCURE.
1. Double click the NMS_SLG_Server_02X0_Build_3.0.XXXXXX.0.msi file. 2. Click Next at the Welcome to the NMS CCURE 9000 Stone Lock Integration Setup Wizard screen.
Fig 3.8.1.1
3. Check the box to accept the terms for the License Agreement. Click Next. 4. Click Complete at the Choose Setup Type Screen. Click Next.
60
Fig 3.8.1.2
5. Click Install on the Ready to Install screen. 6. The installation will proceed. Click next until the Completed Install screen appears.
61
Fig 3.8.1.3
7. Click Finish. 8. Navigate to the drive that the installation was installed on. 9. Go to Program Files (x86)>Tyco>NMS Utilities>StoneL Lock. 10. Double click on the SLGUtility application to run the Confugration tool. 11. Click the Configure Stone Lock Integration button.
a. A confirmation message will pop up stating that this install will stop all CCURE services. Note: CCURE is required to be stopped and started at different times during the installation. The Configuration tool will do this automatically for you. Make sure that the install is done only during a time that the CCURE services can be stopped.
b. Click Yes.
62
Fig 3.8.1.4
12. Preparing the system for configuration , please wait… will be displayed in the white box. Note: If the CCURE services are runing during this time, the configuration tool will stop them. This screen may display Not Responding during this. Ignore the message. When the CCURE services stop the install will continue automatically.
13. When the configuation install is finished, eight additional messages will be displayed in the white box. The last one is Tables created successfully.
14. Click the Red X in the top right corner once Tables created successfully is displayed in the white box. 15. The CCURE services will stop and restart again. 16. Open the CCURE Server Configuration and wait for the CrossFire Framework Service to start. 17. Start the CrossFire Server Component Framework Service. 18. Click on the Server Componet tab. 19. Start the NMS CCURE 9000 Stone Lock Server Component Application.
Fig 3..8.1.5
20. Click the Database tab.
63
21. Verify the NMS.SLG.Objects status is Valid. If not copy the Conection String for the line above it and past it in the Connection String line for the NMS.SLG.Objects line.
22. Close the Server Configuration Application.
Section 3.8.2 CCURE Shim Setup Enterprise This Space Intentionally Left Blank
Section 3.8.3 Setting up Devices in CCURE Any reader in CCURE can be set up as a StoneLock device reader.
1. Open the CCURE Administration Station. 2. Click on the Hardware tab.
Fig 3.8.3.1 3. Click on the Stone Lock Controller folder. 4. Create a new Stone Lock Controller. 5. Enter a name in the Name field. 6. Click the Enabled box. 7. Enter the URL from Section 2.1 Step 28 in the Enrollment URL field.
64
Fig 3.8.3.2 8. Click Save and Close. 9. Open the Stone Lock Controller again. 10. Enter the License Key provided by StoneLock in the License Key field and click Validate. The License Key is tied to the CCURE
Host ID. To get this Key you will need to send your host ID to [email protected]. 11. Restart the NMS Service in the Server Configuration Application. 12. Navigate back to the StoneLock Controller in CCURE. 13. Click the Manage button. 14. All of the StoneLock devices that are on the Gateway will be displayed in the list be the last six characters of the MAC address.
This is also the serial number of the control box. 15. Change the name of the device as needed. The MAC address field can not be modified. 16. Check the enabled box. 17. Double click in the iSTAR Reader field. 18. Click the box with the three dots. This will bring up a list of avialable iSTAR Readers in CCURE. 19. Chose the iSTAR reader that will be associated with the StoneLock device. The iSTAR Reader box will be populated with the
selected iSTAR Reader. 20. Click Save.
65
NOTE: At this time the Verification Mode, PIN Verification, and Card Verification options are not active. These will be available on future updates to the driver. You may also select these features on the StoneLock device by accessing the menu via the faceplate.
21. If you want CCURE to use the Personnel Object ID to automatically assign the unique StoneLock ID click the Use Object ID as Stone Lock ID box.
Note: Clicking this button will change any existing StoneLock ID to the Object ID of that user in CCURE. This will require those users to reenroll. This option should be used only on intial setup if possible.
Fig 3.8.3.3
Section 3.8.4 Setting up a StoneLock Operator in CCURE A StoneLock operator in CCURE allows the ability to choose the CCURE operators that have access to enrolling new users in a StoneLock device.
1. In the Hardware tab in CCURE, click the dropdown at the top and scroll down to Stone Lock Operator. See Fig 3.8.2.1 2. Click New. 3. Assign a name to the Operator. 4. Add a description as needed.
66
5. Click the box with three dots to bring up the list of CCURE operators. 6. Select the CCURE operator from the list. The operator selected will be populated in the Operator field. 7. Click Add Device. A list of all StoneLock devices in CCURE will be displayed. 8. Select the device(s) that will be assigned to that operator.
a. The StoneLock Operator can have as many of the StoneLock devices as needed. The devices selected in this step will be the devices listed in the enrollment drop down of the personnel record.
9. Click OK. 10. Click Save and Close.
Note: Devices can be added or removed at any time to any operator.
Fig 3.8.4.1
Section 3.8.5 Setting up CCURE Users as StoneLock Users Any CCURE user that has been assigned a Clearance that includes an iStar Reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client.
1. Open the CCURE users personnel file. 2. In the Current View drop down box, select the Stone Lock Personnel View. 3. Click on the User Defined Fields tab. This label can be changed in CCURE as needed.
67
Fig 3.8.5.1 4. Enter a unique value form 1-18 for the StoneLock ID. If allowing CCURE to create this number via the Object ID, this box will be
grayed out. The number will populate when Save is clicked. Note: The StoneLock ID should not be changed once it is pushed to the StoneLock device. If the number is changed it could cause the device to no longer recognize that user without being reenrolled.
5. Select the desired User Type. See the StoneLock Pro User Manual for User Type options. 6. Select the desired User Mode option.
a. Mixed Mode defines that particular user as Face Only. See the StoneLock Pro Manual for setting the StoneLock device in Mixed Verification Mode.
b. Card Only allows that user to proceed through the StoneLock device with only a card. This is typically used for visitor cards and emergency services.
7. Click the Assign Credential button. This will bring up a list of all credentials assigned to that user. 8. Select the credential that the user will use at the StoneLock devices.
Note: The StoneLock device only allows one credential per user. Select the credential that will be used for that user. All other credentials will be denied for that user at that device. The assigned credential can be changed at any time using the Assign Credential button.
9. Click the Save button. a. If allowing CCURE to use the Object ID for the StoneLock ID, the StoneLock ID field will now be populated.
10. Click the Stone Lock Pro Device drop down.
68
11. Select the StoneLock device from the list that will be used to enroll the user. Instruct the user that they are about to be enrolled. Read the Enrollment Section of the StoneLock Pro Manual on how to position the user to be enrolled.
12. Click the Enroll button. a. The StoneLock device will enter the capture mode. See StoneLock Pro User Manual. b. The picture of the StoneLock device shows the enrollment process. The progress bar at the bottom shows the progress
of the enrollment. 13. When the enrollment is completed a pop up displaying Capture Complete will appear. Click OK. 14. Ensure the user has been given the proper Clearance that is associated with that StoneLock device. 15. Click Save and Close.
Users are pushed to each StoneLock device on the network based on their Clearance assigned in CCURE.
The following changes to an Employee or Credential are automatically updated on the StoneLock device.
• First Name
• Last Name
• Credential Number
• Credential Status. See Section 3.8.6 Events in Monitoring Client
• The User ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrollment.
Section 3.8.6 Events in Monitoring Client Monitoring Client will show successful and denied events at the StoneLock devices. See Fig 3.8.6.1 for examples. Each event will show the CCURE Name (if known), Card Number, the StoneLock Device name, the Time and Date of the event, and the Status. The list of events that will be displayed in Monitoring Client are:
• Verification Successful- A successful verification by an authorized StoneLock user.
• Verification Admin Successful- A successful verification by a StoneLock device admin accessing the menu system on the device.
• Remote Load No User- An attempt by someone not enrolled in the device to verify. This will show the card number that was used to attempt the access. If the card is associated with a user in CCURE, the user name will be displayed. The picture of the person attempting the access will be displayed in the StoneLock Web Client. See Section 4.6 Verification Transactions.
• Verification Failure- An unsuccessful attempt to access the StoneLock device. The picture of the person attempting the access will be displayed in the StoneLock Web Client. See Section 4.6 Verification Transactions.
69
• Alarm Lost Card – An attempt to gain access using a card that has been marked as lost in CCURE. The picture of the person attempting the access will be displayed in the StoneLock Web Client. See Section 4.6 Verification Transactions.
• Alarm Blacklist – An attempt to gain access using a card that has been marked as Disabled or Stolen in CCURE. This will also display if the user has been marked as Disabled in CCURE. The picture of the person attempting the access will be displayed in the StoneLock Web Client. See Section 4.6 Verification Transactions.
• Alarm Deadline – An attempt to gain access using a card that has been marked as Expired in CCURE. The picture of the person attempting the access will be displayed in the StoneLock Web Client. See Section 4.6 Verification Transactions.
Fig 3.8.6.1
70
Section 3.8.7 Removing a CCURE User from a StoneLock Device CCURE users are associated to StoneLock devices based on their Clearance in CCURE. To delete that user from a StoneLock device remove that Clearance from that user. The device associated with that Clearance will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in CCURE. See Section 4 StoneLock Web Client.
Section 4 StoneLock Web Client (With PACS integration) The StoneLock Web Client provides a location to change and monitor the features of the StoneLock integration that are not available in all of the PACS integrations. The StoneLock Web Client can be pulled up from any browser on the same network as the StoneLock Gateway.
1. Launch a compatible web browser. 2. In the address bar enter the IP address of the StoneLock Gateway. 3. On the login screen enter the correct login information.
a. User name: admin b. Password: 888888 c. Gateway IP Address: The same IP used in Step 2.
4. Click on the Login button.
Section 4.1 Preparing a User Profile for Enrollment Every user in a StoneLock device must have a StoneLock ID before they will be pushed to a device. For the PACS that do not have the ability to assign this number, the Web Client provides a location to create a StoneLock ID for each user.
1. Login to the StoneLock Web Client. 2. Click on the Users link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.
a. The search box is case sensitive. Use a capital letter for the first letter of the last name and lower case letters for the remainder of the last name.
4. After the desired Last Name has been entered in the Search box, click the Refresh Tree button. a. The list of users will now only show the users matching the search criteria.
71
Fig 4.1.1
5. Click on the symbol of the head next to the identity name. a. This will move that users name to the User Configuration Box.
Fig 4.1.2
6. Select the Token that will be associated for the user at the StoneLock devices by clicking the green dot next to the token number.
a. The token will be displayed in the Token (Card Number) box. Note: Anytime you make a change to the User, the token must be selected with that user to unsure the change is pushed to the device.
72
FIG 4.1.3
7. Enter the desired StoneLock ID from 1-18 numbers long in the User ID(Pin) box. 8. Check the New ID box.
Fig 4.1.4 9. Select the desired Credential Type.
a. Card Only: Card Only enables that user to verify at the StoneLock device with only a card. Card Only examples are visitors or emergency workers
b. Blacklist: Blacklist disables that user’s ability to gain access at the StoneLock devices. If connected to a PACS, the users will follow the status of the credential in the PACS when available.
c. Mixed Mode: Mixed Mode enables that user to gain access to the StoneLock device using only the face while other users must present their pin/card before verifying with their face. Note: This setting requires the StoneLock device to be set in Mixed Verification Mode. See the StoneLock Pro User Manual for setting the device Verification Modes.
73
d. None: Selecting None will turn off the previously selected Credential Type. A user is defaulted to the None setting.
Fig 4.1.5
10. Select the desired User Type.
a. The StoneLock device has three user types available for enrolled users. See the StoneLock Pro manual for definitions.
Fig 4.1.6
11. The Access Groups that the User is assigned to from the PACS will be listed in red in the Access Group Box. 12. Click the Save User. A pop up status message will appear showing success. 13. Click Ok.
74
Fig 4.1.7
14. Click the Update Devices button. A pop up status message will appear showing success. 15. Click Ok.
Fig 4.1.8
Section 4.2 Enrollment For a user to be able to use the StoneLock devices they first must create an enrollment template. This template can be enrolled at any of the StoneLock devices that were created in the PACS.
1. Login to the StoneLock Web Client. 2. Click on the Remote Enrollment link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.
a. The search box is case sensitive. Use a capital letter for the first letter of the last name and lower case letters for the remainder of the last name.
4. After the desired Last Name has been entered in the Search box, click the Refresh Tree button. a. The list of users will now only show the users matching the search criteria.
75
Fig 4.2.1
5. Click on the symbol of the head next to the identity name. a. This will move that users name to the blank box below the Capture button. b. If the symbol of a head is red, that user does not have a template enrolled yet.
Fig 4.2.2
76
Fig 4.2.3
6. Click on the purple circle next to the device that will be used as the enrollment device from the Devices box.
Fig 4.2.4
a. This will move the device name to the blank box below the Stop button. b. The StoneLock devices that the user has access to will show up in the Devices box. c. Instruct the user that they are about to be enrolled. Read the Enrollment Section of the StoneLock Pro Manual on how to
position the user to be enrolled. 7. Once both the name and deice are listed in the bottom boxes, click the Video button to start the live video feed.
a. A pop up status message will appear showing success. b. Click Ok.
77
Fig 4.2.5
8. Once the user has been identified as the correct person and they are prepared, click the Capture button. a. Click the Select box. A pop up status message will appear showing success. b. Click Ok.
Fig 4.2.6
c. The StoneLock device will enter the capture mode. See StoneLock Pro User Manual. d. The StoneLock Web Client shows the enrollment process. The progress bar at the bottom shows the progress of the
enrollment. e. When the progress bar displays 100%, click the Stop button.
i. Click the Select box. A pop up status message will appear showing success. ii. Click Ok.
78
Fig 4.2.7
Fig 4.2.8
Section 4.3 Verification Transactions When available in the PACS, event transactions will be sent to the PACS native monitoring application. Not all PACS have the ability to receive the StoneLock event transactions, or all of the information that the StoneLock device sends on a transaction. The StoneLock Web Client displays the following transaction information.
• Time of the event
• StoneLock ID (User ID)
• User Name
• Device name (The StoneLock device that the event took place at.)
• Credential (The card number that was presented at the StoneLock device.)
• Status (The status of the verification event, successful, failure, etc…)
• Verification Picture (The picture of the person that was being verified. This will also show the picture of a person on a denied event.)
• Enrollment Picture (The picture taken at time of enrollment.)
1. Click on the Home link at the top of the page.
79
2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button to pause the updates. Click on Resume to restart the updates. Transactions that take place while the Pause button is selected will automatically be displayed after Resume is selected.
Fig 4.3.1 3. Click on a Picture in either the Verification Picture or Enrollment Picture columns to enlarge the image.
Fig 4.3.2
Section 4.4 Health Monitoring The Health Monitor screen shows the online status of all StoneLock devices on the gateway. All devices that are online are displayed with a green circle next to the device name. Offline devices are displayed with a red circle next to the device name.
1. Click on the Health Monitor link at the top of the page. 2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button
to pause the updates. Click on Resume to restart the updates.
80
Fig 4.4.1
Section 4.5 Management Transactions This Space Intentionally Left Blank
Section 4.6 Gateway Log Like the Management Transactions between the Gateway and devices, the Gateway provides a log of the Gateway Service. This log aids in troubleshooting by showing Gateway status.
1. Click on the Log link at the top of the page. 2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button
to pause the updates. Click on Resume to restart the updates.
81
Fig 4.6.1
Section 4.7 Analysis This Space Intentionally Left Blank
Section 5 StoneLock Web Client (Standalone) The StoneLock Web Client provides the ability to connect multiple StoneLock devices together remotely without the need for a PACS integration. The StoneLock Web Client can be pulled up from any browser on the same network as the StoneLock Gateway.
1. Launch a compatible web browser. 2. In the address bar enter the IP address of the StoneLock Gateway. 3. On the login screen enter the correct login information.
a. User name: admin b. Password: 888888 c. Gateway IP Address: The same IP used in Step 2.
4. Click on the Login button.
82
Section 5.1 Creating an Access Group An Access Group(s) must be created to give a user rights to a StoneLock device.
1. Login to the StoneLock Web Client. 2. Click on the Devices link at the top of the screen. 3. In the Access Group box, enter a name for the Access Group. 4. Enter an ID number for the Access Group. This is a unique number to distinguish the Access Groups from each other. 5. Click the New ID button.
Fig 5.1.1
6. Click the Save Access Group button. a. A pop up status message will appear showing success. b. Click OK
Fig 5.1.2
7. Click the Refresh Tree button. a. The Access Group will be displayed in the tree
83
Fig 5.1.3
Section 5.2 Removing an Access Group. 1. Click on the green circle next to the Access group. 2. Click Remove Access Group.
a. A pop up status message will appear showing success. b. Click OK
Fig 5.2.1
3. Click on the Refresh Tree Button. a. The Access Group will no longer be displayed.
Section 5.3 Creating a Device
1. Login to the StoneLock Web Client. 2. Click on the Devices link at the top of the screen.
84
3. Click on the green circle next to the Access Group that the device will be associated with. 4. Enter a Name for the Device in the Name box. 5. Enter an ID for the Device. This is a unique number to distinguish the Devices from each other. 6. Click the New Device button. 7. Click on the Active button. 8. In the MAC dropdown box select the desired device serial number.
a. The MAC box shows all of the StoneLock devices that the Gateway is able to discover on the network. If the network configuration does not allow for discovery, enter the IP Address of the device.
9. Chose the verification mode desired for the device.
Fig 5.3.1
10. Click on the “+” button next to the Access Group to associate it with the device. a. A pop up status message will appear showing success. b. Click OK
85
Fig 5.3.2
11. Click Save Device a. A pop up status message will appear showing success. b. Click OK
Fig 5.3.3
12. Click the Refresh Tree button. a. The device will not show up under the associated Access Group.
86
Fig 5.3.4
Section 5.4 Deleting a Device 1. Click on the purple circle next to the Device. 2. Click Remove Device.
a. A pop up status message will appear showing success. b. Click OK
Fig 5.4.1
3. Click on the Refresh Tree Button. a. The Device will no longer be displayed.
Section 5.5 Adding A New User 1. Login to the StoneLock Web Client. 2. Click the Users link at the top of the screen. 3. Enter the name of the new user in the Name box.
a. Enter the name in the following format. i. Last name, First name.
4. Enter the desired StoneLock ID from 1-18 numbers long in the User ID(Pin) box. 5. Check the New ID box.
87
Fig 5.5.1 6. Select the desired Credential Type.
a. Card Only: Card Only enables that user to verify at the StoneLock device with only a card. Card Only examples are visitors or emergency workers
b. Blacklist: Blacklist disables that user’s ability to gain access at the StoneLock devices. If connected to a PACS, the users will follow the status of the credential in the PACS when available.
c. Mixed Mode: Mixed Mode enables that user to gain access to the StoneLock device using only the face while other users must present their pin/card before verifying with their face. Note: This setting requires the StoneLock device to be set in Mixed Verification Mode. See the StoneLock Pro User Manual for setting the device Verification Modes.
d. None: Selecting None will turn off the previously selected Credential Type. A user is defaulted to the None setting.
Fig 5.5.2
7. Select the desired User Type.
88
a. The StoneLock device has three user types available for enrolled users. See the StoneLock Pro manual for definitions.
Fig 5.5.3
8. Enter the Card Number in the Token (Card Number) box. If not using cards this box can be left blank. 9. Select the desired Access Group for the user from the Access Group box. 10. Click Save User. A pop up status message will appear showing success. 11. Click Ok.
Fig 5.5.4
12. Click the Refresh Tree button. The new user will be displayed in the box. 13. Click the Update Devices button. A pop up status message will appear showing success. 14. Click Ok.
89
Fig 5.5.5
Section 5.6 Editing a User 1. Login to the StoneLock Web Client. 2. Click the Users link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.
a. The search box is case sensitive. Use a capital letter for the first letter of the last name and lower case letters for the remainder of the last name.
4. After the desired Last Name has been entered in the Search box, click the Refresh Tree button. a. The list of users will now only show the users matching the search criteria.
Fig 5.6.1
5. Click on the symbol of the head next to the identity name. a. This will move that users name to the User Configuration Box.
90
Fig 5.6.2
6. Select the Token that will be associated for the user at the StoneLock devices by clicking the green dot next to the token number.
a. The token will be displayed in the Token (Card Number) box. Note: Anytime you make a change to the User, the token must be selected with that user to unsure the change is pushed to the device.
FIG 5.6.3
91
7. Make the desired change to the user. a. Name b. Credential Type c. User Type d. New toke/change existing token number. e. Add/Remove Access Group.
i. Any Access Group in red is the active Access Group. Note: Do not change the User ID after a user has been enrolled in a StoneLock device. Doing so may cause the user to be denied at the device.
8. Click Save User. A pop up status message will appear showing success. 9. Click Ok.
Fig 5.6.4
10. Click the Refresh Tree button. The change to the user will be displayed in the box. 11. Click the Update Devices button. A pop up status message will appear showing success. 12. Click Ok.
Fig 5.6.5
92
Section 5.7 Deleting a User
1. Login to the StoneLock Web Client. 2. Click the Users link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.
a. The search box is case sensitive. Use a capital letter for the first letter of the last name and lower case letters for the remainder of the last name.
4. After the desired Last Name has been entered in the Search box, click the Refresh Tree button. a. The list of users will now only show the users matching the search criteria.
Fig 5.7.1
5. Click on the symbol of the head next to the identity name. a. This will move that users name to the User Configuration Box.
93
Fig 5.7.2
6. Select the Token that will be associated for the user at the StoneLock devices by clicking the green dot next to the token number.
a. The token will be displayed in the Token (Card Number) box. Note: Anytime you make a change to the User, the token must be selected with that user to unsure the change is pushed to the device.
FIG 5.7.3
7. Click the Remove User button. A pop up status message will appear showing success. 8. Click Ok.
94
Fig 5.7.4
9. Click the Update Devices button. A pop up status message will appear showing success. 10. Click Ok.
Fig 5.7.5
11. Click the Refresh Tree button. a. The User will no longer be in the list.
Section 5.8 Enrollment For a user to be able to use the StoneLock devices they first must create an enrollment template. This template can be enrolled at any of the StoneLock devices that were created in the PACS.
1. Login to the StoneLock Web Client. 2. Click on the Remote Enrollment link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.
a. The search box is case sensitive. Use a capital letter for the first letter of the last name and lower case letters for the remainder of the last name.
4. After the desired Last Name has been entered in the Search box, click the Refresh Tree button. a. The list of users will now only show the users matching the search criteria.
95
Fig 5.8.1
5. Click on the symbol of the head next to the identity name. a. This will move that users name to the blank box below the Capture button. b. If the symbol of a head is red, that user does not have a template enrolled yet.
Fig 5.8.2
Fig 5.8.3
96
6. Click on the purple circle next to the device that will be used as the enrollment device from the Devices box.
Fig 5.8.4
a. This will move the device name to the blank box below the Stop button. b. The StoneLock devices that the user has access to will show up in the Devices box. c. Instruct the user that they are about to be enrolled. Read the Enrollment Section of the StoneLock Pro Manual on how to
position the user to be enrolled. 7. Once both the name and deice are listed in the bottom boxes, click the Video button to start the live video feed.
a. A pop up status message will appear showing success. b. Click Ok.
Fig 5.8.5
8. Once the user has been identified as the correct person and they are prepared, click the Capture button. a. Click the Select box. A pop up status message will appear showing success. b. Click Ok.
97
Fig 5.8.6
c. The StoneLock device will enter the capture mode. See StoneLock Pro User Manual. d. The StoneLock Web Client shows the enrollment process. The progress bar at the bottom shows the progress of the
enrollment. e. When the progress bar displays 100%, click the Stop button.
i. Click the Select box. A pop up status message will appear showing success. ii. Click Ok.
Fig 5.8.7
98
Fig 5.8.8
Section 5.9 Verification Transactions When available in the PACS, event transactions will be sent to the PACS native monitoring application. Not all PACS have the ability to receive the StoneLock event transactions, or all of the information that the StoneLock device sends on a transaction. The StoneLock Web Client displays the following transaction information.
• Time of the event
• StoneLock ID (User ID)
• User Name
• Device name (The StoneLock device that the event took place at.)
• Credential (The card number that was presented at the StoneLock device.)
99
• Status (The status of the verification event, successful, failure, etc…)
• Verification Picture (The picture of the person that was being verified. This will also show the picture of a person on a denied event.)
• Enrollment Picture (The picture taken at time of enrollment.)
1. Click on the Home link at the top of the page. 2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button
to pause the updates. Click on Resume to restart the updates. Transactions that take place while the Pause button is selected will automatically be displayed after Resume is selected.
Fig 5.9.1 3. Click on a Picture in either the Verification Picture or Enrollment Picture columns to enlarge the image.
Fig 5.9.2
Section 5.10 Health Monitoring The Health Monitor screen shows the online status of all StoneLock devices on the gateway. All devices that are online are displayed with a green circle next to the device name. Offline devices are displayed with a red circle next to the device name.
1. Click on the Health Monitor link at the top of the page.
100
2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button to pause the updates. Click on Resume to restart the updates.
Fig 5.10.3
Section 5.11 Management Transactions This Space Intentionally Left Blank
Section 5.12 Gateway Log Like the Management Transactions between the Gateway and devices, the Gateway provides a log of the Gateway Service. This log aids in troubleshooting by showing Gateway status.
1. Click on the Log link at the top of the page. 3. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button
to pause the updates. Click on Resume to restart the updates.
101
Fig 5.12.1
Section 5.13 Analysis This Space Intentionally Left Blank
Technical Support 800.970.6168 Option 2
[email protected] www.stonelock.com
A StoneLock Publication © 2017 All rights reserved