Security Center

Administrator Guide
5.2
Copyright notice
© 2014 Genetec Inc. All rights reserved.
Genetec Inc. distributes this document with software that includes an end-user license agreement and is
furnished under license and may be used only in accordance with the terms of the license agreement. The
contents of this document are protected under copyright law.
The contents of this guide are furnished for informational use only and are subject to change without notice.
Genetec Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in the
informational content contained in this guide.
This publication may not be copied, modified, or reproduced in any form or for any purpose, nor can any
derivative works be created therefrom without Genetec Inc.’s prior written consent.
Genetec Inc. reserves the right to revise and improve its products as it sees fit. This document describes the
state of a product at the time of document’s last revision, and may not reflect the product at all times in the
future.
In no event shall Genetec Inc. be liable to any person or entity with respect to any loss or damage that is
incidental to or consequential upon the instructions found in this document or the computer software and
hardware products described herein. The use of this document is subject to the disclaimer of liability found in
the end-user license agreement.
"Genetec", "Omnicast", "Synergis", "Synergis Master Controller", "AutoVu", "Federation", "Stratocast", the
Genetec stylized "G", and the Omnicast, Synergis, AutoVu, and Stratocast logos are trademarks of Genetec
Inc., either registered or pending registration in several jurisdictions.
"Security Center", "Security Center Mobile", "Plan Manager", and the Security Center logo are trademarks of
Genetec Inc.
Other trade names used in this document may be trademarks or registered trademarks of the manufacturers
or vendors of the respective products.
All specifications are subject to change without notice.

Document information
Document title: Security Center Administrator Guide 5.2
Document number: EN.500.003-V5.2.C4(5)
Document update date: June 2, 2014
You can send your comments, corrections, and suggestions about this guide to
documentation@[Link].

[Link] | Security Center Administrator Guide 5.2 ii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
About this guide
This guide provides the information you need to set up and configure your Security Center
system. It explains the basic settings you must configure before your system can be used, as well
as other settings you'll need to change such as adding additional users and resources (servers) to
your system. This guide also provides the conceptual information and instructions on how to
build and configure your Security Center video-surveillance, access control, and license plate
recognition (LPR) systems. A reference section is included that provides information about each
window and tab, and the related settings in the Config Tool. Last-minute updates can be found
in the Security Center Release Notes.

This guide is written for users who need to configure and manage Security Center. You should
be familiar with the following concepts and systems:
• Microsoft Windows administration
• Installation, configuration, and use of Microsoft SQL Server 2008
• Video surveillance concepts
• Access control concepts
• Vehicle law enforcement and parking enforcement concepts
• Wiring of access control equipment such as door controllers and input/output modules

Notes and notices

This section explains how the following notes and notices are used in this guide:
• Tip. Suggests how to apply the information in a topic or step.
• Note. Explains a special case, or expands on an important point.
• Important. Points out critical information concerning a topic or step.
• Caution. Indicates that an action or step can cause loss of data, security problems, or
performance issues.
• Warning. Indicates that an action or step can result in physical harm, or cause damage to
hardware.

[Link] | Security Center Administrator Guide 5.2 iii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Contents
About this guide . . . . . . . . . . . . . . . . . iii
Notes and notices . . . . . . . . . . . . . . . . . . iii

Part I: Introduction to Security Center

Chapter 1: Welcome to Security Center
What is Security Center? . . . . . . . . . . . . . . . . . 3
Common/Core features . . . . . . . . . . . . . . . . 4
Omnicast – Video surveillance features . . . . . . . . . . . . . 4
Synergis – Access control features . . . . . . . . . . . . . . 4
AutoVu – License plate recognition (LPR) features . . . . . . . . . . 5
Architecture overview. . . . . . . . . . . . . . . . . . 6
About Security Center components. . . . . . . . . . . . . . 6
What is Genetec Server? . . . . . . . . . . . . . . . . 7

Chapter 2: Getting started with Config Tool

Connecting to Security Center . . . . . . . . . . . . . . . 9
Log on . . . . . . . . . . . . . . . . . . . . . 9
Change your password . . . . . . . . . . . . . . . . . 10
Log off . . . . . . . . . . . . . . . . . . . . . 10
Close the application . . . . . . . . . . . . . . . . . 10
Differences between Config Tool 5.1 and 5.2 . . . . . . . . . . . . 11
Config Tool interface tour . . . . . . . . . . . . . . . . 13
How Config Tool is organized . . . . . . . . . . . . . . . 13
Home page overview . . . . . . . . . . . . . . . . . 14
Administration task workspace overview . . . . . . . . . . . . 16
Maintenance task workspace overview . . . . . . . . . . . . . 19

[Link] | Security Center Administrator Guide 5.2 iv

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Chapter 3: Working with tasks
Adding a task . . . . . . . . . . . . . . . . . . . . 22
Create a new task . . . . . . . . . . . . . . . . . . 22
Load a saved task . . . . . . . . . . . . . . . . . . 23
Working with your current tasks . . . . . . . . . . . . . . . 24
Task list commands . . . . . . . . . . . . . . . . . . 24
Close the current task . . . . . . . . . . . . . . . . . 25
Reordering tasks . . . . . . . . . . . . . . . . . . 25
Save a task . . . . . . . . . . . . . . . . . . . . 26
Send a task to another workstation . . . . . . . . . . . . . . 27
Change the taskbar position . . . . . . . . . . . . . . . . 27
Set the taskbar to auto-hide . . . . . . . . . . . . . . . . 27

Chapter 4: Working with reports

Generate a report . . . . . . . . . . . . . . . . . . . 30
Export and print your report . . . . . . . . . . . . . . . . 31
Export your report . . . . . . . . . . . . . . . . . . 31
Print your report . . . . . . . . . . . . . . . . . . 31
Customize the report pane . . . . . . . . . . . . . . . . . 32
Resize columns . . . . . . . . . . . . . . . . . . . 32
Select columns . . . . . . . . . . . . . . . . . . . 32
Change the column order . . . . . . . . . . . . . . . . 33

Part II: Security Center administration

Chapter 5: Basic principles about entities
Entities as basic building blocks . . . . . . . . . . . . . . . 36
Configuring entities . . . . . . . . . . . . . . . . . . 37
Create an entity manually . . . . . . . . . . . . . . . . 37
Common entity attributes . . . . . . . . . . . . . . . . 38
Entities created automatically by the system . . . . . . . . . . . . 39
Using geographical locations . . . . . . . . . . . . . . . 40
Further readings on entity configuration . . . . . . . . . . . . 40

[Link] | Security Center Administrator Guide 5.2 v

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Searching for tasks and entities . . . . . . . . . . . . . . . 42
Search for a task . . . . . . . . . . . . . . . . . . 42
Search for entities by name . . . . . . . . . . . . . . . . 43
Search for entities using the Search tool. . . . . . . . . . . . . 43
Delete an entity . . . . . . . . . . . . . . . . . . . 45

Chapter 6: Common administrative tasks

Managing servers and roles . . . . . . . . . . . . . . . . 47
Add an expansion server to your system . . . . . . . . . . . . 47
Managing servers . . . . . . . . . . . . . . . . . . 48
Managing roles. . . . . . . . . . . . . . . . . . . 49
Diagnose role problems . . . . . . . . . . . . . . . . 51
Managing databases . . . . . . . . . . . . . . . . . . 52
Common database settings . . . . . . . . . . . . . . . . 52
Where should the database be hosted? . . . . . . . . . . . . . 53
Move a database to a different computer . . . . . . . . . . . . 53
Connect roles to a remote database server . . . . . . . . . . . . 54
Create a database . . . . . . . . . . . . . . . . . . 55
View information about a role’s database . . . . . . . . . . . . 56
Turn on role database notifications . . . . . . . . . . . . . . 57
Back up your role database . . . . . . . . . . . . . . . . 57
Restore your role database . . . . . . . . . . . . . . . . 58
Delete a database . . . . . . . . . . . . . . . . . . 59
Configuring Security Center for high availability. . . . . . . . . . . 60
Configuring role failover . . . . . . . . . . . . . . . . . 61
How role failover works in Security Center . . . . . . . . . . . . 61
Which roles support failover . . . . . . . . . . . . . . . 62
Configure failover for roles . . . . . . . . . . . . . . . . 64
Troubleshooting failover . . . . . . . . . . . . . . . . 65
Configuring Directory failover and load balancing . . . . . . . . . . 66
How Directory failover and load balancing works . . . . . . . . . . 66
Directory failover and load balancing prerequisites . . . . . . . . . . 67
Add a server to the Directory failover list . . . . . . . . . . . . 68
Modify the license for all servers . . . . . . . . . . . . . . 68
Change the order of the Directory servers . . . . . . . . . . . . 69
[Link] | Security Center Administrator Guide 5.2 vi
EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Manually switch the main server . . . . . . . . . . . . . . 69
Remove a server from the Directory failover list . . . . . . . . . . . 70
Bypass default load balancing . . . . . . . . . . . . . . . 70
Configuring Directory database failover . . . . . . . . . . . . . 71
How Directory database failover works . . . . . . . . . . . . . 71
Configure database failover through backup and restore . . . . . . . . . 72
Configure database failover through mirroring . . . . . . . . . . . 74
Monitoring your system’s health . . . . . . . . . . . . . . . 75
About the Health Monitor role . . . . . . . . . . . . . . . 75
Configuring the Health Monitor. . . . . . . . . . . . . . . 76
Monitoring your system’s health using maintenance tasks . . . . . . . . 81
Managing the Network view . . . . . . . . . . . . . . . . 82
What is the Network view? . . . . . . . . . . . . . . . . 82
Purpose of the Network view . . . . . . . . . . . . . . . 82
Creating network entities . . . . . . . . . . . . . . . . 83
Managing the Logical view . . . . . . . . . . . . . . . . . 85
About the Logical view . . . . . . . . . . . . . . . . . 85
Configuring the Logical view . . . . . . . . . . . . . . . 86
Managing software security . . . . . . . . . . . . . . . . 89
Introduction to software security . . . . . . . . . . . . . . 89
Defining partitions . . . . . . . . . . . . . . . . . . 90
Defining users . . . . . . . . . . . . . . . . . . . 93
Defining user groups . . . . . . . . . . . . . . . . . 96
Configuring user privileges . . . . . . . . . . . . . . . . 99
Using privilege templates . . . . . . . . . . . . . . . 101
Importing users from an Active Directory . . . . . . . . . . . 102
Automating system behavior . . . . . . . . . . . . . . . 103
Using schedules . . . . . . . . . . . . . . . . . . 103
Using event-to-actions . . . . . . . . . . . . . . . . 106
Using scheduled tasks . . . . . . . . . . . . . . . . 109
Using macros . . . . . . . . . . . . . . . . . . 110
Managing alarms . . . . . . . . . . . . . . . . . . 111
What is an alarm? . . . . . . . . . . . . . . . . . 111

[Link] | Security Center Administrator Guide 5.2 vii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Create an alarm . . . . . . . . . . . . . . . . . . 112
Testing alarms . . . . . . . . . . . . . . . . . . . 112
Trigger alarms manually . . . . . . . . . . . . . . . . 113
Trigger alarms automatically using event-to-actions . . . . . . . . . 113
Responding to alarms . . . . . . . . . . . . . . . . . 115
Investigating current and past alarms . . . . . . . . . . . . . 116
Managing threat levels . . . . . . . . . . . . . . . . . 117
What are threat levels for? . . . . . . . . . . . . . . . . 117
Differences between threat levels and alarms . . . . . . . . . . . 117
Create a threat level . . . . . . . . . . . . . . . . . 119
Configuring threat level actions . . . . . . . . . . . . . . 121
Actions exclusive to threat levels . . . . . . . . . . . . . . 122
Threat level limitations . . . . . . . . . . . . . . . . . 122
Threat level scenarios . . . . . . . . . . . . . . . . . 123
Threat level related tasks . . . . . . . . . . . . . . . . 127
Federating remote systems . . . . . . . . . . . . . . . . 128
Types of federations . . . . . . . . . . . . . . . . . 128
What are federated entities? . . . . . . . . . . . . . . . 128
Federating Omnicast systems . . . . . . . . . . . . . . . 131
Federating Security Center systems . . . . . . . . . . . . . . 133
Advanced settings for large federations . . . . . . . . . . . . . 134
Defining custom fields and data types . . . . . . . . . . . . . 136
Why use custom fields?. . . . . . . . . . . . . . . . . 136
Add a custom field . . . . . . . . . . . . . . . . . . 136
Add a custom data type. . . . . . . . . . . . . . . . . 138
Modify a custom data type . . . . . . . . . . . . . . . . 139
Integrating with Windows Active Directory . . . . . . . . . . . . 140
What is Active Directory integration? . . . . . . . . . . . . . 140
What are the benefits of AD integration? . . . . . . . . . . . . 140
How does Active Directory integration work? . . . . . . . . . . . 141
How does synchronization work? . . . . . . . . . . . . . . 142
What information can be synchronized with the AD? . . . . . . . . . 142
Import security groups from an Active Directory . . . . . . . . . . 143
Select which cardholder fields to synchronize with the AD . . . . . . . . 146
Mapping the credential card format to an AD attribute . . . . . . . . . 147

[Link] | Security Center Administrator Guide 5.2 viii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Map custom fields to synchronize with the AD . . . . . . . . . . 148
Resolve conflicts due to imported entities . . . . . . . . . . . 149
Modifying imported users . . . . . . . . . . . . . . . 151
Modifying imported cardholders . . . . . . . . . . . . . 151
Logging on with an Active Directory user . . . . . . . . . . . 153
Managing intrusion panels . . . . . . . . . . . . . . . 155
How are intrusion detection panels represented in Security Center? . . . . . 155
What does the Intrusion Manager role do? . . . . . . . . . . . 156
Enroll an intrusion panel . . . . . . . . . . . . . . . 156
Edit intrusion detection unit peripherals. . . . . . . . . . . . 158
Create an intrusion detection area . . . . . . . . . . . . . 159
Managing zones . . . . . . . . . . . . . . . . . . 160
What is IO linking? . . . . . . . . . . . . . . . . . 160
What is a zone? . . . . . . . . . . . . . . . . . . 160
About zone management roles . . . . . . . . . . . . . . 161
Creating zones . . . . . . . . . . . . . . . . . . 161
Which type of zone works best for me? . . . . . . . . . . . . 163
Supporting cross-platform development . . . . . . . . . . . . 164
What does the Web-based SDK role do? . . . . . . . . . . . . 164
Using the Web-based SDK . . . . . . . . . . . . . . . 164
Creating tile plugins . . . . . . . . . . . . . . . . . 165
Create a tile plugin that links to a Web site . . . . . . . . . . . 165
Create a tile plugin that links to a map file . . . . . . . . . . . 165

Chapter 7: Troubleshooting
Viewing system messages . . . . . . . . . . . . . . . . 168
Viewing system health events . . . . . . . . . . . . . . . 170
Viewing the health status and availability of entities . . . . . . . . . 171
System status task . . . . . . . . . . . . . . . . . . 172
Monitoring the status of your system . . . . . . . . . . . . . 177
Troubleshooting entity states . . . . . . . . . . . . . . . 179
Diagnosing entities . . . . . . . . . . . . . . . . . 180
Finding out who made changes on the system . . . . . . . . . . . 181
[Link] | Security Center Administrator Guide 5.2 ix
EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Investigating user related activity on the system . . . . . . . . . . . 182
Viewing properties of units in your system . . . . . . . . . . . . 184

Part III: Omnicast IP video surveillance

Chapter 8: Deploying Omnicast
What is Omnicast? . . . . . . . . . . . . . . . . . . 187
What are the Omnicast entities? . . . . . . . . . . . . . . . 188
Omnicast deployment process . . . . . . . . . . . . . . . 190
Omnicast deployment prerequisites . . . . . . . . . . . . . 190
Omnicast deployment procedure . . . . . . . . . . . . . . 191
Configuring the Archiver role . . . . . . . . . . . . . . . 193
What is the Archiver? . . . . . . . . . . . . . . . . . 193
Configure the Archiver . . . . . . . . . . . . . . . . . 193
Adding video units to your system . . . . . . . . . . . . . . 194
Configuring video units for trickling . . . . . . . . . . . . . 198
Configuring the Media Router role . . . . . . . . . . . . . . 203
What is the Media Router? . . . . . . . . . . . . . . . . 203
Configure the Media Router . . . . . . . . . . . . . . . 203
Beware of RTSP port conflict . . . . . . . . . . . . . . . 204
Configuring the Auxiliary Archiver role . . . . . . . . . . . . . 205
What is the Auxiliary Archiver? . . . . . . . . . . . . . . 205
Configure the Auxiliary Archiver . . . . . . . . . . . . . . 207
Associate cameras to the Auxiliary Archiver . . . . . . . . . . . 208
Remove a camera from the Auxiliary Archiver . . . . . . . . . . . 209
Move the Auxiliary Archiver to a different server . . . . . . . . . . 209
Configuring cameras . . . . . . . . . . . . . . . . . . 210
Recommended camera configuration process . . . . . . . . . . . 210
Configuring video streams . . . . . . . . . . . . . . . . 211
Configure visual tracking . . . . . . . . . . . . . . . . 213
Test the video quality of your camera . . . . . . . . . . . . . 214
Configure PTZ motors . . . . . . . . . . . . . . . . . 215
Creating camera sequences . . . . . . . . . . . . . . . . 219
Configuring analog monitors . . . . . . . . . . . . . . . . 221

[Link] | Security Center Administrator Guide 5.2 x

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configure analog monitors . . . . . . . . . . . . . . . 221
Testing your analog monitor configuration . . . . . . . . . . . 223

Chapter 9: Managing Omnicast

Managing video archives . . . . . . . . . . . . . . . . 225
What constitutes a video archive? . . . . . . . . . . . . . 225
Managing the archive storage . . . . . . . . . . . . . . 226
Protecting your video archives . . . . . . . . . . . . . . . 228
Protecting your video archive against storage failure . . . . . . . . . 228
Protecting your video archive against hardware failure . . . . . . . . 228
Protecting video archive against routine cleanup. . . . . . . . . . 230
Protecting video archive against tampering . . . . . . . . . . . 230
Protecting video files . . . . . . . . . . . . . . . . . 232
Viewing properties of video files . . . . . . . . . . . . . . 234
Replace video units . . . . . . . . . . . . . . . . . 235
Diagnosing video streams . . . . . . . . . . . . . . . . 236
Troubleshooting: Video units are offline . . . . . . . . . . . . 237
Troubleshooting: Cannot view live video . . . . . . . . . . . . 238
Troubleshooting: “Impossible to establish video session with the server” errors . . 241
Troubleshooting: No playback video available . . . . . . . . . . . 242
Troubleshooting: Cameras not recording . . . . . . . . . . . . 244
Troubleshooting: Cannot add video units . . . . . . . . . . . . 247
Troubleshooting: Cannot delete video units . . . . . . . . . . . 250
Troubleshooting: H.264 video stream issues . . . . . . . . . . . 251
Investigating Archiver events . . . . . . . . . . . . . . . 252

Part IV: Synergis IP access control

Chapter 10: Deploying Synergis
What is Synergis? . . . . . . . . . . . . . . . . . . 255
How does Synergis work? . . . . . . . . . . . . . . . 255
What are Synergis entities? . . . . . . . . . . . . . . . 256

[Link] | Security Center Administrator Guide 5.2 xi

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Uniqueness of the Synergis model . . . . . . . . . . . . . . 257
Synergis deployment process . . . . . . . . . . . . . . . . 259
Synergis deployment prerequisites . . . . . . . . . . . . . . 259
Synergis deployment procedure . . . . . . . . . . . . . . 260
Configuring the Access Manager role . . . . . . . . . . . . . . 263
Configure the Access Manager role . . . . . . . . . . . . . . 263
Add the unit manufacturer extensions . . . . . . . . . . . . . 264
Adding access control units to your system . . . . . . . . . . . . 264
Configuring access control units . . . . . . . . . . . . . . . 270
Understanding unit synchronization . . . . . . . . . . . . . 270
Synergis Master Controller’s unique characteristics . . . . . . . . . . 270
Configuring doors . . . . . . . . . . . . . . . . . . 271
Wiring doors to access control units . . . . . . . . . . . . . 271
Create and configure your doors . . . . . . . . . . . . . . 271
Configuring a buzzer . . . . . . . . . . . . . . . . . 272
Configuring readerless doors using Input/Output modules . . . . . . . . 272
Associate cameras to doors . . . . . . . . . . . . . . . . 273
Using the Walkthrough wizard . . . . . . . . . . . . . . . 274
Why use the Walkthrough wizard? . . . . . . . . . . . . . . 274
Assigning doors to access control units using the Walkthrough Wizard . . . . . 275
Configuring elevators . . . . . . . . . . . . . . . . . . 277
Hardware for elevator control and floor tracking . . . . . . . . . . 277
Configuring elevator floors . . . . . . . . . . . . . . . . 278
Create an elevator . . . . . . . . . . . . . . . . . . 278
Configuring secured areas . . . . . . . . . . . . . . . . 281
Create an area . . . . . . . . . . . . . . . . . . . 281
Add members to an area . . . . . . . . . . . . . . . . 282
Configure doors for an area . . . . . . . . . . . . . . . 282
Configure antipassback. . . . . . . . . . . . . . . . . 283
Configure interlock . . . . . . . . . . . . . . . . . 283
Configuring access rules . . . . . . . . . . . . . . . . . 284
Create and configure access rules . . . . . . . . . . . . . . 284
Configuring cardholders and cardholder groups . . . . . . . . . . . 286
Create a cardholder in Config Tool . . . . . . . . . . . . . . 286

[Link] | Security Center Administrator Guide 5.2 xii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Create a cardholder group in Config Tool . . . . . . . . . . . 287
About the maximum cardholder picture file size . . . . . . . . . . 287
Import cardholders from a flat file . . . . . . . . . . . . . 287
Importing cardholders from an Active Directory . . . . . . . . . 287
Managing cardholders in Security Desk . . . . . . . . . . . . 287
Configuring credentials . . . . . . . . . . . . . . . . 288
Create a credential in Config Tool . . . . . . . . . . . . . 288
Import credentials from a flat file . . . . . . . . . . . . . 290
Importing credentials from an Active Directory . . . . . . . . . . 290
Enrolling credentials from Security Desk . . . . . . . . . . . 290
Using custom card formats . . . . . . . . . . . . . . . 290
Defining badge templates . . . . . . . . . . . . . . . . 292
Testing your configuration . . . . . . . . . . . . . . . 298

Chapter 11: Managing Synergis

Managing global cardholders . . . . . . . . . . . . . . . 300
What is global cardholder management? . . . . . . . . . . . 300
How does global cardholder management work? . . . . . . . . . 300
Rules and restrictions regarding GCM . . . . . . . . . . . . 305
Configuring global cardholder management . . . . . . . . . . . 307
Operating on global entities . . . . . . . . . . . . . . . 309
Viewing access control health events . . . . . . . . . . . . . 312
Investigating access control unit events . . . . . . . . . . . . 313
Viewing IO configuration of access control units . . . . . . . . . . 314
Replace access control units . . . . . . . . . . . . . . . 315
Replacing HID VertX 1000 units with SMC units . . . . . . . . . . 316
Troubleshoot HID discovery and enrollment . . . . . . . . . . . 318
Common discovery and enrollment issues . . . . . . . . . . . 318
HID unit cannot be found with the discovery tool . . . . . . . . . 319
HID unit enrollment issues . . . . . . . . . . . . . . . 319
Finding out which entities are affected by access rules . . . . . . . . . 321
Viewing properties of cardholder group members. . . . . . . . . . 322
Viewing credential properties of cardholders . . . . . . . . . . . 323
[Link] | Security Center Administrator Guide 5.2 xiii
EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 How the Access troubleshooter tool works . . . . . . . . . . . . 324
Troubleshooting access points . . . . . . . . . . . . . . . 325
Troubleshooting cardholder access rights. . . . . . . . . . . . . 326
Diagnosing cardholder access rights based on credentials . . . . . . . . 327
Finding out who is granted access to doors and elevators . . . . . . . . . 328
Finding out who is granted/denied access at access points . . . . . . . . 329
Troubleshoot door issues . . . . . . . . . . . . . . . . . 330
Request to exit events . . . . . . . . . . . . . . . . . 330
Credential issues . . . . . . . . . . . . . . . . . . 330
Resolution of reader issues . . . . . . . . . . . . . . . . 331

Part V: AutoVu IP license plate recognition

Chapter 12: Deploying AutoVu

Part VI: Config Tool reference

Chapter 13: Entity types
Common configuration tabs . . . . . . . . . . . . . . . . 336
Identity . . . . . . . . . . . . . . . . . . . . 336
Cameras . . . . . . . . . . . . . . . . . . . . 338
Custom fields . . . . . . . . . . . . . . . . . . . 339
Location . . . . . . . . . . . . . . . . . . . . 340
Access control unit . . . . . . . . . . . . . . . . . . 341
Properties (SMC) . . . . . . . . . . . . . . . . . . 342
Properties (HID) . . . . . . . . . . . . . . . . . . 344
Portal (SMC) . . . . . . . . . . . . . . . . . . . 347
Network (HID). . . . . . . . . . . . . . . . . . . 348
Peripherals . . . . . . . . . . . . . . . . . . . . 349
Health . . . . . . . . . . . . . . . . . . . . . 350
Synchronization . . . . . . . . . . . . . . . . . . 351
Access rule . . . . . . . . . . . . . . . . . . . . 353
Properties . . . . . . . . . . . . . . . . . . . . 354
Alarm . . . . . . . . . . . . . . . . . . . . . . 355

[Link] | Security Center Administrator Guide 5.2 xiv

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Properties . . . . . . . . . . . . . . . . . . . 356
Advanced . . . . . . . . . . . . . . . . . . . 358
Analog monitor . . . . . . . . . . . . . . . . . . 361
Properties . . . . . . . . . . . . . . . . . . . 362
Area . . . . . . . . . . . . . . . . . . . . . 364
Properties . . . . . . . . . . . . . . . . . . . 365
Members . . . . . . . . . . . . . . . . . . . 367
Access rules . . . . . . . . . . . . . . . . . . . 368
Badge template. . . . . . . . . . . . . . . . . . . 369
Badge designer . . . . . . . . . . . . . . . . . . 370
Camera (video encoder) . . . . . . . . . . . . . . . . 372
Video . . . . . . . . . . . . . . . . . . . . 373
Recording . . . . . . . . . . . . . . . . . . . 382
Motion detection . . . . . . . . . . . . . . . . . 383
Color . . . . . . . . . . . . . . . . . . . . 391
Visual tracking . . . . . . . . . . . . . . . . . . 392
Hardware . . . . . . . . . . . . . . . . . . . 393
Camera sequence . . . . . . . . . . . . . . . . . . 397
Cameras . . . . . . . . . . . . . . . . . . . 398
Cardholder. . . . . . . . . . . . . . . . . . . . 399
Properties . . . . . . . . . . . . . . . . . . . 400
Picture . . . . . . . . . . . . . . . . . . . . 401
Cardholder group . . . . . . . . . . . . . . . . . . 402
Properties . . . . . . . . . . . . . . . . . . . 403
Cash register . . . . . . . . . . . . . . . . . . . 404
Credential . . . . . . . . . . . . . . . . . . . . 405
Properties . . . . . . . . . . . . . . . . . . . 406
Badge template . . . . . . . . . . . . . . . . . . 407
Door . . . . . . . . . . . . . . . . . . . . . 408
Properties . . . . . . . . . . . . . . . . . . . 409
Unlock schedules . . . . . . . . . . . . . . . . . 411
Hardware . . . . . . . . . . . . . . . . . . . 412
Access rules . . . . . . . . . . . . . . . . . . . 413

[Link] | Security Center Administrator Guide 5.2 xv

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Elevator . . . . . . . . . . . . . . . . . . . . . 414
Floors . . . . . . . . . . . . . . . . . . . . . 415
Access . . . . . . . . . . . . . . . . . . . . . 416
Advanced . . . . . . . . . . . . . . . . . . . . 417
Hotlist. . . . . . . . . . . . . . . . . . . . . . 418
Properties . . . . . . . . . . . . . . . . . . . . 419
Advanced . . . . . . . . . . . . . . . . . . . . 422
Intrusion detection area . . . . . . . . . . . . . . . . . 425
Properties . . . . . . . . . . . . . . . . . . . . 426
Intrusion detection unit . . . . . . . . . . . . . . . . . 427
Properties . . . . . . . . . . . . . . . . . . . . 428
Peripherals . . . . . . . . . . . . . . . . . . . . 429
LPR unit . . . . . . . . . . . . . . . . . . . . . 430
Properties . . . . . . . . . . . . . . . . . . . . 431
Macro . . . . . . . . . . . . . . . . . . . . . . 433
Properties . . . . . . . . . . . . . . . . . . . . 434
Default execution context . . . . . . . . . . . . . . . . 435
Monitor group . . . . . . . . . . . . . . . . . . . 436
Monitors . . . . . . . . . . . . . . . . . . . . 437
Network . . . . . . . . . . . . . . . . . . . . . 438
Properties . . . . . . . . . . . . . . . . . . . . 439
Output behavior . . . . . . . . . . . . . . . . . . . 441
Properties . . . . . . . . . . . . . . . . . . . . 442
Overtime rule . . . . . . . . . . . . . . . . . . . . 443
Properties . . . . . . . . . . . . . . . . . . . . 444
Parking lot . . . . . . . . . . . . . . . . . . . . 446
Parking facility . . . . . . . . . . . . . . . . . . . 448
Properties . . . . . . . . . . . . . . . . . . . . 449
Partition . . . . . . . . . . . . . . . . . . . . . 451
Properties . . . . . . . . . . . . . . . . . . . . 452
Accepted users . . . . . . . . . . . . . . . . . . . 453
Patroller . . . . . . . . . . . . . . . . . . . . . 454
Properties . . . . . . . . . . . . . . . . . . . . 455
Permit. . . . . . . . . . . . . . . . . . . . . . 457

[Link] | Security Center Administrator Guide 5.2 xvi

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Properties . . . . . . . . . . . . . . . . . . . 458
Permit restriction . . . . . . . . . . . . . . . . . . 461
Properties . . . . . . . . . . . . . . . . . . . 462
Parking lot . . . . . . . . . . . . . . . . . . . 464
Public task . . . . . . . . . . . . . . . . . . . . 465
Role . . . . . . . . . . . . . . . . . . . . . 466
Schedule . . . . . . . . . . . . . . . . . . . . 467
Properties . . . . . . . . . . . . . . . . . . . 468
Setting the time range . . . . . . . . . . . . . . . . 469
Using the ordinal pattern . . . . . . . . . . . . . . . 472
Scheduled task . . . . . . . . . . . . . . . . . . . 473
Properties . . . . . . . . . . . . . . . . . . . 474
Server . . . . . . . . . . . . . . . . . . . . . 475
Properties . . . . . . . . . . . . . . . . . . . 476
Server Admin . . . . . . . . . . . . . . . . . . 477
Directory tab . . . . . . . . . . . . . . . . . . 477
Genetec Server tab . . . . . . . . . . . . . . . . . 480
Tile plugin . . . . . . . . . . . . . . . . . . . . 484
Properties . . . . . . . . . . . . . . . . . . . 485
User . . . . . . . . . . . . . . . . . . . . . 486
Properties . . . . . . . . . . . . . . . . . . . 487
Workspace . . . . . . . . . . . . . . . . . . . 489
Security . . . . . . . . . . . . . . . . . . . . 490
Privileges . . . . . . . . . . . . . . . . . . . 492
User group . . . . . . . . . . . . . . . . . . . . 493
Properties . . . . . . . . . . . . . . . . . . . 494
Security . . . . . . . . . . . . . . . . . . . . 495
Privileges . . . . . . . . . . . . . . . . . . . 497
Video unit . . . . . . . . . . . . . . . . . . . . 498
Identity . . . . . . . . . . . . . . . . . . . . 499
Properties . . . . . . . . . . . . . . . . . . . 500
Peripherals . . . . . . . . . . . . . . . . . . . 502
Zone (hardware) . . . . . . . . . . . . . . . . . . 506

[Link] | Security Center Administrator Guide 5.2 xvii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Properties . . . . . . . . . . . . . . . . . . . . 507
Arming . . . . . . . . . . . . . . . . . . . . 508
Zone (virtual) . . . . . . . . . . . . . . . . . . . . 510
Properties . . . . . . . . . . . . . . . . . . . . 511
Arming . . . . . . . . . . . . . . . . . . . . 512

Chapter 14: Role types

Access Manager . . . . . . . . . . . . . . . . . . . 515
Properties . . . . . . . . . . . . . . . . . . . . 516
Extensions . . . . . . . . . . . . . . . . . . . . 517
Resources . . . . . . . . . . . . . . . . . . . . 518
Active Directory . . . . . . . . . . . . . . . . . . . 520
Properties . . . . . . . . . . . . . . . . . . . . 521
Links . . . . . . . . . . . . . . . . . . . . . 522
Resources . . . . . . . . . . . . . . . . . . . . 524
Archiver . . . . . . . . . . . . . . . . . . . . . 525
Camera recording . . . . . . . . . . . . . . . . . . 526
Trickling . . . . . . . . . . . . . . . . . . . . 528
Extensions . . . . . . . . . . . . . . . . . . . . 532
Resources . . . . . . . . . . . . . . . . . . . . 537
Auxiliary Archiver . . . . . . . . . . . . . . . . . . 547
Camera recording . . . . . . . . . . . . . . . . . . 548
Cameras . . . . . . . . . . . . . . . . . . . . 550
Resources . . . . . . . . . . . . . . . . . . . . 551
Directory . . . . . . . . . . . . . . . . . . . . . 555
Configuring the Directory role . . . . . . . . . . . . . . . 555
Managing the Directory role . . . . . . . . . . . . . . . 555
Directory Manager . . . . . . . . . . . . . . . . . . 556
Directory servers . . . . . . . . . . . . . . . . . . 557
Database failover . . . . . . . . . . . . . . . . . . 558
Global Cardholder Synchronizer . . . . . . . . . . . . . . . 561
Properties . . . . . . . . . . . . . . . . . . . . 562
Resources . . . . . . . . . . . . . . . . . . . . 563
Health Monitor . . . . . . . . . . . . . . . . . . . 564

[Link] | Security Center Administrator Guide 5.2 xviii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Properties . . . . . . . . . . . . . . . . . . . 565
Resources . . . . . . . . . . . . . . . . . . . 566
Intrusion Manager . . . . . . . . . . . . . . . . . . 567
Properties . . . . . . . . . . . . . . . . . . . 568
Extensions . . . . . . . . . . . . . . . . . . . 569
Resources . . . . . . . . . . . . . . . . . . . 570
LPR Manager . . . . . . . . . . . . . . . . . . . 571
Properties . . . . . . . . . . . . . . . . . . . 572
Resources . . . . . . . . . . . . . . . . . . . 590
Media Router . . . . . . . . . . . . . . . . . . . 591
Properties . . . . . . . . . . . . . . . . . . . 592
Resources . . . . . . . . . . . . . . . . . . . 594
Omnicast Federation . . . . . . . . . . . . . . . . . 596
Identity . . . . . . . . . . . . . . . . . . . . 597
Properties . . . . . . . . . . . . . . . . . . . 598
Resources . . . . . . . . . . . . . . . . . . . 599
Plugin . . . . . . . . . . . . . . . . . . . . . 600
Point of Sale . . . . . . . . . . . . . . . . . . . 601
Properties . . . . . . . . . . . . . . . . . . . 602
Cash registers . . . . . . . . . . . . . . . . . . 603
Resources . . . . . . . . . . . . . . . . . . . 604
Report Manager . . . . . . . . . . . . . . . . . . 605
Properties . . . . . . . . . . . . . . . . . . . 605
Resources . . . . . . . . . . . . . . . . . . . 606
Security Center Federation . . . . . . . . . . . . . . . 607
Identity . . . . . . . . . . . . . . . . . . . . 608
Properties . . . . . . . . . . . . . . . . . . . 609
Resources . . . . . . . . . . . . . . . . . . . 610
Web-based SDK . . . . . . . . . . . . . . . . . . 611
Properties . . . . . . . . . . . . . . . . . . . 612
Resources . . . . . . . . . . . . . . . . . . . 613

[Link] | Security Center Administrator Guide 5.2 xix

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone Manager. . . . . . . . . . . . . . . . . . . . 614
Properties . . . . . . . . . . . . . . . . . . . . 615
Resources . . . . . . . . . . . . . . . . . . . . 616

Chapter 15: Administration tasks

Alarms . . . . . . . . . . . . . . . . . . . . . 618
Logical view . . . . . . . . . . . . . . . . . . . . 619
Network view . . . . . . . . . . . . . . . . . . . . 621
Security . . . . . . . . . . . . . . . . . . . . . 623
System . . . . . . . . . . . . . . . . . . . . . 624
General settings . . . . . . . . . . . . . . . . . . 624
Custom fields . . . . . . . . . . . . . . . . . . . 625
Events . . . . . . . . . . . . . . . . . . . . . 628
Actions. . . . . . . . . . . . . . . . . . . . . 630
Logical ID . . . . . . . . . . . . . . . . . . . . 631
User password settings . . . . . . . . . . . . . . . . . 632
Activity trails . . . . . . . . . . . . . . . . . . . 633
Audio . . . . . . . . . . . . . . . . . . . . . 634
Threat levels . . . . . . . . . . . . . . . . . . . 635
Video . . . . . . . . . . . . . . . . . . . . . . 636
Access control . . . . . . . . . . . . . . . . . . . . 638
Roles and units . . . . . . . . . . . . . . . . . . . 639
General settings . . . . . . . . . . . . . . . . . . 640
Intrusion detection . . . . . . . . . . . . . . . . . . 642
LPR . . . . . . . . . . . . . . . . . . . . . . 644
Roles and units . . . . . . . . . . . . . . . . . . . 645
General settings . . . . . . . . . . . . . . . . . . 646
Plugins . . . . . . . . . . . . . . . . . . . . . 655

Chapter 16: Tools and utilities

Security Desk . . . . . . . . . . . . . . . . . . . . 657
Access troubleshooter . . . . . . . . . . . . . . . . . . 658
Unit discovery tool . . . . . . . . . . . . . . . . . . 659
Unit replacement . . . . . . . . . . . . . . . . . . . 660
[Link] | Security Center Administrator Guide 5.2 xx
EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Move unit . . . . . . . . . . . . . . . . . . . . 661
Moving units . . . . . . . . . . . . . . . . . . 661
Import tool . . . . . . . . . . . . . . . . . . . 663
Sample import scenario . . . . . . . . . . . . . . . . 663
Fields that can be imported from a CSV file . . . . . . . . . . . 668
About entity creations and updates . . . . . . . . . . . . . 672
Replacing old credentials . . . . . . . . . . . . . . . 672
Copy configuration tool . . . . . . . . . . . . . . . . 674
Using the copy configuration tool . . . . . . . . . . . . . 674
Custom card format editor . . . . . . . . . . . . . . . 676
Defining custom card formats . . . . . . . . . . . . . . 676
Deleting a custom card format . . . . . . . . . . . . . . 683
Options dialog box. . . . . . . . . . . . . . . . . . 684
General options . . . . . . . . . . . . . . . . . . 685
Keyboard shortcuts . . . . . . . . . . . . . . . . . 687
Visual options . . . . . . . . . . . . . . . . . . 689
User interaction options. . . . . . . . . . . . . . . . 691
Video options . . . . . . . . . . . . . . . . . . 694
Performance options . . . . . . . . . . . . . . . . 695
Date and time options . . . . . . . . . . . . . . . . 696
External devices . . . . . . . . . . . . . . . . . . 697
Adding shortcuts to external tools . . . . . . . . . . . . . . 698

Chapter 17: User privileges

Application privileges . . . . . . . . . . . . . . . . . 701
General privileges . . . . . . . . . . . . . . . . . . 702
Administrative privileges . . . . . . . . . . . . . . . . 703
Logical entities . . . . . . . . . . . . . . . . . . 703
Physical entities . . . . . . . . . . . . . . . . . 703
Schedule Management . . . . . . . . . . . . . . . . 706
Access control management . . . . . . . . . . . . . . 707
Alarm management . . . . . . . . . . . . . . . . 709
LPR management . . . . . . . . . . . . . . . . . 709

[Link] | Security Center Administrator Guide 5.2 xxi

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Task privileges . . . . . . . . . . . . . . . . . . . 710
Action privileges . . . . . . . . . . . . . . . . . . . 714

Chapter 18: Reporting task reference

Query filters . . . . . . . . . . . . . . . . . . . . 718
Report pane columns . . . . . . . . . . . . . . . . . . 730

Chapter 19: Events and actions in Security Center

Event types . . . . . . . . . . . . . . . . . . . . 754
Action types . . . . . . . . . . . . . . . . . . . . 767

Chapter 20: Keyboard shortcuts in Config Tool

Default keyboard shortcuts . . . . . . . . . . . . . . . . 774

Part VII: Appendices

Appendix A: License options
Viewing license information from Config Tool . . . . . . . . . . . 778
Viewing license information from Server Admin . . . . . . . . . . . 779
License option descriptions . . . . . . . . . . . . . . . . 780
Security Center license options . . . . . . . . . . . . . . . 780
Synergis license options . . . . . . . . . . . . . . . . 781
Omnicast license options . . . . . . . . . . . . . . . . 782
AutoVu license options. . . . . . . . . . . . . . . . . 783
Mobile license options . . . . . . . . . . . . . . . . . 783
Certificate license options . . . . . . . . . . . . . . . . 784

Appendix B: Default Security Center ports

Common communication ports . . . . . . . . . . . . . . . 786
AutoVu-specific ports. . . . . . . . . . . . . . . . . . 787
Synergis-specific ports . . . . . . . . . . . . . . . . . 788
Omnicast-specific ports . . . . . . . . . . . . . . . . . 789

[Link] | Security Center Administrator Guide 5.2 xxii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Appendix C: HID reference
Network configuration . . . . . . . . . . . . . . . . . 791
Refer to HID’s documentation for initial hardware setup . . . . . . . . 791
Using the HID Discovery GUI utility . . . . . . . . . . . . . . 792
HID initial configurations . . . . . . . . . . . . . . . . 793
Special considerations when configuring HID units . . . . . . . . . . 794
For HID V1000 units . . . . . . . . . . . . . . . . . 794
Other HID hardware . . . . . . . . . . . . . . . . . 794
HID factory default input settings . . . . . . . . . . . . . . 794
Modify input configurations . . . . . . . . . . . . . . . 795
Interpreting the Power and Comm LEDs on an HID unit . . . . . . . . 796
Supported features and models . . . . . . . . . . . . . . . 797
Supported access control software and hardware . . . . . . . . . . 797
Access control unit modes of operation . . . . . . . . . . . . . 800
About offline, mixed, and online modes of operation . . . . . . . . . 800
Supported modes of operation per unit type . . . . . . . . . . . 800
Access control unit configuration. . . . . . . . . . . . . . . 808
General versus dedicated inputs . . . . . . . . . . . . . . 808
Configuring a door with reader . . . . . . . . . . . . . . 808
Configuring a door with two door sensors . . . . . . . . . . . . 808
Wiring diagrams . . . . . . . . . . . . . . . . . . . 809
HID Edge reader & Edge Plus . . . . . . . . . . . . . . . 809
HID VertX V1000 . . . . . . . . . . . . . . . . . . 810
HID VertX V2000 . . . . . . . . . . . . . . . . . . 811

Appendix D: Bosch reference

How Bosch intrusion panel integration works . . . . . . . . . . . 813

Appendix E: Honeywell reference

How Galaxy Dimension control panel integration works . . . . . . . . . 815

Glossary . . . . . . . . . . . . . . . . . . .816

Index . . . . . . . . . . . . . . . . . . . .856

[Link] | Security Center Administrator Guide 5.2 xxiii

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Part I

Introduction to Security Center

Take a tour of Security Center and learn the basics of using the user interface.
This part includes the following chapters:
• Chapter 1, “Welcome to Security Center” on page 2
• Chapter 2, “Getting started with Config Tool” on page 8
• Chapter 3, “Working with tasks” on page 21
• Chapter 4, “Working with reports” on page 29
 1
Welcome to Security Center
This section includes the following topics:
• "What is Security Center?" on page 3
• "Architecture overview" on page 6

[Link] | Security Center Administrator Guide 5.2 2

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What is Security Center?

What is Security Center?

Security Center is the unified security platform that seamlessly blends Genetec's IP security and
safety systems within a single innovative solution. The systems unified under Security Center
include Genetec's Omnicast IP video surveillance, Synergis IP access control, and AutoVu IP
license plate recognition system.

The Security Center unified security platform provides:

• One platform controlling and managing video/access/LPR edge devices.
• One user interface for monitoring, reporting, and managing events and alarms for video
surveillance, access control, and LPR - Security Desk.
• One user interface for configuring video surveillance, access control, and LPR - Config
Tool.
• Unified live video viewing with video searches and video playback.

Security Center features are divided into four main categories:

• Common/Core features
• Omnicast – Video surveillance features
• Synergis – Access control features
• AutoVu – License plate recognition (LPR) features

[Link] | Security Center Administrator Guide 5.2 3

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What is Security Center?

Common/Core features
• Alarm management
• Zone management
• Federation
• Intrusion panel integration
• Report management
• Schedule and scheduled task management
• User and user group management
• Windows Active Directory integration
• Programmable automated system behavior

Omnicast – Video surveillance features

• Full camera configuration and management (new in 5.2)
• View live and playback video from all cameras
• Full PTZ control using the PC or CCTV keyboard, or on screen using the mouse
• Digital zoom
• Motion detection
• Bookmark any important scene to ease future video archive search and retrieval
• Save and print video snapshots
• Search video by alarm, bookmark, event, motion, or date and time
• View all cameras on independent or synchronized timelines
• Visual tracking: follow individuals or moving objects across different cameras
• Export video in the Genetec G64 format, or a public ASF format
• Protect video against accidental deletion
• Protect video against tampering by using watermarks

Synergis – Access control features

• Cardholder management
• Credential management
• Visitor management
• Door management
• Access rule management
• People counting

[Link] | Security Center Administrator Guide 5.2 4

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What is Security Center?

AutoVu – License plate recognition (LPR) features

• Fixed and mobile (with Patroller) LPR solution management
• Automatic identification of stolen (or scofflaw) vehicles
• Enforcement of city parking regulations (not involving permits)
• Enforcement of parking lot regulations (involving permits)
• License plate inventory in large parking facilities

[Link] | Security Center Administrator Guide 5.2 5

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Architecture overview

Architecture overview
This section provides an overview of the components in a Security Center system. The setup and
configuration of these components are explained later in this guide.
This section includes the following topics:
• "About Security Center components" on page 6
• "What is Genetec Server?" on page 7

About Security Center components

Security Center’s architecture is based on a client/server model, where all system functions are
handled by a pool of server computers distributed over an IP network.
Every Security Center system must have its own pool of servers. Their number can range from
a single machine for a small system to hundreds of machines for a large scale system.

NOTE The icons colored in blue represent the computers where Security Center server and client
components are installed.

[Link] | Security Center Administrator Guide 5.2 6

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Architecture overview

What is Genetec Server?

Genetec Server is the Windows service you must install on every computer that you want
included in the pool of servers available for Security Center to use. Every server is a generic
computing resource capable of taking on any role (set of functions) you assign to it.
You can increase the computing power of your Security Center system at any time by adding
more servers to your pool of resources.

What is the main server?

The main server is the only server on your system that hosts the Directory role. The Directory is
the role that gives your system its identity. All other servers on the system must connect to the
main server in order to be part of the same system.
You can have only one main server on any Security Center system.

What is an expansion server

An expansion server is any computer other than the main server that you add to your system to
increase its total computing power. An expansion server must connect to the main server and
can host any role in Security Center, except the Directory role.
You can add expansion servers at any time. For more information, see "Add an expansion server
to your system" on page 47.

What is a role?
A role is a software module that performs a specific job within Security Center. For example, you
can assign roles for archiving video, for controlling a group of units, or for synchronizing
Security Center users with your corporate directory service.
You create and configure roles using Config Tool. You can assign one or more roles to a single
server, or assign multiple servers to the same role to provide load balancing and failover. For
more information, see "How role failover works in Security Center" on page 61.
For each role you create, you can specify its parameters. After you’ve configured a role, you can
move it to any server on your system (for example, one with a faster processor or more disk
space) without having to install any additional software on that server.
For a list of role types available in Security Center and what they are used for, see "Role types"
on page 514.

[Link] | Security Center Administrator Guide 5.2 7

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 2
Getting started with Config Tool
This section provides you with basic knowledge about Config Tool, the main application an
administrator needs to configure Security Center. Once you’ve learned the basic concepts
described in this section, you can refer to the "Config Tool reference" on page 334 for specific
information on Config Tool topics.
This section includes the following topics:
• "Connecting to Security Center" on page 9
• "Differences between Config Tool 5.1 and 5.2" on page 11
• "Config Tool interface tour" on page 13

[Link] | Security Center Administrator Guide 5.2 8

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Connecting to Security Center

Connecting to Security Center

This section describes how to connect to Security Center.
This section includes the following topics:
• "Log on" on page 9
• "Change your password" on page 10
• "Log off " on page 10
• "Close the application" on page 10

Log on
Before you begin: You need your username, password, and Directory name.
1 To open Config Tool, click Start > All Programs > Genetec Security Center 5.2 > Config Tool.

2 In the Logon dialog box, enter the required information.

If you have just installed Security Center, log on with the default administrative user Admin
with a blank password. The Directory name is the name or IP address of your main server.
If you are running Config Tool on your main server, you can leave the Directory field blank.
3 Click Log on.
The Home page appears. For more information, see "Home page overview" on page 14.
After you are done: Change the Admin user’s password if it hasn’t been changed yet.
IMPORTANT If active directory integration has been set up by your system administrator, and you
are connecting over a VPN connection, you must clear the Use Windows credentials check box
and type your username in the format DOMAIN\Username.
NOTE More logon options are available when an Active Directory is integrated to Security
Center. For more information, see "Logging on with an Active Directory user" on page 153.

[Link] | Security Center Administrator Guide 5.2 9

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Connecting to Security Center

Change your password

Best practice: It is recommended to change your password regularly.
1 From the Home page, click About.
2 In the About page, click Change password.
The Change password dialog box appears.

3 Enter your old password, then enter your new password twice.
4 Click OK.

Log off
You can log off from Security Center without closing Config Tool. Logging off disconnects you
from the Directory. Use this command when you plan to log on again using a different
username and password.
• From the Home page, click Log off.

Close the application

1 In the upper-right corner of the Config Tool window, click Exit ( ).
If you have unsaved tasks in your workspace, you are prompted to save them.
2 Click Save to automatically load the same task list the next time you open Config Tool.

[Link] | Security Center Administrator Guide 5.2 10

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Differences between Config Tool 5.1 and 5.2

Differences between Config Tool 5.1 and 5.2

The following table highlights the differences between Config Tool 5.1 and 5.2.

Item Config Tool 5.1 Config Tool 5.2

Home page Access the Home page by clicking the Access the Home page by clicking the Home tab.
Home button.

Favorites Favorite items displayed in the Favorites Favorite items listed in the Tasks tab in the Home
tab in the Home page. page.

Recently used Recent items displayed in the Recently Recent items listed in the Tasks tab in the Home
used tab in the Home page. page.

Private/public Private and public tasks are saved in the Private and public tasks are saved as separate tabs
tasks Saved tasks tab in the Home page. in the Home page.

License options All license options are displayed in the Some license options displayed in the About page
About page. can be turned on or off.

Task organization Tasks in the Tasks tab listed by task Tasks in the Tasks tab listed by task category
category (Administration, Operation, and (Administration, Operation, and Maintenance).
Maintenance), and solution type (access The solution types are indicated by a colored line
control, video, intrusion investigation, and under the task icons; red for access control, green
LPR). for video, and yellow for LPR.

Notification tray Can hide some of the notification tray All notification tray items can be shown or
items. hidden.

Selector Selector contains different tabs, such as The Logical view and Query tab are displayed, but
Logical view and Query tab. the selector is not indicated in the user interface.

Report commands Report commands grouped in the Report Report commands found at the top of the report
tab (export and print report) in pane (export and print report) in Maintenance
Maintenance tasks. tasks.

Select columns Select which columns to display from the Select which columns to display by right-clicking
Report tab in Maintenance tasks. a column heading in the report pane in
Maintenance tasks.

Configuring alarm Alarm entity configuration pages found in Alarm entity configuration pages found in the
entities the System task new Alarms task.

Credential Allows you to enroll credentials. Renamed to Credential management task.

enrollment task Allows you to enroll credentials, create and assign
credentials, and respond to credential card
printing requests.

Cardholder Three tabs for configuring cardholders: Two tabs for configuring cardholders: Identity
management Identity, Credentials, and Access rules. and Access rules. Credentials tab is merged into
the Identity tab.

[Link] | Security Center Administrator Guide 5.2 11

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Differences between Config Tool 5.1 and 5.2

Item Config Tool 5.1 Config Tool 5.2

Access control unit Access control maintenance report, where Renamed to Hardware inventory report.
configuration you can view the configuration of access A general maintenance report, where you can
report control units in your system. view the configuration of access control, video,
intrusion detection, and LPR units in your
system.

[Link] | Security Center Administrator Guide 5.2 12

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Config Tool interface tour

Config Tool interface tour

This section describes the main components of the Config Tool user interface.
This section includes the following topics:
• "How Config Tool is organized" on page 13
• "Home page overview" on page 14
• "Administration task workspace overview" on page 16
• "Maintenance task workspace overview" on page 19

How Config Tool is organized

Config Tool is organized by tasks. All tasks can be customized, and multiple tasks can be carried
out simultaneously. You might not see all the tasks and commands described in this guide,
depending on your license options and user privileges. There are user privileges for each Config
Tool task, and for many commands in Config Tool.

Tasks in the Home page are organized into three categories:

• Administration. Administration tasks used to create and configure the entities required to
model your system.
• Operation. Tasks related to day-to-day Security Center operations.
• Maintenance. Tasks related to maintenance and troubleshooting.
Under each major category, the tasks are further divided as follows:
• Common tasks. Tasks that are shared by all three Security Center software modules. These
tasks are always available regardless of which modules are supported by your software
license.
• Access control. Tasks related to access control. Access control tasks are displayed with a red
line under their icons. They are only available if Synergis is supported by your software
license.
• Intrusion detection. Tasks that let you manage intrusion detection areas and units.
• LPR. Tasks related to license plate recognition. LPR tasks are displayed with a yellow line
under their icons. They are only available if AutoVu is supported by your software license.
• Video. Tasks related to video management. Video tasks are displayed with a green line
under their icons. They are only available if Omnicast is supported by your software license.

[Link] | Security Center Administrator Guide 5.2 13

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Config Tool interface tour

Home page overview

This section describes the Home page, and key components of the Config Tool user interface.
The Home page is the main page in Config Tool. You can open the Home page by clicking Home
( ). It is also shown if the task list is empty.
A B C D

I
J

A Home tab • Click to show or hide the Home [Link]-click for a list of commands (for
example, save the workspace, close tasks, and so on).
B Current tasks Lists the tasks you currently have open and are working on.
• Click a task tab to switch to that task.
• Right-click a tab for a list of commands. See "Working with your current tasks"
on page 24.
C Notification Displays important information about your system. Hold your mouse pointer
tray over an icon to view system information, or double-click the icon to perform an
action.
You can choose which icons to show in the notification bar from the Options
dialog box. See "Notification tray" on page 690.
D List all tasks Click to view a list of all open tasks. This button only appears if the task tabs take
up the width of the taskbar.

[Link] | Security Center Administrator Guide 5.2 14

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Config Tool interface tour

E Search box Type the name of the task, tool, or entity you are looking for. All tasks, tools or
entities containing that text in their category, name, or description, are shown.
F Tasks Lists your recent items, favorites, and all the task types that are available to you.
Select a task to open from this tab.
G Private/ Click to view the saved tasks that are available to you.
public tasks • Private tasks. Tasks that you saved that are only available to you.
• Public tasks. Tasks that you or someone else saved that are available to the
general public.
To save a private or public task, see "Save a task" on page 26.
H Tools Click to view the tools that you can start directly from your Home page. The
Tools page is divided into two sections:
• Tools. This section shows the standard Security Center tools.
• External tools. This section shows the shortcuts to external tools and
applications. See "Adding shortcuts to external tools" on page 698.
I Options Click to configure Config Tool options. See "Options dialog box" on page 684.
J About Click to view information regarding your Security Center software, such as your
license, SMA, and software version. From the About page, you can also view the
following:
• Help. Click to open the online help.
• Change password. Click to change your password. See "Change your
password" on page 10.
• Contact us. Click to visit GTAP or the GTAP forum. You need an Internet
connection to visit these Web sites. See "Technical support" on page 878.
 Gather diagnostic information. This option collects diagnostic information
about your system. It is reserved for use by Genetec’s Technical Assistance
personnel. Please do not be concerned with this option.
• Installed components. Click to view the name and version of all installed
software components (DLLs).
• Copyright. Click to display software copyright information.
For information about your software license, see "License options" on page 777.
K Log off Click to log off without exiting the application.
L Favorites Right-click any task or tool to add or remove it from your Favorites list. You can
also drag a task into your favorites list. Tasks listed in favorites no longer appear
in the Recent items list.
M Recent items Lists your recently opened tasks and tools.
N Browse tasks Click to view all the tasks available to you. Click a task icon to open the task. If it
is a single-instance task, it will open. If you can have multiple instances of the
task, you are required to type a name for the task. If the task has multiple entity
views, you need to select an entity. See also, "Adding a task" on page 22.

[Link] | Security Center Administrator Guide 5.2 15

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Config Tool interface tour

Administration task workspace overview

Administration tasks used to create and configure the entities required to model your system.
This section takes you on a tour of the administration task layout, and describes the common
elements of most administration tasks. The Security task was used as an example. You can open
the Security task by typing its name in the Search box on the Home page.

For more information about administration tasks, see "Administration tasks" on page 617.

A
B
C
D

A Entity views You’ll typically find one view for each entity type managed by the task.
B Entity filter Enter a string in this field and type Enter to filter the entities in the browser by
name. Click Apply a custom filer ( ) to hand pick the entities you want to
show in the browser.
C Entity history Use these buttons to browse through recently used entities within this task.
D Entity browser Click an entity in the browser to show its settings on the right.
E Current entity The icon and name of the selected entity is displayed here.
F Configuration The entity settings are grouped by tabs. For more information about the
tabs configuration tabs for each entity type, see "Entity types" on page 335.

[Link] | Security Center Administrator Guide 5.2 16

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Config Tool interface tour

G Configuration This area displays the entity settings under the selected configuration tab.
page
H Apply/cancel You must Cancel or Apply any change you make on the current page before
changes you can move to a different page.
I Contextual Commands pertaining to the selected entity are displayed in the toolbar at the
commands bottom of the workspace. See "Contextual command toolbar" on page 17.

Contextual command toolbar

The commands pertaining to the selected entity in the browser are displayed at the bottom of the
task workspace, in the contextual toolbar. The following table describes them all in alphabetical
order.

Icon Command Applies to Description

Activate role All roles Activates the selected role.

Add a cardholder Access rules and Creates a cardholder and assigns it to the selected
cardholder groups entity.

Add a credential Cardholders Creates a credential and adds it to the selected

cardholder.

Add an entity All entities See "Create an entity manually" on page 37.

Assign to new door Access control Creates a door and assigns it to the selected access
units control unit.

Audit trails All entities Creates an Audit trails task for the selected entity.
See "Finding out who made changes on the system"
on page 181.

Conflict resolution Active Directory Opens the Active Directory conflict resolution
role dialog box. See "Resolve conflicts due to imported
entities" on page 149.

Copy All entities See "Copy configuration tool" on page 674.

configuration tool

Create an access Areas, doors, Creates an access rule and assigns it to the selected
rule elevators entity.

Deactivate role All roles Deactivates the selected role.

Delete All entities Deletes the selected entity from the system.
Discovered entities can only be deleted when they
are inactive.

[Link] | Security Center Administrator Guide 5.2 17

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Config Tool interface tour

Icon Command Applies to Description

Diagnose All roles, and Performs a diagnosis on the selected role or entity.
some entities

Enable Roles and physical Set a role or a physical device in maintenance mode
maintenance mode devices so its down time will not affect its availability
calculation by the Health Monitor. See "Set an
entity in maintenance mode" on page 80.

Health statistics Roles and physical Creates a Health statistics task for the selected
devices entity. See "Viewing the health status and
availability of entities" on page 171.

Identify Video units Flashes an LED on the selected unit to help locate it
on a rack.

Live video Cameras Opens a dialog box showing live video from the
selected camera. See "Test the video quality of your
camera" on page 214.

Move unit Access control Opens the Move unit tool, where you can move
and video units units from one manager to another. See "Move
unit" on page 661.

Ping Video units Pings the video unit to check if you can
communicate with it. This is helpful for
troubleshooting purposes.

Print badge Cardholders and Allows you to select a badge template and print a
credentials badge for the selected cardholder or credential.

Reboot Video and access Restarts the selected unit.

control units

Run macro Macros Runs the selected macro. See "Using macros" on
page 110.

Trigger alarm Alarms Triggers the selected alarm so it can be viewed in

Security Desk. See "Testing alarms" on page 112.

Unit discovery tool Access control Opens the Unit discovery tool, where you can find
and video units IP units connected to your network. See "Unit
discovery tool" on page 659.

Unit’s Web page Video units Opens a browser to configure the unit using the
Web page hosted on the unit.

Walkthrough Cardholders A tool that enrolls doors into Synergis in bulk, by

wizard having a cardholder present his credential at the
doors to be enrolled. See "Using the Walkthrough
wizard" on page 274.

[Link] | Security Center Administrator Guide 5.2 18

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Config Tool interface tour

Maintenance task workspace overview

Maintenance tasks are where you generate customized queries on the entities, activities, and
events in your Security Center system for maintenance and troubleshooting purposes.
This section takes you on a tour of the maintenance task layout, and describes the common
elements of most maintenance tasks. The Access rule configuration task was used as an example.
You can open the Access rule configuration task by typing its name in the Search box on the
Home page.

B
C
D

A Number of Displays the number of returned results. A warning is issued when your query
results returns too many rows. If this happens, adjust your query filters to reduce the
number of results.
B Query filters Use the filters in the query tab to set up your query. Click on a filter heading to
turn it on ( ) or off. Invalid filters display as Warning or Error. Hover your
mouse over the filter to view the reason it is invalid.
For a list of query filters available in Security Desk, see "Query filters" on
page 718.
C Export/print Click to export or print your report once it is generated. See "Generate a report"
report on page 30.

[Link] | Security Center Administrator Guide 5.2 19

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Config Tool interface tour

D Select Right-click a column heading to select which columns to display. For a list of
columns report columns available in Security Desk, see "Report pane columns" on
page 730.
E Report pane View the results of your report. Drag an item from the list to a tile in the canvas,
or right-click an item in the list to view more options associated with that item, if
applicable.
F Generate Click to run the report. This button is disabled if you have not selected any query
report filters, or when you have invalid filters. While the query is running, this button
changes to Cancel. Click on Cancel to interrupt the query.

[Link] | Security Center Administrator Guide 5.2 20

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 3
Working with tasks
This section includes the following topics:
• "Adding a task" on page 22
• "Working with your current tasks" on page 24

[Link] | Security Center Administrator Guide 5.2 21

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Adding a task
There are two ways you can add tasks to your workspace:
• "Create a new task" on page 22
• "Load a saved task" on page 23

Create a new task

1 From the Home page, do one of the following:
 Type the task name in the Search box.
 Click the Tasks tab, and then click Browse all tasks.
2 Click the task.
3 Depending on the task type you select, do one of the following:
 If only one instance of the task is allowed, the new task is created. Single-instance tasks
cannot be renamed.
 (Only Administration tasks) If the task contains more than one entity view, select a view
to configure.
This option is only available for administration tasks. Tasks that allow you to configure
more than one entity are indicated with a plus sign on the task icon.

 If more than one instance of the task is allowed, you are prompted to provide a task
name. Enter the task name, and click Create.

[Link] | Security Center Administrator Guide 5.2 22

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Adding a task

NOTE This behavior can be changed in the User interaction tab in the Options dialog
box. For more information, see "User interaction options" on page 691.
The new task is added to your task list.

Load a saved task

You can load tasks that you have previously saved as private or public tasks.
• Private tasks. Tasks that you saved that are only available to you.
• Public tasks. Tasks that you or someone else saved that are available to the general public.
1 From the Home page, click the Private tasks or Public tasks page.
2 Click a task.
The task you select opens.

[Link] | Security Center Administrator Guide 5.2 23

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Working with your current tasks
This section includes the following topics:
• "Task list commands" on page 24
• "Close the current task" on page 25
• "Reordering tasks" on page 25
• "Save a task" on page 26
• "Send a task to another workstation" on page 27
• "Change the taskbar position" on page 27
• "Set the taskbar to auto-hide" on page 27

Task list commands

You can edit and work with your current tasks by right-clicking any tab in the task list.

Command Description

Rename task Click to rename the selected task. Only tasks that accept multiple instances can be
renamed. You can also select the task tab, and then click F2 to rename the task.

Save Click to save any changes you made to a previously saved task.

Save as Click to save the task under a different name and scope (private or public). See
"Save a task" on page 26.

[Link] | Security Center Administrator Guide 5.2 24

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Working with your current tasks

Command Description

Send Click to send the selected task to another Security Desk user or workstation. See
"Send a task to another workstation" on page 27.

Close task Click to close the selected task. See also "Close the current task" on page 25.

Close all tasks Click to close all tasks in your current task list.

Close all other Click to close all tasks in your current task list, except the selected task.
tasks

Add to Favorites Click to add the selected task to your Favorites list on the Home page.

Remove from Click to remove the selected task from your Favorites list on the Home page.
Favorites

Save workspace Click to save the current task list and workspace. The same tasks and workspace
layout loads automatically the next time you log on to Security Desk with the
same username.
If you make changes to a task and save the workspace again, the previous
configuration is lost.
See also "Save a task" on page 26.

Sort by name Click to reorder the tasks in alphabetical order from left to right. See "Reordering
tasks" on page 25.

Tiles only Click to hide the selector pane, the event pane, and the dashboard. Only the
canvas tiles and task list are visible. This option is mainly used for the Monitoring
task.

Full screen Click to display the Security Desk window in full screen mode.

Close the current task

• On the task tab, click .

Reordering tasks
This section includes the following topics:
• "Sort tasks by name" on page 25
• "Reorder tasks manually" on page 26

Sort tasks by name

You can automatically reorder the tasks in the task list by name.
• Right-click anywhere on the task list, and select Sort by name.

[Link] | Security Center Administrator Guide 5.2 25

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Working with your current tasks

Reorder tasks manually

You can choose the task position in the task list manually.
• Click and hold a task tab, and drag it to the desired position in the list.

Save a task
You can save your tasks permanently in either the private task list that only you can access, or in
the public task list that everyone can access. The benefits for doing so are:
• You can delete your task from your active task list and reload it when you need it.
• Public tasks can be shared with other users.
• Public tasks can be used as a report template with the Email a report action.
The task characteristics that are saved are:
• The filter settings used by the task query.
• The report layout (choice and order of columns in the report).
• The canvas layout and the entities displayed in each tile.
NOTE The query results are not saved as part of the task definition. Only the query filters are
saved. The results are regenerated every time you run the query.

To save a task in a permanent list:

1 Do one of the following:
 Right-click the task tab, and click Save as.
 Use the CTRL+T keyboard shortcut.
NOTE A reporting task can be saved only when the query is fully qualified. You know that
your query is valid when the Generate report button in the Query tab is activated.
2 In the dialog box that appears, select the list you want to save your task to:
 Private tasks. The task can only be accessed by you.
Enter a name for the saved task, or select an existing one to overwrite it.
 Public tasks. Anyone can reuse your task.
Enter a name for the saved task or select an existing one to overwrite it, and select the
Partition that the task should belong to. The partition ensures that only certain users can
view or modify this task.
3 (Optional) Rename the saved task.
TIP The saved task name should be descriptive. For example, a saved monitoring task that
displays your parking lot cameras might be saved with the name Parking Lot - Monitoring. A
saved investigation task that queries for video bookmarks added over the last day might be
saved as Today’s Bookmarks.
4 Click Save.

[Link] | Security Center Administrator Guide 5.2 26

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Working with your current tasks

Send a task to another workstation

You can send your current tasks to another Security Desk user on another workstation. This
could be helpful if you’ve selected specific cameras to monitor and you want to share the task
with someone else. Or, perhaps you’ve configured the query filters for a certain investigation
task, and you want somebody else to run the same report.
1 Open the task you want to send.
2 (Optional) Configure the task.
EXAMPLE Modify the tile layout, display certain cameras, configure query filters, add
entities to be monitored, etc.
3 Right-click the task tab, and then click Send.
The Send task dialog box opens.
4 Click .
5 Depending on whether you want to send the task to a user or a workstation, set the User-
Monitor toggle switch to the appropriate type of recipient.
6 Select your recipient.
7 (Optional) If you are sending the task to a user, write a message in the Message field.
8 Click Send.
The recipient receives a pop up message explaining that someone has sent them a task. They
are prompted to accept the task before it loads in their Security Desk.

Change the taskbar position

You can configure the taskbar to appear on any edge of the Security Desk window.
1 From the Home page, click Options.
2 In the Options dialog box, click the Visual tab.
For more information, see "Visual options" on page 689.
3 From the Taskbar position drop-down list, select the edge where you want the taskbar to
appear.
4 Click Save.

Set the taskbar to auto-hide

You can configure the taskbar to appear only when the mouse cursor hovers over the edge
where the taskbar is located.
1 From the Home page, click Options.
2 In the Options dialog box, click the Visual tab.
For more information, see "Visual options" on page 689.

[Link] | Security Center Administrator Guide 5.2 27

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Working with your current tasks

3 Select the Auto-hide the taskbar option.

NOTE This option hides both the taskbar and the notification tray. See "Notification tray" on
page 690.
4 Click Save.

[Link] | Security Center Administrator Guide 5.2 28

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 4
Working with reports
This section includes the following topics:
• "Generate a report" on page 30
• "Export and print your report" on page 31
• "Customize the report pane" on page 32

[Link] | Security Center Administrator Guide 5.2 29

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Generate a report

Generate a report
To generate a report for any task, you need to set the query filters, and then run the query. After
you generate the report, you can work with your results.
1 Select an existing reporting task, or create a new one.
See "Adding a task" on page 22.
2 Use the filters to create a customized search.
3 Click Generate report to run the query.
If there are invalid filters, the Generate report button is unavailable. If your query returned
too many results, you receive a warning message. Fine tune your query and run it again.
The query results are displayed in the report pane.
NOTE The maximum number of report results you can receive in Config Tool is 10, 000. By
default the maximum number of results is 2000. This value can be changed from the Options
dialog box. See "Performance options" on page 695.
4 (Optional) Customize your query results.
You can select the columns you want to show in your report, change the width and order of
the columns, and sort the rows. See "Customize the report pane" on page 32.
5 Work with the query results.
Depending on the items in the query results, you can print the report, or save the report as
an Excel or PDF document. See "Export and print your report" on page 31.
6 Save the report as a template.
Save the reporting task (query filters and report layout) as a report template that can be used
with the Email a report action.

[Link] | Security Center Administrator Guide 5.2 30

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Export and print your report

Export and print your report

This section includes the following topics:
• "Export your report" on page 31
• "Print your report" on page 31

Export your report

In every reporting task, you can export your report once it is generated.
1 At the top of the report pane, click Export report.
The Save report as dialog box appears.

2 Select the file format.

You must select CSV, Excel, or PDF file format. If you choose CSV format, you must also
specify where the attached files, such as cardholder pictures or license plate images, are to be
saved.
3 Select the destination file name.
4 Click Save.

Print your report

In every reporting task, you can print your report once it is generated.
1 At the top of the report pane, click Print report.
The Report preview dialog box appears.
• Click Print ( ) in the preview window, and select a printer.
You can also export the report as a Microsoft Excel, Word, or Adobe PDF document.

[Link] | Security Center Administrator Guide 5.2 31

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Customize the report pane

Customize the report pane

Once you have generated your report, you can customize how the results are displayed in the
report pane, such as re-ordering the rows and columns, choosing which columns to display, and
so on.
This section includes the following topics:
• "Resize columns" on page 32
• "Select columns" on page 32
• "Change the column order" on page 33

Resize columns
You can change the column width in the report pane in any task.
• Click between two column headings and drag the separator to the right or to the left.

Select columns
You can choose which columns to show or hide in the report pane.
1 In the report pane, right-click on a column heading, and then click Select columns ( ).
A dialog box showing all available columns for your report appears.

[Link] | Security Center Administrator Guide 5.2 32

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Customize the report pane

2 Select the columns you want to show, and clear the columns you want to hide.

3 To change the column order of appearance, use the and arrows.

4 Click OK.
5 (Optional) To save your column selection, right-click in the taskbar, and then click Save
workspace.

Change the column order

You can change the column order in the report pane in any task.
1 Click and hold a column heading in the report pane, and drag it to the desired position.
2 Repeat for all the columns you want to move.

[Link] | Security Center Administrator Guide 5.2 33

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Part II

Security Center administration

Learn about administration tasks for configuring your system.
This part includes the following chapters:
• Chapter 6, “Common administrative tasks” on page 46
 5
Basic principles about entities
This section includes the following topics:
• "Entities as basic building blocks" on page 36
• "Configuring entities" on page 37
• "Searching for tasks and entities" on page 42
• "Delete an entity" on page 45

[Link] | Security Center Administrator Guide 5.2 35

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Entities as basic building blocks

Entities as basic building blocks

Everything that requires configuration in Security Center is represented by an entity. Entities are
the basic building blocks of Security Center. An entity can represent a physical device, such as a
camera or a door, or an abstract concept, such as an alarm, a schedule, a user, or a software
module.

Configuring your system is about creating and configuring the entities required to model your
system. For more information about the Administration tasks you can use to configure the
entities in your system, see Chapter 15, “Administration tasks” on page 617.

[Link] | Security Center Administrator Guide 5.2 36

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring entities

Configuring entities
As the basic building blocks of Security Center, most entities must be created manually. Other
entities, such as those representing hardware devices connected to your system, must be
discovered by Security Center.
This section includes the following topics:
• "Create an entity manually" on page 37
• "Common entity attributes" on page 38
• "Entities created automatically by the system" on page 39
• "Using geographical locations" on page 40
• "Further readings on entity configuration" on page 40

Create an entity manually

All entities are manually created by specialized entity creation wizards in Config Tool. All the
administration tasks allow you to create every entity type. The difference is how quickly you
can get to the wizard you want. Every administration task is designed to favor a certain family
of entities, so it is helpful to know them well.
1 From the Home page in Config Tool, open the administration task that is most appropriate
for the type of entity you want to create.
2 At the bottom of the task workspace, click Add an entity ( ) or whatever name this button
has.
If this button has an entity type name, it will immediately open the corresponding entity
creation wizard. If not, you’ll need to click a few more times to find the entity type you want
to create.
3 Follow the steps in the entity creation wizard to guide you through the creation process.
Most wizards start with a first step called Basic information. For more information, see
"Common entity attributes" on page 38.
After you are done: Most wizards only help you create the entity. You might need to perform
more configuration work before the entity is usable. For more information, see "Further
readings on entity configuration" on page 40.

[Link] | Security Center Administrator Guide 5.2 37

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring entities

Common entity attributes

During the entity creation process, you must always go through a step (usually the first step)
called Basic information. The following screenshot is for a user entity.

You will be asked to enter the following information:

• Entity name. This name identifies the entity everywhere in the Config Tool. You can create
two entities with the same name (except for user entities), but it is not recommended. In
some cases, a default entity name is created for you, but you can override it.
• Entity description. Optional information regarding the entity.
• Partition. Partitions are logical groupings used to control the visibility of certain entities by
certain users on the system. Only users with permission to use a partition can see the
entities placed in that partition.
You have the following choices:
 Existing partition. Allows you to select an existing partition from a drop-down list.
Selecting Public partition makes the entity visible to everyone on the system.
 New partition. Allows you to create a partition before placing the new entity in it.
 System partition. Puts the new entity in the System partition. Only administrators can
view and modify entities belonging to the System partition.
TIP If you are not planning to divide your system into partitions, it is better to leave
everything in the Public partition rather than the System partition.

[Link] | Security Center Administrator Guide 5.2 38

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring entities

For more information on partitions, see "Defining partitions" on page 90.

Entities created automatically by the system

Not all entities in the system are created manually. Some are discovered by the system, while
others support both automatic and manual creation. As a general rule, the system requires a live
connection to a hardware device before the entity representing it can be created. The following
table lists the special cases:

Icon Entity type Automatic creation Manual creation

Server Always. Not supported.

Network Adding a new server automatically Supported, but generally not

creates a new network. required.

Access control Only for units that support automatic Supported, but requires a live
unit discovery. See "What is automatic connection to the unit.
discovery?" on page 196.

Video unit Only for units that support automatic Supported, but requires a live
discovery. See "What is automatic connection to the unit.
discovery?" on page 196.

Camera (video Always. Camera (or video encoder) Not supported.

encoder) entities are created when the
encoding video units are added to
your system.

Analog monitor Always. Analog monitor (or video Not supported.

decoder) entities are created when
the decoding video units are added
to your system.

LPR unit • Fixed LPR units are discovered by Supported for fixed LPR units, but
the LPR Manager roles. generally not required.
• Mobile LPR units (mounted on
patrol vehicles) are added when
the Patroller entities are added.

Patroller Always. Not supported.

Intrusion Never. Supported, but requires a live

detection unit connection to the intrusion panel.

Intrusion Created by the Intrusion Manager Supported only if the Intrusion

detection area role when the intrusion panel is Manager cannot read the area
enrolled. configurations from the unit.

[Link] | Security Center Administrator Guide 5.2 39

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring entities

Using geographical locations

The geographical location (latitude, longitude) of the entity has several different uses. For
example, for video units, it is used for the automatic calculation of the time the sun rises and
sets on a given date. For fixed LPR units that are not equipped with a GPS receiver, the
geographical location is used to plot the LPR events (reads and hits) associated with the LPR
unit on the map in Security Desk.

To set the latitude and longitude:

1 In the Location tab of an entity, click Select.
A map window appears.
2 Navigate to the location of your entity on the map.
You can click and drag to zoom in, zoom out, and pan.
3 Click Select in the map window.
The cursor changes to a cross.
4 Click on the desired location on the map.
A red pushpin appears on the map.
5 Click OK.
The latitude and longitude fields are filled with the coordinates of the location you clicked on
the map. For more information, see "Location" on page 340.

Further readings on entity configuration

Entity configuration is the biggest part of a system administrator’s job. Depending on the type
of system you have, your configuration strategy might be quite different.

The following chapters deal with general configuration strategies:

• "Common administrative tasks" on page 46
• "Deploying Omnicast" on page 186
• "Deploying Synergis" on page 254
• "Deploying AutoVu" on page 333

Regarding the specific settings available for each entity type, please refer to the following
chapters under Part V – Config Tool reference.
• "Entity types" on page 335
• "Role types" on page 514
Finally, a number of tools are available through the Config Tool’s Home page Tools menu that are
specifically geared towards entity configuration. They are:
• "Copy configuration tool" on page 674
• "Going through the import steps" on page 664
[Link] | Security Center Administrator Guide 5.2 40
EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring entities

• "Unit discovery tool" on page 659

• "Unit replacement" on page 660
• "Move unit" on page 661

[Link] | Security Center Administrator Guide 5.2 41

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Searching for tasks and entities

Searching for tasks and entities

If you cannot find the tasks, tools, or entities you need, there are three ways you can search for
them in Config Tool:
• "Search for a task" on page 42
• "Search for entities by name" on page 43
• "Search for entities using the Search tool" on page 43

Search for a task

The easiest way to find a task or tool is to use the search from Config Tool’s Home page.
1 From the Home page, type in the Search box.
All tasks, tools, and entities in your system whose name or description contains your search
text appear in the Home page.

2 Click a task or a tool to open it, or click an entity to jump to that entity’s configuration page.
3 Click Clear filter ( ) to stop filtering your tasks.

[Link] | Security Center Administrator Guide 5.2 42

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Searching for tasks and entities

Search for entities by name

If you cannot find the entity you need in a task, you can use the name search to reduce the
number of entities listed in the selector.
1 In the Search box in the selector, type the entity name you are searching for.
2 Click Search ( ).

Only entities with names containing the text you entered are listed.
3 Click Clear filter ( ) to stop using the search filter.

Search for entities using the Search tool

In many Config Tool tasks, you can apply a set of filters to find the entities you need using the
Search tool. The filters available depend on the task you are using. For example, in the Health
history task, you can filters entities by name, description, entity type, and partition.
1 In the Search box in the selector, click Apply a custom filter ( ).
The Search window opens.
2 Use the filters to specify your search criteria.
 To turn on a filter, click on the filter heading. Active filters are shown with a green LED
( ).
 To turn off a filter ( ), click on the filter heading.
NOTE Invalid filters are shown in red. You can point to the icon to see why the filter is
invalid.
3 Click Search ( ).
The search results appear on the right. The total number of results is displayed at the bottom
of the list.
4 (Optional) Click Select columns ( ) to choose which columns to display in the result list.
5 Select the entities you want.

[Link] | Security Center Administrator Guide 5.2 43

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Searching for tasks and entities

TIP Hold the CTRL key for multiple selections. Click and to scroll through multiple
pages of results.

6 Click Select.
Only the entities you selected appear in the selector.
7 Click Clear filter ( ) to stop using the search filter.

[Link] | Security Center Administrator Guide 5.2 44

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Delete an entity

Delete an entity
You can delete entities that you have manually created, and those that were discovered
automatically by the system.
Before you begin: If the entity was automatically discovered, it must be offline or inactive
(shown in red) before you can delete it.
1 Select the entity in the Logical view.
2 In the contextual command toolbar, click Delete ( ).
3 In the confirmation dialog box that appears, click Delete.

[Link] | Security Center Administrator Guide 5.2 45

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 6
Common administrative tasks
This section explains the basic tasks required to configure Security Center.
This section includes the following topics:
• "Managing servers and roles" on page 47
• "Managing databases" on page 52
• "Configuring Security Center for high availability" on page 60
• "Configuring role failover" on page 61
• "Configuring Directory failover and load balancing" on page 66
• "Configuring Directory database failover" on page 71
• "Monitoring your system’s health" on page 75
• "Managing the Network view" on page 82
• "Managing the Logical view" on page 85
• "Managing software security" on page 89
• "Automating system behavior" on page 103
• "Managing alarms" on page 111
• "Managing threat levels" on page 117
• "Federating remote systems" on page 128
• "Defining custom fields and data types" on page 136
• "Integrating with Windows Active Directory" on page 140
• "Managing intrusion panels" on page 155
• "Managing zones" on page 160
• "Supporting cross-platform development" on page 164
• "Creating tile plugins" on page 165

[Link] | Security Center Administrator Guide 5.2 46

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing servers and roles

Managing servers and roles

Every Security Center system requires its own pool of servers to run the system’s functions. As
system administrator, you must ensure that enough computing power is available for your
system to carry out its required load. For more information, see "Architecture overview" on
page 6.
This section includes the following topics:
• "Add an expansion server to your system" on page 47
• "Managing servers" on page 48
• "Managing roles" on page 49
• "Diagnose role problems" on page 51

Add an expansion server to your system

You can add expansion servers to your system at any time to increase the total computing
power of your system.
1 Install Genetec Server on the computer that you want to add to the server pool.
Genetec Server is installed as part of Security Center Server. For more information, see
“Install an expansion server” in the Security Center Installation and Upgrade Guide.
2 Connect that computer to the Security Center’s main server.
The main server is the one that hosts the Directory role. This is done with the Server Admin
through a Web browser. For more information, see "Open Server Admin using Internet
Explorer" on page 48.
3 Open Config Tool on any workstation.
4 From the Home page, open the Network view task.
The server you just added should appear in the network tree. The name of the server entity
should match the domain name of the server.
5 Select the new server entity, and click the Properties tab.
If the server is used as the proxy server for a private network protected by a firewall, set its
Public address and Port as configured by your IT department.
For more information, see Server – "Properties" on page 476.
6 Click Apply.
The new server is now ready to take on any role you wish to assign to it.

[Link] | Security Center Administrator Guide 5.2 47

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing servers and roles

Managing servers
After Genetec Server is installed on a machine, you can change its password and other settings
using Server Admin. Server Admin is a Web application running on every machine where the
Genetec Server service is installed. It allows you to change the settings of that particular server.
For more information, see Server – "Server Admin" on page 477.

Open Server Admin using Internet Explorer

You can access Server Admin on any server in your system using Microsoft Internet Explorer,
which allows you to fully configure that server.
Before you begin: You need to know the server’s DNS name or IP address, the Web server port,
and the server password in order to log on to that server using Server Admin. The server
password is specified during Security Center Server installation. For more information, see the
Security Center Installation and Upgrade Guide.
1 Do one of the following:
 In the address bar of your Web browser, type [Link] where
machine is the DNS name or the IP address of your server, and port is the Web server port
specified during Security Center Server installation.
You can omit the Web server port if you are using the default value (80).
 If connecting to Server Admin from the local host, then double-click the Genetec Server
Admin icon in the Genetec Security Center 5.2 program folder.
A dialog box requesting a password appears.
2 Enter the server password, and click Log on.
The Genetec Security Center Server Admin page appears in your browser.
After you are done: Configure the server. See "Server Admin" on page 477.

Open Server Admin using Config Tool

You can access Server Admin on any server in your system using Config Tool, without
requiring a server password or port number. When you open Server Admin from Config Tool,
you cannot upgrade or restore the Directory database.
Before you begin: You need to know the server password in order to log on to that server using
Server Admin. The server password is specified during Security Center Server installation. For
more information, see the Security Center Installation and Upgrade Guide.
1 From the Home page in Config Tool, open the Network view task.
2 Select the server you want to configure, and click the Server Admin tab.
3 Click Log on.
The Genetec Security Center Server Admin page appears in the Server Admin tab.
After you are done: Configure the server. See "Server Admin" on page 477.

[Link] | Security Center Administrator Guide 5.2 48

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing servers and roles

Convert a main server to an expansion server

When a computer comes pre-installed with Security Center, the Main server configuration is
always used by default. You might need to convert a main server to an expansion server since
only one main server is allowed per system.
Before you begin: Make sure you have another main server to connect to before you
decommission your current main server. For more information, see “Install Security Center on
a main server” in the Security Center Installation and Upgrade Guide.
1 Log on to Server Admin on your computer using a Web browser (Internet Explorer).
For this operation, using the Config Tool won’t work. For more information, see "Open
Server Admin using Internet Explorer" on page 48.
2 In the Server Admin page, click the Genetec Server tab.
3 Scroll to the end of the browser page and click Deactivate Directory.
This operation will restart Genetec Server.
4 Log on again to Server Admin.
This time, the Directory tab should not appear.
5 Scroll to the section labelled Main server connection, and configure the name and
password of the main server it is supposed to connect to.

6 Click Apply.

Managing roles
What is a role?
A role is an entity in Security Center that defines the following:
• A specific set of functions (role type) that should be performed by the system, such as the
management of video units and associated video archives.
• A specific set of parameters (role settings) within which the system should operate, such as
the retention period for the video archives, or the database the system should use.
• The servers that should be hosting (running) this role.
After a role has been defined, it can be moved from one server to another without requiring
changes on the server or additional software installed. The process might cause a short pause in
the role’s operations.

[Link] | Security Center Administrator Guide 5.2 49

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing servers and roles

Some roles can spawn subprocesses (called agents) and execute them simultaneously on
multiple servers for greater scalability.

Create a role entity

Create roles to add or extend the functionality of your system. For more information about the
role types available in Security Center, see "Role types" on page 514.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, click Add an entity ( ), and select a role type.
3 From the Server drop-down list, select the server assigned to this role.
4 Select the database server database, and click Next.
For the Database server, the path you indicate is relative to the selected server.
5 Enter the Basic information for this role, and click Next.
For more information, see "Common entity attributes" on page 38.
6 Confirm the information displayed on the Creation summary page.
7 Click Create, and click Close.
The new role entity is created.
8 Select the role’s Resources tab to configure the role server and database.
 To use a different database than the default, see "Create a database" on page 55.
 To switch the role to a different server, see "Move a role to a different server" on page 50.
 To ensure the availability of the role in case of hardware failure, see "Configure failover
for roles" on page 64.
9 Configure other role properties if necessary.
For more information, see "Role types" on page 514.
10 Click Apply.
The new role should be active and running. If not, see "Diagnose role problems" on page 51.

Move a role to a different server

Before you begin: Make sure you have another server configured and ready to accept a new
role. For more information, see "Add an expansion server to your system" on page 47.
NOTE The following procedure does not apply to the Archiver role.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select the role you want to modify.
3 Click the Resources tab.
4 If the role requires a database, do one of the following:
 If the database resides on a third computer, you have nothing to change.

[Link] | Security Center Administrator Guide 5.2 50

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing servers and roles

 If the database is empty, you can create it anywhere you want. See "Create a database" on
page 55.
 If the database contains data and is residing on the current server, you need to move the
database to the new server or to a third computer. See "Move a database to a different
computer" on page 53.
5 Under the Servers list, click Add an item ( ).
A dialog box appears with all available servers on your system. Select the substitute server
and click Add.
6 Select the current server in the Servers list, and click Delete ( ).
7 Click Apply.
The role now runs on the new server.

Deactivate a role
A role can be deactivated for maintenance purposes.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select the role you want to deactivate.
3 In the Contextual commands toolbar, click Deactivate role ( ).
The role turns red (inactive) in the browser.

TIP To reactivate the role, click Activate ( ) in the Contextual commands toolbar.

Diagnose role problems

A role that is not properly configured is displayed in yellow in the Role view. The diagnostic
tool can help you troubleshoot your problem.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select the role you want to troubleshoot.
3 In the Contextual commands toolbar, click Diagnose ( ).
A troubleshooting window opens, showing the results from the diagnostic test performed
on the selected role. Click Refresh ( ) to rerun the tests.
4 Click Close to end the diagnosis.

[Link] | Security Center Administrator Guide 5.2 51

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing databases

Managing databases
Most roles require a database to store the data they collect. Managing those databases is an
important part of the system administrator’s responsibilities.
This section includes the following topics:
• "Common database settings" on page 52
• "Where should the database be hosted?" on page 53
• "Move a database to a different computer" on page 53
• "Connect roles to a remote database server" on page 54
• "Create a database" on page 55
• "View information about a role’s database" on page 56
• "Turn on role database notifications" on page 57
• "Back up your role database" on page 57
• "Restore your role database" on page 58
• "Delete a database" on page 59

Common database settings

All roles requiring a database have a group of settings related to that database in the role’s
Resources tab, as illustrated below.

From this group of settings, you can check the current status of the database, and perform the
following maintenance functions:

Button Command For more information

Create a database See "Create a database" on page 55.

Delete the database See "Delete a database" on page 59.

[Link] | Security Center Administrator Guide 5.2 52

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing databases

Button Command For more information

Database info See "View information about a role’s database" on page 56.

Notifications See "Turn on role database notifications" on page 57.

Resolve conflicts See "Resolve conflicts for Access Manager roles" on page 519.

Database backup See "Back up your role database" on page 57.

Where should the database be hosted?

By default, the role’s database is hosted on the same server that hosts the role. This is shown in
the role’s Resources tab by the value(local)\SQLEXPRESS in the Database server field.
If you plan to change the server hosting the role, or add secondary servers for failover, the
database must be hosted on a different computer. For information about setting up a remote
database server, see "Move a database to a different computer" on page 53 and "Connect roles to
a remote database server" on page 54.
NOTE The computer hosting the database server does not have to be a Security Center server
(meaning a computer where Genetec Server service is installed), unless you are configuring
Directory database failover using the backup and restore method.

Move a database to a different computer

If you want to change the server hosting a role, or add secondary servers for failover, you must
host the role’s database on a different computer.
NOTE This procedure is not necessary for the Archiver role. For Archiver roles, it is
recommended to host the database locally.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select the role whose database you want to relocate.
3 In the Contextual commands toolbar, click Deactivate role ( ).
4 Click the Resources tab.
5 Back up the current database. See "Back up your role database" on page 57.
TIP Since the backup folder is relative to the current server, it might be a good idea to select
a network location that can be reached by any server on your system.
6 (Optional) Delete the current database. See "Delete a database" on page 59.
7 Create the database on the new machine. See "Create a database" on page 55.
8 Restore the backed up content to the new database. See "Restore your role database" on
page 58.
9 Click Apply.

[Link] | Security Center Administrator Guide 5.2 53

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing databases

10 In the Contextual commands toolbar, click Activate ( ).

Connect roles to a remote database server

If a role’s database is hosted on a different computer than the role, you must configure the remote
database server (SQL Server) to accept connection requests from the role.
1 On the computer hosting SQL Server, open the TCP port 1433 on Windows Firewall.
2 Enable remote connection on your SQL Server instance.
a Open Microsoft SQL Server Management Studio and connect to the database server used
by Security Center.
b In the Microsoft SQL Server Management Studio window, right-click the database
server ( ) in the Object Explorer, and select Properties.
c In the Server Properties window, select the Connections page.
d Under the section Remote server connections, select the option Allow remote
connections to this server.
e Click OK and close Microsoft SQL Server Management Studio.
3 Make your SQL Server instance visible from the SQL Server Browsers installed on other
computers on your network.
a Open Microsoft Management Console Services ([Link]).
b Start the service named SQL Server Browser.
c Right click the SQL Server Broswer server, and click Properties.
d In the General tab, from the Startup type drop-down list, select Automatic.
This SQL Server instance is now available from the Database server drop-down list of any
role’s Resources tab in Config Tool.
4 Enable Named Pipes and TCP/IP protocols on your SQL Server instance.
a Open SQL Server Configuration Manager.
b Expand the SQL Server Network Configuration section, and select the protocols for
your database server instance (for example, Protocols for SQLEXPRESS).
c Right-click the Named Pipes and TCP/IP protocols, and set the status to Enabled.

[Link] | Security Center Administrator Guide 5.2 54

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing databases

d Close SQL Server Configuration Manager.

5 Restart your SQL Server instance to enable the settings you have changed.
a Open Microsoft Management Console Services ([Link]).
b Right-click the SQL Server instance service (for example SQL Server (SQLEXPRESS)), and
click Restart.
6 On every server that hosts your Security Center roles, change the logon user of the Genetec
Server service to a local Windows administrator account, so the server can access the SQL
Server instance you just modified.
a Open Microsoft Management Console Services ([Link]).
b Right-click the Genetec Server service, and click Properties.
c In the Log on tab, select the This account option, and type an administrator Account
name and Password.
d Click Apply > OK.
7 On every server that might be used to host your Security Center roles, change the logon
user of the SQL Server service to a local Windows administrator account, so the server can
access the SQL Server instance you just modified.
a Open SQL Server Configuration Manager.
b Click SQL Server Services.
c Right-click the SQL Server service, and click Properties.
d In the Log on tab, select the This account option, and type an administrator Account
name and Password.
e Click Apply > OK.

Create a database
You might need to create a new database, overwrite the default database assigned to your role by
the system, or select a different database prepared by your company’s DBA group if you plan on
using a dedicated database server.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, select a role, and click the Resources tab
3 From the Database server drop-down list, type or select the name of the database server.
The value (local)\SQLEXPRESS corresponds to Microsoft SQL Server 2008 Express Edition
that was installed by default with Genetec Security Center Server.
To specify a database server on a different server than the one hosting the role, enter the
name of that remote server.
4 From the Database drop-down list, type or select the name of the database.
The same database server can manage multiple database instances.
5 Click the Create a database command.
6 Specify the database creation options.

[Link] | Security Center Administrator Guide 5.2 55

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing databases

CAUTION If you select the Overwrite existing database option, all current content of the
selected database is lost. If you need to create a backup first, see "Back up your role database"
on page 57.
7 Click OK.
The database creation starts. A window appears, showing the progress of this action. You
can close this window, and review the history of all database actions later on by selecting
Database actions from the View menu.
8 Wait until you see Database status indicating Connected.
9 (Optional) See "Turn on role database notifications" on page 57.
10 Click Apply.
The Status of the Database status field should indicate Connected.

View information about a role’s database

You can view information about a role’s database, such as the database and database server
versions, how much disk space is available, the number of archived events, and so on.
The database information provided varies depending on the role. You might be asked to provide
information on a role’s database when you contact Technical support.

To view a role’s database information:

1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select a role.
3 Click the Resources tab, and click Database info ( ).
The following information can be displayed, depending on the role:
 Database server version. Software version of the database server.
 Database version. Schema version of the role’s database.
 Approximate number of events. (Also called Approximate number of archived events and
Event count) Number of events that are stored in the role’s database.
 Source count (Archiver and Auxiliary Archiver only). Number of video sources (cameras)
that have archives.
 Video file count (Archiver and Auxiliary Archiver only). Number of video files.
 Size on disk. Size of the Database files.

[Link] | Security Center Administrator Guide 5.2 56

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing databases

Turn on role database notifications

You can configure the role to send you an e-mail notification when the database space is running
low.
Before you begin: To make sure that the email notification is sent, configure the SMTP and
Watchdog settings on the server hosting the role. See "Server Admin" on page 477.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select a role.
3 Click the Resources tab, and click Notifications ( ).
4 In the dialog box that opens, set the following options:
 Disk space. Sends a notification when the remaining free space falls below a certain
threshold (in GB).
 Database usage. Sends a notification when the used space reaches a certain percentage.
This option is only for the Express edition of SQL Server, whose database size is limited
to 4 GB for the 2005 version, and 10 GB for 2008 R2. If you are using a full edition of SQL
Server, this option has no effect.
5 Click OK.

Back up your role database

You can protect the data in a role’s database by regularly backing up the database.
The backup file is created with the file extension BAK. The name of the file is the database name,
followed by “_ManualBackup_”, followed by the current date (mm-dd-yyyy).
Best practice: Always back up your databases before an upgrade.

To backup your role database:

1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select a role.
3 Click the Resources tab, and click Backup/restore ( ).
The Backup/Restore dialog box appears.
4 In the Backup/Restore dialog box, beside the Backup folder field, click Select folder ( ),
and select the folder where you want to save the backup file.
NOTE The path is relative to the server hosting the role, not to the workstation where you are
running Config Tool.
5 Click Backup now.
A backup file is created in the backup folder.

[Link] | Security Center Administrator Guide 5.2 57

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing databases

Setting up an automatic backup

For extra protection, configure the database backup to be performed periodically.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select a role.
3 Click the Resources tab, and click Backup/restore ( ).
4 In the Backup/Restore dialog box, switch the Enable automatic backup option to ON.
5 Select the day and time to perform the backup (every day or once a week).
TIP It is a good idea to stagger the backup operations if several different databases need to be
backed up on the same machine.
6 Specify how many backup files you want to keep.
NOTE The backup files you create manually are not counted in that number.
7 Click OK > Apply.
The automatic backup starts at the next scheduled date and time.

Restore your role database

You can restore an old database
Before you begin: Back up the current database before you restore an old database.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select a role.
3 Click the Resources tab, and click Backup/restore ( ).
The backup and restore dialog box appears.
4 In the Backup/Restore dialog box, beside the Restore folder field, click Select folder ( ),
and select the backup file you want to restore.
NOTE The path is relative to the server hosting the role, not to the workstation where you are
running Config Tool.
5 Click Restore now.
The current content of the database is replaced by the content restored from the backup file.

[Link] | Security Center Administrator Guide 5.2 58

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing databases

Delete a database
To free up disk space, delete databases you no longer use.
1 From the Database drop-down list in the Resources tab of a role, select the database you
want to delete.
NOTE This does not need to be your current database.
2 Click Delete the database ( ).
CAUTION A confirmation dialog box appears. If you continue, the database is permanently
deleted. Clicking Cancel in the Config Tool toolbar will not restore it!
3 Click Delete in the confirmation dialog box.
The database instance is permanently deleted.
4 Do one of the following:
 If a database is already created for your role, click Cancel in the Config Tool toolbar.
 If there was no database created for your role, create a new database. See "Create a
database" on page 55.
5 Click Apply.

[Link] | Security Center Administrator Guide 5.2 59

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Security Center for high availability

Configuring Security Center for high availability

To ensure that there is uninterrupted access and data protection for your system, Security Center
offers the following high availability features:
• Directory failover. Ensure that the Directory role is still available if its primary server fails
(see "Configuring Directory failover and load balancing" on page 66). The Directory role
handles failover for all other roles, so it is important that the Directory role is available at all
times.
• Directory load balancing. A benefit of Directory failover. The Directory can run
simultaneously on up to 5 servers to share the workload of the Directory role. All servers
that are set up for Directory failover are automatically used for load balancing.
• Database failover (only for Directory role). Protect the Directory database, using one of
the following methods:
 Backup and restore. Regularly backup your database, and restore it if a failover occurs.
 Microsoft SQL Server Database Mirroring. The database instances are kept in synch by
Microsoft SQL Server.
For more information, see "Configuring Directory database failover" on page 71.
• Archiver failover. Ensure that the Archiver role and the video archives are still available if
the Archiver’s primary server fails (see "Protecting your video archive against hardware
failure" on page 228).
• Other role failover. Ensure that other roles in your system are still available if their primary
server fails (see "Configuring role failover" on page 61). If the role database must be
protected, you should consider one of the following third party solutions: SQL Server
Clustering or Database Mirroring.
• NEC ExpressCluster X LAN. Third party solution for roles that do not support failover.
For more information, see Security Center Installation Guide for NEC Cluster. Click here for
the most recent version of this document.
• Windows 2008 Server failover cluster. Third party solution for roles that do not support
failover. For more information, see Security Center Installation Guide for Windows Cluster.
Click here for the most recent version of this document.

Other ways you can ensure high availability are to detect problems early, and prevent those
problems from reoccurring. For more information, see "Monitoring your system’s health" on
page 75.

[Link] | Security Center Administrator Guide 5.2 60

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring role failover

Configuring role failover

This section explains what role failover is, and how to configure it.
This section includes the following topics:
• "How role failover works in Security Center" on page 61
• "Which roles support failover" on page 62
• "Configure failover for roles" on page 64
• "Troubleshooting failover" on page 65

How role failover works in Security Center

Role failover is a backup operational mode where a role is transferred from its primary server to
a standby server if the primary server becomes unavailable, either through failure or scheduled
down time. Role failover is managed by the Directory role.
• Primary server. Server that normally hosts a role for it to work on the system.
• Secondary server. Standby servers that are assigned to a role to keep it running in case the
primary server becomes unavailable.
There is no limit to the number of secondary servers you can assign to most roles. However,
the more servers you add, the less cost-effective it might be for you.
The secondary server for one role can be the primary server for another role, provided that both
servers have enough resources (CPU, memory, disk space, and network bandwidth) to handle
the combined load of both roles in case of a failover.
IMPORTANT Security Center does not handle database failover, except for the Directory role.
Besides performing regular backups of your database, one solution you might consider to protect
your data is to use SQL Server Clustering or Database Mirroring.

[Link] | Security Center Administrator Guide 5.2 61

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring role failover

Before failover, a role is hosted on the primary server, and connects to a database server hosted
on a third computer. When the primary server fails, the role automatically fails over to the
secondary server and reconnects to the same database server.

Before failover After failover

Primary server Secondary server Primary server Secondary server
(hosting the role) (on standby) (failed) (hosting the role)

Fails over
Role Role

Database Database
server server

Which roles support failover

The following table lists which Security Center roles support failover, the failover approach they
use, and any special constraints they might have.

Role Supports failover Exceptions

Access Manager No

Active Directory Yes

Archiver Yes Can only have one secondary server. Each server requires
a separate database, hosted locally, or on another
computer. See "About Archiver failover" on page 228.

Auxiliary Archiver No. It ensures that video

archives are still available if the
main Archiver fails.

Directory Yes Can run simultaneously on up to five servers. Also

supports Directory database failover. See "Configuring
Directory failover and load balancing" on page 66.

Directory Manager No. It manages the Directory

failover and load balancing.

Global cardholder Yes

synchronizer

[Link] | Security Center Administrator Guide 5.2 62

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring role failover

Role Supports failover Exceptions

Health Monitor Yes

Intrusion Manager Yes Only when the intrusion panels are connected using IP.
Failover is not supported if the intrusion panels are
connected using serial ports.

LPR Manager Yes Extra resources must be shared between the primary and
secondary servers. The Root folder of the role must point
to a UNC location that all servers have access to. File
paths of hotlist and permit entities must be entered as a
UNC location accessible to all servers. Also, the
[Link] file located in the
installation folder of the primary server must be copied to
the secondary servers.

Media Router Yes The primary and secondary servers can each have a
separate database, hosted locally, or on another computer.

Omnicast Federation Yes

Plugin Yes

Point of sale Yes

Report Manager Yes

Security Center Yes

Federation

Web-based SDK Yes

Zone Manager Yes

[Link] | Security Center Administrator Guide 5.2 63

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring role failover

Configure failover for roles

To configure failover for roles on your system, you must select secondary servers to be on
standby in case the primary server hosting the role becomes unavailable.
Before you begin: For roles that require a database (except for the Archiver), the database must
be hosted on a different computer than the primary and secondary servers, and all the servers
must be able to communicate with the database server. See "Move a database to a different
computer" on page 53 and "Connect roles to a remote database server" on page 54.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select the role you want to configure failover for.
3 Click the Resources tab where the role’s primary server is listed.
4 Under the Servers list, click Add an item ( ).
A dialog box listing all remaining servers on your system not assigned to the role appears.
5 Select the server you want to add as a secondary server, and click Add.
The secondary server is added below the primary server. The green LED indicates which
server is currently hosting the role.
The order of appearance of the servers in the list corresponds to the order they are picked if
a failover occurs. When the primary server fails, the role automatically switches to the next
server in the list.

6 After a failover occurs, if you want the primary server to take control of the role once it is
restored, select the Force execution on highest priority server option.
By default, the role remains on the secondary server after a failover occurs to minimize
system disruptions.
7 Click Apply.
8 To make the new server the primary server:
a Select it in the list, and click to move it to the top of the list.
b Select the Force execution on highest priority server option, and click Apply.
After a few seconds, the green LED moves to the new server, indicating that it is now the
one hosting the role.

[Link] | Security Center Administrator Guide 5.2 64

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring role failover

Troubleshooting failover
If you encounter problems when trying to configure failover for your system. check the
following:
• Make sure the correct ports are open on your network.
See "Default Security Center ports" on page 785.
• Make sure your database connections are configured properly, and that the servers being
used for failover can communicate with the database server.
See "Connect roles to a remote database server" on page 54.
• Make sure the database path is correct in the Server Admin.
See Server Admin - "Database" on page 478.
• Make sure the Genetec Server and SQL Server services are running under a local Windows
administrator user account.
See "Connect roles to a remote database server" on page 54.
• (Directory database failover using Backup/Restore method only) Make sure that the user
account has access read/write access to the backup folder.
• (Directory database failover using Backup/Restore method only) Make sure that the
Genetec server is installed on the remote database server. For more information about
installing expansion servers, see “Install an expansion server” in the Security Center
Installation and Upgrade Guide.

[Link] | Security Center Administrator Guide 5.2 65

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory failover and load balancing

Configuring Directory failover and load balancing

This section explains what Directory failover is, what load balancing is, and how to configure it.
This section includes the following topics:
• "How Directory failover and load balancing works" on page 66
• "Directory failover and load balancing prerequisites" on page 67
• "Add a server to the Directory failover list" on page 68
• "Modify the license for all servers" on page 68
• "Change the order of the Directory servers" on page 69
• "Manually switch the main server" on page 69
• "Remove a server from the Directory failover list" on page 70
• "Bypass default load balancing" on page 70

How Directory failover and load balancing works

The Directory service is available as long as its two components are available:
• Directory role. Manages your system configuration, and handles failover for all other roles.
• Directory database. Stores your system configuration.
The Directory Manager role handles Directory failover and load balancing for your system. It
manages failover for the Directory role and Directory database independently, allowing you to
have separate lists of servers assigned to host the two components. These two lists of servers can
overlap or be completely separate.
NOTE There can only be one Directory Manager role in your system. It is created automatically
when your software license supports multiple Directory servers.

Differences between Directory servers and the main server

To configure Directory failover and load balancing, you must know the difference between
Directory servers and the main server.
• Directory server. Servers assigned to host the Directory role. The Directory role can run on
five Directory servers simultaneously for load balancing. They distribute the workload for
credential authentication, software license enforcement, Directory database report queries,
and so on.
Users can log on to Security Center through any of the Directory servers. By default, the
Directory Manager redirects the connection requests across all Directory servers in a round
robin fashion. To change this behavior, see "Bypass default load balancing" on page 70.

[Link] | Security Center Administrator Guide 5.2 66

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory failover and load balancing

• Main server. The main Directory server in your system ( ). It has full read/write access to
the Directory database. If your system is configured for Directory failover and load
balancing, the additional Directory servers ( ) only have read access to the database.
When a Directory server fails, only the client applications connected to Security Center through
that server must reconnect. If the main server fails, then all clients on the system must reconnect,
and the responsibility of being the main server is passed down to the next Directory server in the
failover list.

Directory failover and load balancing prerequisites

Before you can configure the Directory for failover and load balancing, make sure you have the
following:
• Your Security Center license must support multiple Directory servers. If you need to update
your license, see “Activate license” in the Security Center Installation and Upgrade Guide.
NOTE The Directory Manager ( ) role is created automatically in Config Tool when your
license supports multiple Directory servers.
• Your System ID and Password, found in the Security Center License Information document.
Genetec Technical Assistance sends you this document when you purchase the product.
• All servers you plan to use as Directory servers must be up and running as expansion
servers. For more information about installing expansion servers, see “Install an expansion
server” in the Security Center Installation and Upgrade Guide.
• For all the expansion servers you plan to use as Directory servers, make sure their general
properties configured in Server Admin are the same as those of the main server. This ensure
that your data, such as the alarm retention period and so on, is stored for the same amount
of time.
For information about configuring Directory properties in the Server Admin, see "Server
Admin" on page 477.
• The Directory database must be hosted on a remote computer from the Directory servers.
See "Move a database to a different computer" on page 53.
• The database server must be accessible from all Directory servers. To configure the remote
database server (SQL Server) to accept connection requests from the roles "Connect roles to
a remote database server" on page 54.

[Link] | Security Center Administrator Guide 5.2 67

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory failover and load balancing

Add a server to the Directory failover list

You can convert up to five expansion servers into Directory servers to be used for load balancing
and failover.
IMPORTANT Do not try to add a server to the Directory failover list by activating the Directory
on that expansion server with Server Admin. This action disconnects the server from your
current system and transforms it into the main server of a new system.
Before you begin: Read "Directory failover and load balancing prerequisites" on page 67.
1 From the Home in Config Tool, open the System task.
2 Click the Roles view.
3 Select the Directory Manager ( ), and then click the Directory servers tab.
4 Click Add an item ( ).
5 In the dialog box that appears, select the server you want to add, its connection port
(default=5500), and click Add.
The server is added to the failover list.
6 To add more Directory servers, repeat Step 4 and Step 5.
You can add up to five Directory servers. The order of appearance of the servers in the list
corresponds to the order they are picked if a failover occurs. If the main server fails, the role
switches to the next server in the list, and that server becomes the main server.
7 Update your license to include the servers you’ve just promoted to Directory Servers.
For more information, see "Modify the license for all servers" on page 68.
8 Click Apply.
The expansion servers are converted into Directory servers and the updated license is applied
to all Directory servers in the list. Client applications and roles on expansion servers can
connect to Security Center using any of the Directory servers.

Modify the license for all servers

You must update your Security Center license every time you make a change to the list of
servers assigned to host the Directory role.
1 In the Directory servers tab, click Modify license for all servers.
2 In the License management dialog box, update your license in one of the following ways:
 Web activation. (Recommended) Activate your license via Internet.
In the dialog box that appears, enter your System ID and Password and click Activate.
 Manual activation. Update and activate Security Center manually using license file. For
more information, see "Manual license activation" in the Security Center Installation and
Upgrade Guide.

[Link] | Security Center Administrator Guide 5.2 68

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory failover and load balancing

Change the order of the Directory servers

The first server in the Directory server list is your default main server. After a Directory
failover, the next server in the list becomes the new main server ( ).To minimize the number
of system disruptions (disconnection and re-connection), the responsibility is not
automatically transferred back to the original main server once it is back online. You can
change this behavior in the Directory servers tab.

To change the order of the servers in the Directory failover list:

1 In the Directory servers tab, select a server in the list.
2 Click Up ( ) or Down ( ) to move the Directory servers up or down in the list.
3 To force the first server in the failover list as the main server whenever it is available, select
Force the first server in the list to be the main server option.
By default, the role remains on the Directory server that becomes the main server when
failover occurs.
4 Click Apply.

Manually switch the main server

If necessary, you can manually assign any server in the Directory failover list to be the main
server. For example, when maintenance work needs to be done on the current main server.
1 In the Directory servers tab, select a server.
2 Click Activate main server ( ).
3 Click Continue.
All client applications and roles are disconnected, the main server switches to the Directory
server you selected, and all applications and roles reconnect.

[Link] | Security Center Administrator Guide 5.2 69

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory failover and load balancing

Remove a server from the Directory failover list

IMPORTANT Do not try to remove a server from the Directory failover list by deactivating the
Directory on that server with Server Admin. Your change will not last because the Directory
Manager will change it back to a Directory server.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view.
3 Select the Directory Manager ( ), and then click the Directory servers tab.
4 Select the server you want to remove, and click Remove the item ( ).
5 Repeat Step 4 if necessary.
6 Update your license to exclude the servers you’ve just removed.
For more information, see "Modify the license for all servers" on page 68.
7 Click Apply.
The removed servers are reverted to the status of expansion servers, and the updated license is
applied to all remaining Directory servers. Users can no longer connect to the system using the
servers that have been removed. Clients connected to Security Center through these servers are
disconnected, and reconnected to the remaining Directory servers.

Bypass default load balancing

When you have more than one Directory server on your system, load balancing is automatically
in effect. This means that the Directory Manager systematically redirects a logon request to the
next Directory server in the list based on the previous one being used.
If connection redirection is not desirable, for example when the client is on a remote LAN, you
can bypass this behavior for that specific workstation by selecting the Prevent connection
redirection to different Directory servers option in the Options dialog box. For more information,
see "General options" on page 685.

[Link] | Security Center Administrator Guide 5.2 70

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory database failover

Configuring Directory database failover

This section explains what Directory database failover is, and how to configure it using the
backup and restore method, or database mirroring.
This section includes the following topics:
• "How Directory database failover works" on page 71
• "Configure database failover through backup and restore" on page 72
• "Configure database failover through mirroring" on page 74

How Directory database failover works

Two database failover modes are supported for the Directory:
• Backup and restore. The Directory Manager protects the Directory database by regularly
backing up the master database instance (source copy). During a failover, the latest backups
are restored to the backup database that’s next in line. Two schedules can be defined: one for
full backups, and another for differential backups.
• Mirroring. Database failover is taken care of by Microsoft SQL Server and is transparent to
Security Center. The Principal and Mirror instances of the Directory database are kept in
synch at all times. There is no loss of data during failover.

The following table compares the differences between the two database failover modes.

Backup and restore (Directory Manager) Mirroring (Microsoft SQL Server)

Multiple backup instances of the Directory A single copy (the mirror instance) of the
database are kept relatively in synch with its Directory database is kept perfectly in synch with
master instance via regular backups performed by the master copy (or principal instance) using SQL
the Directory Manager role. Server database mirroring.

The failover database can only be as up to date as The failover database is an exact copy of the
the most recent backup. principal database.

Changes made while the Directory is connected Changes can be made to the Directory database at
to the backup database are lost when the any time without ever losing data.
Directory switches back to the master database.

Both master and backup databases must be hosted The principal and mirror database instances can
on Security Center servers. be hosted on any computer.

Can work with SQL Server Express edition which Requires SQL Server 2008 Standard Edition or
is free. better with the mirroring feature.

Recommended when the entity configurations are Recommended when entity configurations are
not frequently updated. frequently updated, such as for cardholder and
visitor management.

[Link] | Security Center Administrator Guide 5.2 71

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory database failover

Backup and restore (Directory Manager) Mirroring (Microsoft SQL Server)

Causes a temporary disconnection of all client No client application disconnection during

applications and roles while the database failover failover.
is in progress.

Database failover is handled by the Directory Database failover is executed by a separate

Manager role. Witness server running on SQL Server Express
(optional but highly recommended) or it has to be
manually detected and executed by the database
administrator.

Configure database failover through backup and restore

You can configure Directory database failover using the backup and restore method.
For more information about the backup and restore options in the Database failover tab of the
Directory Manager role, see "Backup and restore" on page 558.
Before you begin:
• Your Security Center license must support multiple Directory servers. If you need to update
your license, see “Activate license” in the Security Center Installation and Upgrade Guide.
NOTE The Directory Manager ( ) role is created automatically in Config Tool when your
license supports multiple Directory servers.
• All database servers must be accessible from all Directory servers. To configure the remote
database server (SQL Server) to accept connection requests from the roles "Connect roles to
a remote database server" on page 54.
• All database instances must be the same version, and an expansion server must be installed
on each database server. For more information about installing expansion servers, see
“Install an expansion server” in the Security Center Installation and Upgrade Guide.
What you should know
IMPORTANT Changes made to the system configuration while you were operating from the
backup database are not automatically restored to the master database when it is restored to
active service.
• To preserve the changes made to your system configuration while you were operating from
the backup database, you must restore the latest contingency backup (created in the
ContingencyBackups subfolder under the restore folder) to your master database before
reactivating it.
• To avoid losing the configuration changes made while you were operating from the backup
database, you can transform the backup database into your master database. To do this,
select it from the database failover list to move it to the top of the list. However, keep in
mind that your backup database is only as up to date as the most recent backup before the
failover took place.

[Link] | Security Center Administrator Guide 5.2 72

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory database failover

To configure database failover through backup and restore:

1 From the Home in Config Tool, open the System task.
2 Click the Roles view.
3 Select the Directory Manager ( ), then the Database failover tab.
4 Switch the Use database failover option to ON.
5 Select Backup and restore for Failover mode.
6 Click Add an item ( ).
7 In the dialog box that appears, specify the Security Center server, the database server, the
database instance, and the folder where the backup files should be copied.

You can assign as many backup databases as you want. However, the more backup databases
you have, the longer it takes to back up the Directory database content.
8 Click OK.
The new backup database instance is added.
NOTE The server flagged as (Master) is the one currently hosting the database. The green
LED ( ) indicates the database that is currently active (not necessarily the master).
9 Repeat Step 6 to Step 8 if necessary.
10 To force all Directory servers to reconnect to the master database once it is back online after
a failover, select the Automatically reconnect to master database option.
CAUTION Switching the active database causes a short service disruption, and all changes
made to the system configuration while the master database was offline are lost. Use this
option only if you are ready to lose the changes made to the system configuration while you
were operating from the backup database.
11 Under Master backup, specify the frequency at which the full backup and the differential
backup should be generated.
A differential backup only contains the database transactions made since the previous
backup, so it is much faster to generate than a full backup. Frequent differential backups
ensure that your backup database is most up to date when you fail over, but might take
longer to restore.

[Link] | Security Center Administrator Guide 5.2 73

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring Directory database failover

12 Click Apply.
After you are done:
IMPORTANT Once the Backup and restore failover mode is enabled, all subsequent changes to the
master database from Server Admin (restoring a previous backup for example) must
immediately be followed by a full manual backup executed from Config Tool. Failing to do so
causes your master and backup databases to become out of synch and the database failover
mechanism to no longer work. See "Back up your role database" on page 57.

Configure database failover through mirroring

You can configure Directory database failover using the mirroring method.
For more information about the options in the Database failover tab of the Directory Manager
role, see "Mirroring" on page 560.
Before you begin:
• The Principal database server, the Mirror database server, and the Witness server (optional
but highly recommended) must be configured. For the configuration of SQL Server for
mirroring, please refer to Microsoft SQL Server Database Mirroring documentation.
• Your Security Center license must support multiple Directory servers. If you need to update
your license, see “Activate license” in the Security Center Installation and Upgrade Guide.
NOTE The Directory Manager ( ) role is created automatically in Config Tool when your
license supports multiple Directory servers.
• The database servers must be running on remote computers from the Directory servers. See
"Move a database to a different computer" on page 53
• All database servers must be accessible from all Directory servers. To configure the remote
database server (SQL Server) to accept connection requests from the roles "Connect roles to
a remote database server" on page 54.

To configure database failover through mirroring:

1 From the Home in Config Tool, open the System task.
2 Click the Roles view.
3 Select Directory Manager ( ), then the Database failover tab.
4 Switch the Use database failover option to ON, and select the Mirroring option.
The database you’re currently connected to is the Principal database.
5 Under Mirror database, enter the database server name of the Mirror database.
6 Click Apply.

[Link] | Security Center Administrator Guide 5.2 74

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring your system’s health

Monitoring your system’s health

Health monitoring refers to a set of tools to monitor your Security Center system's health. The
goal is to detect health issues early enough to avoid more serious problems in the future. Health
monitoring also provides you with the information to identify the root cause of various health
problems so that they can be prevented from occurring again.
This section includes the following topics:
• "About the Health Monitor role" on page 75
• "Configuring the Health Monitor" on page 76
• "Monitoring your system’s health using maintenance tasks" on page 81

About the Health Monitor role

The Health Monitor role is created at system installation and cannot be deleted. It monitors the
health of entities such as servers, roles, units, and client applications. The following table gives
you some examples of health events that can be monitored:
Entity Health event Description

Access control unit Server and access control unit cannot

Synchronization failed
synchronize databases.

Archiver Packet loss ratio is greater than 10% over 5

RTP packet loss high
seconds.

Video unit Connection to unit lost Server cannot connect to video unit.

Media router Media router is unavailable and the cause is

Role stopped unexpectedly
unknown to the system.

Patroller Offload failed Autovu Patroller offload unsuccessful.

Security Desk Application stopped

Security Desk application failed.
unexpectedly

You can choose which health events to monitor and keep them in a database which enables you
to generate health history and statistics reports.

[Link] | Security Center Administrator Guide 5.2 75

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring your system’s health

Configuring the Health Monitor

The Health Monitor role is configured to watch all health events by default.
This section includes the following topics:
• "Initial Health Monitor setup" on page 76
• "Health event definitions" on page 77
• "Configure health events to monitor" on page 79
• "Set an entity in maintenance mode" on page 80
• "Change the firing threshold of a health event" on page 80

Initial Health Monitor setup

Best practice: The process of setting up and configuring a system can generate many health
events. It is normal that health errors and warnings are produced during this time. After initial
setup is complete, you should reset the health monitoring database to its initial, clean, state.

To reset the Health Monitor database to its default state:

1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select the Health Monitor role.
3 Click the Resources tab.
4 Click Delete the database ( ).
5 When prompted if you want to delete this database, click Delete.
The Database actions window opens.

6 When you see confirmation that the database has been deleted, click Clear finished, then
click Close.
7 In the Contextual commands toolbar, click Deactivate role ( ).

[Link] | Security Center Administrator Guide 5.2 76

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring your system’s health

8 Click Activate role ( ).

After 15-30 seconds, a new HealthMonitor database should be created in the Health monitor
role’s Resources tab.
The health errors and warnings generated during the setup are deleted. As a result, all health
statistics are reset.

Health event definitions

• The table below lists the health events by their error number and indicates their severity
level, Information ( ), Warning ( ), or Error ( ).

Error number Health event Severity

1 Archiving started Information

2 Archiving stopped Error

3 Application connected Information

4 Application disconnected by user Information

5 Application disconnected unexpectedly Warning

6 Application started Information

7 Application stopped by user Information

8 Application stopped unexpectedly Warning

9 Connection restored Information

10 Connection failed Error

11 Connection to unit established Information

12 Connection to unit stopped unexpectedly Error

13 Connection to unit stopped by user Information

14 Database automatic backup restored Information

15 Database automatic backup failed Error

16 Database recovered Information

17 Database lost Error

18 CPU usage normal Information

19 CPU usage high Warning

20 Memory usage normal Information

[Link] | Security Center Administrator Guide 5.2 77

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring your system’s health

Error number Health event Severity

21 Memory usage high Warning

22 Database space normal Information

23 Database space low Warning

24 Patroller offload restored Information

25 Patroller offload failed Error

26 Patroller online Information

27 Patroller offline Information

28 Point of Sale database recovered Information

29 Point of Sale database lost Error

30 Role started Information

31 Role stopped unexpectedly Error

32 Role stopped by user Information

33 RTP packet loss normal Information

34 RTP packet loss high Warning

35 Server started Information

36 Server stopped by user Information

37 Server stopped unexpectedly Error

38 Synchronization recovered Information

39 Synchronization failed Warning

40 Video signal recovered Information

41 Video signal lost Error

42 Disk access restored Information

43 Disk access unauthorized Warning

44 Alarm trigger rate normal Information

45 Alarm trigger rate high Warning

46 Directory started Information

47 Directory stopped unexpectedly Error

[Link] | Security Center Administrator Guide 5.2 78

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring your system’s health

Error number Health event Severity

48 Directory stopped by user Information

49 Remaining archive disk space normal Information

50 Remaining archive disk space low Warning

51 Live server monitoring restored Information

52 Live server monitoring failed Error

53 Directory failover: Main database recovered Information

54 Directory failover: Main database lost Error

55 Database restore succeeded Information

56 Database restore failed Error

Configure health events to monitor

You can configure the Health Monitor role to ignore certain health events, and change how it
generates some health events.
NOTE If you want to ignore all health events, deactivate the Health Monitor role. If you want to
temporarily ignore an entity’s health events because you are performing maintenance work on it,
set it to maintenance mode. See "Set an entity in maintenance mode" on page 80.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select the Health Monitor role.
3 Click the Properties tab.
4 Under Events to monitor, select or clear the desired events. Expand the list as necessary.
Most health events come in pairs, such as Database lost and Database recovered. They can
only be selected or ignored together.
IMPORTANT Clearing a health event in the monitoring list does not remove it from the
Health history query filter, but it could make some of the health statistics calculations
impossible.
Some events allow you to adjust the thresholds used to generate the event. For example, the
default configuration is set so that any server who’s CPU runs higher than 80% for a period
of 10 seconds will generate a CPU usage high health event. See "Change the firing threshold
of a health event" on page 80.
5 Click Apply.

[Link] | Security Center Administrator Guide 5.2 79

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring your system’s health

Set an entity in maintenance mode

Downtime spent in maintenance mode is considered Expected down-time and is not used in the
health statistics availability percentage calculations. Only Unexpected down-time is used when
calculating availability.
Most entities and roles can be set to maintenance mode through their own contextual toolbar
( Enable maintenance mode).
For client applications, the maintenance mode must be set from the Health Monitor’s Properties
tab.
1 Switch the Client app. maintenance mode option to ON.
2 Click Apply.
NOTES
• Setting something in Maintenance mode does not stop the health events. Rather, it
downgrades all health events to informational only.
• When you set Security Center Federation roles or Omnicast Federation roles in
maintenance mode, you might need to press F5 to refresh the roles’ icons in the Logical
view.

Change the firing threshold of a health event

1 Select the desired event to be modified.

2 Click Edit ( ) on the selected line or at the bottom of the list.

The event details window opens.
3 Adjust the values as required.

[Link] | Security Center Administrator Guide 5.2 80

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring your system’s health

4 Click Save.
5 Repeat with another event if necessary.

Monitoring your system’s health using maintenance tasks

To help you monitor the health of your system, there are two maintenance tasks in Config Tool:
• Health history. View system health events (errors, warnings, issues) related to selected
entities. For more information, see "Viewing system health events" on page 170.
• Health statistics. Monitor the overall health of your system. By monitoring the health and
availability of certain resources such as server roles, video units, door controllers, intrusion
detection panels, and so on, you can identify instabilities, and possibly prevent critical
system failures. For more information, see "Viewing the health status and availability of
entities" on page 171.

[Link] | Security Center Administrator Guide 5.2 81

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing the Network view

Managing the Network view

This section includes the following topics:
• "What is the Network view?" on page 82
• "Purpose of the Network view" on page 82
• "Creating network entities" on page 83

What is the Network view?

Your network infrastructure is illustrated in the entity browser of the Network view task. The
browser gives you a simple representation of your system’s network infrastructure by showing
you the networks ( ) and the servers ( ) found in your system. The main server hosting the
Directory role is shown with a different icon ( ).

Purpose of the Network view

Network view is the only place in Config Tool where you can configure the entities that represent
the networks and servers used by your Security Center system. An accurate representation plays
a critical role in the proper operation of your system.

[Link] | Security Center Administrator Guide 5.2 82

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing the Network view

Creating network entities

This section includes the following topics:
• "When do I need to configure the Network view?" on page 83
• "How network entities are created" on page 83
• "What is the Default network?" on page 83
• "Create a network manually" on page 84

When do I need to configure the Network view?

You need to configure the Network view when:
• Your system spreads across multiple networks.
• You allow users to connect to your main server over the Internet.

How network entities are created

Network entities are created automatically by the system.
After installing Security Center on your main server, you’ll have two network entities on your
system. The Default network is at the root of the network tree, and attached to it is a second
network entity that corresponds to your company’s network (where your main server is
located).

After that, more network entities are added to your system when you add new servers belonging
to different networks. You can also add new networks manually, rename them, and change their
initial configuration. You can also move networks and servers around in the network tree.

What is the Default network?

The Default network is the root node on the network tree. Its video transmission capabilities are
set to Unicast TCP, which is the characteristic shared by all IP networks. You cannot delete the
Default network entity.

[Link] | Security Center Administrator Guide 5.2 83

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing the Network view

Create a network manually

You can manually create network entities as needed.
1 From the Home page in Config Tool, open the Network view task.
2 If you are creating a subnet, select the parent network in the network tree.
3 Click Network ( ).
The network creation wizard appears.
4 Enter the Basic information. See "Common entity attributes" on page 38.
5 Click Create, and click Close.
A new network entity is attached below the selected one in the network tree.
6 Click the Properties tab, and configure the new network’s characteristics.
See Network – "Properties" on page 439.
7 If there are servers that belong to the new network, move them under the network in the
network tree using drag-and-drop.

[Link] | Security Center Administrator Guide 5.2 84

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing the Logical view

Managing the Logical view

This section includes the following topics:
• "About the Logical view" on page 85
• "Configuring the Logical view" on page 86

About the Logical view

You can find and view all the entities in your system quickly, using the logical view. The entities
in the logical view are organized in a hierarchy (or entity tree) according to their logical
relationships with areas ( ). For example, the doors leading to an area, and other devices
located within the area, such as cameras, are shown as “child entities” of that area (below that
area in the hierarchy).
The changes you make to the Logical view in Config Tool are also displayed in Security Desk.

A
B

[Link] | Security Center Administrator Guide 5.2 85

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing the Logical view

A Search box Type in the Search box to find the entities containing that text in their category,
name, or description. See "Searching for tasks and entities" on page 42.
B System entity At the root of the hierarchy is the system entity ( ), which is the server that
hosts the Directory role.
C Additional Right-click an entity in the Logical view to use additional commands, such as
commands adding or deleting entities, diagnosing the selected entity, launching a report on
the selected entity, or refreshing the Logical view.
D Area entity Area entities ( ) can represent a concept or physical location. It is a logical
grouping.
E Yellow entity Whenever an entity name is displayed in yellow, it means that there is a problem
with the settings.
F Rename Press F2 to rename the selected local entity.
entity NOTE You cannot edit names of federated entities.

G Arrow icons Click the arrows in the Logical view to show or hide child entities.
H Red entity Indicates that the entity is offline and the server cannot connect to it, or the
server is offline.
I Federated All entities imported from federated systems are shown with a yellow arrow
entity superimposed on the regular entity icon ( ). They are called federated entities.

Configuring the Logical view

The structure of the Logical view is configured in Config Tool. As the system administrator, you
should create a structure that is easy for everyone to understand and to navigate.
For more information about the Logical view task, see "Logical view" on page 619.
This section includes the following topics:
• "Add a new area to the Logical view" on page 86
• "Move entities around in the Logical view" on page 87
• "Rename entities in the Logical view" on page 87
• "Copy entities in the Logical view" on page 87
• "Delete an entity from the Logical view" on page 88

Add a new area to the Logical view

You can add new areas anywhere in the Logical view hierarchy.
1 From the Home page in Config Tool, open the Logical view task.
2 Click the system entity ( ) or an area entity ( ).

[Link] | Security Center Administrator Guide 5.2 86

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing the Logical view

3 In the Contextual commands toolbar, click Add an entity ( ), and then click Area.
The new area is added under the selected entity.
4 Type a name for the area, and press ENTER.
After you are done: Configure the new area. For information about area properties, see "Area"
on page 364.

Move entities around in the Logical view

You can re-organize the entities in Logical view by dragging them to another area. You can also
select multiple entities at once and drag them to another area.
• Do one of the following in the Logical view:
 Select an area or another entity, and then drag it to another area.
 Hold the SHIFT key, select multiple entities, and then drag them to another area.
The selected entities are now a child entities of that area (below that area in the hierarchy).

Rename entities in the Logical view

You can rename local entities from the Logical view.
NOTE You cannot edit federated entities.

• Select an entity in the Logical view, press F2, rename the entity, and press ENTER.

Copy entities in the Logical view

You can create multiple copies of the same entity under areas in the Logical view.
• Hold the CTRL key, click the entity you want to copy, and then drag the entity into another
area.
A copy of the entity is created under the area. If you copied an area under another area, all its
child entities (entities below that area) are also copied.

[Link] | Security Center Administrator Guide 5.2 87

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing the Logical view

Delete an entity from the Logical view

You can delete an entity or the selected copy.
Before you begin: If an entity cannot be deleted, the Delete button does not appear.
1 Select an entity in the Logical view.
2 In the Contextual commands toolbar, click Delete.
A confirmation dialog box appears.
3 The next step depends on whether you have more than one copy of the entity in the tree.
 If it is the only copy of that entity in the tree, click Delete.
 If more than one copy of the entity exists, make the choice to delete them all or only the
selected copy.
If you deleted an area that has child entities, those child entities are also deleted.

[Link] | Security Center Administrator Guide 5.2 88

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

Managing software security

This section includes the following topics:
• "Introduction to software security" on page 89
• "Defining partitions" on page 90
• "Defining users" on page 93
• "Defining user groups" on page 96
• "Configuring user privileges" on page 99
• "Using privilege templates" on page 101
• "Importing users from an Active Directory" on page 102

Introduction to software security

While Security Center protects your company's assets (buildings, equipment, important data
collected in the fields, etc), your job as a system administrator is to protect the Security Center
software against illegal access and wrongful usage.

There are three questions you should ask:

• Who uses the system?
• What do they use it for?
• What parts of the system are they allowed to access?

How is software security configured?

The software security of your system is modelled by three entity types:
• User. The user entity represents a person who needs to use Security Center applications to
do their job. Each user is identified by a username and a password. What the user is allowed
to do on the system is defined by their privileges, and the partitions they have access to.
• User group. The user group entity defines the common attributes shared by a group of
users, such as their privileges and other security attributes. A user who is a member of a user
group automatically inherits the characteristics of that group. This mechanism simplifies
the configuration process because it eliminates the tedious task of configuring users
individually.
• Partition. A partition is a grouping of entities for security or management purposes, so that
only certain users on the system have the right to access the entities belonging to that
partition. This concept eliminates the tedious task of creating one-to-one relationships
between users and the entities they are allowed to access. If a user does not have the right to
a partition, that partition and everything in it are invisible to that user.

[Link] | Security Center Administrator Guide 5.2 89

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

Recommended configuration sequence

Best practice: It is best practice to define your security partitions first when setting up your
system. As you add new entities to model your system, you can create them directly in the
partition where they belong.
1 Define partitions first.
Identify the parts of your system that are relatively independent of each other, and create a
partition for each. For example, if your system covers multiple sites, and if the security staff
at each site work independently of the other sites, then create a partition for each site. For
more information, see "Defining partitions" on page 90.
2 Define user groups before users.
Identify the groups of users who share the same roles and responsibilities, and create a user
group for each. For example, all security operators can form one group, and all investigators
can form another group.
If, within each group, you have subgroups working on different partitions, define a user
group to represent each subgroup, and add them as members of the larger group. Each
individual subgroup can then be assigned to their corresponding partitions. For more
information, see "Defining user groups" on page 96.
3 Define users last.
Define the individual users and add them as members of the user groups you already
created, trying to add them as members of the smallest group. A user can belong to multiple
user groups. Let each user entity inherit everything from the parent user group, resorting to
individual configurations only for exceptions. For more information, see "Defining users"
on page 93.

Related topics:
• "Importing users from an Active Directory" on page 102

Defining partitions
This section includes the following topics:
• "Why use partitions?" on page 91
• "What constitutes a partition?" on page 91
• "Who is a partition manager?" on page 91
• "Differences between Public and System partitions" on page 91
• "Create a partition" on page 92
• "Add members to a partition" on page 92
• "Add accepted users to a partition" on page 92

[Link] | Security Center Administrator Guide 5.2 90

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

• "Promote a user to partition manager" on page 93

• "Nesting partitions" on page 93

Why use partitions?

Partitions are used to divide a large system into smaller subsystems. This has two benefits:
• Reduces the scope of what a user can access for security reasons. In a multi-site system, it
might be undesirable for the security team of one site to be able to see or interfere with the
activities of a security team on another site.
• Reduces the scope of a user’s work to make it more manageable. If a user is only concerned
with one part of the system (one site in a multi-site system), it is better for that person not to
be distracted by the entities they have nothing to do with.

What constitutes a partition?

Each partition is defined by the following lists:
• List of members. Entities that belong to the partition (areas, doors, cameras, etc.).
• List of accepted users. Users and user groups that have the right to access the entities
contained in the partition. The type of user access varies according to the user privileges. A
new set of privileges that override the user's basic privileges, can be defined on the partition
level.

Who is a partition manager?

A partition manager is an accepted user of a partition who has full administrative rights over that
partition and its members. A partition manager can add and remove members from the
partition, as well as modify and delete the entities contained in the partition.

Differences between Public and System partitions

By default, two partitions are created in Security Center. These two partitions cannot be deleted
or renamed, but the administrator can change their contents (member entities).
• Public partition. This partition has the unique characteristic that all its members are visible
to all users on the system.
NOTE This does not mean that every user is automatically an accepted user of the Public
partition. Only partition managers who have been explicitly configured as accepted users can
exercise their administrative privileges over the members of the Public partition.
• System partition. This is a hidden partition. This partition has the unique characteristic
that its members are only visible to the administrative users (Admin user and members of
the Administrators user group).

[Link] | Security Center Administrator Guide 5.2 91

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

Create a partition
1 From the Home page in Config Tool, open the Security task.
2 Click the Partitions view, and click Partition ( ).
3 In the partition creation wizard, enter the Basic information. See "Common entity
attributes" on page 38.
All partitions are created by default in the System partition. Selecting an existing partition
will create the new partition as its subordinate. For more information, see "Nesting
partitions" on page 93.
4 Click Create, and click Close.
An empty partition is created.
5 Define the content of the partition. See "Add members to a partition" on page 92.
TIP You can also place the new entities you create directly into the partition.
6 Define who has permission to access the entities contained in the partition. See "Add
accepted users to a partition" on page 92.
NOTE You might have to perform this step later if the users have not yet been created.
7 (Optional) Name an accepted user as partition manager. See "Promote a user to partition
manager" on page 93.

Add members to a partition

NOTE An entity cannot be placed in more than three partitions.
1 Click the Properties tab of a partition entity.
2 At the bottom of the Properties tab, click Add ( ).
3 Select the entities you want to add, and click Select.
The selected entities are added to the Members list. You do not have to click Apply.
4 Repeat the previous steps as needed.
For more information about partition properties, see "Properties" on page 452.

Add accepted users to a partition

1 Click the Accepted users tab of a partition entity.
2 At the bottom of the Accepted users tab, click Add ( ).
3 Select the users and user groups you want to add, and click Select.
The selected entities appear in the list.
4 Repeat the previous steps as needed.
5 Click Apply.
For information about the Accepted users tab for partition entities, see "Accepted users" on
page 453.

[Link] | Security Center Administrator Guide 5.2 92

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

Promote a user to partition manager

A partition manager has full administrative rights over the partition and its members.
1 Click the Accepted users tab of a partition entity.
2 Select the Partition manager option next to the user or user group you want to promote.
3 Click Apply.

Nesting partitions
By default, partitions are created at the top level and can be nested if required.

The red arrows illustrate the following:

• When using the Config Tool, accepted users of a partition can see all entities that belong to
that partition and its subordinates.
• When using the Security Desk, accepted users of a partition can monitor all entities that
belong to that partition and its subordinates.

Defining users
This section includes the following topics:
• "How are users represented?" on page 93
• "What are Admin and Service users?" on page 94
• "Create a user" on page 94
• "Add a user as a member of a user group" on page 95
• "Force Security Desk to run in full screen mode" on page 95

How are users represented?

A user is anyone who can use Security Center applications. To log on to the system, that person
needs a username and a password.

[Link] | Security Center Administrator Guide 5.2 93

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

What a person can do on the system is restricted by their user attributes:

• Privileges. Limits the types of activities the user can perform on the system. See
"Configuring user privileges" on page 99.
• Partitions. Limits the entities on which the user can exercise their privileges. See "Defining
partitions" on page 90.
A user can be a member of one or more user groups, from which it inherits most of its attributes.

What are Admin and Service users?

The following users are created by default and cannot be deleted or renamed.
• Admin. This user has full administrative rights to configure Security Center. A person
logged on as Admin can change, modify, and delete any entity in Security Center.
• Service . This is a hidden user account reserved exclusively for the Genetec Server service.
A person cannot use this account to connect to Security Center.

Create a user
1 From the Home page in Config Tool, open the Security task.
2 Click the Users view, and click User ( ).
3 In the user creation wizard, enter the Basic information. See "Common entity attributes"
on page 38.
NOTE The entity name is also the username, therefore, it must be unique.
4 Select partition rights for the user.
a Select Give this user administrative rights over the partition to make the user a
manager of the partition you selected.
b Select Give this user access to the partition to make the user an accepted user of the
partition you selected.
See "What constitutes a partition?" on page 91.
5 Click Next.
6 Enter the User information, and click Next.
See "Using privilege templates" on page 101.
7 Click Create, and click Close.
The new user account is created.
8 (Optional) Configure the user’s membership in user groups. See "Add a user as a member of
a user group" on page 95.
9 Click the Properties tab, type the person’s email address, and click Apply.
10 Click the Security tab, configure the security properties, and click Apply.
See "Security" on page 490.
11 Click the Privileges tab, define the user privileges, and click Apply.

[Link] | Security Center Administrator Guide 5.2 94

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

See "Privileges" on page 492 and "Force Security Desk to run in full screen mode" on
page 95.
12 Click the Workspace tab, define the user’s Security Desk workspace, and click Apply.
See "Workspace" on page 489.

Add a user as a member of a user group

A user who is a member of a user group inherits all the attributes of that group.
1 Click the Identity tab of the user entity.
2 In the Relationships section, click User groups.
3 Click Insert an item ( ), select one or more parent user groups, and click Select.
4 Click Apply.

Force Security Desk to run in full screen mode

If a user’s job is to focus on monitoring live video, you can force Security Desk to run in full
screen mode and prevent the user from switching to windowed mode.
You can force the full screen operation on a user or a workstation.

To force full screen operation on a user:

1 From the Home page in Config Tool, open the Security task.
2 Click the Users view, select a user, then click the Privileges tab.
3 Expand the Application privileges, and the Security Desk privileges.
4 Deny the privilege Change client views to that user.
For information, see "Privileges" on page 492 and "Application privileges" on page 701.
5 Click Apply.
Security Desk will always run in full screen mode for that user. The Restore Down command
and the F11 key (switch between full screen and windowed mode) are disabled.

[Link] | Security Center Administrator Guide 5.2 95

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

To force full screen operation on a workstation:

1 On the workstation, open the Security Desk Properties dialog box.
2 Select the Shortcut tab, and add the option /forcefullscreen (or /ff) to the end of the
string found in Target.

3 Click Apply.
The next time a user starts Security Desk using this shortcut, the application will start in full
screen mode. The Restore Down commands and the F11 key (switch between full screen and
windowed mode) are disabled.
NOTE Locking Security Desk in full screen mode does not prevent the user from minimizing the
Security Desk window with ALT+ESC or to switch to another application with ALT+TAB.

Defining user groups

This section includes the following topics:
• "Why do I need to create user groups?" on page 97
• "What is the Administrators user group?" on page 97
• "Create a user group" on page 97
• "Make a user group a subordinate of another user group" on page 98

[Link] | Security Center Administrator Guide 5.2 96

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

Why do I need to create user groups?

User groups serve to group users with common attributes (such as privileges) together so those
attributes only need to be defined once. A user group can also be a member of another user
group.

What is the Administrators user group?

The Administrators user group is a system entity that is created upon installation. It cannot be
deleted or renamed. Members of this user group have the same administrative rights as the
Admin user, and their rights cannot be revoked.
Best practice: For reasons of traceability, rather than letting everyone use the same Admin
account, it is best to create a separate user account for each administrator.

Create a user group

1 From the Home page in Config Tool, open the Security task.
2 Click the User groups view, and click User group ( ).
3 In the user group creation wizard, enter the Basic information. See "Common entity
attributes" on page 38.
4 Select partition rights for the user.
a Select Give this user group administrative rights over the partition to make every
member of this user group, a manager of the partition you selected.
b Select Give this user group access to the partition to make every member of this user
group an accepted user of the partition you selected.
See "What constitutes a partition?" on page 91.
5 Click Next, enter the User group information, and click Next.
See "Using privilege templates" on page 101.
6 Click Create, and click Close.
The new user group is created.
7 (Optional) Make this user group a subordinate of another user group.
See "Make a user group a subordinate of another user group" on page 98.
8 (Optional) Click the Properties tab, type the group’s email address, and click Apply.
9 (Optional) Click the Security tab, configure the security properties, and click Apply.
See "Security" on page 495.
10 (Optional) Click the Privileges tab, define user privileges, and click Apply.
See "Privileges" on page 497.

[Link] | Security Center Administrator Guide 5.2 97

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

Make a user group a subordinate of another user group

A group that is subordinate to a another user group inherits all the attributes of that group.
1 Click the Identity tab of the user group entity.
2 In the Relationships section, click Parent user groups.
3 Click Insert an item ( ), select one or more parent user groups, and click Select.
4 Click Apply.

[Link] | Security Center Administrator Guide 5.2 98

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

Configuring user privileges

This section includes the following topics:
• "What are user privileges?" on page 99
• "How are privileges granted to users?" on page 99
• "About privilege hierarchy" on page 99
• "About privilege inheritance" on page 100
• "Differences between Basic and Partition privileges" on page 101
• "About privilege templates" on page 101
• "What are the privilege templates?" on page 101

What are user privileges?

Privileges are applied to users and user groups to control which operations they are allowed to
perform in Security Center, independently of what entities they can access, and within the
constraints set by the software license.
Privileges in Security Center are divided into the following groups:
• Application privileges. Grant access to the Security Center applications.
• General privileges. Grant access to the generic Security Center features.
• Administrative privileges. Grant access to system entity configuration in Config Tool.
• Task privileges. Control accessibility to the various Security Desk tasks.
• Action privileges. Control the actions that can be performed on the system entities.
For a complete list and definition of all privileges, see "User privileges" on page 700.

How are privileges granted to users?

Each privilege can be granted explicitly to a user or inherited from a user group. Each privilege
can be granted with one of these settings:
• Allow. The privilege is granted to the user.
• Deny. The privilege is denied to the user.
• Undefined. This privilege must be inherited from a parent user group. If the user is not a
member of any group, or if the privilege is also undefined to the parent user group, then the
privilege is denied.

About privilege hierarchy

Privileges are organized in a hierarchy, with the following behavior:
• For a child privilege to be allowed, the parent privilege must be allowed.
• If a parent privilege is denied, all child privileges are denied.

[Link] | Security Center Administrator Guide 5.2 99

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

• A child privilege can be denied when the parent privilege is allowed.

About privilege inheritance

Privilege settings can be inherited from user groups and replaced at the member (user or user
group) level according to the following rules:
• A privilege that is undefined at the group level can be allowed or denied at the member
level.
• A privilege that is allowed at the group level can be denied at the member level.
• A privilege that is denied at the group level is automatically denied at the member level.
• When a user is a member of multiple user groups, the user inherits the most restrictive
privilege settings from its parents. This means that Deny overrules Allow, and Allow
overrules Undefined.
There are exceptions to the above rules:
• Administrator status. The Admin user, and members of the Administrators user group,
have a special status that grants them full administrative rights. These users can configure
the Security Center as they see fit; they can view and modify all entities in all partitions. The
Admin user and the Administrators user group are created at installation and cannot be
deleted or renamed.
• Partition manager status. A user or user group assigned to a partition can be given the
status of Partition manager over that partition. This special status confers full administrative
rights over the entities contained in that partition. It supersedes all privileges configured at
the partition level for that user.
A partition manager can add, modify, and delete all entities within their partition, including
the users and user groups. Unlike users with the administrator status, the Application,
General, and Task privileges can be denied to a partition manager.

[Link] | Security Center Administrator Guide 5.2 100

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

Differences between Basic and Partition privileges

The Basic privileges of a user (or user group) are the end results of the privileges inherited from
their parent user groups, plus the ones explicitly allowed/denied to the user.
When a user is given access to a partition, their Basic privileges are applied by default to the
partition. Later, an administrator or a partition manager can overwrite the privileges a user has
over a specific partition. For example, a user can be allowed to configure alarms in partition A,
but not in partition B. This means that a user can have a different set of privileges for each
partition they have access to. Only Administrative and Action privileges, plus the privileges over
public tasks, can be overwritten at the partition level.

Using privilege templates

This section includes the following topics:
• "About privilege templates" on page 101
• "What are the privilege templates?" on page 101

About privilege templates

Privilege templates are predefined privilege configurations, based on standard security personnel
profiles, that you can apply to users and user groups to simplify the creation process. Once
applied, you can fine tune the privileges manually.
Privilege templates are only available when creating a user or user group. You cannot rename,
modify, or delete the privilege templates. However, you can freely modify the privilege settings
after they are applied to a user or user group.
The best way to use privilege templates is to create one user group for each template if necessary.
After your model user groups are created, users can inherit privileges from them.

What are the privilege templates?

Security Center provides the following privilege templates:
• Reporting. This template only grants the privileges to run Security Desk and to execute the
most basic reporting tasks, excluding those for AutoVu LPR. A user with this set of
privileges alone cannot view any video, control any physical devices, or report incidents.
• Operator. This template is for security operators who need to monitor real time events in
the system. It grants them the privileges to use the Monitoring task, view video, manage
visitors, credentials, and badge templates, add bookmarks and incidents, save snapshots,
unlock doors, and so on.
• Investigator. This template is for investigators. It grants the privileges to use the Monitoring
task, view video, control PTZ cameras, record and export video, add bookmarks and
incidents, use investigation tasks, manage alarms and visitors, override door unlock
schedules, save tasks, and so on.

[Link] | Security Center Administrator Guide 5.2 101

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing software security

• Supervisor. This template is for people who have supervisory responsibilities. It grants the
same privileges as the Investigator template, plus the privileges to use maintenance tasks,
manage cardholders and credentials, modify custom fields, set threat levels, block cameras,
and perform people counting.
• Provisioning. This template is for the system installer. It grants almost all configuration
privileges, with only a few exceptions (managing roles, macros, users, user groups, custom
events, activity trails, threat levels, and audio files).
• Basic AutoVu Operator. This template is for security operators using AutoVu LPR. It
grants them privileges to use LPR tasks, configure LPR entities, create LPR rules, monitor
LPR events, and so on.

Importing users from an Active Directory

Users and user groups can be created by importing them from your corporate directory service.
For more information, see "Integrating with Windows Active Directory" on page 140.

[Link] | Security Center Administrator Guide 5.2 102

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Automating system behavior

Automating system behavior

Security Center offers you many ways to automate the system’s behavior.
This section includes the following topics:
• "Using schedules" on page 103
• "Using event-to-actions" on page 106
• "Using scheduled tasks" on page 109
• "Using macros" on page 110

Using schedules
Schedules are useful in Security Center to dynamically control the behavior and settings of the
system based on timetables.
This section includes the following topics:
• "What is a schedule?" on page 103
• "What is the default schedule?" on page 104
• "Warning about time zones" on page 104
• "What is a twilight schedule?" on page 104
• "Create a schedule" on page 105
• "Resolving schedule conflicts" on page 105

What is a schedule?
The schedule entity ( ) defines a set of time constraints that can be applied to many situations,
such as when a user can log on to the system, when video from a surveillance camera should be
recorded, or when access should be granted to a secured area.
Each time constraint is characterized by two sets of properties:
• Date coverage. Defines a date pattern, or specific dates to be covered by the schedule.
 Daily. Defines a pattern that repeats every day.
 Weekly. Defines a pattern that repeats every week. Each day of the week can have a
different time coverage.
 Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date
pattern can have a different time coverage. For example, on July 1st every year, on the
first Sunday of every month, or on the last Friday of October every year.
 Specific. Defines a list of specific dates in the future. Each date can have a different time
coverage. This setting is ideal for special events that occur only once.
• Time coverage. Defines which time periods apply during a 24-hour day.

[Link] | Security Center Administrator Guide 5.2 103

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Automating system behavior

 All day. Covers the entire day.

 Range. Covers one or multiple distinct time periods within the day. For example, from
9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m.
 Daytime. From sunrise to sunset. Only supported by twilight schedules.
 Nighttime. From sunset to sunrise. Only supported by twilight schedules.
For more information on Daytime and Nighttime settings, see "What is a twilight schedule?"
on page 104.

What is the default schedule?

When Security Center Directory is installed, a schedule named Always is created by default.
This schedule has a 24/7 coverage, and cannot be renamed, modified, nor deleted.
This schedule has the lowest priority in terms of schedule conflict resolution. For more
information, see "Resolving schedule conflicts" on page 105.

Warning about time zones

The time of day for a schedule is based on the local time zone set in each individual context
where it is applied. For example, if the schedule is used to set continuous video recording from
9 a.m. to 5 p.m., whether the video unit is in Tokyo or London, the recording will occur on
schedule according to the local time. This is due to every video unit having a time zone setting,
to control video settings and recordings relative to the unit’s local time. For more information,
see "Location" on page 340.
When a schedule is applied to an entity that has no time zone settings, such as the logon
schedule for a user, the local time is taken from the server hosting the Directory role.

What is a twilight schedule?

A twilight schedule ( ) is a special type of schedule that covers either daytime or nighttime.
These special time coverages vary according to the day of the year. The calculation of the time
of day when the sun rises and sets is based on a geographical location (latitude and longitude).
Twilight schedules are designed for situations where the sunlight has an impact on the system’s
operation, such as video settings and recording. Some typical uses of the twilight schedules are:
• To record video only during daytime.
• To boost the video encoder’s sensitivity after sunset.
• To disable motion detection during twilight.
Twilight schedules have the following restrictions:
• Cannot be used in any situation involving access control entities.
• Requires that the entity it applies to has a geographical location setting, such as video units
and LPR units. See "Using geographical locations" on page 40.
• The Weekly option for date coverage is not available.

[Link] | Security Center Administrator Guide 5.2 104

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Automating system behavior

• The All day and Range options for time coverage are not available.
• Twilight schedules are not visible in contexts where they are not applicable.
For more information, see "Date coverage" on page 103.

Create a schedule
Schedules must be created in advance if you plan to use them in any settings.
1 From the Home page in Config Tool, open the System task.
2 Click the Schedules view, and click Schedule ( ).
3 In the schedule creation wizard, enter the Basic information, and click Next.
For more information, see "Common entity attributes" on page 38.
4 In the Schedule information page, select one of the following:
 Select Standard schedule if you want to be able to use this schedule in all situations.
 Select Twilight schedule if you specifically need Daytime or Nighttime coverage.
CAUTION The schedule type cannot be changed after the entity is created. For more
information, see "What is a twilight schedule?" on page 104.
5 Click Close.
A default daily schedule is created.
6 Click the Properties tab to configure the desired date and time coverage.
For more information, see Schedule – "Properties" on page 468.
7 Click Apply.

Resolving schedule conflicts

You might have a scheduling conflict when two overlapping schedules are applied to the same
function. For example, two schedules applied to the recording of the same camera.
Security Center can resolve some of these conflicts by giving priority to the most specific (or
restrictive) schedule. The specificity of a schedule is determined by its date coverage option.
The following lists the date coverage options in decreasing order of priority:
1 Specific (Runs only once. Highest priority)
2 Ordinal (Repeats on a monthly or yearly basis)
3 Weekly (Repeats every week)
4 Daily (Repeats every day)
5 Always (The default schedule. Has the lowest priority)

CAUTION When two overlapping schedules with the same priority level are applied to the same
function, you have an unresolved conflict. An Entity warning is raised by the system, and the
entity with the faulty configuration is displayed in yellow in the entity browser. For more
information, see "Viewing system messages" on page 168.

[Link] | Security Center Administrator Guide 5.2 105

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Automating system behavior

Using event-to-actions
An event-to-action is the coupling of an action to an event, to confer automatic and intelligent
behavior to the system.
This section includes the following topics:
• "What is an event?" on page 106
• "What is a custom event?" on page 106
• "What is an action?" on page 106
• "Create an event-to-action" on page 107
• "Search for event-to-actions" on page 108

What is an event?
Security Center uses events to record activity on the system. The types of events generated by
Security Center vary from entity to entity. For instance: Access denied to a cardholder, Signal lost
on a camera, License plate matched to a hotlist, and so on.
Some of the ways you can make use of system events are the following:
• View them in Security Desk in real-time.
• Have the system record them in event logs for viewing and analysis at a later time.
• Configure the system to take action automatically by associating actions to various types of
events, such as triggering an alarm, or sending a message. This is called an event-to-action.
This is the most powerful and versatile method for handling events. For more information,
see "Actions" on page 630.
Events can arise from many sources, such as recording started by a user on a camera, a door
being left open for too long, or an attempt to use a stolen credential. For a complete list of the
predefined event types in Security Center, see "Event types" on page 754.

What is a custom event?

In addition to the predefined event types, you can also define custom events to precisely
represent each of the various combinations of input signals received from different units on your
system. For more information, see "Managing zones" on page 160 and "Custom events" on
page 629.

What is an action?
An action is a user-programmable function that can be triggered as an automatic response to an
event (door held open for too long, or object left unattended) or executed according to a specific
time table.

[Link] | Security Center Administrator Guide 5.2 106

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Automating system behavior

For a complete list of the predefined action types in Security Center, see "Action types" on
page 767. For other action usages, see "Using scheduled tasks" on page 109.

Create an event-to-action
1 From the Home page in Config Tool, open the System task.
2 Click the General settings view, then click the Actions page.
For more information, see "Actions" on page 630.
3 Click Add an item ( ).

4 In the Entity type page, select the type of the source entity and click Next.
The source entity is the entity to which the event is attached.
5 In the Source page, select the source entity and click Next.
Enter a search string if necessary. Only entities corresponding to the selected type are listed.
6 In the Event page, select an event type and a schedule, and click Next.
Only events pertaining to the selected entity type are listed.
The schedule determines when the event should occur in order to trigger the action. For
example, you might want to sound an alarm only when a window is opened during the
weekend. By default, Always is selected.

[Link] | Security Center Administrator Guide 5.2 107

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Automating system behavior

7 In the Action page, select an action type and configure its parameters.

The Next button becomes enabled only when all the arguments required by the selected
action type are properly configured. For a full description of all action types you can choose
from, see "Action types" on page 767.
8 Click Next.
The Creation summary page appears.
9 Verify that all information is correct, click Create, and click Close.
If the information is incorrect, click Back and fix the errors.
The new event-to-action is added to the list of system actions. For more information, see
"Actions" on page 630.

Search for event-to-actions

You can search for an event-to-action by any combination of source entity (name and type),
event type, and action type.
1 From the Home page in Config Tool, open the System task.
2 Click the General settings view, then click the Actions page.
3 Click Advanced search ( ) to show search filters.
 Entity name. Search for source entity names starting with the search string.
 Entity type. Select a specific source entity type (default=All).

[Link] | Security Center Administrator Guide 5.2 108

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Automating system behavior

 Event. Select a specific event type (default=All).

 Action. Select a specific action type (default=All).
4 Use the action buttons at the bottom of the page to fix or delete the unwanted event-to-
actions. For more information, see "Actions" on page 630.

Using scheduled tasks

This section includes the following topics:
• "What is a scheduled task?" on page 109
• "Comparison between scheduled tasks and event-to-actions" on page 109
• "Create a scheduled task" on page 109

What is a scheduled task?

A scheduled task is an entity that defines an action that executes automatically on a specific date
and time, or according to a recurring schedule.

Comparison between scheduled tasks and event-to-actions

The similarities between the two concepts are:
• Both have access to the same set of actions.
• Both use recurring schedules.
The differences between the two concepts are:
• A scheduled task is saved as an entity, an event-to-action is not.
• A scheduled task is triggered on schedule, not on event.
• A scheduled task can be turned on and off.
• The scheduling options are different:
 Once. Executed once at a specific date and time.
 Every minute. Executed every minute.
 Hourly. Executed at a specific minute of every hour.
 Daily. Executed at a specific time every day.
 Weekly. Executed at a specific time on selected days of the week
 On startup. Executed on system startup.
 Interval. Executed at regular intervals that can be days, hours, minutes, or seconds.

Create a scheduled task

This sample procedure creates a scheduled task that synchronizes an Active Directory role.
1 From the Home page in Config Tool, open the System task.

[Link] | Security Center Administrator Guide 5.2 109

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Automating system behavior

2 Click the Scheduled tasks view, and click Scheduled task ( ).

A new scheduled task entity appears in the Logical view.
3 Type a name for the scheduled task, and press ENTER.
4 Click the Properties tab.
For more information, see Scheduled task – "Properties" on page 474.
5 Set the Status switch to Active.
6 Set the desired Recurrence pattern.
a Click on the drop-down list and select Weekly.
b Set the desired start time on the scheduled dates.
c Select the days of the week when the action is to be executed.
7 Select the type of action to be executed.
Additional parameters might be required based on the selected action.
For our example, scroll down and click Trigger synchronization, then select the Active
Directory role that needs to be synchronized.
8 Click Apply.

Using macros
This section includes the following topics:
• "What is a macro?" on page 110
• "Creating macros" on page 110

What is a macro?
You can write programs in C# using Security Center SDK to add custom functionality to your
system. These programs are loaded into Security Center as macro entities.
If you need help to develop custom macros, contact Genetec Professional Services through your
sales representative for a quote, or call us at one of our regional offices around the world. To
contact us, visit our Web site at [Link].

Creating macros
You can write your C# programs with an external text editor, or use the text editor found in
Config Tool. For more information, see Macro – "Properties" on page 434.

[Link] | Security Center Administrator Guide 5.2 110

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing alarms

Managing alarms
This section includes the following topics:
• "What is an alarm?" on page 111
• "Create an alarm" on page 112
• "Testing alarms" on page 112
• "Trigger alarms manually" on page 113
• "Trigger alarms automatically using event-to-actions" on page 113
• "Responding to alarms" on page 115

What is an alarm?
An alarm entity describes a particular trouble situation in Security Center (intrusion, broken
window, door forced open, and so on) that requires immediate attention.
The basic properties of an alarm are:
• Name. Alarm name.
• Priority. Priority of the alarm (1-255), based on the urgency of the situation. Higher
priority alarms are displayed first in Security Desk.
• Recipients. Users who are notified when the alarm occurs, and are responsible for
responding to the alarm situation. Recipients can be notified all at once, or one after another
in a sequence.
• Attached entities. Entities that help describe the alarm situation (for example, cameras,
area, doors, and so on). When the alarm is received in Security Desk, the attached entities
can be displayed one after another in a sequence or all at once in the canvas, to help you
review the situation.

[Link] | Security Center Administrator Guide 5.2 111

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing alarms

Create an alarm
You create alarms from the Alarms task in Config Tool.
1 From the Home page in Config Tool, open the Alarms task.
2 Click the Alarms view, and click Alarm ( ).
A new alarm entity ( ) appears in the Logical view.
3 Type a name for the alarm, and press ENTER.
Best practice: Provide a name best describes the situation, so it is easy to determine what
happened when the alarm is triggered.
4 Click the Properties tab, configure the essential properties, and click Apply.
For more information, see "Properties" on page 356.
5 Click the Advanced tab, configure the advanced settings, and click Apply.
For more information, see "Advanced" on page 358.
After you are done: Test the alarm you just created. See "Testing alarms" on page 112.

Testing alarms
The simplest way to test an alarm is to trigger it manually from Config Tool, and make sure you
receive it in Security Desk.
Before you begin: Log on to Security Desk as one of the alarm recipients.
1 From the Home page in Config Tool, open the Alarms task.
2 Click the Alarms view, and select the alarm to test.
3 In the Contextual commands toolbar, click Trigger alarm ( ).
The triggered alarm should appear in the Security Desk notification tray, and in the alarm list
in the Alarm monitoring task.
The Alarm monitoring task opens automatically if Security Desk is configured open the task
when an alarm is triggered. To set this behavior, see “Customizing alarm behavior” in the
Security Desk User Guide. If the Alarm monitoring task does not open automatically, double-
click the alarm icon in the Security Desk notification tray to open it.

Troubleshooting alarms
If you do not receive an alarm, check the following:
• Is the alarm schedule preventing you from triggering the alarm at this moment?
• Does the alarm recipient have the correct privileges to receive alarms (Alarm monitoring
and Acknowledge alarms)?

[Link] | Security Center Administrator Guide 5.2 112

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing alarms

Trigger alarms manually

When you observe a trouble situation happening in Security Center, you can manually trigger
an alarm.

To trigger an alarm manually:

• Do one of the following:
 In the Alarms task in Config Tool, select an alarm, and then in the Contextual commands
toolbar, click Trigger alarm ( ).
 In the notification tray in Security Desk, click Hot actions ( ) > Manual action. Click
Trigger alarm ( ), select an alarm, and then click OK.
 In the Alarm monitoring task in Security Desk, click Trigger alarm ( ), select an
alarm, and click Trigger alarm.

Trigger alarms automatically using event-to-actions

You can configure events that occur to trigger alarms, using event-to-actions. This is the most
common way alarms are triggered.
NOTE If an alarm is triggered and displayed in the canvas and the triggering event is caused by
an entity that is associated with cameras (for example a door), then the associated cameras are
displayed in the canvas before the entities attached to the alarm. For more information, see
Alarm – Properties – "Attached entities" on page 357.
For more information about creating event-to-actions, see "Using event-to-actions" on
page 106.

To trigger an alarm automatically:

1 From the Home page in Config Tool, open the System task.
2 Click the General settings view.
3 Click the Actions tab, and click .
4 In the Entity type page, select an entity type, and click Next.
The source entity is the entity that the event is attached to.
5 In the Source page, select the source entity and click Next.
6 In the Event page, select an event type
Only events related to the selected entity type are listed. For a list of events available in
Security Center, see "Event types" on page 754.
7 Select a schedule, and click Next.
The schedule determines when the event will trigger the action. For example, you might
want to trigger an alarm only when a window is opened during the weekend. By default,
Always is selected.
8 In the Action page, select Trigger alarm.

[Link] | Security Center Administrator Guide 5.2 113

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing alarms

9 From the Alarm drop-down list, select an alarm to trigger.

10 (Optional) From the Acknowledgement condition drop-down list, select an event that
must be triggered before the alarm can be acknowledged.
This option is only available when you select some source event types. For a list of event
types that could require an acknowledgement condition to be cleared before the alarm can
be acknowledged, see "Event types that could require an acknowledgement conditions" on
page 114.
11 To require a user to acknowledge the alarm after the acknowledgement condition is cleared,
select the User acknowledgement required option.
If you clear this option, the alarm is automatically acknowledged when the
acknowledgement condition is cleared.
12 Click Next > Create > Close.

Event types that could require an acknowledgement conditions

For some event-to-actions that trigger alarms, you can configure them so that a second event
must be triggered before the triggered alarm can be acknowledged. The second event is the
acknowledgement condition.
The following is a list of event types that allow you to select an acknowledgement condition that
must be cleared before the alarm can be acknowledged.

Source event type Entity type Acknowledgement condition

AC fail Access control unit, Intrusion AC fail input normal

detection unit

Application lost Roles Application online

Asset offline Asset Asset online

Asset online Asset Asset offline

Battery fail Access control unit, Intrusion Battery fail input normal
detection unit

Door forced open Door Door closed

Door opened Door Door closed

Door opened too Door Door closed

long

Hardware tamper Access control unit, Intrusion Input normal

detection unit, Zone (hardware)

[Link] | Security Center Administrator Guide 5.2 114

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing alarms

Source event type Entity type Acknowledgement condition

Intrusion detection Intrusion detection area • Disarmed (not ready)

area alarm activated • Disarmed (ready to arm)
• Master armed
• Perimeter armed

Intrusion detection Intrusion detection area Input bypass deactivated

area input bypass
activated

Manual station Door Manual station reverted to normal

activated state

Signal lost Camera Signal recovered

Unit lost Access control unit, Intrusion Unit online

detection unit, LPR unit, Video unit

Zone armed/ Zone • Zone state normal

disarmeda • Zone state active

a. Events that are associated with the normal, active, and trouble states of a zone can also be
configured with an acknowledgement condition. For more information about zone states, see
"Properties" on page 507.

Responding to alarms
You respond to active alarms from the Alarm monitoring task in Security Desk.
When you receive an alarm, you can snooze the alarm, forward it to a colleague, or acknowledge
it. The alarm can also be automatically acknowledged after a period of time, if it is configured
that way.
For alarms with an acknowledgement condition, the process is a bit different. Before the
acknowledgement condition is cleared, you can investigate the alarm to let other users know
you have seen it, and are taking care of it. You can only acknowledge the alarm after the
acknowledgement condition is cleared. The alarm can also be automatically acknowledged by
the system after the acknowledgement condition is cleared, if it is configured that way.
EXAMPLE A Unit lost event occurs, which triggers an alarm with an acknowledgement
condition of Unit online. Before the unit comes back online, the alarm can be snoozed,
forwarded, investigated, or an administrator can forcibly acknowledge it. After the event Unit
online occurs, the alarm can be acknowledged.
NOTE Administrators can force all local alarms to be acknowledged at any time, even if the
acknowledgement condition is not cleared.

For more information on acknowledging alarms, see “Acknowledging alarms” in the Security
Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 115

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing alarms

Investigating current and past alarms

You can search for and examine current and past alarms, using the Alarm report task in Security
Desk. For more information about using the Alarm report task, see “Investigating current and
past alarms” in the Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 116

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

Managing threat levels

This section includes the following topics:
• "What are threat levels for?" on page 117
• "Differences between threat levels and alarms" on page 117
• "Create a threat level" on page 119
• "Configuring threat level actions" on page 121
• "Actions exclusive to threat levels" on page 122
• "Threat level limitations" on page 122
• "Threat level scenarios" on page 123
• "Threat level related tasks" on page 127

What are threat levels for?

A threat is a potentially dangerous situation, such as a fire or a shooting, that requires immediate
response from the system and the security personnel. A threat could affect only one area or the
entire system.

As the Security Center administrator, you define threat levels to help the security personnel deal
promptly with threatening situations. Each threat level is characterized by a name and a color,
and associated to two lists of actions that the system executes automatically, one when the threat
level is set, and another one when the threat level is cleared. The full range of Security Center
actions is at your disposal to dictate the behavior of the system, plus some actions that are unique
to threat levels, such as denying certain cardholders access to areas in your system, or forcing
certain users to log off from the system.

Threat levels are set by Security Desk operators when a situation calls for such an action. The
operator must have the Set threat level privilege. The operator can set a threat level on an area or
on the entire system (includes all areas). For more information on dealing with threats from an
operator’s perspective, see “Set threat levels” in the Security Desk User Guide.

Differences between threat levels and alarms

The following table highlights the differences between threat levels and alarms. For more
information on alarms, see "Managing alarms" on page 111.

Characteristics Alarm Threat level

Purpose Deals with localized events, such as a Deals with widespread events affecting
forced entry or an object being left an whole area or the entire system, such
unattended in a public area. as a fire or a shooting.

[Link] | Security Center Administrator Guide 5.2 117

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

Characteristics Alarm Threat level

Configuration • Config Tool Only administrative users can configure

privileges • Add/delete alarms threat levels.
• Modify alarms

Activation Typically triggered by an event-to- Typically set manually by a Security

action. Can also be triggered by a Desk operator. Can also be set by an
manual action. event-to-action.

System response Recording starts automatically on The threat level activation action list is
on activation cameras associated to the alarm. automatically executed.

Notification The alarm icon turns red in the The threat level icon turns red in the
method Security Desk notification tray. Security Desk notification tray.
Depending on your Security Desk When a threat level is set at the system
configuration, the Alarm monitoring level, the background of Security Desk
task might be brought to the turns to the color of the threat level.
foreground.

Who gets the Security Desk users configured as All Security Desk users.
notification? alarm recipients.

Event ranking Alarms are ranked according to their Threat levels are independent of each
priority level (1=highest, 255=lowest). other. Only one threat level can be set
Higher priority alarms are displayed on an area at any given time. The last
first. When the priority level is the threat level set overrides the previous
same, the most recent is displayed first. one.

Deactivation A Security Desk user (alarm recipient) A Security Desk user must manually
must acknowledge the alarm. clear the threat level or set a different
Alarms can also be automatically threat level. A threat level can also be
acknowledged by the system after a automatically cleared using an event-to-
specified delay or when the action (Set threat level to None).
acknowledgment condition is met.

System response The acknowledged alarm is removed The threat level deactivation action list
on deactivation from all active alarm list (Alarm is automatically executed.
monitoring task in Security Desk).

Related events • Alarm triggered • Threat level set

• Alarm being investigated • Threat level cleared
• Alarm condition cleared
• Alarm acknowledged
• Alarm acknowledged (Alternate)
• Alarm forcibly acknowledged

[Link] | Security Center Administrator Guide 5.2 118

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

Characteristics Alarm Threat level

Operator • Security Desk (Application) • Security Desk (Application)

privileges • Alarm monitoring (Task) • Set threat level (Action)
• Alarm report (Task) The same privilege is used for both
• Trigger alarms (Action) setting and clearing threat levels. To
• Snooze alarms (Action) clear a threat level is to set it to None.
NOTE The threat level activation and
• Forward alarms (Action)
deactivation actions are carried out by
• Acknowledge alarms (Action)
the system, independently of the
NOTE Only administrative users can operator’s privileges.
forcibly acknowledge alarms.

Exclusive actions None. • Set minimum security clearance

• Set minimum user level
• Set reader mode
For more information, see "Actions
exclusive to threat levels" on page 122.

Create a threat level

Only administrative users can configure threat levels.
1 From the Home page in Config Tool, open the System task.
2 Click the General settings view and select the Threat levels page.
For a description of this page, see "Threat levels" on page 635.
3 At the bottom of the threat level list, click Add an item ( ).
The Threat level configuration dialog box appears.
4 Enter the Name, Description, Logical ID (optional), and Color of the threat level.
Make sure you choose a distinctive color for each threat level. The threat level color is used
to color the Security Desk background when the threat level is set at the system level.
5 Configure the threat level Activation actions.
These actions are executed by the system when the threat level is set, independently of the
privileges and permissions of the user who set the threat level.
For information on what actions you can configure, see "Configuring threat level actions"
on page 121 and "Actions exclusive to threat levels" on page 122.
6 Configure the threat level Deactivation actions.
These actions are executed by the system when the threat level is cleared or overwritten by
another one, independently of the privileges and permissions of the user who cleared the
threat level.
CAUTION The system does not automatically revert the configuration back to what it was
before the threat level was set. You need to explicitly configure the deactivation actions to take
care of that.

[Link] | Security Center Administrator Guide 5.2 119

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

7 Click OK to close the configuration dialog box.

A new threat level ( ) appears in the threat level list.
8 Click Apply.
After you are done: Do the following:
• Grant Set threat level privilege to all users who need to set threat levels.
NOTE For users who need to set system threat levels, they must be accepted users of the
Public partition. For more information, see "Action privileges" on page 714.
• (Optional) Configure additional threat level activation and deactivation actions for specific
areas. For more information, see "Threat levels" on page 366.

[Link] | Security Center Administrator Guide 5.2 120

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

Configuring threat level actions

Actions in Security Center typically affect a single target entity (see "Action types" on page 767).
However, when actions are used to configure threat levels, the scope of many of them can be
extended to all entities found under the area where the threat level is set that match the type of
the target entity.

For example, the action Start recording normally applies to a specific camera. If you select All
entities for the Camera argument, recording will start on all cameras found under the area where
the threat level is set.

NOTE If you select a specific entity for your action, the action will be applied to the selected entity
regardless whether the entity is found under the area where the threat level is set or not.

[Link] | Security Center Administrator Guide 5.2 121

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

Actions exclusive to threat levels

The following actions are unique to threat level configuration.

Action name Target entity Description

Set minimum area (Location) Sets the minimum security clearance level required from
security clearance cardholders to enter the target area on top of the restrictions
imposed by the access rules. Has no effect on exits.
Additional parameter:
• Security clearance. The minimum security clearance
level required for the selected area. (0=highest level,
99=lowest level or no special clearance required).
NOTE The security clearance is only visible to administrative
users. This action only works with doors controlled by
Synergis Master Controller (SMC).

Set minimum user N/A Logs out users with a lower user level than the one you
level specify when a threat level is set, and prevents them from
logging back on.
Additional parameter:
• User level. The minimum user level (1=highest level,
254=lowest level) required to log on to the system, or to
stay logged on to the system.
NOTE This action is only executed when the threat level is set
at the system level. If the user setting the threat level has a user
level below the required minimum, that user will be logged off
the system the moment the threat level is set.

Set reader mode area, door Sets the reader mode for accessing doors.
(Location) Additional parameter:
• Reader mode. Select whether access is granted using Card
and PIN, or Card or PIN, for the selected areas.
NOTE This action only works with door controllers and
readers that support this feature.

Threat level limitations

The following limitations apply when using the threat level feature:
• Threat levels work independently of partitions. Therefore, a threat level set at the system
level by the users of one partition might affect the entities belonging to another partition, if
the actions have a generic scope (applied to All entities).
• Threat levels cannot be applied to federated areas.

[Link] | Security Center Administrator Guide 5.2 122

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

Threat level scenarios

The following scenarios serve to illustrate the use of threat levels.
• "Scenario #1: Fire" on page 123
• "Scenario #2: Gunman" on page 125

Related topics:
• “Set threat levels” in the Security Desk User Guide
• “Clear threat levels” in the Security Desk User Guide

Scenario #1: Fire

In case a fire breaks out, we want the system to respond immediately with the following actions:
• Sound the fire alarm
NOTE For the sake of illustration. Not a recommended practice.

• Unlock all doors to let people evacuate

NOTE For the sake of illustration. Not a recommended practice.

• Log off all low priority users to free as much resources (especially network bandwidth) as
possible for high priority users to manage the current threat.
• Record the entire evacuation process at high video quality for as long as it lasts.

[Link] | Security Center Administrator Guide 5.2 123

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

The threat level configured to handle a fire could be as follows:

When an operator sets this threat level, the following actions are executed by the system:
• Trigger output. Sounds the fire alarm by sending the Fire alarm output behavior to the
output pin Building Exit - Output-1, assuming that this is where the alarm bell is
connected.
• Set the door maintenance mode. Sets all doors within the area where the threat level is set
to maintenance mode, effectively unlocking all of them for an indefinite period of time.
This is better than using the Unlock door explicitly action which only unlocks the doors
for a few seconds.
• Set minimum user level. Immediately logs off all users with a user level lower than 1,
basically every one that is not an administrator, encouraging them to leave their desk at
once, as well as stopping all unnecessary activity on the network, so the administrators can
have as much bandwidth as possible at their disposal to deal with the situation.

[Link] | Security Center Administrator Guide 5.2 124

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

NOTE This action is only executed if the threat level is set at the system level. So if the fire is
limited to one area, we do not want to log off everyone from the system.
• Override with event recording quality. Boosts the recording quality of all cameras within
the area where the threat level is set to event recording quality. For more information, see
"Boost quality on event recording" on page 380.
• Start recording. Starts recording on all cameras within the area where the threat level is set
for an infinite duration, or until it the Stop recording command is issued.

When an operator clears this threat level, the following actions are executed by the system:
• Trigger output. Stops the fire alarm by sending the Normal output behavior to the output
pin Building Exit - Output-1.
• Set the door maintenance mode. Turns off the maintenance mode on all doors within the
area where the threat level is set. This effectively restores all doors to their normal behavior.
• Set minimum user level. Resets the minimum user level to 254 (the lowest value), allowing
all users to log back on.
• Recording quality as standard configuration. Restores the standard recording quality on
all cameras within the area where the threat level is set.
• Stop recording. Stops recording on all cameras within the area where the threat level is set.
This action will not stop the recording on cameras that are on a continuous recording
schedule.

Scenario #2: Gunman

In case a gunman or a shooter is spotted, we want the system to respond immediately with the
following actions:
• Block access to where the gunman/shooter is from innocent bystanders.
• Record the shooting incident in high quality video as evidence in court.
• Protect the video recordings of the whole event against accidental deletion.
• Block the sensitive video footage from the public eye in case some of the video streams are
shown on public web sites.

[Link] | Security Center Administrator Guide 5.2 125

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

The threat level configured to handle a gunman/shooter could be as follows:

When an operator sets this threat level, the following actions are executed by the system:
• Set minimum security clearance. Prevents the cardholders who have a security clearance
lower than 5 (between 6-99) from entering the area where the gunman is known to be.
NOTE This configuration assumes that only armed security personnel have a clearance level
higher than 5 (between 0-5), and that security operators continue to monitor all exits and can
manually unlock doors when necessary.
• Override with event recording quality. Boosts the recording quality of all cameras within
the area where the threat level is set to event recording quality. For more information, see
"Boost quality on event recording" on page 380.
• Start recording. Starts recording on all cameras within the area where the threat level is set
for an infinite duration, or until it the Stop recording command is issued.

[Link] | Security Center Administrator Guide 5.2 126

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing threat levels

• Start applying video protection. Starts protecting the videos recorded from the cameras
within the area where the threat level is set, from now until the Stop applying video protection
command is issued, for an unlimited period of time.
• Block and unblock video. Block all users with a user level lower than 5 from viewing the
video from the cameras within the area where the threat level is set, from now until the video
blocking is explicitly stopped, for an unlimited period of time.
NOTE This configuration assumes that all security personnel has a user level higher than 5
and can continue to monitor the scene.

When an operator clears this threat level, the following actions are executed by the system:
• Set minimum security clearance. Restore normal access to the area to all cardholders by
setting the security clearance to 99 (the lowest level).
• Recording quality as standard configuration. Restores the standard recording quality on
all cameras within the area where the threat level is set.
• Stop recording. Stops recording on all cameras within the area where the threat level is set
after 30 seconds. This action will not stop the recording on cameras that are on a continuous
recording schedule.
• Stop applying video protection. Stops protecting the videos recorded from the cameras
within the area where the threat level is set, after one minute.
• Block and unblock video. Unblock all cameras within the area where the threat level is set.
The video recorded during the time when the threat level was active will remain blocked for
playback to the users whose user level is lower than 5.

Threat level related tasks

You can monitor threat level related activities with the following maintenance tasks:
• System status. Use this task to monitor the threat level and security clearance set on each
areas. See "Monitoring the status of your system" on page 177.
• Activity trails. Use this task to find out when threat levels have been set and cleared, and
who did it. See "Investigating user related activity on the system" on page 182.

[Link] | Security Center Administrator Guide 5.2 127

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Federating remote systems

Federating remote systems

The Federation™ is a virtual system formed by joining multiple independent Genetec IP security
systems together. The purpose of the Federation is to allow the users on your local system to
view and control the entities belonging to independent remote systems as if they were on your
local system.
This section includes the following topics:
• "Types of federations" on page 128
• "What are federated entities?" on page 128
• "Federating Omnicast systems" on page 131
• "Federating Security Center systems" on page 133
• "Advanced settings for large federations" on page 134

Types of federations
Security Center can join (or federate) Omnicast 4.x systems and other Security Center systems
into a large federation. The system that joins other systems together is called the Federation host.
Security Center does this by creating a specific federation role for each system it needs to unify.
Two types of federation roles are available:
• Omnicast Federation. Federates an Omnicast 4.x system so that its cameras and events can
be used in your local system. For more information, see "Federating Omnicast systems" on
page 131.
• Security Center Federation. Federates an independent Security Center system so that its
entities can be used in your local system. For more information, see "Federating Security
Center systems" on page 133.

What are federated entities?

Federated entities are entities imported from remote independent systems. They do not belong
to your local system. You can view and manipulate them in your local system, but you cannot
change their native settings.

Identification of federated entities

Federated entities are easily identifiable by the yellow arrow that is superimposed on their entity
icon. The following are some examples of federated entities:
• – Federated area entity (they are called sites in Omnicast)
• – Federated alarm entity
• – Federated fixed camera entity

[Link] | Security Center Administrator Guide 5.2 128

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Federating remote systems

• – Federated dome camera entity

• – Federated camera sequence entity
• – Federated virtual camera entity (Omnicast only)
• – Federated cash register entity
• – Federated door entity (Security Center only)
• – Federated elevator entity (Security Center only)
• – Federated cardholder entity (Security Center only)
• – Federated credential entity (Security Center only)

Using federated entities

You can perform the following operations on federated entities in Security Desk:
• View live or playback video from federated cameras.
• Add bookmarks, start/stop recording, and export video from federated cameras.
• Control the PTZ on federated dome cameras (except PTZ locking).
• Switch cameras on CCTV matrices via virtual cameras federated from Omnicast 4.x.
For more information, see "Federating Omnicast systems" on page 131.
• View, start/stop cycling, pack/unpack federated camera sequences.
For more information, see "Limitations with Omnicast Federation" on page 131.
• Receive, acknowledge, snooze, forward, start/stop cycling, pack/unpack federated alarms.
For more information, see "Exceptions regarding federated alarms" on page 130 and
"Limitations with Omnicast Federation" on page 131.
• View and control federated tile plugins.
• Lock/unlock federated doors.
• Arm/disarm federated intrusion detection areas.
• Arm/disarm federated zones.

Can federated entities be configured locally?

Most federated entity properties cannot be changed on your local system, but you can use the
federated entities to configure your local entities.
• You cannot change their name and description.
• You cannot change any attributes that inherently defines the entity. This includes most
properties defined in the entity configuration tabs, although you can view them.
• You can assign a logical ID to each federated entity. The logical ID is a local attribute
associated with the federated entity to uniquely identify it within the Federation.

[Link] | Security Center Administrator Guide 5.2 129

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Federating remote systems

• You can choose what events you want to receive from the federated system. Based on these
events, you can define event-to-actions for the federated entities. The actions can either be
executed on the Federation host or on the federated system.
• You can view their activity and audit trail reports in the Reporting tab.
• You can control the visibility of the federated entities to your local users via partitions.
• You can configure the visual tracking for cameras federated from Omnicast systems.
• You can use them in the configuration of local entities, such as attaching federated cameras
to local entities, or use them to define local alarms and camera sequences.

Exceptions regarding federated alarms

Not all alarm properties are federated. Most properties pertaining to the alarm display in
Security Desk must be configured locally on the Federation host.
The exceptions for federated alarms are the following:
• The alarm schedule follows the original configuration of the remote system. Since schedule
entities are not federated, the default schedule Always is shown instead.
• Alarm priority:
 Omnicast: Original value is not federated. You can redefine it (default=1) locally on the
Federation host.
 Security Center: Original value is federated and cannot be modified.
• Reactivation threshold is an inherent property of the alarm and cannot be modified.
• Entity cycling is a local property to the Federation host. You can change its setting and it will
not affect the federated system.
• Automatic acknowledgement is an inherent property of the alarm and cannot be modified.
• Create an incident on acknowledgement is a local property to the Federation host. You can
change its setting and it will not affect the federated system.
• Automatic video recording is an inherent property of the alarm and cannot be modified.
• Protect recorded video is an inherent property of the alarm and cannot be modified.
• Video display is a local property to the Federation host. You can change its setting and it will
not affect the federated system.
• Alarm procedure (URL):
 Omnicast: Original value is not federated. You can redefine it locally on the Federation
host.
 Security Center: Original value is federated and cannot be modified.
• Attached entities are federated as far as they are federated entities. The list is an inherent
property of the alarm and cannot be modified.
• Alarm recipients must always be configured locally for the Federation host.

[Link] | Security Center Administrator Guide 5.2 130

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Federating remote systems

Related topics:
• "Alarm" on page 355

Federating Omnicast systems

The Omnicast Federation role acts as a proxy between your local clients and the remote
Omnicast system they need to connect to. For the exact versions of Omnicast 4.x systems
supported in this release, see the Security Center Release Notes.

Limitations with Omnicast Federation

Federating an Omnicast system has the following limitations:
• Alarms are federated, but the alarm priority and the alarm procedure must be configured
locally on the Federation host. For more information, see "Exceptions regarding federated
alarms" on page 130.
• Some playback capabilities are not supported on federated cameras. Smooth reverse
playback is not available and the rewind speed is limited to -10x, -20x, -40x, and -100x.
• Camera sequences are federated, but they behave as a single camera on the Federation host.
This means that the users on the Federation host cannot unpack nor stop the camera
cycling on camera sequences ( ) federated from Omnicast.
• Sites ( ) are federated as areas ( ) in Security Center.
• Sites with a Map (URL) property ( ) are federated as areas ( ) with a Web page tile
plugin attached.

Configure an Omnicast federation

Before you begin: The Omnicast Compatibility Pack corresponding to the version of the
Omnicast system you plan to federate must first be installed on the server where the federation
role is to be hosted, and on the client workstation where Config Tool is running. The same
Compatibility pack must also be installed on all secondary servers you plan to assign to the
federation role, and all Security Desk workstations viewing the federated cameras.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view.
3 Click Add an entity ( ), and click Omnicast Federation.
4 From the Server drop-down list, select the primary server for this role.
NOTE The Compatibility pack corresponding to the Omnicast system you wish to federate
must be pre-installed on that server.
5 In the Directory field, enter the name of the Omnicast Gateway connecting you to the
remote Omnicast system.

[Link] | Security Center Administrator Guide 5.2 131

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Federating remote systems

6 In the next two fields, enter the username and password that the federation role is going to
use to log on to the remote Omnicast system.
The rights and privileges of that user determine what your local users will be able to see and
do on the federated remote system.
7 From the Version drop-down list, select the version of the remote Omnicast system.
This drop-down list only shows the Omnicast versions for which a compatibility pack is
installed.
8 In the Federated events section, select the types of event that you want to receive on the
your local system, and click Next.
Events are necessary if you plan to monitor the federated entities in Security Desk, or to
configure event-to-actions for the federated entities.
9 Click Next.
10 Enter the Basic information for this role, and click Next.
All federated entities are created in the partition you select.
11 Confirm the information displayed on the Creation summary page.
12 Click Create, and click Close.
The new federation role ( ) is created.
13 If you plan to host more than 40 Omnicast Federation roles on the same server, you need to
assign a different role group to every 40 roles you create.
For more information, see "Advanced settings for large federations" on page 134.
14 Click the Properties tab, and finalize the role configuration.
For more information, see "Properties" on page 598.
15 Open the Logical view task in Config Tool.
You should see the new federation role ( ) in the Logical view. Expand this entity to see all
the federated entities imported by this role. The entity hierarchy corresponds to the Logical
view on the federated remote system.
For more information, see "Omnicast Federation" on page 596.

[Link] | Security Center Administrator Guide 5.2 132

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Federating remote systems

Federating Security Center systems

The Security Center Federation role acts as a proxy between your local clients and the remote
Security Center system they need to connect to. For the exact version of Security Center
systems supported by the release you have, see the Security Center Release Notes.
1 From the Home page in Config Tool, open the System task.
2 Click Add an entity ( ), and click Security Center Federation.
3 From the Server drop-down list, select the primary server for this role.
4 In the Directory field, enter the Directory server name of the remote Security Center
system.
5 In the next two fields, enter the username and password that the federation role is going to
use to log on to the remote Security Center system, and click Next.
The rights and privileges of that user determine what your local users will be able to see and
do on the federated remote system.
6 Click Next.
7 Enter the Basic information for this role, and click Next.
All federated entities are created in the partition you select.
8 Confirm the information displayed on the Creation summary page.
9 Click Create, and click Close.
The new federation role ( ) is created.
10 If you plan to host more than 100 Security Center Federation roles on the same server, you
need to assign a different role group to every 100 roles you create.
For more information, see "Advanced settings for large federations" on page 134.
11 Click the Properties tab, and complete the role configuration.
For more information, see "Properties" on page 609.
12 Open the Logical view task in Config Tool.
You should see the new federation role ( ) in the Logical view. Expand this entity to see all
the federated entities imported by this role. The entity hierarchy corresponds to the Logical
view on the federated remote system.
For more information, see "Security Center Federation" on page 607.

[Link] | Security Center Administrator Guide 5.2 133

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Federating remote systems

Advanced settings for large federations

On a large scale deployment, Security Center can federate thousands of independent remote
systems. However, there are hardware and software limitations you need to consider.
The number of federation roles you can host on a single server depends on the following:
• Type of federation roles you are hosting.
• Number of federation roles you are hosting.
• Type of computer running Genetec Server. For more information, see Security Center
System Requirements document available at [Link]
Products/[Link].

What is a role group?

When a large number of federation roles are hosted on the same server, they need to be divided
into multiple role groups. All roles belonging to the same role group are executed by the same
process on the same machine. There is a limit to the number of roles a single process can handle.
The following table helps determine how many role groups you need on your server.
NOTE These calculations assume that each federated system (either an Omnicast system or a
Security Center system) has 150 cameras.

Role type Number of federation roles supported on a single server

Single role group Multiple role groups Multiple role groups

(Any hardware (Low and Medium capacity hardware (High capacity
profile) profiles) hardware profile)

Omnicast 40 Contact Genetec Technical Assistance 100

Federation (see "Technical support" on page 878)

Security Center 100 Contact Genetec Technical Assistance 500

Federation (see "Technical support" on page 878)

EXAMPLES
• A single role group can have up to 40 Omnicast Federation roles. Therefore, a high capacity
computer hosting 100 Omnicast Federation roles requires three separate role groups,
divided as follows: 30 roles on the first group, 30 roles on the second group, and 40 roles on
the third group.
• A single role group can have up to 100 Security Center Federation roles. Therefore, a high
capacity computer hosting 500 Security Center Federation roles requires five separate role
groups.

[Link] | Security Center Administrator Guide 5.2 134

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Federating remote systems

Configure the role group

You need to configure the role group for federation roles only when you have a large number of
roles to host on the same server.
1 From the Home page in Config Tool, open the System task.
2 Click the Role view, and select the role entity to configure.
3 Click the Identity tab.
4 In the Name field, type Ctrl+Shift+A.
The Advanced settings appear at the bottom of the tab.
5 Change the Role group if necessary.
To determine how many roles you can put in the same group, see "What is a role group?" on
page 134.
6 Click Apply.

[Link] | Security Center Administrator Guide 5.2 135

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining custom fields and data types

Defining custom fields and data types

This section includes the following topics:
• "Why use custom fields?" on page 136
• "Add a custom field" on page 136
• "Add a custom data type" on page 138
• "Modify a custom data type" on page 139

Why use custom fields?

Custom fields can be added to some types of entities. These fields can be used to collect
additional information. For example, you can add gender, home phone number, and cellphone
as custom fields on a user entity.

Custom fields are also useful for holding additional information when users and cardholders are
imported from your company’s Active Directory. For more information, see "Integrating with
Windows Active Directory" on page 140.

Custom fields can be of any type and you can define them yourself. Once added, the custom field
is available in all database reports and queries. When custom fields contain private information,
you can restrict their access to contain groups of users.

Add a custom field

Before you begin: A custom field can be based on a standard data type or a custom data type.
Custom data types must be created beforehand if they are to be used to create custom fields. For
more information, see "Add a custom data type" on page 138.
1 From the Home page in Config Tool, open the System task.
2 Click the General settings view, then click the Custom fields page.
For more information, see "Custom fields" on page 625.

[Link] | Security Center Administrator Guide 5.2 136

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining custom fields and data types

3 Click at the bottom of the custom field list.

The Add custom field dialog box appears.

4 From the Entity type drop-down list, select the entity type.
5 From the Data type drop-down list, select the data type for this field.
Both standard and custom data types are listed. The standard data types are:
 Text. Alphanumeric text.
 Numeric. Integers in the range -2147483648 to 2147483647.
 Decimal. Real numbers from -1E28 to 1E28.
 Date. Gregorian calendar date and time.
 Boolean. Boolean data, represented by a check box.
 Image. Image file. The supported formats are: bmp, jpg, gif, and png.
 Entity. Security Center entity. Users will have to use the Search tool to set the value for
this type of field. See "Search for entities using the Search tool" on page 43.

[Link] | Security Center Administrator Guide 5.2 137

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining custom fields and data types

6 In the Name field, type the name for this custom field.
7 (Optional) In Default value field, type or select the default value for this field.
8 Depending on the selected data type, the following additional options appear:
 Mandatory. Select it if this custom field cannot be empty.
 Value must be unique. Select it if the value of this custom field must be unique.
NOTE The unique value option can only be enforced after the field is created. To enforce this
option, you must first make sure that all entities in your system have a distinct value for this
custom field, then come back to this tab to apply the unique value option to it.
9 (Optional) Under the Layout section, type the Group name, and select the Priority from
the drop-down list.
These two attributes are used when displaying the field in the Custom fields tab of
associated entity. The group name is used as the group heading, and the priority dictates the
display order of the field within the group.
10 (Optional) Under the Security section, click to add users and user groups that will be
able to see this custom field. By default, only administrative users can see a custom field.
11 Click Save and close.
The new custom field is available in the Custom fields tab of the selected entity type and can be
used in reports. For an example, see Common configuration tabs – "Custom fields" on page 339.

Add a custom data type

Custom data types define a list of values based on a standard data type. Custom data types
appear in a drop-down list in the Custom fields tab of the entity’s configuration page.
1 From the Home page in Config Tool, open the System task.
2 Click the General settings view, then click the Custom fields page.
3 Click the Custom data types tab.
For more information, see System – General settings – "Custom data types" on page 627.
4 Click at the bottom of the custom data type list.
The custom data type creation wizard appears.
5 In the Edit custom data type page, enter the Name, Description, and Type for your custom
data type, and click Next.
6 In the Data entry page, enter a value in the Value field and click .
The entered value is added to the enumerated list.
7 Repeat Step 6 to define all possible values for this data type.
8 When you are finished, click Next, Next, and Close.

[Link] | Security Center Administrator Guide 5.2 138

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining custom fields and data types

Modify a custom data type

Before you begin: You can modify a custom data type even after it is being used in a custom
field. For instance:
• You can rename a custom data type.
• You can add new values to the custom data type.
• You can delete a value as long as it is not used as the default value for a custom field.
If you delete a value that is already being used by an entity, the value of that custom field for
that entity is replaced by its default value.
But there are restrictions:
• You cannot change the standard data type on which the custom data type is based.
• Modifying a value is equivalent to deleting the old value and adding a new value.
NOTE Suppose you have a custom data type with the possible values of A, B, and C, and a
custom field based on this custom data type with A as its default value. If you change the value
C to D in the custom data type, the entities using the value C for this custom field will not see
their values change to D, but to A (the default value).

To modify a custom data type:

• Select it in the Custom data types tab, click , and follow the wizard.

[Link] | Security Center Administrator Guide 5.2 139

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

Integrating with Windows Active Directory

This section includes the following topics:
• "What is Active Directory integration?" on page 140
• "What are the benefits of AD integration?" on page 140
• "How does Active Directory integration work?" on page 141
• "What information can be synchronized with the AD?" on page 142
• "How does synchronization work?" on page 142
• "Import security groups from an Active Directory" on page 143
• "Select which cardholder fields to synchronize with the AD" on page 146
• "Mapping the credential card format to an AD attribute" on page 147
• "Map custom fields to synchronize with the AD" on page 148
• "Resolve conflicts due to imported entities" on page 149
• "Modifying imported users" on page 151
• "Modifying imported cardholders" on page 151
• "Logging on with an Active Directory user" on page 153

What is Active Directory integration?

The integration of Windows Active Directory (AD) into Security Center allows you to manage
all personnel security information from a single location, whether it is for logical security (IT)
or for physical security (control access to physical locations). You can import security groups
from an AD into Security Center as user groups and/or cardholder groups.

Members can be imported as users and/or cardholders. Both standard and custom attributes can
be imported from the AD. Most imported fields can only be modified within the AD and are
read-only in Security Center.
You can import entities from more than one AD if necessary. For example, from Security
Center, you can manage access to a facility shared by multiple companies, such as an office
building. As system administrator, you can import users and/or cardholders from their
individual Active Directories, and manage them in separate partitions.

What are the benefits of AD integration?

Having a centralized security information management system provides many benefits.
• Less data entry means fewer errors and better control during initial Security Center setup,
since users and cardholders can be imported from an existing AD.

[Link] | Security Center Administrator Guide 5.2 140

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

• Consistency and better security since all shared information is entered only once.
 A new user account added to an imported security group automatically adds a new user
and/or cardholder in Security Center.
 A user account that is disabled in the AD automatically disables the corresponding user
and/or cardholder in Security Center.
• Single logon capability for synchronized Security Center users.
Users logged on to Windows do not have to log on to Security Center.

How does Active Directory integration work?

To import users and/or cardholders from one or more ADs, you need to create an Active
Directory role for each AD. The Active Directory role connects your Security Center system to
an Active Directory server, and imports users and/or cardholders from selected security groups.
Imported entities are identified in Security Center by a yellow arrow ( ) superimposed on the
regular entity icon.

Through a process called synchronization, the Active Directory role also keeps all imported
entities up-to-date with changes made on the AD. Another function of the Active Directory role
is to pass the logon credentials of imported users to the AD service for validation.

[Link] | Security Center Administrator Guide 5.2 141

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

How does synchronization work?

All imported entities are synchronized with their source by the Active Directory role. Most of
the attributes imported from the AD are read-only in Security Center, except for a few
cardholder properties (see "Modifying imported users" on page 151 and "Modifying imported
cardholders" on page 151). Imported entities cannot be deleted unless they are deleted from the
AD.
CAUTION If you move a security account from a synchronized AD security group to one that is
not synchronized, it is as though the account ceases to exist in Security Center. The Active
Directory role deletes the corresponding entities (users and/or cardholders) from Security
Center the next time it synchronizes with the AD.

Synchronization is always initiated from Security Center. There are two ways that you can start
synchronization:
• Manually. Synchronization is performed when you explicitly request it. This is the default
setting. The advantage of this approach is that you have perfect control over when you want
the synchronization to be done.
• On schedule. The imported groups are synchronized using a scheduled task. For more
information, see "Using scheduled tasks" on page 109.

What information can be synchronized with the AD?

Both standard and custom Security Center fields can be imported from the AD, and kept
synchronized with the AD. You can choose which user group, user, cardholder group, and
cardholder fields to import from the AD in the Links tab of the Active Directory role.
The standard attributes you can import from the AD are:
• User group
 Name
 Description
 Email address
• User
 Username
 Password
 Description
 Membership in the imported user group
 First name
 Last name
 Email address
 Account status: Active or Inactive

[Link] | Security Center Administrator Guide 5.2 142

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

• Cardholder group
 Name
 Description
 Email address
• Cardholder
 Cardholder name
 Description
 Membership in the imported cardholder group
 First name
 Last name
 Email address
 Partition
 Cardholder picture
 Profile status: Active or Inactive
 Card data
 Card format
 Card number
 Credential name
 Credential partition
 Credential status
 Facility code

Additional attributes are imported from the AD by mapping them to Security Center custom
fields. The Active Directory role keeps all imported fields synchronized with the AD. See "Map
custom fields to synchronize with the AD" on page 148.

Import security groups from an Active Directory

When you import an AD security group, you must import all members of that group. If you
only want to import a subset of its members, for example, only Security Center users, then you
need to define a new AD security group with only the members you wish to import.
IMPORTANT

• If multiple AD’s are to be integrated into Security Center, they must all belong to different
domains.
• If you have servers in your system that are still running an older version of Security Center,
you should upgrade them to the current version before using them to host a new Active
Directory role.

[Link] | Security Center Administrator Guide 5.2 143

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

To import security groups:

1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, then click Add an entity ( ) and select Active Directory.
3 In the Specific info page, do the following:
a From the Server drop-down list, select the server where this role will be hosted.
b In the Active Directory field, enter the hostname or the IP address of the AD server.
NOTE If encrypted communication is used, the default port is 636. If you selected a
different port, you need to append it to the AD server name, separated by a colon (‘:’),
c Specify how you want the role to connect to the AD server.
With both choices, you must have read access to the selected AD service.
 Use the Windows credentials assigned to the Genetec Server service running on the
server hosting the Active Directory role.
 Specify a different set of Windows credentials (username, password).
4 In the Basic information page, enter the name, description, and partition where the Active
Directory role will be created.
For more information, see "Common entity attributes" on page 38.
5 Click Next, Create, and Close.
A new Active Directory role ( ) is created. Wait a few seconds for the role to connect to
the AD server.
6 In the Properties tab, select the AD security groups to import.
NOTE There are two types of groups in Windows Active Directory: distribution groups and
security groups. Security Center can only synchronize with security groups.
a Click Add an item ( ).

[Link] | Security Center Administrator Guide 5.2 144

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

b Select the security groups to add to your Active Directory role.

Use one of these two methods:
 (Recommended) Type text in Find Active Directory groups, and click .
If the text you entered matches a single group, it is automatically added to the Selected
groups list.
If the text you entered matches multiple group names, a second dialog box will appear
listing all the group names that match the text you entered.
Select the ones you want, and click OK to add them to the Selected groups list.
 Under the Selected groups list, click ( ).
The Active Directory members dialog box appears.
Select a security group, and click OK. Only security groups can be synchronized. If
you selected an item that is not a security group, the OK button remains disabled.
NOTE The names shown in that dialog box are display names. Security Center only
synchronizes the account names because they are guaranteed to be unique. Typically, the
display names and the account names are the same. The only way to tell them apart is that
the display names contain spaces.
c Repeat the previous step as often as necessary until all security groups you wish to
synchronize with the AD are listed in Selected groups, then click OK.
The selected groups are listed under Synchronized groups in the Properties tab. For more
information about the Properties tab, see Active Directory – "Properties" on page 521.
7 For each of the synchronized groups, specify how you want to import them.

You have the following options:

 As user group. Select this option to import the synchronized group as user group, and the
group members as users.
 Create user on first logon. This is the default option, and it creates an empty user group.
User entities will only be created when someone tries to log on with it. It avoids having to
create all user entities at once, which can freeze up the system.
If you clear this option, all user entities will be created at the same time as a user group.

[Link] | Security Center Administrator Guide 5.2 145

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

 As cardholder group. Select this option to import the synchronized group as cardholder
group, and the group members as cardholders. There is no delayed creation for
cardholders. All synchronized cardholders are created at once.
 Import credentials. Select this option to import the credential information of the
synchronized cardholders
8 If you are importing the AD security group as cardholder group, select which cardholder
fields you want to synchronize with the AD. See "Select which cardholder fields to
synchronize with the AD" on page 146.
9 (Optional) "Map custom fields to synchronize with the AD" on page 148.
10 Click Apply, and then click Synchronize now ( ).
All synchronized groups and their members are imported as Security Center entities according
to your specifications, with a yellow arrow ( ) superimposed on their icon.
After you are done: Some additional configuration might be required, depending on what you
synchronized with the AD:
• If you already had entities configured in your system, you might need to resolve some
conflicts due to the import. See "Resolve conflicts due to imported entities" on page 149.
• (Optional) Configure the imported user groups with proper privileges and security options
so when new user entities are created, they can automatically inherit those properties from
their parent user group. For more information, see "Defining user groups" on page 96.
• (Optional) Configure the imported cardholders and cardholder groups. For more
information, see "Configuring cardholders and cardholder groups" on page 286.
• (Optional) Create a scheduled task to synchronize imported entities with the AD on a
regular basis. For more information, see "Create a scheduled task" on page 109.
After you create a scheduled task, the warning message No scheduled task exists to
synchronize this role disappears from the Properties tab.

Select which cardholder fields to synchronize with the AD

Before synchronizing with the AD, you need to select which cardholder attributes you want to
import from the AD by mapping them to Security Center fields in the Links tab of the Active
Directory role. The mapping can be different for each Active Directory role in your system.

[Link] | Security Center Administrator Guide 5.2 146

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

To map AD attributes to cardholder fields:

1 From the Links tab of the Active Directory role, click Add an item ( ).

2 Select a Security Center cardholder field and an AD attribute, and then click OK.
IMPORTANT The data type of the Security Center field must match that of the AD attribute:
text with text, decimal with decimal, date with date, and so on. The Security Center image
data type must be mapped to the AD binary data type, and the mapped AD attribute must
contain a valid JPEG image.
The new mapping appears in the Links tab. For more information about the Links tab, see
"Links" on page 522.
3 Repeat the previous steps as needed.
4 If you are importing cardholder credential fields, do the following in the Links tab:
 From the Card format drop-down list, select the default card format to use for the
imported cardholder credentials when the card format property is either not mapped to
an AD attribute, or when the mapped attribute is empty. See also "Mapping the credential
card format to an AD attribute" on page 147.
 From the Badge template drop-down list, select a default badge template to use for the
imported cardholder credentials.
5 Click Apply.
The mapped cardholder fields are displayed in the Links tab. When you synchronize with the
AD, most of them are read-only.

Mapping the credential card format to an AD attribute

If you decide to map the credential Card format property to an AD attribute, that attribute must
contain either a numeric value (for standard card formats) or the exact card format name (text).

[Link] | Security Center Administrator Guide 5.2 147

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

The following table shows you the numeric value and the text value corresponding to each of the
standard card formats supported by Security Center, and their descriptions.

Number Format name (Text) Facility code range Card number range

0 Standard 26 bits 0 to 255 0 to 65 535

1 HID H10306 34 Bits 0 to 65 535 0 to 65 535 (also known as “Card

ID Numbers”)

2 HID H10302 37 Bits Not required 0 to 34 359 738 367

3 HID H10304 37 Bits 0 to 65 535 0 to 524 287

4 HID Corporate 1000 0 to 4095 (also known as 0 to 1 048 575 (also known as “Card
“Company ID Code” ID Numbers”)

For custom card formats, you must use the exact spelling used to create the custom card format.
For more information, see "Custom card format editor" on page 676.

Map custom fields to synchronize with the AD

In addition to default attributes, you can import other attributes from the AD by mapping them
to Security Center custom fields. The custom field mapping can be different for each Active
Directory role in your system.
Before you begin:
• The workstation where Config Tool is running must be on the same network domain as the
AD server.
• The custom fields that will receive data from the AD must be defined beforehand. For more
information, see "Defining custom fields and data types" on page 136.
• No more than 32 custom fields can be mapped to the AD.

To map custom fields, do the following:

1 From the Links tab of the Active Directory role, click Add an item ( ).

[Link] | Security Center Administrator Guide 5.2 148

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

2 Select the custom field and the AD attribute, and then click OK.
IMPORTANT The data type of the custom field must match that of the AD attribute: text with
text, decimal with decimal, date with date, etc. The Security Center image data type must be
mapped to the AD binary data type, and the mapped AD attribute must contain a valid JPEG
image.
The new mapping appears in the Links tab. For more information about the Links tab, see
"Links" on page 522.
3 Repeat the previous steps as needed.
4 Click Apply.
The mapped custom fields are displayed in the Links tab. When you synchronize with the AD,
they are read-only.

Resolve conflicts due to imported entities

Conflict resolution might be necessary if you have existing entities (users and/or cardholders) in
your database prior to importing entities from the AD. When a synchronized entity has the same
name as a local entity, the Active Directory role sees it as a potential conflict. You can use the
Conflict resolution tool to merge local entities with synchronized ones, by copying the non-
synchronized fields from the local entity to the synchronized entity ( ). The relationships the
local entity had with other entities in the system are also copied. When the merge is complete,
the local entity is deleted, eliminating duplicate entities.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and select the Active Directory role ( ) from the entity browser.
3 In the Contextual command bar, click Conflict resolution ( ).

[Link] | Security Center Administrator Guide 5.2 149

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

The Active Directory conflict resolution dialog box appears. All synchronized entities are
listed to the left. The ones that conflict with a local entity are flagged in green.

4 Select a conflicting entity from the Synchronized entities list.

All local entities that can be merged with the imported entity are listed to the right. Do one
of the following:
 Select No selection if you do not wish to merge it with a local entity.
 Select the local entity to be merged with the imported entity.
5 Repeat the previous step for all synchronized entities flagged in green.
6 Click Finish to save the conflict resolution decisions to a file on disk.
The default file name is Conflict_Manifest.data. Be sure to save the file to a location that can
be accessed from your main server and all servers hosting the Access Manager role.
7 (Optional) If you have user conflicts to resolve, apply the conflict manifest to your Directory
database.
a Connect to the Server Admin of your main server with a Web browser. For more
information, see "Open Server Admin using Internet Explorer" on page 48.
b In the Directory tab, under the Database group, click Resolve conflicts ( ).
c In the dialog box that appear, browse to the Conflict_Manifest.data file.
d Click Resolve conflicts, then click Back up.
The conflict resolution status is shown in a independent dialog box.
8 (Optional) If you have cardholder conflicts to resolve, apply the conflict manifest to your
Directory database and your Access Manager database.

[Link] | Security Center Administrator Guide 5.2 150

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

a Select your Access Manager role from the Roles view of the System task.
b Click the Resources tab, and click Resolve conflicts ( ).
c In the dialog box that appears, browse to the Conflict_Manifest.data file.
d Click Resolve conflicts, then click Back up.
The conflict resolution status is shown in a independent dialog box.
After conflict resolution, all synchronized entities that are merged with a local entity inherit
their local properties, and all merged local entities are deleted.

Modifying imported users

If you have users that are imported from an Active Directory, you can set the user’s status to
inactive. The user becomes desynchronized from the AD until you activate the user again.
1 From the Home page in Config Tool, open the Security task.
2 Select an imported user ( ), and click the Properties tab.
3 Set the User status option to Inactive.
• Click Apply.
The user is no longer synchronized with the AD. It will only become synchronized again once
you set the user’s status to Active.

Modifying imported cardholders

If you have cardholders that are imported from an Active Directory, there are a few cardholder
properties that you can modify in Security Center, such as the cardholder’s status or their
picture.
This section includes the following topics:
• "Assign pictures to imported cardholders" on page 151
• "Assign temporary cards to imported cardholders" on page 152
• "Modify the status of imported cardholders" on page 152

Assign pictures to imported cardholders

You can assign a picture to the imported cardholder from Security Center, and then
synchronize the picture with the Active Directory.
1 From the Cardholder management task, assign a picture to the cardholder.
For more information, see “Assign a picture to the cardholder” in the Security Desk User
Guide.
2 From the Home page, open the System task.
3 Select the Active Directory role, and then click the Links tab.

[Link] | Security Center Administrator Guide 5.2 151

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

4 Select the Upload pictures to Active Directory option.

5 Click Apply.
6 Click the Properties tab, and then click Synchronize now.
NOTE If Security Center synchronizes with the AD based on a scheduled task, then the next
time the synchronization occurs, the new cardholder picture is synchronized with the AD.

Assign temporary cards to imported cardholders

If an imported cardholder forgets or loses their card, you can assign them a temporary card in
the Cardholder management task. When you assign them a temporary card, their credential
becomes greyed out in Config Tool until the card is returned. For more information about
assigning or returning temporary cards, see “Assign a temporary card to a cardholder” in the
Security Desk User Guide.

Modify the status of imported cardholders

You can modify the status and expiration date of an imported cardholder in Security Center.
The cardholder becomes desynchronized from the AD.
1 From the Home page in Config Tool, open the Access control task.
2 Select an imported cardholder ( ), and click the Properties tab.
3 In the Status section, move the slider from Keep synchronized to Override.

[Link] | Security Center Administrator Guide 5.2 152

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

4 Set the cardholder’s status and expiration date:

 Status. Set the cardholder status to Active or Inactive.
If the cardholder status is inactive, then the credentials assigned to the cardholder do not
work, and the cardholder does not have access to any area.
 Activation. Displays the current date.
 Expiration. Set the cardholder to expire Never, on a specific date, or after a specified
number of days after the first use.
• Click Apply.
The cardholder is no longer synchronized with the AD. It will only become synchronized again
once you set the cardholder’s status to Keep synchronized.

Logging on with an Active Directory user

This section includes the following topics:
• "Log on with Windows credentials" on page 153
• "Log on in an multiple AD integration scenario" on page 153

Log on with Windows credentials

When you’re signed on to Windows using an account that happens to be synchronized with
Security Center, you can log on to Security Center without having to retype your username and
password.
• In the Security Center logon dialog box, select the option Use Windows credentials and
click Log on.

Log on in an multiple AD integration scenario

If multiple ADs are integrated into your system, you must to specify the Windows domain
name with your username (for example genetec\dtsiang) when you log on to Security Center

[Link] | Security Center Administrator Guide 5.2 153

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Integrating with Windows Active Directory

using the basic authentication method. This is to let Security Center know which AD service to
call for the validation of your credentials.

TIP If you are already signed on to Windows using the account that is synchronized to your
Security Center user, then use the single logon option instead. For more information, see "Log
on with Windows credentials" on page 153.

[Link] | Security Center Administrator Guide 5.2 154

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing intrusion panels

Managing intrusion panels

Intrusion panels (also known as alarm panels) can be integrated to Security Center for
centralized monitoring, control, and reporting. This allows you to monitor the status of each
zone in real time, generate detailed activity reports and arm/disarm zones (or partitions)
defined on those intrusion panels through Security Desk.
This section includes the following topics:
• "How are intrusion detection panels represented in Security Center?" on page 155
• "What does the Intrusion Manager role do?" on page 156
• "Enroll an intrusion panel" on page 156
• "Edit intrusion detection unit peripherals" on page 158
• "Create an intrusion detection area" on page 159

How are intrusion detection panels represented in Security Center?

Intrusion detection panels and other intrusion detection concepts are represented in Security
Center by the following entity types:
• Intrusion detection unit. Represents an intrusion panel that is monitored and controlled
by Security Center. Each intrusion panel can control multiple zones (or group of sensors).
For more information, see "Intrusion detection unit" on page 427.
• Intrusion detection area. Corresponds to an area (also known as a partition or zone)
configured on an intrusion panel. Intrusion detection areas are monitored in Security Desk.
Users can perform the following actions on these areas:
 Master arm. Arming an intrusion detection area so that all sensors attributed to the area
set off the alarm if triggered. Some manufacturers call this arming mode “Away arming”.
 Perimeter arm. Arming an intrusion detection area so that only sensors attributed to the
perimeter of that area set off the alarm. Other sensors such as motion sensors inside that
area will be ignored.
 Disarm. Tells the intrusion panel to ignore all sensors attributed to this area. If an alarm
is set off by this area, disarming it also turns the alarm off.
For more information, see "Intrusion detection area" on page 425.
For a list of intrusion detection panels supported in Security Center, see the Security Center
Release Notes.

[Link] | Security Center Administrator Guide 5.2 155

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing intrusion panels

What does the Intrusion Manager role do?

The Intrusion Manager role is responsible for the integration of intrusion panels with Security
Center. It listens to the events reported by the intrusion panels, provides live reports to Security
Desk, and logs the events in a database for future reporting.
The Intrusion Manager also relays user commands to intrusion panels such as arm/disarm
intrusion detection areas, and triggering panel outputs through event-to-actions.

Creating an Intrusion Manager role

The Intrusion Manager role is not created by default. For instructions on how to create a role,
see "Create a role entity" on page 50.
Best practice: It is recommended to run the intrusion panels and Intrusion Manager role on a
secure network to prevent hackers from attempting to control the intrusion panels from outside
by sniffing your network.

Limitations of the Intrusion Manager role

For purposes of failover, the Intrusion Manager can be assigned to more than one server.
However, if your intrusion panel is directly connected to your server via a serial port, failover is
not supported. For more information, see"Configure failover for roles" on page 64.

Enroll an intrusion panel

Before you begin: The Intrusion Manager role responsible for the intrusion panel must be
created first. If the intrusion panel is going to be controlled via serial port, it should be
connected to the server hosting the Intrusion Manager role. For additional information, see:
• "How Bosch intrusion panel integration works" on page 813
• "How Galaxy Dimension control panel integration works" on page 815
Enrolling an intrusion panel allows you to monitor and control its areas (or zones, or
partitions) from Security Desk.
1 From the Home page in Config Tool, open the Intrusion detection task.
2 In the Contextual commands toolbar, click Add an entity ( ) > Intrusion detection unit.
3 In the intrusion detection unit creation wizard, enter the Basic information for this unit,
and click Next.
4 From the Intrusion Manager drop-down list, select the role that will be managing this unit.
5 From the Unit type drop-down list, select the unit manufacturer.
6 From the Interface type drop-down list, select IPv4 or Serial.
 If you selected IPv4, type the IP address and port numbers that are configured on the
unit.
 If you selected Serial, type the COM port used to connect the unit to Security Center.

[Link] | Security Center Administrator Guide 5.2 156

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing intrusion panels

NOTE The choice of interface type cannot be changed after the entity has been created. If you
choose to use the serial interface, the Intrusion Manager will not support failover.
7 Click Next.
8 Click Create, and click Close.
A new intrusion detection unit entity is created. For certain types of intrusion panels (such
as Bosch), the Intrusion Manager automatically creates intrusion detection areas (also
known as zones or partitions) configured on the panel for you. These entities appear in the
Logical view.
9 Click the Properties tab, and configure the unit specific settings.
For more information, see "Properties" on page 428.
10 Click the Peripherals tab, and assign logical names, IDs, and descriptions to the input and
output devices controlled by the unit. This is also where you define whether the input is an
interior or perimeter input and its normal contact state.
For more information, see "Edit intrusion detection unit peripherals" on page 158.
11 Configure the intrusion detection areas controlled by this unit.
a If the intrusion detection areas are automatically created by the Intrusion Manager, they
are found under the root of the Logical view task. For more information, see "Intrusion
detection area" on page 425.
b If the Intrusion Manager did not create the intrusion detection areas automatically, you’ll
need to create them manually. For more information, see "Create an intrusion detection
area" on page 159.

[Link] | Security Center Administrator Guide 5.2 157

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing intrusion panels

Edit intrusion detection unit peripherals

You can assign a meaningful name, a logical ID, and a description to each device connected to
the intrusion detection unit, so you can easily identify those devices in Security Center.
Depending on the configuration of your physical intrusion unit, you might also need to define
the inputs as Perimeter or Interior, as well as the normal contact state (open or closed).
WARNING The configuration of Interior versus Perimeter inputs must be set if the physical
intrusion panel itself has been configured to differentiate between interior and perimeter inputs.
NOTE The physical name of the device can only be changed on the panel itself.
1 In the Peripherals tab of an intrusion detection unit entity, select a device in the list.
2 Click .
3 In the dialog box that appears, enter the Name, Logical ID, and Description for that device.
4 Set the Input type to either Perimeter or Interior (if the physical intrusion unit is
configured as such)
5 Set the Contact type as either Normally open or Normally closed.
6 Click OK

7 Repeat Step 1 to Step 3 as necessary.

8 Click Apply.

[Link] | Security Center Administrator Guide 5.2 158

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing intrusion panels

Create an intrusion detection area

Before you begin: Intrusion detection unit must be enrolled before you can create areas.
If the intrusion detection areas weren’t automatically created after the intrusion detection unit
was enrolled, you’ll have to create the areas manually.
1 From the Home page in Config Tool, open the Logical view task.
2 In the Contextual commands toolbar, click Add an entity > Show all > Intrusion
detection area.
3 In the intrusion detection area creation wizard, enter the Basic information for this area,
and click Next.
4 From the Intrusion detection unit drop-down list, select the unit on which this area is
defined.
5 Under Intrusion detection area unique ID, enter the ID or name of the area as it is
configured on the intrusion panel.
6 Click Next, Create, then Close.
A new intrusion detection area entity is created. For more information, see "Intrusion detection
area" on page 425.

[Link] | Security Center Administrator Guide 5.2 159

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing zones

Managing zones
The concept of a zone is borrowed from the world of alarm panels, in which electric inputs are
associated with zones to trigger specific alarms.
This section includes the following topics:
• "What is IO linking?" on page 160
• "What is a zone?" on page 160
• "About zone management roles" on page 161
• "Creating zones" on page 161
• "Which type of zone works best for me?" on page 163

What is IO linking?
IO linking is the control of specific output relays based on the combined result of a specific set
of electric inputs. Each input can be connected to a specific monitoring device, such as a motion
sensor, a smoke detector, a door or window contact, and so on.
EXAMPLE A standard application is the linking of a glass break sensor on a window connected
to an input pin on a unit that sounds a buzzer (via an output relay) when that window is
shattered.

What is a zone?
The concept of IO linking is represented by the zone entity in Security Center.
Since everything is controlled by software, a zone entity can do a lot more than just IO linking.
The idea of using inputs to trigger output relays is expanded to trigger events. Using the event-
to-action mechanism, these events can in turn be used to trigger alarms, send emails, start
camera recording, and so on.
Therefore, in Security Center, a zone is used to monitor a set of inputs in order to trigger events
based on their combined states. These events can be used to trigger output relays or trigger other
actions on the system.
TIP You can define custom events to correspond to each of the special input combinations. For
more information, see "What is a custom event?" on page 106.

When do I arm and disarm a zone?

The event triggers associated with a zone can be activated all at once by arming the zone, or
deactivated all at once, by disarming it. A zone can be armed by software (using an action
command or according to a schedule), or via hardware (for units that support this feature).

[Link] | Security Center Administrator Guide 5.2 160

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing zones

What is a hardware zone?

A hardware zone is a subtype of the zone entity where the IO linking is done by hardware. This
entity type called simply zone in Synergis 2.x and in Security Center 3 and 4.
A hardware zone is controlled by a single access control unit. Hardware zones cannot be armed
or disarmed from Security Desk or via software commands. However, once an access control
unit has been configured via Security Center, it can make decisions on its own without being
connected to or controlled by Security Center.

What is a virtual zone?

A virtual zone is a subtype of the zone entity where the IO linking is done by software. The input
and output devices are linked by software, and can belong to different units of different types,
such as video units and intrusion detection units.
A virtual zone is controlled by the Zone Manager role and can only work online. This means
that the units whose inputs and outputs are linked via the zone must be in constant
communication with Security Center for the zone to work.
Because virtual zones are solely controlled by software, you can use Security Desk to arm/
disarm a virtual zone, and use the Arm zone and Disarm zone actions in those contexts where
those actions are permitted in Security Center.

About zone management roles

Zones are managed by two different types of roles in Security Center. Before creating a zone, you
must first ensure that the appropriate role is configured.
• Hardware zones are managed by the Access Manager role.
The Access Manager is created by default when Synergis is enabled in your software license.
For more information, see "Configuring the Access Manager role" on page 263.
• Virtual zones are managed by the Zone Manager role.
The Zone Manager is created by default. For information on its specific settings, see "Zone
Manager" on page 614.

Creating zones
The creation procedures for a hardware zone and a virtual zone are different. Once the zone has
been created, you cannot change its type.

[Link] | Security Center Administrator Guide 5.2 161

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing zones

Create a hardware zone

Before you begin: The access control unit used to control the zone must be added to your
system and managed by an Access Manager role.
A hardware zone allows you to program the IO linking behavior on an access control unit so it
can operate on its own even when the unit is not connected to the Access Manager.
1 From the Home page in Config Tool, open the Logical view task.
2 In the Contextual commands toolbar, click Add an entity , and click Zone.
3 In the zone creation wizard, enter the Basic information for this zone, and click Next.
4 In the Zone information page, click Zone.
5 From the dialog box, select the access control unit for this zone and click OK.
6 Click Create, and click Close.
A new hardware zone entity is created.
7 Click the Properties tab, and configure how inputs are to be evaluated.
For more information, see "Properties" on page 507.
8 Click the Arming tab, and configure how this zone should be armed.
For more information, see "Arming" on page 508.
9 Click the Cameras tab, and configure any zone monitoring camera.
For more information, see "Cameras" on page 338.
After you are done: Try out your zone and verify the generated events with the Zone activities
report. For more information about the Zone activities report, see the Security Desk User Guide.

Create a virtual zone

Before you begin: The Zone Manager role responsible for the zone must be configured. For
information on its specific settings, see "Zone Manager" on page 614.
A virtual zone allows you to turn monitoring on/off the various input devices (sensors,
switches, and so on) on your system via Security Desk and to use them to trigger events.
1 From the Home page in Config Tool, open the Logical view task.
2 In the Contextual commands toolbar, click Add an entity , and click Zone.
3 In the zone creation wizard, enter the Basic information for this zone and click Next.
4 In the Zone information page, click Virtual zone.
If you have multiple Zone Manager roles, you are prompted to select one.
5 Click Create, and click Close.
A new virtual zone entity is created.
6 Click the Properties tab, and configure how inputs are to be evaluated.
For more information, see"Properties" on page 511.
7 Click the Arming tab, and configure its arming schedule and delays.

[Link] | Security Center Administrator Guide 5.2 162

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing zones

For more information, see "Arming" on page 512.

8 Click the Cameras tab and configure any zone monitoring camera.
For more information, see "Cameras" on page 338.
After you are done: Arm your zone in Security Desk and test your configuration. For more
information, see zone-related tasks in Genetec Security Desk User Guide.

Which type of zone works best for me?

Hardware zones are recommended when quick response and offline operations are crucial for
your security system. In all other situations, virtual zones offer the same functionality but with
greater flexibility.
The table below will help you make you decide.

Table 6-1: Differences between hardware and virtual zones

Characteristics Hardware zone Virtual zone

Role Access Manager Zone Manager

IO linking (inputs) All inputs must be from the same Can combine inputs from any
access control unit unit of any type

IO linking (outputs) All outputs must be from the same Can trigger outputs on any unit
unit as the inputs of any type

Operation mode Offline and mixed mode Online mode only

Arm/disarm via Security No Yes

Desk

Arm/disarm via actions No Yes

Arm/disarm via key switch Yes (the key switch must be wired No
to an input pin on the same access
control unit)

Arm/disarm on schedule Yes (only one schedule at a time, Yes (multiple schedules can be
and cannot be combined with the specified)
key switch approach)

Trigger other actions Yes (only in mixed mode) Yes

Zone activity report Yes Yes

Recommended when The unit is sometimes dis Zone arming/disarming needs

connected from the system to be controlled via software

[Link] | Security Center Administrator Guide 5.2 163

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Supporting cross-platform development

Supporting cross-platform development

Security Center supports cross-platform development.
This section includes the following topics:
• "What does the Web-based SDK role do?" on page 164
• "Using the Web-based SDK" on page 164

What does the Web-based SDK role do?

The Web-based SDK role exposes the Security Center SDK methods and objects as Web services
so developers on platforms other than Windows (for example Linux) can write custom programs
to interact with Security Center.
For more information, see "Web-based SDK" on page 611.

Using the Web-based SDK

Genetec Professional Services can help you develop the custom solution you need. To find out
more, contact your sales representative, or call us at one of our regional offices around the
world.
To contact us, visit our Web site at [Link].

[Link] | Security Center Administrator Guide 5.2 164

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Creating tile plugins

Creating tile plugins

You can create a tile plugin that links to a Web site or a map file (a compiled .dll file), that you
can view and interact with in Security Desk.
This section includes the following topics:
• "Create a tile plugin that links to a Web site" on page 165
• "Create a tile plugin that links to a map file" on page 165

Create a tile plugin that links to a Web site

You can create a tile plugin that links to a Web site that contains a map, which you can interact
with when the tile plugin is displayed in Security Desk.
For more information about tile plugins, see "Tile plugin" on page 484.
1 From the Home page in Config Tool, open the Logical view task.
2 Click Add an entity ( ) > Tile plugin.
3 In the Creating a tile plugin wizard, enter the entity name and description.
4 If there are partitions in your system, select the partition the tile plugin is a member of, and
click Next.
For more information, see "Partition" on page 451.
5 In the Tile plugin information page, select Web site.
6 Click Next > Close.
The tile plugin appears in the Logical view with a Web site icon ( ).
7 Select the tile plugin, and click the Properties tab.
8 In the Web page option, type a Web address.
TIP Select a URL that can be reached from all Security Desk workstations.
9 Click Apply.

Create a tile plugin that links to a map file

You can create a tile plugin that links to a .dll or .xaml file that contains a map, which you can
interact with when the tile plugin is displayed in Security Desk.
Before you begin: The map file must be created and located on your local computer. For more
information about how to map files are created, see "Tile plugin" on page 484.
1 From the Home page in Config Tool, open the Logical view task.
2 Click Add an entity ( ) > Tile plugin.
3 In the Creating a tile plugin wizard, enter the entity name and description.

[Link] | Security Center Administrator Guide 5.2 165

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Creating tile plugins

4 If there are partitions in your system, select the partition the tile plugin is a member of, and
click Next.
For more information, see "Partition" on page 451.
5 In the Tile plugin information page, select Tile plugin.
6 In Windows, select the .dll file that the tile plugin will link to, and click Open.
7 Click Next > Close.
The tile plugin appears in the Logical view with the default tile plugin icon ( ).
8 Select the tile plugin, and click the Properties tab.
9 To select another map file, click Modify, and select another .dll file.
10 Click Apply.

[Link] | Security Center Administrator Guide 5.2 166

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 7
Troubleshooting
This part explains how to maintain and troubleshoot your Security Center system, such as
verifying your system configurations, monitoring the health of your system, troubleshooting
entity states, and so on.
NOTE For specific tasks related to video or access control maintenance and troubleshooting, see
Chapter 9, “Managing Omnicast” on page 224 and Chapter 11, “Managing Synergis” on page 299.
This section includes the following topics:
• "Viewing system messages" on page 168
• "Viewing system health events" on page 170
• "Monitoring the status of your system" on page 177
• "System status task" on page 172
• "Monitoring the status of your system" on page 177
• "Troubleshooting entity states" on page 179
• "Diagnosing entities" on page 180
• "Finding out who made changes on the system" on page 181
• "Investigating user related activity on the system" on page 182
• "Viewing properties of units in your system" on page 184

[Link] | Security Center Administrator Guide 5.2 167

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing system messages

Viewing system messages

If you receive messages from the system, you can review them from the notification tray, and
diagnose the trouble entities.
You can receive three types of messages from the system:
• Health issues
• Warnings
• Messages
NOTE System messages are not the same as health events related to entities. Health events can
be health issues, but health issues are not necessarily health events. For more information about
health events, see "Viewing system health events" on page 170.
For more information about diagnosing trouble entities, see “Diagnose role problems” in the
Security Center Administrator Guide"Diagnose role problems" on page 51.

To view system messages:

1 In the notification tray, double-click the System messages ( ) icon.
2 In the Health issues tab of the Notifications dialog box, do one of the following:
 From the Sort by drop-down list, select how to display the health issues. You can sort
them alphabetically by health event type, event timestamp, machine (computer name),
or source (entity name).
 Click an entity to open its configuration pages in Config Tool, to diagnose the entity.
 Click in a row to launch a Health history task (see "Viewing system health events" on
page 170).
 Click Refresh to update the content displayed in the Health issues tab.

[Link] | Security Center Administrator Guide 5.2 168

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing system messages

3 In the Warnings ( ) tab, do one of the following:

 Click an entity to open its configuration pages in Config Tool.
 Click Details ( ) to open the diagnostic window, which provides additional details
about the warning.
From this window you can save the warning as a text file, or click Refresh to rerun the
diagnostic tests.
4 In the Messages ( ) tab, select a message, and do one of the following:
 Click Copy to clipboard to copy the selected message to the clipboard.
 Click clear to delete the selected messages.
 Click Clear all to clear all messages.
5 Click to close the Notification dialog box.

[Link] | Security Center Administrator Guide 5.2 169

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing system health events

Viewing system health events

You can view system health events related to selected entities within a specified time range, using
the Health history report.

There are three severity levels of health events:

• Health errors
• Warnings
• Information
Almost every entity in your system can generate health events. You can choose which health
events to monitor by configuring the Health monitor role in Config Tool. For information, see
“Configure health events to monitor” in the Security Center Administrator Guide"Configure
health events to monitor" on page 79.
NOTE Health events also appear in the notification tray as system messages ( ) as they occur
in real time (see "Viewing system messages" on page 168).

To view system health events related to an entity:

1 From the Home page, open the Health history task.
2 Set up the query filters for your report (see "Query filters" on page 718).
3 To include current health events in the report, click the Show current health events
heading.
When the heading is enabled, it appears as On .
4 Click Generate report.
The health events of the selected entities are listed in the report pane. For information about
the report columns available, see "Report pane columns" on page 730.
EXAMPLE If an entity is experiencing issues, you can search for past health events that have
occurred in relation to that entity. If you want to search if there were critical errors that
happened in the system during the last week, you can filter you search only for errors, and set a
time range.

[Link] | Security Center Administrator Guide 5.2 170

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing the health status and availability of entities

Viewing the health status and availability of entities

You can monitor the overall health of your system, using the Health statistics report.

By monitoring the health and availability of certain resources such as server roles, video units,
door controllers, intrusion detection panels, and so on, you can identify instabilities, and even
prevent critical system failures.
One of the important fields in the Health statistics report is the Availability of a given entity.
Availability is expressed as a percentage.

To view the health status and availability of an entity:

1 From the Home page, open the Health statistics task.
2 Generate your report (see "Generating reports" on page 44"Generate a report" on page 30).
The health statistics for the selected entities are listed in the report pane. For information
about the report columns available, see "Report pane columns" on page 730.
If health statistics could not be calculated for a given role or entity, the reason is shown in
the Calculation status column of the report pane:
 One or more events used to calculate availability are currently disabled. The system
administrator needs to select which health events to monitor in the Config Tool. For
more information, see “Health Monitor” in the Security Center Administrator
GuideHealth monitor - "Properties" on page 565.
 One or more servers from the system are offline. The server hosting the selected role is
offline, therefore, the health statistics cannot be calculated for the role.
EXAMPLE A door controller called Gym was down four times over the last week, producing
90.72% availability. From the report results, you can see that this door controller is a potential
concern, and have a maintenance crew come and look at the door.

[Link] | Security Center Administrator Guide 5.2 171

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System status task

System status task

Use the System status task to monitor the current status of different types of entities and
investigate health issues they might have.
The following figure shows the System status task. For information about monitoring the system
status, see "Monitoring the status of your system" on page 177.

C
D

A Entity types you can monitor.

B Type of issues that you can monitor.
C The entity statuses are listed in the report pane.
D Print the report, export the report, or select which columns to display. For more information, see
"Reports" on page 41"Working with reports" on page 29, and "Report pane columns" on page 730.
E Entity-specific commands. For more information about the commands available for different
entity types, see "Widgets" on page 33.

[Link] | Security Center Administrator Guide 5.2 172

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System status task

System status task columns

In the System status task, you can monitor the current status of different types of entities and
investigate the health issues that they might have.
The following table lists the columns that are displayed for each entity type in the Monitor drop-
down list.

Entity Columns Description

Access control units Entity Unit name

Health Online, Offline, or Warning

IP address IP address of the unit

Sync Synchronization status

AC fail Yes () or No (blank)

Battery fail Yes () or No (blank)

Firmware Firmware version of the unit

Tampered Indicates whether the unit has been tampered with

Yes () or No (blank)

Analog monitors Entity Analog monitor name

Logical path List of all parent areas, starting from the system entity.
If the analog monitor has multiple parent areas, “*\” is
shown as the path.

Health Online, Offline, or Warning

Connected entity Name of the cameras currently displayed in the

analog monitor

Applications Entity Type of application (Config Tool or Security Desk)

Source Machine it is running on

Username Name of the user who is connected

Version Software version of the client application

[Link] | Security Center Administrator Guide 5.2 173

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System status task

Entity Columns Description

Areas Entity Area name

Logical path List of all parent areas, starting from the system entity

Health Online, Offline, or Warning

Threat level Indicates if a threat level is currently activated on the

selected area, along with the threat level name. If no
threat level is set, the column is blank.

Security clearance (Only visible to administrative users) Indicates the

minimum security clearance level required from
cardholders to access this area, on top of the
restrictions imposed by the access rules

People count Working () or Not working (blank)

Antipassback Hard, Soft, or None (no antipassback)

Interlock Working () or Not working (blank)

Priority Interlock input priority: Lockdown or Override

Tampered Indicates whether a unit in the area has been

tampered with. Yes () or No (blank)

Cameras Entity Camera name

Logical path List of all parent areas, starting from the system entity.
If a camera has multiple parent areas, “*\” is shown as
the path.

Health Online, Offline, or Warning

Recording Recording state

Analog signal Lost, Available, or Unknown (IP cameras)

Blocked Indicates if the camera is currently blocked from

some users. Blocked (), or not blocked (blank)

Doors Entity Door name

Logical path List of all parent areas, starting from the system entity

Health Online, Offline, or Warning

Open Open ( ) or closed ( )

Lock Locked ( ) or unlocked ( )

[Link] | Security Center Administrator Guide 5.2 174

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System status task

Entity Columns Description

Elevators Entity Elevator name

Logical path List of all parent areas, starting from the system entity

Health Online, Offline, or Warning

Health issues Entity type Icon representing the entity type

Entity Entity name

Source For a local entity, shows the server it is running on.

For a federated entity, shows the federation role name

Logical path List of all parent areas, starting from the system entity

Health Online, Offline, or Warning

Intrusion detection Entity Intrusion detection area name

areas
Logical path List of all parent areas, starting from the system entity

Health Online, Offline, or Warning

Arming state Master arm, Perimeter arm, Ready to arm, Arming,

Disarmed, Disarmed (input trouble), or Armed
(Alarm active)

Bypass Active/inactive (represented by an icon)

Alarm active Active/inactive (represented by an icon)

Intrusion detection Entity Intrusion detection unit name

units
Health Online, Offline, or Warning

AC fail Yes () or No (blank)

Battery fail Yes () or No (blank)

Tamper Yes () or No (blank)

Macros Entity Macro name

Start time Time the macro was started

Instigator Name of the user who started the macro

[Link] | Security Center Administrator Guide 5.2 175

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System status task

Entity Columns Description

Roles Entity Role name

Health Online, Offline, or Warning

Current server Name of server currently hosting the role

Servers List of servers assigned to host this role

Version Software version of role

Status Activated ( ) or Deactivated ( )

Routes Route Route name, showing the two networks it joins

Current Unicast TCP, Unicast UDP, or Multicast

configuration

Detected Unicast TCP, Unicast UDP, or Multicast

capabilities

Status OK, or warning message stating the reason of the

problem

Servers Entity Server name

Health Online, Offline, or Warning

Roles Roles assigned to this server

Zones Entity Zone name

Logical path List of all parent areas, starting from the system entity

Health Online, Offline, or Warning

State Normal, Active, or Trouble

Armed Indicates if the zone is armed or not

[Link] | Security Center Administrator Guide 5.2 176

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring the status of your system

Monitoring the status of your system

You can monitor the current status of different types of entities, and investigate health issues they
might have, using the System status report.

To monitor the status of your system:

1 From the Home page, open the System status task.
2 From the Monitor drop-down list, select one of the following:
 Access control units
 Analog monitors
 Applications (only administrators)
 Areas
 Cameras
 Cash registers
 Doors
 Elevators
 Health issues
 Intrusion detection area
 Intrusion detection units (only administrators)
 Macros (only administrators)
 Roles (only administrators)
 Routes (only administrators)
 Servers (only administrators)
 Zones
3 If required, select an area in the Selector.
4 To search for entities within nested areas, select the Search member entities option.
The related entities, roles, applications, and items are listed in the report pane. For
information about the status columns that are available for each entity, see "System status
task" on page 172.
5 (Optional) Do one of the following:
 To launch a Health history report, click . For more information, see "Viewing system
health events" on page 170.
 To diagnose the selected entity, click . For more information, see "Diagnosing entities"
on page 180.

[Link] | Security Center Administrator Guide 5.2 177

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitoring the status of your system

 To print the report, click .

 To save the report, click .
EXAMPLE If you have a camera that is not working, you can select the camera entity to
investigate why it is offline. If an entity has a health issue, you can launch the Health history task
and generate a report to investigate further, or diagnose the entity from the System status task.

[Link] | Security Center Administrator Guide 5.2 178

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting entity states

Troubleshooting entity states

Entity icons and labels can appear in several different colors in the Logical view:

Color Entity state

White The entity is online, and the server can connect to it.

Red The entity is offline, and the server cannot connect to it.

Yellow The entity is in the warning state. The server can connect, there are problems.

Entity warnings usually appear because of invalid [Link] it comes to cameras,

there are two specific conditions that can cause the camera to fall into a yellow warning state:
• Multiple recording schedules (that are in conflict) have been applied to the same camera.
• A transmission lost event has occurred. This means that the Archiver is still connected to the
camera, but it has not received any video packets for more than 5 seconds.
To fix these issues, try the following:
• Change the conflicting schedules, see “Resolving schedule conflicts” in the Security Center
Administrator Guide"Resolving schedule conflicts" on page 105.
• Diagnose the Archiver role (see "Diagnosing entities" on page 180).

[Link] | Security Center Administrator Guide 5.2 179

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Diagnosing entities

Diagnosing entities
You can diagnose entities, roles, and applications using the diagnostic tool.

An entity or role that is not properly configured is displayed in yellow. An entity that is offline is
displayed in red. The diagnostic tool can help you troubleshoot your problem.

For more information about troubleshooting entity states, see "Troubleshooting entity states" on
page 179.

To diagnose an entity:
1 From the Home page, open the System status task.
2 From the Monitor drop-down list, select the entity type you want to diagnose.
3 If required, select an area in the Selector.
4 To include entities within nested areas, select the Search member entities option.
The related entities are listed in the report pane.
5 Select a trouble entity, and click Diagnose ( ).
A troubleshooting window opens, showing the results from the diagnostic test performed
on the selected entity.
6 To rerun the test, click Refresh.
7 To save the results of the test, click Save.
8 Click Close.

[Link] | Security Center Administrator Guide 5.2 180

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Finding out who made changes on the system

Finding out who made changes on the system

You can find out who made configuration changes on the system, and for which entities, using
the Audit trails report.

To find out who made configuration changes on the system:

1 From the Home page, open the Audit trails task.
2 Generate your report (see "Generating reports" on page 44"Generate a report" on page 30).
The description of the changes to the selected entities, and who made those modifications,
are listed in the report pane. For information about the report columns available, see
"Report pane columns" on page 730.
EXAMPLE If you see that the properties of an entity have changed, and you must find out who
made those changes, you can select that entity. If you requested an update for an entity (for
example, the privileges for a user), you can check to see if you the changes have been made from
Config Tool.

[Link] | Security Center Administrator Guide 5.2 181

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Investigating user related activity on the system

Investigating user related activity on the system

You can view all user activity related to video, access control, and LPR, using the Activity trails
report.
Before you begin:
To receive results in the Activity trails report, you must already be monitoring user activity. You
can select which activities to monitor and record in the database from the System task in Config
Tool (see "Activity trails" on page 633the Security Center Administrator Guide).

To investigate user related activity on the system:

1 From the Home page, open the Activity trails task.
2 In the Query tab, select the activities you want to investigate.
The activities you can investigate are:
 Analog monitor connection/disconnection. Who connected to or disconnected from an
analog monitor.
 Application update. Who updated a client application, such as Patroller, Web Client,
Security Desk, and so on, or a Sharp unit.
 Badge printing. Who printed a credential badge.
 Connect to remote Security Desk. Who connected to a remote Security Desk workstation.
 Credential request. Who requested a credential badge to be printed, and why.
 Credential request cancelled/completed. Who completed or cancelled a credential badge
print request.
 Disconnect from remote Security Desk. Who disconnected from a remote Security Desk
workstation.
 Enable/disable visual tracking. Who enabled or disabled visual tracking in a tile.
 Export/generate report. Who exported/generated which reports.
 Hotlist editor. Who loaded a hotlist or permit list, or added, deleted, or edited entries
within the list.
 Hotlist filtering. The LPR Manager role which has hotlist filtering enabled.
 Live streaming started/stopped. Which camera was displayed.
 Playback. Which recording was played.
 Playback bookmark deleted/modified. Who deleted/modified which bookmarks.
 Print hit report - photo evidence. Who printed evidence.
 Print report. Who printed a report.
 PTZ command. What did the user do with the PTZ.
 Snapshot printed/saved. Who printed or saved a snapshot.

[Link] | Security Center Administrator Guide 5.2 182

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Investigating user related activity on the system

 Threat level set/reset. Who activated/deactivated a threat level, and on which area or
system.
 User logon/logoff. Who logged on or off of which Security Center client application.
 Video export. What did the user export and where did they save it.
 Video unit identified/rebooted. Who tried to identified/rebooted a unit.
3 Set up the other query filters for the report (see "Query filters" on page 718).
4 Click Generate report.
The activity results are listed in the report pane.
EXAMPLE You can find out who played back which video recordings, who blocked a camera,
who activated a threat level, who requested a credential badge to be printed, who used the Hotlist
and permit editor task, or who enabled hotlist filtering.

[Link] | Security Center Administrator Guide 5.2 183

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing properties of units in your system

Viewing properties of units in your system

You can view the properties of video, access control, intrusion detection, and LPR units in your
system, using the Hardware inventory report.

At a glance, you have a list of all the units that are part of your system, and can see their
information, such as their unit type, manufacturer, model, IP address, and so on. For example,
this is helpful to see what firmware version a unit has, and determine if it needs to be upgraded.

To view the properties of units in your system:

1 From the Home page, open the Hardware inventory task.
2 Generate your report (see "Generating reports" on page 44"Generate a report" on page 30).
The unit properties are listed in the report pane. For information about the report columns
available, see "Report pane columns" on page 730.

[Link] | Security Center Administrator Guide 5.2 184

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Part III

Omnicast IP video surveillance

Learn how to set up, configure, and manage your Omnicast system in Security Center.
This part includes the following chapters:
• Chapter 8, “Deploying Omnicast” on page 186
• Chapter 9, “Managing Omnicast” on page 224
 8
Deploying Omnicast
This section explains how to set up your video surveillance system for the first time.
This section includes the following topics:
• "What is Omnicast?" on page 187
• "What are the Omnicast entities?" on page 188
• "Omnicast deployment process" on page 190
• "Configuring the Archiver role" on page 193
• "Configuring the Media Router role" on page 203
• "Configuring the Auxiliary Archiver role" on page 205
• "Configuring cameras" on page 210
• "Configuring analog monitors" on page 221

[Link] | Security Center Administrator Guide 5.2 186

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What is Omnicast?

What is Omnicast?
Omnicast™ is the IP video surveillance component of Security Center. Omnicast provides
seamless management of digital video, audio, and metadata across IP networks.
Omnicast main features are as follows:
• View live and playback video from all cameras
• View up to 64 video streams side-by-side on a single workstation
• View all cameras on independent timelines or on synchronized timelines
• Full PTZ control, using a PC or CCTV keyboard, or on screen using the mouse
• Digital zoom on all cameras
• Motion detection on all cameras
• Visual tracking: follow individuals or moving objects across different cameras
• Search video by bookmark, motion, or date and time
• Export video in proprietary G64 format or public ASF format
• Protect video against accidental deletion
• Protect video against tampering by using watermarks
Omnicast also provides video support for events tracked by other systems unified under
Security Center.
• Enhance all event reporting with playback video
• Enhance alarm monitoring (core feature) with live video
• Enhance intrusion detection (core feature) with live video
• Enhance access control system (Synergis) with live video
 Video verification: compare cardholder picture with live video
 Consolidate all access events with video
• Enhance LPR system with live video

[Link] | Security Center Administrator Guide 5.2 187

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What are the Omnicast entities?

What are the Omnicast entities?

The Omnicast video surveillance system uses the following entity types.

Icon Entity Description

Archiver (role) Role that controls the video units and manages the video archive.
See "Archiver" on page 525.

Auxiliary Archiver Role that supplements the video archive produced by the
(role) Archiver. It is capable of archiving any camera on the system. See
"Auxiliary Archiver" on page 547.

Media Router (role) Role that takes care of the routing of all audio and video streams
on the network. See "Media Router" on page 591.

Network Network (with specific streaming capabilities) that the Media

Router takes into account while making routing decisions.
See "Network" on page 438.

Server Server on your network. Used to host the roles needed on your
system. See "Server" on page 475.

Area Logical grouping of cameras and camera sequences.

See "Area" on page 364.

Analog monitor Represent a physical analog monitor connected to a video

decoder.
See "Analog monitor" on page 361.

Camera A single video source on the system. Might support audio. See
"Camera (video encoder)" on page 372.

Camera (PTZ enabled) PTZ camera or dome camera. See "Camera (video encoder)" on
page 372.

Camera sequence A pre-arranged order for the display of video sequences in a

rotating fashion within a single tile in Security Desk.
See "Camera sequence" on page 397.

Monitor group Group of analog monitors sharing common characteristics.

See "Monitor group" on page 436.

Schedule Date and time range. Might support daytime and nighttime.
See "Schedule" on page 467.

Video unit IP unit incorporating one or more video encoders.

See "Video unit" on page 498.

Partition Group of entities on the system visible only to a group of users. See
"Partition" on page 451.

[Link] | Security Center Administrator Guide 5.2 188

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What are the Omnicast entities?

Icon Entity Description

User Individual who uses Security Center applications.

See "User" on page 486.

User group Group of users sharing common characteristics.

See "User group" on page 493.

[Link] | Security Center Administrator Guide 5.2 189

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Omnicast deployment process

Omnicast deployment process

This section includes the following topics:
• "Omnicast deployment prerequisites" on page 190
• "Omnicast deployment procedure" on page 191

Omnicast deployment prerequisites

Before you deploy Omnicast, you must have the following ready:
 A network diagram showing all public and private networks used within your organization,
their IP address range, their video transmission capabilities (Multicast, Unicast UDP, and
Unicast TCP). For public networks, you also need the name and public IP address of their
proxy servers.
TIP Ask your IT department for this information.

 All ports used by Security Center for communication and video streaming must be open
and redirected for firewall and NAT purposes.
For more information, see "Default Security Center ports" on page 785.
 All video equipment (video units, fixed and PTZ cameras) must be installed and connected
on your company’s IP network, with the following information:
 Manufacturer, model, and IP address of each video unit
 Login credentials (username and password) if applicable
 Communication protocol used (HTTP or HTTPS)
TIP A site map (floor plans) showing where the cameras are located would be helpful.

 If you have cameras connected to a conventional CCTV matrix (hardware matrix in

Omnicast), you need the following:
 An Omnicast 4.x system to manage the video encoders connected to the CCTV matrix
outputs. For information on how to integrate hardware matrices with Omnicast, see
“Hardware Matrix” in the Omnicast Administrator Guide.
 To federate Omnicast 4.x system in Security Center. For more information, see
"Federating Omnicast systems" on page 131.
 Security Center software components installed:
 Security Center Server software installed on your main server.
The main server is the computer hosting the Directory role.
 Optionally, Security Center Server software installed on expansion servers.
An expansion server is any other server on the system that does not host the Directory
role. You can add expansion servers at any time. For more information, see "Add an
expansion server to your system" on page 47.

[Link] | Security Center Administrator Guide 5.2 190

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Omnicast deployment process

 Security Center Client software installed on at least one workstation.

For software installation, see Security Center Installation and Upgrade Guide.
 (Optional) A list of user groups operating independently of each other.
Identify user groups that will work independently on different parts of the system.
 A list of all known users with their names and responsibilities.
To save configuration time, identify users who have the same roles and responsibilities.

Omnicast deployment procedure

The table below summarizes a typical Omnicast deployment.

Phase Description See

1 Read the things you need to know and do before "Omnicast deployment prerequisites"
deploying your Omnicast system. on page 190.

2 Use the Admin account on Config Tool to connect "Connecting to Security Center" on
to your system. page 9.

3 Change the Admin account’s password to protect "Change your password" on page 10.
your system.

4 Create a partition for each independent user group. "Defining partitions" on page 90.
By first defining the partitions, you won’t have to
move entities around after you’ve created them.

5 Configure the Logical view (the tree structure). "Managing the Logical view" on
The Logical view lets you organize the entities from page 85.
an end-user’s perspective.

6 Set up the default Archiver role. "Configuring the Archiver role" on

page 193.

7 (Optional) Configure your networking "Managing the Network view" on

environment. page 82.

8 (Optional) Set up additional Archiver roles if "Configuring the Archiver role" on

necessary. page 193.

9 (Optional) Configure the Media Router role. "Configuring the Media Router role"
on page 203.

10 (Optional) Configure Auxiliary Archiver roles. "Configuring the Auxiliary Archiver

role" on page 205.

11 (Optional) Define custom fields for your system "Custom fields" on page 625.
entities as needed.

12 Create the users and user groups. "Defining user groups" on page 96
and "Defining users" on page 93.

[Link] | Security Center Administrator Guide 5.2 191

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Omnicast deployment process

Phase Description See

13 (Optional) Federate remote Omnicast systems if "Federating remote systems" on

necessary. page 128.

14 (Optional) Configure the alarms. "Managing alarms" on page 111.

[Link] | Security Center Administrator Guide 5.2 192

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

Configuring the Archiver role

This section includes the following topics:
• "What is the Archiver?" on page 193
• "Configure the Archiver" on page 193
• "Adding video units to your system" on page 194
• "Configuring video units for trickling" on page 198

What is the Archiver?

The Archiver role is responsible for the discovery, control, and status polling of video units. All
communications between the system and video units are established through this role. All events
generated by the units (motion, video analytics) are forwarded by the Archiver to the concerned
parties on the system. The Archiver also manages the video archive and performs motion
detection on video units that do not support this feature.

Configure the Archiver

When Omnicast is enabled in your license, an Archiver role is created by default and assigned
to the main server. You must complete its configuration before it can be fully operational.
1 From the Home page in Config Tool, open the Video task.
2 Select the Archiver role entity to configure.
3 Click the Resources tab, and configure the server, database, and disk storage required to run
this Archiver.
For more information, see Archiver – "Resources" on page 537.
4 Click the Camera recording tab, and configure the default recording settings for all
cameras controlled by this Archiver.
For more information, see Archiver – "Camera recording" on page 526.
TIP If you are using multiple disk groups, you might want to temporarily set the recording
mode to off, then re-enable it at the end of the process to avoid creating the video files on the
wrong disk group. For more information, see "Archive storage settings" on page 540.
5 Add the video units that you want this Archiver to control.
For more information, see "Adding video units to your system" on page 194.
6 Click the Extensions tab, and complete the configuration of the extensions created in the
previous step if necessary.
For more information, see Archiver – "Extensions" on page 532.
7 If you are using multiple disk groups for archiving, see "Optimizing access to your storage
devices" on page 227.
8 Configure the cameras associated with the video units you just added.

[Link] | Security Center Administrator Guide 5.2 193

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

For more information, see "Configuring cameras" on page 210.

9 If recording is performed on the edge units, see "Configuring video units for trickling" on
page 198.
After you are done:
If you have a large system, you can distribute the load by adding more Archiver roles and
hosting them on separate on separate servers. To add more Archivers, see "Create a role entity"
on page 50.

Adding video units to your system

This section includes the following topics:
• "Add video units manually" on page 194
• "What is automatic discovery?" on page 196
• "Add video units using the Unit discovery tool" on page 196

Add video units manually

Before you begin: You must know the manufacturer, the product type (model or series), the IP
address, and the login credentials (username and password) for the units you plan to add.
1 From the Home page in Config Tool, open the Video task.
2 Click the Role view, and select the Archiver role.

[Link] | Security Center Administrator Guide 5.2 194

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

3 In the Contextual commands toolbar, click Add an entity( ) > video unit.
The Manual add dialog box appears (the following screenshot is just a sample).

4 If you have multiple Archiver roles, select the Archiver role from the Archiver drop-down
list.
5 Select the unit’s manufacturer and product type.
6 Enter the IP address and HTTP port of the unit.
Use a range of IP addresses to add multiple units in a single operation.
TIP If you do not know your unit’s IP address, use the Unit discovery tool instead. For more
information, see "Add video units using the Unit discovery tool" on page 196.
7 Select which credentials the Archiver should use to connect to the unit.
 Default login . Use the default login credentials defined in the manufacturer’s extension
for this Archiver. If the extension has not yet been defined, blank credentials are used.
 Specific. Enter the specific login credentials used by this unit. This can be changed to Use
default login later during video unit configuration.
8 Complete all other settings as-necessary, and click Add.
If the manufacturer’s extension does not exist, it will be created for you. For more
information, see Archiver – "Extensions" on page 532.

[Link] | Security Center Administrator Guide 5.2 195

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

NOTE If the manufacturer supports automatic discovery, all other units present on your
system that share the same discovery port will automatically be added to the same Archiver
in addition to those being added manually. For more information, see "What is automatic
discovery?" on page 196.
9 Refresh the Role view.
The newly added video units appear under the selected Archiver entity.
10 (Optional) Select the video units, and change their default settings if necessary.
For more information, see Entity configuration – "Video unit" on page 498.
If you are having trouble adding the video unit, see "Troubleshooting: Cannot add video units"
on page 247.

What is automatic discovery?

Automatic discovery is the process by which video units on a network are automatically
discovered by an Archiver role. This is done by broadcasting a discovery request on the
discovery port and waiting for all listening units to respond with a package that contains
connection information about the unit. The Archiver uses this information to automatically
configure the connection to the unit and enable communication.
NOTE Only a few unit manufacturers, such as ACTi, Bosch, and Verint, support this feature.

Add video units using the Unit discovery tool

The Unit discovery tool helps you find video units on your network when you do not know their
IP addresses.
For a complete description of this tool, see "Unit discovery tool" on page 659.

To perform a unit search with the Unit discovery tool:

1 From the Home page, click Tools > Unit discovery tool.
2 Click the Manufacturers button.
The Configure manufacturer’s extensions dialog box appears.
3 In the Video tab, click Add an item ( ).
4 In the Add manufacturers dialog box, select the manufacturers you need, and click Add.
The Add manufacturers dialog box closes.
5 One by one, configure the discovery settings for each of the manufacturers found in the left
pane (be as specific as you can), then click Save.
The Configure manufacturer’s extensions dialog box closes.

[Link] | Security Center Administrator Guide 5.2 196

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

6 Click Start discovery.

The tool starts to list all units discovered on your network, using the discovery parameters
you set for each manufacturer. You can stop the discovery process at any time.

NOTE If the discovery is based on the Axis extension, units from other manufacturers might
also be discovered because UPnP and Zero config are also used as well in the discovery
process.
7 Select a unit in the list to display its information in the right-hand pane.
 If you provided the correct login credentials, you will be able to add the unit to your
system by clicking the Add unit ( ) button found below the unit information.
 If the login credentials are incorrect, you can still try to add the unit using the Manual
add dialog box and providing the correct credentials:
 Click Manual add ( ), and select Video unit.

[Link] | Security Center Administrator Guide 5.2 197

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

Configuring video units for trickling

This section includes the following topics:
• "What is trickling?" on page 198
• "Trickling limitations" on page 198
• "Enable edge recording on a camera" on page 199
• "Configure cameras for trickling" on page 200
• "Start and stop trickling manually" on page 201

What is trickling?
Trickling is the process of transferring data in small amounts. Applied to the video world, it
refers to situations where the video is recorded on the unit itself (edge recording), and that the
recordings are only transferred to the Archiver at a specific or pre-determined time.

There are many scenarios where video trickling is used:

• Remote site connected to a central site with limited bandwidth.
Typically, a server would be deployed at the remote site to host the recording. But with video
trickling, it is possible to go server-less and download the video on demand.
• Systems with large camera deployments but limited network bandwidth.
Recording is entirely done on the edge units. No video, or only low quality video is streamed
live on the network. Security Center records specific events (analytics, motion, bookmarks,
alarms). Video is downloaded to the Archiver only outside of peak hours, and for the
periods corresponding to the recorded events.
• City wide surveillance using edge recording cameras.
Cameras are always recording. Client can view live video when requested. Recordings are
only downloaded on demand for investigation purposes, or outside of peak hours.
A successful trickling setup must include the following:
• Cameras configured for edge recording. The recording can be continuous or triggered by
specific events (inputs, motion, analytics, etc.).
• Security Center must be configured to download video from these cameras, either
periodically, when a connection is established between the Archiver and the unit, or when a
user explicitly requests it.

Trickling limitations
The following limitations apply when using the trickling feature:
• It is not possible to trickle video sequences that occurred on a unit prior to the last video
time frame stored on the Archiver for that unit. For example, If the last frame trickled for a

[Link] | Security Center Administrator Guide 5.2 198

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

unit is ‘9/30/2011 [Link]', and you try to trickle video between [Link] and [Link], only
video between [Link] and [Link] will be trickled and stored in the Archiver.

Enable edge recording on a camera

Before you begin: Only cameras/video units capable of edge recording can be configured for
trickling. However, not all units capable of edge recording are supported for trickling. To find
out which edge devices are currently supported, contact Genetec Technical Assistance at http://
[Link].
Edge recording can only be enabled from the unit’s Web page.
1 From the Home page in Config Tool, open the Video task.
2 From the entity browser, select the video unit you wish to configure.
3 Click Unit’s Web page ( ) in the contextual command bar.
4 In the Web browser window that appears, follow the instructions from the unit’s
manufacturer to enable recording on that unit.
5 Close the Web browser window when you’re done.
NOTE Some unit manufacturers support edge recording on a separate device from the video
units, such as an iSCSI drive managed by Bosch VRM (Video Recording Manager). In this case,
the VRM settings must be configured in the Archiver’s extension for the manufacturer that
supports it.

To configure a Bosch VRM:

1 From the Home page in Config Tool, open the Video task.
2 From the entity browser, select the Archiver that is managing the Bosch cameras.
3 Select the Extensions tab, and select the installed Bosch extension.

4 Under the VRM section, click Add an item ( ).

For more information, see Archiver – Extensions – "Bosch VRM settings" on page 535.

[Link] | Security Center Administrator Guide 5.2 199

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

5 In the dialog box that appears, enter the IP address of the VRM, and the logon credentials,
then click Save.

6 Click the Playback mode drop-down list and select one of the following:
 iSCSI
 TCP redirection via VRM
 UPD redirection via VRM
Select the data transport method according to the configuration of your Bosch VRM.
7 Click Apply.

Configure cameras for trickling

Before you begin: All cameras selected for trickling must have edge recording enabled. See
"Enable edge recording on a camera" on page 199.
1 From the Home page in Config Tool, open the Video task.
2 From the entity browser, select the Archiver that is managing the camera.
3 Select the Trickling tab. For more information, see "Trickling" on page 528.
4 Click Add an item ( ), select the camera and click Add.
IMPORTANT Only cameras with edge recording capability are listed. Once a camera is
selected for trickling, recording on the Archiver is stopped. This however does not affect the
recording on Auxiliary Archivers.
5 For each camera selected for trickling, select
 On connection. To configure the camera to start trickling upon connection to the
network. This option is recommended for cameras connected to mobile units that
regularly move in and out of Wi-Fi coverage.
 On schedule. To configure the camera to start trickling on schedule. This option is
recommended for fixed cameras with poor network bandwidth. Trickling can then be
scheduled for a time when the network demand is the lowest.

[Link] | Security Center Administrator Guide 5.2 200

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

6 (Optional) If the trickling on schedule option is selected, define the periods when trickling is
performed in the Trickle every option.
7 In the Trickling filter section, select the video data types you want to trickle.
NOTE The filters are not combined. Select each type of video data that you want separately.
If you do not select any filters, none of the video stored on the unit is trickled.
 Time interval. Trickle video segments recorded during a specific period of time. You can
specify a specific time range or a relative time range (last n days, hours, minutes).
 Playback requests. Trickle video segments that were played back from the camera.
 Motions. Trickle video segments that span between a Motion on and Motion off event.
This option applies to unit motion detection only.
 Bookmarks. Trickle video segments that contain bookmarks.
 Unit offline. Trickle video segments that span between a Unit lost and a Unit discovered
event.
 Video analytics. Trickle video segments that contain video analytics events.
 Alarms. Trickle video segments that contain alarm events.
 Input triggers. Trickle video segments that contain input events.
8 Configure the general trickling behavior.
The behavior settings are:
 Time buffer when downloading events. The time buffers apply to event-based trickling.
Specify how many seconds of video should be trickled before and after the event
occurred. For example, if you selected the Motion filter, these settings indicate how
many seconds are trickled before the Motion on event occurred, and how many seconds
are trickled after the Motion off event.
 Delay after connection. Use this setting to specify how long (in seconds) the Archiver will
wait to determine if a unit is truly online before trickling. For example, if your cameras
are set to trickle on connection and you have an unstable network where your cameras
frequently go on and offline, this setting is useful to prevent trickling from repeatedly
starting and stopping.
 Simultaneous downloads. Use this setting to specify how many cameras can trickle at the
same time. This setting is useful if you have a limited network and do not want too many
downloads to occur simultaneously.
9 Click Apply.

Start and stop trickling manually

Trickling can be started and stopped manually from the Trickling status dialog box. For more
information, see "Trickling status" on page 529.
1 Click Trickling status ( ) found at the bottom of the camera list.
2 In the dialog box that appears, select one or more cameras and click:
 to start trickling for the selected cameras

[Link] | Security Center Administrator Guide 5.2 201

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Archiver role

 to stop trickling for the selected cameras

 to start trickling for all cameras
 to stop trickling for all cameras
NOTE A camera that has just been added to the trickled camera list does not appear in this
dialog box until you have clicked Start trickling for all cameras ( ) once.
3 Click Close when you have finished.

[Link] | Security Center Administrator Guide 5.2 202

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Media Router role

Configuring the Media Router role

This section includes the following topics:
• "What is the Media Router?" on page 203
• "Configure the Media Router" on page 203
• "Beware of RTSP port conflict" on page 204

What is the Media Router?

The Media Router is the central role that handles all stream requests (audio and video) on the
system. It establishes streaming sessions between the stream source (camera or Archiver) and its
requesters (Security Desk or SDK clients). Routing decisions are based on the location (IP
address) and the transmission capabilities of all parties involved (source, destinations,
networks, and servers).

Configure the Media Router

When Omnicast is enabled by your license, the Media Router role is created by default and
hosted on the main server. The default setup is usually all you need, unless you have a complex
system involving multiple private networks.
1 From the Home page in Config Tool, open the Video task.
2 From the Logical view, select the Media Router role.
3 Click the Resources tab, and change the role’s primary server or add a standby server if
necessary.
For more information, see "Move a role to a different server" on page 50.
4 Click the Properties tab.
5 Change the start multicast address and port settings if necessary.
You’ll need to change the default settings only if they conflict with other applications on
your system. For more information, see Media Router – "Properties" on page 592.
6 Add or change the redirector configurations.
Redirectors are servers assigned to host redirector agents. A redirector agent is a software
module created by the Media Router to redirect data streams from one IP endpoint to
another. The Media Router automatically creates a redirector agent on every server assigned
to an Archiver role. You might have to create redirector agents on additional servers if you
need to reach clients located on remote networks.
To avoid overloading a redirector server or the network bandwidth between the two
endpoints, you can limit the number of live and playback streams that the server can
redirect. For more information, see Media Router – "Redirectors" on page 592.
7 Click Apply.

[Link] | Security Center Administrator Guide 5.2 203

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Media Router role

Beware of RTSP port conflict

The Media Router role has a default RTSP port of 554, its redirectors have a default RTSP port
of 560, and an Archiver role has a default RTSP port of 555. These ports must be unique on the
same server.
If multiple Archiver roles are created on the same server, they must all have a different RTSP
port. Otherwise, the role entity will turn yellow and an Entity warning event will be generated.

[Link] | Security Center Administrator Guide 5.2 204

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Auxiliary Archiver role

Configuring the Auxiliary Archiver role

This section includes the following topics:
• "What is the Auxiliary Archiver?" on page 205
• "Configure the Auxiliary Archiver" on page 207
• "Associate cameras to the Auxiliary Archiver" on page 208
• "Remove a camera from the Auxiliary Archiver" on page 209
• "Move the Auxiliary Archiver to a different server" on page 209

What is the Auxiliary Archiver?

This section includes the following topics:
• "Purpose of the Auxiliary Archiver" on page 205
• "When do I need Auxiliary Archivers?" on page 205
• "Auxiliary Archiver limitations" on page 206
• "Differences between the Archiver and the Auxiliary Archiver" on page 206

Purpose of the Auxiliary Archiver

The purpose of the Auxiliary Archiver roles is to supplement the video archive produced by the
Archiver roles. Unlike the Archiver, the Auxiliary Archiver is not bound to any particular
discovery port. Therefore, it is free to archive any camera in the system, including cameras
federated from other Security Center systems.

The Auxiliary Archiver must depend on the Archiver to communicate with the video units. If
the Archiver isn’t running, the Auxiliary Archiver will not be able to archive the cameras it
controls.

When do I need Auxiliary Archivers?

The Auxiliary Archiver offers you the flexibility to create a different set of archives than the one
created by the Archiver. The auxiliary archives can use different video quality settings and
different recording schedules. The following are some sample scenarios where you would need
Auxiliary Archivers.
• You need to create a high resolution off-site (outside your corporate LAN) copy of your
video archive for selected cameras. In this scenario, you would run the Auxiliary Archiver
from a secured location, probably on a server located in a separate building with large
storage capabilities. The Auxiliary Archiver would record high quality video streams from
specific cameras using different recording settings (mode, schedules, etc.) than the
Archiver.

[Link] | Security Center Administrator Guide 5.2 205

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Auxiliary Archiver role

• You need to create a lower quality copy of your video archive to keep for a longer period of
time. In this scenario, you would record the low quality video stream with the Auxiliary
Archiver and set a longer retention period.
• You need to record more cameras (offering different viewing angles) during off-hours when
there are no guards on duty. In this scenario, you would configure an Auxiliary Archiver to
continuously archive during off hours those cameras that are not archived by the regular
Archiver, while the regular Archiver continues to archive

Auxiliary Archiver limitations

The Auxiliary Archiver cannot archive cameras federated from Omnicast 4.x systems, whether
directly via an Omnicast Federation role or indirectly via the federation of a remote Security
Center system that federates an Omnicast 4.x system. The archiving of federated Security Center
native cameras is supported.

Differences between the Archiver and the Auxiliary Archiver

The following table highlights the differences between these two roles.
Characteristics Archiver role Auxiliary Archiver role

Automatic unit discovery Yes (on units that support it). No.

Command and control of Yes. No (relies on the Archiver role).

cameras/video units

Command encryption via Yes (on units that support it). Not applicable.
secure protocols (such as
HTTPS and SSL)

Recorded cameras A camera can only be associated to A given camera can be associated
one Archiver role. to multiple Auxiliary Archivers.

Can only record cameras with Can record any camera on the
which it has a direct connection system, including federated
(usually on the same LAN). cameras (but only from Security
Center systems).

Recording settings Each camera has the option to Each camera has the option to
follow the default role settings or follow the default role settings or
its own custom settings. its own custom settings.

Recorded video stream Can only record the stream Can record any video stream of
designated for Recording. your choice.

Manual recording Yes, when Manual recording No (although Manual recording

schedules are in effect. schedules can be configured).

Event logging in database Yes. The events can be searched Yes. The events can be searched
and viewed with the Archiver and viewed with the Archiver
events video maintenance task. events video maintenance task.

[Link] | Security Center Administrator Guide 5.2 206

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Auxiliary Archiver role

Characteristics Archiver role Auxiliary Archiver role

Event logging to a flat file Yes. No.

Found in ArchiverLogs folder.

Database backup and Yes (video files are not included). Yes (video files are not included).
restore

Failover support Yes. One secondary server can be Not applicable.

added to the Archiver role.

Multiple copies of the Yes, via redundant archiving, but Yes. Each Auxiliary Archiver
video archive the master and redundant copies produces a different set of video
are identical, because they use the archive that follows its unique
same recording settings. recording settings.

Video file protection Yes. Yes.

Video watermarking Yes. Yes.

Configure the Auxiliary Archiver

The Auxiliary Archiver role is not created by default. You need to create it manually.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and then click Add an entity ( ) > Auxiliary Archiver.
3 In the Specific info page, do the following:
a From the Server drop-down list, select the server where this role will be hosted
b Enter the Data server name for the video archive database.
A default data server, called (local)\SQLEXPRESS, is installed on every computer where
Genetec Server is installed. You can use it or use another data server on your network.
c Enter the Database name of the video archive database.
CAUTION The default name is AuxiliaryArchiver. If the selected server is already hosting
another instance of Auxiliary Archiver, you must choose a different name. Otherwise, the
new role will corrupt the existing database!
TIP As a way to prevent unfortunate accidents, Genetec recommends you use a different
database name for every instance of Auxiliary Archiver, regardless of whether there is a
conflict or not.
d Click Next.
4 In the Basic information page, enter the name, description, and partition where the
Auxiliary Archiver role will be created.
For more information, see "Common entity attributes" on page 38.

[Link] | Security Center Administrator Guide 5.2 207

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Auxiliary Archiver role

5 Click Next, Create, and Close.

A new Auxiliary Archiver role ( ) is created. Wait a few seconds for the role to create the
database on the selected data server.
6 Select the Resources tab, and configure the server, database, and disk storage required to
run this Auxiliary Archiver.
NOTE Every newly created Auxiliary Archiver is assigned the default value of 558 for its RTSP
port. This port value must be unique for all archiving roles hosted on the same machine. For
more information, see Auxiliary Archiver – "Resources" on page 551.
7 Select the Camera recording tab, and configure the default recording settings for all
cameras recorded by this Auxiliary Archiver.
For more information, see Auxiliary Archiver – "Camera recording" on page 548.
TIP If you are using multiple disk groups, you can temporarily set the recording mode to off,
then re-enable it at the end of the process to avoid having video files created on the wrong disk
group.
8 Select the Cameras tab, and configure the cameras you want to archive.
For more information, see "Associate cameras to the Auxiliary Archiver" on page 208.
9 If you are using multiple disk groups for archiving, see "Optimizing access to your storage
devices" on page 227.

Associate cameras to the Auxiliary Archiver

Before you begin: You can add any camera visible in your system to an Auxiliary Archiver,
except the ones federated from Omnicast 4.x systems.
1 From the Auxiliary Archiver’s Cameras tab, click Add an item ( ).
2 In the dialog box that appears, select the cameras you want and click OK.
NOTE It takes a few seconds for the selected cameras to be added. If the role is unable to add
a camera in the given time, a failed status will be indicated for a few seconds, and the camera
will be removed.
3 Click Apply.
4 To override the default recording settings on a camera:
a Select the camera from the list and click Jump to ( ).
The camera configuration page is selected.
b From the Recording tab of the camera, select the tab that corresponds to the current
Auxiliary Archiver. For more information, see Camera – "Recording" on page 382.
c Select Custom settings under Recording settings, and make the necessary changes.
d Click Apply.

[Link] | Security Center Administrator Guide 5.2 208

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Auxiliary Archiver role

Remove a camera from the Auxiliary Archiver

Before you begin: Removing a camera from the Auxiliary Archiver instantly deletes the
associated video archive from the Auxiliary Archiver’s database.
1 From the Cameras tab, select a camera and click Delete the item ( ).
CAUTION There is no undo if you proceed through the next step!
2 In the confirmation dialog box that appears, click Delete.
All records of this camera’s video archive are deleted from the role’s database.
3 In the second confirmation dialog box, do one of the following:
 Click No if you want to keep the video files on disk.
This allows you to play the video files with the Video file player in Security Desk, but you
will no longer be able to query the video archive with the Archives task.
 Click Yes if you do not want to keep the video files.

Move the Auxiliary Archiver to a different server

Before you begin: You should not move your Auxiliary Archiver to a different server unless
both the database and the video storage are configured on a separate machine.

[Link] | Security Center Administrator Guide 5.2 209

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

Configuring cameras
Camera (or video encoder) entities are automatically created when the video units they are part
of are added to your system. Although Security Center provides workable default settings, we
recommend that you carefully go through the configuration of each entity in order to achieve
optimal performance.
TIP You can save a significant amount of time by copying the settings of one camera to all similar
cameras. For more information, see "Copy configuration tool" on page 674.
This section includes the following topics:
• "Recommended camera configuration process" on page 210
• "Configuring video streams" on page 211
• "Configure visual tracking" on page 213
• "Test the video quality of your camera" on page 214
• "Configure PTZ motors" on page 215
• "Creating camera sequences" on page 219

Recommended camera configuration process

1 From the Home page in Config Tool, open the Video task.
2 In the Logical view, select a camera.
3 Click the Video tab and configure the video streams that the encoder should generate.
For more information, see "Configuring video streams" on page 211.
4 Configure specific recording settings for this camera for each archiving role it is assigned to.
If you do not configure specific settings for the camera, it follows the recording settings for
the archiving roles (Archiver and Auxiliary Archivers). For more information, see Camera –
"Recording" on page 382.
NOTE If a camera has been added to an Archiver’s trickling list, its recording can only be
configured using its web page. For more information, see "Trickling" on page 528.
5 (Optional) Motion detection can be performed by the Archiver or by the unit, on the entire
video image (default) or only on certain areas (motion zones).
For more information, see Camera – "Motion detection" on page 383.
6 (Optional) The camera’s video attributes (brightness, contrast, hue, saturation) can be
adjusted to account for different times of the day.
For more information, see Camera – "Color" on page 391.
7 (Optional) Visual tracking, the ability for Security Desk users to switch to an adjacent
camera’s view by clicking on certain areas of the video image in the tile, can be configured
for all fixed cameras.

[Link] | Security Center Administrator Guide 5.2 210

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

For more information, see Camera – "Visual tracking" on page 392, and "Configure visual
tracking" on page 213.
8 (Optional) Hardware devices such as PTZ motors, microphones and speakers can be
manually associated with the current camera if they are not built-in on the same unit.
For more information, see Camera – "Hardware" on page 393.
9 Test the settings you have configured so far: video quality, color and brightness, PTZ
controls, etc.
For more information, see "Test the video quality of your camera" on page 214.
10 (Optional) Configure any necessary event-to-action behaviors for this camera.
For more information, see "Using event-to-actions" on page 106.
11 (Optional) Copy the settings you just configured from this camera to other similar cameras
on your system if applicable.
For more information, see "Copy configuration tool" on page 674.
12 Repeat the same process for all other cameras on your system.

Configuring video streams

Most video encoders can generate multiple video streams from the same video source. You must
carefully evaluate how you plan to use each of them (for live viewing or for recording) and what
are the optimum video quality settings for each.
This section includes the following topics:
• "How video stream settings are organized" on page 211
• "Automatic stream selection" on page 212
• "Boosting recording quality on special events" on page 213

How video stream settings are organized

Video stream settings for a video encoder are nested in the following way:
• Each video encoder can generate one or more video streams.
• Each video stream is described by the following settings:
 Video quality. Video quality is defined by a host of parameters such as image resolution,
bit rate, frame rate, and so on, that can vary depending on the manufacturer.
The video quality can have multiple configurations based on different schedules. For
example, lower resolution might be required for regular hours when there is a lot of
activity in the office, while higher resolution might be used after closing time when less
human surveillance is available.
 Stream usage. The stream usage defines the purpose of the stream. You can select from
the following options:
 Live – Default stream used for viewing live video in Security Desk.

[Link] | Security Center Administrator Guide 5.2 211

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

 Recording – Stream recorded by the Archiver for future investigation.

The quality of the recording stream can be temporarily boosted when the recording is
triggered by certain types of events. For more information, see "Boosting recording
quality on special events" on page 213.
 Remote – Stream used for live viewing when the bandwidth is limited.
 Low resolution – Stream used instead of the Live stream when the tile used to view the
stream in Security Desk is small.
 High resolution – Stream used instead of the Live stream when the tile used to view the
stream in Security Desk is large.
A stream can be assigned all, some, or none of the usage options. A stream that has no
usage is not generated by the video encoder.
 Network settings. Specific connection type and multicast address can be configured for
each stream based on its usage and your network configuration.
For more information on stream configuration, see Camera – "Video" on page 373.

Automatic stream selection

Displaying high resolution video requires a lot of CPU power. In order to display the maximum
number of live video streams simultaneously in Security Desk, CPU use should be optimized.
Security Desk can be configured to base its decisions on which video stream to display on the
size of the selected viewing tile.
A higher resolution stream is used when the selected tile is large enough to show the difference.
Security Desk can also dynamically change the displayed video stream when the user resizes the
application window or changes the tile pattern.
In order to make these stream selection decisions, Security Desk has to rely on what the
administrator assigned to the following stream usage options:
• Low resolution
• Live
• High resolution
Security Desk chooses the most suitable video stream for display based on the current size of the
viewing tile. The best choice would be the stream with an image resolution equal to, or lower
than, the display area of the tile.
The video stream selection also changes dynamically when the user resizes the application
window, or changes the tile pattern.
When Automatic mode is selected as the default viewing stream in Security Desk, the High
resolution stream is always used when a tile is maximized, or when the digital zoom is in use.
Security Desk uses a higher resolution stream only if it would make a visual difference to the
human user. For this reason, when configuring the video quality of the individual streams, make
sure the Live stream has a better resolution than the Low resolution stream, and that the High
resolution stream has a better resolution than the Live stream.

[Link] | Security Center Administrator Guide 5.2 212

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

For more information on how the default live stream is configured in Security Desk, see
“Default live stream” in Genetec Security Desk User Guide.

Boosting recording quality on special events

On a typical system, the video stream used for recording is often of a lesser quality (lower frame
rate or lower image resolution) than the stream used for live viewing. The purpose is to save
storage space. However, when important events occur, a higher quality recording is often
required to provide adequate support for future investigations.
To address this need, Security Center offers the following video encoder options:
• Boost quality on manual recording. Temporarily boosts video quality when the recording
is started manually by a user.
The actions that trigger manual recording are as follows:
 The Record button ( ) is clicked by a Security Desk user
 The Add a bookmark button ( ) is clicked by a Security Desk user
• Boost quality on event recording. Temporarily boosts video quality when the recording is
triggered by a system event.
The events that qualify as event recording are as follows:
 The Start recording action was executed
 The recording was triggered by an alarm
 The recording was triggered by motion
For more about how to configure these options, see:
• "Boost quality on manual recording" on page 380
• "Boost quality on event recording" on page 380

Configure visual tracking

To configure visual tracking is to define on-video controls (colored shapes) for a camera.
1 From the Home page in Config Tool, open the Logical view task.
2 Select a camera from the entity tree and click the Visual tracking tab.
3 Select one of the drawing tools, Rectangle or Ellipse, and draw a shape over the live video
displayed to the right.
You can resize, position, and rotate the shape with the mouse, or use the Size and Position
parameters.
4 Select the fill color and opacity for the shape.
Setting the opacity at 60 percent is usually a good tradeoff between transparency and
visibility. You can also set a border color and a border thickness.

[Link] | Security Center Administrator Guide 5.2 213

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

5 From the camera tree located under the drawing tools, drag and drop the camera you want
to switch to onto the colored shape.
The camera name appears in the Entities box.
You can associate multiple cameras to the same shape. If more than one camera is to be
associated with the same on-video control, the operator must explicitly select a camera
before making the switch instead of just clicking on the colored shape.
6 Add as many on-video controls as necessary.
7 Click Apply.

Test the video quality of your camera

After configuring your cameras, you should always test the video quality to make sure it works
properly.
1 From the Home page in Config Tool, open the Video task.
2 Do one of the following:
 Double-click the camera you want to test.
 Select the camera, and then in the Contextual commands toolbar, click Live video ( ).
The Live video dialog box appears and shows you live statistics about the video stream that
is coming from the video encoder. For a PTZ camera, see "Configure PTZ motors" on
page 215.

3 If you have configured multiple video streams, click the Stream drop-down list to select a
different stream to view.
For more information, see "Configuring video streams" on page 211.

[Link] | Security Center Administrator Guide 5.2 214

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

4 If you have configured separate High resolution and Low resolution streams, select
Automatic as your stream option, and resize the Live video dialog box to test the automatic
stream selection.
For more information, see "Automatic stream selection" on page 212.
5 If you are experiencing streaming problems, click Show diagnostic information to display
diagnostic information as a transparent overlay on the video.

 Click Copy to clipboard to capture that information to send it to "Technical support" on

page 878.
 Click Close to hide the diagnostic information.

Configure PTZ motors

If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor
separately before you can control it in Security Desk.
Some PTZ motors support additional commands:
• Zoom-box. Zoom in on an area by drawing a box on the video image using your mouse.
This works like the digital zoom for fixed cameras.
• Center-on-click. Center the camera on a point of the video image with a single click.
When these two commands are enabled, they replace the normal pan, tilt, and zoom commands
when controlling the PTZ in Security Desk.

To configure PTZ motors:

1 From the Home page in Config Tool, open the Video task.
2 Select the camera, and click the Hardware tab.

[Link] | Security Center Administrator Guide 5.2 215

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

3 Switch the PTZ option to ON.

4 From the Protocol drop-down list, select the protocol used by the PTZ motor.
5 Beside the Protocol field, click to set the Idle delay, Idle command, and Lock delay
options.
For more information about these options, see "Hardware" on page 393.
6 From the Serial port drop-down list, select the serial port used to control the PTZ motor.
7 In the PTZ address box, select the number that identifies the PTZ motor on the serial port.
This number is important because it is possible to connect more than one PTZ motor on the
same serial port. This number must correspond to the dip switch settings on the PTZ
hardware.
8 To enable the enhanced PTZ commands (zoom-box and center-on-click), switch the
Enhanced PTZ option to ON, and calibrate the PTZ coordinates.
For information about how to calibrate the PTZ, see "Calibrate the PTZ coordinates" on
page 216.
NOTE Not all cameras require PTZ calibration. For example, Axis cameras do not require
calibration.
9 Click Apply.
After you are done: To test the PTZ controls, do the following:
a From the Logical view, do one of the following:
 Double-click the camera you want to test.
 Select the camera, and then in the Contextual commands toolbar, click Live video
( ).
b In the Live video dialog box, test the PTZ controls in the video image.
c Use the PTZ widget to control the camera.
For a list of commands in the PTZ widget, see "PTZ widget" on page 218.

Calibrate the PTZ coordinates

For most cameras, you need to calibrate the limits of the PTZ movement in order to use the
zoom-box and center-on-click commands properly in Security Desk.

To calibrate the PTZ coordinates for zoom-box and center-on-click:

1 From the Home page in Config Tool, open the Video task.
2 Select the camera, and click the Hardware tab.
3 Next to the Enhanced PTZ option, click Calibrate.
4 To set the PTZ coordinates automatically, click Calibration assistant, and follow the on-
screen instructions.
5 To set the PTZ coordinates manually, move the PTZ motor around in the live video image,
and enter the corresponding values on the right:

[Link] | Security Center Administrator Guide 5.2 216

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

 Max zoom factor. Zoom in to the maximum level you want Security Desk users to reach,
and enter the Zoom value from the Coordinates section.
 Horizontal field of view. Enter the horizontal field of view specified by the camera
manufacturer. If you do not have this information, zoom out until the Zoom value
indicates 1x, and estimate the angle of the horizontal field of view from the image you see
on screen.
 Vertical field of view. Enter the vertical field of view specified by the camera
manufacturer. If you do not have this information, zoom out until the Zoom value
indicates 1x, and estimate the angle of the vertical field of view from the image you see
on screen.
 Minimum pan angle. Turn the camera to the left-most position of the area under
surveillance, and enter the Pan value from the Coordinates section.
 Maximum pan angle. Turn the camera to the right-most position of the area under
surveillance, and enter the Pan value read from the Coordinates section.
 Minimum tilt angle. Turn the camera to the bottommost position of the area under
surveillance, and enter the Tilt value read from the Coordinates section.
 Maximum tilt angle. Turn the camera to the topmost position of the area under
surveillance, and enter the Tilt value read from the Coordinates section.
6 If you want to flip the camera image at any point, select one of the following from the Flip
camera drop-down list:
 Minimum tilt. Flips the camera image when the PTZ motor reaches the minimum tilt
coordinate.
 Maximum tilt. Flips the camera image when the PTZ motor reaches the maximum tilt
coordinate.
7 If you see that the Minimum pan angle value is higher than the Maximum pan angle value,
select the Invert pan axis option.
8 If you see that the Minimum tilt angle value is higher than the Maximum tilt angle value,
select the Invert tilt axis option.
After you are done: Test the zoom-box and center-on-click commands from a Security Desk
tile. If needed, adjust the calibration, and test the PTZ camera again.
NOTE Every time you change a parameter, you must remove the camera from the tile and drag
it back to the tile for your changes to take effect.

[Link] | Security Center Administrator Guide 5.2 217

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

PTZ widget
The PTZ widget is used to perform pan, tilt, and zoom operations on the displayed PTZ-enabled
camera ( ).
IMPORTANT Not all PTZ cameras support all PTZ commands. If one or more of the PTZ buttons
are greyed out, it means that the PTZ camera you are working with does not support that
command.

A
B
C

A Eight direction arrows for PTZ motor control

B Adjust speed of the PTZ motor
C Zoom in and zoom out commands (+ and -)
D Quick access buttons for the first eight presets
E Choice of preset slot (drop-down menu)
F Choice of pattern/tour slot (drop-down menu)
G Choice of auxiliary command slot (drop-down menu)
Lock control of the PTZ motor

Toggle the PTZ Advanced mode menu

Manual focus control (focus near)

Manual focus control (focus far)

Manual iris control (open iris)

[Link] | Security Center Administrator Guide 5.2 218

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

Manual iris control (close iris)

Go to PTZ home (default) position

Flip PTZ motor 180 degrees

Open PTZ’s menu (analog domes only)

Use specific commands (specific to that model camera)

Go to preset position

Save preset position

Rename a preset, pattern, or auxiliary

Start PTZ pattern (tour).

Click any preset or PTZ button to stop the pattern.
Record PTZ pattern (tour)

Start PTZ auxiliary command (e.g. wiper blade)

Stop PTZ auxiliary command

Creating camera sequences

You can group fixed, PTZ-enabled, and federated cameras into a camera sequence, so they are
displayed one after another in a rotating fashion in Security Desk tiles.
For more information about camera sequences, see "Camera sequence" on page 397.

To create a camera sequence:

1 From the Home page in Config Tool, open the Logical view task.
2 In the Contextual commands toolbar, click Add an entity ( ) > Camera sequence.
A new camera sequence entity ( ) appears in the Logical view.
3 Type a name for the camera sequence, and press ENTER.
4 Click the Cameras tab, and click Add an item ( ).
5 From the Camera drop-down list, select a camera to be part of the sequence.
6 In the Dwell time box, set the amount the time the camera is displayed when cycling
through the sequence.
7 From the PTZ command drop-down list, choose what action the PTZ camera will perform
when it is displayed in the sequence.
This option is only for PTZ-enabled cameras.
 Preset. Move the PTZ camera to a preset position.
 Position. Start a PTZ pattern.

[Link] | Security Center Administrator Guide 5.2 219

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cameras

8 From the PTZ auxiliary drop-down list, configure the switch number and the state to set it
to.
This option is only for PTZ-enabled cameras that support auxiliary switches.
9 Click Save > Apply.
10 To add another camera to the sequence, repeat steps Step 4 to Step 9.
11 To change the order of the cameras in the sequence, use the and buttons.
12 To remove a camera from the sequence, select the camera, and click Remove the item ( ).
13 Click Apply.

[Link] | Security Center Administrator Guide 5.2 220

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring analog monitors

Configuring analog monitors

Analog monitor entities are automatically created when the video decoding units they are
connected to are added to your system. Although Security Center provides workable default
settings, we recommend that you configure each analog monitor in order to achieve optimal
performance.
This section includes the following topics:
• "Configure analog monitors" on page 221
• "Testing your analog monitor configuration" on page 223

Configure analog monitors

This is the recommended process for configuring analog monitors on your system.
1 Add a video decoding unit to your system.
For information about adding units to your system, see "Adding video units to your system"
on page 194.
Analog monitors that are connected to the video decoding unit are automatically created as
analog monitor entities.
2 Configure the analog monitor properties.
a In the Video task, select an analog monitor to configure.
b Click the Properties tab.
c Configure the video settings, network settings, and the hardware connected to the analog
monitor.
For information about analog monitor properties, see "Analog monitor" on page 361.

[Link] | Security Center Administrator Guide 5.2 221

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring analog monitors

d Repeat Step a to Step c for each analog monitor connected to the decoder.
3 To receive alarms on your physical analog monitors, do the following:
a In the Alarms task, click the Monitor groups view.
b Click Monitor group.
c Type a name for your monitor group.
d Select the monitor group, and click the Monitors tab.
e At the bottom of the page, click , select the analog monitors to be part of the monitor
group, and then click OK.
You can select multiple analog monitors by holding the SHIFT or CTRL keys.
IMPORTANT The order of analog monitors in the list is important. If you add more than
one analog monitor to a monitor group, the first analog monitor in the list will receive the
highest priority alarm, the second analog monitor will receive the second highest priority
alarm, and so on. The last analog monitor in the monitor group list will receive all the
other alarms.
f Click Apply.
g In the Alarms task, click the Alarms view.
h Select an alarm, and then click the Properties tab.
i In the Recipients section, click , select the monitor groups to be recipients of the
alarm, and then click OK.

[Link] | Security Center Administrator Guide 5.2 222

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring analog monitors

j Click Apply.
Analog monitors that are part of the monitor group are now recipients of the alarm. When
the alarm is triggered, the video associated with the alarm is shown on the physical analog
monitor.
NOTE High priority alarms do not replace lower priority alarms that are displayed on the
analog monitor.
For more information about viewing video or receiving alarms in analog monitors in Security
Desk, see “Viewing video in an analog monitor” in the Security Desk User Guide.

Testing your analog monitor configuration

After configuring your analog monitors, you should always test to make sure you can view video
on the analog monitors.

To test your configuration:

• Display an analog monitor in a canvas tile in Security Desk, and then add a supported
camera to the tile.
Supported cameras must be from the same manufacturer as the decoder, and use the same
video format.
For more information about using analog monitors in Security Desk, see “Viewing video in an
analog monitor” in the Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 223

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 9
Managing Omnicast
This section explains advanced configuration techniques, and describes how to keep your video
surveillance system reliable, protected, and running smoothly.
This section includes the following topics:
• "Managing video archives" on page 225
• "Protecting your video archives" on page 228
• "Protecting video files" on page 232
• "Viewing properties of video files" on page 234
• "Replace video units" on page 235
• "Diagnosing video streams" on page 236
• "Troubleshooting: Video units are offline" on page 237
• "Troubleshooting: Cannot view live video" on page 238
• "Troubleshooting: “Impossible to establish video session with the server” errors" on
page 241
• "Troubleshooting: No playback video available" on page 242
• "Troubleshooting: Cameras not recording" on page 244
• "Troubleshooting: Cannot add video units" on page 247
• "Troubleshooting: Cannot delete video units" on page 250
• "Troubleshooting: H.264 video stream issues" on page 251
• "Investigating Archiver events" on page 252

[Link] | Security Center Administrator Guide 5.2 224

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing video archives

Managing video archives

The video archives managed by the Archiver roles are the most important assets produced by
your video surveillance system. They incorporate all the video (and audio) information recorded
by your system.
This section includes the following topics:
• "What constitutes a video archive?" on page 225
• "Managing the archive storage" on page 226

What constitutes a video archive?

Each Archiver is responsible for its own video archive for the cameras it controls. The video
archive is divided into two parts:
• The archive database
• The archive storage

The archive database

Each Archiver role maintains an archive database. It keeps four types of information:
• Catalog of the recorded video footage.
• Events associated with the recorded video footage, such as motion detected, bookmarks,
and occasionally metadata (in the future).
• Events describing the recording activities, such as when recording started and stopped, and
what triggered the event.
• Events related to the archiving process, such as Disk load is over 80%, and Cannot write to
any drive.

The archive storage

The Archiver role does not keep the actual video footage in the database. Instead, it is kept on
disk, in small files with a G64 extension, called video files. Each video file contains one or many
discrete short sequences of video. The location of these files and the description of the video
sequences they contain (camera, beginning and end of sequence) are kept in the catalog
managed by the Archiver.
For information on how to configure the archive database and storage for an Archiver role, see
Archiver – "Resources" on page 537.

[Link] | Security Center Administrator Guide 5.2 225

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing video archives

Managing the archive storage

Managing the archive storage involves the following tasks:
• Estimating how much storage you need
• Configuring automatic disk cleanup
• Optimizing access to your storage devices
• Monitoring the storage usage

Estimating how much storage you need

The storage requirements must be evaluated for each Archiver role, since they can control
different numbers of cameras. The storage requirement is affected by the following factors:
• The number of cameras that need archiving.
• The number of days you need to keep the archive online.
See "Configuring automatic disk cleanup" on page 226.
• The percentage of recording time.
The percentage of recording time depends on the selected archiving mode. Recording can
be configured for different times during the day as continuous, triggered by motion and
user request, only upon user request, or off. For information on how to configure the
recording mode, see Archiver – "Recording modes" on page 526.
• Frame rate.
The higher the frame rate, the more storage space the recording will require. For
information on configuring the recording frame rate, see Camera – "Video" on page 373.
• Image resolution.
The higher the image resolution, the more storage space the recording will require. The
image resolution is determined by the video data format in effect. For a description of the
available video data format, see Camera – "Video" on page 373.
• The expected percentage of movement.
Instead of the whole image for every single frame, most video encoding schemes compress
data by storing only the image changes between consecutive frames. Therefore, recording a
scene that is in constant movement requires a lot more storage than recording a quiet scene.
TIP Checking the disk usage statistics regularly is the best way to estimate future disk space
requirements, and allows you to make adjustments in a timely manner. See Archiver – "Archiver
statistics" on page 542.

Configuring automatic disk cleanup

The Archiver uses two methods to free up storage space for new video files:
• The first method is to delete the oldest video files when running out of disk space. This is
the simplest method if the video footage from all cameras is of equal importance, and if you

[Link] | Security Center Administrator Guide 5.2 226

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing video archives

wish to keep as much footage as possible. This method maximizes disk usage. For
information on how to configure this option, see Archiver – "Advanced settings" on
page 536.
• The second method is to specify for each camera the number of days the recorded footage
needs to be kept online. When the that timer period expires, the video is automatically
deleted, even if disk space has not run out. This method allows you to keep more important
video footage for a longer period of time. For information on how to set this option, see
Camera – "Recording" on page 382.
The Archiver can also be instructed not to delete any video files. In this case, archiving stops
when disk space runs out.

Optimizing access to your storage devices

The main bottleneck on the Archiver is disk throughput. The Archiver has a way to alleviate
this problem by simultaneously writing to multiple disks. This optimization is achieved by
spreading the video archive over several disk groups.
Each disk group must correspond to a separate disk controller. By splitting the video archive
from different cameras over different disk groups, you can effectively attain the maximum
throughput in terms of disk access.

To distribute the archiving cameras over multiple disk groups:

1 From the Role view in Config Tool, select the Archiver entity.
2 Select the Resources tab.
3 Create a new disk group.
See Archiver – "Archive storage settings" on page 540.
4 Click Camera distribution ( ).
5 Using the dialog box that appears, distribute the cameras between the disk groups by
selecting them one at a time and moving them with the arrow buttons.
6 Click Close > Apply.

Monitoring the storage usage

Given the importance of your video archive, you should monitor disk usage so archiving does
not get interrupted inadvertently. There are many ways to monitor disk usage:
• Program event-to-action behaviors to alert you when the Archiver is running out of disk
space or has stopped archiving. For more information, see "Using event-to-actions" on
page 106.
• Regularly check the Archiver statistics. See Archiver – "Archiver statistics" on page 542.

[Link] | Security Center Administrator Guide 5.2 227

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Protecting your video archives

Protecting your video archives

This section discusses how to enhance the security of your video archives.
This section includes the following topics:
• "Protecting your video archive against storage failure" on page 228
• "Protecting your video archive against hardware failure" on page 228
• "Protecting video archive against routine cleanup" on page 230
• "Protecting video archive against tampering" on page 230

Protecting your video archive against storage failure

The best protection for your video archive is regular backups.

Backing up your video archive

You need to back up both the archive database and the video files at the same time. The video
files must be backed up manually, and in their entirety (by default, everything under the
VideoArchives folder), and must correspond to the catalog stored in the archive database.
For information on how to backup the database, see "Back up your role database" on page 57.

Restoring your video archive

You need to restore the video files to the VCDexact same location where they were originally
stored. If you are restoring the files to a different server, the relative path to the video files root
folder (by default VideoArchives) from the new server must be the same as the path from the old
server. Otherwise, the Archiver role will not be able to find them.
For information on how to restore the database, see "Restore your role database" on page 58.

Protecting your video archive against hardware failure

When the server hosting the Archiver role fails, two main functions of your video system are
disabled. First, you lose control over the live video (viewing cameras, controlling the PTZ
camera, archiving, etc.), because it is the Archiver that controls the video units. Second, you lose
access to your archived video, because it can only be accessed through the Archiver that created
it. This is true even if your database server is not the same computer as the one that failed.

About Archiver failover

Failover can counter the first problem posed by hardware failure. Adding a secondary server to
your Archiver role effectively minimizes the down time over the live video.
For Archiver failover, the following conditions apply:

[Link] | Security Center Administrator Guide 5.2 228

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Protecting your video archives

• Only one primary server and one secondary server can be assigned to an Archiver role.
• The primary and secondary servers must each have their own database, hosted locally, or on
another computer.
• To make sure that the video archived by the primary server is still available if it fails to the
secondary server, you must turn on redundant archiving. This ensures that the primary and
secondary servers can archive video at the same time, and that they each manage their own
copy of the video archive.
NOTE You can set up redundant archiving on all cameras managed by the Archiver role, or
protect just a few important cameras. For more information, see Archiver – "Camera
recording" on page 526.
An alternative solution to protecting your video archives is to use Auxiliary Archivers. For more
information, see "Configuring the Auxiliary Archiver role" on page 205.

Careful load planning for failover

Depending on the archiving load of the Archiver role (meaning the number of cameras it is
archiving and the video quality for each), the additional load it places on its secondary server as
a result of a failover can affect that server’s ability to perform. This happens when the failover
archiving load added to the existing archiving load of the secondary server exceeds the archiving
capability of that server. Additional roles hosted on the secondary server can also affect its
archiving capability.
When selecting a server as a secondary server for an Archiver role, consider the following:
• How much spare power does the secondary server have?
If the secondary server has other functions, it is unlikely be able to absorb the full load of
another server.
NOTE Based on recent benchmarks, a high-end server dedicated to video archiving cannot
handle more than 300 Mbps of data or 300 cameras, whichever comes first.
TIP To alleviate the failover load on a server, Genetec recommends defining multiple
Archiver roles with fewer video units each. They can all share the same primary server, but
should all fail over to different secondary servers.
• How long is a typical failover expected to last?
The longer a failover lasts, the more additional disk space you need to reserve for archiving.
For more information, see "Estimating how much storage you need" on page 226.
• Is some video less important?
The command and control of the video units uses much less resources compared to video
archiving. Any server can handle a lot more video units if it is only required to take care of
the command and control function over them.
If video archiving is not equally important on all cameras, you can entrust all important
cameras to one Archiver role and give it a higher archiving priority than the rest. That way, if
multiple Archiver roles happen to fail over to the same server at the same time, archiving

[Link] | Security Center Administrator Guide 5.2 229

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Protecting your video archives

will be maintained for the important cameras. For more information, see "Configure
standby archiving priorities" on page 539.

Archiver failover limitation

The failover process might take 15 to 30 seconds. During that time, no video will be recorded.
Live video viewing will not be affected by the Archiver failover. However, if a user adds a
bookmark during that small time window, no bookmark will be added, because the Archiver
role is not ready to accept the command, and no operation failure will be reported in Security
Desk.

Protecting video archive against routine cleanup

By default, video files are not kept indefinitely. Old video files can be deleted by the Archiver to
make space for new video, or they can be deleted simply because their time has expired. See
"Configuring automatic disk cleanup" on page 226.
If important video footage needs to be kept beyond its normal retention period, you can protect
it temporarily, or indefinitely. See "Protecting video files" on page 232.
CAUTION Too many protected video files on a disk can waste valuable storage space for new
video files. To make sure this does not happen, regularly check the percentage of protected video
files on each disk (see Archiver – "Protected video file statistics" on page 543).
TIP An alternative to protecting video files is to export the desired video sequence to a different
location. See “Exporting video” in the Security Desk User Guide.

Protecting video archive against tampering

When video evidence is to be used in court, its integrity is of paramount importance.
Watermarking is the Security Center way of proving that video has not been altered.
Video watermarking is the process of adding a digital signature to every recorded video frame
to ensure its authenticity. If anyone later tries to make changes to the video (add, delete, or
modify a frame or a section of the video), the signatures will no longer match, proving that the
video has been tampered with. In other words, if a video sequence passes the watermark test, it
is faithful to the original.

To enable video watermarking on an Archiver:

1 From the Home page in Config Tool, open the System task.
2 Click the Role view, and select the Archiver entity.
3 Click the Resources tab, and click Advanced settings.
See Archiver – "Advanced settings" on page 536.
4 Switch the Video watermarking option to ON, and click OK.
5 Click Apply.

[Link] | Security Center Administrator Guide 5.2 230

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Protecting your video archives

Set up a custom encryption key

You can generate your own encryption key and ask the Archiver to use it.
1 Run the program called [Link] found in the Security CenterSecurity
Center Server installation folder.
The program will generate two 1 kB files named [Link] and [Link]. The first file
contains a random 20 Byte initial fingerprint used for the encryption. The second file
contains an RSA 248-bit encryption key. These two files will be different every time the
program is executed.
2 Keep a copy of these files in a safe place.
3 Place another copy of these files in the Security Center Server installation folder.
4 From the Home page in Config Tool, open the System task.
5 Click the Role view, and select the Archiver entity.
6 To restart the role, click Deactivate, and then Activate in the Contextual commands toolbar..
The next time the Archiver records video to disk, the video files will be watermarked, and the
fingerprint will be encrypted using the new encryption key.
IMPORTANT If you assign a second server to the Archiver role, it must use the same custom
encryption files. This means you must place a copy of the encryption files in the Security Center
Server installation folder of the second server.

[Link] | Security Center Administrator Guide 5.2 231

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Protecting video files

Protecting video files

You can protect video files from being automatically deleted by the system when the Archiver’s
disk space becomes full.

You might protect a larger segment than what you select because the Archiver cannot protect
partial files.
"Protecting your video archives" on page 228.

To protect a video file:

1 From the Home page, open the Archive storage details task
2 Generate your report (see "Generate a report" on page 30).
The video files associated with the selected cameras are listed in the report pane. For
information about the report columns available, see "Report pane columns" on page 730.
3 From the report pane, select the video file to protect, and then click Protect ( ).
NOTE To select multiple video files, hold the CTRL or SHIFT keys.
4 In the Start and End columns in the Protect archives dialog box, set the time range of the
video file to protect.

[Link] | Security Center Administrator Guide 5.2 232

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Protecting video files

5 Select how long to protect the video file for, from one of the following options:
 Indefinitely. No end date. You must remove the protection status manually by selecting
the video file in the report pane, and then clicking Unprotect ( ).
NOTE When you unprotect a video file, it is not immediately deleted. You have 24 hours
to change your mind (see "Archive storage settings" on page 552).
 For x days. The video file is protected for the number of days that you select.
 Until. The video file is protected until the date that you select.
6 Click Protect.
The video file is protected.

[Link] | Security Center Administrator Guide 5.2 233

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing properties of video files

Viewing properties of video files

You can find the of video files used to store video archives from cameras, and view the properties
of the video files (file name, start and end time, file size, protection status, and so on), using the
Archive storage details report. You can also change the protection status of the video files.

To view the properties of a video file:

1 From the Home page, open the Archive storage details task.
2 Generate your report (see "Generate a report" on page 30).
The video files associated with the selected cameras are listed in the report pane, along with
their file properties. For information about the report columns available, see "Report pane
columns" on page 730.
3 To view a video sequence in a tile, double-click or drag a video file from the report pane to
the canvas.
The selected sequence immediately starts playing.
After you are done:
• To export an important video archive, select the item in the report pane, and then click
Export video ( ). For more information, see “Exporting video” in the Security Desk User
Guide.
• To remove a video file from the database, select the item in the report pane, and then click
Delete ( ).
• To protect an important video archive from automatic deletion, select the item in the report
pane, and then click Protect ( ). For more information, see "Protecting video files" on
page 232.
EXAMPLE If you protected an important video file, you can search for that camera, see when
the protection status is going to end, and extend the amount of time, if needed. Also, if the video
file is not yet protected, you can protect it.

[Link] | Security Center Administrator Guide 5.2 234

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Replace video units

Replace video units

If a video unit fails and is offline in Security Center (red in the Logical view), you can replace the
unit with a compatible one. This process copies the video archives and event logs associated with
the old unit to the new one, so that the video archives are not lost.
IMPORTANT You need to copy over the configuration settings to the new video unit and all the
cameras it controls before replacing the unit using the Unit replacement tool.
Before you begin: The new video unit must be the same brand and model as the old one, or
you will receive the following error message: Units’ extension does not match.
1 Add a new video unit to the Archiver controlling the old unit.
For information about adding a video unit, see "Adding video units to your system" on
page 194.
2 Copy the configuration settings of the old video unit to the new video unit, using the Copy
configuration tool.
See "Copy configuration tool" on page 674.
3 Copy the configuration settings of the cameras controlled by the old video unit to the new
cameras, using the Copy configuration tool.
See "Copy configuration tool" on page 674.
4 Click the Home tab, and then click Tools > Unit replacement tool.
5 In the Unit type option, select Cameras.
6 Select the Old and the New cameras.
For more information about searching for entities, see "Search for entities using the Search
tool" on page 43.
7 Click Swap.
The video archives and event logs of the old video unit are copied to the new one.
8 Verify that the video archives are now associated with the new video unit.
a Open Security Desk.
b From the Home page, open the Archives task.
c Select a camera that is controlled by the new video unit.
All days that include video archives for the selected camera are listed in the All available
tab.
d Click Generate report.
9 Once everything is verified, return to the Config Tool Video task.
10 In the Logical view, right-click the old unit, and click Delete ( ).
11 In the confirmation dialog box that opens, click Continue.

[Link] | Security Center Administrator Guide 5.2 235

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Diagnosing video streams

Diagnosing video streams

In Security Desk, you can diagnose the status of video streams that are displayed in the canvas.

This can help you determine if there is a potential problem with the video stream, the Archiver,
the redirection to Security Desk, and so on.

To diagnose a video stream:

1 In Security Desk, display a camera in a tile.
2 Press CTRL+SHIFT+R.
Diagnostic information about the video stream is overlaid in the tile.
3 Click OK to view information about each of the following video stream connections:
 Archiver. The connection status from the camera to the Archiver role.
 Redirector. The connection status from Archiver role to the redirector.
 Media player. The connection status from the redirector to your Security Desk
workstation.
4 Click Close.

[Link] | Security Center Administrator Guide 5.2 236

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Video units are offline

Troubleshooting: Video units are offline

When the camera is red in the Logical view, it means that it is offline, or the communication with
the Archiver role has been lost.

When a unit is offline in Security Center, it usually coincides with a Unit lost event in Security
Desk. This could be caused by an unstable network connection, or issues with the unit itself.

To troubleshoot why a unit is offline:

1 Ping the unit.
a In Video task in Config Tool, select the red video unit.
b At the bottom of the Video task, click Ping ( ).
 If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on),
or there is a problem with your network.
 If you can ping the unit, continue with Step 2.
2 Open the unit’s Web page by typing its IP address in a Web browser.
3 Reboot the unit.
a In Video task in Config Tool, select the red video unit.
b At the bottom of the Video task, click Reboot ( ).
4 Make sure the unit is supported by Security Center, and that it is running the certified
firmware.
For a list of video units supported by Security Center, see the Supported Devices list on
GTAP, at [Link] You’ll need a username
and password to log on to GTAP.
5 Restart the Archiver role controlling the unit.
a In the Video task in Config Tool, select the Archiver.
b At the bottom of the Video task, click Deactivate role ( ).
c In the confirmation dialog box that opens, click Continue.
The Archiver turns red.
d At the bottom of the Video task, click Activate role ( ).
6 If the video unit is still offline, contact technical support.
See "Technical support" on page 878.

[Link] | Security Center Administrator Guide 5.2 237

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cannot view live video

Troubleshooting: Cannot view live video

If you cannot view video in Security Desk, you can try to troubleshoot the issue.

Some of the reasons you might not be receiving a video signal are the following:
• The network is slow.
• There is some sort of block due to your port connections.
• The video stream was dropped while it was being redirected to Security Desk.
To troubleshoot why you cannot view live video:
1 Wait to see if the camera connects.
2 If the problem persists for more than 10 seconds, then click Show diagnosis in the tile, or
press CTRL+SHIFT+D.
Information about the video stream is displayed. An arrow indicates the video stream issue
that is occurring:

 Initializing. The media player is preparing the necessary resources to display the video as
soon as the stream comes in.
 Connecting to Media Router. The media player is establishing connection with the Media
Router in order to obtain the network location of the stream.
 Connecting to Archiver. The media player is currently establishing connection with the
Archiver or the Redirector in order to request video.
 Requesting live stream. The connection is properly established between the Archiver and
the Media Player. The Media Player is now requesting the live stream.
 Analyzing the stream. The stream was properly requested and received by the client
workstation. The media player is analyzing the stream to detect the video format and the
presence of key frames. Once the stream is validated, then the video will be decoded.
TIP You can click the Help button for a quick reference list of things you can try to
troubleshoot the issue.

[Link] | Security Center Administrator Guide 5.2 238

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cannot view live video

3 Make sure that the unit is online.

If the unit is red in the Logical view, see "Troubleshooting: Video units are offline" on
page 237.
4 Make sure you can ping the unit, as follows:
a In Video task in Config Tool, select the red video unit.
b At the bottom of the Video task, click Ping ( ).
 If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on),
or there is a problem with your network.
 If you can ping the unit, continue with Step 5.
5 Make sure you can connect to the unit’s web page by typing its IP address in a Web browser.
6 Make sure the unit is supported by Security Center, and that it is running the certified
firmware.
For a list of video units supported by Security Center, see the Supported Devices list on
GTAP, at [Link] You’ll need a username
and password to log on to GTAP.
7 Change the video unit’s connection type to the Archiver.
a In Video task in Config Tool, select the red camera.
b Click the Video tab.
c From the Connection type drop-down list in the Network settings section, select a
different connection type.
d Click Apply.
8 Try viewing playback video from the camera.
a In the Archives task in Security Desk, select the camera.
b Select the most recent video archive available, and then click Generate report.
c Once the report is generated, try to view the video from the archive.
 If you can view the video, continue with Step 9.
 If you cannot view any video, contact technical support (see "Technical support" on
page 878).
9 If you have an expansion server on your system running the Archiver role, try to view video
from the expansion server.
a Open Security Desk on the expansion server.
b In the Monitoring task, drag the camera from the Logical view to a tile in the canvas.
 If you can view video, it might be a problem with the redirection from the Media
Router to your Security Desk. Continue with Step 10.
 If you cannot view any video, contact technical support (see "Technical support" on
page 878).
10 Make sure the correct ports are open on your network.

[Link] | Security Center Administrator Guide 5.2 239

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cannot view live video

For a list of default ports that are used in Security Center, see “Default Security Center
ports” in the Security Center Administrator Guide.
11 Make sure your networks are configured properly.
a In the Network view task in Config Tool, select a network.
b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet
mask, routes, and so on).
c Change the network settings if needed, and then click Apply.
d Repeat Step a and Step b for all the networks on your system.
For more information about configuring network settings, see “Network view” in the
Security Center Administrator Guide.
12 Force Security Desk to use a different connection type.
a In the Home page in Security Desk, click Options.
The Options dialog box opens.
b Click the General page.
c In the Network options section, next to the Network option, select Specific.
d From the drop-down list, select a different network, and then click Save.
e Restart Security Desk.
f If changing the network connection does not work, repeat Step a to Step e to test using
other networks.
13 If you still cannot view video, click Show video stream status in the tile, and then diagnose
the video stream (see "Diagnosing video streams" on page 236).
14 If the issue persists, contact technical support (see "Technical support" on page 878).

[Link] | Security Center Administrator Guide 5.2 240

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: “Impossible to establish video session with the server” errors

Troubleshooting: “Impossible to establish video session with

the server” errors
If you receive an Error: Impossible to establish the video session with the server message, you can
try to determine the cause.

The Error: Impossible to establish video session with the server message could show up for
multiple reasons. There could be a problem with your server, the Media Router role, the
Federation role, the Archiver role, or the video unit itself.

To diagnose an Impossible to establish video session with the server error:

1 Make sure your server is running.
2 Make sure the Archiver role is online.
a In the Video task in Config Tool, select the Archiver.
b At the bottom of the Video task, click Diagnose ( ).
c If there are issues, try to fix them.
3 If you are trying to view a federated camera, make sure the Security Center Federation role
or the Omnicast Federation role is online.
a In the System task in Config Tool, click the Roles view.
b Select the Federation role, and at the bottom of the task, click Diagnose ( ).
c If there are issues, try to fix them.
4 If you are trying to view a federated camera, make sure the server of the federated Security
Center system is online.
5 It might be a connection problem with the Media router. Make sure the Media Router role is
online.
a In the System task in Config Tool, click the Roles view.
b Select the Media Router role, and at the bottom of the task, click Diagnose ( ).
c If there are issues, try to fix them.
6 Restart the Media Router role.
a In the System task in Config Tool, click the Roles view.
b Select the Media Router role, and at the bottom of the task, click Deactivate role ( ).
c In the confirmation dialog box that opens, click Continue.
The Media Router turns red.
d At the bottom of the System task, click Activate role ( ).
7 Check if the video unit is offline (see "Troubleshooting: Video units are offline" on
page 237).

[Link] | Security Center Administrator Guide 5.2 241

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: No playback video available

Troubleshooting: No playback video available

If you cannot view playback video or video archives in Security Desk, you can try to troubleshoot
the issue.

Some of the messages you might see if you cannot view playback video are the following:
• Initializing. The media player is preparing the necessary resources to display the video as
soon as the stream comes in.
• Connecting to Archiver. The media player is currently establishing connection with the
Archiver or the Redirector in order to request video.
• Requesting playback stream. The playback stream is being requested for a time range that
has never been downloaded before.
• Connecting to video unit. The Archiver is establishing connection with the video unit for
edge playback.
• No data available. The Archiver could not find any data for the requested date and time.
To troubleshoot why you cannot view playback video:
1 Try viewing live video from the camera.
a In the Monitoring task in Security Desk, drag the camera from the Logical view to a tile
in the canvas.
 If you can view live video, continue with Step 2.
 If you cannot view any video, see the following troubleshooting section:
"Troubleshooting: Video units are offline" on page 237.
2 Try viewing playback video from the Archives task.
a In the Archives task in Security Desk, select a camera.
b Search for video archives at different dates and times, and then click Generate report.
c Once the report is generated, try to view video from the archives.
d Repeat Step a to Step c with other cameras.
 If you can view the video from some of the video archives, go to Step 3.
 If you cannot view any video, go to Step 4.
3 Make sure the unit is supported by Security Center, and that it is running the certified
firmware.
For a list of video units supported by Security Center, see the Supported Devices list on
GTAP, at [Link] You’ll need a username
and password to log on to GTAP.
4 Try viewing playback video from the Archives task on another Security Desk, and on the
server where the Archiver role is running (follow the substeps in Step 2).

[Link] | Security Center Administrator Guide 5.2 242

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: No playback video available

 If you can view video, it might be a problem with the redirection from the Media Router
to your Security Desk. Continue with Step 5.
 If you cannot view any video, contact technical support (see "Technical support" on
page 878).
5 Make sure the correct ports are open on your network.
For a list of default ports that are used in Security Center, see "Default Security Center
ports" on page 785.
6 If you still cannot view playback video, contact technical support (see "Technical support"
on page 878).

[Link] | Security Center Administrator Guide 5.2 243

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cameras not recording

Troubleshooting: Cameras not recording

If you cannot record video, you can try to determine the cause of the issue.

If you can view live video from a camera but cannot record video, it might be due to the
recording mode of the camera, the Archiving schedule, the Archiver role database, or even your
CPU usage.
Some of the ways you can tell if the camera is not recording are the following:
• If you are viewing live video, the recording status of the camera is indicated in the lower-
right corner of the tile. If the status indicates , the camera is currently not recording.
• You are trying to view playback video, but there is no video available for the date and time
you selected, and you know that there should be.

To troubleshoot why a camera is not recording:

1 Make sure the unit is supported by Security Center, and that it is running the certified
firmware.
For a list of video units supported by Security Center, see the Supported Devices list on
GTAP, at [Link] You’ll need a username
and password to log on to GTAP.
2 Verify the camera recording type.
a In the Video task in Config Tool, select the red camera.
b Click the Recording tab.
 If the Recording settings option is set to Custom settings, check that all the recording
settings are correct, and then click Apply.
 If the Recording settings option is set to Inherit from Archiver, continue with Step c.
c In the Video task, select the Archiver.
d Click the Camera recording tab.
e In the Recording modes section, make sure the Archiver is set to record on the right
Schedule, and that the recording Mode is not set to Off.
3 If the camera recording mode is set to On motion/manual, make sure the motion detection
settings are configured properly.
a In the Video task in Config Tool, select the red camera.
b Click the Motion detection tab.
c Verify the motion detection settings.
Fore more information, see “Motion detection” in the Security Center Administrator
Guide.
4 Check the status of the Archiver role database.
a In the Video task in Config Tool, select the Archiver.

[Link] | Security Center Administrator Guide 5.2 244

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cameras not recording

b Click the Resources tab.

 If the Archiver database status is Connected, go to Step 5.
 If the Archiver database status is Disconnected, or Unavailable, continue with Step c.
c Click Create a database ( ).
CAUTION Do not overwrite the existing database, or your video archives will be deleted.

NOTE When you create a new database, the video archives from the old database are no
longer included in Security Center searches, and will not be deleted by automatic database
cleanups.
 If the camera can record using the new Archiver database, you can continue to use the
new database.
 If the camera is still not recording, revert back to the original database, and continue
with Step 5.
5 Check how much disk space is available for archiving.
a In the Video task in Config Tool, select the Archiver.
b Click the Resources tab.
c In the disk information table, make sure the Min. free space value is at least 0.2% of the
Total size value.
The Min. free space is the minimum amount of free space that the Archiver must leave
untouched on the disk.
d If the Min. free space value is less than 0.2% of the Total size, click on the value, and
then increase it.
6 Check for Archiving stopped and Recording stopped events that occurred on your system.
In Windows on the server where the Archiver role is running, open the .log files, located in
C:\ArchiverLogs.
If there are Archiving stopped or Recording stopped events in the Entry type column,
restart the Genetec Server service.
a Open your Windows Control Panel.
b Click Administrative Tools > Services.
c Click the Genetec Server service, and then click Restart.
7 Check for Transmission lost and RTP packet lost events that occurred on your system.
In Windows on the server where the Archiver role is running, open the .log files, located in
C:\ArchiverLogs.
 If there are many Transmission lost and RTP packet lost events in the Entry type
column, then it might be a CPU usage or network issue. Continue with Step 8.
 If there are not many Transmission lost and RTP packet lost events, go to Step 9.
8 Check your CPU usage.
a Right-click in the Windows taskbar.

[Link] | Security Center Administrator Guide 5.2 245

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cameras not recording

The Windows Task Manager opens.

b Click the Performance tab, and make sure the CPU Usage is not over 60%.
If the CPU usage is over 60%, restart the server, and consider adding more CPU to the
server.
c Click the Networking tab, and make sure the network Link speed is not over 300 Mbps.
9 If you are only experiencing recording problems with one video unit, try the following:
a In the Video task in Config Tool, right-click on the red video unit, and then click Delete.
b In the confirmation dialog box that opens, choose if you want to keep the video archives
from the unit.
The video unit is removed from the Archiver.
c Add the video unit.
For more information about adding units in Security Center, see the Security Center
Administrator Guide.
10 If you still cannot record video on the camera, contact technical support (see "Technical
support" on page 878).

[Link] | Security Center Administrator Guide 5.2 246

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cannot add video units

Troubleshooting: Cannot add video units

If you are having trouble adding a video unit to an Archiver, you can try to determine the cause
of the issue.

When you cannot add a video unit, it might be due to network issues, user credential issues, and
so on.
Best practice: Log on to Config Tool as an administrator.

To troubleshoot why a video unit cannot be added:

1 Ping the unit.
a In Video task in Config Tool, select the red video unit.
b At the bottom of the Video task, click Ping ( ).
 If there is no reply, the unit is offline (the unit could be broken, unplugged, and so on),
or there is a problem with your network.
 If you can ping the unit, continue with Step 2.
2 Open the unit’s Web page by typing its IP address in a Web browser.
3 Reboot the unit.
a In Video task in Config Tool, select the red video unit.
b At the bottom of the Video task, click Reboot ( ).
4 Try adding the unit again.
5 Make sure that you have a free camera connection in your Security Center license.
a From the Home page in Config Tool, click the About page, and click the Omnicast tab.
b In the Number of cameras license option, make sure there is a camera connection still
available.
6 Make sure the unit is supported by Security Center, and that it is running the certified
firmware.
For a list of video units supported by Security Center, see the Supported Devices list on
GTAP, at [Link] You’ll need a username
and password to log on to GTAP.
7 Make sure you are using the correct credentials when trying to add the unit. For some
manufacturers, you have to set the default credentials from the Archiver Extensions tab.
a From the Video task in Config Tool, select the Archiver to which you are trying to add
the video unit.
b Click the Extensions tab.
c To add the extension for the video unit, click Add an item ( ), select the extension
type, and click Add.

[Link] | Security Center Administrator Guide 5.2 247

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cannot add video units

d Select the extension.

e In the Default logon section, enter the username and password for the unit.
8 Make sure the Archiver is connected to the correct database.
a In the Video task in Config Tool, select the Archiver.
b Click the Resources tab.
 If the Archiver database status is Connected, go to Step 9.
 If the Archiver database status is Disconnected, or Unavailable, continue with Step c.
c Click Create a database ( ).
CAUTION Do not overwrite the existing database, or your video archives will be deleted.

NOTE When you create a new database, the video archives from the old database are no
longer included in Security Center searches, and will not be deleted by automatic database
cleanups.
9 Make sure the Media Router is connected to the correct database.
NOTE If the camera was previously added in Security Center and the IP address or name was
changed, you can also re-create the Media Router database.
a In the Video task in Config Tool, select the Media Router.
b Click the Resources tab.
 If the Media Router database status is Connected, go to Step 10.
 If the Media Router status is Disconnected, or Unavailable, continue with Step c.
c Click Create a database ( ).
10 Try adding the unit with the firewall turned off.
For information about how to disable Windows firewall, see KBA00596: “Recommended
Windows Firewall Settings” on GTAP, at [Link]
[Link]?kbid=596.
IMPORTANT Do not turn off the firewall permanently. Reactivate it after your tests are
complete.
11 Make sure your networks are configured properly.
a In the Network view task in Config Tool, select a network.
b Click the Properties tab, and make sure all the settings are correct (IP prefix, subnet
mask, routes, and so on).
c Change the network settings if needed, and then click Apply.
d Repeat Step a to Step c for all the networks on your system.
For more information about configuring network settings, see “Network view” in the
Security Center Administrator Guide.
12 Make sure the Archiver, Media Router, and all redirectors are using the correct NICs
(network interface cards).
a From the System task in Config Tool, click the Roles view.

[Link] | Security Center Administrator Guide 5.2 248

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cannot add video units

b Select the Archiver role, and click the Resources tab.

c From the Network card drop-down list, select the appropriate NIC.
d In the Logical view, select the Media Router role, and click the Resources tab.
e Under the Servers section, click Advanced ( ).
f Select the appropriate Network card for each server, and click Apply.
g Click the Properties tab.
h Select a Redirector, and click Edit the item ( ).
i From the Multicast interface drop-down list, select the appropriate NIC.
j Repeat Step h and Step i for each redirector.
13 Try adding the unit.
14 Verify the NICs priority in Windows.
a In Windows, click Start > Run, and type [Link].
The Network Connections window opens.
b Click the Advanced menu above and select Advanced Settings.
c Note which NIC on your server is configured as network priority one (at the top of the
Connections list), and which is configured as priority two.
d If needed, use the arrow buttons on the right side to move the different connections up
and down in the list.
15 Try adding the unit.
16 Make sure the Media Router role is online.
a In the System task in Config Tool, select the Media Router role.
b At the bottom of the System task, click Diagnose ( ).
c If there are issues, try to fix them.
17 Make sure the Archiver role is online.
a In the Video task in Config Tool, select the Archiver.
b At the bottom of the Video task, click Diagnose ( ).
c If there are issues, try to fix them.
18 If you still cannot add the video unit, contact technical support (see "Technical support" on
page 878).

[Link] | Security Center Administrator Guide 5.2 249

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: Cannot delete video units

Troubleshooting: Cannot delete video units

If you cannot delete a video unit from Security Center, you can temporarily deactivate the
Archiver.

To delete a video unit:

1 In the Video task in Config Tool, select the Archiver.
2 At the bottom of the Video task, click Deactivate role ( ).
3 In the confirmation dialog box that opens, click Continue.
The Archiver and all video units controlled by the role turn red.
4 Select the video unit, and at the bottom of the Video task, click Delete ( ).
5 Select the Archiver, and at the bottom of the Video task, click Activate role ( ).

[Link] | Security Center Administrator Guide 5.2 250

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting: H.264 video stream issues

Troubleshooting: H.264 video stream issues

If you are having problems viewing H.264 video streams, you can disable the
AVCodec_ErrorRecognition advanced Archiver role setting.

To solve H.264 video stream issues:

1 From the Video task in Config Tool, select the Archiver to configure.
2 Click the Resources tab.
3 At the bottom of the Resources tab, click Advanced settings.
4 Click Additional settings.
5 In the Additional settings dialog box, click Add an item ( ).

6 In the Name column, type AVCodec_ErrorRecognition.

7 In the Value column, type 0.
8 Click Close.
9 In the Advanced settings dialog box, click OK.
10 In the Resources tab, click Apply.
11 When you are asked to restart the Archiver, click Yes.

[Link] | Security Center Administrator Guide 5.2 251

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Investigating Archiver events

Investigating Archiver events

You can search for events related to Archiver roles, using the Archiver events report.

You can check the status of an Archiver by selecting it, setting a time range of a week, and
making sure there are no critical events in the report. You can also troubleshoot an Archiver by
searching for important events, such as Disk load is over 80% or Cannot write to any drive, and
see when those events occurred.

To investigate Archiver events:

1 From the Home page, open the Archiver events task.
2 Generate your report (see "Generate a report" on page 30).
The Archiver events are listed in the report pane. For information about the report columns
available, see "Report pane columns" on page 730.

[Link] | Security Center Administrator Guide 5.2 252

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Part IV

Synergis IP access control

Learn how to set up, configure, and manage your Synergis system in Security Center.
This part includes the following chapters:
• Chapter 10, “Deploying Synergis” on page 254
• Chapter 11, “Managing Synergis” on page 299
 10
Deploying Synergis
This section explains how to set up your access control system for the first time.
This section includes the following topics:
• "What is Synergis?" on page 255
• "Synergis deployment process" on page 259
• "Configuring the Access Manager role" on page 263
• "Configuring access control units" on page 270
• "Configuring doors" on page 271
• "Using the Walkthrough wizard" on page 274
• "Configuring elevators" on page 277
• "Configuring secured areas" on page 281
• "Configuring access rules" on page 284
• "Configuring cardholders and cardholder groups" on page 286
• "Configuring credentials" on page 288
• "Defining badge templates" on page 292
• "Testing your configuration" on page 298

[Link] | Security Center Administrator Guide 5.2 254

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What is Synergis?

What is Synergis?
Synergis™ is Security Center’s IP access control system. From access control reader to client
workstation, Synergis provides end-to-end IP connectivity. Synergis integrates a variety of access
control capabilities including, but not limited to, badge design, visitor management, elevator
control, zone monitoring and more.
Synergis was designed with an open and distributed architecture. Build your system with new
IP readers or use what you already have. Integrate your access control system with other third-
party systems, like intrusion or building management, and distribute Synergis server
components on many different network computers to optimize bandwidth and workload.
Synergis Enterprise supports an unrestricted number of doors, controllers and client
workstations. You can grow your system one door at a time or scale your system across multiple
buildings using the Federation feature.

How does Synergis work?

Synergis architecture is based on the server role known as the Access Manager, which controls
the physical door controllers.

[Link] | Security Center Administrator Guide 5.2 255

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What is Synergis?

The following provides a general description of how Synergis architecture works:

• System configurations are saved by the Directory role.
• The Directory pushes configurations to the Access Manager.
• Access Manager communicates directly with the physical door controllers (called access
control units) over TCP/IP.
• Access Manager pushes schedules, cardholder information, and access rules to the door
controllers.
• When a cardholder presents their credential to a reader, the controller refers to the access
rule to determine whether the user should be granted or denied access.
• Once controllers have synchronized with the Access Manager, they can operate
autonomously, even if they lose the network connection to the Access Manager.
With additional configuration, a cardholder can belong to a cardholder group, a door can be
part of an area, and there can be multiple schedules and rules pushed to a unit.

What are Synergis entities?

The Synergis access control system uses the following entity types:

Icon Entity Description

Access Manager (role) Role that manages the door controllers on the system.
See "Access Manager" on page 515.

Access control unit Door controller (to which a reader is attached).

See "Access control unit" on page 341.

Access rule Logic used to determine whether to grant access or not.

See "Uniqueness of the Synergis model" on page 257 and "Access
rule" on page 353.

Area Simple grouping of doors and elevator floors or secured area with
full access control behavior, including antipassback and
interlock. See "Area" on page 364.
Badge template Custom-designed printing template for user credentials.
See "Badge template" on page 369.

Cardholder Individual who possesses a credential.

See "Cardholder" on page 399.

Cardholder group Group of cardholders sharing common characteristics.

See "Cardholder group" on page 402.

Credential Claim of identity (card, PIN, biometric scan, etc).

See "Credential" on page 405.

[Link] | Security Center Administrator Guide 5.2 256

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What is Synergis?

Icon Entity Description

Door Physical barrier controlled by an access control unit.

See "Door" on page 408.

Elevator A single elevator cabin. See "Elevator" on page 414.

Schedule Date and time range. See "Schedule" on page 467.

Partition Group of entities on the system visible only to a group of users. See
"Partition" on page 451.

User Individual who uses Security Center applications.

See "User" on page 486.

User group Group of users sharing common characteristics.

See "User group" on page 493.

Uniqueness of the Synergis model

Synergis is different from other solutions.

Unlike other products, Synergis does not use “Clearance codes” or “Access levels” to grant or
deny access. Instead, the basic logic used by Synergis to grant or deny access is defined by the
access rule.
The biggest difference between an access rule approach and an access level approach is that access
rules are applied to doors, while access levels are applied to persons. Access rules tell a door who
can pass through, and when, while an access level defines where and when someone can gain
access.
An access rule is a simple entity that contains the three W’s:
• Who? (cardholder or cardholder group)
• What? (grant or deny access)
• When? (schedule)
Notice that Synergis does not grant access to a card/credential. Rather, access is granted, or
denied based on the cardholders themselves.

[Link] | Security Center Administrator Guide 5.2 257

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 What is Synergis?

This subtle, but fundamental shift in the applied logic has a significant benefit in managing lost
and stolen cards. The access rules that have been pushed to the door controllers do not have to
be modified. If you associate a new credential with a cardholder, the old rule is still valid.

A When? (Schedule)
B What? (Grant or deny access)
C Who? (Cardholders and/or cardholder groups)

[Link] | Security Center Administrator Guide 5.2 258

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Synergis deployment process

Synergis deployment process

This section includes the following topics:
• "Synergis deployment prerequisites" on page 259
• "Synergis deployment procedure" on page 260

Synergis deployment prerequisites

Before you begin: Before you deploy Synergis, you must have the following ready:
 A network diagram showing all public and private networks used within your organization,
and their IP address ranges. For public networks, you also need the name and public IP
address of their proxy servers.
TIP Ask your IT department for this information.

 Security Center software installed.

 Security Center Server software installed on your main server.
The main server is the computer hosting the Directory role.
 Optionally, Security Center Server software installed on expansion servers.
An expansion server is any other server on the system that does not host the Directory
role. You can add expansion servers at any time. For more information, see "Add an
expansion server to your system" on page 47.
 At least one Access Manager role created on your system.
 Security Center Client software installed on at least one workstation.
For instructions on software installation, see the Security Center Installation and Upgrade
Guide.
 A list of partitions (if any). Partitions are used to segregate the system into more manageable
subsystems. This is especially important in a multi-tenant environment. If, for example, you
are installing one large system in a shopping center or, office tower, you might want to give
local administration privileges to the tenants. By using partitions, you can group the tenants
so that they can only see and manage the contents of their store or office, but not the others.
 All access control units (IP door controllers and/or IP readers) installed and connected
together on your company’s IP network, with the following information:
 Manufacturer, model, and IP address of each door controller.
 Login credentials (username and password).
 Which door/gate/elevator is each controller connected to.
 Are the doors card-in/card-out or, card-in/REX-out?
 Which inputs and outputs are connected to the door monitor/REX/lock/other?
TIP A site map or floor plan showing door, controller and reader locations would be very
helpful.

[Link] | Security Center Administrator Guide 5.2 259

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Synergis deployment process

 A list of door groupings to create areas for purposes of people-counting.

 A list of all known cardholders (and cardholder groups where applicable).
TIP For a large installation, cardholders can be imported from a text file or from a Windows
Active Directory. For more information, see "Import cardholders from a flat file" on page 287,
and "Importing cardholders from an Active Directory" on page 287.
 A list of available credentials.
 Facility codes and card numbers.
 A list (and details) of all required schedules (office hours, holidays, etc.).
 A list (and details) of all required access rules (who is allowed where and when).
 A list of all known users with their names and responsibilities.
TIP To save configuration time, identify users who have the same roles and responsibilities.

NOTE Users are not cardholders. Users are persons who access the software. Cardholders are
persons who have physical access to the monitored site.
 (Optional) Identify user groups that will work independently on different parts of the
system (partitions).
NOTE If Omnicast video will be integrated, you will also need:

 A cross-reference list indicating which cameras should be associated with which doors.

Synergis deployment procedure

A Security Center system can be deployed with access control only (Synergis alone), or access
control with video integration (Synergis with Omnicast). This section describes both options.
NOTE The system can be setup and deployed in almost any order you want.

[Link] | Security Center Administrator Guide 5.2 260

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Synergis deployment process

Deploying Synergis alone

The table below summarizes a typical Synergis deployment.

Phase Description See

1 Make sure you have everything listed in the "Synergis deployment prerequisites"
prerequisites section. on page 259.

2 Connect to your system with Config Tool using the "Connecting to Security Center" on
Admin account. page 9.

3 Change the Admin account’s password to protect "Change your password" on page 10.
your system.

4 Create a partition for each independent user group. "Defining partitions" on page 90.
By first defining the partitions, you won’t have to
move entities around after you’ve created them.

5 Configure the Logical view (the tree structure). "Managing the Logical view" on
The Logical view lets you organize the entities: page 85.
areas, doors, elevators, and zones, from an end-
user’s perspective.

6 Configure your Access Manager roles. "Configuring the Access Manager role"
on page 263.

7 (Optional) Define custom fields for your system "Custom fields" on page 625.
entities as needed.

8 Discover and enroll the access control units in the "Adding access control units to your
system. The Access Manager role needs to “see” the system" on page 264.
door controllers over the IP network.

9 Configure the newly enrolled access control units "Configuring access control units" on
and the interface modules attached to them. page 270.

10 Create doors and configure the wiring of the "Configuring doors" on page 271.
readers, sensors, locks, and son on, to the access
control units.

11 (Optional) Create elevators and configure the "Configuring elevators" on page 277.
wiring of the cabin reader and floor buttons to their
access control units.

12 Configure the secured areas (antipassback or "Configuring secured areas" on

interlock) and their perimeter doors. page 281.

13 Create schedules (open/closed hours and holidays). "Using schedules" on page 103.

14 Create access rules. Link rules to doors and "Configuring access rules" on
schedules. page 284.

[Link] | Security Center Administrator Guide 5.2 261

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Synergis deployment process

Phase Description See

15 Create cardholders and (optional) cardholder "Configuring cardholders and

groups. Link to access rules. cardholder groups" on page 286.

16 Create credentials. "Configuring credentials" on page 288.

17 (Optional) Create badge templates. "Defining badge templates" on

page 292.

18 Test your configuration. "Testing your configuration" on

page 298.

19 Create the users and user groups. "Defining users" on page 93 and
"Defining user groups" on page 96.

20 (Optional) Create alarms. "Managing alarms" on page 111.

21 (Optional) Create threat levels. "Managing threat levels" on page 117.

Deploying Synergis with Omnicast

If no Omnicast system is available, please refer to "Omnicast deployment process" on page 190.
Once an Omnicast system is available, integrating Omnicast’s video functionality into Synergis
is relatively straightforward. It does not matter whether the Omnicast or Synergis system is set
up first. Cameras can be linked to doors at any time.
If both Omnicast Archiver and Synergis Access Manager are found on the same Security Center
system:
• Associate Synergis doors to Omnicast cameras.
See "Associate cameras to doors" on page 273.
If the Omnicast Archiver and the Synergis Access Manager are found on different Security
Center systems:
• Federate the Omnicast cameras with the Synergis system.
See "Federating remote systems" on page 128.
• Associate Synergis doors with the federated Omnicast cameras.
See "Associate cameras to doors" on page 273.

[Link] | Security Center Administrator Guide 5.2 262

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Access Manager role

Configuring the Access Manager role

The Access Manager role manages and monitors access control units on the system. The role
validates all access activities when the units are online. Upon receiving a request from a unit, the
Access Manager checks the access rules and schedules to decide whether the door or elevator
floor can be accessed. It then sends a command to the controller to unlock the door or enable an
elevator floor button. It also logs the access control events in the database for access control
investigation and maintenance reports. All events generated by the units (access granted, access
denied, door open, etc.) are forwarded by the Access Manager, through the Directory, to the
concerned parties on the system.
This section includes the following topics:
• "Configure the Access Manager role" on page 263
• "Add the unit manufacturer extensions" on page 264
• "Adding access control units to your system" on page 264

Configure the Access Manager role

When Synergis is enabled by your license, an Access Manager role is created by default and
hosted on the main server. You must configure it before it can be fully operational.
1 From the Home page in Config Tool, open the Access control task.
2 Click the Roles and units view, and select the Access Manager role.
3 Click the Resources tab, and configure the database required to run this Access Manager.
For more information, see "Resources" on page 518.
4 Click the Properties tab, and configure the default retention period for door activity.
The retention period defines how long (in days) a door event like “access granted”, or “access
denied” remains in the SQL database.
NOTE If you’re using the SQL Express 2008 R2 database engine (included with the Security
Center installation files), the database size limitation is 10 GB. A door event uses (on average)
200 Bytes in the database. If you configure the Access Manager to retain door events
indefinitely, it will eventually hit the 10 GB limitation and the database engine will stop.
5 Add the manufacturer extensions for the unit types this Access Manager is to manage.
For more information, see "Add the unit manufacturer extensions" on page 264.
6 Add the access control units you want this Access Manager to manage.
For more information, see "Adding access control units to your system" on page 264.
After you are done: If you need more than one Access Manager role on your system, now is the
time to add more Access Manager roles and host them on separate servers. To add a new Access
Manager role, see "Add an expansion server to your system" on page 47 and "Create a role
entity" on page 50.

[Link] | Security Center Administrator Guide 5.2 263

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Access Manager role

Add the unit manufacturer extensions

The manufacturer extensions are manufacturer specific settings that enable the Access Manager
to communicate with the access control units. You need to add these extensions manually.
Security Center supports the following unit types:
• Synergis Master Controller. Synergis Master Controller (SMC) is Genetec’s access control
unit that supports a variety of interface modules from third-party manufactures, such as
HID, STid, DDS, and more.
• HID controllers. The HID controllers include the legacy VertX controllers (V1000 and
V2000), the VertX EVO controllers, and the Edge EVO controllers. For the complete list of
supported controller units and firmware, see “Supported HID units” in the Security Center
Release Notes.

To add a manufacturer extension to the Access Manager:

1 From the Home page in Config Tool, open the Access control task.
2 Click the Roles and units view, select the Access Manager, and click the Extensions tab.
For more information, see "Extensions" on page 517.
3 At the bottom of the extensions list (empty at the beginning), click Add an item ( ).
4 In the Add extensions dialog box, select the extension types you need and click Add.
If you only selected HID VertX, the procedure ends here.
5 Click the SMC extension you just added.
6 At the bottom of the Discovery Ports list, click Add an item ( ).
7 In the Discovery port dialog box, enter the port number configured for your SMC units
and click Create.
The port number must match the discovery port configured on your SMC units. The
default value is 2000. Do not change the default value unless it is reserved by your IT
department for a different purpose.
8 Click Apply ( ) to save your changes.

Adding access control units to your system

Before you begin: "Add the unit manufacturer extensions" on page 264. This section only
covers adding HID units. For adding SMC units, see “Enrolling the SMC unit in Security
Center” the Synergis Master Controller Configuration Guide.
This section includes the following topics:
• "Add an HID unit manually" on page 265
• "Add access control units using the Unit discovery tool" on page 268.

[Link] | Security Center Administrator Guide 5.2 264

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Access Manager role

Add an HID unit manually

Before you begin: You must know the IP address, and the login credentials (username and
password) of the HID units you plan to add. This is often achieved by using the HID discovery
utility known as the Discovery GUI.
The Discovery GUI can be downloaded from [Link], or found in the Security Center
5.2 installation package, at: \Tools\Access\HID VertX\Discovery Tool\. The Discovery GUI is
used for the initial network discovery and IP configuration of HID VertX controllers.

This utility will scan a local network and report which HID units were found. You can then
apply the unit’s IP configuration, password, etc.
Once the access control units are online and you have their IP addresses and passwords, you can
then add the units manually in the Config Tool.

To add an HID unit manually in Security Center:

1 From the Home page in Config Tool, open the Access control task.
2 Click the Roles and units view.
3 Click Add an entity ( ) > Access control unit.

[Link] | Security Center Administrator Guide 5.2 265

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Access Manager role

From the Network endpoint drop-down list in the Unit information tab, select the Access
Manager that will manage the unit.

4 Click Unit type and select HID VertX.

5 Enter the IP address of the HID unit.
NOTE If the server hosting the Access Manager is behind a NAT, and the access control unit
is not, you must click on the More button and specify the server’s IP address.
6 Enter the Username and Password.
NOTE The default username/password is root/pass.
7 Click Next.
8 Select a Partition where the access control unit should be added.
 If no partitions were created, select the default Public partition.
 If there are partitions in your system, select the partition that will include the door(s),
schedule(s), rule(s) cardholder(s) linked to this specific door controller.
For more information, see "Partition" on page 451, and "How is software security
configured?" on page 89.
9 Click Next.

[Link] | Security Center Administrator Guide 5.2 266

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Access Manager role

10 Review the Creation summary, and click Create.

The Access Manager attempts to connect to the unit, and enrolls it in your system. Once the
process has been successfully completed, a confirmation message appears.

11 Click close.
Your newly created access control unit appears under the Access Manager it was assigned to in
the Roles and units view.
NOTE It might take another minute or two before the unit can be used. It will undergo
(automatic) synchronization. This process involves the Access Manager sending schedules,
access rules, and cardholder information to the unit. The unit will save the information locally
so that it can operate even if the Access Manager is unavailable.
For more information, see "Synchronization" on page 351.
After you are done:

To confirm whether the unit has successfully synchronized with Access Manager:
1 From the Roles and units view, select the access control unit that was just added.
2 Click the Synchronization tab, and check the date/time stamp of the Last update.

[Link] | Security Center Administrator Guide 5.2 267

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Access Manager role

Add access control units using the Unit discovery tool

The Unit discovery tool helps you find access control units on your network when you do not
know their IP addresses.
NOTE For a complete description of this tool, see "Unit discovery tool" on page 659.

To perform a unit search with the Unit discovery tool:

1 From the Home page, click Tools > Unit discovery tool.
2 In the Unit discovery dialog box, click the Manufacturers button.
3 In the Configure manufacturer’s extensions dialog box, click the Access control tab, and
click Add an item ( ).
4 Select the manufacturers you need, and click Add.
5 Click Save.
6 Click Start discovery ( ).
The units discovered on your network are listed. Newly discovered entities are displayed
with a yellow star. You can stop the discovery process at any time.
NOTE UPnP and Zero config protocols are also used for the discovery process. This means
that IP cameras supporting UPnP and Zero config might also be discovered during the scan.

7 To filter out the entities already enrolled in your system, click Investigation ( ) at the
bottom of the dialog box, and click Show only new units.
8 Select a unit from the list, and do one of the following:
 To add the unit to your system, click Add unit ( ) below the unit information.

[Link] | Security Center Administrator Guide 5.2 268

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring the Access Manager role

This only works if you provided the correct login credentials.

 To change the discovery port of the unit, click Change discovery port ( ).
 If the login credentials are incorrect, click Manual add ( ) > Access control unit to
add the unit manually, and provide the correct login credentials. See "Add an HID unit
manually" on page 265.

[Link] | Security Center Administrator Guide 5.2 269

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring access control units

Configuring access control units

Once you have successfully enrolled your access control units in the system, you will find them
in the Access control task under the Access Manager that manages them. Each access control
unit starts with a default configuration. For a description of all the configurable properties, see
"Access control unit" on page 341.
TIP If your access control units share many settings in common, you can configure a first one and
copy the common part of its configuration to all the rest to save time. For more information, see
"Copy configuration tool" on page 674.
This section includes the following topics:
• "Understanding unit synchronization" on page 270
• "Synergis Master Controller’s unique characteristics" on page 270

Understanding unit synchronization

The logic used to decide whether a door should be locked or unlocked is processed by the access
control unit. This means that units must synchronize with the Access Manager to receive the
latest access rules, schedules, credentials, and so on.
The unit’s synchronization mode can be configured or modified under the access control unit’s
Synchronization tab in Config Tool (see "Synchronization" on page 351).
Three different synchronization modes are supported by Security Center:
• Automatically. This is the recommended setting.
Any configuration change is sent to the access control unit 15 seconds after the change is
saved by the Config Tool, Web Client or Security Desk. Only configurations that affect that
particular unit are sent.
• On schedule. The unit is synchronized according to a schedule.
For continued offline or mixed mode operation, make sure the scheduled synchronization
time never falls after the date and time shown for Expiration date. If in doubt, set the
synchronization mode to Automatically.
• Manual only. The unit is only synchronized when you click the Synchronize now button.
Make sure you synchronize the unit before the date and time shown for Expiration date.

Synergis Master Controller’s unique characteristics

Some noteworthy characteristics of the SMC unit is that it’s synchronized data never expire
because it understands the scheduling scheme used in Security Center. For a complete list of
SMC supported features and limitations, see the Synergis Master Controller Configuration
Guide.

[Link] | Security Center Administrator Guide 5.2 270

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring doors

Configuring doors
In Security Center, a door entity refers to any physical barrier that can be controlled by an access
control unit. Often, a door will represent a physical door, but it can also represent a gate or a
turnstile.
This section includes the following topics:
• "Wiring doors to access control units" on page 271
• "Create and configure your doors" on page 271
• "Configuring a buzzer" on page 272
• "Configuring readerless doors using Input/Output modules" on page 272
• "Associate cameras to doors" on page 273

Wiring doors to access control units

For information on wiring doors to SMC units, refer to the Synergis Master Controller Hardware
Installation Guide.

For information on wiring doors to HID VertX units, refer to the wiring diagrams found in the
appendix of this guide. See "Wiring diagrams" on page 809. The diagrams are also available in
PDF format in the Security Center 5.2 installation package, located at:
\Documentation\Controllers\HID VertX\Wiring and Installation Guidelines\.
Best practice: It is best practice to have an electrician verify the functionality between all door
sensors and actuators.

Create and configure your doors

Once the physical wiring between the access control unit and the door is complete, you need to
create and configure the door in the Config Tool.
There are three basic door configurations:
• Card in/Card Out - 2 readers are required
• Card In/REX Out - 1 reader is required
• Readerless doors - No readers are required
To create a door in Security Center:
1 From the Home page in Config Tool, open the Logical view task.
2 Click Add an entity ( ) > Door.
3 In the Creating a door wizard, enter the door name and description.
4 If there are partitions in your system, select the partition in which the door will be created,
and click Next.

[Link] | Security Center Administrator Guide 5.2 271

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring doors

5 In the Door information page, assign names to the door sides (Inside/Outside, Secure/
Non-secure, Entrance/Exit, East/West).
6 To associate the door with the access control unit it is wired to, select a unit from the Access
control unit drop-down list.
7 Review the Creation summary to make sure the configuration page matches the physical
wiring done at the door.
8 Click Create and Close.
For more information, see "Door" on page 408.
After you are done:
• To link an access rule to your door, see "Access rules" on page 413
• To attach cameras to your door, see "Associate cameras to doors" on page 273
• To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on
page 412.

Configuring a buzzer
You can assign an access control unit output to sound a buzzer. This output is governed by the
action Sound buzzer and Silence buzzer. Use the event-to-action mechanism for this.
For example, the buzzer output can be used to prompt someone to shut a door when it is being
held open. With an event-to-action, you associate the event Door open too long to trigger the
action Sound buzzer. Then associate the event Door closed to trigger the action Silence buzzer.
NOTE Buzzer does not refer to the reader’s beeper, but an external buzzer that is wired to an
output relay on the access control unit.
For more information, see "Using event-to-actions" on page 106.

Configuring readerless doors using Input/Output modules

If a reader is not required for a door configuration, HID input and output modules (V200 and
V300) can be used to control the REX, door sensor, and lock.
Some examples of where readerless doors might be used could include:
• Fire exits - Locked from the outside, with a push-bar to open the door from the inside using
a REX.
• Stadiums/Theatres/Arenas - Everyone must enter through the ticket booth but once the
event is finished, many exits become available to decrease congestion at the main entrance.
NOTES
• No access rules need to be linked to the readerless door. For more information, see "Access
rules" on page 413.
• An unlock schedule can be assigned to the readerless door. For more information, see
"Unlock schedules" on page 411.

[Link] | Security Center Administrator Guide 5.2 272

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring doors

Associate cameras to doors

If a door entity is linked to a camera in Security Center, an access control event triggered at that
door (door forced, access denied) will cause the camera’s video feed to be displayed in a Security
Desk tile.
If there are multiple cameras associated with that door, by default the cameras linked to the
outside of that door will be displayed in a Security Desk monitoring tile. Multiple cameras
associated with a single door (composite entities) can be cycled or unpacked in the Security
Desk. For more information, see “Unpacking/packing tiles” in the Security Desk User Guide.
To monitor doors with cameras, your Security Center must have one of the following
configurations:
• An Archiver role with available cameras.
For more information, see "Archiver" on page 525.
• An Omnicast Federation role to connect to an external Omnicast system.
For more information, see "Omnicast Federation" on page 596.
• A Security Center Federation role to connect to an external Security Center system with
cameras.
For more information, see "Security Center Federation" on page 607.

To link cameras to your doors:

1 From the Home page in Config Tool, open the Logical view task.
2 Select the door entity to configure, and click the Hardware tab.
3 Below door side (A), click Associate a camera ( ).
4 From the Camera drop-down list, select a camera.
If the camera has a PTZ motor, you can also include the PTZ preset number to ensure that
the camera points towards the door.
5 To add another camera to the door side, click Associate a camera ( ) again.
6 Repeat Step 3 and Step 4 for door side (B).
7 Click Apply.

[Link] | Security Center Administrator Guide 5.2 273

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Using the Walkthrough wizard

Using the Walkthrough wizard

The Walkthrough wizard tool simplifies the configuration of newly installed access control units
by associating them with doors. You to simply walk through the newly installed doors,
presenting your credential to each reader along the way. These access requests are recorded in
real-time and stored. Once all the access points are recorded, you use the wizard to associate
each access point with a door.
Only units that are not yet associated with a door can be configured with this wizard.
This section includes the following topics:
• "Why use the Walkthrough wizard?" on page 274
• "Assigning doors to access control units using the Walkthrough Wizard" on page 275

Why use the Walkthrough wizard?

Imagine that you have just installed 10 new access control units.
 You discover them with the HID Discovery GUI and configure their IP addresses.
 You wire them to the doors.
 You then enroll them with the Config Tool and they become part of your Security
Center/Synergis system.
 You begin creating doors in the Config Tool’s Logical view.
And now, the challenge is to remember which controller is physically wired to which door.

[Link] | Security Center Administrator Guide 5.2 274

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Using the Walkthrough wizard

Assigning doors to access control units using the Walkthrough Wizard

Assign door names to access points by using the Walkthrough wizard and presenting your card
to different readers around your site.
TIP This task is accomplished faster with two people. One walking through the doors and
presenting a credential while the other monitors which reader just picked up the card. A pair of
walkie-talkies or cell phones can be helpful.

To launch the walkthrough wizard:

1 From the Home page in Config Tool, open the Access control task.
2 Click the Cardholders view, and select the cardholder that corresponds to the credential
you’ll be using for the wizard.
3 In the contextual commands toolbar, click Walkthrough wizard ( ).
4 In the Door walkthrough wizard, select a walkthrough mode, and click Next.
 Real time. Credential reads are shown in real-time. If the building is large, this mode is
best used with two installers. One installer runs the Config Tool, while the other walks
around swiping the credential on the readers for the newly installed units.
 Reporting. Installation is done in two steps with one person. First you walk through the
building in a pre-defined circuit, swiping the credential on readers for newly installed
units. Security Center records these credential reads. Then you associate the list of
discovered units to newly created doors. For this mode you set a time period during
which the mode is active.
 Mixed mode. A combination of both real time and reporting mode.
5 Begin your walkthrough by presenting your card at each reader.
As you present your card at each reader, the Walkthrough wizard notes which controller
picked up the card read.
In the Device discovery tab, all the access points that read your card are listed.

[Link] | Security Center Administrator Guide 5.2 275

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Using the Walkthrough wizard

6 Select a reading, assign a Door name, and click Next.

7 Review the Creation summary.

8 If the configuration looks correct, click Create.
Your newly configured doors can now be found in the Config Tool’s Logical view.
After you are done:
• To link an access rule to your door, see "Access rules" on page 413
• To attach cameras to your door, see "Associate cameras to doors" on page 273
• To assign the hardware interfaces (unit inputs, outputs, and readers), see "Hardware" on
page 412.

[Link] | Security Center Administrator Guide 5.2 276

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring elevators

Configuring elevators
The elevator entity controls access to the floors of a building. When a cardholder uses a
credential, the floor buttons to access those floors for which that cardholder is authorized, are
enabled. This is achieved by controlling an output relay to enable the floor button.
Floor tacking records the floor buttons pressed. It is achieved by monitoring inputs. This
permits tracking reports for elevator usage in the Security Desk. For information about a unit’s
limitations with this feature, see the Security Center Release Notes.
This section includes the following topics:
• "Hardware for elevator control and floor tracking" on page 277
• "Configuring elevator floors" on page 278

Hardware for elevator control and floor tracking

To control access, this entity relies on a single access control unit that must be associated with
an elevator.
IMPORTANT To configure an elevator, make sure you have an access control unit dedicated to
the control of an individual elevator cab. In other words, the access control unit assigned to
elevator control cannot be used for any other purpose.
You will require the following:
 A reader in the elevator cab.
 Outputs that close relay contacts to enable the floor buttons.
 Inputs that record the floor buttons that have been selected (only necessary when the
floor tracking is required).
The following hardware supports elevator control and floor tracking.

Access control Number of outputs for Number of inputs for floor

unit elevator control tracking

HID VertX V2000 reader interface/ 4 6 (including AC Fail and Bat

network gateway Fail inputs)

HID iCLASS Edge device 2 2

HID VertX V1000 network gateway (in Not supported Not supported
addition to a V100, up to 31 modules
(V200 and V300) can be connected):

HID VertX V100 reader interface 4 4 (including AC Fail and Bat

module Fail inputs)

HID VertX V200 input module 2 18 (including AC Fail and Bat

Fail inputs)

[Link] | Security Center Administrator Guide 5.2 277

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring elevators

Access control Number of outputs for Number of inputs for floor

unit elevator control tracking

HID VertX V300 output module 12 4 (including AC Fail and Bat

(latching outputs) Fail inputs)

Configuring elevator floors

To configure elevator floors:
1 Install the reader in the elevator cab and wire it to the access control unit.
2 Wire the outputs for elevator control.
The output relay state can be inverted according to your regulatory requirements. This
setting will affect how you wire the units. For more information, see "Configure the elevator
relay settings" on page 279.
For an HID unit see "HID VertX elevator control" on page 803
After you are done: Once wired, the input for each floor must be configured.

Create an elevator
To create an elevator in the Config Tool:
1 From the Home page in Config Tool, open the Logical view task.
2 Click Add an entity ( ) > Elevator.
3 In the elevator creation wizard, enter the elevator name and description.
4 If there are partitions in your system, select the partition where the elevator will be created,
and click Next.
5 Enter the number of elevator floors, and click Create.
The default floor entities are created.
6 To change a floor name, select the floor.
7 Make adjustments if necessary, and click Next.
8 Review the creation summary, and click Create and Close.
The new elevator appears in the Logical view’s entity tree with its floors. It initially appears
in red until it is fully configured.

9 From the Logical view, select the elevator, and click the Advanced tab.
10 Configure the elevator relay settings. See "Configure the elevator relay settings" on page 279.

[Link] | Security Center Administrator Guide 5.2 278

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring elevators

11 Click the Floors tab, and assign the access control unit to be used for the elevator, the
reader, the outputs that enable the selection for a floor, and the cameras monitoring the
elevator.
For more information, see "Configure the elevator floors" on page 279.
12 Click the Access tab, and configure the access rules applied to the elevator floors, and
scheduled periods when the elevator floors should be configured for free access (no
credentials required).
After you are done: You can configure event-to-actions based on events regarding this elevator.
See "Using event-to-actions" on page 106.

Configure the elevator relay settings

The elevator Advanced tab can be used to configure the elevator control unit relay settings.
The following settings change the relay behavior for elevator control:
• Grant time. This value indicates for how long the elevator floor button will be enabled after
the access granted event has been generated.
• Free access when the output relay is:
 Normal. Floor access is enabled when the access control unit output relay is de-
energized. This means that a power loss results in free access to the floor.
 Active. Floor access is enabled when the access control unit output relay is energized.
This mean that a power loss results in floor access being denied.
NOTE The access control unit relay output wiring must be made according to these settings (use
the appropriate NO or NC relay contacts on the units).

Configure the elevator floors

The elevator Floors tab allows you to configure the physical wiring relationships between the
access control unit and the elevator floors, and select cameras used to monitor this elevator in
Security Desk.

To configure the elevator floors:

1 Select the Floors tab of the elevator entity.
2 From Preferred unit drop-down list, select a unit to filter the inputs and outputs displayed
on this screen. This greatly simplifies the selection of inputs and outputs since there are so
many of them in the system.
3 From the Elevator cab reader drop-down list, assign the reader input.
4 To change the elevator cab’s reader settings, then click .
The configuration dialog box is displayed to allow you to change the following:
 Type of reader (Wiegand vs. Clock & Data; Card only vs. Card and PIN)
 Set card and PIN mode with the schedule and access timeout.

[Link] | Security Center Administrator Guide 5.2 279

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring elevators

5 Under Floors, use the following buttons to add elevator floors or change their
configuration:
 To add an elevator floor, click .
 To delete the selected elevator floor, click .
 To move the selected elevator floor up, click .
 To move the selected elevator floor down, click .
 To modify the selected elevator floor, click .
6 From the Push button relay drop-down list, assign elevator floors to outputs.
7 From the Floor tracking drop-down list, assign elevator floors to floor tracking inputs.
NOTE On an access control unit dedicated to elevator control, all inputs can be used for floor
tracking except for the door monitor inputs.
8 Click Apply.

Associate rules, unlock schedules, and cameras to elevators

Just like a door, elevator control requires access rules to determine who will be granted access,
where and when. And, you can assign an unlock schedule to permit free access based on a
schedule, as well as assigning cameras to monitor the elevator events.
• In the elevator’s Access tab, assign access rules to your elevator to determine which
cardholders can access which floors, and assign schedules to allow free access during certain
times of the day.
For more information, see "Access" on page 416.
• In the Floors tab, link cameras to your elevator for monitoring.
For more information, see "Floors" on page 415.

[Link] | Security Center Administrator Guide 5.2 280

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring secured areas

Configuring secured areas

An area represents a group of entities. In the context of access control, this would typically be a
group of doors, and perhaps alarm inputs.
An secure area consists of perimeter entities (doors) and, optionally, captive entities. Areas are
required for:
• Antipassback
• Interlock
• People counting
NOTE A secured area can be configured with either antipassback or interlock functionality, but
never both.
This section includes the following topics:
• "Create an area" on page 281
• "Add members to an area" on page 282
• "Configure doors for an area" on page 282
• "Configure antipassback" on page 283
• "Configure interlock" on page 283

Create an area
To create a secured area:
1 From the Home page in Config Tool, open the Logical view task.
2 Click Add an entity ( ) > Area.
A new area appears in the Logical view.
3 Type a name for the area, and press ENTER.
For more information, see "Area" on page 364.

[Link] | Security Center Administrator Guide 5.2 281

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring secured areas

Add members to an area

Entities such as cameras, zones, sub-areas, elevators, and tile plugins can be added as members
of an area. You can also add doors as area members. See "Configure doors for an area" on
page 282.

To add members to an area, do one of the following:

• Click at the bottom of the Members tab of the area entity, and use the Search tool that
appears. For more information, see "Search for entities using the Search tool" on page 43.
• Use drag-and-drop to move or copy entities in the Logical view. For more information, see
"Configuring the Logical view" on page 86.

Configure doors for an area

A door can be configured as Captive or Perimeter for an area. Perimeter doors are used to enter
and exit an area, and help to control access. By correctly setting the door sides, people counting
and antipassback are properly tracked. A door’s Entrance and Exit sides are relative to the area
being configured.
NOTE Access rules configured for an area only apply to perimeter doors.
1 From the Home page in Config Tool, open the Logical view task.
2 Select the area, and click the Members tab.
3 Click Add an item ( ) at the bottom of the page.

[Link] | Security Center Administrator Guide 5.2 282

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring secured areas

4 Select the doors you want as members, and click Select.

5 In the Doors section of the Members tab, set the doors as perimeter or captive doors.
 For doors that represent entry or exit from the area, set the slider to Perimeter.
 For doors that are found within the area, set the slider to Captive.
6 To swap the door sides, beside the door, click the Swap door side button.
7 Click Apply.

Configure antipassback
Once your area has been created, and it contains at least 1 perimeter door, antipassback can be
applied to your area. Please note that for areas made up of multiple doors, the antipassback
logic will be applied to the perimeter doors but not the captive doors.

To configure antipassback for your area:

1 From the Home page in Config Tool, open the Logical view task.
2 Select the area, and click the Properties tab.
3 Set the Antipassback properties to ON, and Interlock properties to OFF.
4 Set the Type, Timeout, and Strict fields as required by your installation.
For more information about these fields, see "Antipassback properties" on page 365.
IMPORTANT All doors participating in an antipassback area must be controlled by the same
unit.
5 Click Apply.

Configure interlock
An interlock (also known as mantrap or airlock) is the logic applied to a group of doors
stipulating that only one door can be open at any given time. This would typically be used in a
passageway with at least two doors. The cardholder unlocks the first door, enters the
passageway, but cannot unlock the second door until the first door has closed.

To configure your area with interlock functionality:

1 From the Home page in Config Tool, open the Logical view task.
2 Select the area, and click the Properties tab.
3 Set the Interlock properties to ON, and the Antipassback properties to OFF.
4 Assign an access control unit’s input to activate either Override mode or Lockdown mode.
5 Click Apply.
For more information about these fields, see "Properties" on page 365.

[Link] | Security Center Administrator Guide 5.2 283

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring access rules

Configuring access rules

An access rule is the access control logic that grants or denies access to a cardholder.
This section includes the following topics:
• "Create and configure access rules" on page 284

Create and configure access rules

To create and configure an access rule:
1 From the Home page in Config Tool, open the Access control task.
2 Click the Access rules view, and click Access rule ( ).
3 Assign a name and description to the access rule.
TIP It is best practice to assign descriptive names to your rules so that when your system
accumulates many rules, it is clear from their names what they do.
Eg. “Rule_Area or Door name_Schedule name”.
4 If there are partitions in your system, select the partition in which the door will be created,
and click Next.
For more information, see "Partition" on page 451.
5 Select a schedule of when you want your rule to be active. The default is Always.
For more information, see "Schedule" on page 467.
6 Click Next.
7 Review the Creation summary and click Create.
8 Select the access rule, and click the Properties tab.
9 Select a schedule, and grant access or deny access depending on your needs.
TIP Usually schedules are used to grant access through a door.
10 At the bottom of the page, click the add cardholders ( ) button to add individual
cardholders, or cardholder groups to your rule.

[Link] | Security Center Administrator Guide 5.2 284

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring access rules

TIP It is recommended to add cardholder groups rather than cardholders, as this becomes
much more manageable in large systems as new people arrive, and former people leave.

11 Click Apply.
After you are done: Now that your access rule has been configured, you need to assign it to
specific doors, or areas for the rule to be applied and to control physical access.

Related topics:
• "Access rules" on page 368, for areas
• "Access rules" on page 413, for doors

[Link] | Security Center Administrator Guide 5.2 285

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cardholders and cardholder groups

Configuring cardholders and cardholder groups

Cardholders and cardholder groups are the Who in an access rule.
While both individual cardholders and cardholder groups are supported, cardholders and
access rules are much easier to manage when cardholders are members of cardholder groups.
This section includes the following topics:
• "Create a cardholder in Config Tool" on page 286
• "Create a cardholder group in Config Tool" on page 287
• "About the maximum cardholder picture file size" on page 287
• "Import cardholders from a flat file" on page 287
• "Importing cardholders from an Active Directory" on page 287
• "Managing cardholders in Security Desk" on page 287

Create a cardholder in Config Tool

Cardholders can be created either through the Cardholder creation wizard (explained here) or
with the Cardholder management task. For more information on the latter, see “Cardholders” in
the Security Desk User Guide.

To create a new cardholder:

1 From the Home page in Config Tool, open the Access control task.
2 Click the Cardholders view, and click Cardholder ( ).
3 Assign a first name and last name to your cardholder, then click Next.
4 In the Basic information page, assign a name, and a description to the cardholder entity.
5 If there are partitions in your system, select the partition in which the cardholder will be
recognized, and click Next.
For more information, see "Partition" on page 451.
6 If custom fields have been created for cardholders, fill in the custom fields, and click Next
For more information, see "Custom fields" on page 339.
7 Choose to create the cardholder’s credential now, or later on, and click Next.
 If you selected Create the credential for this cardholder now, continue with Step 8.
 If you selected Delay the creation of the credential for this cardholder, go to Step 9.
8 Choose whether to create the credential manually, or automatically and create their
credential, and click Next.
For more information, see "Create a credential in Config Tool" on page 288.
9 Review the Creation summary and click Create and Close.
For more information, see "Cardholder" on page 399.

[Link] | Security Center Administrator Guide 5.2 286

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring cardholders and cardholder groups

Create a cardholder group in Config Tool

To create a new cardholder group:
1 From the Home page in Config Tool, open the Access control task.
2 Click the Cardholder groups view, and click Cardholder group ( ).
A new cardholder group appears in the Logical view.
3 Type a name for the group, and press ENTER.
4 Click the Properties tab of the cardholder group, and click at the bottom of the page to
add individual cardholders or cardholder groups to your new group.
For more information, see "Cardholder group" on page 402.

About the maximum cardholder picture file size

If cardholders’ pictures are used, they are also stored in the configuration database. Imported
cardholder pictures will be reduced to the maximum cardholder picture size. For more
information, see Access control – General settings – "Maximum picture file size" on page 641.

Import cardholders from a flat file

Cardholders can be created by importing a text file containing all cardholder information, using
the Import tool. It is often useful in large organizations where many cardholders or cards need to
be created automatically.
The Import tool can be found in the Config Tool’s Tools menu. For more information, see
"Import tool" on page 663.

Importing cardholders from an Active Directory

Cardholders and cardholder groups can be created by importing them from Windows Active
Directory (AD). If somebody already has a valid Windows user profile on the Windows domain,
their cardholder profile can be created automatically.
For more information, see "Import security groups from an Active Directory" on page 143.

Managing cardholders in Security Desk

You can create, delete, and modify cardholders (such as change their group membership,
partition access, credential, employee photo, and so on), using the Cardholder management
task. For more information, see “Cardholders” in the Security Desk User Guide.
NOTE The cardholder management task does not offer cardholder group management.

[Link] | Security Center Administrator Guide 5.2 287

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring credentials

Configuring credentials
Credentials are used by Security Center to identify who is requesting access through a secured
access point.
For access control to be operational, every cardholder must possess at least one credential. These
are typically (but not exclusively) access control cards. For more information, see "Credential"
on page 405.
This section includes the following topics:
• "Create a credential in Config Tool" on page 288
• "Import credentials from a flat file" on page 290
• "Importing credentials from an Active Directory" on page 290
• "Enrolling credentials from Security Desk" on page 290
• "Using custom card formats" on page 290

Create a credential in Config Tool

Before assigning a credential to a cardholder, the credential must first be created and enrolled
in the system.
NOTE Credentials can be enrolled either through the Credential creation wizard (explained here)
or with the Credential management task. For more information on the latter, see “Credentials”
in the Security Desk User Guide.

To create a new credential:

1 From the Home page in Config Tool, open the Access control task.
2 Click the Credentials view, and click Credential ( ).
3 In the credential creation wizard, select manual or automatic credential creation. and click
Next.
 Manual credential creation. Involves entering the access control card number and facility
code manually with your PC keyboard.
 Automatic credential creation. Involves presenting the card to a reader upon which it will
be recognized by the system.
4 Assign a name, and a description to the credential.
TIP Typically, a credential will be named “CardholderName’s credential” (eg. Mike Walker’s
credential). The alternative is to assign the card number (printed on the face of the card) as
the credential name. If a lost card is found, it can then be searched for quickly with this
number.
5 If there are partitions in your system, select the partition in which the credential will be
recognized, and click Next.

[Link] | Security Center Administrator Guide 5.2 288

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring credentials

For more information, see "Partition" on page 451.

6 In the Credential assignment page, assign the credential to a cardholder immediately, or
create the credential but delay assigning it to a cardholder until later on.
 If you selected Assign credential later on, click Next.
 If you selected Assign credential now, choose a cardholder from the Cardholder drop-
down list, and click Next.
7 Do one of the following:
 If you initially chose Manual credential creation, select the credential type, and go to Step
12.
 Card: Set the Card format, the Facility code and the Card number.
 PIN: Set the Code for the PIN.
 If you initially chose Automatic credential creation, present the cards at a reader, and
continue with Step 8.

8 In the Enrollment device section, select whether you will present the cards to a USB reader
connected to your local workstation, or to a door reader from the drop-down list.
9 If you selected Door as the enrollment device, select an Access point.
10 Present the cards at the reader and you should see the card’s value appear.
11 To enroll the card, select a card and click Next.

[Link] | Security Center Administrator Guide 5.2 289

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring credentials

TIP You can select multiple cards and enroll them at once by holding the CTRL key.
If the card has already been enrolled in the system, instead of seeing the card’s value, you
will see a message appear stating that “The last discovered credential was discarded because it
already exists.”
12 If any custom fields have been created for credential properties, you are prompted to enter
the custom field information. For more information, see "Custom fields" on page 339.
13 Review the Creation summary, and click Create and Close.

Import credentials from a flat file

Credentials can be created by importing a text file containing all credential information, using
the Import tool. It is often useful in large organizations where many cardholder cards need to be
created automatically.
The Import tool can be found in the Config Tool’s Tools menu. For more information, see
"Import tool" on page 663.

Importing credentials from an Active Directory

Cardholder credentials can be created by importing them from Windows Active Directory
(AD). If somebody already has a valid Windows user profile on the Windows domain, their
cardholder credential can be created automatically.
For more information, see "Import security groups from an Active Directory" on page 143.

Enrolling credentials from Security Desk

Credentials can also be enrolled using the Credential management task. For more information,
see “Credentials” in the Security Desk User Guide.

Using custom card formats

Security Center allows you to define custom card formats.
Custom card formats allow you to add new formats to Synergis with specific card data fields, in
addition to the standard formats supported by default. (Eg. the standard 26-bit Wiegand
format).

Benefits of custom card formats

Creating custom card formats has the following benefits:
• Ability to manually enroll a new card using a standard workstation keyboard, whereas a
card with an unknown format can only be enrolled using a card reader.
• Ability to view the card number in the Config Tool and the Security Desk, whereas data for
unknown card formats cannot be displayed.

[Link] | Security Center Administrator Guide 5.2 290

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Configuring credentials

• Ability to import cards using custom formats with the Import tool. For more information,
see "Import tool" on page 663.
• Ability to enroll cards manually in bulk, without a card reader, using the Credential
management task. For more information, see “Credential management” in the Genetec
Security Desk User Guide.
Custom card formats are defined in Config Tool under the System entity. For more
information, see Access control – General settings – "Custom card formats" on page 641.

[Link] | Security Center Administrator Guide 5.2 291

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining badge templates

Defining badge templates

Badge templates are Synergis entities used to design customized printing templates for access
control cards.
You might, for example, want a company logo, a background image, employee photo, or a
custom color printed on the access control cards. A badge template can include fields from the
configuration database so that the correct name, cardholder photo, and so on, will appear on
each card.

To create a new badge template:

1 From the Home page in Config Tool, open the Access control task.
2 Click the Badge template view, and click Badge template ( ).
A new badge template appears in the Logical view.
3 Type a name to your badge template, and press ENTER.
4 In the Identity tab, type a description for the badge template.
5 In the Relationships section, select the partition where you want the badge template to be
placed (if applicable).
For more information about partitions, see "Partition" on page 451.
6 Click Apply.
7 Click the Badge designer tab.
8 To select the size of the access control cards you want to print, click Properties ( ).
9 In the Format dialog box, select a card size and orientation:
 CR70
 CR80
 CR90
 CR100
 To create custom card size, click , enter the card name, width, and length, and then
click OK.
 Orientation. Select Landscape or Portrait orientation type.

[Link] | Security Center Administrator Guide 5.2 292

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining badge templates

10 Click OK.

Once the card size/format has been chosen, you can design the actual printing template.
11 In the Tools section, select a tool, and then click on the template to use it.
There are six graphical tools you can use to edit the template:
 Select tool. Use to click and select an object on the template.
 Rectangle tool. Use to draw a square/rectangle on the template.
 Ellipsis tool. Use to draw circles/ovals on the template.
 Text tool. Use to insert text on to the template.
 Image tool. Use to insert a picture on to the template. You can insert cardholder pictures,
a background image for the card, and so on.
 Barcode tool. Use to insert barcodes on to the template.
12 If you added an image to the template, select the image to edit it using the options in the
Image and Color and border sections.
In the Image section, choose whether the image displayed on the badge uses a cardholder
picture or an image from a file, and whether the image should be stretched or not.
 Display the cardholder’s picture. Dynamic cardholder picture that changes, depending on
which cardholder credential you are printing. This image field links to the value
Cardholder picture in the configuration database.

[Link] | Security Center Administrator Guide 5.2 293

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining badge templates

TIP If a cardholder’s picture was taken in front of a chroma key screen, you can make the
picture background transparent. This is helpful if you are creating a badge template that
has an image in the background.
 Select a picture from disk. Static image selected from a file.
In the Color and border section, you can use the following tools:
 Fill. Use to modify the fill color of an inserted object like a square or oval.
 Border. Use to modify the border color of an inserted object.
 Opacity. Use to modify the opacity of an inserted object.
 Border thickness. Use to modify the thickness of the inserted object’s border
13 If you added text to the template, select the text to edit it using the options in the Text
section.
You can add dynamic cardholder fields, the date and/or time, or type specific text that will
be static on the template. You can also edit the text, the text color, and the text alignment.
14 If you added a barcode to the template, right-click the barcode, and then click Properties to
edit it. The data on the barcode can be static, or use dynamic credential properties.

15 In the Size and position section, select where the text, image, or barcode is located on the
badge, and its width and height.
16 Click Apply.
There are also other buttons available to help you edit the template:
• Import ( ). Import a badge design that was previously exported from Config Tool as a
badge template (BDG formats only).
• Export ( ). Save the current badge design to a BDG file so it can be imported to another
system.

[Link] | Security Center Administrator Guide 5.2 294

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining badge templates

• Cut ( ). Delete the selected item on the badge template.

• Copy ( ). Copy the selected item on the badge template.
• Paste ( ) . Paste the copied item onto the badge template.
• Send to back ( ). Send the selected item to the background of the badge template.
This is option is helpful if you want to have a background image on the badge.
• Bring to front ( ). Bring the selected item to the foreground of the badge template.
Here is a sample badge template with objects already inserted:

• Two different images have been inserted. One is dynamic, and the other is static:
 The dynamic cardholder picture appears on the front of the card.
 The static image appears on the back of the card. It is the company logo that is displayed
on every card.
• Three dynamic text fields have been inserted:
 {Firstname} {lastname} appears on the front of the card. The text printed will be taken
from the configuration database and we will see first name, (space), last name.
 {Firstname} {lastname} appears on the back of the card. This is the same as the name
field on the front except with a smaller font size.
 {[Link]} Custom field that was created for the cardholder entity.

[Link] | Security Center Administrator Guide 5.2 295

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining badge templates

• A barcode has been inserted, containing dynamic data. It displays the credential name,
using the barcode type Code 39.

[Link] | Security Center Administrator Guide 5.2 296

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Defining badge templates

To see a print preview of what the printed cards will look like using this template:
1 In the Access control task, click the Credentials view.
2 Select the credential that you want to preview with a badge template, and then click the
Badge template tab.

[Link] | Security Center Administrator Guide 5.2 297

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Testing your configuration

Testing your configuration

One of the more useful tools available to test you configurations, or to use as a troubleshooting
tool is the Access troubleshooter. It can be found in the Tools menu of both the Config Tool and
Security Desk.
The basic access control logic defined by a rule is quite simple: Who can pass through this door,
and when? If only one rule and one schedule exists, it is a very simple notion to understand. The
challenge is that in a large system, you will start to accumulate multiple schedules (Office hours/
Office closed/Holidays/Weekends/Special events). You might also accumulate multiple areas,
and an area can contain multiple sub-areas. Cardholders can belong to multiple cardholder
groups. As we accumulate entities and configurations, the basic logic applied at a door can
become more difficult to predict.
The Access troubleshooter is a tool that allows you to identify a door, a cardholder, and a date/
time. It then runs through the logic determined by the access rule(s), and displays the result.
For more information, see "Access troubleshooter" on page 658.

[Link] | Security Center Administrator Guide 5.2 298

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 11
Managing Synergis
This section explains advanced configuration techniques, and describes how to keep your access
control system reliable, protected, and running smoothly.
This section includes the following topics:
• "Managing global cardholders" on page 300
• "Viewing access control health events" on page 312
• "Investigating access control unit events" on page 313
• "Viewing IO configuration of access control units" on page 314
• "Replace access control units" on page 315
• "Replacing HID VertX 1000 units with SMC units" on page 316
• "Troubleshoot HID discovery and enrollment" on page 318
• "Finding out which entities are affected by access rules" on page 321
• "Viewing properties of cardholder group members" on page 322
• "Viewing credential properties of cardholders" on page 323
• "How the Access troubleshooter tool works" on page 324
• "Troubleshooting access points" on page 325
• "Troubleshooting cardholder access rights" on page 326
• "Diagnosing cardholder access rights based on credentials" on page 327
• "Finding out who is granted access to doors and elevators" on page 328
• "Finding out who is granted/denied access at access points" on page 329
• "Troubleshoot door issues" on page 330

[Link] | Security Center Administrator Guide 5.2 299

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

Managing global cardholders

This section includes the following topics:
• "What is global cardholder management?" on page 300
• "How does global cardholder management work?" on page 300
• "Rules and restrictions regarding GCM" on page 305
• "Configuring global cardholder management" on page 307
• "Operating on global entities" on page 309

What is global cardholder management?

Global cardholder management (GCM) is used to synchronize cardholders between
independent Security Center installations. It allows you to have a central repository of
cardholder information for your entire organization, whether this information is managed from
a central office or by individual regional offices.

With global cardholder management, you can:

• Create global cardholders from a central location (for example your head office) and
synchronize them at remote Security Center systems that operate independently of the
central system and of each other.
• Allow local Security Center administrators to decide what global cardholders can or cannot
access at their local facilities.
• Allow local Security Center administrators make changes to global cardholders and their
related entities, and propagate these changes to other sharing parties.
• Allow local system administrators keep exclusive ownership of their local cardholders and
related entities, while sharing global cardholders with other systems.
Practically speaking, an organization that has multiple Security Center systems deployed at
different locations can have these independent installations share information with a
centralized human resource management system.
Each local office continues to manage the employees working at their local office, such as
maintaining the employee profile, photo ID, credentials, etc. For employees that need to travel
from site to site, that same information can be shared among all sites within the organization.

How does global cardholder management work?

This section includes the following topics:
• "Architecture overview" on page 301
• "What is the sharing host?" on page 301
• "What is the sharing guest?" on page 302

[Link] | Security Center Administrator Guide 5.2 300

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

• "What is the Global Cardholder Synchronizer?" on page 302

• "Differences between Federation and GCM" on page 303
• "Differences between Active Directory integration and GCM" on page 304

Architecture overview
In order to share cardholders across multiple independent Security Center systems, one of the
system must act as the sharing host, while the others act as sharing guests.

What is the sharing host?

The sharing host is the Security Center system you choose to initiate the sharing process. You do
this by creating a global partition on that system. All cardholders, cardholder groups, credentials,
and badge templates which are members of the global partition automatically become available
for sharing. Other types of entities can be part of the global partition, but will not be visible to
the sharing guests.

[Link] | Security Center Administrator Guide 5.2 301

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

The sharing host owns the master copy of the global partition and the entities that are in it. All
changes made by the sharing guests to the content of the global partition must first be validated
by the sharing host before they are propagated to other sharing parties.
The global partition is like a central database, the sharing host is like the database server, while
the sharing guests are like the database clients. There is no limit to the number of global
partitions a host system can share.

What is the sharing guest?

The sharing guest is a Security Center system that participates in the sharing process. This is
achieved by creating a Global Cardholder Synchronizer (GCS) role on that system, and using it
to connect the sharing guest to the sharing host.
As the sharing guest administrator, you can decide which partitions shared by the host are of
interest to your system. The GCS role then creates a copy of the selected shared partitions and
entities on your local system. Only cardholders, cardholder groups, credentials, and badge
templates are eligible for sharing. The shared entities are visually identified with a green icon
( ) superimposed over the regular entity icon.
You can assign local access rules and credentials to global cardholders to grant them access to
your local areas, doors, and elevators. You can add, modify, and delete entities from the global
partition. However, what you can actually do is dependent on the rights of the user representing
the GCS role on the sharing host. All changes made to global entities on the guest system must
be validated on the host system. All modifications rejected on the host system are also rejected
on your local system.

What is the Global Cardholder Synchronizer?

The Global Cardholder Synchronizer (GCS) is the role running on the sharing guest (the remote
system) that ensures the two-way synchronization of the shared cardholders and their related
entities between the sharing guest and the sharing host.

The host-to-guest synchronization can be performed in three different ways:

• In real time. The guest system is updated immediately when changes are made on the host
system.
• On demand. The guest system is synchronized only when it is requested by a user.
• On schedule. The guest system is synchronized on schedule via a scheduled task. For more
information, see "Using scheduled tasks" on page 109.
The guest-to-host synchronization is always performed immediately by the GCS role because
all changes to the shared partitions must be validated by the host system before they can be
accepted by the guest system. The host system processes the change requests on a first come first
served basis.

[Link] | Security Center Administrator Guide 5.2 302

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

Differences between Federation and GCM

The following table highlights the differences between Federation and global cardholder
management in their attempts to share cardholders and other information.

Federation (applied to access control) Global Cardholder Management (GCM)

Purpose: Central activity/event monitoring Purpose: Sharing of a central configuration

Allows an organization to monitor from a Allows an organization to share the common

central location (federation host), the access configuration of access control entities, hosted at a
control events and activities at independent central location (sharing host), with independent
remote locations (federated sites). remote locations (sharing guests).

The federation host uses the Security Center The remote sites use the Global Cardholder
Federation role to connect to the remote sites. Synchronizer role to connect to the sharing host.

Entities created at remote sites are federated at Entities created at the central system are shared at
the central system. the remote sites.

The federation host can observe, but cannot The remote site can add, modify, and delete the
change anything on the remote sites. entities that are shared by the host with all other
remote sites (two-way synchronization).

A federated site has no visibility on what is All sharing guests have the same read/write access to
going on at the federation host or other all shared (global) entities, while maintaining full
federated sites. ownership of the local entities.

Almost all entities that generate events can be Only cardholders, cardholder groups, credentials,
federated (monitored). and badge templates can be shared.

Custom fields are not federated. All custom fields and data types are shared.

A federated cardholder can be granted access to A global cardholder can be granted access to all
the facility managed by the federation host, but facilities participating in the sharing.
not the reverse.

Best practice: Federation and GCM are best used together on the same system to complement
each other. For more information, see "Rules concerning federation and global entities" on
page 306.

[Link] | Security Center Administrator Guide 5.2 303

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

Differences between Active Directory integration and GCM

The following table highlights the differences between Active Directory integration and global
cardholder management in their attempts to centralize cardholder information management.

Active Directory integration Global Cardholder Management (GCM)

Purpose: Centralized employee (users and Purpose: Centralized employee (cardholders)

cardholders) security management security management

Allows an organization to manage the employee Allows an organization to manage the cardholder
information from a central location, and share information from a central location, and share it
it with a single Security Center system (users with all Security Center systems within the
and cardholders). organization.

The corporate directory service is the One Security Center system acts as the information
information source. Security Center gets the source (sharing host), and shares it with all other
employee information from the corporate Security Center systems within the organization
directory service. (sharing guests).

The Security Center system connects to the The sharing guests connect to the information
information source (directory service) via the source (sharing host) via the Global Cardholder
Active Directory role. Synchronizer role.

Custom fields defined on the Active Directory All custom fields and data types are shared.
can be linked to Security Center custom fields.

The shared employee information can only be The shared information can be modified by all
modified on the Active Directory. Only the sharing parties. The sharing host validates and
cardholder picture can be loaded in Security propagates the changes to all sharing parties.
Center and updated on the Active Directory.

The source information can only be shared The central Security Center system can share the
with one Security Center system. If multiple cardholder information with as many satellite
Security Center systems need to share the same Security Center systems as necessary.
information, they need to connect individually
to the corporate directory service.

Best practice: Active Directory integration and GCM are best used in tandem. The sharing
host should be the only system that integrates with the Active Directory. This solution keeps
the Active Directory protected on the corporate LAN, while the sharing host only pushes the
employee information that need to be shared to the satellite systems.

[Link] | Security Center Administrator Guide 5.2 304

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

Rules and restrictions regarding GCM

Global cardholder management is governed by the following sets of rules:
• "Rules concerning local and global partitions" on page 305
• "Rules concerning local and global entities" on page 305
• "Rules concerning global custom fields and data types" on page 306
• "Rules concerning federation and global entities" on page 306
• "Rules concerning Active Directory and global entities" on page 307

Rules concerning local and global partitions

• A sharing guest cannot have more than one host.
Only one instance of the GCS role is allowed per system.
• A global partition cannot be modified on a sharing guest, but its members can.
What the sharing guest is actually allowed to modify is subject to the privileges of user
assigned to the GCS role.
• No system is allowed to share what it does not own. Two-tier sharing is not permitted.
A corollary to this rule is that a local partition cannot be converted into a global partition if
it contains global entities, unless it is performed on the host system.
• Adding a local entity to a global partition transfers the ownership of that entity from its
local owner (sharing guest) to the partition owner (sharing host).
• Deleting a global entity on a sharing guest also deletes it on the sharing host, unless that
entity also belongs to another global partition, in which case, only its membership is
removed from the first partition.

Rules concerning local and global entities

• An entity is global by virtue of its membership to a global partition.
This means that a cardholder does not automatically become global simply because its
parent cardholder group is global.
• Local access rules can apply to local and global cardholders alike.
Access rules are never shared. This ensures that local administrators always have full control
over the security of their local facilities.
• Global cardholders/groups can become members of local cardholder groups.
• Local cardholders/groups cannot become members of global cardholder groups.
An exception to this rule is when both entities belong to the same system. In this case, the
local cardholder would not be shared, although the cardholder group is.
• Both global and local credentials can be assigned to global cardholders.
• Global credentials cannot be assigned to local cardholders.

[Link] | Security Center Administrator Guide 5.2 305

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

• Global credentials using custom card formats can be used and edited on the sharing guest.
However, the credential data would only be visible if the corresponding custom card format
(XML file) is also defined on the sharing guest. For more information, see "Custom card
format editor" on page 676.
Best practice: It is always recommended to apply access rules to cardholder groups rather than
individual cardholders. For this reason, it is recommended to share the cardholders along with
their parent cardholder groups. If this is not feasible for any reason, then we recommend that
you create a local cardholder group for the global cardholders.

Rules concerning global custom fields and data types

• Custom fields and data types defined for global entities are automatically shared when the
global entities are shared.
• Global custom field and data type definitions cannot be modified on the sharing guest.
• Global and local custom fields remain separate even when they use the same name. They
are differentiated by their owner, which is the system that defines them.
• Global data types cannot be used to define local custom fields.
• Global entities’ custom field values can be modified on sharing guests.
• Global custom fields also apply to local entities, but their values stay local.
• Local custom fields also apply to global entities, but their values stay local.
• When a guest system stops sharing a global partition, all local copies of the shared global
entities, and the local entities’ global custom field values are deleted.
Best practice: If you are to implement GCM within your organization, we recommended that
you define all custom fields and data types for global entities on the sharing host.

Rules concerning federation and global entities

• If a sharing host also federates its sharing guest, only the local entities belonging to the
sharing guest are federated. The entities that are shared will not be federated on the sharing
host.
• The sharing host which also happens to be a federation host should not share the entities it
federates by adding them to a global partition because it does not own the federated entities.
An entity can only be shared by its rightful owner.
For the federated entities to become shared, the federated system has to become a sharing
guest of the federation host. This will give the federation host the rights to share any of the
federated entities.
• A sharing guest which happens to federate a third system cannot share its federated entities
with the sharing host because it is not the owner of the federated entities.
• If a sharing guest is federated by another system, both its local and global entities will
appear as federated entities on the federation host.
For more information, see "Identification of federated entities" on page 128.

[Link] | Security Center Administrator Guide 5.2 306

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

Rules concerning Active Directory and global entities

• Cardholders and cardholder groups imported from an Active Directory can be added to a
global partition on the sharing host.
• Cardholders and cardholder groups imported from an Active Directory that is local to the
sharing guest cannot be added to a global partition because the Active Directory and the
sharing host cannot both be owners of the shared cardholders.
• Global cardholders and cardholder groups imported from an Active Directory must only be
modified via the directory service that owns them.
CAUTION Although it is possible to modify global cardholders and cardholder groups
imported from an Active Directory on the sharing guest, these changes are temporary. You
will lose the changes you made when the sharing host synchronizes with the Active Directory.
Best practice: If all cardholder data entry must be centralized, the system that imports
cardholders from your corporate Active Directory should act as the sharing host, and all
modifications must be made using the directory service. For more information, see "Importing
cardholders from an Active Directory" on page 287.

Configuring global cardholder management

This section includes the following topics:
• "Global cardholder management setup prerequisites" on page 307
• "Global cardholder management setup procedure" on page 308
• "Configure a partition for sharing" on page 308
• "Configure the Global Cardholder Synchronizer" on page 308

Global cardholder management setup prerequisites

• Decide which Security Center system is going to be your sharing host.
It is typically the system running at your head office or the system that is synchronized with
your corporate Active Directory. For more information, see "Differences between Active
Directory integration and GCM" on page 304.
• If the sharing host is protected behind a firewall, you need to open a port to allow the GCS
role to connect to the host system. For more information, see "Common communication
ports" on page 786.
• Decide what types of updates the users on the guest systems are allowed to perform on the
shared global partitions. You can limit their range of actions by restricting the privileges of
the user representing the GCS roles on the host system.

[Link] | Security Center Administrator Guide 5.2 307

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

Global cardholder management setup procedure

Before you begin: Read "Rules and restrictions regarding GCM" on page 305, and "Global
cardholder management setup prerequisites" on page 307.
1 On the sharing host, create a global partition or change the status of a local partition to
global. Create as many global partitions as necessary.
For more information, see "Configure a partition for sharing" on page 308.
2 Create a user with the proper level of administrative privileges over the shared entities to be
used to connect the GCS roles to the host system.
You might have to create more than one user accounts if the sharing guests have different
update requirements. For more information, see "Defining users" on page 93.
3 On the sharing guest:
a Create a GSC role and synchronize the sharing guest with the sharing host. For more
information, see "Configure the Global Cardholder Synchronizer" on page 308.
b Assign local users and partition managers to shared partitions ( ).
c Apply local access rules to shared cardholders ( ) and cardholder groups ( ).
d (Optional) Custom card formats are not shared. If you have shared credentials that use
custom card formats, the credentials will work on your local system, but you will not be
able to view the card data fields unless the custom card format in use is also defined on
your local system. For more information, see "Custom card format editor" on page 676.
e (Optional) Create a scheduled task to synchronize periodically your local system to the
host. For more information, see "Using scheduled tasks" on page 109.
4 Repeat Step 3 for every sharing guest you have.

Configure a partition for sharing

Entity sharing is initiated on the sharing host by setting a partition as global.
Before you begin: You cannot share the Public partition.
1 From the Home page in Config Tool, open the Security task.
2 CLick the Partitions view, and select the partition you want to share.
3 CLick the Properties tab, and switch the Global partition option to ON.
The partition is now visible to all GCS roles connected to this system. Only cardholders,
cardholder groups, credentials, and badge templates are shared.

Configure the Global Cardholder Synchronizer

You must create and configure the Global Cardholder Synchronizer (GCS) role to connect your
local system to the sharing host.
1 From the Home page in Config Tool, open the System task.
2 Click the Roles view, and click Add an entity ( ) > Global Cardholder Synchronizer.

[Link] | Security Center Administrator Guide 5.2 308

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

3 In the Specific info page, enter the following parameters, and click Next.
 Server. Server where this role will be hosted.
 Directory. Sharing host’s main server name. If anything else than the default connection
port (5500) is used, you must explicitly indicate the port number after the Directory
name, separated by a colon. For example: HostServer:5888.
 Username and Password. Credentials used to connect to the sharing host. The extent of
what the sharing guest can do on the global partition will be limited by what this user can
see and do on the sharing host.
The user must have the Global Cardholder Synchronizer privilege on the sharing host in
order to connect.
 Synchronize automatically. Select this option to have the GCS to update the guest system
immediately, every time a change is made on the host.
We recommend to leave this option cleared (default) if you plan to make massive updates
on the host.
4 In the Basic information page, enter the name, description, and partition where the GCS
role should be created. For more information, see "Common entity attributes" on page 38.
5 Click Next, Create, and Close.
A new Global Cardholder Synchronizer ( ) role is created. Wait a few seconds for the role
to connect to the sharing host.
6 Click the Properties tab.
The partitions shared by the host are listed under Global partitions. For more information,
see "Properties" on page 562.
7 Select the partitions you want your local system to share and click Apply.
8 Click Synchronize now ( ).
The GCS role will create a local copy of all shared entities on your system. This might take a
while depending on how many entities you are sharing.
After you are done: Configure the global entities you shared so they can be used on your local
system. Also, consider setting the GCS role to synchronize automatically or to synchronize on a
schedule. For more information, see "Using scheduled tasks" on page 109.

Operating on global entities

A global entity is an entity that is shared across multiple independent Security Center systems by
virtue of its membership to a global partition. Only cardholders, cardholder groups, credentials,
and badge templates are eligible for sharing.
This section includes the following topics:
• "Start sharing an entity" on page 310
• "Stop sharing an entity" on page 310
• "Override the cardholder synchronization" on page 311

[Link] | Security Center Administrator Guide 5.2 309

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

Start sharing an entity

You share an entity by adding it to a global partition. This can be done from both the sharing
host or the sharing guest. You can also create a new entity directly in a global partition.
1 From the Home page Config Tool, open the Security task.
2 Click the Partitions view, and select the global partition you want to share it from.
3 Click the Properties tab, and under the Members section, click Add ( ).
4 In the Search dialog box that appears, pick the entity you want to share, and click Select.
On the sharing guest, only cardholders, cardholder groups, credentials, and badge templates
can be added to a global partition.
5 In the confirmation dialog box that appears, click Continue.
On the sharing host, the effect of this action is immediately visible. On a sharing guest, the
newly shared entity will not appear until after a synchronization is performed, unless the GCS
role is configured for automatic synchronization.

Stop sharing an entity

You stop sharing an entity by removing it from its global partition. This can be done from both
the sharing host or the sharing guest.
CAUTION Removing a shared entity from a global partition deletes it from all other systems that
might be sharing it, even from the sharing host.
1 From the Home page Config Tool, open the Security task.
2 Click the Partitions view, and select the global partition you want to share it from.
3 Click the Properties tab.
4 In the Members section, select the entity you want to stop sharing, and click Remove ( ).
5 To confirm the action, click Remove.
If this action is performed on a sharing guest, the entity is converted from a global to local
entity.
After you are done: Move the local entity to a local partition if it does not belong to any, so non
administrative users can have access to it.

[Link] | Security Center Administrator Guide 5.2 310

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Managing global cardholders

Override the cardholder synchronization

When the connection between the GCS role and the sharing host is lost, all global entities at the
sharing guest become inactive (red). This means that you can no longer make any changes to
them because they cannot be validated by the sharing host. If for any reason, you urgently need
to deactivate a cardholder, for instance, an employee has just been fired, you can temporarily
override the synchronization.
1 From the Home page Config Tool, open the Access control task.
2 Click the Cardholders view, and select the global cardholder you need to deactivate.
3 Click the Properties tab, and switch the Status option to Override.
The cardholder icon changes to . You are now free to change the cardholder’s status
properties.
4 Make the necessary changes and click Apply.
After you are done: Remember to turn the synchronization back on when the connection with
the sharing host is re-established.

[Link] | Security Center Administrator Guide 5.2 311

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing access control health events

Viewing access control health events

You can view health events related to access control entities, using the Access control health
history report.

This report is similar to the Health history report, but the query only includes access control
entities. The access control entities that can produce health events include access control units,
doors, areas, and elevators.

To search for access control health events:

1 From the Home page, open the Access control health history task.
2 Generate your report (see "Generate a report" on page 30).
The access control health events are listed in the report pane. For information about the
report columns available, see "Report pane columns" on page 730.

[Link] | Security Center Administrator Guide 5.2 312

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Investigating access control unit events

Investigating access control unit events

You can investigate events related to access control units, using the Access control unit events
report.

To view the properties of all the access control units that are part of your system, see "Viewing
properties of units in your system" on page 184.

To investigate access control unit events:

1 From the Home page, open the Access control unit events task.
2 Generate your report (see "Generate a report" on page 30).
The access control unit events are listed in the report pane. For information about the
report columns available, see "Report pane columns" on page 730.
EXAMPLE If you want to see if any critical events happened relating to access control units in
the last week (for example, Hardware tamper), you can search for that event, and set a time
range.

[Link] | Security Center Administrator Guide 5.2 313

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing IO configuration of access control units

Viewing IO configuration of access control units

You can view the IO configurations (controlled access points, doors, and elevators) of access
control units, using the IO configuration report.

To view the properties of all the access control units that are part of your system, see "Viewing
properties of units in your system" on page 184.

To view the IO configuration of an access control unit:

1 From the Home page, open the IO configuration task.
2 Generate your report (see "Generate a report" on page 30).
The input and output configurations of the selected access control units are listed in the
report pane. For information about the report columns available, see "Report pane
columns" on page 730.
EXAMPLE You can search a for a specific door, and see how the access through each door side
is configured (REX, readers, IO modules, and so on).

[Link] | Security Center Administrator Guide 5.2 314

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Replace access control units

Replace access control units

If an access control unit fails and is offline in Security Center ( ), you can replace the unit with
a compatible one. This process copies the configuration settings, associations to doors, elevators,
and zones, and event logs from the old unit, so you do not have to configure the new one.
Before you begin: The new access control unit must be the same brand and model as the old
one, or you will receive the following error message: Units’ extension does not match.
1 Add a new access control unit to the Access Manager controlling the old unit.
For information about adding an access control unit, see "Adding access control units to
your system" on page 264.
2 Temporarily deactivate the Access Manager.
a In the Access control task, select the Access Manager.
b In the Contextual commands toolbar, click Deactivate role ( ).
c In the confirmation dialog box that opens, click Continue.
The Access Manager and all the access control units controlled by the role turn red.
3 Click the Home tab, and then click Tools > Unit replacement tool.
4 In the Unit type option, select Access control units.
5 Select the Old and the New access control units.
For more information about searching for entities, see "Search for entities using the Search
tool" on page 43.
6 Click Swap.
The configuration settings of the old access control unit are copied to the new one.
7 Click the Access control task, and select the new unit.
8 Verify that the configuration settings are all correct.
9 In the Logical view, right-click the old unit, and click Delete ( ).
10 In the confirmation dialog box that opens, click Continue.
11 Right-click the Access Manager, and click Activate role ( ).

[Link] | Security Center Administrator Guide 5.2 315

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Replacing HID VertX 1000 units with SMC units

Replacing HID VertX 1000 units with SMC units

You can replace an HID VertX 1000 access control unit with a Synergis Master Controller (SMC)
unit.
What you should know
This procedure copies the configuration settings and associations to doors and zones from the
V1000 to the SMC unit, so you do not have to configure the SMC unit.
NOTES
• The access control unit events logged in the Access Manager from the V1000 are not copied.
The events remain in the database, but you cannot search for them using the SMC unit.
• The following V1000 inputs and outputs are not copied to the SMC unit: V1000 - AC Fail,
V1000 - Bat Fail, V1000 - Input 1, V1000 - Input 2, V1000 - Relay 1, and V1000 - Relay 2.
Before you begin
Do the following:
1 Backup the Directory database from the Server Admin (see "Back up your role database" on
page 57).
2 Physically disconnect the V1000 unit, and make sure it is offline in Security Center ( ).
3 Assemble and install the SMC and its hardware components. For information, see the
Synergis Master Controller Hardware Installation Guide.
IMPORTANT You must set up the SMC with same interface modules that you disconnected
from the V1000, or you will not be able to replace the V1000 with that SMC unit in Security
Center.
4 Configure the SMC unit, and add it in Security Center. For more information, see the
Synergis Master Controller Configuration Guide.

To replace a VertX 1000 unit with an SMC unit:

1 From the Home page in Config Tool, click Tools > V1000 - SMC.
2 In the Connection dialog box, type your Security Center Username and Password, and
then click Connect.
3 From the Offline V1000 units drop-down list in the Mapping tool, select the offline V1000
unit.
4 From the Available SMC units drop-down list, select the SMC unit to replace the old unit
with.
NOTE The SMC unit is only available in the list if it is configured with the same number of
interface modules as the V1000.
The ports used by the V1000 and SMC unit are listed in the Channel section, and the
interface modules connected to those ports are listed below.

[Link] | Security Center Administrator Guide 5.2 316

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Replacing HID VertX 1000 units with SMC units

5 If the interface modules are not pointing to the correct SMC ports, you must manually map
the ports in the Channel section as follows:
a For the interface modules that were previously connected to port A on the V1000, type
the SMC port they are physically connected to (A-D).
b Repeat Step a for the interface modules that were previously connected to port B on the
V1000.
6 Click Apply.
The V1000 configuration settings are copied to the SMC unit.
7 Click Close.
8 Remove the V1000 unit from Security Center as follows:
a From the Home page open the Access control task.
b Click the Roles and units tab, and then select the offline V1000 unit.
c From the bottom of the Config Tool window, click Delete ( ).

[Link] | Security Center Administrator Guide 5.2 317

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshoot HID discovery and enrollment

Troubleshoot HID discovery and enrollment

The following section discusses the troubleshooting tips for HID units.
This section includes the following topics:
• "Common discovery and enrollment issues" on page 318
• "HID unit cannot be found with the discovery tool" on page 319
• "HID unit enrollment issues" on page 319

Common discovery and enrollment issues

Best practice: Use the following best practices to resolve HID unit issues common to discovery
and enrollment.
• Are the computers on which the Config Tool and Access Manager are running, behind a
firewall? Ports 4050 TCP and 4070 UDP must be unblocked.
• Has the HID VertX device extension been added to the Access Manager in the Server
Admin? For more information, see "Extensions" on page 517.
• Has the HID extension properly loaded in the Access Manager? To validate:
a Open console session to the Access Manager. Open a web browser and go to the URL
[Link] name or IP)/Genetec/console
NOTE If you cannot connect to the console ensure that console access is enabled in the
Server Admin, under the Genetec Server tab.
b Click the Commands tab at the top of the page.
c Under the column User Commands on the left, expand Access Manager and click
Status.
d A status query will be sent to the Access Manager and the response will contain the
extensions that are loaded.
e Ensure that the following line is shown in the status results: HID VertX:4070 = X units.
• Is the unit set to a static IP address? If so, then the DNS must also be set, otherwise the unit
might have issues enrolling or connecting. In the HID Configuration GUI, set the primary
and secondary DNS to the appropriate values. If you do not know your network’s DNS, set
the unit’s own IP address as the primary and secondary DNS server. To access the HID
Configuration GUI, point a browser to the unit’s IP address.
• Ensure no other application is blocking port 4070, 4050, and 20. Stop the Access Manager,
and at the Microsoft Windows command prompt, run netstat -na.

To open Command Prompt:

• Click Start, click Run, type cmd, and then click OK.

[Link] | Security Center Administrator Guide 5.2 318

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshoot HID discovery and enrollment

HID unit cannot be found with the discovery tool

Best practice: Use the following best practices to resolve HID unit discovery issues.
• Is the Host Name in the Advanced Setup of HID VertX web page not set or has more than
15 characters? If so, the unit cannot be discovered.
• Is the unit on the same network subnet as the PC on which the Config Tool is running?
Discovery will only work within the same broadcast domain.
• Ensure no other application is already listening on ports 4070 and 4050. At the Microsoft
Windows command prompt, run netstat -na. To open Command Prompt, click Start, click
Run, type cmd, and then click OK.
• Ensure the firmware of the unit is up to date.

HID unit enrollment issues

Symptoms of enrollment issues include:
• Unit cannot be enrolled.
• Unit is enrolled but its icon remains red.
• Unit connects and disconnects continuously.
• Unit begins enrolling and fails at 67%
Best practice: Use the following best practices to resolve HID unit enrollment issues.
• Can you ping (check connectivity) and telnet (check credential) the unit from the machine
running the Access Manager? Proceed as follows:
a Ping the unit. At the Microsoft Windows command prompt, run ping w.x.y.z (w, x, y, and
z is the IP address of the unit). To open the Command Prompt, click Start, click Run,
type ping w.x.y.z, and then click OK.
A report is generated. It should show that no packets were lost.
b Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z.
Login to the unit. If the login is successful, there is connectivity to the unit.
• Is the unit on the same network subnet as the PC on which the Access Manager is running?
If not, you can enroll this unit manually as long as you know its IP address. (The unit must
be set to use a static IP address.) For more information, see "Add an HID unit manually" on
page 265.
• Is the unit firmware up to date? Is the interface board firmware up to date? The required
firmware version is shown in the Security Center Release Notes.
• Verify the network card binding and database configuration for the Access Manager is
correctly set. For more information, see "Configuring the Access Manager role" on page 263
and "Access Manager" on page 515.
• Is the Access Manager behind a NAT? If so you must specify the translated host address for
the Access Manager. For more information, see "Add an HID unit manually" on page 265.

[Link] | Security Center Administrator Guide 5.2 319

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshoot HID discovery and enrollment

• Verify that no other Access Manager is currently connected to the HID unit.
i Stop your Access Manager. (Config Tool > Role View > Deactivate)
ii Telnet the unit. At the Microsoft Windows command prompt, run telnet w.x.y.z (w, x,
y, and z is the IP address of the unit). To open the Command Prompt, click Start, click
Run, type telnet w.x.y.z, and then click OK.
iii Login to the unit. (Default: user=root / password =pass)
iv At the prompt, type netstat -na.
A list of network connections is shown.
There should be no one connected to port 4050.
• Verify that any HID units (and connected interfaces) are wired to not generate tamper or
door held open alarms, access granted or access denied events. Tamper and door held open
alarms will trigger repeatedly. Upon connection, any such alarms and events have to be
downloaded from the unit which can slow-down the enrollment process. Symptoms of this
is the unit is difficult to enroll, the unit connects and disconnects, or the unit beeps.
• The last solution is to upgrade the unit’s firmware. Refer to the Security Center Release
notes for a list of supported firmware versions or, contact Genetec Technical Assistance. For
more information, see "Technical support" on page 878.

[Link] | Security Center Administrator Guide 5.2 320

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Finding out which entities are affected by access rules

Finding out which entities are affected by access rules

You can find out which entities and access points are affected by a given access rule, using the
Access rule configuration report.

In the report results, you can see the members of the access rule, such as the cardholders, doors,
and the associated schedule. This helps you determine if you must add or remove entities, or
adjust the schedule.

For more information about modifying the members of an access rule, see "Configuring access
rules" on page 284.

To find out which entities are affected by an access rule:

1 From the Home page, open the Access rule configuration task.
2 In the Query tab, select the access rule to investigate.
For more information, see "Searching for tasks and entities" on page 42.
3 In the Expand cardholder groups option, select Enable to list the members of the affected
cardholder groups in the report instead of the cardholder groups themselves.
4 In the Include perimeter entities option, select Enable to include the perimeter entities of
the affected areas in the report.
5 Click Generate report.
The entities and access points affected by this access rule are listed in the report pane. For
information about the report columns available, see "Report pane columns" on page 730.

[Link] | Security Center Administrator Guide 5.2 321

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing properties of cardholder group members

Viewing properties of cardholder group members

You can find out the members of a cardholder group, and view any associated cardholder
properties (first name, last name, picture, status, custom properties, and so on) of the
cardholders, using the Cardholder configuration task.

You can search for a specific cardholder group to see which cardholders are members of that
group. You also can search for expired or inactive cardholders so see if there are any in your
system.

To view the properties of cardholder group members:

1 From the Home page, open the Cardholder configuration task.
2 Generate your report (see "Generate a report" on page 30).
The cardholders that are members of the selected cardholder groups are listed in the report
pane. For information about the report columns available, see "Report pane columns" on
page 730.
3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the
canvas.
4 To view additional cardholder information in the tile, click .

[Link] | Security Center Administrator Guide 5.2 322

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing credential properties of cardholders

Viewing credential properties of cardholders

You can view credential properties (status, assigned cardholder, card format, credential code,
custom properties, and so on) of cardholders, using the Credential configuration report.

To view the credential properties of a cardholder:

1 From the Home page, open the Credential configuration task.
2 Generate your report (see "Generate a report" on page 30).
The credential properties the selected cardholder are listed in the report pane. For
information about the report columns available, see "Report pane columns" on page 730.
3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the
canvas.
4 To view additional cardholder information in the tile, click .
EXAMPLE If you requested a credential for a cardholder, and want to see if it was activated, you
can search for that cardholder. The Credential status column indicates if the credential is in the
Requested or Active state. You can also see if there are any credentials currently listed as lost or
stolen.

[Link] | Security Center Administrator Guide 5.2 323

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 How the Access troubleshooter tool works

How the Access troubleshooter tool works

You can detect and diagnose access configuration problems, using the Access troubleshooter tool.
The Access troubleshooter allows you to:
• Find out who has the right to pass through an access point at a given date and time.
• Find out which access points a cardholder is allowed to use at a given date and time.
• Find out why a given cardholder can, or cannot use an access point at a given date and time.
The Access troubleshooter is most accurate when examining an event that just occurred. When
using the troubleshooter to investigate a past event (denied access, for example), keep in mind
that the configurations might have changed since the event occurred. The troubleshooter does
not take past settings into consideration. It only evaluates a situation based on the current
settings.

[Link] | Security Center Administrator Guide 5.2 324

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting access points

Troubleshooting access points

You can find out who has the right to pass through a door side (or elevator floor) at a given date
and time, using the Door troubleshooter tab in the Access troubleshooter tool.

The door troubleshooter does not examine each cardholder’s credentials. You can further
diagnose the cardholder’s access rights by clicking the Access diagnosis ( ) tab (see
"Diagnosing cardholder access rights based on credentials" on page 327).

To troubleshoot an access point:

1 From the Home page, click Tools > Access troubleshooter.
2 In the Access troubleshooter dialog box, click the Door troubleshooter tab.
3 Select the date and time you want to the troubleshooter to base its evaluation on.
Only access rules are evaluated based on the specified date and time.
4 Select the access point that you want the troubleshooter to examine:
 If you select a door, specify a door side.
 If you select an elevator, specify a floor.
5 Click Go.
The active cardholders who have the rights to use the selected access point at the specified
time, based on the current access rules, are listed.

[Link] | Security Center Administrator Guide 5.2 325

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshooting cardholder access rights

Troubleshooting cardholder access rights

You can find out which access points a cardholder is allowed to use at a given date and time,
using the Cardholder troubleshooter tab in the Access troubleshooter tool.

The cardholder troubleshooter does not examine each cardholder’s credentials. You can further
diagnose the cardholder’s access rights by clicking the Access diagnosis ( ) tab (see
"Diagnosing cardholder access rights based on credentials" on page 327).

To troubleshoot a cardholder’s access rights:

1 From the Home page, click Tools > Access troubleshooter.
2 In the Access troubleshooter dialog box, click the Cardholder troubleshooter tab.
3 Select the date and time you want to the troubleshooter to base its evaluation on. Only
access rules are evaluated based on the specified date and time.
4 Select the cardholder that you want the troubleshooter to examine. Instead of a cardholder,
you can also select a credential or a visitor.
NOTE The entities that are currently inactive are greyed out.
5 Click Go.
The access points that the selected cardholder (or visitor) has the right to use at the
specified time, based on the current access rules, are listed.

[Link] | Security Center Administrator Guide 5.2 326

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Diagnosing cardholder access rights based on credentials

Diagnosing cardholder access rights based on credentials

You can diagnose why a cardholder with a given credential can, or cannot access a given door or
elevator, at a given date and time, using the Access diagnosis tab in the Access troubleshooter tool.

To diagnose a cardholder’s access rights based on their credential:

1 From the Home page, click Tools > Access troubleshooter.
2 In the Access troubleshooter dialog box, click the Access diagnosis tab.
3 Select the date and time you want to the troubleshooter to base its evaluation on.
4 Select the cardholder you want to examine. Instead of a cardholder, you can also select a
credential or a visitor.
5 If the selected cardholder has more than one credential, specify the one you want to
examine.
6 Select an access point to examine.
 If you select a door, specify a door side.
 If you select an elevator, specify a floor.
7 Click Go.
The troubleshooter produces a diagnosis based on the current system configuration, taking
into consideration the access rules, and both the cardholder’s and the credential’s activation
and expiration dates.

[Link] | Security Center Administrator Guide 5.2 327

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Finding out who is granted access to doors and elevators

Finding out who is granted access to doors and elevators

You can verify which cardholders are granted access to a particular door side or elevator floor at
a specific date and time, using the Door troubleshooter report.

This report is helpful, because it allows you to see what the configuration of a door or elevator
is, and determine if their properties must be adjusted.
For more information about troubleshooting your access control configurations, see
"Troubleshooting access points" on page 325. For more information about modifying the
properties of a door or elevator, see "Configuring doors" on page 271 and "Configuring
elevators" on page 277.

To find out who is granted access to a door or elevator:

1 From the Home page, open the Door troubleshooter task.
2 In the Query tab, select a date and time range for the report.
3 Select a door or elevator you want to investigate.
For more information, see "Searching for tasks and entities" on page 42.
4 From the Access point drop-down list, select the access point (door side or elevator floor)
you want to verify.
5 Click Generate report.
All cardholders who can go through the selected access point at the specified time are listed
in the report pane. For information about the report columns available, see "Report pane
columns" on page 730.

[Link] | Security Center Administrator Guide 5.2 328

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Finding out who is granted/denied access at access points

Finding out who is granted/denied access at access points

You can find out which cardholders are currently granted or denied access to selected areas,
doors, and elevators, using the Cardholder access rights report.

This report is helpful, because it allows you to see where a cardholder can go, and when, and
determine if their access rule properties must be adjusted.

For information about modifying a cardholder’s access rights, see “Assigning access rules to
cardholders” in the Security Desk User Guide.
TIP Perform your query on one access point at a time, so your report is more specific.

To find out who is granted/denied access at an access point:

1 From the Home page, open the Cardholder access rights task.
2 Generate your report (see "Generate a report" on page 30).
The cardholders associated with the selected access point through an access rule are listed in
the report pane. The results indicate if the cardholder is granted or denied access, and by
which access rule.
For information about the report columns available, see "Report pane columns" on
page 730.
3 To show a cardholder in a tile, double-click or drag a cardholder from the report pane to the
canvas.
4 To view additional cardholder information in the tile, click .

[Link] | Security Center Administrator Guide 5.2 329

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshoot door issues

Troubleshoot door issues

The following section discusses the troubleshooting tips for doors.
This section includes the following topics:
• "Request to exit events" on page 330
• "Credential issues" on page 330
• "Resolution of reader issues" on page 331

Request to exit events

Issue: The logs for a door shows far too many request to exit events for the actual amount of door
activity.
Description: Sometimes a request to exit event is triggered when people are entering an area.
This door is equipped with an automatic request to exit device (based on a motion detection
sensor).
Solution: Depending on the quality of the automatic request to exit device and how it is
installed, the device will trigger on any activity near the door. The Security Center has filters in
the Door, Properties tab that you can configure to reduce the number of false request to exit
events.

For more information, see "Properties" on page 409.

Credential issues
Issue: A credential does not work at a door or elevator, and the reason is unclear.
Description: For a credential to be granted access at a given door side or to an elevator floor, a
number of conditions have to be met. For example:
• The credential’s profile must be enabled
• The credential must be associated to a cardholder
• The cardholder’s profile must be enabled

[Link] | Security Center Administrator Guide 5.2 330

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Troubleshoot door issues

• There must be at least one access rule that specifically grants access for that cardholder or
the cardholder’s cardholder group.
If these settings are not correct, access will be denied.
Solution: The easiest way to determine what is the reason for denied access is to use the Access
troubleshooter. For more information, see "Access troubleshooter" on page 658.

Resolution of reader issues

Best practice: Use the following best practices to resolve reader issues.
• Ensure you are using the right type of card technology for the reader. For example, some
readers are multi-technology (can read 125 kHz and 13.56 MHz cards), other readers can
read only one card type.
• Is the card defective? Try another card.
• Is the reader installed too close to another one? Readers emit an electromagnetic field that
can interfere with other readers located nearby. Test this by disconnecting the power to one
reader and see if the other reader starts to operate correctly.
• Are you using the proper cable for the reader (see the reader and unit documentation for
the maximum cable length and type)? Test this by connecting a spare reader directly to the
unit with a short cable. If it works, change the cable.

[Link] | Security Center Administrator Guide 5.2 331

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Part V

AutoVu IP license plate

recognition
Learn how to set up, configure, and manage your AutoVu system in Security Center.
This part includes the following chapters:
• Chapter 12, “Deploying AutoVu” on page 333
 12
Deploying AutoVu
AutoVu deployment is explained in a separate document, the AutoVu Handbook. Click the link
below to open the most recent version of the AutoVu Handbook:
[Link] Handbook 5.2
[Link]

Why have a separate document for AutoVu?

Although you configure many AutoVu settings from Security Center Config Tool, to fully deploy
an AutoVu system, you’ll need to configure settings in multiple applications. For example, if
you’re deploying a mobile AutoVu system, you’ll need to configure settings in Security Center
Config Tool, Patroller Config Tool, and the Sharp Portal.
AutoVu deployment also includes a hardware installation process. For example, to install a
SharpX camera on a vehicle, you might be required to drill into the vehicle’s roof, remove the
vehicle’s headliner, and so on.
The purpose of the AutoVu Handbook is to provide you with a complete source of information
about how to install and configure an AutoVu system. It explains everything from installing the
hardware, to installing the Patroller application, to configuring the Sharp unit software.
You’ll still need to refer to the Security Center Administrator Guide from time to time, because
the AutoVu Handbook does not explain how to administer your Security Center system. For
example, for information on how to manage partitions, databases, users and user groups, and
so on, you’ll need to refer to the Security Center Administrator Guide.

[Link] | Security Center Administrator Guide 5.2 333

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Part VI

Config Tool reference

Learn about the entities, role types, tools, and utilities used in Config Tool.
This part includes the following chapters:
• Chapter 13, “Entity types” on page 335
• Chapter 14, “Role types” on page 514
• Chapter 15, “Administration tasks” on page 617
• Chapter 16, “Tools and utilities” on page 656
• Chapter 17, “User privileges” on page 700
• Chapter 18, “Reporting task reference” on page 717
• Chapter 19, “Events and actions in Security Center” on page 753
• Chapter 19, “Keyboard shortcuts in Config Tool” on page 773
 13
Entity types
This section lists all Security Center entity types in alphabetical order. Each entity type is covered
with a general description of its purpose and usage. The sub-sections describe each entity type’s
configuration tabs and the settings they contain.
This section includes the following topics:

• "Common configuration tabs" on page 336 • "Monitor group" on page 436

• "Access control unit" on page 341 • "Network" on page 438
• "Access rule" on page 353 • "Output behavior" on page 441
• "Alarm" on page 355 • "Overtime rule" on page 443
• "Analog monitor" on page 361 • "Parking facility" on page 448
• "Area" on page 364 • "Partition" on page 451
• "Badge template" on page 369 • "Patroller" on page 454
• "Camera (video encoder)" on page 372 • "Permit" on page 457
• "Camera sequence" on page 397 • "Permit restriction" on page 461
• "Cardholder" on page 399 • "Public task" on page 465
• "Cardholder group" on page 402 • "Role" on page 466
• "Cash register" on page 404 • "Schedule" on page 467
• "Credential" on page 405 • "Scheduled task" on page 473
• "Door" on page 408 • "Server" on page 475
• "Elevator" on page 414 • "Tile plugin" on page 484
• "Hotlist" on page 418 • "User" on page 486
• "Intrusion detection area" on page 425 • "User group" on page 493
• "Intrusion detection unit" on page 427 • "Video unit" on page 498
• "LPR unit" on page 430 • "Zone (hardware)" on page 506
• "Macro" on page 433 • "Zone (virtual)" on page 510

[Link] | Security Center Administrator Guide 5.2 335

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Common configuration tabs

Common configuration tabs

Some of the configuration tabs are commonly used by the majority of Security Center entities.
The following tabs are covered in this section:

Identity Name, description, logical ID, and relationships of the selected entity with
other entities in the system.
Cameras Cameras associated to the selected entity.

Custom fields Custom fields for the selected entity.

Location Time zone and geographical location for the selected entity.

Identity
The Identity tab provides descriptive information on the entity and lets you jump to the
configuration page of related entities. The sample screen shot below is that of a camera entity.

[Link] | Security Center Administrator Guide 5.2 336

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Common configuration tabs

Standard information
All entity types share the following standard attributes:
• Type. Entity type.
• Name. Entity’s given name. The entity name is editable, except in the following cases:
 Server entities. The entity name corresponds to the machine name and cannot be
changed.
 Federated entities. The entity name belongs to the original system and cannot be changed
on the federation.
• Description. Optional descriptive text.
• Logical ID. Logical IDs are unique numbers assigned to entities for ease of reference in the
system (mainly for CCTV keyboard operations).
NOTE A logical ID must be unique across all entities of the same group. Entity types that are
likely to be referenced within the same context are put in the same group. For example,
cameras and public tasks belong to the same functional group, therefore, a camera and a
public task may not have the same logical ID, but a camera and a camera sequence may.
TIP You can view and edit the logical IDs of all entities in the system from one place. For more
information, see System – General settings – "Logical ID" on page 631 in the Security Center
Administrator Guide.
• Relationships. List of relationships between this entity and other entities on the system.
You can use the command buttons found at the bottom of the relationship list to manage the
relationships of this entity with other entities in the system.
 Select a relationship group, and click to add a new relationship.
 Select a related entity, and click to remove the relationship.
 Select a related entity, and click to jump to its configuration page.

Specific information
Certain entity types may show additional information in this tab. For example, see Video unit –
"Identity" on page 499.

[Link] | Security Center Administrator Guide 5.2 337

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Common configuration tabs

Cameras
The Cameras tab allows you to associate cameras to the entity so that when it is viewed in
Security Desk, the cameras are displayed instead of the entity icon. The sample screen shot below
is that of a virtual zone entity.

From this tab you can perform the following actions:

• To add a camera, click .
• To remove the selected camera, click .

[Link] | Security Center Administrator Guide 5.2 338

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Common configuration tabs

Custom fields
The Custom fields tab lets you view and modify the custom fields defined for this entity. The
sample screen shot below is that of a cardholder entity.

In the above example, five custom fields have been defined for the cardholder entity, separated
in two groups:
• Employee information
 Hire date
 Department
 Office extension
• Personal information
 Gender
 Home number
 Cellphone number (flagged as mandatory)
For information on defining custom fields, see System– General settings – "Custom fields" on
page 625.

[Link] | Security Center Administrator Guide 5.2 339

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Common configuration tabs

Location
The Location tab provides information regarding the time zone and the geographical location of
the entity. The sample screen shot below is that of a video unit entity.

Time zone
The time zone is used to display the entity events in the entity’s local time zone. In Security
Center, all times are stored in UTC in the databases, but are displayed according to the local time
zone of the entities. The local time of the entity is displayed below the time zone selection.

Location
The geographical location (latitude, longitude) of the entity has several different uses:
• For video units, it is used for the automatic calculation of the time the sun rises and sets on
a given date. A typical application is for the system to record video only during daytime (for
cameras placed outside), or to adjust the brightness of the camera based on daytime and
nighttime. For more information, see "Schedule" on page 467.
• For fixed LPR units that are not equipped with a GPS receiver, the geographical location is
used to plot the LPR events (reads and hits) associated to the LPR unit on the map in
Security Desk. For more information, see Hits and Reads investigation tasks in the Genetec
Security Desk User Guide.
For more information, see "Using geographical locations" on page 40.

[Link] | Security Center Administrator Guide 5.2 340

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Access control unit

The access control unit entity represents an access control device, such as
Synergis Master Controller (SMC) or an HID VertX controller, that
communicates directly with the Access Manager over an IP network.
Access control units usually control other slave units (or interface
modules) such as the HID VertX V100 and V200, and the Mercury
MR50 and MR52, which are connected to door sensors and readers.
For SMC, the interface modules can come from various manufacturers.
For more information, see the documentation on Synergis Master
Controller that is available from the GTAP Documents page.
System: Synergis IP access control
Task: Access control – Roles and units

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties (SMC) Connection settings and other parameters that cannot be configured using
the SMC portal.
Properties (HID) Specific information about the HID unit and configuration of its subpanels.

Portal (SMC) Connection to the web configuration interface (Controller Portal) of the
SMC unit.
Network (HID) Connection parameters used by the Access Manager to communicate with
the HID unit.
Peripherals Configuration of the IO pins according to the features supported by the
hardware. Applies to both SMC and HID units.
Health Unit’s health status. Applies to both SMC and HID units.

Synchronization Synchronization mode and command button allowing you to synchronize

this unit with its Access Manager. Applies to both SMC and HID units.
Custom fields Custom field values for this unit.

Location Time zone and geographical location of this unit.

Related topics:
• "Access Manager" on page 515
• "Door" on page 408
• "Elevator" on page 414
• "Zone (hardware)" on page 506

[Link] | Security Center Administrator Guide 5.2 341

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Properties (SMC)
The SMC unit’s Properties tab allows you to update the connection parameters after the unit has
been discovered, such as the logon credentials.

Connection settings
The connection settings are correctly initialized at the time the SMC unit is enrolled in your
system. Do not change these settings unless you changed them on the SMC using Controller
Portal after the unit has been enrolled, or a Genetec representative instructs you to do so.
• Web address. Web address for contacting Controller Portal.
• Username/Password. Logon username and password.
• Using DHCP. Do not change this parameter unless asked by a Genetec Technical Support
representative. This parameter is reset every time the Access Manager reconnects to the
SMC unit.
• Ignore web proxy. Select this option to instruct the Access Manager to ignore the Proxy
Server settings on the server currently hosting the role. Clear this option to instruct the
Access Manager to follow the Proxy Server settings. (Default=cleared).
NOTE For an HID unit, the equivalent settings are found in the Network tab (see "Network
(HID)" on page 348).

[Link] | Security Center Administrator Guide 5.2 342

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Discovered properties
Current settings returned by the SMC units, such as discovery port, serial number, and firmware
version.

General settings
The following settings cannot be set through the SMC Portal. The settings here are pushed from
Security Center to SMC during unit synchronization.
• Use mixed mode. Clear this option to set the SMC to operate in online mode
(Default=mixed mode).
NOTE If the connection to Access Manager is lost while in online mode, SMC will revert back
to mixed mode.

[Link] | Security Center Administrator Guide 5.2 343

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Properties (HID)
The Properties tab for HID shows specific information about the HID unit and allows you to
configure its inputs, outputs, and subpanels (V100, V200, V300 if connected).

Unit information
This section shows the firmware version, model name, and serial number of the unit.

General settings
• Mixed mode. HID units always operate in mixed mode.
• Monitor AC Fail. The AC fail input is being used to monitor AC failures or some other
general purpose.
• Monitor battery fail. The Battery fail input is being used to monitor the backup battery or
some other general purpose.

Additional settings
In this section, you configure the unit’s inputs and outputs according to how they are used.
• Program version. The interface firmware revision number.
• EEPROM version. The interface EEPROM revision number.

[Link] | Security Center Administrator Guide 5.2 344

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

• Door behavior. This must be set to match the door’s configuration:

 Set Card-in / Card-out if the door has two readers; Wire the door lock to the Strike Relay
(Out 1) output and wire all door hardware to the Reader 1 side of the unit. The Strike
Relay (Out 3) is available for any other use (for example, for a zone).
 Set Card-in / REX-out if the door has one reader on one side, and a REX on the other
side. In this case, the unit can control two such doors:
 Wire the first door with Reader 1 side of the unit and use Strike Relay (Out 1) to
control the door lock.
 Wire the second door with Reader 2 side of the unit and use Strike Relay (Out 3) to
control the door lock.
With an Edge device unit, this option is unavailable (it is Card-in / REX-out).
NOTE This configuration must correspond to the hardware assignments you make for the
door configuration. For more information, see "Hardware" on page 412.
• Debounce. The amount of time an input can be in a changed state (for example, from active
to inactive) before the state change is reported. Electrical switches often cause temporarily
unstable signals when changing states, possibly confusing the logical circuitry. Debouncing
is used to filter out unstable signals by ignoring all state changes that are shorter than a
certain period of time (in milliseconds).

• Contact type / Supervision mode. Sets the normal state of the input contact and its
supervision mode. There are four preset configurations, and a custom one:
 Preset: Normally closed / Not supervised.
 Preset: Normally open / Not supervised.
 Preset: Normally closed / 4-state supervised.
 Preset: Normally open / 4-state supervised.
 Custom. Allows you to set your custom range of values for Active and Normal input
states.

[Link] | Security Center Administrator Guide 5.2 345

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

• Minimum time (Action). Applies when the relay is being used as part of a zone (either
hardware or virtual). It establishes the minimum number of seconds the relay stays close
when triggered by an event (for example Request to exit).

• Minimum time (Access grant). Applies when the relay is actually being used to control a
locking device. The normal configuration is to open the lock when access is granted and to
close the lock immediately after the door opens (Minimum time = 0). There are certain
situations where the normal configuration would cause the door to be locked too soon
(absence of a door sensor, or double doors). In those situations, a Minimum time must be set
on the strike relay to keep the door unlocked after the system detects that the door has been
opened (typically for the same duration as the Access grant time set on the door).

[Link] | Security Center Administrator Guide 5.2 346

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Portal (SMC)
The SMC unit’s Portal tab allows you to connect to the SMC’s web-based interface (Controller
Portal) for its configuration and maintenance.

Controller Portal allows you to perform the following tasks:

• Change the security password required to log on to the SMC unit.
• Configure the network settings on the SMC unit so it works on your system.
• Configure SMC to accept connections from specific Access Manager servers.
• Configure the properties of the interface modules attached to the SMC unit.
• Configure the access control behavior for SMC, in both online and offline modes.
• View the activity logs stored on the SMC unit.
• Test and diagnose the interface module connections to the SMC unit.
• View and export the SMC status and configuration.
• Upgrade the SMC firmware.
• Restart the SMC hardware or software.
• Update security clearance levels assigned to Security Center areas manually on the SMC
unit when the connection to the Access Manager is lost.
For more information on what you can do through the Controller Portal, see the Synergis
Master Controller Configuration Guide.

[Link] | Security Center Administrator Guide 5.2 347

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Network (HID)
The HID unit’s Network tab allows you to configure the connection parameters for the Access
Manager to communicate with the unit. These settings are correctly initialized at the time the
HID unit is added to your system. Do not change these settings unless you changed them on the
unit using the HID Discovery GUI after the unit has been enrolled, or a Genetec representative
instructs you to do so.

Connection parameters
• Username/password. Username and password used to log on to the HID unit.
• Use translated host address. Must be selected when there is a NAT router between the unit
and it’s Access Manager. The NAT router’s IP address that is visible from the unit would be
set here.
• Obtain network settings dynamically (DHCP). Select this option if the HID unit will be
assigned it’s IP configuration by a DHCP server.
• Use these static settings. Select this option and configure the IP address, Gateway and
Subnet mask manually if the access control unit will use a fixed IP address (recommended).
NOTE The equivalent settings for an SMC unit are configured through the SMC portal (see
"Portal (SMC)" on page 347).

[Link] | Security Center Administrator Guide 5.2 348

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Peripherals
The Peripherals tab allows you to give meaningful names to IO devices controlled by the unit so
they are easier to identify. Additionally, you can assign a logical ID for each IO device.

Rename a device
To edit a unit’s logical name, select a device’s logical name (eg. V200 [02] Relay 1) and type over
its existing name to something more meaningful (eg. V200 [02] - Door Bell).
The (abc) button and (id) button at the bottom of the page can also be used to apply a logical
name or logical ID number to one of the device peripherals.

[Link] | Security Center Administrator Guide 5.2 349

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Health
The Health tab displays the memory usage on the unit.

Usage
You can monitor a unit’s health and status:
• Number of credentials. Indicates the number of credentials stored on the unit versus the
total number of credentials the unit can store, based on the available memory and the
average number of bytes per credential.
• Main memory. Available memory on the unit. This information is only available to HID
VertX units. For SMC units, a different set of information is available through the System
status page in Controller Portal (see “Viewing and exporting system information” in the
Synergis Master Controller Configuration Guide).
• Secondary memory. Available secondary memory on the unit. This information is only
available to HID VertX units.

[Link] | Security Center Administrator Guide 5.2 350

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

Synchronization
The Synchronization tab allows you to configure the type of synchronization you want between
the unit and its Access Manager.

A unit must be synchronized with the Access Manager database to allow it to work in offline or
mixed mode. For synchronization, the Access Manager knows a unit’s capacity, and fills it with
as much information as possible so that the unit is optimized to run when it is offline, or in
mixed mode.

Synchronization management handles credential and IO linking rules. This can be set according
to your needs. See "About unit synchronization modes" on page 352.
This tab shows you the following information about this process:
• Last update. Indicates the day and time of the last successful synchronization with the unit.
• Expiration date. Indicates the day and time when the unit will no longer be capable of fully
functioning in offline or mixed mode. This is due to the limited scheduling capability of the
access control unit. You will need to synchronize before the expiration date to ensure that
the unit will work in offline or mixed mode.
The scheduling limit varies depending on the unit type:
 HID VertX units expire after one year. Past the expiration date, the unit stops working.
 SMC units never expire because they fully support the scheduling schemes used in
Security Center.

[Link] | Security Center Administrator Guide 5.2 351

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit

IMPORTANT Any synchronization errors are displayed in yellow. Pay attention to these errors to
avoid any disruption in the operation. For example, HID VertX units are limited to 65,000
credentials. Exceeding this limit causes the synchronization to fail and the unit to be reset.

About unit synchronization modes

Security Center supports the following unit synchronization modes for credentials:
• Automatically. This is the recommended setting.
Any configuration change is sent to the access control unit 15 seconds after the change is
saved by the Config Tool, Web Client or Security Desk. Only configurations that affect that
particular unit are sent.
• On schedule. The unit is synchronized according to a schedule.
For continued offline or mixed mode operation, make sure the scheduled synchronization
time never falls after the date and time shown for Expiration date. If in doubt, set the
synchronization mode to Automatically.
• Manual only. The unit is only synchronized when you click the Synchronize now button.
Make sure you synchronize the unit before the date and time shown for Expiration date.

[Link] | Security Center Administrator Guide 5.2 352

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access rule

Access rule
The access rule entity defines the access control logic which grants or
denies passage to a cardholder through an access point, based on a
schedule.

System: Synergis IP access control

Task: Access control – Access rules

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Type of rule and to who and when this rule applies.

Custom fields Custom field values for this rule.

Related topics:
• Area – "Access rules" on page 368
• "Access Manager" on page 515

[Link] | Security Center Administrator Guide 5.2 353

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access rule

Properties
The Properties page of an access rule links the 3 W’s: The “Who”, “When” and “What”. For
example, “All Employees”, “Office Hours”, and “Access Granted”.

• Schedule. Choose when this access rule is active.

• When the schedule is active . Select whether to grant or deny access from cardholders.
• Cardholders affected by this rule. Select the cardholders affected by this rule.
NOTE An access rule is not operational until it is associated to a door, elevator, or area.

Related topics:
• For information about creating access rules for areas, see "Access rules" on page 368.
• For information about creating access rules for doors, see "Access rules" on page 413.

[Link] | Security Center Administrator Guide 5.2 354

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Alarm

Alarm
The alarm entity describes a particular trouble situation that requires
immediate attention, and how it should be handled in Security Center.
Namely, its priority, what entities (usually cameras and doors) best
describe it, who should be notified, how it should be displayed to the
user, and so on.
System: General
Task: Alarms – Alarms

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Essential alarm priorities: priority, recipients, broadcast mode, and attached
entities.
Advanced Optional alarm properties: reactivation threshold, alarm procedure, schedule,
automatic acknowledgement, and video display and recording options.
Custom fields Custom field values for this alarm.

Related topics:
• "Managing alarms" on page 111
• "Testing alarms" on page 112

[Link] | Security Center Administrator Guide 5.2 355

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Alarm

Properties
The Properties tab allows you to define the essential alarm properties.

Priority
In Security Desk, alarms are displayed in the Alarm monitoring task by order of priority (this is
evaluated every time a new alarm is received). The highest priority alarm is displayed in tile #1,
followed by the second highest in tile #2, and so on. When two alarms have the same priority
value, priority is given to the newest one.
When a new alarm is received in Security Desk with a priority level identical or higher than the
current alarms displayed, it pushes the other alarms down the tile list.
When an alarm is acknowledged in Security Desk, it frees a tile for lower priority alarms to move
up.

[Link] | Security Center Administrator Guide 5.2 356

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Alarm

Recipients
An alarm recipient is either a user, user group, or analog monitor group. They receive the alarms
in Security Desk.
IMPORTANT Make sure all the alarm recipients have the privilege to acknowledge alarms.

Broadcast mode
There are two ways alarm recipients can be notified:
• All at once. (Default) All recipients are notified at the same time, immediately after the
alarm is triggered.
• Sequential. The recipients are notified individually, each after a specified delay (in seconds)
calculated from the time the alarm is triggered. If the recipient is a user group, all members
of the user group are notified at the same time.

Attached entities
The attached entities are what visually describe the alarm situation.
The alarm entity has the characteristics of a composite entity. When displayed in Security Desk,
you can cycle through all displayable entities (cameras, tile plugins, and so on) within the display
tile, or unpack the alarm to display them all at once. For more information, see “Unpack/pack
tile content” in the Security Desk User Guide.
When a composite entity is attached to an alarm, the entities that compose it are also attached
to the alarm. For example, if a door entity is attached to the alarm, the cameras associated to the
door are also attached to the alarm.

Entity cycling
Entity cycling is a Security Desk feature that automatically rotates the display of a composite
entity through its components within a display tile, displaying each entity for an equal amount
of time. For more information, see “Entity cycling” in the Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 357

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Alarm

When entity cycling is turned on in Security Desk, the order of the attached entities in the list is
the order they will be displayed in Security Desk.
NOTE When the alarm is triggered by an event, the entity that caused the event is also attached
to the alarm. That entity will be displayed first when the alarm is displayed.

Advanced
The Advanced settings tab allows you to configure the optional alarm properties.

Reactivation threshold
The minimum time Security Center needs to wait after triggering this alarm once, before it can
trigger it again. This option serves to prevent the system from repeatedly triggering the same
alarm while it is awaiting to be resolved.

[Link] | Security Center Administrator Guide 5.2 358

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Alarm

Alarm procedure (URL)

Use this option to set the URL or the Web page address corresponding to the alarm procedure.
This feature is used to provide alarm handling instructions to the operators. The Web page is
displayed when the user clicks Show alarm procedure ( ) in the alarm widget in Security Desk.

NOTE The alarm procedure is also displayed as part of the entities attached to the alarm in
Security Desk when entity cycling is turned on.

Schedule
The schedule defines when this alarm is in operation. This means that outside the periods
defined by this schedule, triggering this alarm would have no effect.

Automatic acknowledgment
Turn this option on (default=off) to let the system automatically acknowledge this alarm if no
one acknowledges it before the specified time (in seconds). This option is recommended for low-
priority alarms that serve to alert the security operator, but do not require any action.

Create an incident on acknowledgement

Turn this option on (default=off) to prompt the Security Desk user to report an incident every
time they acknowledge an alarm.
NOTE Turning this option on turns the automatic acknowledgement off.

Video display option

If cameras are attached to an alarm, you can choose to display live video (default) or playback
video when the alarm is triggered. If you choose to display playback video, you must specify the
playback pre-trigger time, which is the number of seconds to go back in time before starting the
playback, from the time the alarm is triggered.

NOTE Make sure that the recording buffer is equal to, or longer than the pre-trigger time you
need for your alarm display. For more information, see "Time to record before an event" on
page 527.

[Link] | Security Center Administrator Guide 5.2 359

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Alarm

Automatic video recording

When cameras are attached to the alarm, the Archiver automatically records the video for a
minimum duration specified in seconds. The recording buffer configured for each camera
ensures that whatever happened a few seconds before the alarm was triggered will also be
recorded (see "Time to record before an event" on page 527).

The recording buffer plus the alarm recording duration is called the guaranteed recording span.
This behavior ensures that video recordings will be available for future alarm investigations
whenever cameras are attached to this alarm.
Turn this option off (default=on) if recording video for the alarm is not necessary.
NOTE If the alarm is triggered from a camera event (for example Object removed), the camera
that caused the event is automatically attached to the alarm, and therefore, will also be recorded
if this option is turned on.
IMPORTANT All recordings are ultimately subject to the archiving schedules in place. If
recording is disabled at the time the alarm is triggered, no video is recorded. For more
information, see "Recording modes" on page 526.

Protect recorded video

Turn this option on (default=off) to protect the video recordings associated to this alarm (see
"Automatic video recording" on page 360) for the specified number of days. For more
information on video protection, see "Protecting video archive against routine cleanup" on
page 230.

Related topics:
• "Testing alarms" on page 112

[Link] | Security Center Administrator Guide 5.2 360

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Analog monitor

Analog monitor
The analog monitor entity represents a physical monitor that displays
video from an analog source, such as a video decoder or an analog
camera. A video decoder is a device that converts a digital video stream
into analog signals (NTSC or PAL) for display on an analog monitor.

The video decoder is one of the many devices found on a video decoding
unit. A video decoding unit can have multiple video decoders, each
connected to an analog monitor. Each video decoder found on a video
decoding unit is represented by an analog monitor entity in Security Center.
System: Omnicast IP video surveillance
Task: Video - Analog monitor

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties General behavior of the analog monitor.

Related topics:
• "Monitor group" on page 436
• "Video unit" on page 498

[Link] | Security Center Administrator Guide 5.2 361

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Analog monitor

Properties
The Properties tab lets you configure the video stream usage (or function) and specific network
settings for the analog monitor.

Video
The video section contains various settings that affect the quality the video.
• Stream usage. Select the video stream to use for cameras displayed in the analog monitor.
This option is only available for decoders capable of generating multiple video streams. The
stream usage options are the following:
 Live. Default stream used for viewing live video in Security Desk.
 Recording. Stream recorded by the Archiver for future investigation.
 Remote. Stream used for viewing video when the bandwidth is limited.
 Low resolution. Stream used instead of the Live stream when the tile used to view the
stream in Security Desk is small. See "Automatic stream selection" on page 212.
 High resolution. Stream used instead of the Live stream when the tile used to view the
stream in Security Desk is large. See "Automatic stream selection" on page 212.
• Analog format. Select NTSC (National Television System Committee) or PAL (Phase
Alternating Line) analog format for the video signal. PAL format generally streams video at
a lower frame rate, but at a higher resolution.

[Link] | Security Center Administrator Guide 5.2 362

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Analog monitor

• Display camera name. Turn this option ON if you want the camera name to be shown
when it is displayed in the analog monitor in a tile.

Network settings
The Network settings section allows you to configure the desired connection type used by the
video decoder.
• UDP port. Port number used when the connection type is unicast UDP. If the encoder
supports multiple video streams, this parameter is different for each stream.
• Connection type. Defines how communication is established between the Archiver and the
unit for sending or receiving video streams. Each device on the same unit could support
different connection types.
 Best available. Lets the Archiver select the best available connection type for the stream.
The best available types rank in this order, according to availability: Multicast, UDP, and
TCP. When the stream is requested for recording only, multicast is removed from the list,
so the best available types start with UDP.
 Multicast. Communication between a single sender and multiple receivers on a network.
This is the preferred connection type. In this mode, multiple users in multiple locations
can receive the same video transmission simultaneously from a same source, using the
bandwidth only once. Most video units are capable of multicast transmissions.
 UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be formatted
using the RTP protocol.
 TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in the
broad sense. For some types of cameras, the Archiver establishes a TCP connection to
the unit and receives the stream in a proprietary protocol. For others, the stream is sent
over HTTP. Typically, the stream is not formatted according to the RTP protocol by the
unit. The Archiver has to convert the stream to the RTP protocol to be archived or
retransmitted to the system.

Hardware
The Hardware section allows you to associate other hardware devices (PTZ motor, Speaker,
Microphone, and so on) to this analog monitor. When the decoder is added to the system, all
hardware devices belonging to the same unit are configured by default. You can manually
associate the analog monitor to other devices, according to how they are physically connected.

[Link] | Security Center Administrator Guide 5.2 363

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Area

Area
The area entity, in its most generic use, represents a concept or a physical
location (room, floor, building, site, and so on) used for the logical
grouping of entities in the system.

When Synergis is enabled in your license, an area entity can also be used
to configure a secured area with access rules and access control behavior.

System: General, Synergis (if secured areas are to be created)

Task: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Antipassback and interlock properties for this area (Synergis only).

Members Child entities of this area.

Access rules Access rules applied to this area (Synergis only).

Custom fields Custom field values for this area.

Related topics:
• "Managing threat levels" on page 117
• "Managing the Logical view" on page 85
• "Configuring secured areas" on page 281
• "Configuring access rules" on page 284

[Link] | Security Center Administrator Guide 5.2 364

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Area

Properties
The Properties tab allows you define the optional area properties. Some these properties might
not be visible depending on your license option settings.

Antipassback properties
Antipassback is the access restriction placed on a secured area that prevents the same cardholder
from entering an area they have not yet exited, and vice-versa.
• Status. Set the antipassback feature to ON or OFF.
• Type.

[Link] | Security Center Administrator Guide 5.2 365

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Area

 Soft. Soft antipassback only logs the passback events in the database. It does not restrict
the door from being unlocked due to a passback event.
 Hard. Hard antipassback logs an entry in the database and prevents the door from being
unlocked due to a passback event.
• Timeout. Set how many minutes until the passback event is automatically “forgiven”.
• Strict. When turned ON, antipassback logic is applied in both directions on the area.
Cardholders that never left an area cannot enter, and cardholders that never entered cannot
leave. Otherwise, the default is OFF and antipassback logic is only applied in one direction.
Cardholders who never left an area cannot enter.
When a hard antipassback event is triggered, it must be “forgiven” for the cardholder to unlock
the door. It might be forgiven automatically due to a timeout value having been configured.
Otherwise, the passback event can be forgiven by an authorized user with the Security Desk
Monitoring task.
For more information, see “Monitoring access events – About antipassback” in the Security
Desk User Guide.
CAUTION HID units support antipassback or interlock, but not both simultaneously.

Interlock properties
Security Center supports the interlocking of the perimeter doors for an area by allowing only one
perimeter door to be open at one time.
It is important that the door sensors detect when a door can be opened.
• Status. Set the interlock properties feature to ON or OFF. When it’s status is set to ON, only
one member door of the area can be open at any given time. To open a door, all others must
be closed.
• Priority. An interlock override or lockdown button can be associated to this interlock.
• Override / Lockdown. Select an input to be used as a trigger for override or lockdown
mode.
CAUTION HID units support antipassback or interlock but not both simultaneously.

Threat levels
This section is only visible to administrative users, and if the Threat level license option is
enabled. You can configure specific actions to be executed by the system when a threat level is
activated or deactivated for this area. For more information, see "Managing threat levels" on
page 117.

[Link] | Security Center Administrator Guide 5.2 366

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Area

Members
The Members tab shows the child entities of the area, grouped by entity type.

Areas are used as entity groupings in the Logical view. The area represented in the above sample
screen shot would appear as the following in an entity tree.

For more information about adding members to an area, see "Add members to an area" on
page 282.

[Link] | Security Center Administrator Guide 5.2 367

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Area

Access rules
The Access rules tab is only necessary if you are configuring a secured area. This tab is only visible
when Synergis is enabled in your license.

You assign one or more existing access rules that allow authorized cardholders to gain access to
the area. For more information, see "Configuring access rules" on page 284.

[Link] | Security Center Administrator Guide 5.2 368

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Badge template

Badge template
The badge template entity is used to configure a printing template for
badges.

System: Synergis IP access control

Task: Access control – Badge templates

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Badge designer Tools allowing you to design new badge templates.

Related topics:
• "Cardholder" on page 399
• "Credential" on page 405
• "Defining badge templates" on page 292

[Link] | Security Center Administrator Guide 5.2 369

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Badge template

Badge designer
The Badge designer is a tool that allows you to design and modify badge templates.

In the Badge designer, there are different tools you can use to edit a template:
• In the Tools section, there are six graphical tools you can use to edit the template:
 Select tool. Use to click and select an object on the template.
 Rectangle tool. Use to draw a square/rectangle on the template.
 Ellipsis tool. Use to draw circles/ovals on the template.
 Text tool. Use to insert text on to the template.
 Image tool. Use to insert a picture on to the template.
 Barcode tool. Use to insert barcodes on to the template.
Select a tool, and click on the template to use it.
• In the Image section, you can choose whether the image displayed on the badge uses a
cardholder picture or an image from a file, and whether the image should be stretched or
not.
• In the Text section, you can add cardholder fields, as well as edit the text, the text color, and
the text alignment.
• In the Color and border section, the following options are available:

[Link] | Security Center Administrator Guide 5.2 370

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Badge template

 Fill. Use to modify the fill color of an inserted object like a square or oval.
 Border. Use to modify the border color of an inserted object.
 Opacity. Use to modify the opacity of an inserted object.
 Border thickness. Use to modify the thickness of the inserted object’s border
• In the Size and position section, you can choose where the text or image is located on the
badge, and its width and height.
• Properties ( ). Opens the Format dialog box, where you can select from the following
card sizes and orientation:
 CR70
 CR80
 CR90
 CR100
 Custom card size
 Orientation. You can choose Landscape or Portrait orientation.
• Import ( ). Import a badge design that was previously exported from Config Tool as a
badge template (BDG formats only).
• Export ( ). Save the current badge design to a BDG file so it can be imported to another
system.
• Cut ( ). Delete the selected item on the badge template.
• Copy ( ). Copy the selected item on the badge template.
• Paste ( ) . Paste the copied item onto the badge template.
• Send to back ( ). Send the selected item to the background of the badge template.
This is option is helpful if you want to have a background image on the badge.
• Bring to front ( ). Bring the selected item to the foreground of the badge template.

For more information about creating badge templates, see "Defining badge templates" on
page 292.

[Link] | Security Center Administrator Guide 5.2 371

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Camera (video encoder)

The camera entity represents a single video source on your system. The
video source can be an IP camera or an analog camera connected to a
video encoder.
A video encoder is the device that converts an analog video source to a
digital format using a standard compression algorithm (H.264, MPEG-
4, or M-JPEG). The video encoder is one of the many devices found on
a video unit.
Each video encoder can generate one or multiple video streams using different compression
schemes and formats for different usages. In the case of an IP camera, the camera and the video
encoder form an inseparable unit. Because of the intimate relationship between the camera and
the video encoder, the two terms are often used interchangeably.
System: Omnicast IP video surveillance
Views: Video – Units (under Archiver)

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Video Video stream configuration (usage and quality) based on schedules. Not
available for federated cameras.
Recording Video recording settings. Can be inherited from the archiving roles or
customized for each camera. Not available for federated cameras.
Motion Motion detection configuration based on schedules. Can be performed on the
detection video unit (certain models only) or on the Archiver. Not available for
federated cameras.
Color Video attribute (brightness, contrast, hue, and saturation) adjustments based
on schedules. Not available for federated cameras.
Visual tracking Visual tracking is a feature in Security Desk that allows you to follow an
individual or moving object across different cameras all within the same
display tile. This tab is only available for fixed cameras.
Hardware Hardware configuration such as PTZ protocol, links to audio devices, and unit
specific video settings. Not available for federated cameras.
Custom fields Custom field values for this camera.

Related topics:
• "Configuring cameras" on page 210
• "Camera sequence" on page 397
• "Video unit" on page 498

[Link] | Security Center Administrator Guide 5.2 372

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

• "Archiver" on page 525

• "Media Router" on page 591

Video
The Video tab allows you to define multiple video quality (resolution, frame rate, and so on)
configurations for each video stream generated by your video encoder. For each stream, you can
also specify its usage (or function) and specific network settings.

This section includes the following topics:

• "Video quality" on page 374
• "Stream usage" on page 377
• "Network settings" on page 378
• "Boost quality on manual recording" on page 380
• "Boost quality on event recording" on page 380

[Link] | Security Center Administrator Guide 5.2 373

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Video quality
Video quality refers to the various settings (image resolution, bit rate, frame rate, and so on) that
affect the quality the video. Multiple video quality configurations can be defined for the same
stream on different schedules.
The list below describes all possible settings pertaining to video quality. These settings vary from
one manufacturer to another. No single manufacturer supports them all.
NOTE For any setting not covered in this section, refer to the manufacturer’s documentation.

• Resolution. Data format and image resolution. The available choices depend on the type of
video unit you have.
NOTE On certain models of video units that support a large number of video feeds (4 to 12),
some high resolution formats might be disabled when you enable all the video streams,
because the unit cannot handle all the streams at high resolutions.
• Quality. Video quality depends on a combination of settings. Config Tool proposes a list of
predefined configurations for you to choose from. To adjust each of them individually,
select Custom from the Quality drop-down list.
• Bit rate. Sets the maximum bandwidth (kbps) allowed for this encoder. See also "Advanced
bit rate settings" on page 376.
• Frame rate. This slider sets the number of frames per second (fps). A high frame rate (10
fps or more) produces fluid video and is essential for accurate motion detection. However,
increasing the frame rate also sends more information over the network, and therefore,
requires more bandwidth.
• Image quality. This slider affects the image quality (the higher the value, the better the
quality). Higher image quality requires more bandwidth, which might compromise the
frame rate.
When bandwidth is limited, you should consider the following:
 To retain very good image quality, restrict the number of images per second (lower frame
rate).
 To transmit more images per second at a high frame rate, lower the image quality.
The encoder will always try to maintain each quality setting. However, if bandwidth is
limited, the encoder might reduce the frame rate in favor of the image quality.
• Automatic settings. Certain models of encoders (such as Bosch) let you select this option
instead of setting your own value for image quality. To set the image quality manually, you
have to select Custom in the Quality drop-down list.
• Key frame interval. A key frame is a frame that contains a complete image by itself as
opposed to a usual frame that only holds information that changed compared to the
previous frame. You would need a higher key frame rate to recover more rapidly from
cumulative errors in the video when the network is less reliable. Frequent key frames
require a higher bandwidth. You can specify the key frame interval in seconds (1 to 20) or
by frames (based on the frame rate).

[Link] | Security Center Administrator Guide 5.2 374

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

• Recording frame rate. The purpose of this setting is to save storage space by recording the
video at a frame rate lower than the one used for viewing. This setting only reduces the
storage usage, not the bandwidth usage. Setting the Recording frame rate to anything other
than All frames locks the Key frame interval.
• Profile and level. Used only for MPEG-4 streams, the profile determines the tools available
when generating the stream (for example, interlace, or B frames), and the level limits the
resource usage (for example, max bit rate).
• Video object type. The Video Object Type (VOT) to use for the MPEG-4 streams. The
available choices are governed by the choice of Profile and Level.
• GOP structure. Stands for Group Of Picture structure. It is possible to configure up to four
types of GOP structures:
 I. Stands for Intra frame structure. Meaning only Intra (key frame) frames are sent. This
is primarily for using an external multiplexer.
 IP. Stands for Intra and Predicted frame structure. This setting results in the lowest
possible video delay.
 IPB. Stands for Intra and Predicted and Bidirectional frame structure. This setting enables
the user to have a higher quality and a higher delay.
 IPBB. Stands for Intra and Predicted and Bidirectional and Bidirectional frame structure.
This setting enables the highest quality and a highest delay.
• GOP length. Stands for Group Of Picture length. With this value, it is possible to change the
distance (number of frames) between the intra-frames in the MPEG-2 video stream.
• Streaming type. Select between VES (video elementary stream), which sends only video
information, or PRG (program stream), which sends both video and audio information.
• Input filter mode. This drop-down list lets you select a noise filter to apply to the video
signal before it is encoded. It has four settings: None, Low, Medium, and High.
NOTE Removing noise from the video signal also reduces the sharpness of the image. If the
video signal is relatively clean, do not apply any filter (None). The higher the filter level, the
more blurry the video image becomes. Keeping a sharp image creates more pixels to encode,
which uses more bandwidth. This is why on some video units the default is set to Medium.
• Bit rate control. This option lets the encoder automatically lower the bit rate when one of
the decoders is reporting transmission errors (dropped packets). This usually happens
when there is a lot of motion on the camera. The encoder drops the bit rate as low as
necessary to let all decoders receive an error free transmission. When the motion subsides,
the encoder gradually increases the bit rate until it reaches the configured maximum limit.
The trade-off between low bit rate and transmission errors is that with a low bit rate, the
image stays crisp but the video might appear jerky, while with transmission errors, the
image contains noises, but the video stays fluid.
• Compression mode. Select between SM4, Verint's proprietary version of MPEG-4
compression, or ISO, the standard MPEG-4 compression.

[Link] | Security Center Administrator Guide 5.2 375

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Advanced bit rate settings

Certain types of video units (such as Axis) allow you to set the maximum bit rate at the unit level
(see Video unit – "Properties" on page 500). In this case, there is an additional drop-down list
(bit rate mode) for your bit rate setting.

You have two values to choose from for the bit rate mode:
• Variable. Variable bit rate (VBR) adjusts the bit rate according to the complexity of the
images in the video. This uses a lot of bandwidth when there is a lot of activity in the image
and less bandwidth when the monitored area is quiet.
• Constant. Constant bit rate (CBR) allows you to set a fixed target bit rate that will consume
a predictable amount of bandwidth, which will not change, whatever happens in the image.
This requires you to set another parameter, the Bit rate priority.

Bit rate priority

If you choose to maintain a constant bit rate, the encoder might not be able to keep both the
frame rate and the image quality at their set values when the activity in the image increases.

The Bit rate priority lets you configure which aspect of video quality you wish to favor when you
are forced to make a compromise.
• Frame rate. Maintains the frame rate at the expense of the image quality.
• Image quality. Maintains the image quality at the expense of the frame rate.
• None. Lowers both the frame rate and the image quality to maintain the bit rate.

[Link] | Security Center Administrator Guide 5.2 376

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Stream usage
The Stream usage options are only available for encoders capable of generating multiple video
streams. It allows you to specify the usage (or function) of each stream.

The stream usage options are the following:

• Live. Default stream used for viewing live video in Security Desk.
• Recording. Stream recorded by the Archiver for future investigation.
• Remote. Stream used for viewing video when the bandwidth is limited.
• Low resolution. Stream used instead of the Live stream when the tile used to view the
stream in Security Desk is small. See "Automatic stream selection" on page 212.
• High resolution. Stream used instead of the Live stream when the tile used to view the
stream in Security Desk is large. See "Automatic stream selection" on page 212.
NOTE Every stream usage must be covered by a stream, but not every stream needs to be
assigned a usage. The streams that have no usage assigned are simply not generated, which
conserves CPU on the unit.

[Link] | Security Center Administrator Guide 5.2 377

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Network settings
The Network settings options allow you to configure the desired connection type used by the
video encoder.

The network settings are the following:

• UDP port. Port number used when the connection type is unicast UDP. If the encoder
supports multiple video streams, this parameter is different for each stream.
• Connection type. Defines how communication is established between the Archiver and the
unit for sending or receiving video streams. Each device on the same unit could support
different connection types.
 Best available. Lets the Archiver select the best available connection type for the stream.
The best available types rank in this order, according to availability: Multicast, UDP, TCP,
RTSP over HTTP, and RTSP over TCP. When the stream is requested for recording only,
multicast is removed from the list, so the best available types start with UDP.
 Unicast UDP. Forces the stream to be sent in UDP to the Archiver. The stream must be
formatted using the RTP protocol.
 Unicast TCP. Forces the stream to be sent in TCP to the Archiver. Here, TCP is taken in
the broad sense. For some types of cameras, the Archiver establishes a TCP connection
to the unit and receives the stream in a proprietary protocol. For others, the stream is

[Link] | Security Center Administrator Guide 5.2 378

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

sent over HTTP. Typically, the stream is not formatted according to the RTP protocol by
the unit. The Archiver has to convert the stream to the RTP protocol to be archived or
retransmitted to the system.
 RTSP stream over HTTP. This is a special case of TCP connection. The Archiver uses the
RTSP protocol to request the stream through an HTTP tunnel. The stream is sent back
through this tunnel using the RTP protocol. This connection type is used to minimize
the number of ports needed to communicate with a unit. It is usually the best way to
request the stream when the unit is behind a NAT or firewall, because requests sent to
HTTP ports are easily redirected through them.
 RTSP stream over TCP. This is another special case of TCP connection. The Archiver
uses the RTSP protocol to request the stream in TCP. The request is sent to the RTSP
port of the unit.
 Same as unit. Special case for Panasonic units. The connection type is the same for all
streams of the unit. When present, it is the only connection type supported. The real
connection type must be set in the specific configuration page of the unit.
• Multicast address. The multicast address and port number are assigned automatically by
the system when the video unit is discovered. Each video encoder is assigned a different
multicast address with a fixed port number. If the encoder is capable of generating multiple
video streams, then a multicast address should be assigned to each stream. This is the most
efficient configuration.
Normally, you do not need to be concerned with the multicast addresses. However, if you
are short of multicast addresses (certain switches are limited to 128), you can use the same
multicast address on multiple encoders, and assign a different port number to each. This
solution is less efficient than using a different address for each encoder, because it will cause
more traffic than is necessary on the network.
NOTE All multicast addresses must be between the range [Link] and [Link]. For
these changes to take effect, you must restart the unit. To do so, select the unit in the Roles
view task, and click the Reboot ( ) button in the Contextual commands toolbar.

[Link] | Security Center Administrator Guide 5.2 379

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Boost quality on manual recording

The Boost quality on manual recording option is only available for the recording stream. It allows
you to configure a sudden boost of quality when the recording is started manually by a user.

The actions that trigger manual recording are as follows:

• The Record button ( ) is clicked by a Security Desk user.
• The Add a bookmark button ( ) is clicked by a Security Desk user.
See also "Common boost quality settings" on page 380.

Boost quality on event recording

The Boost quality on event recording option is only available for the recording stream. It allows
you to configure a sudden boost of quality when the recording is triggered by a system event.
The events that qualify as event recording are as follows:
• The Start recording action was executed.
• The recording was triggered by an alarm.
• The recording was triggered by motion.
See also "Common boost quality settings" on page 380.

Common boost quality settings

This section describes the common behavior of the two Boost quality options.

[Link] | Security Center Administrator Guide 5.2 380

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

The boosted quality settings you can configure are the same as the ones described in the section
"Video quality" on page 374.
When both sets of events are triggered, the event recording settings have priority over the manual
recording settings. The duration of the quality boost depends on the type of event and the
duration configured in the Recording tab of the camera. For more information, see Camera –
"Recording" on page 382.
The ON/OFF switch tells the system whether the video quality should be boosted every time the
triggering events occur (ON), or only on demand (OFF).
When boost on demand is selected (switch=OFF):
• You can demand the boost quality settings to be applied explicitly by executing one of the
following actions:
 Override with manual recording quality.
 Override with event recording quality.
• Once the boost quality settings are applied through an action, they have precedence over
any other settings currently in effect. To return to the normal settings, you must execute the
following action:
 Recording quality as standard configuration.
For more information about executing actions, see "Using event-to-actions" on page 106.

[Link] | Security Center Administrator Guide 5.2 381

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Recording
The Recording tab allows you to customize the recording settings on each individual camera
instead of following the archiving role settings.

If the camera is associated to additional Auxiliary Archiver roles, roles, you’ll find one group of
settings for each archiving role the camera is associated to.
For each recording configuration, the camera can follow the settings inherited from the role or
use its own custom settings.
For more information on the rest of the recording settings related to:
• An Archiver, see "Camera recording" on page 526.
• An Auxiliary Archiver, see "Camera recording" on page 548.

[Link] | Security Center Administrator Guide 5.2 382

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Motion detection
The Motion detection tab allows you to define multiple motion detection configurations for your
camera. Each configuration is based on a different schedule.

What is a motion detection configuration?

A motion detection configuration is a group of settings that specify how motion is detected on
a camera, and when these settings are applied (based on a schedule). Every camera has a default
motion detection configuration based on the Always schedule. The default motion detection
configuration can be modified but not deleted.
The motion detection settings are as follows:
• Motion detection. Turns motion detection ON or OFF for the time periods covered by the
schedule.

[Link] | Security Center Administrator Guide 5.2 383

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

• Detection is done on. Specifies whether motion detection is performed on the Archiver
(always available), or on the video unit (not all units support this feature). See also
"Limitations with motion detection on unit" on page 389.
• Sensitivity. Controls how much difference must be detected in a block between two
consecutive frames before it is highlighted as a motion block (see "Motion block" on
page 384). With the sensibility set to the maximum (100%), the slightest variation in an
image block is detected as motion. Lowering the sensitivity reduces the number of motion
blocks detected in the video. Only set the sensitivity lower than 100% if your equipment is
prone to generate noise.
TIP A plain image, such as viewing an empty wall, is more prone to generate noise than an
image containing a lot of detail.
You can also set the sensitivity value automatically (see "Automatically set motion detection
sensitivity" on page 385).
See also "Advanced H.264 motion detection" on page 386.
• Consecutive frame hits. A frame where the number of motion blocks reaches the Motion on
threshold is called a hit. Setting this parameter higher than 1 helps avoid false motion
detection hits, such as from video noise in a single frame. This setting ensures that positive
motion detection is only reported when a hit is observed over a certain number of
consecutive frames. When enough consecutive hits have been observed, the first hit in the
series is marked as the beginning of motion.
• Motion zones. Defines where on the video image motion should be detected. Up to six
different motion zones can be defined per configuration.
For the purpose of motion detection, the video image is divided into a large number of
blocks (1,320 for NTSC encoding standard and 1,584 for PAL). Each of these blocks can be
individually turned on/off for motion detection. A block where motion detection is turned
on is represented by a semi-transparent blue square overlay on the video image. See
"Drawing tools for motion zones" on page 387.

Motion block
A block is called a motion block when motion is detected in it. There is positive motion in a video
image when the area covered by the block detects motion in two consecutive video frames. The
number of motion blocks detected represents the amount of motion. A motion block is
represented by a semi-transparent green square overlay on the video image.

What constitutes a positive motion detection?

Simply seeing motion blocks on the video does not necessarily mean that the system will
generate a motion related event. It could simply be noise. To determine when motion actually
started (Motion on event) and when it stopped (Motion off event), two more parameters must be
configured on top of the Sensitivity and Consecutive frame hits:

[Link] | Security Center Administrator Guide 5.2 384

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

• Motion on threshold. Indicates the minimum number of motion blocks that must be
detected before the motion is significant enough to be reported. Together with the
Consecutive frame hits, a positive motion detection is made.
• Motion off threshold. In the same way the Motion on threshold detects the beginning of
motion, the Motion off threshold detects the end of motion. Motion is considered stopped
when the number of motion blocks drops below the Motion off threshold for at least 5
seconds.
CAUTION Light reflections on windows, switching lights on/off, and light level changes caused
by cloud movement can cause undesirable responses from the motion detection algorithm, and
thereby generate false alarms. Carry out a number of tests for different day and night conditions
to ensure correct interpretation of the video images. For surveillance of indoor areas, ensure
there is a consistent lighting of the areas during the day and at night. Uniform surfaces without
contrast can trigger false alarms even with uniform lighting.

Automatically set motion detection sensitivity

You can determine what constitutes positive motion detection by automatically setting the
sensitivity value.
Before you begin: Make sure there is no motion in the camera’s field of view (0 motion blocks).
NOTE If your camera is located outdoors, the accuracy of this test might be affected due to wind,
moving trees, and so on.

To automatically set the motion detection sensitivity:

• In the camera’s Motion detection tab, select one of the following options from the Auto
calibrate drop-down list:
 Current zone. Calibrate the sensitivity for motion detected in the currently selected
motion zone on the video image.
 All zones. Calibrate the sensitivity for motion detected in all the motion zones on the
video image.
 All motion. Calibrate the sensitivity for motion detected on the whole video image.
Different sensitivity values are tested to find the highest value without detecting motion in
the image. This test accounts for any unwanted background noise that your camera may
pick up and consider as motion.

[Link] | Security Center Administrator Guide 5.2 385

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Advanced H.264 motion detection

When an H.264 stream is selected as the recording stream, the Advanced settings button is
available after the Sensitivity slider. Click this button to open the H.264 advanced motion
detection settings dialog box where you can refine your motion detection settings for an H.264
stream.

Choose a Preset from the drop-down menu:

• Custom. Allows you to customize your settings using the available sliders.
• Vector emphasis. Sets motion detection based on the difference in motion vector values
(movement) between consecutive frames.
• Luma emphasis. Sets motion detection based on the difference in luma values (brightness)
between consecutive frames.
Depending on your unit, the Vector and Luma emphasis presets might not provide desirable
results. If you find you are getting too many, or too few motion events, choose Custom from the
Preset list and adjust the following slider values until you achieve desirable results. Values range
between 0 and 100. The higher the value, the more motion is detected.
• Luma weight. Sets motion detection based on the difference in luma values (brightness)
between consecutive frames.
• Chroma weight. Sets motion detection based on the difference in chroma (color) values
between consecutive frames.
• Vectors weight. Sets motion detection based on the difference in vector values (movement)
between consecutive frames.
• Macroblocks weight. Sets motion detection based on the presence of intra-macroblocks in
your frame. This setting is useful when you notice motion detection indicators on still
frames. For example, some units generate frames completely comprised of intra-
macroblocks as a new reference point. When this happens, you will see motion detection
blocks covering your whole image. Setting the Macroblocks weight to 0 helps prevent this
from happening.

[Link] | Security Center Administrator Guide 5.2 386

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

TIP Test your new settings with the View all motion mode.

Drawing tools for motion zones

You draw the motion zone using the following drawing tools:

Icon Tool name Description

Pen Draws motion detection blocks one at a time.

Eraser Erases the motion detection blocks one at a time.

Rectangle Draws a group of motion detection blocks.

Fill Covers the entire image with motion detection blocks.

Clear Clears all motion detection blocks.

Invert Interchanges the area with motion detection blocks with the area
without.
Learning mode Lets the computer analyze what is typical motion in the image.
When typical motion occurs, the motion detection blocks in the
affected areas are turned off, so it can be ignored.

[Link] | Security Center Administrator Guide 5.2 387

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Testing motion detection settings

After modifying the motion detection settings for a camera, always test your new settings to
make sure that you get the expected results. You can always test your settings in Config Tool
whether the motion detection is performed on the Archiver or on the unit. However, the test
might not be completely accurate when the motion detection is performed on the unit. See
"Limitations with motion detection on unit" on page 389.
You have three motion test modes to choose from:
• Test zone. The motion zone is displayed as blue overlays. The motion blocks are displayed as
green overlays. The number of motion blocks is updated in real time. When the number of
motion blocks reaches the Motion threshold, it is displayed in red.

[Link] | Security Center Administrator Guide 5.2 388

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

• Test all zones. In this mode, all motion zones are displayed at once, with the number of
motion blocks in each displayed separately.

• View all motion. In this mode, the entire video image is tested for motion. All motion
anywhere on the image is displayed as motion blocks (green overlays). The total number of
motion blocks is updated in real time. Use this mode to test the sensitivity setting for this
camera.

Limitations with motion detection on unit

When motion detection is performed on the unit, not all motion detection settings are taken into
consideration.
The following list some of the known limitations:
• Not all units support multiple motion detection zones. When switching motion detection
from Archiver to Unit, the existing zone configurations not supported by the unit will be
lost.
• The unit might not interpret the Sensitivity parameter the same way as the Archiver.
Therefore, when testing your motion zones, the results might not be accurately reflected in
Config Tool.
• The Motion search task in Security Desk is not supported.
• In most cases, the motion indicators (green bars) are not shown in the timeline during
playback.
NOTE Axis cameras however are exceptions. They do show the motion indicators in the
timeline during playback when motion detection is performed on the unit.

[Link] | Security Center Administrator Guide 5.2 389

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Motion related events

The default events related to motion detection generated by the system are as follows:
• Motion on. At the beginning of the motion period.
• Motion off. At the end of the motion period.
You can silence these events or replace them with the custom events of your choice using the
Motion events dialog box (click the Events button to open it).

TIP One reason why you would want to use custom events is when you are using multiple motion
zones. Each zone can be configured to detect motion in a different area of the camera’s field of
view and generate different events. Having different events allows you to program different
actions to respond to different situations.

[Link] | Security Center Administrator Guide 5.2 390

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Color
The Color tab allows you to adjust the video attributes such as brightness, contrast, hue, and
saturation, based on different schedules.

Click the Add schedule button to add an new color configuration.

Click the Load default button to reset all parameters to their default values.
TIP A typical use of this feature is to automatically control the brightness and contrast based on
ambient light. For more information, see "What is a twilight schedule?" on page 104.

[Link] | Security Center Administrator Guide 5.2 391

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Visual tracking
Visual tracking is a Security Desk feature that allows you to follow an individual or moving
object across different cameras and all within the same display tile. For more information, see
“Using visual tracking” in Genetec Security Desk User Guide. The Visual tracking tab is where you
configure this feature.

How visual tracking works

When visual tracking is turned on, semi-transparent overlays (colored shapes drawn over the
video) appear in the tile showing that camera. Each overlay corresponds to one or more adjacent
cameras. Simply click the overlay to switch to an adjacent camera. Video from the camera you
switched to is displayed within the same tile.

For more information, see "Configure visual tracking" on page 213.

[Link] | Security Center Administrator Guide 5.2 392

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

Hardware
The Hardware tab allows you to associate other hardware devices (PTZ motor, Speaker,
Microphone, and so on) to this camera and configure specific hardware settings.

When the unit is initially added to the system, all hardware devices belonging to the same unit
are configured by default. You can manually associate your camera to other devices, according
to how they are physically connected.

[Link] | Security Center Administrator Guide 5.2 393

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

PTZ configuration
If the PTZ motor is not integrated to your camera, you need to configure the PTZ motor
separately before you can control it in Security Desk. When you turn the PTZ switch on,
additional settings appear.

• Protocol. Protocol used by the PTZ motor.

• Serial port. Serial port used to control the PTZ motor.
Click to set the Idle delay, Idle command, and Lock delay parameters.
• Enhanced PTZ. Turn this option on to enable the zoom-box and center-on-click PTZ
commands. For more information, see "Configure PTZ motors" on page 215.
• Calibrate. Click to calibrate the PTZ. See "Calibrate the PTZ coordinates" on page 216.
NOTE Not all cameras require PTZ calibration.

• PTZ address. Number identifying the selected PTZ motor on the serial port. This number
is important because it is possible to connect more than one PTZ motor on the same serial
port. This number must correspond to the dip switch settings on the PTZ hardware.

Idle delay
The idle delay is used in two ways:
• The idle delay defines the period of inactivity after which the PTZ is considered idle. When
a user starts moving the PTZ when it is idle, the PTZ activated event is generated. When the
idle delay expires, the PTZ stopped event is generated.
As long as there are users who continue to move the PTZ, the countdown timer
continuously restarts.
• The same idle delay value is also used specifically for the zoom operation on a PTZ.
Whenever a user starts to zoom the PTZ, the PTZ zoom by user event is generated. After the
last zoom operation, when the idle delay expires, the PTZ zoom by user stopped event is
generated.
For a particular user, idle delay delineates a single zoom activity. A user who zooms several
times, with each zoom activity taking place less than 120 seconds after the previous one, will
generate only one PTZ zoom by user event, assuming the idle delay is 120 seconds. Then, if
another user performs a zoom on the same PTZ before the idle delay has expired, the PTZ
zoom by user event is again generated, logged to the second user, and the countdown timer

[Link] | Security Center Administrator Guide 5.2 394

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

is restarted. Note that in this case, the PTZ zoom by user stopped event is only generated after
the Idle delay has expired, and logged to the second user.
NOTE The PTZ activated and PTZ stopped events cannot be triggered by a programmed PTZ
action. The PTZ zoom by user and PTZ zoom by user stopped events cannot be generated due to
automated PTZ functions such as presets or patterns, or by a programmed PTZ action.

Idle command
When the PTZ becomes idle (after the idle delay expires and the PTZ stopped or PTZ zoom by
user stopped event is generated), this option determines the next action of the PTZ.
• None. The PTZ remains idle until a user starts controlling it.
• Preset. The PTZ moves to a preset position when it becomes idle.
• Pattern. The PTZ motor starts a PTZ pattern when it becomes idle.

Lock delay
When a user controls an idle PTZ, the PTZ becomes implicitly locked for that user. The implicit
PTZ lock prevents two users from fighting for the control of the same PTZ. The implicit lock
lasts Idle delay + Lock delay seconds after the user has stopped using the PTZ. After this period,
the PTZ automatically unlocks.

Speaker and microphone

Even if the unit your camera belongs to does not support audio, you can still link your camera
with audio devices (speaker and microphone) found on other units.

Camera tampering
Select this option to let Security Center process Camera tampering events issued by the unit. This
setting is only available if the video unit is capable of detecting camera tampering.
Typically, any dysfunction that prevents the original scene from being viewed properly can by
treated as an attempt to tamper with the camera. This can be a partial or complete obstruction
of the camera view, a sudden change of the field of view, or a loss of focus. You can control the
sensitivity of the unit’s alarm notification mechanism by specifying the Minimum duration that
a dysfunction must last before the unit issues a Camera tampering event.

Select the Alarm for dark images option if total obstructions are to be considered as dysfunctions.

Audio alarm
Select this option to let Security Center process audio alarms issued by the unit as Audio alarm
events. This setting is only available if the video unit is capable of raising audio alarms.

[Link] | Security Center Administrator Guide 5.2 395

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera (video encoder)

NOTE The Alarm level sets the value used to trigger audio alarms on the unit. A unit can be
configured to issue audio alarms when the sound level rises above or falls below the set value. The
alarm level can be set in the range 0-100%, where 0% is the most sensitive and 100% the least
sensitive.

Image rotation
Use this setting to correct the orientation of the image when the camera is mounted upside down
or at a 90 degree angle. The rotation options might vary depending on the model of the camera.

Lens type
Use this setting to select the lens type for cameras with interchangeable lenses. Depending on the
selected lens type, you might have additional settings to configure, such as dewarping a fish-eye
lens. For more information, see the Security Center Video Unit Configuration Guide.

[Link] | Security Center Administrator Guide 5.2 396

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera sequence

Camera sequence
The camera sequence entity defines a list of cameras that are displayed
one after another in a rotating fashion within a single tile in Security
Desk.
When displayed in a Security Desk, the camera sequence can be paused
(stop cycling) and unpacked (showing all cameras at the same time).
The cameras composing the sequence can be fixed, PTZ enabled, or
federated. Each camera is given a preset amount of display time. Dome
cameras can be configured to point to a preset position, to run a pattern, or to turn on/off an
auxiliary switch.
System: Omnicast IP video surveillance
Views: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Cameras Configuration of the cameras composing the sequence.

Custom fields Custom field values for this camera sequence.

Related topics:
• "Camera (video encoder)" on page 372
• "Creating camera sequences" on page 219
• “Viewing a camera sequence” in the Security Desk User Guide

[Link] | Security Center Administrator Guide 5.2 397

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Camera sequence

Cameras
The Cameras tab allows you to configure the cameras composing the camera sequence. The
order of the cameras in the list is the order they will be displayed in Security Desk.

For information about creating camera sequences, see "Creating camera sequences" on page 219.

[Link] | Security Center Administrator Guide 5.2 398

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Cardholder

Cardholder
The cardholder entity represents a person who can enter and exit secured
areas using their credentials (typically access cards), and whose activities
can be tracked.

System: Synergis IP access control

Task: Access control – Cardholders

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Cardholder’s personal information and status.

Picture Cardholder’s picture.

Custom fields Custom field values for this cardholder.

Related topics:
• "Badge template" on page 369
• "Cardholder group" on page 402
• "Credential" on page 405

[Link] | Security Center Administrator Guide 5.2 399

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Cardholder

Properties
The Properties tab shows the cardholder’s personal information and status. Additional
information might be found in the Custom fields tab.

For information about configuring cardholders, see “Cardholder management” in the Security
Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 400

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Cardholder

Picture
The Picture tab allows you to assign a picture to the cardholder.
For information about editing cardholder pictures, see “Assign a picture to the cardholder” in
the Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 401

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Cardholder group

Cardholder group
The cardholder group entity is used to configure the common access
rights and properties of a group of cardholders.

System: Synergis IP access control

Task: Access control – Cardholder groups

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Cardholder group properties and members.

Custom fields Custom field values for this cardholder group.

Related topics:
• "Cardholder" on page 399

[Link] | Security Center Administrator Guide 5.2 402

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Cardholder group

Properties
The Properties tab lets you view and configure the members of this cardholder group, and
configure their common properties. Additional information might be found in the Custom fields
tab.

• Group available for visitors. Set this to ON if this group will be used for visitors
• Email address. Set an email address here for automated actions associated to the group
• Security clearance. (Only visible to administrative users) Set the security clearance level for
the cardholder group.
A cardholder group’s security clearance level determines their access to areas when a
minimum security clearance level is required on areas by setting a threat level in Security
Center. For more information, see "Set minimum security clearance" on page 122.
Level 0 is the highest clearance level, with the most privileges.
 Inherited from parent cardholder groups. The cardholder group’s security clearance level
is inherited from their parent cardholder group. When multiple parent cardholder
groups exist, the highest clearance level is inherited.
 Specific. Set a specific security clearance level for the cardholder group.
• Cardholders. Define the cardholder group members using the and buttons. Both
individual cardholders and other cardholder groups can be members.

[Link] | Security Center Administrator Guide 5.2 403

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Cash register

Cash register
The cash register entity represents a single cash register (or terminal) in a
point of sale (POS) system.

Cash register entities are created by the Point of Sale role. They identify
the transaction data imported by the Point of Sale role from an external
POS system. Security Center can link Omnicast cameras to cash registers
to provide video support to help security officers in their investigations.
For more information, see “Transactions” in the Security Desk User
Guide.
IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin
must be enabled on the machine where Security Desk is installed. For more information, see
“Enable Point-of-Sale plugin” in the Security Center Installation and Upgrade Guide.
System: General
Task: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Cameras Cameras used to monitor this cash register in Security Desk.

Custom fields Custom field values for this cash register.

Location Time zone and geographical location for this cash register.

Related topics:
• "Point of Sale" on page 601
• “Transactions” in the Security Desk User Guide

[Link] | Security Center Administrator Guide 5.2 404

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Credential

Credential
The credential entity represents a proximity card, a biometrics template,
or a PIN required to gain access to a secured area. A credential can only
be assigned to one cardholder at a time.
Credentials are really “claims of identity”. A credential distinguishes one
cardholder from another.

System: Synergis IP access control

Task: Access control – Credentials

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Credential information and status.

Badge template Default badge template associated to this credential.

Custom fields Custom field values for this credential.

Related topics:
• "Badge template" on page 369
• "Cardholder" on page 399

[Link] | Security Center Administrator Guide 5.2 405

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Credential

Properties
The Properties tab lets you configure the credential information and status. Additional
information might be found in the Custom fields tab.

Credential information
This section identifies the details of the credential itself. If the credential is an access control card,
the format, facility code and card number will be shown.
• Cardholder. Displays the cardholder this credential is associated with. The cardholder can
be changed if required.

State
This section shows whether the credential status is active or Inactive/Lost/Stolen/Expired. It
also displays the date and time when the credential was attributed to this state.
Expiration - An expiration date/time can be set here so the credential expires automatically on
a certain date and time.

[Link] | Security Center Administrator Guide 5.2 406

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Credential

Badge template
The Badge template tab defines the default badge template associated to this credential.

The badge template tab allows you to preview what the credential will look like when printed
using any specific badge template. You can also print the card credential.

[Link] | Security Center Administrator Guide 5.2 407

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Door

Door
The door entity represents a physical barrier. Often, this is an actual door
but it could also be a gate, a turnstile, or any other controllable barrier.
Each door has two sides named by default “A” and “B”. Each side is an
access point (entrance or exit) to a secured area.

System: Synergis IP access control

Task: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties General behavior of the door.

Unlock Scheduled periods when the door should not be used for secured access.
schedules
Hardware Physical wiring configuration of the door to access control units and
associations to monitoring cameras.
Access rules Access rules applied to this door.

Custom fields Custom field values for this door.

Related topics:
• "Access control unit" on page 341
• "Access rule" on page 353
• "Area" on page 364
• "Elevator" on page 414

[Link] | Security Center Administrator Guide 5.2 408

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Door

Properties
The Properties tab allows you to configure the general behavior of the door.

• Standard grant time. Amount of time the door is unlocked after an access granted event is
generated.
• Access time. Amount of time the cardholder has to cross the entry sensor, in addition to the
Standard grant time. If no entry is detected during this time, a No entry detected event is
generated. This option is only supported when your door is configured with an entry
sensor.
EXAMPLE If the Standard grant time is 5 seconds, and the Access time is 5 seconds, the
cardholder has a total of 10 seconds to cross the entry sensor of the door.
• Extended grant time. For cardholders with the property “extended grant time” turned on,
the amount of time the door is unlocked after access is granted.
• Extended access time. For cardholders with the property “extended grant time” turned on,
the amount of time the cardholder has to cross the entry sensor, in addition to the Extended
grant time. If no entry is detected during this time, a No entry detected event is generated.
This option is only supported when your door is configured with an entry sensor.
EXAMPLE If the Extended grant time is 10 seconds, and the Extended Access time is 10
seconds, the cardholder has a total of 20 seconds to cross the entry sensor of the door.
• Trigger a ‘door open too long’ event. The event ‘door open too long’ will be generated after
this duration.

[Link] | Security Center Administrator Guide 5.2 409

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Door

• Ignore ‘door forced open’ events. Ignore ‘door forced open’ events.
• Unlocked for maintenance. Door is unlocked, and possibly pinned open for maintenance
purposes. Do not generate the normal events when in maintenance-mode.
The values in the Request to exit section are generally used to decrease the number of false
Request to exit events at a door.
• Time to ignore ‘Request to exit’ after granted access. Ignore any requests to exits for this
long after access has been granted.
• Unlock on request to exit. Set to ON if a REX is being used, and you want to automatically
grant the request to exit.
• Ignore ‘Request to exit’ events while door is open. Do not generate REX when door is
open.
• Time to ignore ‘Request to exit’ after door closure. Once the door has closed, wait this
long before generating any more Request to exit events.

[Link] | Security Center Administrator Guide 5.2 410

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Door

Unlock schedules
Unlock schedules represent scheduled periods when the door should not be used for secured
access. It is unlocked, and no access rules are in effect.

A typical use of an unlock schedule might be:

The main door of the office should be unlocked from 9:00 AM-12:00 PM, locked from 12:00 PM
- 1:00 PM, and unlocked again from 1:00 PM - 6:00 PM.
• Click the add button below Unlock schedules to apply free access periods.
• Click the add button below Exceptions to unlock schedules to apply “controlled access”
periods.

[Link] | Security Center Administrator Guide 5.2 411

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Door

Hardware
The Hardware tab allows you to configure the physical wiring relationships between the access
control unit and the door, and associate cameras to door sides.

Match each one of these functions to correspond with the physical wiring done on the controller
and door.

[Link] | Security Center Administrator Guide 5.2 412

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Door

EXAMPLE The physical door has the following installed:

• A reader wired on door side A

• A REX wired on door side B
• A strike relay on the door lock
• A door sensor
• An auxiliary relay wired to a buzzer
In Config Tool, the door entity must have Card-In/REX out configuration. Door side A can be
named Entry, and door-side B can be named Exit.

Access rules
The Access rules tab displays the access rules applied to this door.

In the example above, we can see that an access rule called Employees only is applied to the
Entry side of the door but no rule is applied to the Exit side because of a Request to exit device.

[Link] | Security Center Administrator Guide 5.2 413

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Elevator

Elevator
The elevator entity provides access control properties to elevators. For an
elevator, each floor is considered an entry point for the area
corresponding to that floor.
CAUTION To configure an elevator, make sure you have an access control
unit dedicated to the control of an individual elevator cab. In other words,
the access control unit used for elevator control cannot be shared for any
other purpose.
System: Synergis IP access control
Task: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Floors Physical wiring relationships between the access control unit and the elevator
floors, and cameras used to monitor this elevator in Security Desk.
Access Access rules applied to the elevator floors, and scheduled periods when the
elevator floors should not be used for secured access.
Advanced Advanced behavior of the elevator.

Custom fields Custom field values for this elevator.

Related topics:
• "Access control unit" on page 341
• "Access rule" on page 353
• "Area" on page 364
• "Door" on page 408

[Link] | Security Center Administrator Guide 5.2 414

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Elevator

Floors
The Floors tab allows you to configure the physical wiring relationships between the access
control unit and the elevator floors, and select cameras used to monitor this elevator in Security
Desk.

• Preferred unit. Assign an access control unit to manage this elevator cab’s panel.
• Elevator cab reader. Assign a reader interface to be used inside the elevator cab.
• Camera. Select a camera to monitor this elevator in Security Desk.
• Floors. Assign push button relays and inputs to the elevator floor buttons.
 Push button relay. Assign output relays to the different elevator floor buttons. Access
granted events cause an output relay to close, which enables the button-push to request a
certain floor.
 Floor tracking. (Optional) Assign inputs to elevator floor buttons. When you assign
inputs, Security Center can take note of which floor button was pushed.
The floor configurations can be added, deleted, or modified with the add , delete , and
buttons at the bottom of the page.

[Link] | Security Center Administrator Guide 5.2 415

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Elevator

Access
The Access tab lets you configure the access rules applied to each of the elevator floor, and
determine when access to floors is controlled and when free access to elevator floors is available.

• Access rules. Select access rules to determine which floor buttons are enabled, when, and
for which cardholders.
Different access rules can be applied to different floors, or applied to all floors. In the
example above, the access rule Weekdays applies to all floors.
• Exceptions. Determine if there are any exceptions to the access rule you set.
 Schedule. Select a schedule when the exception applies.
 Floor. Select which floors the exception applies to.
 Mode. Select whether access to the elevator floor is free or controlled during the exception
schedule.
In the example above, controlled access is used when the office is closed.

[Link] | Security Center Administrator Guide 5.2 416

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Elevator

Advanced
The Advanced tab lets you configure the advanced behavior of this elevator.

• Grant time. This value indicates for how long the elevator floor button will be enabled after
the access granted event has been generated.
• Free access when the output relay is:
 Normal. Floor access is enabled when the access control unit output relay is de-
energized. This means that a power loss results in free access to the floor.
 Active. Floor access is enabled when the access control unit output relay is energized.
This mean that a power loss results in floor access being denied.

[Link] | Security Center Administrator Guide 5.2 417

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Hotlist

Hotlist
The hotlist entity defines a list of wanted vehicles. Each vehicle in the list
is identified by a license plate number, the license plate issuing state (or
province, or country), and the reason why the vehicle is wanted (for
example, Stolen, Wanted felon, Amber alert, VIP, and so on). Additional
vehicle information can include the model, the color, and the vehicle
identification number (VIN).

Hotlists are used by both the AutoVu Patroller and the AutoVu LPR
Manager role to check against license plates captured by LPR units to identify vehicles of interest.

The hotlist entity is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles
of interest. Other types of hit rules include overtime, permit, and permit restriction. When a plate
read matches a hit rule, it is called a hit. When a plate read matches a plate on a hotlist, it is called
a hotlist hit.
System: AutoVu IP license plate recognition
Task: LPR – Hotlists

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Configure the basic parameters of the hotlist, including: assigning priority
to a hotlist, and the location and attributes of the hotlist data file.
Advanced Configure the advanced parameters of the hotlist, including: assigning
color, sound, email address for notifications, and enabling hotlist and
permit editor support.
Custom fields Custom field values for this hotlist.

Related topics:
• "LPR Manager" on page 571
• "LPR unit" on page 430

[Link] | Security Center Administrator Guide 5.2 418

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Hotlist

Properties
The Properties tab is where you configure the basic properties of the hotlist (hotlist priority,
hotlist path, attributes, and so on). These settings tell Security Center how to parse the hotlist
file into the format required by the Patroller and the LPR Manager to identify plates read by
Sharp units.

For more information on how to configure hotlists, see “Configuring hotlists” in the AutoVu
Handbook.

• Priority. Choose a hotlist priority. Zero (0) is the highest priority setting and 100 is the
lowest priority setting. This setting is used to resolve conflicts when a plate read matches
more than one hotlist, in which case the hotlist with the highest priority is displayed first in
the list of hotlist matches.
• Hotlist path. Type the path or browse to the hotlist text file. Every hotlist entity in Security
Center must be associated with a text file containing the actual hotlist data; that is, license
plate numbers and other related vehicle information. The associated text file is typically
created by a third party system (e.g. Notepad for .txt files, or Excel for .csv files).
The source text file can be located on the LPR Manager computer’s local drive (for example,
the C drive), or on a network drive that is accessible from the LPR Manager computer. If
you start typing a path to a network drive, the Username and Password fields appear and
you’ll need to type the username and password to access the network drive.

[Link] | Security Center Administrator Guide 5.2 419

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Hotlist

• Use delimiters. Tells Security Center that the fields in the hotlist file are of variable length
and indicates the character used to separate each field in the file. By default, Use delimiters
is set to On, and the delimiter specified is a semi-colon (;). If your hotlist file is made up of
fixed length fields, set Use delimiters to Off.
Security Center supports the following delimiters:
 Colon (:)
 Comma (,)
 Semi-colon (;)
 Tab (Tab)
If your hotlist file uses Tab as a delimiter (i.e. the “Tab” key on your keyboard), type the
word “TAB” as the delimiter character.
IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use
more than one Tab space to align columns in your hotlist file or Security Center may not be
able to parse the hotlist.
• Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and
permit editor task.
IMPORTANT Please note the following about the Hotlist and permit editor:

 A user must be granted the privilege to use the Hotlist and permit editor.
 Only the first 100,000 rows of a hotlist are loaded into the Hotlist and permit editor.
 If an error occurs while the hotlist is being loaded, the loading process is cancelled and
an error message is displayed. However, you will not lose any of the data loaded before
the error occurred, and you can still edit the data loaded into the editor.
• Attributes. Tells Security Center the name and order of the fields in the source text file.
From the Attributes area, you can add, delete, or edit the data fields (attributes). Security
Center includes the following default attributes:
 Category. (Mandatory field) Reason why a license plate number is wanted. For example:
Scofflaw, Stolen, Amber alert, Wanted felon, and so on. When a hit occurs, this field is
displayed on the hit screen in Patroller and Security Desk.
 PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate.
Patroller uses the PlateNumber to match against a plate read. When a hit occurs, this
field is displayed on the hit screen in Patroller and Security Desk.
 PlateNumber. (Mandatory field) The license plate number.
The following fields are shown by default, but are optional. If there is no start or end date for
the hotlist, you can delete these fields, or simply leave them blank.
 EffectiveDate. Date at which the hotlist starts to be effective.
 ExpiryDate. Date after which the hotlist is no longer valid.
IMPORTANT Please note the following about hotlist attributes.

[Link] | Security Center Administrator Guide 5.2 420

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Hotlist

 The hotlist text file must include Category, PlateState, and PlateNumber fields. For this
reason, these fields already appear in the attribute list and cannot be deleted from the list.
 There cannot be any spaces within an attribute name.
 You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber.
• Add ( ) or Edit ( ) a hotlist attribute. Configure the following:
 Name. Name of the field. It may contain spaces. Only the three compulsory fields,
Category, PlateState and PlateNumber cannot be renamed.
 Value. The default value is interpreted differently depending on whether delimiters are
used or not.
 If delimeters are in use, the default value is written into this field. Fields already
populated will be overwritten.
 If delimeters are not in use, and if the field is empty, the default value is written into
this field. Fields already populated will not be overwritten.
 Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if
you add a mandatory attribute called CarColor, the column for CarColor in the source
file must have text in it.
 Fixed length. This option is enabled only if you chose to use fixed length data fields.
Indicate the start position of the field in the file record and its length. The position of the
first character is zero (0).
 Date format. Specify a time format if the field contains a date or time value. All standard
date and time format strings used in Windows are accepted. If nothing is specified, the
default time format is “yyyy-MM-dd”.
 Translate. You can apply an optional transformation to the values read from the data file.
Use this feature to shorten certain values to save space on the Patroller or to enforce
spelling consistency.
For example, the following is what you may find in a variable field length data file using a
semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber, CarMake,
and CarColor.
AMBER;QC;DEF228;TOYOTA COROLLA;GREEN
STOLEN;QC;345ABG;HONDA CIVIC;BLUE
STOLEN;QC;067MMK;FORD MUSTANG;YELLOW
STOLEN;QC;244KVF;LEXUS IS350;SILVER

[Link] | Security Center Administrator Guide 5.2 421

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Hotlist

Advanced
The Advanced tab is where you configure the advanced properties of the hotlist (the color,
sound, download frequency, and so on). These properties are not required for all hotlists, but
allow you to customize certain hotlists for specific scenarios.

For more information on how to configure hotlists, see “Configuring hotlists” in the AutoVu
Handbook.

• Color. Assigns a color to a hotlist. When you choose a color, the map symbol that marks
the location of the hotlist hit in Security Desk and Patroller, as well of the Hotlist Hit and
Review Hits screen in Patroller, appears in that color.
• Use wildcards. Indicates that the hotlist contains wildcards (partial license plate numbers).
You can have a maximum of two wildcard characters (asterisk *) in a PlateNumber.
Wildcard hotlists are used in situations where witnesses did not see, or cannot remember a
complete license plate number. This allows the officer to potentially intercept vehicles
associated with a crime, which otherwise would not have been detected using standard
hotlists.
Best practice: If using a wildcard hotlist, use the following best practices:
 Do not use more than one wildcard hotlist per Patroller.
 By default, hotlists are applied at the LPR Manager level. Use only one wildcard hotlist
per LPR manager role.

[Link] | Security Center Administrator Guide 5.2 422

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Hotlist

 Limit the number of entries to 100 plates.

NOTE If using wildcard hotlists, please note the following:

 An asterisk (*) in the data file indicates a wildcard.

 Only the PlateNumber field accepts wildcard characters. If the asterisk is found in any
other field, it is considered as a normal character.
 The PlateNumber field is limited to two wildcard characters.
 If you select Use wildcards, Patroller ignores all hotlist entries that do not contain a
wildcard, or that contain more than two wildcard characters.
 It is the number of wildcards in the PlateNumber field, and not the location of the
wildcard, that determines how many mismatched characters are allowed before a match
can occur.
 The position of the wildcards cannot be enforced because, typically, when witnesses
report a partial plate number, they do not remember the position of the characters they
missed. The sequence of the normal characters in the PlateNumber is respected, such
that the three patterns “S*K3*7”, “**SK37”, and “SK37**” are equivalent.
EXAMPLE If a wildcard hotlist contains the PlateNumber entry S*K3*7:

 Plate reads NSK357 and ASDK37 will generate a hit because both reads have no more
than two mismatched characters (in red) and the sequence “SK37” is respected.
 Plate read SUKA357, will not generate a hit because it contains three mismatched
characters (in red).
 Plate read SKU573 read will not generate a hit because the sequence of characters
SK37 is not found in the read.
• Covert. Set the hotlist to a covert hotlist. When you choose this setting, Patroller users are
not alerted when a hit occurs. Only users with sufficient privileges can view covert hits in
Security Desk.
• Email address. Set hotlist email notifications. When the hotlist you’re configuring
generates a hit, Security Center sends an email to the address you specify.
IMPORTANT For this feature to work, the SMTP configuration must be set up in the Server
Admin and the Email notification option must switched to ON in the Config Tool’s LPR
Manager Properties tab.
• Sound file. This indicates which sound Patroller should play when a hotlist hit occurs. If
you leave this field blank, Patroller plays its default sounds. The path (you must include the
filename) indicates the file’s location on the Patroller in-vehicle computer. You can copy
sound files to the in-vehicle computer manually, or use the Security Center updater service
to push new sound files to Patroller as you would a hotfix. Only .wav files are supported.
• Override privacy for emails. Bypasses any privacy settings you applied at the Directory
level (see "Applications" on page 646), and sends an email with real LPR data to the Email
address you specified for this particular hotlist.

[Link] | Security Center Administrator Guide 5.2 423

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Hotlist

• Disable periodic transfer. Turns off periodic transfer of hotlist modifications to the
Patroller computer. When this setting is off, hotlist changes are only downloaded to
Patroller when the user logs on to the application. This option requires a wireless
connection between Patroller and Security Center.
• Enable transfer on modification. Transfer hotlist modifications to Patroller as soon as they
occur. For example, you can use this option on a hotlist to force Patroller to query for
changes more frequently than the periodic transfer period (which applies to all hotlists).
This can be useful for Amber alerts because they can be added to a specific hotlist and sent
to a Patroller almost immediately. This option requires a continuous wireless connection
between Patroller and Security Center.

[Link] | Security Center Administrator Guide 5.2 424

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion detection area

Intrusion detection area

An intrusion detection area entity corresponds to an area (also known as
zone or partition, depending on the manufacturer) that is configured on
an intrusion panel (also known as alarm panel).
Intrusion detection areas might be automatically created by the
Intrusion Manager when the intrusion panels on which they are
configured are enrolled to your system.
Intrusion detection areas are not configurable for the most part, except
for the cameras assigned to them for monitoring purposes in Security Desk and the event-to-
actions. They are automatically updated when the zones they correspond to are updated on the
intrusion panels.
System: General – Intrusion management
Task: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Shows the properties of the intrusion detection area as it is configured on the
intrusion detection unit.
Cameras Cameras used to monitor this intrusion detection area in Security Desk.

Custom fields Custom field values for this intrusion detection area.

Related topics:
• "Enroll an intrusion panel" on page 156
• "Create an intrusion detection area" on page 159
• "Intrusion Manager" on page 567
• "Intrusion detection unit" on page 427

[Link] | Security Center Administrator Guide 5.2 425

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion detection area

Properties
The Properties tab shows the properties of the intrusion detection area as configured on the
intrusion detection unit.

NOTE This page is read-only for zones configured on Bosch units.

Property description
• Physical name. Name of the intrusion detection area (sometimes called zone or partition)
as it is configured on the physical intrusion panel. Changing the entity name of the
intrusion detection area will not change its physical name.
• Intrusion detection unit. Entity name of the intrusion detection unit (intrusion panel)
where this area is configured.
• Devices. Name and description of the inputs defining this intrusion detection area.
TIP You can assign meaningful names to input and output devices of the intrusion detection
unit from the unit’s Peripherals tab. For more information, see "Edit intrusion detection unit
peripherals" on page 158.

[Link] | Security Center Administrator Guide 5.2 426

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion detection unit

Intrusion detection unit

The intrusion detection unit entity represents a physical intrusion panel
that is monitored and controlled by Security Center.
An intrusion panel (also known as alarm panel) is a wall-mounted unit
where the alarm sensors (motion sensors, smoke detectors, door sensors,
and so on) and wiring of the intrusion alarms are connected and
managed.

System: General – Intrusion management

Task: Intrusion detection – Units

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Hardware specific settings for this unit.

Peripherals List of all peripheral devices connected to the unit.

Custom fields Custom field values for this intrusion detection unit.

Location Time zone and geographical location of this unit.

NOTE Security Center currently supports both Bosch GV2/GV3 series and Honeywell Galaxy
Dimension intrusion panels. Only the configuration of Bosch intrusion panels is described in
this manual. For the configuration of Honeywell intrusion units in Security Center, see the
Honeywell Galaxy Control Panel Integration User Guide, found in the
Documentation\Controllers folder of your Security Center installation package.

Related topics:
• "Enroll an intrusion panel" on page 156
• "Intrusion Manager" on page 567
• "Intrusion detection area" on page 425

[Link] | Security Center Administrator Guide 5.2 427

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion detection unit

Properties
The Properties tab allows you to configure the hardware-specific options for this unit.

• Clear logs after download is completed. Select this option to erase the log from the
intrusion panel once it is downloaded to Security Center.
NOTE You might not want Security Center to erase the logs on the intrusion panel if the panel
is also monitored by a central monitoring station.
• Interface type. The interface type cannot be changed after the entity is created. If you need
to change the interface type, you need to delete the entity and re-create it. For more
information, see "Enroll an intrusion panel" on page 156.
For the serial interface, you can change the port number. For the IPv4 interface, you can
change the IP address of the intrusion panel and its connection port.
• Clock synchronization. Select Automatic synchronization if you want the clock on the
intrusion panel to be synchronized with Security Center.

[Link] | Security Center Administrator Guide 5.2 428

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion detection unit

Peripherals
The Peripherals tab lists all peripherals (inputs pins and output relays) connected to the intrusion
detection unit.

For more information about editing intrusion detection unit peripherals, see "Edit intrusion
detection unit peripherals" on page 158.

[Link] | Security Center Administrator Guide 5.2 429

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR unit

LPR unit
An LPR unit is an IP-based license plate recognition (LPR) device. An
LPR device converts license plate numbers cropped from camera images
into a database searchable format. Typically, an LPR unit includes two
cameras: an LPR camera that produces high resolution close-up images
of license plates; and a context camera that produces a wide-angle color
image of the license plate and the vehicle.

AutoVu Sharp is the LPR unit used in Security Center AutoVu solutions.
The Sharp includes license plate capturing and processing components, as well as digital video
processing functions, enclosed in a ruggedized casing. Sharps can be deployed in mobile and
fixed installations. A mobile installation is where the Sharp is mounted on a vehicle and is
integrated into AutoVu Patroller (the in-vehicle software of the AutoVu LPR system), which in
turn is integrated into Security Center. A fixed installation is where the Sharp is mounted in a
fixed location, such as on a pole, and integrated directly into Security Center.

The LPR Manager automatically detects Sharps on the network and adds them to the Security
Center system. It detects mobile Sharps through the AutoVu Patroller system they are connected
to. It detects fixed Sharps directly through the Security Center discovery port.
System: AutoVu IP license plate recognition
Task: Role view (under the LPR Manager roles and Patrollers)

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Unit properties such as manufacturer, model, firmware version, network
settings, and authentication password.
Custom fields Custom field values for this LPR unit.

Location Time zone and geographical location of this unit.

Related topics:
• "LPR Manager" on page 571
• "Patroller" on page 454

[Link] | Security Center Administrator Guide 5.2 430

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR unit

Properties
The Properties tab displays hardware and software information about the Sharp unit, such as the
IP address and port being using. You can also associate a specific hotlist to the Sharp, or link the
LPR camera in the Sharp to an Omnicast camera, or the Sharp's own context camera.

• Properties. Displays hardware and software information about the Sharp unit:
 IP address. IP address of the Sharp unit.
 Port. Port used by the LPR Manager to communicate with the Sharp unit.
 Version. AutoVu PlateReaderServer software version running on the unit.
 Type. Unit hardware version.
 Serial number. Unit factory installed serial number.

[Link] | Security Center Administrator Guide 5.2 431

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR unit

• Applications. Displays which Updater service and Firmware versions are running on the
Sharp.
• Devices. Link the LPR camera to an Omnicast camera.
• File association. Select how the Sharp behaves with hotlists:
 Inherit from LPR Manager role. The Sharp uses the hotlists associated with its parent LPR
Manager. This is the default setting.
 Specific. Associate specific hotlists with the Sharp unit. This allows you to create Event-
to-actions in Security Desk that trigger on that specific hotlist. For example, if you’re
using the Sharp to allow access to a parking lot, you would put the vehicle plates on a
hotlist, and then associate that hotlist to the Sharp.
NOTE To reboot a fixed Sharp, click the Reboot button found on the Contextual command
toolbar at the bottom of the Config Tool window. If the Reboot button is not visible, log on to the
<Admin Tool>’s Configuration page, and then select Accept remote reboot requests.

[Link] | Security Center Administrator Guide 5.2 432

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Macro

Macro
The macro entity encapsulates a C# program that adds custom
functionalities to Security Center.
Macros can be executed either manually or automatically. When
automated, it is loaded as a background process and executes when a set
of conditions are met.

System: General
Task: System – Macros

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Features a basic text editor allows you to view and edit your C# code.

Default execution Default values for the context variables declared in the macro body. The
context default execution context is used when the macro is run from the Common
tasks area.

Related topics:
• "Using macros" on page 110
• "Tile plugin" on page 484
• "Monitoring the status of your system" on page 177

[Link] | Security Center Administrator Guide 5.2 433

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Macro

Properties
The Properties tab provides a basic text editor for you to write your C# code.

Import from file

Click this button to import the source code from a file.

Checking syntax
Click this button to validate the C# code. If errors are found in the code, they are listed in a dialog
box with the line and column numbers where they are found.
NOTE Security Center prevents a macro that has errors from being saved. If a macro has errors,
and you change tabs, it is rolled back to its last error free version.

[Link] | Security Center Administrator Guide 5.2 434

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Macro

Default execution context

The Default execution context tab shows the context variables defined in your macro.

About the execution context

You can provide input parameters to your macro by declaring mutators. Such mutators must be
public. Their type must be one of the following:
• [Link]
• [Link]
• System.Int32
• [Link]

By declaring mutators, your macro will have an execution context that can be configured in the
Default execution context tab. If a macro is run without specifying an execution context, the
default execution context is used. This is always the case when a macro is launched from the
Contextual commands toolbar in Config Tool.

The default execution context can be overridden by specifying your own context.

[Link] | Security Center Administrator Guide 5.2 435

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitor group

Monitor group
The monitor group entity is used to configure the properties of a group of
analog monitors.

System: General
Task: Alarms - Monitor groups

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Monitors General behavior of the analog monitor.

Related topics:
• "Analog monitor" on page 361
• "Managing alarms" on page 111

[Link] | Security Center Administrator Guide 5.2 436

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Monitor group

Monitors
The Monitors tab lets you add multiple analog monitors to the monitor group. Later, when you
create alarms, you can add a monitor group and its members as a recipient of the alarm. See
"Configuring analog monitors" on page 221.
IMPORTANT The order of analog monitors in the monitor group list is important. If you add
more than one analog monitor to the monitor group, the first analog monitor in this list will
receive the highest priority alarm, the second analog monitor will receive the second highest
priority alarm, and so on. The last analog monitor in this list will receive all the other alarms.

[Link] | Security Center Administrator Guide 5.2 437

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Network

Network
Network entities are used to capture the characteristics of the networks
used by your system so that proper stream routing decisions can be
made.
Unless your entire system runs from a single private network without
communicating with the outside world, you must configure at least one
network entity other than the Default network to describe your
networking environment.
System: General, and more specifically for Omnicast
Task: Network view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Network characteristics and routing information.

Related topics:
• "Managing the Network view" on page 82
• "Server" on page 475
• "Media Router" on page 591

[Link] | Security Center Administrator Guide 5.2 438

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Network

Properties
The Properties tab defines the network characteristics and routing information.

Capabilities
Data transmission capabilities. This setting is only used by Omnicast for streaming live video on
the network. Always select the largest set of capabilities if your network supports them.
• Unicast TCP. Unicast (one-to-one) communication using TCP protocol is the most
common mode of communication. It is supported by all IP networks, but it is also the least
efficient method for transmitting video.
• Unicast UDP. Unicast (one-to-one) communication using UDP protocol. Because UDP is a
connectionless protocol, it works better for live video transmission. When the network
traffic is busy, UDP is much less likely to cause choppy video then TCP. A network that
supports unicast UDP necessarily supports unicast TCP.
• Multicast. Multicast is the most efficient transmission method for live video. It allows a
video stream to be transmitted once over the network to be received by as many
destinations as necessary. The gain could be very significant if there are many destinations.
A network supporting multicast necessarily supports unicast UDP and unicast TCP.
NOTE Multicast requires specialized routers and switches. Make sure you confirm this with
your IT department before setting the capabilities to multicast.

[Link] | Security Center Administrator Guide 5.2 439

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Network

IPv4 address
IPv4 has two display modes.
• Subnet display. This mode displays the IPv4 subnet mask as four bytes.

• CIDR block display. The Classless Inter-Domain Routing (CDIR) mode displays the IPv4
subnet mask as a number of bits.

Click to select the preferred display mode.

IPv6 address
Version 6 IP address prefix for your network.

Your network must support IPv6 and you must enable the option Use IPv6 on all your servers.
For more information, see "Network" on page 480.

Proxy server
You only need to specify the proxy server when Network Address Translation (NAT) is used
between your configured networks. The proxy server must be a server known to your system and
must have a public port and address configured on your firewall. For more information, see
Server – "Properties" on page 476.

Routes
Routes are defined by default between every two networks on your system. The route capabilities
are limited by the smallest capability set of the two end points. For example, if one end is capable
of multicast and the other end is only capable of unicast UDP, the capabilities of the route
between these two end points cannot be more than unicast UDP.
If the connection between the two end points (for example VPN) only supports unicast TCP,
you might have to limit the capabilities of a route even further.
You need to delete a route if no direct connection exists between two networks.

[Link] | Security Center Administrator Guide 5.2 440

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Output behavior

Output behavior
The output behavior entity defines a custom output signal format such as
a pulse with a delay and duration.
Output behaviors are used to control output relays that are not being
used to control door locks.

System: Synergis IP access control

Task: System – Output behaviors

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Output signal pattern.

Related topics:
• "Access control unit" on page 341
• "Video unit" on page 498
• "Zone (hardware)" on page 506
• "Zone (virtual)" on page 510

[Link] | Security Center Administrator Guide 5.2 441

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Output behavior

Properties
The Properties tab lets your configure the output signal pattern.

Some examples of output behaviors can include controlling a parking gate, flashing a light in the
warehouse, and so on.
In the image above, the behavior for an output relay is configured to open and close the circuit
10 times over a 10 second period.
• Output type. Choose state, pulse or periodic.
State sets the circuit’s state to open or closed, Pulse sets a pulse to be generated, and
Periodic sets a cyclic output to be generated.
• Delay. The delay before the pulse or periodic output is generated.
• Duration. The duration (in milliseconds) of the pulse.
• Infinite. Select this checkbox if the periodic behavior should continue until it is told to stop
by another output behavior.
• Duty cycle. The ratio of the output signal pattern pulse width divided by the period.
• Period. The time for one complete cycle of the output signal pattern.
Output behaviors can be triggered by automatic event-to-action relationships, manually through
hot actions in Security Desk, or through IO linking.

[Link] | Security Center Administrator Guide 5.2 442

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Overtime rule

Overtime rule
The overtime rule entity specifies time limits of parking within a
restricted area (a single parking space, a city district, or both sides of a
city block). It also specifies the maximum number of overtime violations
enforceable within a single day.

The overtime entity is downloaded to Patroller. In Patroller, an overtime

hit occurs when the time between two plate reads of the same plate is
beyond the time limit specified in the overtime rule. For example, your
overtime rule specifies a four hour parking limit within a city district. The Patroller operator
does a first pass through the district at 9:00 A.M. collecting license plate reads. The operator then
does a second pass through the district at 1:05 P.M. If a plate was read during the first and second
pass, Patroller will generate an overtime hit.

The overtime rule is a type of hit rule. A hit rule is a method used by AutoVu to identify vehicles
of interest. Other types of hit rules include hotlist, permit, and permit restriction. When a plate
read matches a hit rule, it is called a hit. When a pair of plate reads (same plate read at two
different times) violates an overtime rule, it is called an overtime hit.
System: AutoVu IP license plate recognition
Task: LPR – Overtime rules

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties The parking regulations enforced by this entity.

Parking lot The parking zone where this entity is enforced.

Custom fields Custom field values for this overtime rule.

Related topics:
• "Hotlist" on page 418
• "Patroller" on page 454
• "Permit" on page 457
• "Permit restriction" on page 461

[Link] | Security Center Administrator Guide 5.2 443

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Overtime rule

Properties
The Properties tab is used to configure the parking regulations enforced by this overtime rule.

For more information on how to configure overtime rules, see “Configuring overtime rules in
Security Center” in the AutoVu Handbook.

• Color. Assign a color to the overtime rule. When you select the overtime rule in Patroller,
the plate reads on the map, and the hit screen, are displayed in this color.
• Vehicle parking position. Each Patroller has two sets of calibrated parameters for the
optimal reading of wheel images, based on the parking position of the vehicles: Parallel or
Angled (45-degree). This setting tells the Patroller which set of parameters to use.
NOTE This setting applies to AutoVu Patroller City Parking Enforcement with wheel imaging
applications.
• Long term overtime. Use this option for long term parking; that is, where vehicles can park
in the same spot for over 24 hours. When Long term overtime is selected, the parking time
limit is specified in days (2 to 5 days).
This option automatically sets the parking regulation to same position, meaning the vehicle
has parked overtime when it stays in the same parking space beyond the parking time limit
set for such parking space.

[Link] | Security Center Administrator Guide 5.2 444

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Overtime rule

NOTE This setting applies to AutoVu Patroller City Parking Enforcement with or without
wheel imaging. Wheel imaging is recommended if you plan to use this rule to detect vehicles
parked long term so that you can distinguish between someone who parks in the same
position and a vehicle which has been abandoned.
• Parking enforcement. Select the type of restricted parking area that applies to the time
limit: a single parking spot, a district within a city, or both sides of a city block.
 Same position. A vehicle is parked overtime if it parks in the same spot beyond the time
limit specified. For example, your overtime rule specifies a one hour parking limit for a
single parking space. The Patroller operator does a first pass through the district at 9:00
A.M. collecting license plate reads. The operator does a second pass at 10:05 A.M. If
Patroller reads the same plate in the same spot both times, it results in an overtime hit.
IMPORTANT For this feature to work, Patroller needs GPS capability.
 District. A vehicle is parked overtime if it is parked anywhere within a city district (a
geographical area) beyond the specified time limit. For example, your overtime rule
specifies a four hour parking limit within a city district. The Patroller user does a first
pass through the district at 9:00 A.M. collecting license plate reads. The operator does a
second pass through the district at 1:05 P.M. If Patroller reads the same plate in the same
district both times, it results in an overtime hit.
 Block face (2 sides). A vehicle is parked overtime if it is parked on both sides of a road
between two intersections beyond the specified time limit. For example, your overtime
rule specifies a 1hour parking limit within a city block [Link] Patroller operator does a
first pass through the block face at 9:00 A.M. collecting license plate reads. The operator
does a second pass down the block at 10:05 A.M. If Patroller reads the same plate in the
same block face both times, it results in an overtime hit.
• Regulation. Defines the parking time limit, when it is to be enforced, the grace period to be
granted, and how many times it can be enforced within a single day. You can add, delete,
and modify a parking regulation. To add a regulation, click , and do the following.

[Link] | Security Center Administrator Guide 5.2 445

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Overtime rule

 Time limit. The parking time limit in hours and minutes.

 Grace period. Time beyond the parking time limit during which overtime violation is
waived. For example, Patroller will generate an overtime hit on a plate when time
between the capture of the same plate exceeds the Time limit plus the Grace period.
 Applicable days. Days of the week when the time limit is enforced. You can select a
weekly time frame from the drop-down list: Always (7 days), Weekdays (Monday to
Friday), Weekends (Saturday and Sunday), and Custom. To create a custom time frame,
click on the days.
 Applicable hours. Select when the time limit is enforced. You can choose All day or Time
range. To define a time range, click in the date picker field, and use the text field or the
graphical clock to specify the time.

About multiple overtime violations

You can add multiple parking regulations to an Overtime rule to specify the maximum number
of citations that can be issued to the same vehicle for the same offence. For example, let’s say your
overtime rule has two separate parking regulations defined (of differing time limits if required).
If a vehicle exceeds the first parking time limit an overtime hit occurs. If the same vehicle
remains parked and subsequently exceeds the second parking time limit, a second overtime hit
occurs. If the same vehicle still remains parked a third overtime hit will not occur.
By default, Patroller keeps reads associated to an overtime rule for 12 hours. Therefore, if the
next day the vehicle is still in the same spot, and exceeds the parking time limit, an overtime hit
will occur. To change the reset time of overtime rules, see the Patroller Config Tool setting
LinkReadPersistenceDuration.

Parking lot
The Parking lot tab defines the parking zone where this parking rule must be enforced. The
Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of
spaces in the lot, and then draw a polygon on top of the map to represent the physical parking
lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in
that area. For more information on how this information is being used, see “Zone occupancy
report” in Genetec Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 446

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Overtime rule

NOTE This applies only to AutoVu Patroller University Parking applications.

You can add multiple lots to a map.

[Link] | Security Center Administrator Guide 5.2 447

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Parking facility

Parking facility
The Parking facility entity defines a large open parking area or a parking
garage as a number of sectors and rows for the purpose of tracking the
location of vehicles inside that parking facility. It is used in the AutoVu
Mobile License Plate Inventory (MLPI) application.
The license plate inventory is the list of vehicles present in a parking
facility within a given time period.
Before AutoVu MLPI units (mobile Patrollers and handheld devices)
can collect license plates for the inventory, you must define their collection route as a sequence
of sectors and rows configured in the parking facility. The sector and row where a license plate
is read represents the location of the vehicle inside the parking facility.
Security Center collects license plate reads from the MLPI units and creates an inventory for the
current date. Using Security Desk, you can find where a vehicle is parked (sector and row) and
how long it has been parked there in the current inventory. You can also compare two
inventories on different dates to view the vehicle movements (vehicles that were arrived, moved,
or left).
System: AutoVu IP license plate recognition
Task: LPR – Parking facilities

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Assigns an LPR Manager to this entity and configures its sectors and rows.

Custom fields Custom field values for this parking facility.

Related topics:
• "Patroller" on page 454

[Link] | Security Center Administrator Guide 5.2 448

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Parking facility

Properties
The Properties tab is used to assign an LPR Manager to the parking facility and configure its
sectors and rows for the license plate collection route.

For more information on how to configure parking facilities, see “Configuring parking facilities”
in the AutoVu Handbook.

• AutoVu LPR Manager. Select the LPR Manager responsible for creating and managing the
license plate inventory for this parking facility.
Only offloads from MLPI Patrollers managed by the same LPR Manager are used to build
the inventory for this parking facility. An MLPI Patroller offload can include the vehicle
inventory for multiple parking facilities, but only the reads tagged for this parking facility
are used to build the inventory.
IMPORTANT Make sure to set a Read retention period for the LPR Manager (see "General
settings" on page 573) that is long enough for the period of time you want to keep your
inventories.
• Configuration. List of sectors, rows, and space count of the parking facility. The parking
space of a parking facility is divided into sectors (or levels in the case of a parking garage)
for ease of reference. Each sector contains x number of rows, and each row contains x
number of spaces. You can configure Patroller to trigger an alarm (sound or warning
message) if the reads collected during your sweep of a row exceed the space count for that
row.

[Link] | Security Center Administrator Guide 5.2 449

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Parking facility

• Route. License plate collection route to be followed by the MLPI units responsible for
collecting the license plates for the inventory. The route is downloaded by the Patrollers and
handheld devices assigned to this parking facility.
Only one route may be defined per parking facility, but each MLPI device can start its
sweeping round at a different point in the route. The route forms a closed circuit.
New sectors and rows are added to the end of the route by default. You can change the order
of sector-rows in the route using the and buttons.

[Link] | Security Center Administrator Guide 5.2 450

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Partition

Partition
The partition entity defines a set of entities that are only visible to a
specific group of users. For example, a partition could include all doors,
elevators, and cameras in one building.
Partitions eliminate the tedious task of creating one-to-one relationships
between users and the entities they are allowed to see in the system. If a
user has no rights to a partition, that partition and everything it contains
are invisible to that user.
System: General
Task: Security – Partitions

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Defines the members (content) of the partition.

Accepted users Defines the users who can see the content of the partition.

Related topics:
• "Managing software security" on page 89
• "Defining partitions" on page 90
• "User" on page 486
• "User group" on page 493

[Link] | Security Center Administrator Guide 5.2 451

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Partition

Properties
The Properties tab allows you to view and manage partition content.

From this tab, you can do the following:

• To share this partition with other independent Security Center systems, switch Global
partition to ON. For more information, see "Configure a partition for sharing" on page 308.
• To search for an entity in the members list, use the name filter or the custom filter.
For more information, see "Searching for tasks and entities" on page 42.
• To add members to the partition, click . For more information, see "Add members to a
partition" on page 92.
• To remove the selected entities from the partition membership, click .
• To jump to the configuration page of the selected entity, click .
• To filter the members by entity type, use the Show drop-down list.

Related topics:
• "Managing global cardholders" on page 300

[Link] | Security Center Administrator Guide 5.2 452

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Partition

Accepted users
The Accepted users tab allows you to view and configure who can access the content of the
partition, and designate some of them as partition managers.

From this tab, you can do the following:

• To show only users, only user groups, or both, use the Entity type scroll-down list.
• To add accepted users to the partition, click . For more information, see "Add accepted
users to a partition" on page 92.
• To promote the selected user or user group to the status of partition manager, click the
Partition manager checkbox
NOTE All administrators are by default managers of all partitions. This is shown by the
checkbox selected but greyed out. For more information, see "Who is a partition manager?"
on page 91.
• To remove all access rights over the partition from the selected users and user groups, Click
.
• To jump to the configuration page of the selected entity, click .

[Link] | Security Center Administrator Guide 5.2 453

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Patroller

Patroller
A Patroller entity represents the in-vehicle software that runs on board a
mobile data computer (MDC). It verifies license plates captured by LPR
units mounted on the vehicle against lists of vehicles of interest and
vehicles with permits. It also collects data for time-limited parking
enforcement. The Patroller interface alerts users of license plates
matching the above rules so that immediate action can be taken.

System: AutoVu IP license plate recognition

Task: Logical view, or LPR – Units (under LPR Manager)

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Assigns an LPR Manager to this entity and configures its sectors and rows.

Custom fields Custom field values for this Patroller.

Location Time zone and geographical location of this unit.

Related topics:
• "LPR unit" on page 430

[Link] | Security Center Administrator Guide 5.2 454

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Patroller

Properties
The Properties tab displays information about the computer hosting the Patroller entity (you
cannot edit the Patroller properties). You can also configure sound management,
acknowledgment buffer settings, and a hit delay for the Patroller unit.
TIP Use the Copy configuration tool to copy these settings to another Patroller entity.

[Link] | Security Center Administrator Guide 5.2 455

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Patroller

• Properties. Lists the properties of the Patroller in-vehicle computer.

 IP address. IP address of the Patroller computer.
 Version. Version number of the Patroller application.
 Type. Patroller installation type(s).
 Serial number. Serial number of the Patroller.
 Machine name. Name of the Patroller computer.
• File association. Select how the Patroller behaves with hotlists and/or permit lists:
 Inherit from LPR Manager role. Patroller uses the hotlists and permit lists associated with
its parent LPR Manager. This is the default setting.
 Specific. Associate specific hotlists or permit lists with the Patroller unit rather than the
LPR Manager. If you later want to move the Patroller entity to another LPR Manager on
your system, the hotlist or permit list will follow.
• Sound management. Configure Patroller to play a sound when reading a plate and/or
generating a hit, and choose whether sounds should be played even when Patroller is
minimized.
 Play sound on hit. Plays a sound when Patroller generates a hit.
 Play sound on read. Plays a sound when Patroller reads a plate.
 Play sounds even when minimized. Play sounds even if the Patroller window is
minimized.
• Acknowledgment buffer. Specify a buffer restriction that limits how many hits can remain
unacknowledged (not accepted or rejected) before Patroller starts automatically rejecting all
subsequent hits. You can also choose (by priority) which hotlists should comply with this
restriction.
 Reject count. How many unacknowledged hits are allowed.
 Reject priority. When you create a hotlist entity, you can specify a priority for that hotlist.
This setting tells Patroller which hotlist(s) should comply with the buffer restriction.
• Hotlist. Specify the Duplicate hotlist hit delay that tells Patroller to disregard multiple hits
on the same plate for the duration of the delay. For example, if you set a delay of 10 minutes,
no matter how many times Patroller reads the same plate during those 10 minutes, it will
generate only one hit (assuming the plate is on a hotlist).

[Link] | Security Center Administrator Guide 5.2 456

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Permit

Permit
The Permit entity defines a single parking permit holder list. Each permit
holder is characterized by a Category (whose value is the same as the
name of the Permit entity), a license plate number, a license issuing state
(or province, or country), an optional permit validity range (effective
date and expiry date), and an optional Permit ID.

Permits are used by AutoVu Patrollers configured for either city or

university parking enforcement.

The permit entity belongs to a family of methods used by AutoVu to identify vehicles of interest,
called hit rules. Other types of hit rules include hotlist, overtime, and permit restriction. When a
plate read matches a hit rule, it is called a hit. When a read fails to match any permit loaded in
the Patroller, it generates a permit hit.
System: AutoVu IP license plate recognition
Task: LPR – Permits

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Configuring the parsing of the source permit data file for this entity.

Custom fields Custom field values for this permit.

Related topics:
• "Hotlist" on page 418
• "Patroller" on page 454
• "Overtime rule" on page 443
• "Permit restriction" on page 461

[Link] | Security Center Administrator Guide 5.2 457

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Permit

Properties
The permit Properties tab is used to configure the parsing of the source permit data file.

For more information on how to configure permits, see “Configuring permits and permit
restrictions in Security Center” in the AutoVu Handbook.

• Path. Type the path or browse to the permit text file. Every permit entity in Security Center
must be associated with a text file containing the actual permit data; that is, license plate
numbers and other related vehicle information. The associated text file is typically created
by a third party system (e.g. Notepad for .txt files, or Excel for .csv files).
The source text file can be located on the LPR Manager computer’s local drive (for example,
the C drive), or on a network drive that is accessible from the LPR Manager computer. If
you start typing a path to a network drive, the Username and Password fields appear and
you’ll need to type the username and password to access the network drive.
• Use delimiters. Tells Security Center that the fields in the permit list file are of variable
length and indicates the character used to separate each field in the file. By default, Use
delimiters is set to On, and the delimiter specified is a semi-colon (;). If your permit list file
is made up of fixed length fields, set Use delimiters to Off.
Security Center supports the following delimiters:
 Colon (:)
 Comma (,)

[Link] | Security Center Administrator Guide 5.2 458

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Permit

 Semi-colon (;)
 Tab (Tab)
If your permit list file uses Tab as a delimiter (i.e. the “Tab” key on your keyboard), type the
word “Tab” as the delimiter character.
IMPORTANT Security Center considers one Tab space to be a valid delimiter. Do not use
more than one Tab space to align columns in your file or Security Center may not be able to
parse the permit list.
• Enable editor support. Allow a user to edit the hotlist or permit list using the Hotlist and
permit editor task.
IMPORTANT Please note the following about the Hotlist and permit editor:

 A user must be granted the privilege to use the Hotlist and permit editor.
 Only the first 100,000 rows of a list are loaded into the Hotlist and permit editor.
 If an error occurs while the hotlist is being loaded, the loading process is cancelled and
an error message is displayed. However, you will not lose any of the data loaded before
the error occurred, and you can still edit the data loaded into the editor.
• Attributes. Tells Security Center the name and order of the fields (attributes) in the source
text file. You can add, delete, or edit the fields.
IMPORTANT There cannot be any spaces within an attribute name.

 Category. (Mandatory field) The name of the parking permit. This field in the permit
list’s source text file must match the permit entity name for the entry to be downloaded
to Patroller.
This field allows you to use one permit list for several permit entities on your system,
provided you create permit entities for each permit category in your permit list.
EXAMPLE Here is a simple permit list with three different permit categories (Students,
Faculty, and Maintenance).

Students;QC;DEF228;2012-01-31;2012-05-31;PermitID_1
Category field Faculty;QC;345ABG;2012-01-31;2012-07-25;PermitID_2
Maintenance;QC;244KVF;2012-01-31;2012-03-31;PermitID_3

You can use this same permit list for three different permit entities. Create a Students
permit entity, a Faculty permit entity, and a Maintenance permit entity, and then point all
of them to the same source text file. Security Center will extract the license plates (and
related information) whose category is the same as the name of the permit entity.
IMPORTANT The permit entity name must match the category name exactly.

 PlateState. (Mandatory field) Issuing state (or province, or country) of the license plate.
 PlateNumber. (Mandatory field) The license plate number.
The following fields are shown by default, but are optional.

[Link] | Security Center Administrator Guide 5.2 459

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Permit

 EffectiveDate. Date from which the particular permit on the list starts to be effective.
 ExpiryDate. Date after which the particular permit on the list is no longer valid.
 PermitID. (University Parking Enforcement only) Used when multiple entries in a permit
list share the same permit (e.g. car pool permits). Can be used to identify the number of
the permit issued to the vehicle whose license plate is identified in PlateNumber. In the
case of shared permits, normally up to four separate vehicles would all have the same
permit number.
• Add ( ) or Edit ( ) a permit attribute. Configure the following:
 Name. Only the three compulsory fields, Category, PlateState, and PlateNumber cannot
be renamed. Names may contain spaces.
 Value. The default value is interpreted differently depending on whether delimiters are
used or not.
 If delimiters are in use, the default value is written into this field. Fields already
populated will be overwritten.
 If delimiters are not in use, and if the field is empty, the default value is written into
this field. Fields already populated will not be overwritten.
 Is mandatory. A mandatory attribute cannot be blank in the source file. For example, if
you add a mandatory attribute called CarColor, the column for CarColor in the source
file must have text in it.
 Fixed length. This option is enabled only if you chose to use fixed length data fields.
Indicate the start position of the field in the file record and its length. The position of the
first character is zero (0).
 Date format. Specify a time format if the field contains a date or time value. All standard
date and time format strings used in Windows are accepted. If nothing is specified, the
default time format is “yyyy-MM-dd”.
For example, the following is what you may find in a variable field length data file using a
semicolon (;) as delimiter and using the fields: Category, PlateState, PlateNumber,
EffectiveDate, ExpiryDate, and PermitID.
MyPermit;QC;DEF228;2012-01-31;2012-05-31;PermitID_1
MyPermit;QC;345ABG;2012-01-31;2012-07-25;PermitID_2
MyPermit;QC;067MMK;2012-03-31;2012-09-11;PermitID_1
MyPermit;QC;244KVF;2012-01-31;2012-03-31;PermitID_3
 Translate. You can apply an optional transformation to the values read from the data file.
Use this feature to shorten certain values to save space on the Patroller or to enforce
spelling consistency.

[Link] | Security Center Administrator Guide 5.2 460

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Permit restriction

Permit restriction
The permit restriction entity defines where and when permit holders can
park. Different time restrictions can be applied to different permits. For
example, a permit restriction may limit the parking in zone A from
Monday to Wednesday for permit P1 holders, and from Thursday to
Sunday for permit P2 holders.

Permit restrictions are used by AutoVu Patrollers configured for

University Parking Enforcement.

The permit restriction entity is a type of hit rule. A hit rule is a method used by AutoVu to
identify vehicles of interest. Other types of hit rules include hotlist, overtime, and permit. When
a plate read matches a hit rule, it is called a hit. When a plate read matches a permit restriction,
it generates a permit hit. Additionally, a shared permit hit occurs when two plates sharing the
same permit ID are read in the same parking zone within a specific time period.
System: AutoVu IP license plate recognition
Task: LPR – Permit restrictions

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties The parking restrictions applied to this entity.

Parking lot The parking zone where this entity is enforced.

Custom fields Custom field values for this permit restriction.

Related topics:
• "Overtime rule" on page 443
• "Patroller" on page 454
• "Permit" on page 457

[Link] | Security Center Administrator Guide 5.2 461

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Permit restriction

Properties
The Properties tab is used to configure the restrictions for the individual permits that apply to
the parking zone represented by the rule.

For more information on how to configure permit restrictions, see “Configuring permits and
permit restrictions in Security Center” in the AutoVu Handbook.

• Color. Color used to represent the permit restriction in Security Desk. In Patroller, permit
restrictions are always green for regular permit hits, or blue for shared permit hits. A read is
displayed as a triangular-shaped icon in the selected color on the map, when an permit
restriction is in effect. When a read violates one of the restrictions, the icon is encircled with
a red ring. It indicates a permit hit.
• List of restrictions. Define the time restrictions for the different permits associated to a
parking zone. Each time restriction is described by the following attributes:
 Permits. Select the permits the time restriction applies to:
 Everyone. Parking is available to everyone, regardless of whether they have a permit or
not. No restriction is enforced during the specified time period.
 No permit. Only vehicles without permits can park. For example, you can use this type
of restriction to reserve a zone for visitors parking. A plate read that matches any of
the permits downloaded to the Patroller raises a hit.

[Link] | Security Center Administrator Guide 5.2 462

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Permit restriction

 All permits. Only vehicles with a permit can park. A plate read that does not match any
of the permits downloaded to the Patroller raises a hit.
 Specific permits. Only vehicles having one or more of the specified permits can park. A
plate read that does not match any of the specified permits raises a hit.
When multiple time restrictions apply at a given time, conflicts are resolved by
evaluating the restrictions in the following order: 1. Everyone, 2. No permit, 3. All permits,
4. Specific permits. Moreover, a hit is raised when a matched permit is not valid (either
not yet effective or already expired).
 Days. Days of the week when parking is allowed.
 Hours. Time during the day when parking is allowed.
 Validity. Dates when parking is allowed. Choose All year or select a specific time span
using the date picker.
NOTE The date span must be longer than one day.

[Link] | Security Center Administrator Guide 5.2 463

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Permit restriction

Parking lot
The Parking lot tab defines the parking zone where this parking rule must be enforced. The
Parking lot tab displays a Bing map, on which you can add a parking lot, define the number of
spaces in the lot, and then draw a polygon on top of the map to represent the physical parking
lot. The number of spaces in the lot is used to calculate the percentage of parking occupancy in
that area. For more information on how this information is being used, see “Zone occupancy
report” in Genetec Security Desk User Guide.
NOTE This applies only to AutoVu Patroller University Parking applications.

You can add multiple lots to a map.

[Link] | Security Center Administrator Guide 5.2 464

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Public task

Public task
The public task entity represents a saved Security Desk task that can be
shared among multiple Security Desk users. Public tasks can only be
created from Security Desk.

System: All systems

Task: Role view

Identity Name and description of this public task. Use the relationships list to manage
the visibility of this public task through partitions.

Related topics:
• “Getting started – Save a task” in Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 465

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Role

Role
The role entity corresponds to a set of functions within Security Center,
such as archiving video or managing access control units, and defines the
parameters within which these functions must be carried out.
Roles must be hosted by servers. Multiple roles can be hosted on a single
server, and multiple servers can be assigned to perform the same role,
either as a standby, or for load balancing purposes.

System: All systems

Task: System – Roles
Every role type has its particular configuration tabs. The following are the most common ones
found in roles.

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Specific properties of the role. See "Role types" on page 514.

Resources Servers and database assigned to this role.

Extensions Roles are often required to control hardware devices (units).

NOTE The Directory role is an exception. The Directory role can only be configured using Server
Admin. For more information, see "Server Admin" on page 477.

Related topics:
• "Managing servers and roles" on page 47
• "Configuring role failover" on page 61
• "Server" on page 475
• "Role types" on page 514

[Link] | Security Center Administrator Guide 5.2 466

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Schedule

Schedule
The schedule entity defines a set of time constraints that can be applied to
many situations, such as when a user is allowed to log on to the system,
when video from a surveillance camera should be recorded, or when
access should be granted to a secured area.
Each time constraint is defined by a date coverage (daily, weekly,
ordinal, or specific) and a time coverage (all day, fixed range, daytime,
and nighttime).
There are two subtypes of schedules:
• Standard schedule ( ). This type of schedule can be used in all situations. Its only
limitation is that it does not support daytime or nighttime coverage.
• Twilight schedule ( ). This type of schedule supports both daytime and nighttime
coverages, but cannot be used in all situations. Its primary function is to control video
related behaviors. Twilight schedules are not visible in contexts where they are not
applicable.
System: General
Task: System – Schedules

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Time constraints defining this schedule.

Custom fields Custom field values for this schedule.

Related topics:
• "Using schedules" on page 103
• "Resolving schedule conflicts" on page 105

[Link] | Security Center Administrator Guide 5.2 467

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Schedule

Properties
The Properties tab lets you configure the time constraints that define the schedule.

Date coverage
The date coverage defines a date pattern or specific dates to be covered by the schedule.
• Daily. Defines a pattern that repeats every day.
• Weekly. Defines a pattern that repeats every week. Each day of the week can have a different
time coverage. This option is not available for twilight schedules. For more information, see
"Weekly time range" on page 470.
• Ordinal. Defines a series of patterns that repeat on a monthly or yearly basis. Each date
pattern can have a different time coverage. For example, on July 1st every year, on the first
Sunday of every month, or on the last Friday of October every year. For more information,
see "Using the ordinal pattern" on page 472.
• Specific. Defines a list of specific dates in the future. Each date can have a different time
coverage. This option is ideal for special events that occur only once.

Time coverage
The time coverage defines which time periods apply during a 24-hour day.
• All day. Covers the entire day. This option is not available for twilight schedules.
• Range. Covers one or multiple discrete time periods within the day. For example, from
9 a.m. to 12 p.m. and from 1 p.m. to 5 p.m. This option is not available for twilight
schedules. For more information, see "Setting the time range" on page 469.
• Daytime. Covers from sunrise to sunset. This option is only available for twilight schedules.
For more information, see "Twilight coverage" on page 471.
• Nighttime. Covers from sunset to sunrise. This option is only available for twilight
schedules. For more information, see "Twilight coverage" on page 471.

[Link] | Security Center Administrator Guide 5.2 468

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Schedule

Setting the time range

Time ranges are shown as colored blocks on a time grid. Each block represents either 15
minutes or one minute, depending on the selected time resolution.
Left-click the mouse to select, and the right-click the mouse to remove a selection. To select or
remove a contiguous block of time, click and drag.

Daily time range

The following example shows a daily schedule covering the period from 6 p.m. to 6 a.m. every
day. The time grid shows a 24-hour day in blocks of 15 minutes.

To switch to high resolution mode (each block represents 1 minute), click the Eye button.

While you are in this mode, use the arrow buttons to scroll in the 24 hour time line. To switch
back, click the Eye button again.

[Link] | Security Center Administrator Guide 5.2 469

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Schedule

Weekly time range

The following example shows a weekly schedule covering a period from 9 a.m. to 5 p.m., from
Monday to Friday, with a half-hour break between 12:15 p.m. and 12:45 p.m.

The Weekly date pattern is not available for twilight schedules.

TIP You can configure something equivalent to the Weekly pattern using the Ordinal pattern. The
following example shows a schedule that covers the daytime of every Monday of the year.

[Link] | Security Center Administrator Guide 5.2 470

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Schedule

Time range for specific dates

When you use the Ordinal or Specific date pattern, the time range covers up to three days: the
day before, the current day, and the day after. The following example shows a specific schedule
covering July 1st 2011 from 9 p.m. the day before to 3 a.m. the day after.

While configuring multiple dates in the schedule (Ordinal or Specific), you can use a different
time coverage for each day covered by the schedule.

Twilight coverage
The Daytime and Nighttime options are only available for twilight schedules.
The following example shows a daily schedule using a Daytime coverage. The time coverage
starts 10 minutes after the sun rises and ends 10 minutes before the sun sets.

NOTE You can offset the sunrise and sunset times by up to 3 hours, in both directions.

[Link] | Security Center Administrator Guide 5.2 471

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Schedule

Using the ordinal pattern

The Ordinal date pattern allows you to configure time coverages that repeat on specific days of
a month or a year. You can define as many dates as necessary within a single schedule entity.

[Link] | Security Center Administrator Guide 5.2 472

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Scheduled task

Scheduled task
The scheduled task entity defines a command (or action) in Security
Center that must be executed automatically, at a specific time, or
repetitively on a recurring schedule.

System: General
Task: System – Scheduled tasks

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Details about the scheduled task, recurrence pattern and action to be executed.

Related topics:
• "Using scheduled tasks" on page 109
• "Using event-to-actions" on page 106

[Link] | Security Center Administrator Guide 5.2 473

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Scheduled task

Properties
The Properties tab is where you configure the scheduled task’s behavior.

The schedule task properties are:

• Status. Allows you to turn the scheduled task on or off.
• Recurrence.
 Once. Executed once at a specific date and time.
 Every minute. Executed every minute.
 Hourly. Executed at a specific minute of every hour.
 Daily. Executed at a specific time every day.
 Weekly. Executed at a specific time on selected days of the week.
 On startup. Executed on system startup.
 Interval. Executed at regular intervals that can be days, hours, minutes, or seconds.
• Action. Action to be executed on schedule. For more information, see "Action types" on
page 767.

[Link] | Security Center Administrator Guide 5.2 474

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

Server
The server entity represents a generic computing resource capable of
taking on any role (group of functions) you assign it. Server entities are
not created manually on the system.
Instead, Security Center automatically creates a server entity when the
Security Center Server software (Genetec Server service) is installed on a
machine, and that machine is connected to the main server of your
system (the server hosting the Directory role).
System: General
Task: Network view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Public address and port of the server.

Server Admin Embedded browser to access to the Web Server Admin page.

Related topics:
• "Managing servers and roles" on page 47
• "Configuring role failover" on page 61
• "Managing the Network view" on page 82
• "Network" on page 438
• "Role" on page 466

[Link] | Security Center Administrator Guide 5.2 475

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

Properties
The Properties tab shows the server’s private IP addresses, and allows you to specify a public
address and a port number. These last two settings are necessary only if the server acts as the
proxy server for a private network.

Servers with multiple network interface cards

If your server is equipped with more than one network interface card (NIC), all private IP
addresses corresponding to the NICs are listed.
IMPORTANT Make sure the first address found in the server’s private address list matches the
IPv4 properties of the network entity the server belongs to.

For more information, see Network – "Properties" on page 439.

[Link] | Security Center Administrator Guide 5.2 476

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

Server Admin
The Server Admin tab lets you log on to the Server Admin Web page of the server. It also allows
you to view and change the configuration of the server. For more information, see "Managing
servers" on page 48.

The Server Admin page contains one or two tabs:

• Directory. Settings pertaining to the configuration of the Directory role. This tab is only
present on the main server. For more information, see "Directory tab" on page 477.
• Genetec Server. Local settings pertaining to configuration of the Genetec Server service.
For more information, see "Genetec Server tab" on page 480.
NOTE Depending on whether you are viewing Server Admin from the Config Tool or from a
Web browser, the options are not exactly the same, because Config Tool needs to stay connected
to the Directory. For all purposes, the Web browser (Internet Explorer) is a better way to connect
to Server Admin.

Directory tab
The Directory tab is only available on the main server hosting the Directory role.

[Link] | Security Center Administrator Guide 5.2 477

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

Directory status
Shows the status of the Directory role. Allows you to start, stop, and restart the Directory.

Database
Configuration of the Directory database. The Directory database contains all system and entity
configurations, the incident reports, and the alarm history.

The management of the Directory database is similar to the management of any role database.
For more information, see "Managing databases" on page 52.
NOTE If you are accessing Server Admin from Config Tool, you won’t have access to the database
commands such as create and delete database, resolve conflicts, and restore database, because
you cannot change the Directory database while being connected to it.
IMPORTANT When database failover is enabled, you must manually perform a full backup every
time you make a change to the Directory database from Server Admin. For more information,
see "Configure database failover through backup and restore" on page 72.

NOTE The Show actions progress ( ) button does the same thing the Database actions
monitoring dialog box found in the Config Tool’s Home page, Tools view.

[Link] | Security Center Administrator Guide 5.2 478

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

License
Security Center license status and information.

Click License information to display your license options or to modify your license. For more
information, see "License options" on page 777.

General properties
General properties of the Directory.

• Secure communication. Select this option to encrypt all communications between the
Directory role and all client applications (Config Tool and Security Desk) on the system.
• Incoming connection port. Port used by client applications such as Security Desk and
Config Tool to log on to your system.
If you decide to change its default value (5500), the next time a user tries to log on to your
system, they will have to add the port number to Directory name in the Logon dialog box,
separated by a colon “:”.
• Keep incidents. Specify how long the incident reports are kept in the Directory database.
• Keep audit trails. Specify how long the entity configuration history is kept in the Directory
database.

[Link] | Security Center Administrator Guide 5.2 479

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

• Keep alarms. Specify how long the alarm history is kept in the Directory database.

Genetec Server tab

The Genetec Server tab is available on all servers, with only minor differences between the main
server and the expansion servers.

Authentication
Use this section to change the password and HTTP port used to log on to the Server Admin on
this server. These parameters correspond respectively to the Server password and the Web server
port specified during Genetec Security Center Server installation.

If you decide to change the HTTP port from its default value (80), the next time someone needs
to log on to this Server Admin from a Web browser, they will have to specify the port number
in the URL as follows:
“[Link] instead of “[Link]
Select the Local machine only option to accept logon requests only when they come from the
local machine.

Network
Use this section to configure the network card and the TPC listening port used by Genetec
Server.

Select Use IPv6 if your network supports it. IPv6 is only supported for video streaming.
The Listening TCP port is used by Genetec Server to listen to commands received from the main
server.

[Link] | Security Center Administrator Guide 5.2 480

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

Main server connection

This section is only found on the Genetec Server tab of expansion servers. Use this section to
configure the connection parameters to the main server.

Enter the DNS name or the IP address of the main server, and the password required to connect
to the main server. The password must match the password configured in the Authentication
section of the main server.

Console
Use this section to enable/disable the debug console used by technical support engineers.

Specify a password to prevent anyone from accessing the console if necessary.

SMTP
Use this section to configure the SMTP server responsible to handle email messages in Security
Center.

• Mail server. DNS name or IP address of your SMTP mail server.

• SMTP server port. The server port is usually 25, though your mail server might use a
different port.
• “From” email address. Email address shown as the sender of the email.

[Link] | Security Center Administrator Guide 5.2 481

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

Watchdog
Use this section to configure the Genetec Watchdog service. The role of the Watchdog is to
ensure that the Genetec Server service is always running.

The Watchdog can be configured to send email notifications to a list of recipients for the
following types of events: Error, Warning, and Information.

Activate Directory button

The Activate Directory button is only found on expansion servers. It allows you to convert the
expansion server to the main server (the one hosting the Directory role).

WARNING This operation restarts Genetec Server. The next time you log on to Server Admin,
you’ll have to use a Web Browser by entering “[Link] in the address bar, where
machine is the DNS name or the IP address of your server. Using the Config Tool will no longer
work.
You will also have to activate the software license on this newly converted main server. For more
information, see the Security Center Installation and Upgrade Guide.
If you have other expansion servers on the system, you will need to reconfigure them to connect
to this one. See also "Deactivate Directory button" on page 483.

[Link] | Security Center Administrator Guide 5.2 482

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Server

Deactivate Directory button

This button is only found on the main server (the one hosting the Directory role). It allows you
to convert the main server to an expansion server.
NOTE You cannot deactivate the Directory from the Config Tool.

WARNING This operation restarts Genetec Server. You will have to log on again to Server
Admin, and connect this expansion server to a main server. You’ll have to use a Web Browser, by
entering “[Link] in the address bar, where machine is the DNS name or the IP
address of your server. Using the Config Tool will no longer work. See also "Activate Directory
button" on page 482.

Related topics:
• "Convert a main server to an expansion server" on page 49

[Link] | Security Center Administrator Guide 5.2 483

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Tile plugin

Tile plugin
The tile plugin entity represents either a Web site ( ) or an interactive
.dll or .xaml file ( ) that contains a map or floor plan.
There are no default map files included with Security Center for tile
plugins. Map files must be created using Genetec Plan Manager, or
provided through an SDK developed by Genetec’s Custom Development
Solutions team or a third party.
For information about Plan Manager, see the Plan Manager User Guide,
available from the GTAP Documents page. For information about Genetec’c Custom
Development Solutions team, contact your sales representative.
When a tile plugin is displayed in Security Desk, you can view and interact with the Web site or
map file, such as viewing live video from cameras, changing the lock state of doors, and so on.
When a tile plugin is attached to (is a member of) an area entity, it is automatically displayed in
Security Desk instead of the area icon when the area is dragged to a tile.
System: General
Task: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Links the tile plugin to a Web page or a .dll file.

Custom fields Custom field values for this tile plugin.

Related topics:
• "Area" on page 364
• "Macro" on page 433

[Link] | Security Center Administrator Guide 5.2 484

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Tile plugin

Properties
The Properties tab lets you link the tile plugin entity to a Web site or a .dll file. For more
information, see "Create a tile plugin that links to a Web site" on page 165 or "Create a tile plugin
that links to a map file" on page 165.

[Link] | Security Center Administrator Guide 5.2 485

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User

User
The user entity identifies a person who can use Security Center
applications and defines the rights and privileges that person has on the
system. Each user is assigned a username and a password, which are that
person’s credentials to log on to the system.
While the user privileges limit the range of activities a user can perform
on the system, the partitions limit the range of entities the user can
exercise his/her privileges on.
A user can be a member of one or more user groups. Users can inherit the privileges and the
access rights from their parent user groups.
System: General
Task: Security – Users

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties User’s general profile.

Workspace User’s default Security Desk workspace configuration.

Security User’s security profile.

Privileges User’s privileges.

Custom fields Custom field values for this user.

Related topics:
• "Defining users" on page 93
• "Importing users from an Active Directory" on page 102
• "Partition" on page 451
• "User group" on page 493
• "User privileges" on page 700

[Link] | Security Center Administrator Guide 5.2 486

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User

Properties
The Properties tab lets you configure the user’s general profile.

First name, last name, email address

The personal information of the user can be imported from your company’s directory service.
TIP The email address can be used to send emails or to email reports to the user via Send an email
and Email a report actions.

User status
Use this switch to activate or deactivate the user profile. A user cannot log on when their profile
is deactivated. Deactivating a user’s profile while the user is logged on will immediately log off
the user.

Password
Administrators and users that have the Change own password user privilege can change their
password.

[Link] | Security Center Administrator Guide 5.2 487

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User

Password expiration
You can configure a user’s password to expire after a certain number of days. The system
automatically warns users whose password is expiring soon, and gives them a chance to set a new
password immediately. You can set the password expiry notification period to between 0 and 30
days.

If you see that your password is going to expire soon, but do not have the Change own password
user privilege, contact your administrator so they can change your password.

Password change required

You can configure Patroller and/or Security Desk to require a password change the next time the
user tries to log on. Users must have the proper privilege to change their own passwords.

Limit concurrent logons

You can limit the number of different workstations a user can log on at the same time. This limit
only applies to Security Desk. Config Tool is not restricted by this setting.

User logon schedule

You can restrict the user logon according to schedules. A schedule can either be used to allow
user logon or to block user logon.
When multiple schedules are being used, the schedule conflict rules apply. When two schedules
with the same priority level overlap, the blocking schedule has priority over the allowing
schedule.

Related topics:
• "Resolving schedule conflicts" on page 105
• "Using event-to-actions" on page 106

[Link] | Security Center Administrator Guide 5.2 488

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User

Workspace
The Workspace tab lets you configure the user’s Security Desk workspace.

List of active tasks

This list shows the tasks found in the user’s active task list. Users can save their task list using the
Save workspace (Ctrl+Shift+S) command found in the Security Desk command menu.

Hot actions
This list shows the hot actions mapped to the PC keyboard function keys (Ctrl+F1 through
Ctrl+F12) when this user is logged on to Security Center via Security Desk.
The user configures his hot actions via the Monitoring task. For more information, see
“Working with hot actions and alarms” in the Security Desk User Guide.

Additional settings
Turn on the switch Automatically start task cycling on logon so the next time the user logs on via
Security Desk, task cycling will start automatically.
TIP To prevent users from stopping the task cycling once the Security Desk is open, deny them
the Start/stop task cycling privilege. There are many more privileges that are designed to help the
users focus on their tasks.

[Link] | Security Center Administrator Guide 5.2 489

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User

Security
The Security tab lets you configure the user’s security profile.

User level
User levels affect three things in Security Center:
• They determine which user has priority over the PTZ controls of a camera when two or
more users are trying to take control of the same camera at the same time.
Priority is always given to the highest level user (1=highest). If two competing users have
the same user level, it is decided on a first come first served basis.
Once a user gains control over a PTZ camera, it is locked by that user. This means no other
users can take control of that camera unless they have a higher user level. The control over
the PTZ camera is automatically relinquished after 5 seconds of inactivity.
• They determine which users are logged out of the system when a threat level is set. For
example, if you configure a threat level to trigger the Set minimum user level action, when
the threat level is set, users with a lower user level than the one you specified are logged out.
For more information about configuring threat levels, see "Managing threat levels" on
page 117.
• They determine which users can continue viewing a video stream when a camera is blocked
in Security Desk. When you block a camera, users that have a lower user level than the one
you specified can no longer view the video stream.

[Link] | Security Center Administrator Guide 5.2 490

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User

For more information about blocking cameras, see “Blocking/unblocking cameras” in the
Security Desk User Guide.
Level 1 is the highest user level, with the most privileges. The user level can be inherited from a
parent user group. If the user has multiple parents, the highest user level will be inherited. If the
user has no parent, the lowest user level (254) will be inherited.

Archive viewing limitation

This parameter serves to restrict the user's ability to view archived video to the last n days.
This limitation can be inherited from a parent user group. If the user has multiple parents, the
most restrictive limitation will be inherited. If the user has no parent, no restriction will be
imposed.

Remotely control
This section lists the Security Desk workstations that this user is allowed to control remotely in
order to display entities. This list applies to both the Security Desk workstations you can connect
to and control using the Remote task in Security Desk, and the Security Desk monitors that you
can control using a CCTV keyboard.
NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed
in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security
Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want
to display. The Security Desk workstation monitors available on your system are listed in the
Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For
each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.
You can specify which workstation can be controlled using one of following methods:
• User. Any Security Desk workstation where that user is logged on can be remotely
controlled.
• User group. Any Security Desk workstation where a member of that user group is logged
on can be remotely controlled.
• Application. The specified workstation (COMPUTER - SecurityDesk) can be remotely
controlled, regardless of who is logged on.
For more information, see “Remote monitoring” and “Connecting to remote Security Desks” in
the Security Desk User Guide.

Logon supervisor of
This section lists the users whose logons are supervised by this current user. This means that
when a user in this list needs to log on to the system, the current user must also provide his/her
username and password in order to complete the logon.
A user can have more than one logon supervisor. For more information, see “Connecting to
Security Center – Log on with supervision” in the Genetec Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 491

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User

Privileges
The Privileges tab lets you view and configure the user’s privileges.

Set of privileges
Use this drop-down list to select the set of privileges to view and edit. A user can have many sets
of privileges. Each user has the Basic privileges set, plus one for every partition he/she is an
accepted user of. Regarding access to entities contained in that partition, partition privileges
supercede basic privileges.

[Link] | Security Center Administrator Guide 5.2 492

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User group

User group
The user group entity describes a group of Security Center users who
share common properties and privileges.
By becoming a member of a user group, a user automatically inherits all
the properties of that group. This approach simplifies the configuration
of users on large systems.
A user can be a member of multiple user groups. User groups can also be
nested.
System: General
Task: Security – User groups

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties User group’s common email address and members.

Security User group’s security attributes than can be inherited by its members.

Privileges Privileges that can be inherited by the group members.

Custom fields Custom field values for this user group.

Related topics:
• "Defining user groups" on page 96
• "Partition" on page 451
• "User" on page 486
• "User privileges" on page 700

[Link] | Security Center Administrator Guide 5.2 493

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User group

Properties
The Properties tab lets you view and configure the members of the user group.

Email address
The email address you set for a user group should be a group address that is used by all members
of the group. This information can be imported from your company’s directory service.

Members
List of user group members. The members inherit by default the rights to partitions and the
privileges of the user group. The email address can be used to send emails or to email reports to
users via Send an email and Email a report actions.

Related topics:
• "Importing users from an Active Directory" on page 102

[Link] | Security Center Administrator Guide 5.2 494

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User group

Security
The Security tab lets you configure common security attributes for the group members.

Security attributes can be inherited by the members of the user group, and can themselves be
inherited from other user groups.

User level
User levels affect three things in Security Center:
• They determine which user has priority over the PTZ controls of a camera when two or
more users are trying to take control of the same camera at the same time.
Priority is always given to the highest level user (1=highest). If two competing users have
the same user level, it is decided on a first come first served basis.
Once a user gains control over a PTZ camera, it is locked by that user. This means no other
users can take control of that camera unless they have a higher user level. The control over
the PTZ camera is automatically relinquished after 5 seconds of inactivity.
• They determine which users are logged out of the system when a threat level is set. For
example, if you configure a threat level to trigger the Set minimum user level action, when
the threat level is set, users with a lower user level than the one you specified are logged out.
For more information about configuring threat levels, see "Managing threat levels" on
page 117.

[Link] | Security Center Administrator Guide 5.2 495

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User group

• They determine which users can continue viewing a video stream when a camera is blocked
in Security Desk. When you block a camera, users that have a lower user level than the one
you specified can no longer view the video stream.
For more information about blocking cameras, see “Blocking/unblocking cameras” in the
Security Desk User Guide.
Level 1 is the highest user level, with the most privileges. The user level can be inherited from a
parent user group. If the user group has multiple parents, the highest user level will be inherited.
If the user group has no parent, the lowest user level (254) will be inherited.

Archive viewing limitation

This parameter serves to restrict this user group members’ ability to view archived video to the
last n days.

Remotely control
This section lists the Security Desk workstations that the members of this user group are allowed
to control remotely in order to display entities. This list applies to both the Security Desk
workstations you can connect to and control using the Remote task in Security Desk, and the
Security Desk monitors that you can control using a CCTV keyboard.
NOTE Every monitor controlled by the Security Desk is assigned a unique monitor ID (displayed
in the notification tray). Using a CCTV keyboard, you can display an entity on a remote Security
Desk workstation by specifying its monitor ID, tile ID, and the logical ID of the entity you want
to display. The Security Desk workstation monitors available on your system are listed in the
Logical ID tab of the System entity. Select Monitors from the drop-down list to see them all. For
each Security Desk workstation, the first monitor is called A, the second monitor B, and so on.
You can specify which workstation can be controlled using one of following methods:
• User. Any Security Desk workstation where that user is logged on can be remotely
controlled.
• User group. Any Security Desk workstation where a member of that user group is logged
on can be remotely controlled.
• Application. The specified workstation (COMPUTER - SecurityDesk) can be remotely
controlled, regardless of who is logged on.
For more information, see “Remote monitoring” and “Connecting to remote Security Desks” in
the Security Desk User Guide.

Logon supervisor of
This section lists the users whose logons are supervised by the members of this user group. This
means that when users from this list need to log on to the system, any member of this user group
can help them complete their logon.

[Link] | Security Center Administrator Guide 5.2 496

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 User group

Privileges
The Privileges tab lets you view and configure the user group’s privileges.

The privileges of a user group are inherited by its members, and can themselves be inherited
from other user groups.

Set of privileges
Use this drop-down list to select the set of privileges to view and edit. A user group might have
many sets of privileges. Every one has the Basic privileges set, plus one for every partition the
group is an accepted user of. Regarding access to entities contained in that partition, partition
privileges supercede basic privileges.

[Link] | Security Center Administrator Guide 5.2 497

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video unit

Video unit
The video unit entity represents a video encoding or decoding device
capable of communicating over an IP network, and incorporating either
video encoders or video decoders. They come in a wide variety of brands
and models. Some support audio, and others support wireless
communication. The high-end encoding models come with their own
recording and video analytics capabilities.
Video units are created manually or automatically by the Archiver if the
unit supports automatic discovery.
System: Omnicast IP video surveillance
Task: Video – Units

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Information required by the Archiver to connect to this video unit and other
data transmission properties.
Peripherals List of all peripheral devices found on the unit that you can configure.

Custom fields Custom field values for this video unit.

Location Time zone and geographical location of this video unit.

Related topics:
• "Adding video units to your system" on page 194
• "Camera (video encoder)" on page 372
• "Archiver" on page 525

[Link] | Security Center Administrator Guide 5.2 498

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video unit

Identity
The Identity tab of a video unit entity includes an additional section on hardware-specific
information.
a

Standard information
The top section of the video unit’s Identity tab is the same as that of all entities. For more
information, see "Identity" on page 336.

Specific information
The bottom section of the Identity tab displays hardware specific information, such as the
manufacturer, model, firmware version, and whether audio or SSL (Secure Socket Layer
protocol) are supported.

[Link] | Security Center Administrator Guide 5.2 499

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video unit

Upgrade the unit firmware

You can upgrade the firmware on your video unit directly from Config Tool.
• Click Upgrade, and from the file browser, select the firmware file (bin) to apply.

Properties
The Properties tab lets you configure the information required by the Archiver to connect to this
unit and other data transmission properties. These settings vary from one manufacturer to
another. Additional options might be available, depending on the unit type. The sample screen
shot below is that of an Axis 210A unit.

IP address
• Obtain network settings dynamically (DHCP). Select this option to have the IP address
assigned dynamically by your DHCP (Dynamic Host Configuration Protocol) server.
NOTE Do not use this option unless your DHCP server is configured to always assign the
same IP address to the same device.

[Link] | Security Center Administrator Guide 5.2 500

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video unit

• Specific settings. Select this option to enter a fixed address. This is the IP address you
entered when you initially created the video unit entity. You need to enter the following
fields:
 Local IP. Fixed IP address.
 Subnet mask. The subnet mask tells the unit which peripherals it can communicate with
directly. Anything that does not belong to the same subnet must go through the Gateway.
 Gateway. IP address of the gateway. It must be on the same subnet as the unit.

Command port
The command port is the port used by the Archiver to connect to the video unit. The command
port is sometimes called the HTTP port by some manufacturers.

Discovery port
The discovery port is used for automatic discovery (see "What is automatic discovery?" on
page 196). Not all manufacturers supports this feature.
On Verint units, both the command port and discovery port are replaced by a single port called
the VSIP port.

Authentication
Credentials used by the Archiver to connect to the video unit.
• Default login. Select this option for the Archiver to use the credentials defined in the unit
manufacturer’s extension.
• Specific. Select this option for the Archiver to use specific credentials to connect to this
unit. The fields you need to fill in depend on the unit’s manufacturer.

Use secure communication

Enable this option to use HTTPS communication instead of HTTP (default).

Bit rate
Use this option to limit the maximum bit rate allowed for this unit. Setting a limit to the bit rate
helps prevent one unit from using up all the bandwidth available on the network.

Enable UPnP
Enable this option to use the UPnP (Universal Plug and Play) protocol. Disable UPnP if you do
not want the unit to be discovered by other Windows applications. This option is disabled by
default.

[Link] | Security Center Administrator Guide 5.2 501

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video unit

Peripherals
The Peripherals tab lists all peripherals devices (input/output pins, audio encoder/decoder)
found on the unit that are not explicitly shown as entities, such as the either video encoders or
video decoders.

Logical ID and Description

To every peripheral device found on a video unit, you can assign:
• Name. Logical name. It is the same as the Physical name by default.
• Logical ID. Logical identifier.
• Description. Description of the device.
To change the settings of a peripheral device:
• Select a peripheral from the list and click Edit the item ( ).

Output pin settings

For the output pin, you can also configure the default mode.
• Normally open
• Normally closed

[Link] | Security Center Administrator Guide 5.2 502

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video unit

Speaker properties
You can change the default settings of the speaker (audio decoder device).

The speaker settings are as follows:

• Volume. Desired volume level (0 to mute, 100 equals maximum volume).
• UPD port. Port number used when the connection type is unicast UDP.
• Connection type. Connection type that should be used between the unit and the Archiver
for this audio decoder.

[Link] | Security Center Administrator Guide 5.2 503

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video unit

Microphone properties
You can change the default settings of the microphone (audio encoder device).

The microphone settings are as follows:

• Data format. Audio compression format.
• Input type. Type of input source.
 Line in. Used for pre-amplified source.
 Mic in. Use this if the microphone is directly connected to the unit. In this case, the
signal is amplified by the hardware.
 Internal. Use microphones integrated to the unit.
• Sensitivity. Desired amplification level (default=68). The lower the level, the less sensitive
the microphone is to ambient noise, but the recording level will also be lower.
• UPD port. Port number used when the connection type is unicast UDP.
• Connection type. Connection type that should be used between the unit and the Archiver
for this audio encoder.
• Multicast address. The multicast address and port number are assigned automatically by
the system when the video unit is discovered. Each audio encoder is assigned a different
multicast address with a fixed port number. This is the most efficient configuration.

[Link] | Security Center Administrator Guide 5.2 504

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video unit

Normally, you do not need to be concerned with the multicast addresses. However, if you
are short of multicast addresses (certain switches are limited to 128), you can use the same
multicast address on multiple encoders, and assign a different port number to each. This
solution is less efficient than using a different address for each encoder because it will cause
more traffic than necessary on the network.
All multicast addresses must be between the range [Link] and [Link]. For these
changes to take effect, you must restart the unit. To do so, select the unit in the Roles view
task, and click the Reboot ( ) button in the Contextual commands toolbar.

[Link] | Security Center Administrator Guide 5.2 505

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone (hardware)

Zone (hardware)
The zone entity monitors a set of inputs to trigger events based on their
combined states. These events can be used to control output relays (see
IO linking) or trigger other actions (see event-to-action).
A zone can be armed (triggers activated), or disarmed (triggers
deactivated) using a key switch, a software command, or on a schedule.
A hardware zone (called zone in Synergis 2 and Security Center 3 and 4)
is a subtype of the zone entity where the IO linking is done by hardware.
A hardware zone is controlled by a single access control unit and only works in mixed and
offline mode. A hardware zone cannot be armed or disarmed from Security Desk.
System: Synergis IP access control
Task: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Input pins defining this zone and how they are evaluated. For a hardware
zone, all input pins must be from the same access control unit.
Arming Arming source used for this zone and arming behavior configuration. A
hardware zone can only be armed via a key switch or on schedule.
Cameras Cameras used to monitor this zone in Security Desk.

Custom fields Custom field values for this zone.

Related topics:
• "Managing zones" on page 160
• "Access control unit" on page 341
• "Access Manager" on page 515
• "Zone (virtual)" on page 510

[Link] | Security Center Administrator Guide 5.2 506

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone (hardware)

Properties
The Properties tab lets you configure the input pins that define this zone and how they are
evaluated.

Access control unit

A hardware zone must be controlled by a single access control unit. All input pins and output
relays configured for this zone must belong to the same unit.

Combining the inputs to evaluate the zone state

The purpose of a zone is to trigger specific events based on the combined state of the individually
selected inputs. The possible input states are as follows:
• Normal (interpreted as 0)
• Active (interpreted as 1)
• Trouble
You evaluate the zone state by applying the AND or OR logical operator on the selected inputs.
The zone is considered to be in the Trouble state when one of the selected input is in the Trouble
state. The Trouble state supersedes any other state.

[Link] | Security Center Administrator Guide 5.2 507

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone (hardware)

CAUTION Certain types of input, such as Door Monitor on an HID VertX unit, can only be used
for their designated purpose. Other inputs, such as AC Fail and Bat Fail, must be configured for
general purpose before they can be used for IO linking. If you use a specific purpose input as
general purpose, your configuration will not work. For more information, see "Properties (HID)"
on page 344.

Associated events
Use this section to associate each zone state to an event of your choice. Select None if a zone state
should be ignored. These events are only triggered when the zone is armed.

Reactivation threshold
Set the time period during which the same event should not be re-triggered.

Arming
The Arming tab lets you configure the arming source of your zone and its arming behavior.

[Link] | Security Center Administrator Guide 5.2 508

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone (hardware)

Arming source
A hardware zone can only be armed using a key switch or on a schedule.
NOTE You cannot arm or disarm a hardware zone in Security Desk, or by using a software
command (event-to-action).

To configure arming via a key switch:

Before you begin: The input pin must belong to the access control unit selected in the
Properties tab for this to work.
• Slide the Arming source to the Input pin position and select the input that is wired to the
key switch.

To configure arming on schedule:

Before you begin: A schedule corresponding to the period when the zone should be armed
must be defined in your system.
• Slide the Arming source to the Schedule position and select the desired schedule.

Delays
You can configure optional delays that give you time to leave the premises after arming the zone,
and time to disarm the zone after tripping a sensor.
• Arming delay. Turn on this option to set a delay before the event triggers become active
after arming the system.
• Entry delay. Turn on this option to set a delay before triggering the events when an sensor
is tripped. This option allows you to disarm the zone before triggering the output relays.

Countdown buzzer
You can optionally assign an output relay to activate a countdown buzzer to match the arming
delay. This option is not available when the arming is done on schedule.
NOTE For this feature to work, the output relay must belong to the access control unit selected
in the Properties tab.

[Link] | Security Center Administrator Guide 5.2 509

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone (virtual)

Zone (virtual)
The zone entity monitors a set of inputs to trigger events based on their
combined states. These events can be used to control output relays (see
IO linking) or trigger other actions (see event-to-action).
A zone can be armed (triggers activated), or disarmed (triggers
deactivated) using a key switch, a software command, or on a schedule.
A virtual zone is a subtype of the zone entity where the IO linking is done
by software. A virtual zone is controlled by the Zone Manager and only
works online. It can be armed and disarmed from Security Desk.
System: General
Task: Logical view

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties Input pins defining this zone and how they are evaluated. For a virtual zone,
the inputs and outputs from different units of different types can be used for
IO linking.
Arming Automatic arming schedules. A virtual zone can be armed and disarmed via
Security Desk or via event-to-action. An explicit arm or disarm command
always takes precedence over the arming schedule.
Cameras Cameras used to monitor this zone in Security Desk.

Custom fields Custom field values for this zone.

Related topics:
• "Managing zones" on page 160
• "Zone (hardware)" on page 506
• "Zone Manager" on page 614

[Link] | Security Center Administrator Guide 5.2 510

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone (virtual)

Properties
The Properties tab lets you configure the input pins that define this zone and how they are
evaluated.

Zone Manager
A virtual zone must be controlled by a Zone Manager role. Because a virtual zone is software
controlled, it works only in online mode. For more information, see "Zone Manager" on
page 614.

Combining the inputs to evaluate the zone state

The purpose of a zone is to trigger specific events based on the combined state of the individually
selected inputs. The input pins can belong to different units of different types. The possible input
states are as follows:
• Normal (interpreted as 0)
• Active (interpreted as 1)
• Trouble (only if the selected unit models support this feature)
You evaluate the zone state by applying the AND or OR logical operator on the selected inputs.
The zone is considered to be in the Trouble state when one of the selected input is in the Trouble
state. The Trouble state supersedes any other state.

[Link] | Security Center Administrator Guide 5.2 511

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone (virtual)

Associated events
Use this section to associate each zone state to an event of your choice. Select None if a zone state
should be ignored. These events are only triggered when the zone is armed.

Reactivation threshold
Set the time period during which the same event should not be re-triggered.

Arming
The Arming tab lets you configure the arming source of your zone and its arming behavior.

Arming source
A virtual zone can be armed at any time by a Security Desk operator, or by the Arm zone action.
Arming schedules are optional and are only necessary if you want the zone to be armed
automatically at a certain time. An armed virtual zone can be disarmed at any time by a Security
Desk user, or by the Disarm zone action triggered by an event.

Delays
You can configure optional delays that give you time to leave the premises after arming the zone,
and time to disarm the zone after tripping a sensor.

[Link] | Security Center Administrator Guide 5.2 512

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone (virtual)

• Arming delay. Turn on this option to set a delay before the event triggers become active
after arming the system.
• Entry delay. Turn on this option to set a delay before triggering the events when an sensor
is tripped. This option allows you to disarm the zone before triggering the output relays.

[Link] | Security Center Administrator Guide 5.2 513

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 14
Role types
This section lists all Security Center role types in alphabetical order. Each role type is covered
with a general description of its purpose and usage. The sub-sections describe each role type’s
configuration tabs and the settings they contain.
This section includes the following topics:
• "Access Manager" on page 515
• "Active Directory" on page 520
• "Archiver" on page 525
• "Auxiliary Archiver" on page 547
• "Directory" on page 555
• "Directory Manager" on page 556
• "Global Cardholder Synchronizer" on page 561
• "Health Monitor" on page 564
• "Intrusion Manager" on page 567
• "LPR Manager" on page 571
• "Media Router" on page 591
• "Omnicast Federation" on page 596
• "Plugin" on page 600
• "Point of Sale" on page 601
• "Report Manager" on page 605
• "Security Center Federation" on page 607
• "Web-based SDK" on page 611
• "Zone Manager" on page 614

[Link] | Security Center Administrator Guide 5.2 514

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access Manager

Access Manager
The Access Manager role manages and monitors access control units on
the system. The role validates all access activities when the units are
online. Upon receiving a request from a unit, the Access Manager checks
the access rules and schedules to decide whether the door or elevator
floor can be accessed. It then sends a command to the controller to
unlock the door or enable an elevator floor button. It also logs the access
control events in the database for access control investigation and
maintenance reports.
Multiple instances of this role can be created on the system.
System: Synergis IP access control
Task: Access control – Roles and units, or System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Database retention period for access control events.

Extensions Manufacturer specific settings for connecting to access control units that this
Access Manager should communicate with.
Resources Servers and database configuration for this role.

Related topics:
• "Configuring the Access Manager role" on page 263
• "Access control unit" on page 341
• "Door" on page 408
• "Elevator" on page 414
• "Zone (hardware)" on page 506

[Link] | Security Center Administrator Guide 5.2 515

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access Manager

Properties
The Properties tab lets you configure the retention period of the access control events in the
database.

Keep events
Access control events are logged by the Access Manager for access control related activity and
maintenance reports. You can decide for how long you want to keep them before they are
purged from the Access Manager database.

Related topics:
• "Finding out who is granted access to doors and elevators" on page 328

[Link] | Security Center Administrator Guide 5.2 516

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access Manager

Extensions
The Extensions tab allows you to configure the manufacturer-specific settings for connecting to
access control units that this role should communicate with.

Security Center supports two types of access control units:

• Genetec SMC. For Synergis Master Controller (SMC) units. You also need to add at least
one discovery port (default=2000) to the extension. The discovery port configured for the
extension must match the value configured on the SMC units. For more information, see
the Synergis Master Controller Configuration Guide.
• HID VertX. For all HID controllers, including the legacy VertX models (V1000 and
V2000), the VertX EVO, and the Edge EVO controllers. For the complete list of supported
controller units and firmware, see “Supported HID units” in the Security Center Release
Notes.

Advanced settings
The advanced settings are reserved for use by Genetec’s Technical Assistance Center. Please do
not be concerned with these settings.

[Link] | Security Center Administrator Guide 5.2 517

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access Manager

Resources
The Resources tab allows you to configure the servers and database assigned to this role.

Servers
All server management principles are the same for the Access Manager role as with any other
role. For more information, see "Managing servers and roles" on page 47.

Database
All database management principles are the same for the Access Manager role as with any other
role. For more information, see "Managing databases" on page 52.

[Link] | Security Center Administrator Guide 5.2 518

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access Manager

Resolve conflicts for Access Manager roles

If you generated a conflict resolution file (Conflict_Manifest.data) after importing cardholders
and cardholder groups from an Active Directory, you need to apply these conflict resolution
decisions to your Access Manager database.
1 Click Resolve conflicts ( ) found in the Database section.
The following dialog box appears.

2 Enter the path to the conflict resolution file using the browse button.
3 Click Resolve conflicts.
You’ll be prompted to create a safety backup before updating your database.
4 Click Backup.
5 The backup and the conflict resolution updates will be performed in a single step.

6 Click Close.

[Link] | Security Center Administrator Guide 5.2 519

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Active Directory

Active Directory
The Active Directory role imports users, user groups, cardholders, and
cardholder groups from your corporate directory service (Windows
Active Directory), and keeps them synchronized.
Multiple instances of this role can be created on the system.

System: General, Synergis (if cardholder groups are to be imported)

Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Connection parameters to the Windows Active Directory and list of security
groups to be imported as Security Center entities.
Links Mapping between AD fields and Security Center custom fields.

Resources Servers and failover configuration for this role.

Related topics:
• "Integrating with Windows Active Directory" on page 140
• "Cardholder" on page 399
• "Cardholder group" on page 402
• "User" on page 486
• "User group" on page 493

[Link] | Security Center Administrator Guide 5.2 520

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Active Directory

Properties
Defines all the parameters within which this Active Directory role is supposed to operate. For
more information, see "Import security groups from an Active Directory" on page 143.

• Connection status. Connection status between the role and the corporate AD.
• Status. Shows what the role is doing. Idle is the normal status. If there is a problem, an error
message is displayed.
• Active Directory. Hostname or IP address of the corporate AD server.
 Use Windows credentials. You can use the Windows credentials used for running the
Genetec Server service, or specify a different set of Windows usernames and passwords.
In both cases, the credentials you specify must give you read and write access to the
specified corporate AD.
 Use SSL connection. Select this option to encrypt LDAP (Lightweight Directory Access
Protocol) network traffic. LDAP is the protocol used for communication between the
Active Directory role and the AD. The default port used for encrypted communication is
636. If you use a different port, you need to specify it explicitly by appending the port
number after the AD server name, separated by a colon (‘:’).

[Link] | Security Center Administrator Guide 5.2 521

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Active Directory

• Partition. Default partition where the entities synchronized with the corporate AD will be
created if the partition is not mapped to an AD attribute.
• Synchronized groups. List of all AD security groups imported as user groups, cardholder
groups, or both. For information on how to add to this list, see "Import security groups
from an Active Directory" on page 143.
• No scheduled task exists to synchronize this role. This warning message appears if you
have not configured a scheduled task to automatically handle synchronization with the
corporate AD. For more information, see "Create a scheduled task" on page 109.
• Synchronize now. Click this button to perform an instant synchronization. You should
always re-synchronize after making changes to the synchronized groups.

Links
The Links tab allows you to map AD attributes to Security Center fields.

[Link] | Security Center Administrator Guide 5.2 522

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Active Directory

• Cardholder. Map AD attributes to Security Center cardholder fields. See "Select which
cardholder fields to synchronize with the AD" on page 146.
• Maximum picture file size. If you are importing cardholder pictures from the AD, specify
the maximum size of the imported picture.
• Upload pictures to Active Directory. Select this option if you want the pictures you assign
to imported cardholders from Security Center to be synchronized to the AD.
• Card format. Select the default card format to use for the imported cardholder credentials
when the card format property is either not mapped to an AD attribute, or when the
mapped attribute is empty. See also "Mapping the credential card format to an AD attribute"
on page 147.
• Badge template. Select a default badge template to use for the imported cardholder
credentials.
• Custom fields. Map additional AD to Security Center custom fields. See "Map custom
fields to synchronize with the AD" on page 148.

Related topics:
• "Defining custom fields and data types" on page 136

[Link] | Security Center Administrator Guide 5.2 523

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Active Directory

Resources
The Resources tab allows you to configure the servers. The Active Directory role does not require
a database.

Servers
All server management principles are the same for the Active Directory role as with any other
role. For more information, see "Managing servers and roles" on page 47 and "Configuring role
failover" on page 61.

[Link] | Security Center Administrator Guide 5.2 524

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Archiver
The Archiver role is responsible for the discovery, control, and status
polling of video units. All communications between the system and the
video units are established through this role. All events generated by the
units (motion, video analytics) are forwarded by the Archiver to the
concerned parties on the system. The Archiver also manages the video
archive, and performs motion detection on units that do not support this
feature.
Multiple instances of this role can be created on the system.
System: Omnicast IP video surveillance
Tasks: Video – Units, or System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Camera Default recording settings for all cameras controlled by this role.
recording
Trickling Data transfer configuration for edge recording units.

Extensions Manufacturer specific settings for connecting to video units that this Archiver
should communicate with.
Resources Servers, databases, disk storage, and failover configuration for this role.

Related topics:
• "Configuring the Archiver role" on page 193
• "Managing video archives" on page 225
• "Video unit" on page 498
• "Auxiliary Archiver" on page 547
• "Media Router" on page 591

[Link] | Security Center Administrator Guide 5.2 525

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Camera recording
The Camera recording tab lets you configure the default recording settings applied to all cameras
controlled by this Archiver role. The default settings can be superseded by the recording settings
of each individual camera. For more information, see Camera – "Recording" on page 382.

Recording modes
The Archiver can apply different recording modes at different times.

Recording mode Description

Off Recording is off ( ). This mode prevents recording from taking place, not
even when an alarm is triggered.

Continuous Records continuously. Recording cannot be stopped by the user ( ).

On motion/Manual Records when recording is triggered by an action (such as Start recording, Add
bookmark, or Trigger alarm), via motion detection, or manually by a user. In
this mode, the Record button in Security Desk appears grey ( ) when the
Archiver is not recording, red when it is recording but can be stopped by the
user ( ), or red with lock ( ) when it is recording but cannot be stopped by
the user (on motion or alarm recording).

[Link] | Security Center Administrator Guide 5.2 526

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Recording mode Description

Manual Same as On motion/Manual. The only difference is that motion will not
trigger any recording.

CAUTION Recording schedules of the same type cannot overlap, regardless of the recording
mode configured for each. When a scheduling conflict exists, the Archiver and the video units
are displayed in yellow in the entity browser and will issue entity warning messages. For more
information, see "Resolving schedule conflicts" on page 105.

Other recording options

Option Description

Record audio Turn this option on to record audio along with video. A microphone entity
must be attached to this camera entity for this option to work. For more
information, see Camera – "Hardware" on page 393.

Automatic cleanup Turn this option on to delete the recorded video after a certain number of days,
regardless whether the archiving storage is full or not. For more information,
see Archiver – "Advanced settings" on page 545.

Redundant Turn this option on to allow both primary and secondary servers to archive
archiving video at the same time. This setting is effective only if failover is configured. For
more information, see Archiver – "Server configurations" on page 538.

Time to record Duration of the recording buffer. This buffer is saved whenever the recording
before an event starts, ensuring that whatever prompted the recording is also captured on
video.

Time to record after Recording duration when recording is triggered by motion detection. For more
a motion information, see Camera – "Motion detection" on page 383.
During this period, the recording cannot be stopped by the user.

Default manual Recording duration when recording is started by a user. The user can stop the
recording length recording any time before the duration expires. This value is also used by the
Start recording action, when the default recording length is selected.

[Link] | Security Center Administrator Guide 5.2 527

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Trickling
The Trickling tab allows you to configure the transfer of video that was recorded on a video unit
to the Archiver. You can define when and what type of data is transferred.
IMPORTANT To be able to trickle with a camera/video unit, you must first configure your unit
to record video using the unit’s Web page. For more information, see "Enable edge recording on
a camera" on page 199.

Camera list
The camera list shows all the cameras that are set to record on the edge and perform trickling. It
allows you to specify whether or not you want the units to trickle on connection or on a schedule,
and supplies information about the trickling process. You can configure the same trickling
settings for all cameras in the list, or configure settings for specific cameras.

To add cameras to the camera list:

1 (Optional) To add a camera group, click Add group.

[Link] | Security Center Administrator Guide 5.2 528

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

If you have a large system, it is a good idea to create groups of cameras, so you can configure
the trickling download settings for each group separately.
2 To add cameras, click Add an item.
3 From the drop-down list, select a camera group to add the cameras to.
4 Select the cameras, and then click OK.
Hole CTRL or SHIFT to select multiple cameras.
5 For each camera group, or for each specific camera, specify whether or not you want the
units to trickle on connection or on a schedule:
 On connection. Select this option for the camera to start to trickle upon connection to the
network.
 On schedule. Select this option for the camera to trickle based on the schedule defined in
the Trickling schedule section.

Trickling status
The Trickling status dialog box allows you to start and stop trickling manually, and shows you
the latest trickling status. Click at the bottom of the camera list to open it.

NOTE A camera that has just been added to the trickled camera list does not appear in this dialog
box until you have clicked Start trickling for all cameras ( ) once.
• Camera. Edge recording camera selected for trickling.

[Link] | Security Center Administrator Guide 5.2 529

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

• Last trickling request. Date and time of the last trickling request for the camera.
• Last recorded frame. Date and time of the last video frame recorded by the Archiver.
• Status. Lists the trickling status for the camera. The status can be one of the following:
 No video. There is no video recorded on the camera that is available to trickle for the
filters specified in the Trickling filter section. For example, if you specify an alarm filter,
the camera might have generated an alarm event, however it did not record any video for
it.
 No events. There are no events recorded on the camera that correspond to the filters
specified in the Trickling filter section. For example, if you specify a motion filter, but
there were no motion events generated by the camera, there are no events to trickle.
 Started. Trickling has started.
 Completed. Trickling was successfully completed.
 Pending. Trickling will start as soon as a spot opens in the download queue. The spots
available depend on what is specified in the Simultaneous downloads
setting.
 Incomplete. Something occurred during the trickling process that prevented the transfer
from being completed.

Trickling schedule
Use the Trickle every setting to define a schedule for when you want video to be trickled. You can
specify the amount of days, hours, and the time. If you’ve set all cameras to always trickle on
connection, ignore this setting.

Trickling filter
Use these settings to specify what type of video data you want to be trickled. All video that
corresponds to the filters you select are trickled.
NOTE The filters are not combined. Select each type of video data that you want separately. If you
do not select any filters, none of the video stored on the unit is trickled.
• Time interval. Trickle video segments recorded during a specific period of time. You can
specify a specific time range or a relative time range (last n days, hours, minutes).
• Playback requests. Trickle video segments that were played back from the camera.
• Motions. Trickle video segments that span between a Motion on and Motion off event. This
option applies to unit motion detection only.
• Bookmarks. Trickle video segments that contain bookmarks.
• Unit offline. Trickle video segments that span between a Unit lost and a Unit discovered
event.
• Video analytics. Trickle video segments that contain video analytics events.
• Alarms. Trickle video segments that contain alarm events.

[Link] | Security Center Administrator Guide 5.2 530

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

• Input triggers. Trickle video segments that contain input events.

Trickling behavior
Use these settings to specify how trickling is to be done.
• Time buffer when downloading events. The time buffers apply to event-based trickling.
Specify how many seconds of video should be trickled before and after the event occurred.
For example, if you selected the Motion filter, these settings indicate how many seconds are
trickled before the Motion on event occurred, and how many seconds are trickled after the
Motion off event.
• Delay after connection. Use this setting to specify how long (in seconds) the Archiver will
wait to determine if a unit is truly online before trickling. For example, if your cameras are
set to trickle on connection and you have an unstable network where your cameras
frequently go on and offline, this setting is useful to prevent trickling from repeatedly
starting and stopping.
• Simultaneous downloads. Use this setting to specify how many cameras can trickle at the
same time. If you created camera groups, you can specify how many cameras can trickle at
the same time per camera group. This setting is useful if you have a limited network and do
not want too many downloads to occur simultaneously.

[Link] | Security Center Administrator Guide 5.2 531

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Extensions
The Extensions tab lets you configure the common connection parameters shared by the video
units controlled by this Archiver. The manufacturer extensions are created automatically when
you add a unit to the Archiver (see "Add video units manually" on page 194).

This section includes the following topics:

• "General settings" on page 532
• "Discovery settings" on page 533
• "Default logon" on page 534
• "Notification settings" on page 534
• "Bosch VRM settings" on page 535
• "Verint specific settings" on page 535
• "Advanced settings" on page 536
• "NTP settings" on page 536

General settings
• Transaction timeout. Time to wait for a response before resending a command to the unit.
A unit is considered lost after three failed attempts.

[Link] | Security Center Administrator Guide 5.2 532

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

• Command port. Port used by the Archiver to send commands to the Bosch units. This field
cannot be changed.
• RSTP port. RTSP (Real Time Streaming Protocol) port used by the Archiver to request
video from the units that support this protocol.
CAUTION If you have multiple Archiver roles on the system controlling different groups of
video units, then each Archiver must use a different RTSP port.
• VSIP port. (Verint only) Port used for automatic discovery. All units that should be
controlled through the same Verint extension must be configured with the same VSIP port.
The Verint extensions configured for the same Archiver must all have different discovery
ports. For more information, see "What is automatic discovery?" on page 196.

Discovery settings
The following sample screenshot shows the discovery settings of a Bosch unit.

• Discovery port. Automatic discovery port. If multiple instances of the same type of
extension are configured for the same Archiver, they must all use a different discovery port.
(ACTi) Corresponds to the Search server port 1 in the ACTi video server settings.
(Bosch) All units that should be controlled through the same Bosch extension must be
configured with the same discovery port.
NOTE If you decide to change the Discovery port after the units are discovered, you’ll need
to create a new extension with the new discovery port and delete the old one. If the units are
not automatically discovered, you’ll have to add them manually. For more information, see
"Add video units manually" on page 194.
• Discovery reply port. (ACTi and Interlogix) Corresponds to the Search server port 2 in the
ACTi video server settings.
• Unicast period. Period whereby the extension repeats its connection tests using unicast to
determine whether each unit is still active in the system.
• Multicast period. Period whereby the extension attempts to discover new units using
multicast. This option can be disabled.
The IP address that follows is the standard multicast IP address used by Omnicast. Change
it only if it is already used for something else.

[Link] | Security Center Administrator Guide 5.2 533

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

• Broadcast period. Period whereby the extension attempts to discover new units using
broadcast. This option can be disabled.

Default logon
Certain types of units can be protected against fraudulent access by a username and a password.
The logon credentials can be defined individually for each unit or for all units using the same
manufacturer extension.
The following sample screenshot shows the default logon settings of an Axis unit.

• Username. Certain types of units (such as Axis) require a username.

• Password. Certain types of units (such as Bosch) only requires a password.
• Use HTTPS. Select this option to use Hypertext Transfer Protocol Secure for added
security.

Notification settings
The following sample screenshot shows the notification settings of an Interlogix unit.

• TCP notification port. (Panasonic and Interlogix) Port used by the Archiver role to receive
notification messages from the units. When an event occurs, such as Signal lost or Signal
recovered, the unit will initiate a TCP connection with the Archiver and send the
notification through this port.
• Notification channel. (Interlogix only) When multiple Archiver roles are configured to
listen to the same units, such as in a failover list, each archiver must be identified with a
different notification channel (1 to 8). This parameter can be ignored when you are only
using one archiver.
For multiple Archiver roles, the following rules must be followed:

[Link] | Security Center Administrator Guide 5.2 534

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

 All Archiver roles that can potentially control the same units must be configured with
the same TCP notification port.
 All Archiver roles must use a different notification channel.

Bosch VRM settings

The VRM settings are exclusive to Bosch VRM (Video Recording Manager). The latter allows
you to query and play back video from Bosch cameras that are managed by a Bosch VRM.
Multiple Bosch extensions can use the same VRM.

If you add more than one VRM to the list, you can use the move up ( ) and move down ( )
buttons to move a VRM up or down in the list. By default, the Archiver will use the first VRM
in the list for queries and archived video. If the first VRM is not available, the Archiver will use
the next VRM in the list.

Verint specific settings

The following settings are only found on Verint units.

• Show all available video streams as separate cameras. (Verint only) Omnicast supports
encoders that generate multiple video streams from the same video source. When such a
unit is discovered, the Archiver creates a video encoder with multiple streaming
alternatives. For more information, see Camera – "Stream usage" on page 377.

[Link] | Security Center Administrator Guide 5.2 535

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

With Verint units, you have the choice to represent every video stream as a separate camera.
If this is the desired behavior, select this option.
NOTE This option requires a camera connection license for each stream.

• SSL settings. SSL (Secure Sockets Layer) is a protocol used to secure applications that need
to communicate over a network. Security Center supports SSL on all message transmissions
between the Archiver and the units, with the exception of the video streams, because the
data volume would be prohibitive. The purpose for using SSL in Security Center is to
prevent malicious attacks, not to stop eavesdropping.
Select Enforce SSL only if SSL must be enforced on all units controlled by this Archiver. If
this option is cleared, the Archiver will only use SSL to communicate with the units on
which SSL is enabled.

Advanced settings
The advanced settings are reserved for use by Genetec’s Technical Assistance Center. Please do
not be concerned with these settings.

NTP settings
Use the NTP settings to synchronize the time between the units that support NTP (Network
Time Protocol) and the NTP server.
Keeping the units’ time synchronized is particularly important for units that handle video
archiving themselves.
The following parameters must be set:
• NTP server. Specify the NTP server name.
• NTP port. Specify the NTP server port number
• Poll timeout. Specify in minutes how often you want the time on the units to be checked to
ensure that they are properly synched with the NTP server. For example, if 60 seconds is
entered, the time will be verified every 60 seconds.

[Link] | Security Center Administrator Guide 5.2 536

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Resources
The Resources tab lets you assign servers, databases, and disk storage to this Archiver role.

This section includes the following topics:

• "Server configurations" on page 538
• "Configure standby archiving priorities" on page 539
• "Archive database settings" on page 540
• "Archive storage settings" on page 540
• "Network card settings" on page 542
• "Archiver statistics" on page 542
• "Protected video file statistics" on page 543

[Link] | Security Center Administrator Guide 5.2 537

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

• "Archiving camera details" on page 544

• "Advanced settings" on page 545

Server configurations
The Archiver role supports up to two servers for failover. The two servers assigned to the
Archiver must be configured separately from each other, and must have their own database and
storage system for keeping the video archive. For more information, see "Protecting your video
archive against hardware failure" on page 228.

To add the secondary server:

Before you begin: You cannot add a secondary server if the Archiver role has already two
servers assigned. See also "Careful load planning for failover" on page 229.
1 Click the tab labelled Add server ( ).

2 From the dialog box that appears, select the desired server and click Add.
The Add server tab becomes the secondary server tab.

3 From the secondary server tab, configure the following:

 "Archive database settings" on page 540
 "Archive storage settings" on page 540
 "Network card settings" on page 542
4 If the secondary server is also on standby for other Archiver roles, then you might have to
adjust their standby archiving priorities.
See "Configure standby archiving priorities" on page 539.
5 Click Apply.

To switch the primary and secondary servers around:

Before you begin: You must have two servers assigned to the Archiver role. It is best to choose
a time when the Archiver is not archiving to perform this operation.
1 Click Failover ( ) at the bottom of the Resources tab.
A dialog box appears, showing both servers assigned to this Archiver role.
2 Select one of the server in the list and click or to move it up or down the list.

[Link] | Security Center Administrator Guide 5.2 538

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

3 Click OK to close the Failover dialog box.

The two server tabs switch places.
4 (Optional) If the primary server that became the secondary server also hosts other Archiver
roles, then you might have to adjust their standby archiving priorities.
For more information, see "Configure standby archiving priorities" on page 539.
5 Click Apply.
CAUTION If the Archiver was archiving video, you will lose a few seconds of recording while
the switch is taking place.

Configure standby archiving priorities

A same server can be designated as the standby server of multiple Archiver roles. Should all
Archiver roles fail over to the same server at the same time, their combined load might be too
much for the server to handle. One way to avoid overloading a server is to assign a lower
archiving priority to the roles of lesser importance in case a competition occurs.
1 Click Failover ( ) at the bottom of the Archiver’s Resources tab.
2 In the Failover dialog box that appears, click Standby archiving priorities.
3 From the dialog box that appears, select a server from the Server drop-down list.

All Archiver roles that rely on this server as their primary or secondary server are listed. The
archiving priority can only be set when the server is used as a standby. For roles that rely on
the server as their primary server, the archiving priority is implicitly locked at 1 (the
highest).
4 Set the priority of the roles as you see fit, and click Save.
NOTE The archiving priority is a setting specific to each Archiver role on each server. When
the archiving priority has never been set, its default value is 1.

[Link] | Security Center Administrator Guide 5.2 539

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

5 Repeat Step 3 and Step 4 as necessary to configure all servers hosting Archiver roles on your
system.
NOTE At any point in time on a given server, only the Archiver roles with the highest archiving
priority will be able to archive, be it 1 or 100. The archiving priority only affects archiving. Having
a lower archiving priority does not stop a failed over Archiver role from performing its command
and control functions.

Archive database settings

The archive database stores the catalog of the recorded video footage, and the events related to
them and the archiving process. The default database name is Archiver.
IMPORTANT A separate database must be configured for each server assigned to the role.
Because of this requirement, the archive database is often hosted locally on each server. When
two or more Archiver roles are hosted on the same server, be sure to assign to each of them a
different database instead of using the default one. For more information, see "Server
configurations" on page 538.
The configuration of the Archiver database is the same as that of any other role on the system.
For more information, see "Managing databases" on page 52.

Archive storage settings

The actual video footage is not kept in the database, but on disk, in video files. Each video file
might contain several short discrete video sequences, and uses the G64 file extension. The size
limit of the video files is configured in the Advanced settings dialog box. For more information,
see "Advanced settings" on page 545.
Just like the archive database, the archive file storage is also specific to each server.
Both local drives and network drives can be used to store video. All local drives found on the
host server are listed by default and grouped under Default Disk Group.

Disk space cannot be allocated in advance for archiving purpose. Instead, the Archiver is
allowed to use the available disk space up to a certain limit which is defined by the minimum free
space that must be left on each disk.

[Link] | Security Center Administrator Guide 5.2 540

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

The information displayed on each disk are as follows:

• Disk base path. Root folder on the disk where all video files are located. The default value is
VideoArchives. Click on the name to change it to a different folder.
IMPORTANT You must make sure that the service user running the Archiver role has write
access to all the archive root folders assigned to the role. The Config Tool cannot verify this
information on behalf of the Archiver.
• Min. free space. Minimum free space that the Archiver must leave untouched on the disk.
Click on this value to change it.
• Free space. Actual free space remaining on disk.
• Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk
minus the minimum free space.
CAUTION There is nothing to prevent other applications from using up the disk space set
aside for the Archiver. For this reason, we recommend that you assign a disk that is not shared
with other applications to this role. In the case where multiple Archivers share the same
server, use a separate disk for each.
• Total size. Total capacity of the disk.
The archive storage configuration commands are as follows:
Button Command Description

Add network location You can only add network drives to your archive storage. All local
drives on the host server are listed by default. You can exclude
them from being used by the Archiver by clearing the checkbox in
front of each disk.

Add disk group A disk group is a logical storage unit used by the Archiver to
improve the overall disk throughput. See "Optimizing access to
your storage devices" on page 227. Click the Up and Down arrows
to move the selected disk from one group to another.

Delete Deletes the selected disk or disk group. You cannot leave a disk
group without any disk associated to it.

Camera distribution This button appears only if you have more than one disk group
defined. See "Optimizing access to your storage devices" on
page 227.

Refresh the drive Refreshes the drive information.

information

[Link] | Security Center Administrator Guide 5.2 541

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Network card settings

For every server assigned to this Archiver role, you must specify:
• Network card. Network card used to communicate with all video units.
• RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests.
When multiple archiving roles are hosted on the same server, this value must be unique for
each one. The default value is 555. Additionally the value configured must not duplicate any
of those used for the Media Router role, its redirector agent, or any Auxiliary Archiver
hosted on the same server.
• Telnet port. Port used to listen to the Telnet Console connection requests for debugging
purposes. When you change this value, you need to deactivate and reactivate the Archiver
role for the change to take effect.

Archiver statistics
The Statistics dialog box appears when you click the Statistics ( ) button. It provides all sorts
of useful information regarding the archive storage, and the rate at which it is being filled up. If
nothing is displayed, click .

[Link] | Security Center Administrator Guide 5.2 542

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

The available statistics are as follows:

• List of assigned disks. Snapshot of the disk statistics the last time a refresh was made.
TIP Click to view the percentage of protected video files on the selected disk. For more
information, see "Protected video file statistics" on page 543.
• Average disk usage. Average space used per day (first line) and average space used per
camera per day (second line).
• Estimated remaining recording time. Number of days, hours, and minutes of recording
time left based on the average disk usage and the current load.
• Active cameras. Number of cameras that are currently active.
• Archiving cameras. Number of cameras for which archiving is enabled.
TIP Click See details to view the recording state of each individual camera. For more
information, see "Archiving camera details" on page 544.
• Archiving span. Time bracket within which video archives can be found.
• Worst case bandwidth. This number gives you the worst-case scenario on the total
bandwidth requirement if all the cameras are at the peak of their archiving demands.

Protected video file statistics

Too many protected video files on a disk can take away valuable storage space for new video files.
To make sure this does not happen, regularly check the percentage of protected video files on
each disk.

[Link] | Security Center Administrator Guide 5.2 543

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

The orange slice represents the proportion of video files that the user has decided to unprotect.
When a user decides to manually remove the protection on a video file, the Archiver waits 24
hours before actually removing the protection, giving the user enough time to change his/her
mind if necessary. During this reprieve, the status is said to be Protection ending.
Instead of checking the Protected video files statistics, you can also configure an event-to-action
to alert you on the event Protection threshold exceeded. For more information, see "Using event-
to-actions" on page 106.

Archiving camera details

The Archiving cameras dialog box displays the statistics for each individual camera based on the
information collected the last time you clicked .

This report lets you verify whether each encoder is currently streaming video (and audio) and
whether the Archiver is currently recording these data.
The possible Recording states are as follows:

Recording state Description

Recording off Recording is enabled but the Archiver is currently not recording. If you
suspect a problem, the Description column might give you a clue.
The possible causes are as follows:
• Database lost.
• Disks full.
• Cannot write to any drive.

Recording on Recording was started by a user.

[Link] | Security Center Administrator Guide 5.2 544

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Recording state Description

Recording on (locked by Recording is currently controlled by the Archiver (following an On

system) Motion or Continuous schedule).

Recording off (locked by Recording is currently disabled on this camera by a schedule.

system)

Recording about to stop Recording was started by a user and is about to stop (within the last 30
seconds of recording).

Advanced settings
The advanced settings are independent of the server hosting the Archiver role.

Advanced settings Description

Video watermarking Turn this option on to protect your video archive against tampering. For
more information, see "Protecting video archive against tampering" on
page 230.

Delete oldest files when Turn this option on to recycle the archive storage (the default mode),
disks are full meaning that the oldest files are deleted to make space for new files when all
the disks within a disk group are full.
TIP Another way to manage the archiving space is to set individual archive
retention periods for each camera (Automatic cleanup option in each
camera’s Recording tab). This method allows you to keep the more
important data for a longer period of time by purging less important video
first.

[Link] | Security Center Administrator Guide 5.2 545

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Archiver

Advanced settings Description

Enable edge playback Turn this option on only if the Archiver controls units configured for edge
requests recording. This option is turned off by default to prevent sending playback
requests to units that are not recording.

Protected video This is a safety threshold that limits the amount of space that protected
threshold video files can occupy on disks. The percentage you set is the proportion of
protected video you can have of the total size of recorded videos on the disk.
Protected video files are files that will not be deleted by normal archive
cleanup procedures. When this threshold is exceeded, the Archiver will
generate the Protected video threshold exceeded event once every 15 minutes
for as long as the condition is true, but will not delete any video file that is
already protected.

Video files These two settings are used to control the size of the video files created by
the Archiver:
• Maximum length. Limits the length of video sequence contained in
each file. The video length is the time span between the first video frame
and the last video frame stored in a file.
• Maximum size. Limits the size of the video file in MB.
The Archiver will start saving the video to a new video file when either one
of these conditions is met.

Additional settings These additional settings are reserved for use by Genetec’s Technical
Assistance personnel. Please do not be concerned with these settings.

[Link] | Security Center Administrator Guide 5.2 546

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Auxiliary Archiver

Auxiliary Archiver
The Auxiliary Archiver role supplements the video archive produced by
the Archiver role. Unlike the latter, the Auxiliary Archiver is not bound
to any particular discovery port. Therefore, it is free to archive any
camera in the system, including the federated ones.

The Auxiliary Archiver must depend on the Archiver to communicate

with the video units. If an Archiver is not running, the Auxiliary
Archiver would not be able to archive the cameras it controls.
Multiple instances of this role can be created on the system.
System: Omnicast IP video surveillance
Tasks: Video – Units, or System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Camera Default recording settings for all cameras archived by this role.
recording
Cameras Cameras recorded by this Auxiliary Archiver.

Resources Server, database, and disk storage configuration for this role.

Related topics:
• "Configuring the Auxiliary Archiver role" on page 205
• "Camera (video encoder)" on page 372
• "Managing video archives" on page 225
• "Archiver" on page 525

[Link] | Security Center Administrator Guide 5.2 547

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Auxiliary Archiver

Camera recording
The Camera recording tab lets you configure the default recording settings applied to all cameras
associated to this Auxiliary Archiver. The default settings can be superseded by the recording
settings of each individual camera. For more information, see Camera – "Recording" on
page 382.

Video stream
Use this drop-down list to select the default video stream that the Auxiliary Archiver should
record for each camera. The video streams are configured for each individual camera. For more
information, see "Configuring video streams" on page 211.

[Link] | Security Center Administrator Guide 5.2 548

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Auxiliary Archiver

Recording modes
The Auxiliary Archiver can apply different recording modes at different times.

Recording mode Description

Off Recording is off ( ). This mode prevents recording from taking place, not
even when an alarm is triggered.

Continuous Records continuously. Recording cannot be stopped by the user ( ).

On motion/Manual Records when recording is triggered by an action (such as Start recording, Add
bookmark, or Trigger alarm), or via motion detection.
Note: Manual recording is not supported by Auxiliary Archivers.

Manual Manual recording is not supported by Auxiliary Archivers. This schedule

would have no effect.

CAUTION Recording schedules of the same type cannot overlap, regardless of the recording
mode configured for each. When a scheduling conflict exists, the Auxiliary Archiver and the
cameras are displayed in yellow in the entity browser and will issue entity warning messages. For
more information, see "Resolving schedule conflicts" on page 105.

Other recording options

Option Description

Record audio Turn this option on to record audio along with video. A microphone entity
must be attached to this camera entity for this option to work. For more
information, see Camera – "Hardware" on page 393.

Automatic cleanup Turn this option on to delete the recorded video after a certain number of days,
regardless whether the archiving storage is full or not. For more information,
see Auxiliary Archiver – "Advanced settings" on page 554.

Time to record Duration of the recording buffer. This buffer is saved whenever the recording
before an event starts, ensuring that whatever prompted the recording is also captured on
video.

Time to record after Recording duration when recording is triggered by motion detection. For more
a motion information, see Camera – "Motion detection" on page 383.
During this period, the recording cannot be stopped by the user.

Default manual Recording duration when recording is started by a user. The user can stop the
recording length recording any time before the duration expires. This value is also used by the
Start recording action, when the default recording length is selected.

[Link] | Security Center Administrator Guide 5.2 549

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Auxiliary Archiver

Cameras
The Cameras tab lets you select the cameras archived by this role. The Auxiliary Archiver can
record any camera on your system, except those that are federated from an Omnicast 4.x system.

Related topics:
• "Associate cameras to the Auxiliary Archiver" on page 208
• "Remove a camera from the Auxiliary Archiver" on page 209

[Link] | Security Center Administrator Guide 5.2 550

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Auxiliary Archiver

Resources
The Resources tab lets you configure the server, the database, and the disk storage for this
Auxiliary Archiver role.

This section includes the following topics:

• "Genetec Server" on page 552
• "Network settings" on page 552
• "Archive database settings" on page 552
• "Archive storage settings" on page 552
• "Archiver statistics" on page 554
• "Protected video file statistics" on page 554
• "Archiving camera details" on page 554
• "Advanced settings" on page 554

[Link] | Security Center Administrator Guide 5.2 551

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Auxiliary Archiver

Genetec Server
Failover is not supported for the Auxiliary Archiver role. You can only select one server at a time.
For more information, see "Move the Auxiliary Archiver to a different server" on page 209.

Network settings
Additional network settings can be configured by clicking the button:
• Network card. Network card used to communicate with all video units.
• RTSP port. Port used to listen for RTSP (Real Time Streaming Protocol) requests. When
multiple archiving roles are hosted on the same server, this value must be unique for each
one. The default value is 555 for the Archiver and 558 for the Auxiliary Archiver.
Additionally the value configured must not duplicate any of those used for the Media
Router role or its redirector agent hosted on the same server.

Archive database settings

The archive database stores the catalog of the recorded video footage, and the events related to
them and the archiving process. The default database name is AuxiliaryArchiver.
The configuration of the Auxiliary Archiver database is the same as that of any other role on the
system. For more information, see "Managing databases" on page 52.

Archive storage settings

The actual video footage is not kept in the database, but on disk, in video files. Each video file
might contain several short discrete video sequences, and uses the G64 file extension. The size
limit of the video files is configured in the Advanced settings dialog box. For more information,
see "Advanced settings" on page 554.
Both local drives and network drives can be used to store video. All local drives found on the
host server are listed by default and grouped under Default Disk Group.

[Link] | Security Center Administrator Guide 5.2 552

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Auxiliary Archiver

Disk space cannot be allocated in advance for archiving purpose. Instead, the Auxiliary Archiver
is allowed to use the available disk space up to a certain limit which is defined by the minimum
free space that must be left on each disk.
The information displayed on each disk are as follows:
• Disk base path. Root folder on the disk where all video files are located. The default value is
AuxiliaryArchives. Click on the name to change it to a different folder.
IMPORTANT You must make sure that the service user running the Auxiliary Archiver role
has write access to all the archive root folders assigned to the role. The Config Tool cannot
verify this information on behalf of the Auxiliary Archiver.
• Min. free space. Minimum free space that the Auxiliary Archiver must leave untouched on
the disk. Click on this value to change it.
• Free space. Actual free space remaining on disk.
• Allotted space. Space allotted in theory for video archives. It is the total capacity of the disk
minus the minimum free space.
CAUTION There is nothing to prevent other applications from using up the disk space set
aside for the Auxiliary Archiver. For this reason, we recommend that you assign a disk that
is not shared with other applications to this role. In the case where multiple archivers share
the same server, use a separate disk for each.
• Total size. Total capacity of the disk.
The archive storage configuration commands are as follows:

Button Command Description

Add network location You can only add network drives to your archive storage. All local
drives on the host server are listed by default. You can exclude
them from being used by the Auxiliary Archiver by clearing the
checkbox in front of each disk.

Add disk group A disk group is a logical storage unit used by the Auxiliary
Archiver to improve the overall disk throughput. See "Optimizing
access to your storage devices" on page 227. Click the Up and
Down arrows to move the selected disk from one group to
another.

Delete Deletes the selected disk or disk group. You cannot leave a disk
group without any disk associated to it.

Camera distribution This button appears only if you have more than one disk group
defined. See "Optimizing access to your storage devices" on
page 227.

Refresh the drive Refreshes the drive information.

information

[Link] | Security Center Administrator Guide 5.2 553

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Auxiliary Archiver

Archiver statistics
The Statistics dialog box appears when you click the Statistics ( ) button. It works the same
way as for the Archiver role. For more information, see Archiver – Resources – "Archiver
statistics" on page 542.

Protected video file statistics

The Protected video file statistics dialog box of the Auxiliary Archiver works the same way as for
the Archiver role. For more information, see Archiver – Resources – "Protected video file
statistics" on page 543.

Archiving camera details

The Archiving cameras dialog box displays the statistics for each individual camera based on the
information collected the last time you clicked . It works the same way as for the Archiver role.
For more information, see Archiver – Resources – "Archiving camera details" on page 544.

Advanced settings
The Auxiliary Archiver’s advanced settings work the same way as the Archiver. For more
information, see Archiver – Resources – "Advanced settings" on page 536.

[Link] | Security Center Administrator Guide 5.2 554

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Directory

Directory
The Directory is the main role that identifies your Security Center
system. It manages all entity configurations and system wide settings in
Security Center. Only a single instance of this role is permitted on your
system. The server hosting the Directory role is called the main server,
and must be set up first. All other servers you add in Security Center are
called expansion servers, and must connect to the main server to be part
of the same system.

The main functions of the Directory role are:

• Client application connection authentication
• Software license enforcement
• Central configuration management
• Event management and routing
• Audit trail and activity trail management
• Alarm management and routing
• Incident management
• Scheduled task execution
• Macro execution

Configuring the Directory role

Because the Directory role is responsible for the authentication of all client connections, it
cannot be configured in the Config Tool client application.
To configure the Directory role, call Server Admin from a Web browser. For more information,
see "Open Server Admin using Internet Explorer" on page 48.
Using Server Admin, you can perform the following administrative tasks:
• Start/stop the Directory role
• Manage the Directory database and change the data retention periods
• View and modify your Security Center license
• View and modify the main server’s password and communication ports
• Convert the main server into an expansion server

Managing the Directory role

In a multiple Directory server configuration, the Directory failover and load balancing is
managed by the Directory Manager role. For more information, see "Configuring Directory
failover and load balancing" on page 66.

[Link] | Security Center Administrator Guide 5.2 555

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Directory Manager

Directory Manager
The Directory Manager is the role that manages the Directory failover
and load balancing in order to produce the high availability
characteristics in Security Center.
Only one instance of this role is permitted per system.
This role is created by default when your Security Center license
supports multiple Directory servers, and cannot be deleted nor
deactivated.
System: General
Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Directory Lets you configure the servers assigned to Directory failover and load
servers balancing.

Database Lets you configure the failover of the Directory database. This feature is
failover turned off by default.

Related topics:
• "Configuring Directory failover and load balancing" on page 66
• "Managing servers and roles" on page 47
• "Managing databases" on page 52
• "Configuring role failover" on page 61
• "Directory" on page 555

[Link] | Security Center Administrator Guide 5.2 556

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Directory Manager

Directory servers
The Directory servers tab lets you configure the servers assigned to Directory failover and load
balancing.

Directory failover list

The list of servers assigned to Directory failover and load balancing is called the Directory
failover list.

To show or change the connection port assigned to each server, click Advanced ( ).

The server identified with a different icon ( ) than the rest ( ) is the main server. The main
server is the only Directory server that can write to the Directory database. The rest can only
read from that database.

Related topics:
• "Configuring Directory failover and load balancing" on page 66
• "How Directory failover and load balancing works" on page 66
• "Differences between Directory servers and the main server" on page 66

[Link] | Security Center Administrator Guide 5.2 557

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Directory Manager

Database failover
The Database failover tab lets you configure the Directory database failover.

When this feature is turned on, you have two options:

• "Backup and restore" on page 558
• "Mirroring" on page 560

Backup and restore

The Directory Manager protects the Directory database by regularly backing up the master
database instance. During a failover, the latest backups are restored to the backup database that’s
next in line.

The list of databases available for failover is described as follows:

• LED ( ). Indicates the database server that is currently active.
• Server. Security Center server hosting the database instance. The server that manages the
master database instance is flagged as (Master).
• Database server. Database server name. The name must be accessible from all computers.
Relative names, such as (local)\SQLSEXPRESS cannot be used. Always write explicitly the
server’s DNS name (for example TW-WIN7-SC-5) instead of (local).

[Link] | Security Center Administrator Guide 5.2 558

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Directory Manager

IMPORTANT All database servers must be of the same version for database failover to work.

• Database name. Database instance name.

• State. Database state. If there is a problem, an error message is displayed.
• Last Backup/Restore time. Time of the last backup on the master database, or the last
restore on the backup database.
• Folder. Local folder on the specified server where the backup files are copied.
The other parameters are:
• Automatically reconnect to master database. Select this option to force all Directory
servers to reconnect to the master database once it is back online after a failover. This will
cause a short service disruption, and all changes made to the system configuration while the
master database was offline will be lost.
• Generate full backup every. Frequency (in days) and time at which the full backup should
be generated.
TIP It is recommended to generate a full backup after you’ve made lots of changes to the
system configuration. You can do this anytime by clicking Generate full backup.
IMPORTANT After changing the master database from Server Admin (restoring a previous
backup for example), always manually generate a full backup from Config Tool immediately
after. Failing to do so will cause your master and backup databases to become out of synch
and the database failover mechanism will no longer work.
• Generate differential backup every. Frequency (in minutes) at which the differential
backup should be generated. A differential backup contains the database transactions made
after the previous backup (full or differential). The differential backups are deleted only
after a full backup is made.
NOTE All backup activities are stopped when the active database is not the master database.

[Link] | Security Center Administrator Guide 5.2 559

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Directory Manager

Mirroring
Database failover is handled by Microsoft SQL Server and is transparent to Security Center. The
Principal and Mirror instances of the Directory database are kept in synch at all times. There is
no loss of data during failover.

NOTE The Principal and the Mirror databases must be of the same version. Should you decide
to use a Database server instance name, the two instance names must be different. For more
information on database mirroring, please refer to Microsoft SQL Server Database Mirroring
documentation.

Related topics:
• "How Directory database failover works" on page 71
• "Configuring Directory database failover" on page 71

[Link] | Security Center Administrator Guide 5.2 560

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Global Cardholder Synchronizer

Global Cardholder Synchronizer

The Global Cardholder Synchronizer (GCS) role ensures the two-way
synchronization of the shared cardholders and their related entities
between the local system (sharing guest), where it is hosted, and the
central system (sharing host).

Only a single instance of this role is permitted on each system.

System: Synergis IP access control

Task: Access control – Units, or System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Connection parameters to the sharing host, shared global partitions, and
synchronization option.
Resources Servers and failover configuration for this role.

Related topics:
• "Managing global cardholders" on page 300
• "What is the Global Cardholder Synchronizer?" on page 302
• "Configure the Global Cardholder Synchronizer" on page 308

[Link] | Security Center Administrator Guide 5.2 561

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Global Cardholder Synchronizer

Properties
The Properties tab lets you configure the connection parameters to the sharing host, the global
partitions you want to share, and your synchronization option.

Connection parameters
The Global Cardholder Synchronizer (GCS) role must stay connected to the sharing host in
order to keep the local copies of the global entities synchronized with the host.
• Connection status. Indicates the current connection status. The second line shows the
connection activities or when the last synchronization was performed.
• Directory. Name of a Directory server on the sharing host. If anything else than the default
connection port (5500) is used, you must explicitly indicate the port number after the
Directory name, separated by a colon. For example: HostServer:5888.
• Username and password. Credentials used by the GCS role to connect to the sharing host.
The rights and privileges of this user determine what your local system will be able to see
and share with the host system.

[Link] | Security Center Administrator Guide 5.2 562

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Global Cardholder Synchronizer

Global partitions
List of global partitions found on the sharing host. Select the ones you wish to share.

Synchronize automatically
Select this option to have the GCS role perform synchronization in real time. This means that
whenever a change is made on the sharing host, either by the host itself or by another sharing
guest, the change will immediately be reflected on your local system.

Leaving this option unchecked allows you to synchronize manually. You must also leave the role
in manual synchronization mode if you want the GCS role to synchronize periodically via a
scheduled task. For more information, see "Using scheduled tasks" on page 109.

Resources
The Resources tab lets you configure the servers for hosting this role. The GCS role does not
require a database.

Servers
All server management principles are the same for the Global Cardholder Synchronizer role as
with any other role. For more information, see "Managing servers and roles" on page 47 and
"Configuring role failover" on page 61.

[Link] | Security Center Administrator Guide 5.2 563

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Health Monitor

Health Monitor
The Health Monitor is the central role that monitors system entities such
as servers, roles, units, and client applications for health issues. Health
events are recorded in a database for the purpose of reporting and
statistical analysis. Current system errors are reported in real time in
your application’s notification tray.
Only one instance of this role is permitted per system.
This role is created at system installation and cannot be deleted.
System: General
Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Health events to be monitored.

Resources Servers, database, and failover configuration for this role.

Related topics:
• "Monitoring your system’s health" on page 75
• "Configuring the Health Monitor" on page 76
• "Viewing system health events" on page 170
• "Viewing the health status and availability of entities" on page 171

[Link] | Security Center Administrator Guide 5.2 564

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Health Monitor

Properties
The Properties tab lets you configure the health events to be monitored.

• Client app. maintenance mode. Turn this switch on to set the client applications in
maintenance mode. Setting any entity in maintenance mode means that the down time will
be considered Expected-down time and will not be used in the health statistics availability
percentage calculations. Only Unexpected down-time is used when calculating availability.
Most entities can be set in maintenance mode through their own contextual toolbar (
Enable maintenance mode). For client applications, it must be set here.
NOTE Setting something in maintenance mode does not stop the health events. Rather, it
downgrades all health events to informational only.
• Events to monitor. Select which events you want the Health Monitor role to watch.
IMPORTANT Clearing a health event in this list does not remove it from the Health history
query filter. But, it could make some of the Health statistics calculations impossible.
Some of the events allow you to adjust the thresholds used to fire the event. For more
information, see "Change the firing threshold of a health event" on page 80.

[Link] | Security Center Administrator Guide 5.2 565

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Health Monitor

Resources
The Resources tab allows you to configure the servers and database assigned to this role.

Servers
All server management principles are the same for the Health Monitor role as with any other
role. For more information, see "Managing servers and roles" on page 47.

Database
All database management principles are the same for the Health Monitor role as with any other
role. For more information, see "Managing databases" on page 52.

[Link] | Security Center Administrator Guide 5.2 566

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion Manager

Intrusion Manager
The Intrusion Manager role is responsible for the integration of intrusion
panels (or alarm panels) to Security Center. It listens to the events
reported by the intrusion panels, reports them live in Security Desk, and
logs them in a database for future reporting.
The Intrusion Manager is also responsible to relay user commands such
as arming and disarming the areas (or zones) to the controlling panel
and triggering the outputs connected to the latter via event-to-actions.
Multiple instances of this role can be created on the system.
System: General – Intrusion detection
Task: Intrusion detection – Units, or System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Database retention period for intrusion events.

Extensions Manufacturer specific settings for connecting to intrusion detection units that
this role should communicate with.
Resources Servers, database, and failover configuration for this role.

Related topics:
• "Managing intrusion panels" on page 155
• "Intrusion detection unit" on page 427
• "Intrusion detection area" on page 425

[Link] | Security Center Administrator Guide 5.2 567

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion Manager

Properties
The Properties tab lets you configure the retention period of the intrusion events in the database.

Keep events
Intrusion events are logged by the Intrusion Manager for intrusion activity reports. You can
decide for how long you want to keep them before they are purged from the Intrusion Manager
database.

Related topics:
• Intrusion detection investigation tasks in Genetec Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 568

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion Manager

Extensions
The intrusion unit models controlled by this Intrusion Manager role.

All supported manufacturer extensions are created by default when the role is created.

[Link] | Security Center Administrator Guide 5.2 569

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion Manager

Resources
The Resources tab allows you to configure the servers and database assigned to this role.

Servers
All server management principles are the same for the Intrusion Manager role as with any other
role. For more information, see "Managing servers and roles" on page 47.
IMPORTANT The Intrusion Manager role supports failover only when the intrusion panels are
connected via IP. Failover is not supported if the intrusion panels are connected via serial port.
For more information, see "Configuring role failover" on page 61.

Database
All database management principles are the same for the Intrusion Manager role as with any
other role. For more information, see "Managing databases" on page 52.

[Link] | Security Center Administrator Guide 5.2 570

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

LPR Manager
The LPR Manager stores all LPR data (reads, hits, images, vehicle status,
GPS data, and so on) collected from the LPR units (fixed Sharps) and
Patrollers that it manages into a central database for data mining and
reporting. The LPR Manager is also responsible for updating fixed
Sharps and Patrollers in the field with hotfixes, hotlist updates, and so
on.

Multiple instances of this role can be created on the system to provide

scalability and partitioning. For example, different fleets of Patrollers can be managed by
different LPR Managers, fixed Sharp units can be managed by different LPR Managers, and so
on.
System: AutoVu IP license plate recognition
Tasks: LPR – Units, or System – Roles

Identity Name, description, logical ID, and relationships of this entity with other
entities in the system.
Properties General parameters within which this role should operate.

Resources Server and database configuration for this role.

Related topics:
• "Hotlist" on page 418
• "LPR unit" on page 430
• "Overtime rule" on page 443
• "Parking facility" on page 448
• "Patroller" on page 454
• "Permit" on page 457
• "Permit restriction" on page 461

[Link] | Security Center Administrator Guide 5.2 571

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

Properties
The Properties tab is used to configure the general LPR Manager settings and optional AutoVu
features. The availability of certain features depends on your Security Center license.
This section includes the following topics:
• "General settings" on page 573
• "Live" on page 575
• "File association" on page 576
• "Matching" on page 577
• "Reverse geocoding" on page 578
• "Plate filtering" on page 578
• "Email notification" on page 580
• "XML import" on page 582
• "XML export" on page 584
• "Update provider" on page 588
• "Data import" on page 589

[Link] | Security Center Administrator Guide 5.2 572

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

General settings
Use the General settings to configure the Root folder for the LPR Manager, the user group for the
Patrollers, and how long the data from the LPR Manager is kept in the database.
IMPORTANT Please read the following before you configure the LPR Manager General settings.

• If you are using SQL Server Express Edition, the database might be full before the retention
period ends. Contact GTAP to help you evaluate whether SQL Server Express meets the
requirements of your AutoVu system.
• If your computer is hosting more than one LPR Manager, each LPR Manager must have a
different root folder.

• Root folder. The main folder on the computer hosting the LPR Manager. This is where all
the configuration files are created, saved, and exchanged between the LPR Manager and the
Patroller units it manages.
Whenever you create a new LPR Manager role, the root folder is created automatically on
your computer at the location C:\Genetec\AutoVu\RootFolder. If you create multiple LPR
Managers, new folders will be created for you at the same location. For example, if you have
three LPR Managers created, the folders RootFolder1, RootFolder2, and RootFolder3 will be
created under the folder C:\Genetec\AutoVu.
The LPR Manager root folder includes the following subfolders:
 ManualTransfer. Contains the configuration and data files to transfer to Patroller
manually using a USB key or similar device.

[Link] | Security Center Administrator Guide 5.2 573

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

 Offload. Contains the LPR data offloaded by Patroller.

 Rules. Contains the delta files used by Security Center to transfer hotlist and permit list
changes. Do not copy or move anything in this folder.
 Updates. This folder appears when you first turn on the Update provider (see "Update
provider" on page 588). It contains Security Center and Patroller hotfixes, as well as
Sharp service and firmware updates. Patroller hotfixes are automatically downloaded to
Patroller whenever Patroller is connected to Security Center. Mobile Sharp units are
updated through Patroller, and fixed Sharp units are updated through the network.
• Optimize Root folder disk space. (Windows Vista or later only) Enables the use of
symbolic links to reduce disk utilization when the same file is replicated in multiple folders,
such as when you have large hotlists and/or permit lists associated to individual Patroller
units. This reduces the Root folder’s overall disk space, and optimizes file transfer
performance to the Patroller in-vehicle computer.
To use this feature, the server machine must be running Windows Vista or later, otherwise
hotlists and permits will be copied as usual (duplicate copies on disk). The client machine
must also be running Windows Vista or later, otherwise the client won’t be able to access the
files inside the root folder.
After enabling this option in Security Center, you also must enable it in Windows on your
server and client machines (you’ll need administrator rights).
On both the server and client machines, open Windows Command Prompt, and then type
the following:
 To enable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:1
 To disable symbolic links. Type fsutil behavior set SymlinkEvaluation R2R:0.
• User group for Patrollers. List of users (and their passwords) who are allowed to log on to
the Patrollers managed by the LPR Manager. This list is downloaded to the Patrollers.
In Patroller Config Tool, if the Patroller Logon type is Secure name or Secure name and
password, the Patroller user will be required to enter the username and password configured
in Security Center. If secure logon names are in use, when a read or a hit occurs, in Security
Desk you can view who was driving the vehicle.
• Database retention periods. Specify how many days of LPR-related data Security Center
can query. The default is 90 days, and the maximum is 2000 days. LPR data that is older
than the value(s) you specify will not appear in Security Center queries and reports (Hit
reports, Read reports, and so on).
 Patroller route retention period. Number of days Patroller route data (GPS positions) can
be queried.
 Hit retention period. Number of days hit data can be queried.
 Read retention period. Number of days license plate reads can be queried.
 Event retention period. Number of days the LPR events License plate read and License
plate hit can be queried.

[Link] | Security Center Administrator Guide 5.2 574

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

Live
The Live settings are used to configure how data is transferred between Security Center and
Patroller.

• Listening port. Port used to listen for connection requests coming from fixed Sharps and
Patrollers. After the connection is established, the LPR Manager can receive live updates
from the LPR units it manages.
• Sharp discovery port. Port used by the LPR Manager to find fixed Sharp units on the
network. The same port number must be used in the Discovery port setting on the Sharp.
IMPORTANT Each LPR Manager must use a unique discovery port.

• Send on read (fixed Sharp only). For each plate read, choose which Sharp images are sent
to Security Center. These images are displayed in Security Desk when monitoring LPR
events.
 License plate image. Include the high resolution close-up image of the license plate along
with the plate read data.
 Context image. Include the wide angle context image of the vehicle along with the plate
read data.
• Channel security. Encrypt communication between Security Center and Patroller.
IMPORTANT Encryption must be enabled both in the Security Center Config Tool and in
Patroller Config Tool.

[Link] | Security Center Administrator Guide 5.2 575

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

 Encrypt communication channel. Encrypt communication between Patroller and Security

Center.
 Accept non encrypted messages. Security Center will accept incoming connections from
Patrollers that do not have the encryption option enabled.

File association
The File association settings specify which hotlists and permits are active and managed by the
LPR Manager.

• Hotlists. A list of all the hotlists in Security Center. Choose which hotlists you want the
LPR Manager to manage. The LPR Manager then sends the hotlists to the Patrollers it
manages, or matches the hotlists against the reads collected from fixed Sharp units to
produce hits. When you create a new hotlist, it is automatically added to this list and
enabled for all the LPR Managers on your system.
• Permits. A list of all the permits in Security Center. Choose which permits the LPR
Manager manages. The LPR Manager sends these permit lists to Patrollers. Only Patrollers
configured for parking enforcement require permits. When you create a new permit, it is
automatically added to this list and enabled for all the LPR Managers on your system.
NOTE You can also associate permits to individual Patrollers, and hotlists to individual Patrollers
or Sharp units. For more information, see "Patroller" on page 454, and "LPR unit" on page 430.

[Link] | Security Center Administrator Guide 5.2 576

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

Matching
The Matching settings are used to enable matching between hotlists and fixed Sharp units. You
use these settings when you want to configure event-to-actions in Security Desk that trigger on
“match” or “no match” events.

• Matching. Enables matching between fixed Sharp units and hotlists. When matching is
enabled, you can configure event-to-actions in Security Desk that trigger when the Sharp
reads a plate that is on a hotlist you’ve activated in File association.
• Generate “No match” events. Security Center generates “no match” events when a plate is
not found on a specific hotlist. You can then configure event-to-actions in Security Desk
based on “No match” events.
You would typically use “No match” events as part of an access control scenario. For
example, you can associate a hotlist to a specific Sharp unit that is monitoring access to a
parking lot or similar location. In this scenario, a Security Center event-to-action for a
“License plate hit” grants the vehicle access (opens a gate, raises a barrier, and so on), and an
event-to-action for a “No match” could trigger an alarm, or send an email to security
personnel.

[Link] | Security Center Administrator Guide 5.2 577

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

Reverse geocoding
The Reverse geocoding feature converts the raw GPS data (longitude, latitude) from Patrollers
into street addresses. The street addresses are then saved along with the reads in the LPR
Manager database.
NOTE You need geocoding if your Patrollers are equipped with GPS but no maps.

• Map type. Displays the map type set in the Security Center license.
• (If you choose Mapinfo) MapInfo workspace. Folder where the MapInfo files ([Link]
and associated files) are found. This folder must be on the same computer where the LPR
Manager is installed.
• (If you choose Mapinfo) MapInfo version. If using MapInfo version 6 and later, you must
select New.

Plate filtering
The Plate filtering settings determine what to do when a hotlist or permit list is modified. The
LPR Manager can detect if the new or modified lists include entries that contain invalid (non-
alphanumeric) characters. You can configure the LPR Manager to either delete the invalid
entries completely, or to delete only the invalid characters within the entries. You can also save
logs of the filtering process to view detailed information about how many invalid entries were
deleted or modified. This option is enabled by default when you install Security Center or create
a new LPR Manager role.

[Link] | Security Center Administrator Guide 5.2 578

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

• Plate number valid characters. Select the types of characters to filter on (Latin, Arabic, or
Japanese).
• Invalid plate number. Configure how the LPR Manager handles invalid records:
 Modify record. (Default setting). Removes any non-alphanumeric characters from the
plate number. For example, the plate number “ABC#%3” becomes “ABC3”.
 Remove record. Deletes the entry from the list entirely.
• Logging. Select Log filtering in, and then specify where you want the log file to be saved.
The destination folder you choose must be accessible to the computer hosting the LPR
Manager role.

[Link] | Security Center Administrator Guide 5.2 579

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

Email notification
The Email notification setting turns on email notifications for hotlist hits, and lets you customize
the look and contents of the email message. You can configure email notification at the hotlist
level (any hit from a hotlist), or at the individual license plate level (a hit from a specific plate).
For more information, see “Configuring email notifications for hotlist hits” in the AutoVu
Handbook.

[Link] | Security Center Administrator Guide 5.2 580

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

• Annotation email address. Used for email notification at the individual license plate level.
Type the name of the hotlist attribute related to email notification. For example, if you
added an “Email” attribute on the hotlist entity’s Properties page, type the exact same name
here. The names must match exactly.
• Email components. Choose the LPR data you want to attach to the notification email, and
whether to hide the license plate numbers in the message body.
 License plate image. High resolution close-up images of the license plate.
 Context image. A wider angle color image of the vehicle.
 License plate. Replaces the read plate number, and the matched plate number in the email
with asterisks (*).
• Log emails in. Select the check box to log hotlist hit notification emails. Type the full path
to the log file.
• Template. Customize the email. Do any of the following:
 Edit the email’s subject line or message body.
 Switch between plain text and HTML.
 Add formatting (bold, italics, and so on).
 Right-click in the message body for a menu of quick tags that you can use to add more
information to the email.
 Restore the default email template at any time.

[Link] | Security Center Administrator Guide 5.2 581

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

XML import
The XML import settings are used to import data from third-party applications into the LPR
Manager database. When you turn this setting on, Security Center creates an XML import entity,
and then associates the imported data with this entity. In Security Desk, you can then filter on
the XML import entity when running hit or read reports.
NOTE The LPR data imported cannot be displayed in a live Security Desk monitoring task, but
it is matched against loaded Hotlists. You can then generate a hit report to see the data.

• XML template file. Specify where the XML template file is located. You’ll find a default
template in the Security Center installation package in Tools\LPR\XMLTemplatesSamples.
• XML data folder. Specify the folder that contains the XML data files for Security Center to
import.
• Supported XML hashtags. The following XML hashtags are supported. Each hashtag must
have an opening and closing XML tag (for example, to use the tag #CONTEXT_IMAGE#
you must write <ContextImage>#CONTEXT_IMAGE#</ContextImage> in the XML):
 #GUID#. Unique identifier of the LPR event. If this value is not included, a value will be
created by default.
 #Time_Zone#. Name of the time zone where the read occured. The format must conform
to the [Link] Property of the .NET Framework. If this value is not included, or
if it is invalid, the time zone of the LPR Manager role is used.

[Link] | Security Center Administrator Guide 5.2 582

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

 #DATE_LOCAL#, #DATE_UTC#, #TIME_LOCAL#, #TIME_UTC#. Date and time

(local or UTC) of the LPR event. You must specify a format for these hashtags (for
example, #DATE_LOCAL#{yyyy/MM/dd}). For more information about which formats
to use, see the MSDN article at [Link]
[Link]. If these hashtags are not included, UTC dates and times are used as a
baseline for calculating the local time. If an error occurs, the time the LPR Manager role
imported the data is used.
 #PLATE_IMAGE#, #CONTEXT_IMAGE#. The plate and context images as Base64-
encoded images.
 #PLATE_READ#. License plate as read by the Sharp.
 #PLATE_STATE#. License plate's issuing state or province, if read.
 #RULE_ID#, #LOT_ID#. Unique identifiers of parking lots and facilities. These are
typically used for MLPI deployments. If these hashtags are not included, the [Link]
is used.
 LATITUDE#, #LONGITUDE#. Latitude and longitude of the event. This must be
formatted in decimal degrees.
 #CUSTOM_FIELDS#. You can import other fields with this hashtag by using the
key=value format. Format the key as #CUSTOM_FIELDS#{KEY}.

[Link] | Security Center Administrator Guide 5.2 583

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

XML export
The XML export settings are used to send LPR Manager reads and hits to third-party
applications. Reads and hits are sent live as they occur.

• XML templates folder. Specify where the XML templates folder is located. You’ll find
default templates in the Security Center installation package in
Tools\LPR\XMLTemplatesSamples. There are XML templates for each type of LPR event
(plate reads, hotlist hits, overtime hits, permit hits, and shared permit hits).
• XML export folder. Specify the folder that contains the XML files exported by the LPR
Manager.
• Time format. Enter the time format used in the exported files. As you set the time format
the information field displays what the time format will look like in the XML file.
To identify the units of time, use the following notation:

Notation Description

h Hour

m Minute

[Link] | Security Center Administrator Guide 5.2 584

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

s Second

: Must use a colon (:) between the hour, minute, and second units.

hh,mm,ss Display time with leading zero. For example: [Link] represents 3
hours 6 minutes 3 seconds.

h,m,s Display without leading zero. For example: [Link] represents 3 hours
6 minutes 3 seconds.

tt Include A.M. or P.M. If using a 12-hour clock, you might want to

use A.M. or P.M. notation. Unit can be preceded with or without a
space. For example, HH:mm:ss tt displays [Link] PM.

Lowercase h 12-hour clock.

Uppercase H 24-hour clock.

• Date format. Enter the date format used in the export files.
To identify the units of a date, use the following notation:

Notation Description

M Month in numerals

MM Month in numerals with leading zero.

MMM Month abbreviation. For example Apr for April.

y Year without century. For example, yy displays 11 for 2011.

yyy Year with century. For example, yyyy displays 2011

d Date

dd Date with leading zero.

ddd Day of week three letter abbreviation. For example, ddd displays
Wed for Wednesday.

dddd Day of week. For example, dddd displays Wednesday.

Delimiters Can use space or dash (-) between units in the date.

Example dddd MM dd, yyy displays Wednesday April 06, 2011.

• Supported XML hashtags. The following XML hashtags are supported. Each hashtag must
have an opening and closing XML tag (for example, to use the tag #CONTEXT_IMAGE#
you must write <ContextImage>#CONTEXT_IMAGE#</ContextImage> in the XML).
 #ATTRIBUTES#. Generate all Read and Hit attributes.
 #CONTEXT_IMAGE#. Context image (Base64-encoded JPEG).

[Link] | Security Center Administrator Guide 5.2 585

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

 #DATE_LOCAL#. Local date of the LPR event.

 #ELAPSED_TIME#. For an overtime hit, this tag indicates the time difference between
the two plate reads (displaying the number of days is optional).
 #FIRST_VEHICLE#. For a shared permit hit, this tag generates the content specified in
[Link] for the first vehicle seen.
 #FIRST_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the attribute
From street from the first plate read.
 #FIRST_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute To
street from the first plate read.
 #HOTLIST_CATEGORY#. Category field of the hotlist that generated the hit.
 #GUID#. Unique identifier of the LPR event.
 #INVENTORY_LOCATION#. For MLPI installations, the location of the vehicle
inventory.
 #ISHIT#. This tag indicates if the LPR event is a hit.
 #LATITUDE_DEGREE#. Latitude of the LPR event (in degrees).
 #LATITUDE_DMS#. Latitude of the LPR event (in degrees, minutes, and seconds).
 #LATITUDE_MINUTE#. Latitude of the LPR event (in minutes).
 #LATITUDE_SECOND#. Latitude of the LPR event (in seconds).
 #LONGITUDE_DEGREE#. Longitude of the LPR event (in degrees).
 #LONGITUDE_DMS#. Longitude of the LPR event (in degrees, minutes, and seconds).
 #LONGITUDE_MINUTE#. Longitude of the LPR event (in minutes).
 #LONGITUDE_SECOND#. Longitude of the LPR event (in seconds).
 #MATCHED_PLATE#. License plate against which the hit was generated.
 #ORIGINAL#. For an overtime hit, this tag generates the content specified in
[Link] for the first read of a given plate.
 #OVERVIEW_IMAGE#. Overview image (Base64-encoded JPEG).
 #PARKING_LOT#. The parking lot or parking facility name given in Security Center.
 #PATROLLER_ID#. Unique identifier of the Patroller unit.
 #PATROLLER_NAME#. The Patroller name as defined in Patroller Config Tool.
 #PERMIT_NAME#. Name of the permit that generated the LPR event.
 #PLATE_READ#. License plate as read by the Sharp.
 #PLATE_IMAGE#. License plate image (Base64-encoded JPEG).
 #READ#. Embed the contents of the [Link] inside another XML template
(useful for hits).
 #REJECT_REASON#. The reason given by the Patroller user for rejecting a hit. Reject
reasons must first be configured in Security Center.
 #SECOND_VEHICLE#. For a shared permit hit, this tag generates the content specified
in [Link] for the second vehicle seen.

[Link] | Security Center Administrator Guide 5.2 586

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

 #SECOND_VEHICLE_FROM_STREET#. For an overtime hit, this tag retrieves the

attribute From street from the second plate read.
 #SECOND_VEHICLE_TO_STREET#. For an overtime hit, this tag retrieves the attribute
To street from the second plate read.
 #SHARP_NAME#. Name of the Sharp that read the plate.
 #STATE#. License plate's issuing state or province, if read.
 #TIME_LOCAL#. Local time.
 #USER_ACTION#. User action related to the LPR event.
 #USER_ID#. Unique identifier of the Security Center user that is logged on to Patroller.
 #USER_NAME#. The username of the Security Center user that is logged on to Patroller.
 #VEHICLE#. Same as #READ#.
 #ZONE_COLOR#. Color of the zone associated to the LPR event.
 #ZONE_ID#. The unique identifier of the zone associated to the LPR event.
 #ZONE_NAME#. Name of the zone associated to the LPR event.

[Link] | Security Center Administrator Guide 5.2 587

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

Update provider
Turn on the Update provider to create the required sub-folder in the LPR Root folder that will
receive the update files. Also, you need to specify the Listening port used for Patroller and Sharp
updates. The LPR Manager will use this port to update Patrollers and Sharps with new hot fixes,
hit alert sounds, hotlists, firmware and so on.

• Listening port. This is the port Security Center uses to send updates to Patrollers and
connected Sharp units, as well as to fixed Sharps on the network. Make sure to use the same
port number in Patroller Config Tool, and in the <Admin Tool>.

[Link] | Security Center Administrator Guide 5.2 588

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

Data import
The Data import settings are used to import data from AutoVu 4.3 systems. The LPR Manager
connects to the AutoVu Gateway 4.3 database and imports all mobile data into the LPR
Manager database so that the data can be viewed with Security Desk.
IMPORTANT Before you turn on Data import, configure the AutoVu Gateway database server
and database name.
NOTE Please note the following about importing the AutoVu Gateway 4.3 database into Security
Center:
 The first time you run the migration, the LPR Manager will import everything that is in
the existing Back Office database up until the retention period specified in the General
settings.
 It takes approximately one hour for every 2.5 GB of data to transfer. For example, if you
have 100 GB of data, the data import process will take approximately 40 hours.
 After the first batch of data is imported, the import process will resume every 12 hours.
In the mean time, the old system can operate as usual.
 As data from the legacy system is imported into Security Center, you'll see the Patroller
and LPR units appear under the LPR Manager.
 For information on how to migrate to Security Center 5.0 from AutoVu 4.3, see the
Security Center Installation and Upgrade Guide.
• Data server. Name of the data server used by the legacy AutoVu Gateway.
• Database. Name of the legacy AutoVu Gateway database.

[Link] | Security Center Administrator Guide 5.2 589

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR Manager

Resources
The Resources tab allows you to configure the servers and database assigned to this role.

Servers
All server management principles are the same for the LPR Manager role as with any other
Security Center role.

Database
All database management principles are the same for the LPR Manager role as with any other
Security Center role.
NOTE When backing up (or restoring) the database to a network drive, you must manually enter
the network path (for example, \\<MyNetworkDrive>\<Backup DB folder>\.

[Link] | Security Center Administrator Guide 5.2 590

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Media Router

Media Router
The Media Router role handles all stream (audio or video) requests on
the system. It establishes streaming sessions between the stream source
(camera or Archiver) and its requesters (Security Desk or SDK clients).
Routing decisions are based on the location (IP address) and the
transmission capabilities of all parties involved (source, destinations,
networks and servers).

It ensures all video streams use the best route to get to their destinations, while performing any
necessary transformation (for example, from unicast to multicast, or from IPv4 to IPv6).
Only a single instance of this role is permitted per system.
System: Omnicast IP video surveillance
Tasks: Video – Units, or System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Stream redirectors, start multicast endpoint, and RTSP port.

Resources Servers, databases, and failover configuration for this role.

Related topics:
• "Configure the Media Router" on page 203
• "Network" on page 438
• "Server" on page 475
• "Archiver" on page 525

[Link] | Security Center Administrator Guide 5.2 591

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Media Router

Properties
The Properties tab allows you to configure the stream redirectors, the start multicast endpoint,
and the RTSP port for the Media Router.

Redirectors
Redirectors are servers assigned to host redirector agents. A redirector agent is a software module
launched by the Media Router to redirect data streams from one IP endpoint to another.
The Media Router automatically creates a redirector agent on every server assigned to an
Archiver role.
You might have to create redirector agents on additional servers if you need to reach clients
located on remote networks or to balance the redirection workload between multiple servers.
Click Add an item ( ) to add new redirectors or Edit an item ( ) to modify an existing one.

[Link] | Security Center Administrator Guide 5.2 592

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Media Router

Both commands open the Redirector configuration dialog box.

The redirector settings are as follows:

• Server. Server selected to host the redirector agent.
• Multicast interface. Network adaptor to use for streaming data in multicast mode.
• Incoming UDP port range. Range of ports used by the redirector agent to send video using
UDP. If the redirector agent is running behind a firewall, make sure that these ports are
unlocked for inbound packets for UDP connections.
• RTSP port. Port used by the redirector agent to receive TCP commands. The same port is
used to stream data using TCP.
NOTE If you are configuring the redirector agent on the same server that is hosting the Media
Router, the RTSP port cannot be the same as the one used by the Media Router.
• Live capacity. Use this option to limit the maximum number of live streams that this server
(redirector) can redirect. This feature serves two purposes:
 Avoid overloading the server with too many users trying to view video (that needs
redirection) at the same time.
 Avoid overloading the network with too many video streams coming from a remote site
that has limited bandwidth.
When the limit is reached, an error message is displayed on the client application requesting
the live video that the live stream capacity is exceeded.
• Playback capacity. Same idea as Live capacity for playback streams.

[Link] | Security Center Administrator Guide 5.2 593

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Media Router

Start multicast endpoint

Start multicast address and port number. In multicast, all audio and video sources are streamed
to different multicast addresses while using the same port number. This is because multicast
switches and routers use the destination IP address to make their routing decisions. To follow
the same approach, the Media Router assigns that same port number to all streaming devices
(microphones and cameras), starting with the specified IP address, and incrementing it by 1 for
every new devices it encounters.

RTSP port
Incoming TCP command port used by the Media Router.

Resources
The Resources tab allows you to configure the servers and database assigned to this role.

Servers
All server management principles are the same for the Media Router role as with any other role.
For more information, see "Managing servers and roles" on page 47.

[Link] | Security Center Administrator Guide 5.2 594

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Media Router

Database
All database management principles are the same for the Media Router role as with any other
role. For more information, see "Managing databases" on page 52.
NOTE The Media Router role supports failover and accepts multiple secondary servers. The
exception to the rule is that its database can be local to each server. For more information, see
"Configuring role failover" on page 61.

[Link] | Security Center Administrator Guide 5.2 595

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Omnicast Federation

Omnicast Federation
The Omnicast Federation role imports entities from an remote Omnicast
4.x system so that its cameras and events can be used by your local
Security Desk users.
The federation role acts as a proxy between your local clients and the
remote Omnicast system they need to connect to.

Multiple instances of this role can be created on the system.

System: Omnicast IP video surveillance

Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system. This is also where you set the value of role group for very large scale
Federation deployment.
Properties Connection parameters to the remote Omnicast system, and default video
stream and of events to receive from it.
Resources Servers and failover configuration for this role.

Related topics:
• "Federating remote systems" on page 128
• "Federating Omnicast systems" on page 131
• "Security Center Federation" on page 607

[Link] | Security Center Administrator Guide 5.2 596

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Omnicast Federation

Identity
The Identity tab provides descriptive information about this role lets you jump to the
configuration page of related entities. For more information, see "Identity" on page 336.

Role group
The role group is an advanced setting that is necessary only if you plan on hosting more than 40
Omnicast Federation roles on the same server. For more information, see "What is a role group?"
on page 134.

To make this setting appear:

• Click inside the Name field and type Ctrl+Shift+A.

[Link] | Security Center Administrator Guide 5.2 597

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Omnicast Federation

Properties
The Properties tab allows you to configure the connection parameters to the remote Omnicast
system, and the default video stream and events you wish to receive from it.

Connection parameters
The top section identifies the remote Omnicast system and its connection status.
• Connection status. Shows the connection status of the federation role to the remote system.
Click Reset connection at the bottom of the tab to force a reconnection.
• Directory. Name of the Omnicast Gateway connecting you to the remote Omnicast system.
• Username and password. Credentials used by the federation role to log on to the remote
Omnicast system. The rights and privileges of that user will determine what your local users
will be able to see and do on the federated remote system.
• Version. Version of the federated Omnicast system. This drop-down list only shows the
Omnicast versions for which a compatibility pack has been installed.

Received information
The bottom section describes the default video stream and events you wish to receive from the
federated system.

[Link] | Security Center Administrator Guide 5.2 598

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Omnicast Federation

Events are necessary if you plan to monitor the federated entities in Security Desk or to
configure event-to-actions for the federated entities.

Resources
The Resources tab lets you configure the servers for hosting this role. The federation role does
not require a database.

Servers
All server management principles are the same for the Omnicast Federation role as with any
other role. For more information, see "Managing servers and roles" on page 47 and "Configuring
role failover" on page 61.

[Link] | Security Center Administrator Guide 5.2 599

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Plugin

Plugin
The Plugin role hosts a specific plugin. Each Plugin role instance hosts
exactly one plugin of the type you select.
IMPORTANT You need to install the plugin package on your client and
server computers before you can create the corresponding Plugin role,
and you must make sure your Security Center license has a valid
certificate for the plugin you want to use.

System: General
Task: Plugins – Plugins, or System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Depends on the type of plugin the role is hosting.
Other tabs might appear depending on the type of plugin you have. For more
information, see the corresponding Plugin User Guide.
Resources Servers and database assigned to this role. The Plugin role supports failover.
For more information, see "Configuring role failover" on page 61.

Related topics:
• "Role" on page 466

[Link] | Security Center Administrator Guide 5.2 600

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Point of Sale

Point of Sale
The Point of Sale role imports transaction data from an external point of
sale (POS) system so that transaction reports can be generated from
Security Desk for investigation purpose.

The transactions are tied to the cash registers that were used to capture
these transactions. Security Center can link Omnicast cameras to these
cash registers, allowing users to search video sequences based on the
transaction details. For more information, see “Transactions” in the
Security Desk User Guide.
IMPORTANT For a user to view transaction reports in Security Desk, the Point-of-Sale plugin
must be enabled on the machine where Security Desk is installed. For more information, see
“Enable Point-of-Sale plugin” in the Security Center Installation and Upgrade Guide.
System: General
Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Description of the external (third party) POS system database.

Cash registers Cash registers corresponding to the transactions imported by this role.

Resources Servers, database, and failover configuration for this role.

Related topics:
• "Cash register" on page 404

[Link] | Security Center Administrator Guide 5.2 601

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Point of Sale

Properties
The Properties tab lets you configure how this role is to get the transaction data from the external
POS system, and how long these data should be kept in Security Center.

Parameters for getting the transaction data

The Point of Sale role gets its data from the external POS system by polling its database at regular
intervals. The first set of parameters tells the role how to get these data.
• Database server. Database server used by the external POS system.
• Database. Database name used by the external POS system.
• Transaction header table. Table name used for transaction headers.
• Transaction details table. Table name used for transaction details (or transaction line
items).
• Fetch transaction every. Frequency at which the role should poll the POS database for new
data.

Housekeeping parameters for the saved transaction data

Data fetched from the external POS database are saved to a database in Security Center. The
local database where the transaction data is stored is configured in the Resources tab.

[Link] | Security Center Administrator Guide 5.2 602

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Point of Sale

• Retention period. Number of days the transaction data should be kept locally.
• Cleanup period. Frequency of the local database cleanup.
• Cleanup time. Scheduled database cleanup start time.

Cash registers
The Cash registers tab lets you configure the cash registers (or terminals) whose associated
transactions ought to be downloaded from the external POS database (see Properties tab).

Add a cash register

Add cash registers to have the Point of Sale role import their associated transactions from the
external POS system.
1 Select the Point of Sale role from the System – Roles.
2 Select the Cash registers tab and click at the bottom of the list.
3 In the Cash register properties dialog box, enter the following:
 Name. Name of the cash register entity.
 Description. Description of the cash register entity.
 ID. External identifier (or primary key) used to identify the cash register in the external
POS database.

[Link] | Security Center Administrator Guide 5.2 603

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Point of Sale

 Partition. Partition the created cash register entity should belong to. Click to select
different partition from your system.
4 Click Save.
5 Click Apply.
The new cash register entities are created and appear in the Logical view. You can associate
cameras to the cash register entities. For more information, see "Cash register" on page 404.

Resources
The Resources tab allows you to configure the servers and database assigned to this role.

Servers
All server management principles are the same for the Point of Sale role as with any other role.
For more information, see "Managing servers and roles" on page 47.

Database
All database management principles are the same for the Point of Sale role as with any other role.
For more information, see "Managing databases" on page 52.

[Link] | Security Center Administrator Guide 5.2 604

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report Manager

Report Manager
The Report Manager role automates report emailing and printing based
on schedules.
Only one instance of this role is permitted per system.
This role is created by default at system installation and hosted on your
main server.

System: General
Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties General parameters within which this role should operate.

Resources Servers and failover configuration for this role.

Properties
The Properties tab lets you configure the default behavior of this role.

[Link] | Security Center Administrator Guide 5.2 605

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report Manager

Maximum number of results

Sets the maximum number of results that can be returned by any report. This limit helps prevent
a broadly defined query from freezing your computer when too many results are returned.
When the query reaches the specified limit, it stops automatically with a warning message.
NOTE The maximum value you can set is 10,000.

Resources
The Resources tab lets you configure the servers for hosting this role. The Report Manager role
does not require a database.

Servers
All server management principles are the same for the Report Manager role as with any other
role. For more information, see "Managing servers and roles" on page 47 and "Configuring role
failover" on page 61.

[Link] | Security Center Administrator Guide 5.2 606

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Security Center Federation

Security Center Federation

The Security Center Federation role imports entities from an remote
Security Center system so that its entities and events can be used by your
local Security Desk users.
The federation role acts as a proxy between your local clients and the
remote Security Center system they need to connect to.

Multiple instances of this role can be created on the system.

System: General
Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system. This is also where you set the value of role group for very large scale
Federation deployment.
Properties Connection parameters to the remote Security Center system, and default
video stream and of events to receive from it.
Resources Servers and failover configuration for this role.

Related topics:
• "Federating remote systems" on page 128
• "Federating Security Center systems" on page 133
• "Omnicast Federation" on page 596

[Link] | Security Center Administrator Guide 5.2 607

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Security Center Federation

Identity
The Identity tab provides descriptive information about this role lets you jump to the
configuration page of related entities. For more information, see "Identity" on page 336.

Role group
The role group is an advanced setting that is necessary only if you plan on hosting more than
100 Security Center Federation roles on the same server. For more information, see "What is a
role group?" on page 134.

To make this setting appear:

Click inside the Name field and type Ctrl+Shift+A.

[Link] | Security Center Administrator Guide 5.2 608

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Security Center Federation

Properties
The Properties tab allows you to configure the connection parameters to the remote Security
Center system, and the default video stream and events you wish to receive from it.

Connection parameters
The top section identifies the remote Omnicast system and its connection status.
• Connection status. Shows the connection status of the federation role to the remote system.
• Server. Name of the main server (Directory) for the remote Security Center system.
• Username and password. Credentials used by the federation role to log on to the remote
Security Center system. The rights and privileges of that user will determine what your local
users will be able to see and do on the federated remote system.

Received information
The bottom section describes the default video stream and events you wish to receive from the
federated system. Events are necessary if you plan to monitor the federated entities in Security
Desk or to configure event-to-actions for the federated entities.

[Link] | Security Center Administrator Guide 5.2 609

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Security Center Federation

Resources
The Resources tab lets you configure the servers for hosting this role. The federation role does
not require a database.

Servers
All server management principles are the same for the Security Center Federation role as with
any other role. For more information, see "Managing servers and roles" on page 47 and
"Configuring role failover" on page 61.

[Link] | Security Center Administrator Guide 5.2 610

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Web-based SDK

Web-based SDK
The Web-based SDK role exposes the Security Center SDK methods and
objects as Web services to support cross-platform development.
For example, this role allows an application developed on Linux to
interoperate with your Security Center system.
This role mainly exist for clients who need custom development. If you
have such needs, please contact Genetec Professional Services for a quote
through your sales representative or call us at one of our regional offices
around the world. To contact us, visit our Web site at [Link].
System: General
Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties General parameters within which this role should operate.

Resources Servers and failover configuration for this role.

Related topics:
• "Supporting cross-platform development" on page 164
• "Macro" on page 433
• "Tile plugin" on page 484

[Link] | Security Center Administrator Guide 5.2 611

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Web-based SDK

Properties
The Properties tab lets you configure what the external developers need to know to use the Web
services.

Port + Base URI

These two parameters are used to determine the address of the Web service.
For example, with Port=4590 and Base URI=WebSdk, the Web service address would be “http:/
/<computer>:4590/WebSdk/”, where <computer> is the DNS name or public IP address of the
server hosting the Web-based SDK role.

Streaming port
Port where events will be streamed. The user can configure the events he wants to listen to.

Use SSL connection

Turn this option on (default=off) to use SSL encryption for communications with the Web
service.
Once this option is turned on:
• The Web service address will use https instead of http.
• You need to configure the SSL settings:

[Link] | Security Center Administrator Guide 5.2 612

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Web-based SDK

 Certificate. Name of the certificate to use. Use the form: “CN=NameOfTheCertificate”.

The certificate must be registered in Windows. You can find procedures on the Web on
how to do just that.
 Bind certificate to port. Turn this option on (default=off) to bind the certificate to the
port. This operation does the same thing as you would normally do under Windows.

Resources
The Resources tab lets you configure the servers for hosting this role. The Web-based SDK does
not require a database.

Servers
All server management principles are the same for the Web-based SDK role as with any other
role. For more information, see "Managing servers and roles" on page 47 and "Configuring role
failover" on page 61.

[Link] | Security Center Administrator Guide 5.2 613

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone Manager

Zone Manager
The Zone Manager role manages virtual zones and triggers events or
output relays based on the inputs configured for each zone. It also logs
the zone events in a database for zone activity reports.

Multiple instances of this role can be created on the system.

System: General – Zone management

Task: System – Roles

Identity Name, description, and relationships of this role with other entities in the
system.
Properties Database retention period for zone events.

Resources Servers, database, and failover configuration for this role.

Related topics:
• "Managing zones" on page 160
• "Zone (virtual)" on page 510

[Link] | Security Center Administrator Guide 5.2 614

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone Manager

Properties
The Properties tab lets you configure the retention period of the zone events in the database.

Keep events
Zone events are logged by the Zone Manager for zone activity reports. You can decide for how
long you want to keep them before they are purged from the Zone Manager database.

Related topics:
• “Zone activities” task description in Genetec Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 615

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Zone Manager

Resources
The Resources tab allows you to configure the servers and database assigned to this role.

Servers
All server management principles are the same for the Zone Manager role as with any other role.
For more information, see "Managing servers and roles" on page 47 and "Configuring role
failover" on page 61.

Database
All database management principles are the same for the Zone Manager role as with any other
role. For more information, see "Managing databases" on page 52.

[Link] | Security Center Administrator Guide 5.2 616

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 15
Administration tasks
This section lists all Security Center administration tasks in the order they appear in the Home
page. Each task is covered with a short description, and when applicable, a short description for
each of its configuration groupings.
This section includes the following topics:
• "Alarms" on page 618
• "Logical view" on page 619
• "Network view" on page 621
• "Security" on page 623
• "System" on page 624
• "Video" on page 636
• "Access control" on page 638
• "Intrusion detection" on page 642
• "LPR" on page 644
• "Plugins" on page 655

[Link] | Security Center Administrator Guide 5.2 617

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Alarms

Alarms
The Alarms task allows you to configure alarms and analog monitor
groups.
System: General
License option: Alarms
Category: Administration

The Alarms task includes the following views:

Alarms Lists all alarms in alphabetical order.

For more information, see "Alarm" on page 355.
Monitor groups Lists all monitor groups in alphabetical order.
For more information, see "Monitor group" on page 436.

Related topics:
• "Administration task workspace overview" on page 16
• "Managing alarms" on page 111

[Link] | Security Center Administrator Guide 5.2 618

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Logical view

Logical view
The Logical view task allows you to configure the entities visible in the
Security Desk (such as areas, cameras, doors, elevators, tile plugins,
intrusion detection areas, zones, and so on) and organize them
according to their logical relationships. Areas are used as logical
groupings for other types of entities. Each area can represent a concept
or a physical location.
System: General
Category: Administration

A Currently selected entity (Suite 400).

B Click an entity to view its configuration.
C Jump to the configuration page of the selected entity in the Relationships group.
D See "Contextual command toolbar" on page 17.

[Link] | Security Center Administrator Guide 5.2 619

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Logical view

Related topics:
• "Administration task workspace overview" on page 16
• "Managing the Logical view" on page 85

[Link] | Security Center Administrator Guide 5.2 620

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Network view

Network view
The Network view task allows you to configure the networks and servers
in your system, and organize them according to your network topology.
System: General
Category: Administration

A Currently selected entity (Montreal network entity).

B Click an entity to view its configuration.
C Configuration pane of the selected entity.
D See "Contextual command toolbar" on page 17.

Related topics:
• "Administration task workspace overview" on page 16
• "Managing the Network view" on page 82

[Link] | Security Center Administrator Guide 5.2 621

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Network view

• "Network" on page 438

• "Server" on page 475

[Link] | Security Center Administrator Guide 5.2 622

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Security

Security
The Security task allows you to configure the entities that pertain to the
software security of your system, such as users, user groups, and
partitions.
System: General
License option: None required
Category: Administration

The Security task includes the following views:

Users Lists all users in alphabetical order.

For more information, see "User" on page 486.
User groups Lists all user groups in alphabetical order.
For more information, see "User group" on page 493.
Partitions Lists all partitions in alphabetical order.
For more information, see "Partition" on page 451.

Related topics:
• "Administration task workspace overview" on page 16
• "Managing software security" on page 89

[Link] | Security Center Administrator Guide 5.2 623

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

System
The System task allows you to configure the system level settings as well
as all system entities that are not visible in the Logical view, such as
alarms, macros, schedules, and so on.
System: General
License option: None required
Category: Administration

The System task includes the following views:

General settings Lets you configure the system level settings.

Roles List all roles in alphabetical order.

For more information, see "Role" on page 466.
Schedules Lists all schedules in alphabetical order.
For more information, see "Schedule" on page 467.
Scheduled tasks Lists all scheduled tasks in alphabetical order.
For more information, see "Scheduled task" on page 473.
Macros Lists all macros in alphabetical order.
For more information, see "Macro" on page 433.
Output Lists all output behaviors in alphabetical order.
behaviors For more information, see "Output behavior" on page 441.

General settings
The General settings view includes the following settings pages:
• "Custom fields" on page 625
• "Events" on page 628
• "Actions" on page 630
• "Logical ID" on page 631
• "User password settings" on page 632
• "Activity trails" on page 633
• "Audio" on page 634
• "Threat levels" on page 635

[Link] | Security Center Administrator Guide 5.2 624

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Custom fields
(Only visible to administrative users) The Custom fields page is where you define custom fields
and custom data types for your system entities. It contains two individual tabs:
• "Custom fields" on page 625
• "Custom data types" on page 627

Custom fields
The Custom fields tab lists all custom fields defined in your system and allows you to add new
ones.

Each custom field is characterized by the following properties:

• Entity icon/Field name. Custom field name and the entity type using it.
• Data type. Custom field data type. The default data types are:
 Text. Alphanumeric text.
 Numeric. Integers in the range -2147483648 to 2147483647.
 Decimal. Real numbers from -1E28 to 1E28.
 Date. Gregorian calendar date.
 Date/Time. Gregorian calendar date and time.

[Link] | Security Center Administrator Guide 5.2 625

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

 Boolean. Boolean data, represented by a check box.

 Image. Image file. The supported formats are: bmp, jpg, gif, and png.
 Entity. Security Center entity. Users will have to use the Search tool to set the value for
this type of fields. For more information, see "Search for entities using the Search tool"
on page 43.
Data types can also be user defined. For more information, see "Add a custom data type" on
page 138.
• Default value. (Optional) Preset default values are provided for certain data types. This
column displays the default value that was selected when defining the custom field. The
selected value will appear when the field is displayed in the specific entity.
• Mandatory. (Optional) A value must be provided with this type of fields otherwise the
system will not accept your changes.
• Value must be unique. (Optional) Indicates a key field. This option does not apply to fields
using custom data types.
• Group name/Priority. (Optional) Name the custom field is grouped under, and the field’s
order of appearance within the group. For an example, see "Custom fields" on page 339. No
group (1) is the default value. Custom fields that belong to no group appear first in the
entity’s custom field page.
• Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom
field is part of is part of a shared global entity definition.

Related topics:
• "Add a custom field" on page 136
• "Managing global cardholders" on page 300

[Link] | Security Center Administrator Guide 5.2 626

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Custom data types

The Custom data types tab lists all custom data types defined in your system and allows you to
add new ones.

Each custom data type is characterized by the following properties:

• Custom data type. Name of the custom data type.
• Description. Optional data type description.
• Values. Enumeration of acceptable values (text strings) for this data type.
• Owner. (Optional) Name of the Global Cardholder Synchronizer role when the custom
data type is part of a shared global entity definition.

Related topics:
• "Add a custom data type" on page 138
• "Modify a custom data type" on page 139
• "Managing global cardholders" on page 300

[Link] | Security Center Administrator Guide 5.2 627

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Events
(Only visible to administrative users) The Events page allows you to define the following:
• "Event colors" on page 628
• "Custom events" on page 629

Event colors
The Event colors tab allows you to assign different colors to different system events.

Event colors are used as visual cues in the Security Desk Monitoring task (event list and display
tiles). For example, you can use red to indicate a critical event (someone attempted to use a stolen
credential), and blue to indicate a less critical event (access granted).

For more information, see “Monitoring” in the Genetec Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 628

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Custom events
The Custom events tab allows you to view and add custom events to your system.

Custom events are names and identifiers given to input events. They are used to configure
custom event-to-actions. For example, for a zone entity, you can associate the state of an input
(normal, active, trouble) to a custom event such as Illegal entry. This custom event can then be
used in an event-to-action sequence. For more information, see "Managing zones" on page 160.

[Link] | Security Center Administrator Guide 5.2 629

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Actions
The Actions page allows you to create event-to-actions for your system, and search for the ones
that have already been defined, by source entity (name and type), event type, and action type.

Event-to-action list
Each row in this page corresponds to one event-to-action.
• Entity. Source entity, or the entity to which the event is attached.
• Event. Name of the event that would trigger the action.
• Action. Name of the action triggered by the event.
• Arguments. Information required for the action. For example, if the action is Trigger alarm,
the argument is the alarm type that is triggered. Or, if the action is Send a message, the
argument is the email recipient.
• Details. Additional details about the action.
• Schedule. Schedule that regulates this event-to-action. Event occurring outside the time
range covered by the schedule would not trigger any action.

Related topics:
• "Using event-to-actions" on page 106

[Link] | Security Center Administrator Guide 5.2 630

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Logical ID
The Logical ID page allows you to view and assign logical IDs to all entities defined in your
system.

Show logical ID for

Logical IDs must be unique across all entities of a same group. The different groups of entity
types are listed in this drop-down list.
NOTE Not all entity types can be selected by group. To view all entities, select All types.
Scroll through the pages using the and buttons.
To assign or change a logical ID, type in the box in the ID column.
TIP You can also change the logical ID from the Identity tab of each entity’s configuration page.
For more information, see "Identity" on page 336.

Hide unassigned logical IDs

Select this option to show only entities with a logical ID assigned.

[Link] | Security Center Administrator Guide 5.2 631

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Alarm monitoring
Assign a logical ID to the Alarm monitoring task in Security Desk. This allows the Security Desk
user to call up the Alarm monitoring task with the keyboard. For more information, see “Alarm
monitoring” in the Security Desk User Guide.

User password settings

(Only visible to administrative users) The User password settings page is where you can enforce
a minimum complexity on all user passwords created on your system, and to configure the
advanced password expiry notification period (0 to 30 days).

NOTE The password complexity is not enforced on existing passwords.

[Link] | Security Center Administrator Guide 5.2 632

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Activity trails
(Only visible to administrative users) The Activity trails page allows you to select the types of
activity (or events) to be logged for Activity trails task in Security Desk.

For more information, see "Investigating user related activity on the system" on page 182.

[Link] | Security Center Administrator Guide 5.2 633

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Audio
(Only visible to administrative users) The Audio page shows all the sound bites (.wav files)
available to your system. Sound bites can be used to alert you on certain events, such as when
you receive a new alarm, or to be used with the Play a sound action.

Security Center is installed with a default selection of sound bites (.wav files). You can add,
delete, or rename any sound bite in the list.

To add a new sound bite:

1 Click , select a .wav file from the dialog box that appears, and click Open.
A new sound bite bearing the name of selected .wav file is added to the list.
2 (Optional) Select the new sound bite, and click to change its name.
3 To listen to the new sound bite, click .

[Link] | Security Center Administrator Guide 5.2 634

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 System

Threat levels
(Only visible to administrative users) The Threat levels page lists all threat levels configured in
your system and allows you to add new ones, and to modify and delete existing ones.

Threat level list

Each row in this page corresponds to one threat level.
• Threat level. Threat level name.
• Description. Threat level description .
• Color. Color identifying this threat level. The Security Desk background turns to this color
when the threat level is set at the system level.
• Activation actions. Number of actions in the threat level activation list. These actions are
executed by the system when the threat level is set.
• Deactivation actions. Number of actions in the threat level deactivation list. These actions
are executed by the system when the threat level is cleared.
For more information, see "Managing threat levels" on page 117.

[Link] | Security Center Administrator Guide 5.2 635

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video

Video
The Video task allows you to configure the video management specific
roles and the video units they control.
System: Omnicast IP video surveillance
License option: Omnicast
Category: Administration

A Selected entity (Axis PTZ).

B Click an entity to view its configuration.
C Configuration pane of the selected entity.
D See "Contextual command toolbar" on page 17.

Related topics:
• "Administration task workspace overview" on page 16
• "What are the Omnicast entities?" on page 188

[Link] | Security Center Administrator Guide 5.2 636

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Video

• "Archiver" on page 525

• "Auxiliary Archiver" on page 547
• "Media Router" on page 591
• "Video unit" on page 498
• "Camera (video encoder)" on page 372

[Link] | Security Center Administrator Guide 5.2 637

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control

Access control
The Access control task allows you to configure the general settings for
access control and the related entities such as Access Manager roles,
access control units, access rules, cardholders, credentials, badge
templates, and so on, that are not found in the Logical view.
System: Synergis IP access control
License option: Synergis
Category: Administration
The Access control task includes the following views:

Roles and units Shows the access control specific roles and the units they control in a
hierarchy. For more information, see "Access Manager" on page 515 and
"Access control unit" on page 341.
Cardholders Lists all cardholders in alphabetical order.
For more information, see "Cardholder" on page 399.
Cardholder Lists all cardholder groups in alphabetical order.
groups For more information, see "Cardholder group" on page 402.
Credentials Lists all credentials in alphabetical order.
For more information, see "Credential" on page 405.
Access rules Lists all access rules in alphabetical order.
For more information, see "Access rule" on page 353.
Badge templates Lists all badge templates in alphabetical order.
For more information, see "Badge template" on page 369.
General settings Lets you configure the general settings pertaining to access control and to
install and configure custom card formats.

Related topics:
• "How does Synergis work?" on page 255
• "Access Manager" on page 515
• "Global Cardholder Synchronizer" on page 561
• "Access control unit" on page 341
• "Access rule" on page 353
• "Badge template" on page 369
• "Cardholder" on page 399
• "Cardholder group" on page 402
• "Credential" on page 405

[Link] | Security Center Administrator Guide 5.2 638

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control

Roles and units

The Access control – Roles and units view shows the access control roles and the units they control
in a hierarchy.

A Selected view (Roles and units).

B Select an entity to configure.
C Configuration pane of the selected entity.
D See "Contextual command toolbar" on page 17.

Related topics:
• "Administration task workspace overview" on page 16
• "Access Manager" on page 515
• "Global Cardholder Synchronizer" on page 561
• "Access control unit" on page 341

[Link] | Security Center Administrator Guide 5.2 639

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control

General settings
The Access control – General settings view lets you configure the general settings pertaining to
access control, and to install and configure custom card formats.

A Selected view (General settings).

B List of card request reasons. See "Card request reasons" on page 641.
C List of installed custom card formats. Click to open the Custom card format editor. See
"Custom card formats" on page 641.
D See "Contextual command toolbar" on page 17.

Trigger event ‘Entity is expiring soon’

Cardholders and credentials can be set to expire on a certain date. Turn this option on
(default=off) to have Security Center generate the Entity is expiring soon event n days before a
cardholder or a credential expires. The purpose of this event is so that you can use it to trigger
an action (such as Send a message) to warn someone of the upcoming expiry.
NOTE Credentials associated to an expired cardholder will inherit the status of the latter (though
this does not show in the configuration of any credential).

[Link] | Security Center Administrator Guide 5.2 640

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control

Create incident before door state override

Turn this option on (default=off) to prompt the Security Desk user to report an incident every
time they lock or unlock a door manually, or override the unlock schedule assigned to the door.
For more information, see “Manually controlling door access” and “Reporting an incident” in
the Security Desk User Guide.

Card request reasons

If a user does not have a printer on site, or close by when they are creating a cardholder from the
Cardholder management task, they can request a credential card to be printed by another user
on the system. In the Card request reasons section, you can create reasons for users to choose
from to explain why they are requesting a card. For example, a common reason could be “no
printer on site”.
• To add a card request reason, click .
• To modify a card request reason, click .
• To delete a request reason, click .
For more information about requesting credentials, see “Request a credential card” in the
Security Desk User Guide.

Maximum picture file size

Set the maximum size of a picture file (such as a cardholder picture) saved in the Directory
database. Large picture files (like the ones produced by digital cameras) can quickly use up the
space in the Directory database and impact performance. When loading image files, Security
Center automatically reduces the image size so their file size falls under the set limit. The default
value is 20 KB. You can set this limit anywhere between 20 and 500 KB.
NOTE This value is also used and modified by the Import tool. For more information, see
"Import tool" on page 663.

Custom card formats

Security Center allows you to define custom card formats. The custom card formats defined in
your system are listed here. For more information, see "Using custom card formats" on page 290.

You can add, delete, and modify custom card formats using the Custom card format editor. For
more information, see Tools – "Custom card format editor" on page 676.

[Link] | Security Center Administrator Guide 5.2 641

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion detection

Intrusion detection
The Intrusion detection task allows you to configure the Intrusion
Manager roles and the intrusion detection units they control
System: Intrusion detection
License option: Number of intrusion detection units > 0.
Category: Administration

A Selected entity (Bosh GV3).

B Select an entity to configure.
C Configuration pane of the selected entity.
D See "Contextual command toolbar" on page 17.

Related topics:
• "Administration task workspace overview" on page 16
• "Managing intrusion panels" on page 155

[Link] | Security Center Administrator Guide 5.2 642

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Intrusion detection

• "Intrusion Manager" on page 567

• "Intrusion detection unit" on page 427

[Link] | Security Center Administrator Guide 5.2 643

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

LPR
The LPR task allows you to configure the general settings for LPR
(license plate recognition) and the related entities such as LPR Manager
roles, LPR units, hotlists, permits, overtime rules, and so on, that are not
found in the Logical view.
System: AutoVu IP license plate recognition
License option: AutoVu
Category: Administration
The LPR task includes the following views:

Roles and units Shows the LPR Manager roles and the LPR and Patroller units they control as
a hierarchy. For more information, see:
• "LPR Manager" on page 571.
• "LPR unit" on page 430.
• "Patroller" on page 454.
Hotlists Lists all hotlists in alphabetical order.
For more information, see "Hotlist" on page 418.
Overtime rules Lists all overtime rules in alphabetical order.
For more information, see "Overtime rule" on page 443.
Parking facilities Lists all parking facilities in alphabetical order.
For more information, see "Parking facility" on page 448.
Permit Lists all permit restrictions alphabetical order.
restrictions For more information, see "Permit restriction" on page 461.
Permits Lists all permits in alphabetical order.
For more information, see "Permit" on page 457.
General settings Lets your configure the general settings pertaining to license plate recognition
and the generation of LPR hits.

Related topics:
• “About AutoVu” in the AutoVu Handbook.

[Link] | Security Center Administrator Guide 5.2 644

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

Roles and units

The LPR – Roles and units view shows the LPR Manager roles and the units they control in a
hierarchy.

A Selected view (Roles and units).

B Select an entity to configure.
C Configuration pane of the selected entity.
D See “Contextual command toolbar” in the Security Center Administrator Guide.

[Link] | Security Center Administrator Guide 5.2 645

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

General settings
The General settings view includes the following settings pages:
• "Applications" on page 646
• "Hotlist" on page 648
• "Overtime rule" on page 650
• "Permit" on page 651
• "Annotation fields" on page 652
• "Updates" on page 653

Applications
The Applications tab lets you configure how Security Desk displays maps in the Monitoring and
Route playback tasks. You can also limit the number of logon attempts in Patroller, enforce
Patroller privacy settings, and set the attributes a Patroller user must enter when enforcing a hit.

[Link] | Security Center Administrator Guide 5.2 646

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

• Map type. Display-only field showing the type of map system supported by your Security
Center license. The choices are Bing, MapInfo, and None.
• Color for reads. Click to select the color used to show license plate reads on maps.
• Initial longitude/latitude. Set the default starting location for map view in Security Desk.
You can type the coordinates in the fields or click Select and zoom in on a location and click
Select. A red pushpin appears to indicate the selected position.
• Logon attempts before lockdown. You can specify the number of unsuccessful logon
attempts a Patroller can make before the account is locked out. For example, if the limit is
set to 3, Patroller users have three attempts to log on to Patroller with their username and
password. On the fourth attempt, their accounts will be locked and they won’t be able to
logon. Users with locked accounts must contact their administrators in order to have the
password reset. Patroller must be connected to the Security Center server for the password
to be reset.
• Privacy. You can configure Patroller to obscure plate numbers, or exclude plate, context, or
wheel images from reads and hits so that the information is not stored in the LPR Manager
database. These settings allow you to comply with privacy laws in your region:
 License plate, context, or wheel images. When switched to On, images are not sent to
Security Center or included in offloaded data.
 License plate. When switched to On, the plate number text string is replaced by asterisks
(*) when sent to Security Center or in the offloaded data.
At the hotlist level, you have the option of overriding these privacy settings for the purpose
of sending an email with real data to a specific recipient (see "Advanced" on page 422).
• Enforced hit attributes. Create text entry fields that Patroller users must enter text in when
they enforce a hit. The information from the enforced hit text fields can be queried in the
Security Desk hits report.

[Link] | Security Center Administrator Guide 5.2 647

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

Hotlist
The Hotlist tab allows you to define the customized attributes, reasons, and categories that will
appear in Patroller when the user adds a New wanted entry, or rejects or accepts a hit. The
settings are downloaded to Patroller along with the selected hotlists when Patroller connects to
Security Center. These settings are also available as filter options for hit reports in Security Desk.

• New wanted attributes. A new wanted is a hotlist item that is manually entered by the
Patroller user. The new wanted attributes are attributes other than the standard ones (plate
number, plate issuing state, category) that the Patroller user is asked to specify when
entering a new wanted item in the Patroller. One category is pre-configured for you when
you install Security Center.
For more information, see “Configuring New wanted attributes and categories in the
AutoVu Handbook.
• New wanted categories. List of hotlist categories that a Patroller user can pick from when
entering a new wanted item. The category is the attribute that says why a license plate
number is wanted in a hotlist. Several categories are pre-configured for you when you install
Security Center.

[Link] | Security Center Administrator Guide 5.2 648

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

For more information, see “Configuring New wanted attributes and categories in the
AutoVu Handbook.
NOTE BOLO is an acronym for “be on the lookout”, sometimes referred to as an all-points
bulletin (APB).
• Hit reject reasons. List of reasons for rejecting hotlist hits. These values also become
available as Reject reason filter options for generating hit reports in Security Desk. Several
categories are pre-configured for you when you install Security Center.
For more information, see “Configure hit accept and hit reject reasons” in the AutoVu
Handbook.
• Hit accept reasons. Create a survey that contains information Patroller users must provide
when they accept a hit. The information from the hit survey can be queried in the Security
Desk Hit report. There are no pre-configured categories for this option. The category you
see above is an example only.
For more information, see “Configure hit accept and hit reject reasons” in the AutoVu
Handbook.
• Enable “No infraction” button. Select this option to enable the No infraction button in the
Patroller hit survey. This button allows the Patroller user to skip the hit survey after
enforcing a hit.

[Link] | Security Center Administrator Guide 5.2 649

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

Overtime rule
The Overtime rule tab allows you to define the custom reject reasons for overtime hits. The
values defined here are downloaded to Patrollers and are available as Reject reason filter options
for generating hit reports in Security Desk.

One category is pre-configured for you when you install Security Center.

[Link] | Security Center Administrator Guide 5.2 650

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

Permit
The Permit tab allows you to define the custom reject reasons for permit hits, and to select the
minimum elapsed time for shared permit violations (University Parking Enforcement only). The
values defined here are downloaded to Patrollers and are available as Reject reason filter options
for generating hit reports in Security Desk.

One category is pre-configured for you when you install Security Center.

• Hit reject reasons. List of reasons for rejecting permit hits or shared permit hits. These
values also become available as Reject reason filter options for generating hits reports in
Security Desk.
• Maximum elapsed time for shared permit violation. This parameter defines the time
period used by University Parking Enforcement Patrollers to generate shared permit hits. A
shared permit hit is generated when two vehicles sharing the same permit ID are parked in
the same parking zone within the specified time period.
For example, let’s say you’re using the default 120 minutes (two hours), and license plates
ABC123 and XYZ456 are sharing the same parking permit. If Patroller reads plate ABC123

[Link] | Security Center Administrator Guide 5.2 651

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

at 9:00 A.M., and then reads plate XYZ456 at 11:01 A.M., Patroller does not raise a hit
because the time exceeds the 120 minutes.

Annotation fields
The Annotation fields tab allows you to define additional selectors to appear in Security Desk
Reads or Hits report. To be valid, the selector must relate exactly to the information contained in
the actual read or hit.
EXAMPLE If you configure CarModel and CarColor as an Enforced hit attribute (see
"Applications" on page 646), the Patroller user will be asked to enter the car’s model and color
when enforcing a hit, and the information will be stored with the hit. Specifying CarColor as an
Annotation field will allow the values entered by the user to be displayed in a Hits report.

You can also add user custom fields to annotation fields in order to associate a user’s metadata
with individual reads and hits. This allows you to query and filter for the user custom fields in
Security Desk Reads and Hits reports.
“Associate user custom fields with reads and hits” in the AutoVu Handbook

[Link] | Security Center Administrator Guide 5.2 652

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

Updates
The Updates tab allows you to update Patrollers and Sharp units with hotfixes or new sound files
for hit alerts. You can also update services on Sharp units, and upgrade Sharp firmware. Before
you can send updates, you need to receive the updates from Genetec and place them in the
Updates folder under the LPR Root folder.

For more information, see “Updating Patroller and Sharp units from Security Center” in the
AutoVu Handbook.

• Collapse all. Collapses all items in the Entity field.

• Expand all. Expands all items in the Entity field.
• Update all. Update all units that are controlled by the currently-selected LPR Manager. This
button updates only the units on the current tab. For example, if you’re on the Patroller and
Sharp units tab, you’ll update all Patrollers and Sharp units on the list.
• Status. Shows the status of the update. The possible statuses are:
 Not available. Updater service is not supported (for example, Sharp versions 1.5 and 2.0
with less than 512 MB RAM).
 Entitled. The client machine can receive the update.

[Link] | Security Center Administrator Guide 5.2 653

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 LPR

 Synchronizing. The client machine has started synchronizing with the server.
 Synchronized. All update files have been successfully downloaded to the client machine.
The client machine is waiting for the update to be applied.
 Installing. Client machine has accepted the update, and has started replacing outdated
files with new files.
 Installed. The new updates have successfully been applied to the client machine.
 Uninstalling. The update is being removed from the client machine.
 Uninstalled. The update has been successfully removed from the client machine.
 Error. An error occurred in the update process.
• Drop folder. Opens the required folder for you to copy the update file. For example,
clicking the drop folder icon for a Patroller entity opens
C:\Genetec\AutoVu\RootFolder\Updates\Patroller (default location).
NOTE If Security Center is running on a computer that doesn’t have access to the server
computer, clicking the drop folder opens the My Documents folder on the local machine.
• Patrollers and Sharp units. Displays the Patrollers and Sharp units (fixed and mobile) that
are eligible for an update.
• Update services. Displays the Sharp services that are eligible for an update.
• Firmware upgrade. Displays the Sharp units that are eligible for a firmware upgrade.

[Link] | Security Center Administrator Guide 5.2 654

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Plugins

Plugins
The Plugins task allows you to configure plugin management roles and
their related entities.
Category: Administration

A Currently selected entity (RF Code Asset Management Plugin).

B Click an entity to view its configuration.
C Configuration pane of the selected entity.
D See "Contextual command toolbar" on page 17.

Related topics:
• "Administration task workspace overview" on page 16

[Link] | Security Center Administrator Guide 5.2 655

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 16
Tools and utilities
This section describes all tools and utilities available in Config Tool. They are presented in the
same order as they appear in the Home page’s Tools page.
NOTE The last three topics are not from the Tools page.
This section includes the following topics:
• "Security Desk" on page 657
• "Access troubleshooter" on page 658
• "Unit discovery tool" on page 659
• "Unit replacement" on page 660
• "Move unit" on page 661
• "Import tool" on page 663
• "Copy configuration tool" on page 674
• "Custom card format editor" on page 676
• "Options dialog box" on page 684
• "Adding shortcuts to external tools" on page 698

[Link] | Security Center Administrator Guide 5.2 656

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Security Desk

Security Desk
The Security Desk is the unified user interface for your Security Center
system. Its user interface is designed to provide consistent operator
workflow across all of the Security Center's main systems, Omnicast,
Synergis, and AutoVu.
Clicking on the Security Desk icon opens this application with the same
credentials you are currently logged on with in Config Tool.

Security Desk tasks are organized into four main categories:

• Operation. Tasks related to the day-to-day Security Center operations.
• Investigation. Tasks allowing you to query the Security Center databases, and those of
federated systems, for critical information.
• Maintenance. Tasks pertaining to maintenance and troubleshooting. These tasks are also
available from Config Tool.

Related topics:
• Genetec Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 657

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access troubleshooter

Access troubleshooter
You can detect and diagnose access configuration problems, using the
Access troubleshooter tool. The Access troubleshooter allows you to:
•Find out who has the right to pass through an access point at a given
date and time. See "Troubleshooting access points" on page 325.
•Find out who has the right to pass through an access point at a given
date and time. See "Troubleshooting cardholder access rights" on
page 326.
• Find out why a given cardholder can, or cannot use an access point at a given date and time.
See "Diagnosing cardholder access rights based on credentials" on page 327.

Related topics:
• "Access control unit" on page 341
• "Access rule" on page 353
• "Cardholder" on page 399
• "Cardholder group" on page 402
• "Door" on page 408
• "Elevator" on page 414

[Link] | Security Center Administrator Guide 5.2 658

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Unit discovery tool

Unit discovery tool

The unit discovery tool is a generic tool that allows you to discover IP
units connected to your network, based on their type (access control or
video), manufacturer, and network properties (discovery port, IP
address range, password, and so on).
Once discovered, the units can be added to your system.

For information about discovering access control units when you do not know their IP address,
see "Add access control units using the Unit discovery tool" on page 268.
For information about discovering video units:
• "What is automatic discovery?" on page 196
• "Add video units using the Unit discovery tool" on page 196

[Link] | Security Center Administrator Guide 5.2 659

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Unit replacement

Unit replacement
The unit replacement tool is used to replace a failed hardware device with
a compatible one, while ensuring that the data associated to the old unit
gets transferred to the new one.

You can replace access control units and video units using the Unit replacement tool.
• For information about replacing access control units, see "Replace access control units" on
page 315.
• For information about replacing video units, see "Replace video units" on page 235.

[Link] | Security Center Administrator Guide 5.2 660

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Move unit

Move unit
Move unit is a generic tool used to move units from one manager role to
another. The move preserves all unit configurations and data. After the
move, the new manager immediately takes on the command and control
function of the unit, while the old manager continues to manage the unit
data collected before the move.

Related topics:
• "Unit replacement" on page 660

Moving units
Before you begin: Please note the following:
• Video unit. The Archiver role must be on the same LAN as the video unit it controls. Unit
manufacturer extensions are automatically created for the type of unit the Archiver needs to
control. However, if you are using custom settings, such as custom logon credentials, you
need to configure them manually on the new Archiver role. For more information, see
"Archiver" on page 525.
• Intrusion detection units. The Intrusion Manager role must be on the same LAN as the
intrusion detection unit it controls. Certain unit manufacturer extensions must be created
and configured manually. If the intrusion panel is physically connected to a serial port on
the server hosting the original role, make sure you do the same with the server hosting the
new role. For more information, see "Intrusion Manager" on page 567.
• Access control units. The Access Manager role must be on the same LAN as the access
control unit it controls. You must also create the unit manufacturer extension manually. For
more information, see "Access Manager" on page 515.
• LPR units. The LPR Manager role must be on the same LAN as the LPR unit it controls.
Also make sure that the discovery port configured on the LPR unit matches that of the new
LPR Manager. For more information, see "LPR Manager" on page 571.
• Patroller units. The LPR Manager role must be able to connect through a wireless network
by the Patroller it manages. The new LPR Manager must use the same settings (hotlists,
permits, Patroller user groups, etc.) as the previous LPR Manager. For more information,
see "LPR Manager" on page 571. You also need to reconfigure the Patroller so it will connect
to the new LPR Manager (IP address and port for live connection, and update provider
port). For more information, see “Patroller Config Tool reference” in the AutoVu
Handbook. Once you’re done, restart the Patroller. It should be discovered by the new LPR
Manager and update its hotlists and permits (if applicable).

[Link] | Security Center Administrator Guide 5.2 661

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Move unit

To move units:
1 From the Home page, click Tools > Move unit.
2 From the drop-down list, select the Unit type you want to move.
3 Select the units you want to move.
4 Select the new manager role from the second drop-down list (Archiver role, Access
Manager role, LPR Manager role, and so on).
The new role must be different from the current role.

5 Click Move to start the process.

When the operation is complete, if you made a mistake or need to move the units again,
repeat Step 3 to Step 5.
6 Click Close.

[Link] | Security Center Administrator Guide 5.2 662

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

Import tool
The Import tool is a Synergis specific tool that allows you to import
cardholders, cardholder groups, and credentials from a CSV file.

The CSV file must be plain text with delimiters (commas, spaces,
periods, and so on) to separate the fields. The delimited fields in the text
files would represent values like first name, last name, cardholder group,
path and filename of employee photo, and so on.
NOTE The use of this tool is limited to administrative users.

Four import scenarios are offered by this tool:

• Import credentials alone (credential name, card format, facility code and card number,
status, and the partition the credential belongs to).
• Import cardholders alone (cardholder name, description, picture, email, status, custom
fields, and the group and partition the cardholder belongs to).
• Import cardholders and credentials together (in this case, the cardholder and the credential
are specified on the same line and automatically linked together).
• Replace old credentials with new ones (see "Replacing old credentials" on page 672).
NOTE The Import tool can also be called from a scheduled task via the Import from file action.
For more information, see "Scheduled task" on page 473.

Related topics:
• "Custom fields" on page 625
• "Custom card format editor" on page 676

Sample import scenario

Let’s import a file containing 3 new cardholders. The sample file we will import is called
[Link] and contains the following lines:
#First name,Last name,Cardholder description,Cardholder email,Picture,Cardholder
group,Cardholder status,Credential name,Facility code,Card number,Credential status

Abdoulai,Koffi,Market
Analyst,akoffi@[Link],C:\Data\Cardholder\Pictures\Abdoulai
[Link],Marketing,Yes,82968378,102,8,active

Andrew,Smith,Sales
Representative,asmith@[Link],C:\Data\Cardholder\Pictures\Andrew
[Link],Sales,Yes,82748590,101,12,active

[Link] | Security Center Administrator Guide 5.2 663

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

Audrey,Williams,Technical
Writer,awilliams@[Link],C:\Data\Cardholder\Pictures\Audrey
[Link],TechWriters,Yes,83748952,104,18,active
This plain text file, [Link] contains 4 rows of text. The first row is a comment line,
listing the cardholder and credential fields that are included in the CSV file as a reference. The
following three rows contain the fields that will be imported. You also can add additional
custom fields if they have been created for cardholder or credentials in Security Center.
For more information, see "Fields that can be imported from a CSV file" on page 668.

Going through the import steps

1 In the Config Tool, click Tools and select the Import tool.
The Import tool window opens.
2 Enter the path to the CSV file you want to import, and click Next.
The Settings page appears.

3 Set the Encoding type.

This is the character encoding used by the selected CSV file. The default selection is the
default encoding used on your PC. If you open the CSV file on your PC and see all the
characters displayed correctly, you do not need to change the default settings.
4 Set the CSV field delimiters (Column, Decimal, Thousand).

[Link] | Security Center Administrator Guide 5.2 664

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

On first use, the tool takes the delimiter settings from Windows Regional Options (Control
Panel > Region and Language > Additional settings).
After the first use, the tool will remember the last delimiter settings you used.
By default, Microsoft Excel also uses the field delimiters from Windows Regional Options
when saving a CSV file. This can be overridden in Excel. It is recommended that you open
the CSV file in WordPad to confirm the formatting delimiters obtained.
When using a space as the Thousands separator, you can specify whether the space is non-
breaking or not.
5 Set where the import is to start.
The first line in a CSV file is 1. You can choose to start the import at any line you want.
For example, you can skip the first line and use it as column headings or a comment line. A
comment line is a line with the hash character (#) in column 1.
6 (Optional) Set the maximum size for picture files.
Large picture files (like the ones produced by digital cameras) can very quickly use up the
configuration database and impact performance. To minimize the impact of large picture
files, the Import tool automatically reduces their sizes before loading them. It does this by
reducing the resolution of the image until its file size falls below the Maximum picture file
size limit.
The default value is taken from your access control system settings. Changing its value in
the Import tool also changes your system settings. For more information, see Access control
– General settings – "Maximum picture file size" on page 641.
7 Add the credential as part of the cardholder key.
By default, the Import tool uses the combination of the first and last name to identify
cardholders. If a cardholder already exists in the database, it is updated with the information
read from the CSV file. If it does not, it is added.
Using just the first and last names to differentiate cardholders might not be enough. One
solution is to combine the credential information to the cardholder key. This is done by
selecting the option Add credential to cardholder key. With this option, two lines from the
CSV file refer to the same cardholder only if they contain the same cardholder first name,
last name and credential data.
NOTE This option is only applicable when both cardholders and credentials are imported
from the same CSV file. When this solution is not applicable, other cardholder information
can be used to strengthen the cardholder identification. We will come to this solution in Step
14.
8 (Optional) Set the default Card format.
The default card format is only used when no credential card format is specified in the CSV
file or when the field identified as Card format in the CSV file is blank.
9 Select the desired Credential operation.
You have two choices:
 Add. This is the default option.

[Link] | Security Center Administrator Guide 5.2 665

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

All credentials read from the CSV file are added as entities to your system. If a credential
already exists in your database, it will be updated.
 Replace. This option allows you to replace old credentials with new ones.
In the Bindings page that comes next, you will find additional field options to specify the
old (previous) and new credential values.
For more information, see "Replacing old credentials" on page 672.
10 (Optional) Set the background transparency of the imported cardholder pictures.
If the cardholder pictures you are importing were taken in front of a chroma key screen, you
can make the picture background transparent. This is helpful if you created a badge
template that has an image in the background.
a Set the Transparency color option to ON.
b Select the color of the chroma key screen the cardholder pictures were taken in front of
(usually green or blue).
c Set transparency percentage.
11 (Optional) Set a default Badge template for the imported cardholders.
The badge templates available are ones you have already created in Config Tool. See
"Defining badge templates" on page 292.
12 Click Next.
The Bindings page appears.

[Link] | Security Center Administrator Guide 5.2 666

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

The bindings windows displays sample data from the first row to be imported from your
file. The first row to be imported is the Start line (see Step 5).
13 Bind each sample value to the database field that it should be imported to.
For more information, see "Fields that can be imported from a CSV file" on page 668.
If you need to skip a column in your CSV file, just leave the Binding column blank.
NOTE The information read from the CSV file is used to create new entities in your system.
For entities like cardholders and credentials, a minimum amount of information is required.
If the information is incomplete, you will not be able to move to the next step. For more
information, see "About minimum required information" on page 670.
14 (Optional) Add more fields to the cardholder key.
When you need more than the first and last name to differentiate cardholders, you can
supplement the cardholder key with additional information.
This is done by selecting the Key check box next to each field you want to add to the
cardholder key. Not all fields can be part of the cardholder key. The check box is disabled if
a field is not eligible.
TIP The other method to strengthen the cardholder identification is to add the credential data
to the cardholder key, as described in Step 7.
15 Click Next.
The Import tool imports the contents of your CSV file into the database. A summary
window will appear confirming the number of entities imported and the number of errors
encountered.
16 Click to copy and paste the contents of the report.
17 Click Close.

[Link] | Security Center Administrator Guide 5.2 667

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

Fields that can be imported from a CSV file

The following table describes all database fields that can be imported from a CSV file.

Field name Field type Description

Card format Unsigned integer Credential card [Link] can use one of the
or string following values:
• 0 = Standard 26 bits
• 1 = HID H10306 34 Bits
• 2 = HID H10302 37 Bits
• 3 = HID H10304 37 Bits
• 4 = HID Corporate 1000 (35 Bits)
To specify a custom card format, you must spell
it in exactly the same way as you created it. If no
card format is specified in a CSV line, the
default format specified on the import settings
page is used.

{Format} - Field name See "About card You can specify a field in a specific card format,
facility code and including custom card formats.
numbers" on For more information, see "Custom card format
page 671 editor" on page 676.

{Format} - Field name See "About card Field of an old credential to replace. These
(previous value) facility code and “(previous value)” choices appear only if you
numbers" on selected Replace as Credential operation. For
page 671 more information, see "Replacing old
credentials" on page 672.

Cardholder <Field name> As defined by Cardholder custom field.

the custom field For more information, see "Custom field
limitations" on page 671.

Cardholder group String Name of the cardholder group the cardholder

should belong to. If the cardholder group does
not exist, it will be created in the same partition
as the cardholder.

Credential <Field name> As defined by Credential custom field.

the custom field For more information, see "Custom field
limitations" on page 671.

[Link] | Security Center Administrator Guide 5.2 668

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

Field name Field type Description

Credential card data String The card data field allows the user to fill in the
data for both standard and custom card
formats. When this field is specified, the facility
code and the card number fields are ignored.
For all standard card formats, the string must
contain the facility code followed by the card
number. The accepted separators are the ‘/’ and
‘|’ characters. For example “35/20508”
corresponds to Facility code= 35 and Card
number = 20508.
For a custom card format, the data should be
arranged according to the custom card format
definition.

Description String Cardholder entity description.

Email String Cardholder email address.

First name String Cardholder first name. This field is part of the
default cardholder key.

Last name String Cardholder last name. This field is part of the
default cardholder key.

Name String Credential entity name. If no name is specified,

the default value “Imported credential” or
“Unassigned imported credential” is used.

Partition String Name of the partition the cardholder should

belong to. If the partition does not exist, it will
be created. If it is not specified, the cardholder is
put in the system partition. For more
information, see "Differences between Public
and System partitions" on page 91.

Partition String Name of the partition the credential should

belong to. If the partition does not exist, it will
be created. If it is not specified, the credential is
put in the system partition. For more
information, see "Differences between Public
and System partitions" on page 91.

Picture String Path to a cardholder picture file (bmp, jpg, gif,

or png). The path must reference a file located
on the local machine or on the network.

PIN Unsigned integer Credential corresponding to a PIN. Valid range

is between 0 and 65535.

[Link] | Security Center Administrator Guide 5.2 669

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

Field name Field type Description

Status Boolean Cardholder status. The following values are

accepted (not case sensitive):
• 1, True, Yes = Profile enabled
• 0, False, No = Profile disabled

Status String Credential status. The following values are

accepted (not case sensitive):
• Active
• Inactive
• Lost
• Stolen
• Expired

About minimum required information

The information found in the CSV file must be coherent or it will not be accepted by the Import
tool. When required information is missing, the Next button in the Bindings page is disabled.
Each type of imported entity requires a minimum amount of information.

The following table describes what is required for each type of entity.

Entity type Minimum information required

Credential You have the choice of two credential keys:

• Supply all fields required by a given card format.
• Supply the Credential card data.
If you choose a custom card format, all fields required by your card format must
be bound to a column in the CSV file. Otherwise, the CSV file will be rejected.
When credential are being imported, either one of these two keys must be
present. If both keys are missing values, the line will be discarded. If both keys
are present, only the card data is imported.

Cardholder The default cardholder key is the combination of the cardholder’s first and last
name. One of these two fields must be bound to a CSV column if cardholders are
to be imported.
When cardholders are being imported, all CSV lines must have a value in at least
one of these two fields. If not, the line would be discarded.

Cardholder group Only the cardholder group name is required. Missing the cardholder group will
not cause a line to be discarded.

Partition Only the partition name is required. Missing the partition name will not cause a
line to be discarded.

[Link] | Security Center Administrator Guide 5.2 670

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

Custom field limitations

You can import cardholder and credential custom field values from CSV files with the following
limitations:
• You cannot import custom fields using the Entity data type.
• Custom fields using the Date data type must be imported with the format ‘YYYY-MM-DD’.
• The Import tool performance decreases as the number of custom fields per imported record
increases.
• When you have a large number of custom fields per record, the number of records you can
import at once might also be limited.
For example, if your records contain 100 custom fields each, including a 25 KB image data
field, you can only import 1000 records at a time.
For more information, see "Custom fields" on page 625.

About card facility code and numbers

Depending on the card format, the facility code might not be necessary. The card number is
always required. The valid number range for the facility code and card number is shown in the
table below. This table describes the standard card formats supported by Security Center.
Additional card formats can be added with the Custom card format editor. For more information,
see "Custom card format editor" on page 676.

Card format Facility code range Card number range

Standard 26 bits 0 to 255 0 to 65 535

HID H10306 34 Bits 0 to 65 535 0 to 65 535 (also known as “Card

ID Numbers”)

HID H10302 37 Bits Not requireda 0 to 34 359 738 367

HID H10304 37 Bits 0 to 65 535 0 to 524 287

HID Corporate 1000 (35 bits) 0 to 4095 (also known as 0 to 1 048 575 (also known as
“Company ID Code” “Card ID Numbers”)

a. If HID H10302 37 Bits is the only card format referenced in your CSV file, it is preferable to
bind the card number to the Security Center Card data field instead of the Card number field
since the facility code is not required. Because a single value is stored in the Credential card
data field, no separator character is needed.

[Link] | Security Center Administrator Guide 5.2 671

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

About entity creations and updates

Security Center supports multiple entities with the same name. If a cardholder already exists in
Security Center with the same first and last name combination as one being imported, only the
first matching cardholder found in the Security Center will be updated (for example, with a new
description from the imported CSV file).

If there are two cardholder groups with the same name (for example, created in two different
partitions) and an imported cardholder is assigned to one of these cardholder groups, the
cardholder will be assigned to the first cardholder group found. The same logic also applies to
partitions.

If the same cardholder is imported twice, each time with a different cardholder group, in the end,
the cardholder will belong to both cardholder groups. Again, the same logic applies to partitions.

However, the association between cardholders and credentials might be treated differently,
depending on whether the credential is part of the cardholder key or not. For more information,
see "Add the credential as part of the cardholder key." on page 665.

EXAMPLE Suppose that the cardholder key is only composed of the cardholder’s first and last
names. The result of importing the following CSV file is the creation of a new cardholder: First
name = Joe, Last name = Dalton, Email =JDalton@[Link], and with two card credentials
(12/555 and 12/556).

First name Last name Facility code Card number Email

Joe Dalton 12 555 jdalton@[Link]

Joe Dalton 12 556 jdalton@[Link]

However, if the credential is also part of the cardholder key, the same CSV file will generate two
separate cardholders with the same first name, last name and email address.

Replacing old credentials

Using the Import tool, you can replace old credentials (for example, if you company wishes to
replace the ID cards of all its employees with new ones).
Before you begin: Create a CSV file with both old and new credential values. Each line must
contain both the old credential and the new credential to replace it with.
1 Start the Import tool as usual.
For more information, see "Going through the import steps" on page 664.
2 In the Settings page, select Replace as Credentials operation, and click Next.
3 In the Bindings page, bind the old credential values with the fields labelled as (previous
value), the new credential values with the fields not labelled as (previous value).

[Link] | Security Center Administrator Guide 5.2 672

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Import tool

NOTE The old and new credential must use the same card format. If the new credentials are
to be assigned to the same cardholders, they must also be specified in the CSV file, and cannot
be different than the current cardholder of the old credentials.
4 Click Next.
The Import tool will change the status of the old credential to Inactive, while creating the
new credential as Active. If the cardholders are also imported in the same file, the new
credentials will be associated to the cardholders.
The result of the operation will be displayed in a summary window.
5 Click to copy and paste the contents of the report.
6 Click Close.

[Link] | Security Center Administrator Guide 5.2 673

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Copy configuration tool

Copy configuration tool

The copy configuration tool helps you save configuration time by copying
the settings of one entity to many others that partially share the same
settings.
NOTE The use of this tool is limited to administrative users.

Using the copy configuration tool

When you have many similar entities to configure, you can save time by copying the settings of
one entity to others of the same type using the Copy configuration tool.
1 Select the Home page overview and select Tools from the Home menu.
2 Select the Copy configuration tool.
The Copy configuration tool wizard window opens.

3 Select an entity type and click Next.

4 Select the source entity you want to copy the settings from, and click Next.
5 Select the options (groups of settings) you want to copy, and click Next.

[Link] | Security Center Administrator Guide 5.2 674

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Copy configuration tool

6 Select the destination: entities you want to copy the settings to, and click Next.
The copying process starts.
7 Click Close when the copying process is completed.

[Link] | Security Center Administrator Guide 5.2 675

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Custom card format editor

Custom card format editor

The custom card format editor is a Synergis-specific tool that allows you
to define your own card formats. It is available from the Access control
task, General settings view.
NOTE This tool is only available to administrative users.

Related topics:
•"Using custom card formats" on page 290

Defining custom card formats

The Custom card format editor allows you to define custom card formats manually or to import
them from XML files.

A Fixed value field (indicated by the padlock icon).

B Card format name and description listed in the Access control task, General settings view.
C Format used to display Credential code in reports.

[Link] | Security Center Administrator Guide 5.2 676

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Custom card format editor

D Select the card format type and length before defining the fields.
E Field designated as the sequence generator (indicated by the plus icon).
F Validate the format with pre-enrolled credentials.
G Import/export card format from XML file.

To define a new custom card format:

1 From the Home page in Config Tool, open the Access control task.
2 Select the General settings view.
3 Below Custom card formats, click ( ) to open the Custom card format editor.
4 Enter the Name and Description of the custom card format.
5 Specify the Card format type and Format length.
 Wiegand (8 to 128 bits)
 ABA (2 to 32 characters)
6 Define the data fields that constitute the custom card format. The total length of the fields
cannot exceed the format length.
 For more information, see "Defining Wiegand fields" on page 678.
 For more information, see "Defining ABA fields" on page 680.
7 (Optional) For Wiegand, you might have to add parity check bits to the format. For more
information, see "Adding parity checks" on page 679.
8 (Optional) For Wiegand, you can designate one field as the sequence generator. The
sequence generator is used in to let you enroll a range of credentials in bulk.

The field
designated as the
sequence
generator allows
you to define a
range of values for
bulk credential
enrollment in
Security Desk

For more information regarding the credential enrollment task, see “Credential enrollment”
in the Security Desk User Guide.
1 (Optional) Enter the format string for printing the credential code.

[Link] | Security Center Administrator Guide 5.2 677

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Custom card format editor

The credential code is the printed form of the credential data. It is an optional column that
is available in most access control related reports.
The Code format string tells the system how to print the credential data. To include a field
in the credential code, the field name must be specified in the code format string as it is
spelled in the card format field definition, between curly brackets “{ }”. The field names are
case-sensitive. Any other characters in the format string that are not found between curly
brackets are printed as is.
For example, with the format string “{Facility}/{Card Number}”, a credential with the
respective field values 230 and 7455 will be printed as “230/7455”.
2 (Optional) Validate the new custom card format with a pre-enrolled credential. Click
Validate with credential, select a pre-enrolled credential from the Search tool, and click
OK.
3 (Optional) Click Export to save the custom card format to an XML file.
Exporting the custom card format to an XML file allows you to import that same card
format definition to other Synergis systems.
4 Click OK to close the Custom card format editor dialog box.
5 Click Apply.

Defining Wiegand fields

A Wiegand field is composed of a series of bits. The maximum field length is 63 bits.

To add a new Wiegand field, click in the Wiegand fields section of the Custom card format
editor dialog box. The following dialog appears.

The mask specifies the bits that are part of the field. The bits are named according to their
respective position in the card format, starting from 0. You can enter the mask as a list of
comma-separated bit positions or as a range of bit positions.
For example, the mask “1,2,3,4,5,6,7,8” can also be written as “1-8” or “1-4,5-8”. Note that the
order of the bits within the field is important. Therefore, “1,2,3,4” is not the same as “4,3,2,1”.

[Link] | Security Center Administrator Guide 5.2 678

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Custom card format editor

As you define each field, it appears graphically in the Wiegand fields section.

NOTE The order of the fields within the format is important. It corresponds to the order that field
values are read from the Credential card data when using the Import tool. For more information,
see "Import cardholders from a flat file" on page 287.

Adding parity checks

If you are defining a Wiegand card format, you can add parity checks to strengthen the validation
of your credentials.

[Link] | Security Center Administrator Guide 5.2 679

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Custom card format editor

To add a parity check:

1 Click in the Parity checks section.
The Parity check dialog box opens.

2 Select the type of parity check (Even or Odd), the position of the Parity bit in the card
format (starts at 0), and the bits that should be evaluated (Mask).
The syntax of the parity check mask is the same as the data field mask, except that in this
case, the order of the bits is not important.
3 Click OK.
As parity checks are defined, they appear in the Parity checks list.

NOTE The order of the parity checks in the list is important. It corresponds to the order in
which the parity checks are evaluated. The mask of a subsequent parity check can include the
parity bit of a previous parity check and their masks can overlap.

Defining ABA fields

ABA field length is measured in characters (4 bits each). The maximum ABA field length is 18
characters, or up to the card format length, whichever comes first. The maximum ABA card
format length is 32 characters or 128 bits.

[Link] | Security Center Administrator Guide 5.2 680

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Custom card format editor

To add a new ABA field, click in the ABA fields section of the Custom card format editor
dialog box.
There are three types of ABA fields:
• Delimiter. This type of field specifies a delimiter character, typically used at the beginning
or the end of the card format.

• Sized. This is a fixed-length field. The length is specified in characters (4 bits each). The
field can contain a fixed value. The field length must be long enough to hold the fixed value.

[Link] | Security Center Administrator Guide 5.2 681

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Custom card format editor

• Delimited. This is a variable length field. You must specify a maximum length (as 4-bit
characters) and a delimiter character.

As you define each field, it appears graphically in the ABA fields section.

[Link] | Security Center Administrator Guide 5.2 682

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Custom card format editor

NOTE The order of the fields within the format is important for two reasons:

 It defines the card format.

 It corresponds to the order the field values are read from the Credential card data when
using the Import tool. For more information, see "Import cardholders from a flat file" on
page 287.

Deleting a custom card format

If a custom card format is deleted from Security Center, all credentials using that format appears
as ‘Unknown’, but the credentials are still granted access at the doors.

[Link] | Security Center Administrator Guide 5.2 683

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

Options dialog box

The Options dialog box lets you configure the Config Tool options on
your local workstation. The settings are saved one of the following ways:
•Saved as local settings for your Windows user profile
•Saved as local settings for the workstation (applies to Config Tool and
Security Desk, for all users)
•Saved in the Directory database for your Security Center user profile

Related topics:
• "Config Tool interface tour" on page 13
The Options dialog box contains the following option tabs:

Tab Description

See "General options" on page 685.

See "Keyboard shortcuts" on page 687.

See "Visual options" on page 689.

See "User interaction options" on page 691.

See "Video options" on page 694.

See "Performance options" on page 695.

See "Date and time options" on page 696.

See "External devices" on page 697.

[Link] | Security Center Administrator Guide 5.2 684

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

General options
The General tab allows you to configure the general behavior of Config Tool.

User logon options

This group of settings controls the behavior of the Logon dialog box. The settings apply to the
local workstation, and affect Security Desk and Config Tool for all users. Changes you make will
only take effect the next time a user starts Security Desk or Config Tool.
• Force Windows credentials. (Active Directory required). Select this option to force the use
of Windows credentials for logon. For this option to work, the users who are expected to log
on via this machine must be imported from an Active Directory. For more information, see
"Importing users from an Active Directory" on page 102.
• Force Directory to. Restrict the access of all users to a specified Directory.
• Prevent connection redirection to different Directory servers. This option is meaningful
only if you are using Directory load balancing. Select this option if you want to bypass the
default load balancing behavior, and only connect to the Directory specified by the user in
the connection dialog box.

[Link] | Security Center Administrator Guide 5.2 685

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

CAUTION If you use the Force Directory to option, and a mistake has been made (for example
a typo in the Directory name), the next time the user tries to log on, they might be stuck in an
endless loop, unable to connect to the wrong server. The logon attempts can be stopped by
clicking Cancel, but no Directory field appears to correct the misspelled Directory name.

• The solution is to cancel the logon attempts, and the hold the CTRL key and SHIFT key
while clicking Log on. This will force the Directory field to be displayed.

NOTE The same keyboard and mouse-click shortcut can be used to override the Force Windows
credentials option if it has been applied.

[Link] | Security Center Administrator Guide 5.2 686

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

Network options
The network settings apply to the local workstation, and affect Security Desk and Config Tool
for all users.
• Network card. If your computer is equipped with more than one network card, select the
one used to communicate with Security Center applications.
• Network. Config Tool can automatically detect the network your workstation is connected
to. If you have trouble getting your video feeds, set this option to Specific, and manually
select the network you are on.
• Incoming UDP port range. Port range used for transmitting video to your workstation
using multicast or unicast UDP.

Keyboard shortcuts
The Keyboard shortcuts tab allows you to define or change the keyboard shortcuts mapped to
frequently used commands in Config Tool. The keyboard shortcut configuration is saved as part
of your user profile and applies to Security Desk and Config Tool.

[Link] | Security Center Administrator Guide 5.2 687

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

Assign or change a keyboard shortcut

A keyboard shortcut can only be assigned to a single command. Assigning an existing keyboard
shortcut to a new command removes it from the previous command.
1 In the Command column, select the command you want to assign a keyboard shortcut to.
If a keyboard shortcut is already assigned to this command, you must remove it before you
can assign a new one.
2 Click Add an item ( ) and press the desired key combination.
If the shortcut is already assigned to another command, you will get a popup message.
 Click Cancel to choose another shortcut.
 Click Assign to assign the shortcut to the selected command.
3 Change another shortcut, or click Save to apply your changes.

Export your keyboard shortcut configuration

You can export your keyboard shortcut configuration to an XML file and import it to another
workstation.
1 At the bottom of the Keyboard shortcuts tab, click Export.
2 Select a file name in the dialog box that appears.
3 Click Save to close the file browser dialog box.

Import your keyboard shortcut configuration

You can import the keyboard shortcut configuration exported from another workstation.
1 Click Import at the bottom of the Keyboard shortcuts tab.
2 Select a file name in the dialog box that appears.
3 Click Open.
The file browser dialog box closes.
4 Click Save to save your changes, and close the Options dialog box.

Restore the default keyboard shortcut configuration

1 At the bottom of the Keyboard shortcuts tab, click the Restore default button.
2 Click Save to save your changes, and close the Options dialog box.
For more information, see "Default keyboard shortcuts" on page 774.

[Link] | Security Center Administrator Guide 5.2 688

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

Visual options
The Visual tab allows you to configure the position of the taskbar inside the Config Tool window,
and the icons displayed in the notification tray. The visual options are saved as part of your user
profile and apply to Security Desk and Config Tool.

Taskbar
• Taskbar position. Select the edge (Top, Bottom, Right, Left) of the application window
where you want the taskbar to be displayed. See "Home page overview" on page 14.
• Auto-hide the taskbar. Select this option to show the taskbar only when the mouse cursor
hovers over the edge of the application window where the taskbar is set to appear.
NOTE This option hides both the taskbar and the Notification tray.

[Link] | Security Center Administrator Guide 5.2 689

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

Notification tray
You can use the Tray options to control what to display in the notification tray.

From the drop-down list beside the icons in the Visual page of the Options dialog box, choose
to Show, Hide, or Show notifications only for that item. The following table lists the notification
tray icons, and what you can use them for:

Icon Name Description

Clock Shows the local time. Hover your mouse pointer over that area to see the
current date in a tooltip. To customize the time display, see "Date and
time options" on page 696.

CPU meter Shows the CPU usage on your computer. Hover your mouse pointer
over the icon to view the CPU usage percentage.

Session info Shows the current username and Security Center Directory name. Click
to toggle between the long and short display.

Volume Shows the volume setting (0 to 100) of Config Tool. Click to adjust the
volume using a slider, or to mute the volume.

Warning Shows the number of messages (errors, warnings, and messages), and
health events on your system. Double-click to open the Notifications
dialog box to read and review the messages. For more information, see
"Viewing system messages" on page 168.
• If there are health errors, the icon turns red ( ).
• If there are warnings, the icon turns yellow.
• If there are only messages, the icon turns blue.

Firmware Appears only when there are unit firmware upgrades currently under
upgrade way. The upgrade count is displayed over the icon. Double-click the icon
to view the details.

Database action Appears only when there are database upgrades currently under way.
The upgrade count is displayed over the icon. Double-click the icon to
view the details.

Add unit status Appears only when there are newly added units in the system. The unit
count is displayed over the icon. Double-click the icon to view the
details.

Card requests Shows the number of pending requests for credential cards to be printed
( ). Double-click to open the Card requests dialog box and respond
to the request. For more information, see “Respond to a card request” in
the Security Desk User Guide.

[Link] | Security Center Administrator Guide 5.2 690

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

Icon Name Description

Video file Shows the number of G64 files currently being converted to ASF format
conversion ( ). Double-click to open the Conversion to ASF dialog box and
view the status of the conversion. When the icon changes to , the
file conversion is complete. For more information, see “Convert video
files to ASF” in the Security Desk User Guide.

Video export
Shows the number of video sequences currently being exported ( ).
Double-click to open the Export dialog box and view the status of the
export. When the icon changes to , the export is complete. For
more information, see “Export video” in the Security Desk User Guide.

User interaction options

The User interaction tab allows you to configure the user interaction behavior in Config Tool.

[Link] | Security Center Administrator Guide 5.2 691

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

System messages
These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
• Display warning if query may take a long time to execute. Select this option if you want
Config Tool to display a warning message every time you are about to execute a query that
might take a long time. See the sample message below.

• Ask for a name when creating a task. Select this option if you want Config Tool to ask you
for a name every time you create a task that accepts multiple instances.
• Ask for confirmation before closing a task. Select this option if you want Config Tool to
ask for confirmation every time you remove a task from the interface.

UI enhancement
These settings are saved as part of your user profile and apply to Security Desk and Config Tool.
• Show logical ID. Select this option if you want the logical ID to be displayed in brackets
after an entity name in the Logical view.
• Show Active Directory domain name where it is applicable. Displays username and
domain name when Active Directory integration is used.

When an active task is updated

When someone updates a public task you have in your active task list, Config Tool can behave
one of three ways. This setting is saved as part of your user profile and applies to Security Desk
and Config Tool.
• Ask user. Ask you before loading the updated task definition.
• Yes. Reload without asking.
• No. Never reload.

Administrative tasks
When you rename an entity that represents a hardware unit, such as an access control unit or a
video unit, Config Tool can behave one of three ways. This settings is saved as part of your
administrator user profile.

[Link] | Security Center Administrator Guide 5.2 692

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

• Ask user. Ask you before renaming all related devices.

• Yes. Rename all related devices without asking you.
• No. Never rename the related devices.

On application exit
When you exit Config Tool, if you have unsaved changes to your active task list, Config Tool
can behave one of three ways. This setting is saved as part of your user profile and applies to
Security Desk and Config Tool.
• Ask user. Ask you before saving your task list.
• Yes. Save without asking.
• No. Never save.

Advanced
When you create new entities, they can automatically be added as members of a partition. This
setting is saved as part of your user profile.
• From the drop-down list, select a default partition, and then click Save.

[Link] | Security Center Administrator Guide 5.2 693

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

Video options
The Video tab allows you to configure the options related to how video is handled in Config Tool.

Advanced settings
The following video settings apply to the local workstation, and affect Security Desk and Config
Tool for all users. However, they mainly apply to Security Desk.
NOTE After changing those settings, you need to restart Security Desk.

• Out of process media components. Select whether the video signals are decoded by an in-
process or out-of-process component.
 An in-process component is an application (implemented as a .dll) that runs in the same
processing space as the client application (Security Desk). The advantage of this option is
that the video signals are decoded quickly.
 An out-of-process component is a stand-alone executable program (.exe) which resides
on the local computer or a remote computer, and can be accessed by Security Desk. Since
the processing is done outside of Security Desk’s memory, the advantage of this option is
the increased stability and performance of the decoding.

[Link] | Security Center Administrator Guide 5.2 694

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

• All in the same process. Selecting this option when the Out of process media components
is turned ON means that regardless of the number of cameras being viewed, their video
decoding are all handled by one decoding process.
• Components per process. This setting can be adjusted between 1 and 16. It refers to how
many cameras can be decoded by a single decoding process. Setting this value to 1 means
that each camera being displayed uses its own decoding process.
• Enable deinterlacing. Select this option to help reduce the jagged effect around straight
lines during movement in interlaced video streams.

Performance options
The Performance tab allows you to configure the options related to how queries are handled in
Config Tool. These settings are saved as part of your user profile and apply to Security Desk and
Config Tool.

Reports
• Maximum number of results. Whenever you generate a report using one of the reporting
tasks, the maximum number of results that can be returned by the query is limited by the
parameter you set here. This limit ensures stable performance when too many results are

[Link] | Security Center Administrator Guide 5.2 695

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

returned. When the query reaches the specified limit, it automatically stops with a warning
message. The maximum value you can set is 2,000.
TIP There is a way to bypass the limit of 2,000 results. You need to save your reporting task
as a public task, and manually launch the action E-mail a report using the task you just saved
as a parameter. This can be done from a scheduled task. In this case, the report is not
displayed in Config Tool, and the number of results is limited to 10,000. For more
information, see "Using scheduled tasks" on page 109.

Date and time options

The Date and time tab allows you to configure the time display behavior on this workstation.
These settings are saved as part of your user profile and apply to Security Desk and Config Tool.

Time zone abbreviations

• Display time zone abbreviations. Select this option to add the time zone abbreviation to all
time displays.

[Link] | Security Center Administrator Guide 5.2 696

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Options dialog box

External devices
The External devices tab allows you to enable or disable access control devices, such as USB
readers, signature pads, card scanners, and so on. For example, if you disable the option to use
USB readers, then when you want to present a card credential, you can only use a door, not a
USB reader on someone’s desk.

These settings are saved locally for your Windows user profile.

Next to each external device, set the option ON or OFF, and then click Save.

[Link] | Security Center Administrator Guide 5.2 697

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Adding shortcuts to external tools

Adding shortcuts to external tools

You can add shortcuts to frequently used external tools and applications in the Tools page in
Config Tool, by modifying the [Link] file. This file is located in C:\Program
files (x86)\Genetec Security Center 5.2\ on a 64 bit computer, and in C:\Program files\Genetec
Security Center 5.2\ on a 32 bit computer.

The original content of this file looks as follows:

<?xml version="1.0" encoding="utf-8"?>

<ArrayOfToolsMenuExtension xmlns:xsi="[Link]
<ToolsMenuExtension>
<Name></Name>
<FileName></FileName>
</ToolsMenuExtension>
</ArrayOfToolsMenuExtension>

[Link] | Security Center Administrator Guide 5.2 698

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Adding shortcuts to external tools

Each shortcut is defined by an XML tag named <ToolsMenuExtension>.

Each XML tag can contain four XML elements:
• <Name> – Command name displayed in the Tools page.
• <FileName> – Command to execute (executable file).
• <Icon> – (Optional) Alternate icon file (.ico). Use this element to override the default icon
extracted from the executable file.
• <Arguments> – (Optional) Command line arguments when applicable.
NOTES
• All XML tag names are case sensitive. You can edit this XML file with any text editor.
Changes to this file are applied the next time you launch your application.
• If a full path is not provided in the <FileName> tag, the application will not be able to extract
the icon associated with the executable. In this case, explicitly supply an icon with the <Icon>
tag.
The following sample file adds the three shortcuts (Notepad, Calculator, and Paint) to the Tools
page. The Notepad shortcut is configured to open the file C:\[Link] when you click
on it.

<?xml version="1.0" encoding="utf-8"?>

<ArrayOfToolsMenuExtension xmlns:xsi="[Link]
<ToolsMenuExtension>
<Name>Notepad</Name>
<FileName>c:\windows\[Link]</FileName>
<Arguments>c:\[Link]</Arguments>
</ToolsMenuExtension>
<ToolsMenuExtension>
<Name>Calculator</Name>
<FileName>c:\windows\system32\[Link]</FileName>
</ToolsMenuExtension>
<ToolsMenuExtension>
<Name>Paint</Name>
<FileName>c:\windows\system32\[Link]</FileName>
</ToolsMenuExtension>
</ArrayOfToolsMenuExtension>

[Link] | Security Center Administrator Guide 5.2 699

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 17
User privileges
This section describes all privilege hierarchies in Security Center by category.
This section includes the following topics:
• "Application privileges" on page 701
• "General privileges" on page 702
• "Administrative privileges" on page 703
• "Task privileges" on page 710
• "Action privileges" on page 714

[Link] | Security Center Administrator Guide 5.2 700

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Application privileges

Application privileges
Application privileges grant access to the Security Center applications.
• Config Tool. Allows the user to run Config Tool.
• Security Desk. Allows the user to run Security Desk.
 Change client views. Allows the user to change the Security Desk window size and
position. Without this privilege, the user cannot log off or close Security Desk, and
Security Desk stays locked in full screen mode. The Restore Down commands and the
F11 key (used to switch between full screen and windowed mode) are also disabled. See
also "Force Security Desk to run in full screen mode" on page 95.
 Change Security Desk options. Allows the user to change the Security Desk options
through the Options dialog box (CTRL+O).
 Change tile content. Allows the user to change what is displayed in each tile.
 Change tile pattern. Allows the user to change the tile pattern.
 Change workspace. Allows the user to add and remove tasks from their active task
list. The only exception to the rule is the Video file player task that does not need the
user to be connected to the Directory to open.
 Start/Stop task cycling. Allows the user to start and stop task cycling, and to change
the task dwell time.
• Web Client. Allows the user to use the Web Client.
• Global Cardholder Synchronizer. Allows a sharing guest to log on via the Global
Cardholder Synchronizer role to the local system. The local system is the sharing host.
• Log on using the SDK. Allows the user to run SDK applications.
• Mobile application. Allows a Mobile application to connect to the local system.
• Federation. Allows a federation role (Omnicast Federation or Security Center
Federation) from the host system to connect to the local system. The local system is the one
being federated.

[Link] | Security Center Administrator Guide 5.2 701

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 General privileges

General privileges
General privileges grant access to the generic Security Center features.
• View Web pages. Allows the user to view the URL associated to tile plugins in Security
Desk.
• Change own password. Allows the user to change their own password.
• Print/export reports. Allows the user to print and save reports to files.
• Remove entries from a report. Allows the user to remove selected entries from reports
in Security Desk.
• Report incidents. Allows the user to report the incidents in the Security Desk.
 Modify reported incidents. Allows the user to modify incident reports in the
Security Desk

[Link] | Security Center Administrator Guide 5.2 702

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Administrative privileges

Administrative privileges
Administrative privileges grant access to the configuration of Security Center entities via
Config Tool.
• "Logical entities" on page 703
• "Physical entities" on page 703
• "Schedule Management" on page 706
• "Access control management" on page 707
• "Alarm management" on page 709
• "LPR management" on page 709

Logical entities
• View areas
• View tile plugins

View areas
Allows the user to view area configurations.
• Modify areas. Allows the user to modify area configurations.
 Add/delete areas. Allows the user to add or delete area entities.

View tile plugins

Allows the user to view tile plugin configurations.
• Modify tile plugins. Allows the user to modify tile plugin configurations.
 Add/delete tile plugins. Allows the user to add or delete tile plugin entities.

Physical entities
• View access control units
• View analog monitors
• View assets
• View cameras
• View cash registers
• View doors
• View elevators
• View LPR units
• View output behaviors

[Link] | Security Center Administrator Guide 5.2 703

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Administrative privileges

• View Patrollers
• View zones
• View camera sequence
• View video units
• View intrusion areas
• View intrusion detection units

View access control units

Allows the user to view access control unit configurations.
• Initiate access control unit firmware upgrade. Allows the user to initiate access
control unit firmware upgrade.
• Modify access control units. Allows the user to modify access control unit
configurations and to swap units. For more information, see Unit swap utility on page 163.
 Add/delete access control units. Allows the user to add or delete access control
units. This includes unit discovery and enrollment. For more information, see Unit
discovery on page 142.
• Reset access control units. Allows the user to reset access control units.

View analog monitors

Allows the user to view analog monitor configurations.
• Modify analog monitors. Allows the user to modify analog monitor configurations.

View assets
Allows the user to view asset configurations.
• Modify assets. Allows the user to modify asset configurations.
 Add/delete assets. Allows the user to add or delete asset entities.

View cameras
Allows the user to view camera configurations.
• Modify Cameras. Allows the user to modify camera configurations.
 Analytic. Allows the user to modify edge video analytics rules and settings.

View cash registers

Allows the user to view cash register configurations.
• Modify cash registers. Allows the user to modify cash register configurations.

[Link] | Security Center Administrator Guide 5.2 704

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Administrative privileges

 Add/delete cash registers. Allows the user to add or delete cash register entities.

View doors
Allows the user to view door configurations.
• Modify doors. Allows the user to modify door configurations.
 Add/delete doors. Allows the user to add or delete door entities.

View elevators
Allows the user to view elevator configurations.
• Modify elevators. Allows the user to modify elevator configurations.
 Add/delete elevators. Allows the user to add or delete elevator entities.

View LPR units

Allows the user to view LPR unit configurations.
• Modify LPR units. Allows the user to modify LPR unit configurations.
 Add/delete elevators. Allows the user to add or delete LPR units.
• Reset LPR units. Allows the user to reset LPR units.

View output behaviors

Allows the user to view output behavior configurations.
• Modify output behaviors. Allows the user to modify output behavior configurations.
 Add/delete output behaviors. Allows the user to add or delete output behaviors.

View Patrollers
Allows the user to view Patroller configurations.
• Modify Patrollers. Allows the user to modify Patroller configurations.
 Add/delete Patrollers. Allows the user to add or delete Patrollers.

View zones
Allows the user to view zone configurations.
• Modify zones. Allows the user to modify zone configurations.
 Add/delete zones. Allows the user to add or delete zone entities.

[Link] | Security Center Administrator Guide 5.2 705

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Administrative privileges

View camera sequence

Allows the user to view camera sequence configurations.
• Modify camera sequence. Allows the user to modify camera sequence configurations.
 Add/delete camera sequence. Allows the user to add or delete camera sequence
entities.

View video units

Allows the user to view video unit configurations.
• Initiate video units firmware upgrade. Allows the user to initiate video unit firmware
upgrade.
• Modify video units. Allows the user to modify video unit configurations.
 Add/delete video units. Allows the user to add or delete video units.

View intrusion areas

Allows the user to view intrusion detection area configurations.
• Modify intrusion areas. Allows the user to modify intrusion detection area
configurations.
 Add/delete intrusion areas. Allows the user to add or delete intrusion detection
areas.

View intrusion detection units

Allows the user to view intrusion detection unit configurations.
• Modify intrusion detection units. Allows the user to modify intrusion detection unit
configurations.
 Add/delete intrusion detection units. Allows the user to add or delete intrusion
detection units.

Schedule Management
• View scheduled tasks
• View schedules

View scheduled tasks

Allows the user to view scheduled task configurations.
• Modify scheduled tasks. Allows the user to modify scheduled task configurations.
 Add/delete scheduled tasks. Allows the user to add or delete scheduled tasks.

[Link] | Security Center Administrator Guide 5.2 706

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Administrative privileges

View schedules
Allows the user to view schedule configurations.
• Modify schedules. Allows the user to modify schedule configurations.
 Add/delete schedules Allows the user to add or delete schedules.

Access control management

• Convert shared entities to local entities
• View access rules
• View badge templates
• View cardholder groups
• View cardholders
• View credentials
• View visitors

Convert shared entities to local entities

Allows the user to convert shared global entities to local entities.

View access rules

Allows the user to view access rule configurations.
• Modify access rules. Allows the user to modify access rule configurations.
 Add/delete access rules. Allows the user to add or delete access rules.

View badge templates

Allows the user to view badge template configurations.
• Modify badge templates. Allows the user to modify badge template configurations.
 Add/delete badge templates. Allows the user to add or delete badge templates.

View cardholder groups

Allows the user to view cardholder group configurations.
• Modify cardholder groups. Allows the user to modify cardholder group configurations.
 Add/delete cardholder groups. Allows the user to add or delete cardholder groups.
 Modify custom fields. Allows the user to modify the cardholder group custom fields.

View cardholders
Allows the user to view cardholder configurations.

[Link] | Security Center Administrator Guide 5.2 707

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Administrative privileges

• Modify cardholders. Allows the user to modify cardholder configurations.

 Add/delete cardholders. Allows the user to add or delete cardholders.
 Change cardholder options. Allows the user to change the cardholder options,
namely, Use extended grant time and Bypass antipassback rules.
 Change status. Allows the user to change the cardholder status, and activation and
expiration dates.
 Modify credential information. Allows the user to modify the card format, facility
code, card number and cardholder PIN.
 Modify custom fields. Allows the user to modify the cardholder custom fields.
 Modify name. Allows the user to change the cardholder name.
 Take/edit picture. Allows the user to take or edit the cardholder picture.

View credentials
Allows the user to view credential configurations.
• Modify credentials. Allows the user to modify credential configurations.
 Add/delete credentials. Allows the user to add or delete credentials.
 Change status. Allows the user to change the credential status, and activation and
expiration dates.
 Modify cardholder/credential association. Allows the user to assign and remove
credentials from a cardholder.
 Modify custom fields. Allows the user to modify the credential custom fields.
 Modify name. Allows the user to change the credential name.
 Print badges. Allows the user to print badges.
 View advanced credential info. Allows the user to view the credential information
such as the Wiegand fields (facility code and card number) and PINs.

View visitors
Allows the user to view visitor configurations.
• Modify visitors. Allows the user to modify visitor configurations.
 Check-in/check-out visitors. Allows the user to check-in and check-out visitors.
 Modify custom fields. Allows the user to change the visitor custom fields.
 Take/edit picture. Allows the user to take or edit the visitor picture.

[Link] | Security Center Administrator Guide 5.2 708

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Administrative privileges

Alarm management
• View alarms
• View monitor groups

View alarms
Allows the user to view alarm configurations.
• Modify alarms. Allows the user to modify alarm configurations.
 Add/delete alarms. Allows the user to add or delete alarm entities.

View monitor groups

Allows the user to view monitor group configurations.
• Modify monitor groups. Allows the user to modify monitor group configurations.
 Add/delete monitor groups. Allows the user to add or delete monitor group entities.

LPR management
• View LPR rules

View LPR rules

Allows the user to view LPR rule configurations. These include hotlists, overtime rules, permits,
permit restrictions, and parking facilities.
• Modify LPR rules. Allows the user to modify LPR rule configurations.
 Add/delete LPR rules. Allows the user to add or delete LPR rules.

[Link] | Security Center Administrator Guide 5.2 709

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Task privileges

Task privileges
Task privileges control the accessibility of the Security Desk tasks.

Manage private tasks

Allows the user to manage private task configurations.

View public tasks

Allows the user to view public task configurations.
• Modify public tasks. Allows the user to modify public task configurations.
 Add/delete public tasks. Allows the user to add or delete public tasks.

Administration
• Logical view. Allows the user to run the Logical view task.
• System. Allows the user to run the System task.
• Video management. Allows the user to run the Video task.
• Access control. Allows the user to run the Access control task.
• Intrusion detection. Allows the user to run the Intrusion detection task.
• LPR. Allows the user to run the LPR task.
• Plugins. Allows the user to run the Plugins task.

Operation
• Monitoring. Allows the user to create/run monitoring tasks.
• Cardholder management. Allows the user to create/run cardholder management tasks.
• Visitor management. Allows the user to create/run visitor management tasks.
• People counting. Allows the user to create/run people counting tasks.
• Credential enrollment. Allows the user to create/run credential enrollment tasks.
• Inventory management. Allows the user to create/run the inventory management task.
This privilege allows the user to create inventories, but not to modify or delete the offloaded
reads. See Modify/delete LPR reads that are not part of an inventory under "Action
privileges" on page 714.
• Hotlist and permit editor. Allows the user to create/run hotlist and permit editor tasks.
• Remote. Allows the user to monitor and control other Security Desk workstations and
monitors using the Remote task.

[Link] | Security Center Administrator Guide 5.2 710

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Task privileges

Investigation
• Access control
 Area activities. Allows the user to create/run area activity reports.
 Door activities. Allows the user to create/run door activity reports.
 Cardholder activities. Allows the user to create/run cardholder activity reports.
 Visitor activities. Allows the user to create/run visitor activity reports.
 Area presence. Allows the user to create/run area presence reports.
 Time and attendance. Allows the user to create/run time and attendance reports.
 Credential activities. Allows the user to create/run credential activity reports.
 Credential request history. Allows the user to create/run credential request history
reports.
 Elevator activities. Allows the user to create/run elevator activity reports.
 Visit details. Allows the user to create/run visitor detail reports.
• Asset management
 Asset activities. Allows the user to create/run asset activity reports.
 Asset inventory. Allows the user to create/run asset inventory reports.
• Intrusion detection
 Intrusion detection area activities. Allows the user to create/run intrusion detection
area activity reports.
 Intrusion detection unit events. Allows the user to create/run intrusion detection
unit event reports.
• LPR
 Hits. Allows the user to create/run hit reports.
 Reads. Allows the user to create/run read reports.
 Route playback. Allows the user to create/run route playback tasks.
 Inventory report. Allows the user to create/run parking facility inventory reports.
 Daily usage per Patroller. Allows the user to create/run daily usage per Patroller
reports.
 Logons per Patroller. Allows the user to create/run logons per Patroller report.
 Reads/hits per day. Allows the user to create/run reads/hits per day reports.
 Reads/hits per zone. Allows the user to create/run reads/hits per zone reports.
 Zone occupancy. Allows the user to create/run zone occupancy reports.
• Video

[Link] | Security Center Administrator Guide 5.2 711

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Task privileges

 Archives. Allows the user to create/run archive reports.

 Bookmarks. Allows the user to create/run bookmark reports.
 Motion search. Allows the user to create/run motion search reports.
 Camera events. Allows the user to create/run camera event reports.
 Forensic search. Allows the user to create/run forensic search reports.
• Transactions. Allows the user to create/run point of sale reports.
• Incidents. Allows the user to create/run incident reports.
• Zone activities. Allows the user to create/run zone activity reports.

Maintenance
• Access control
 Access control health history. Allows the user to create/run access control health
history reports.
 Access control unit events. Allows the user to create/run access control unit event
reports.
 Cardholder access rights. Allows the user to create/run cardholder access rights
reports.
 Door troubleshooter. Allows the user to create/run Access troubleshooter reports.
 Access rule configuration. Allows the user to create/run access rule configuration
reports.
 Cardholder configuration. Allows the user to create/run cardholder configuration
reports.
 Credential configuration. Allows the user to create/run credential configuration
reports.
 IO configuration. Allows the user to create/run IO configuration reports.
• Video
 Archiver events. Allows the user to create/run archiver event reports.
 Archive storage details. Allows the user to create/run archive storage detail reports.
• System status. Allows the user to create/run system status reports.
• Audit trails. Allows the user to create/run audit trail reports.
• Hardware inventory. Allows the user to create/run hardware inventory reports.
• Health history. Allows the user to create/run health history reports.
• Activity trails. Allows the user to create/run activity trail reports.

[Link] | Security Center Administrator Guide 5.2 712

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Task privileges

Alarm Management
• Alarm monitoring. Allows the user to create/run the alarm monitoring task.
• Alarm report. Allows the user to create/run alarm reports.

[Link] | Security Center Administrator Guide 5.2 713

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action privileges

Action privileges
Action privileges control the actions that can be performed on the Security Center entities.

Set threat level

Allows the user to manage threat level configurations.

Cameras
• Audio (talk/listen). Allows the user to use the talk and listen commands.
• Block and Unblock video. Allows the user to block and unblock video streams from
other users.
• Protect video from deletion. Allows the user to protect video against automatic
deletion.
 Remove video protection. Allows the user to remove video protection.
• View live video. Allows the user to view live video from cameras.
 Digital zoom. Allows the user to use the digital zoom function.
 Override video quality. Allows the user to override the video quality settings.
 Record manually. Allows the user to start/stop recordings manually.
 Add bookmarks. Allows the user to add bookmarks.
 Edit bookmark. Allows the user to edit bookmarks.
 Delete bookmark. Allows the user to delete bookmarks.
 Save/print snapshots. Allows the user to save/print snapshots.
 PTZ motor privileges
 Lock PTZ. Allows the user to lock the PTZ.
 Override PTZ locks. Allows the user to override PTZ locks.
 Use auxiliaries. Allows the user to use the auxiliary controls.
 Set auxiliaries. Allows the use to rename the auxiliaries.
 Use patterns. Allows the user to use the camera patterns.
 Edit patterns. Allows the user to edit or rename the camera patterns.
 Use specific commands. Allows the user to use the PTZ specific commands and
the menu mode.
 Perform basic operations. Allows the user to perform basic PTZ operations.
 Change focus and iris settings. Allows the user to change the focus and iris
settings.

[Link] | Security Center Administrator Guide 5.2 714

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action privileges

 Use presets. Allows the user to use the camera presets.

 Edit presets. Allows the user to edit or rename the camera presets.
 View playback. Allows the user to view playback video.
 Export video. Allows the user to export recorded video.
 Use ASF format. Allows the user to export to ASF format.

Access Control
• Doors
 Explicitly unlock doors. Allows the user to explicitly unlock doors.
 Override unlock schedules. Allows the user to override unlock schedules.
 Maintenance mode. Allows the user to put the door in maintenance mode.
 Forgive antipassback violation. Allows the user to forgive antipassback violations.
 Silence\Sound buzzer. Allows the user to silence or sound a door buzzer.

Alarms
• Acknowledge alarms. Allows the user to acknowledge alarms.
• Forward alarms. Allows the user to forward alarms.
• Snooze alarms. Allows the user to snooze alarms.
• Trigger alarms. Allows the user to trigger alarms.

Users
• Display entity in SD. Allows the user to display an entity in Security Desk.
• Email a report. Allows the user to email reports to other users.
• Play a sound. Allows the user to send and play sound files to other users.
• Send a message. Allows the user to send text messages to other users.
• Send an email. Allows the user to send emails to other users.
• Send/clear task. Allows the user to use the Send task/Clear tasks actions.
• Start/Stop camera sequence. Allows the use to start/stop a camera sequence.
• Trigger output. Allows the user to trigger output.

Macros
• Execute Macros. Allows the user to execute macros.

[Link] | Security Center Administrator Guide 5.2 715

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action privileges

LPR reads/hits
• View live covert hits. Allows the user to view live covert hits in Security Desk.
• Protect/unprotect LPR reads. Allows the user to protect/unprotect LPR reads and hits
against automatic deletion.
• Modify/delete reads that are not part of an inventory. Allows the user to modify/
delete LPR reads that are not yet committed to a parking facility inventory.

Zones
• Arm/Disarm zones. Allows the user to arm/disarm zones.

Areas
• Reset people count. Allows the user to reset the people count.

Intrusion detection
• Arm/Disarm intrusion detection areas. Allows the user to arm/disarm intrusion
detection areas.
• Trigger intrusion alarm. Allows the user to trigger alarms on intrusion panels.

[Link] | Security Center Administrator Guide 5.2 716

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 18
Reporting task reference
This section lists the query filters and report pane columns available in Config Tool maintenance
tasks.
This section includes the following topics:
• "Query filters" on page 718
• "Report pane columns" on page 730

[Link] | Security Center Administrator Guide 5.2 717

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Query filters
Before generating a report, you must filter your query. This section lists the query filters available
for each report. This list is organized alphabetically by query filter.

Associated
Query filter Associated reports application Description

Accept reasons • Hits • Security Desk Reason selected by the Patroller user when
• Web Client enforcing a hit. Accept reasons are created and
customized in Config Tool.

Access control • Access control unit • Config Tool Select the access control units to investigate.
units events • Security Desk
• IO configuration

Access rule • Access rule • Config Tool Select the access rule to investigate.
configuration • Security Desk

Acknowledged by • Alarm report • Security Desk Users who acknowledged the alarm.
• Web Client

Acknowledged on • Alarm report • Security Desk Alarm acknowledgement time range. For more
• Web Client information, see "Selecting date and time
ranges for reports" on page 45.

Action taken • Hits • Security Desk Patroller hit actions (Accepted, Rejected, Not
• Web Client enforced) selected by the Patroller user. For
fixed Sharps, a hit raised by the Hit Matcher
module is always automatically Accepted and
Enforced.

Acknowledgement • Alarm report • Security Desk Check one of the following acknowledgement
type • Web Client type options:
• Alternate. Alarm was acknowledged by a
user using the alternate mode.
• Default. Alarm was acknowledged by a
user, or auto-acknowledged by the system.
• Forcibly. An administrator forced the alarm
to be acknowledged.

Activation date • Cardholder • Security Desk Time the cardholder or visitor’s profile was
management • Web Client activated.
• Visit details
• Visitor management

[Link] | Security Center Administrator Guide 5.2 718

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

Activities • Activity trails • Config Tool Select the activities to investigate. For more
• Security Desk information, see "Investigating user related
activity on the system" on page 182.
• Web Client

• Credential request • Security Desk Select which badge printing activities to

history investigate.
• Credential request. When a user requests a
badge printing job.
• Credential request cancelled. When a user
cancels a badge printing job.
• Credential request completed. When a
user prints a badge from the queue.

Advanced search • Inventory report • Security Desk By default, LPR images are not displayed in the
Inventory report. To view images, click Get
images.
NOTE To prevent performance issues, plate
images are not displayed if a report includes
more than a thousand rows.

Alarm priority • Alarm report • Security Desk Alarm priority.

NOTE All alarms imported from Omnicast
have their priority set to 1 by default. You can
change their priority at a later time in the
Config Tool.

Alarms • Alarm report • Security Desk Select the types of alarms you want to
• Web Client investigate. Alarms can be locally defined ( ),
or imported from federated systems ( ).

Annotation fields • Hits • Security Desk Patroller hit annotations used by the Patroller
• Web Client user. For information about creating and
configuring annotation fields, see the AutoVu
Handbook.

Application • Activity trails • Config Tool Which client application was used for the
• Audit trails • Security Desk activity.
• Web Client

Archiver • Archiver events • Config Tool Select the Archivers to investigate.

• Security Desk

Areas • Area activities • Security Desk Select the areas to investigate.

• Area presence • Web Client NOTE For the Time and attendance and Area
• Time and attendance presence tasks, select a fully secured area.

[Link] | Security Center Administrator Guide 5.2 719

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

Cameras • Archives • Config Tool Select the camera to investigate.

• Archive storage • Security Desk
details
• Bookmarks
• Camera events
• Forensic search

Cardholders • Area activities • Config Tool Restrict the search to certain cardholders.
• Cardholder activities • Security Desk NOTE If you only select the All cardholders
• Credential • Web Client cardholder group in the Cardholder activities
configuration task, federated cardholders are not included.
This is because All cardholders is a local
• Credential
cardholder group that only covers local
management
cardholders.
• Credential request
history
• Door activities
• Elevator activities
• Time and attendance

Cardholder • Cardholder • Config Tool Restrict the search to specific cardholder

groups configuration • Security Desk groups.
• Cardholder • Web Client
management
• Visitor management

Check-in date • Visitor management • Security Desk Time the visitor was checked in (can
correspond to the arrival time).

Compare with • Inventory report • Security Desk Compare entities with a source entity (see
"Source (entity)" on page 727).

Creation time • Incidents • Security Desk Incidents created/reported within the specified
time range. "Selecting date and time ranges for
reports" on page 45

Credential • Credential • Security Desk Specify whether or not the credential is

management assigned.

Credentials • Cardholder activities • Security Desk Restrict the search to specific credentials.
• Credential activities • Web Client
• Credential request
history
• Door activities
• Elevator activities
• Visitor management

[Link] | Security Center Administrator Guide 5.2 720

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

Credential status • Cardholder • Security Desk The status of the cardholder or visitor’s
management credential:
• Visitor management • Active
• Inactive

Custom fields • Most reports • Config Tool If custom fields are defined for the entity you
• Security Desk are investigating, they can be included in this
report.
• Web Client
NOTE You might not see the custom fields
filter, depending on whether your user is
configured to view that custom field.

Description • Activity trails • Config Tool Restrict the search to entries that contain this
• Cardholder • Security Desk text string.
management • Web Client
• Credential
management
• Visitor management

Devices • IO configuration • Config Tool Select the devices to investigate.

• Security Desk

Doors • Door activities • Security Desk Select the doors to investigate.

• Web Client

Doors - Areas - • Cardholder access • Config Tool Restrict the search to activities that took place
Elevators rights • Security Desk at certain doors, areas, and elevators.
• Cardholder activities • Web Client
• Credential activities
• Visitor activities

Door side • Door activities • Security Desk Door sides are named A and B by default, but
your administrator could have given them
different names. This filter allows you to search
by door side.

Elevators • Elevator activities • Security Desk Select the elevators to investigate.

Email address • Cardholder • Security Desk Cardholder or visitor’s email address.

management
• Visitor management

Entities • Audit trails • Config Tool Select the entities you want to investigate. You
• Security Desk can filter the entities by name and by type.
• Web Client

[Link] | Security Center Administrator Guide 5.2 721

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

Expiration date • Cardholder • Security Desk Specify a time range for when the cardholder or
management visitor’s profile expired.
• Visit details
• Visitor management

• Credential • Security Desk Specify a time range for when the credential
management will expire.

Events • Access control unit • Config Tool Select the events of interest. The event types
events • Security Desk available depend on the task you are using.
• Activity trails • Web Client For more information about the event types
available in Security Desk, see Chapter 19,
• Archiver events
“Event types” on page 754.
• Area activities
• Camera events
• Cardholder activities
• Credential activities
• Door activities
• Elevator activities
• Intrusion detection
area activities
• Intrusion detection
unit events
• Visitor activities
• Zone activities

[Link] | Security Center Administrator Guide 5.2 722

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

Event timestamp • Access control health • Config Tool Define the time range for the query. For more
history • Security Desk information, see "Selecting date and time
• Access control unit ranges for reports" on page 45.
• Web Client
events
• Activity trails
• Archiver events
• Archive storage
details
• Area activities
• Camera events
• Cardholder activities
• Credential activities
• Door activities
• Elevator activities
• Health history
• Health statistics
• Hits
• Intrusion detection
area activities
• Intrusion detection
unit events
• Zone activities

First name • Cardholder • Security Desk Cardholder or visitor’s first name.

management • Web Client
• Visit details
• Visitor management

Health event • Health history • Config Tool Name of the health event.
• Security Desk
• Web Client

Health severity • Health history • Config Tool Severity level of the health event:
• Security Desk • Information
• Web Client • Warning
• Error

Hit rules • Hits • Security Desk Select the hit rules to include in the report.
• Reads • Web Client
• Reads/hits per day
• Reads/hits per zone
• Zone occupancy

[Link] | Security Center Administrator Guide 5.2 723

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

Hit type • Hits • Security Desk Select the type of hits to include in the report:
• Reads/hits per day Permit, Shared permit, Overtime, and Hotlist.
• Reads/hits per zone

Impacted • Activity trails • Config Tool The entities that were impacted by this activity.
• Security Desk
• Web Client

Incident time • Incidents • Security Desk Incidents reported within the specified time
range. The incident time corresponds to the
event or alarm timestamp the incident refers to.
If the incident does not refer to any event or
alarm, then the incident time corresponds to
the creation time.

Initiator • Activity trails • Config Tool User responsible for the activity.
• Security Desk
• Web Client

Intrusion • Intrusion detection • Security Desk Select the intrusion detection areas to
detection areas area activities • Web Client investigate.

Intrusion • Intrusion detection • Security Desk Select the intrusion detection units to
detection units unit events investigate.

Investigated by • Alarm report • Security Desk Which user put the alarm into the under
investigation state.

Investigated on • Alarm report • Security Desk Specify a time range when the alarm was put
into the under investigation state.

Last name • Cardholder • Security Desk Cardholder or visitor’s last name.

management • Web Client
• Visit details
• Visitor management

[Link] | Security Center Administrator Guide 5.2 724

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

License plate • Hits • Security Desk Enter a Full or Partial license plate number.
• Inventory report • Web Client If you choose Partial, a search for “AB” returns
• Reads plates that have “AB” anywhere in the license
plate number. If you choose Full, you can enter
the full license plate number, or you can use the
following wildcard characters:
• Asterisk (*). Represents any number of
unknown characters. Use it when searching
for documents or files for which you have
only partial names. For example, if you enter
“ABC*” as your search term, the search
might return “ABC123”, “ABC5”, “ABC002”,
and so on. If you enter “*XYZ”, the search
might return “1XYZ”, “245XYZ”, “00XYZ”,
and so on.
• Question mark (?). Represents only one
unknown character. Use it when you have a
list of files with very similar names, or when
you are unsure of a few characters. For
example, if you enter “ABC12?” as your
search term, the search might return
“ABC123”, “ABC127”, “ABC12P”, and so on.
The question mark only covers one
character, but you can enter as many
question marks in a search string as you
want.
You can use the asterisk and the question mark
anywhere in a search, and you can also use
them together.
NOTE License plate search does not support
fuzzy matching. For example, if you are
searching for a plate with ABC characters,
Security Center only finds plates with the ABC
characters. It does not find plates numbers with
the characters A8C, ABO, or 4BC.

Location • Inventory report • Config Tool • In the Inventory report task: Specify the
• IO configuration • Security Desk location in the parking facility you want to
view. You can select the entire facility, or
specify the sectors and rows within the
facility.
• In the IO configuration task: Specify the
areas where the devices are located.

[Link] | Security Center Administrator Guide 5.2 725

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

LPR units - • Hits • Security Desk Restrict the search to Patroller units (including
Patrollers • Reads • Web Client all their fitted LPR units) and/or LPR units
representing fixed Sharp cameras on the
• Reads/hits per day Patroller unit.
• Reads/hits per zone

Machine • Health history • Config Tool Select a computer that was having health issues
• Security Desk to investigate.
• Web Client

Message • Bookmarks • Security Desk Enter any text you want to find in the
bookmark. A blank string finds all the
bookmarks.

Modified by • Audit trails • Config Tool User responsible for the entity modification.
• Security Desk
• Web Client

Modification time • Audit trails • Config Tool • In the Audit trails task: Entities modified
• Incidents • Security Desk within the specified time range.
• Web Client • In the Incidents task: Incidents modified
within the specified time range.

Notes • Incidents • Security Desk Enter text to find incidents with a description
starting or containing the specified text.

Offload timestamp • Hits • Security Desk The date and time that the Patroller offloaded
• Reads • Web Client the reads/hits to Security Center. For more
information, see "Selecting date and time
ranges for reports" on page 45.

Overtime and • Zone occupancy • Security Desk (For University Parking Enforcement only) For
permit restriction University Parking Enforcement, both rules
have parking lots configured and each parking
lot can be defined in terms of a number of
parking spaces. This allows the occupancy to be
estimated.

Partition • Cardholder • Security Desk Partition that the entity is a member of.
management
• Credential
management
• Visitor management

Patrollers • Daily usage per • Security Desk Restrict the search to Patroller units (including
Patroller • Web Client all their fitted LPR units).
• Logons per Patroller
• Zone occupancy

[Link] | Security Center Administrator Guide 5.2 726

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

Picture • Cardholder • Security Desk Cardholder or visitor’s picture.

management
• Visitor management

Printing users • Credential request • Security Desk Restrict the search to specific users that printed
history a badge.

References • Incidents • Security Desk Incidents referencing all the selected entities.
To learn how to set this filter, see "Searching for
entities" on page 11.

Region • Hits • Security Desk Specify one or more geographic regions on the
• Reads map. For information about how to draw a
region, see "Investigating reported hits" on
page 104.

Reject reason • Hits • Security Desk Reason selected by the Patroller user when
• Reads/hits per day • Web Client rejecting a hit. Reject reasons are created and
customized in Config Tool.
• Reads/hits per zone
NOTE This filter only affects the value in the
Rejected hits column.

Requesting users • Credential request • Security Desk Restrict the search to specific users that
history requested to print a badge.

Rule • Reads • Security Desk Hit rule that matched the plate read.
• Web Client

Source (entity) • Access control health • Config Tool Source entity of the event.
history • Security Desk In the Alarm report task, this filter represents
• Alarm report • Web Client the source entity that triggered the alarm in the
case of an event-to-action, or the user who
• Health history
triggered the alarm manually.
• Health statistics
• Inventory report

Source group • Hardware inventory • Config Tool Source entity type of the event.
• Health history • Security Desk
• Health statistics • Web Client

[Link] | Security Center Administrator Guide 5.2 727

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

State • Alarm report • Security Desk Current state of the alarm.

• Web Client • Active. Alarm is not yet acknowledged.
Selecting an active alarm shows the alarm
acknowledge buttons in the report pane.
• Acknowledged. Alarm was acknowledged
by a user, or auto-acknowledged by the
system.
• Under investigation. Alarm with an
acknowledgement condition that is still
active was put under investigation.
• Acknowledgement required. Alarm with
an acknowledgement condition that was
cleared is ready to be acknowledged.

Status • Cardholder • Config Tool The status of the cardholder or visitor’s profile:
configuration • Security Desk • Active
• Credential • Web Client • Expired
configuration • Inactive
• Cardholder In the Credential configuration and Credential
management management tasks, the following statuses are
• Credential also available:
management • Lost
• Visit details • Stolen
• Visitor management

• Archive storage • Config Tool Select the video file status you want to
details • Security Desk investigate:
• Unprotected. Video files that are not
protected against the Archiver’s routine
cleanup. These files can be deleted once
their retention period expires, or when the
Archiver runs out of disk space, depending
on your Archiver role settings.
• Protection ending. Video files that you
unprotected less than 24 hours ago.
• Protected. Video files that are protected.
They are not be deleted even when the disk
is full. For these files, you can also specify a
protection end date.

[Link] | Security Center Administrator Guide 5.2 728

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Query filters

Associated
Query filter Associated reports application Description

Time range • Bookmarks • Security Desk The time range for the report. For more
• Daily usage per information, see "Selecting date and time
Patroller ranges for reports" on page 45.
• Forensic search
• Logons per Patroller
• Reads/hits per day
• Reads/hits per zone
• Time and attendance
• Zone occupancy

Triggered on • Alarm report • Security Desk Alarm trigger time range. For more
• Web Client information, see "Selecting date and time
ranges for reports" on page 45.

Triggering event • Alarm report • Security Desk Events used to trigger the alarm.
• Web Client

Units • Hardware inventory • Config Tool Select the access control, video, intrusion
• Security Desk detection, and LPR units to investigate.

Unused cards • Cardholder • Security Desk Specify a time range for how long a cardholder
management or visitor’s credential has not been used.
• Visitor management

Users • Hits • Security Desk Select the Patroller user name, or the Patrollers’
• Logons per Patroller • Web Client parent user groups.
• Reads
• Reads/hits per day
• Reads/hits per zone

Visitor • Visitor activities • Security Desk Select the visitors to investigate.

• Web Client

Zones • Zone activities • Security Desk Select the zones to investigate.

• Web Client

[Link] | Security Center Administrator Guide 5.2 729

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Report pane columns

The results of your investigation or maintenance query are listed in the report pane. You can
choose what information to view by showing or hiding columns in the report pane. This section
lists the columns available for each reporting task. This list is organized alphabetically by
column.

Associated
Column Associated reports application Description

Accept reasons • Hits • Security Desk Reason selected by the Patroller user when
enforcing a hit. Accept reasons are created and
customized in Config Tool.

Access point • Access rule • Config Tool Access point involved (only applicable to areas,
configuration • Security Desk doors, and elevators).
• Cardholder activities • Web Client
• Credential activities
• IO configuration
• Visitor activities

Access Manager • IO configuration • Config Tool Access Manager controlling the unit.
• Security Desk

Access rules • Access rule • Config Tool Name of the access rule.
configuration • Security Desk

Acknowledged by • Alarm report • Security Desk User who acknowledged the alarm. When the
• Web Client alarm is acknowledge automatically by the
system, Service is indicated.

Acknowledged on • Alarm report • Security Desk Time the alarm was acknowledged.
• Web Client

Action • Inventory report • Security Desk The change in the vehicle state: added,
removed, or no change.

Activation date • Cardholder • Security Desk Time the cardholder or visitor’s profile was
management • Web Client activated.
• Credential In the Credential management task, this column
management represents the time the credential was activated.
• Visit details
• Visitor management

Activity name • Activity trails • Config Tool Type of activity.

• Credential request • Security Desk
history • Web Client

[Link] | Security Center Administrator Guide 5.2 730

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Address • Hits • Security Desk Location of the LPR read.

• Reads • Web Client

Alarm • Alarm monitoring • Security Desk Alarm entity name.

• Alarm report • Web Client

Algorithm ID • Forensic search • Security Desk Bosch forensic value. For more information,
see the manufacturer documentation.

Annotation fields • Hits • Security Desk Any annotation field defined in System > LPR
• Web Client Settings in the Config Tool. Shown in brackets.
For information about creating and
configuring annotation fields, see the AutoVu
Handbook.

Archiver • Camera events • Security Desk Archiver role name.

Area • Area activities • Security Desk Area name.

• Area presence • Web Client
• Time and attendance

Arrival • Inventory report • Security Desk The first time the vehicle was read. This is used
to calculate the elapsed time if a vehicle is read
a second time, for example the next day.

Availability • Health statistics • Config Tool The percentage of time available for a given
• Security Desk entity.
• Web Client

Calculation status • Health statistics • Config Tool If health statistics area unavailable, the reason is
• Security Desk shown here.
• Web Client

Camera • Archives • Config Tool Camera name.

• Archive storage • Security Desk
details
• Bookmarks
• Camera events
• Forensic search
• Motion search

[Link] | Security Center Administrator Guide 5.2 731

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Card format • Area activities • Config Tool Credential card format.

• Cardholder activities • Security Desk
• Credential activities • Web Client
• Credential
configuration
• Credential
management
• Door activities
• Elevator activities
• Visitor activities

Cardholder • Area activities • Config Tool Cardholder entity name.

• Area presence • Security Desk NOTE Format is First name + Last name for
• Cardholder access • Web Client European languages, and Last name + First
rights name for Asian languages.
• Cardholder activities
• Cardholder
configuration
• Cardholder
management
• Credential activities
• Credential
configuration
• Credential
management
• Door activities
• Door troubleshooter
• Elevator activities
• Visitor activities

Cardholder • Cardholder • Config Tool Time the cardholder’s profile was activated.
activation date configuration • Security Desk
• Credential • Web Client
management

Cardholder • Cardholder • Config Tool Time the cardholder’s profile expired.

expiration date configuration • Security Desk
• Credential • Web Client
management

[Link] | Security Center Administrator Guide 5.2 732

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Cardholder status • Cardholder • Config Tool The cardholder’s profile status.

configuration • Security Desk
• Credential • Web Client
configuration
• Cardholder
management
• Credential
management

Check-in date • Visit details • Security Desk Time the visitor was checked in (can
• Visitor management • Web Client correspond to the arrival time).

Check-out date • Visit details • Security Desk Time the visitor was checked out (can
• Web Client correspond to the departure time).

Context image • Hits • Security Desk Wide angle color image of the vehicle captured
• Reads • Web Client by the context camera.
• Inventory report

Controlling • IO configuration • Config Tool Door controlled by the device.

• Security Desk

Created by • Incidents • Security Desk User who originally reported the incident.

Creation time • Incidents • Security Desk Time the incident was reported.

Credential • Area activities • Config Tool Credential name used by the cardholder.
• Cardholder activities • Security Desk
• Credential activities • Web Client
• Credential
configuration
• Credential
management
• Credential request
history
• Door activities
• Elevator activities

Credential • Credential • Config Tool Time the cardholder’s credential was activated.
activation date configuration • Security Desk

[Link] | Security Center Administrator Guide 5.2 733

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Credential code • Area activities • Config Tool Facility code and card number.
• Cardholder activities • Security Desk
• Credential activities • Web Client
• Credential
configuration
• Credential
management
• Door activities
• Elevator activities
• Visitor activities

Credential • Credential • Config Tool Time the cardholder’s credential expired.

expiration date configuration • Security Desk

Credential status • Credential • Config Tool The status of the credential:

configuration • Security Desk • Active
• Credential • Inactive
management

Custom fields • Most reports • Config Tool If custom fields are defined for the entity you
• Security Desk are investigating, they can be included in the
report.
• Web Client
NOTE You might not see the custom fields
filter, depending on whether your user is
configured to view that custom field.

Date • Time and attendance • Security Desk The date.

• Daily usage per • Web Client For Daily usage per Patroller and Logons per
Patroller Patroller tasks, this column represents the day
of the Patroller shift.
• Logons per Patroller
• Reads/hits per day

Date/time queued • Credential request • Security Desk The date and time that the badge printing job
history was requested.

Denied access by • Cardholder access • Config Tool Access rules denying access to at least one of
rights • Security Desk the selected entities to the cardholder.

[Link] | Security Center Administrator Guide 5.2 734

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Description • Camera events • Config Tool Event or entity description.

• Cardholder • Security Desk In the Activity trails task, this column
management • Web Client represents the activity description.
• Credential In the Audit trails task, this column represents
management the description of the entity modification.
• Activity trails
• Archiver events
• Audit trails
• Health history
• Visitor management

Device • Access control health • Config Tool Device involved on the unit (reader, REX input,
history • Security Desk IO module, Strike relay, etc.).
• Area activities NOTE In the Intrusion detection activities task,
• Web Client
• Cardholder activities this column is empty if the event is an input
bypass. To find out which input caused the
• Credential activities
event, use the Intrusion detection unit events
• Door activities report. For more information, see "Investigating
• Elevator activities intrusion detection unit events" on page 300.
• Hits
• Intrusion detection
area activities
• Intrusion detection
unit events
• IO configuration
• Reads
• Visitor activities

Door • Door activities • Security Desk Door name.

• Web Client

Drive • Archive storage • Config Tool The drive on the server where the Archiver role
details • Security Desk is running.

Edited • Inventory report • Security Desk Vehicle license plate and state were edited by a
user in Security Desk.

Elapsed time • Inventory report • Security Desk The difference between the Arrival time and
the Event timestamp.

Elevator • Elevator activities • Security Desk Elevator name.

[Link] | Security Center Administrator Guide 5.2 735

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Email address • Area activities • Config Tool Cardholder or visitor’s email address.
• Area presence • Security Desk
• Cardholder activities • Web Client
• Cardholder
configuration
• Cardholder
management
• Credential activities
• Credential
configuration
• Credential
management
• Door activities
• Elevator activities
• Visitor activities

End time • Archives • Config Tool End of the time range, playback sequence, or
• Archive storage • Security Desk video sequence.
details
• Forensic search
• Motion search

Enforced hits • Reads/hits per day • Security Desk Number of enforced hits.
• Reads/hits per zone • Web Client

Entity • Audit trails • Config Tool Name of the entity affected by the
• Security Desk modification.
• Web Client

Entity type • Audit trails • Config Tool Type of entity affected by the modification.
• Security Desk
• Web Client

Error number • Health history • Config Tool Identification number of the health error.
• Security Desk

Expected down- • Health statistics • Config Tool How many days/hours/minutes the entity has
time • Security Desk been offline or unavailable through user intent
or Maintenance mode. For example,
• Web Client deactivating a server role, or disconnecting a
client application causes expected down-time.
Expected down-time is never used in the
Availability percentage calculation.

[Link] | Security Center Administrator Guide 5.2 736

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Expiration date • Cardholder • Security Desk Time the cardholder or visitor’s profile expired.
management • Web Client
• Visit details
• Visitor management

• Credential • Security Desk Time the credential expired.

management

External instance • Alarm report • Security Desk Only for federated alarms. The original alarm
ID • Web Client instance ID on the federated system.

Event • Access control health • Config Tool Event name.

history • Security Desk
• Access control unit • Web Client
events
• Archiver events
• Area activities
• Camera events
• Cardholder activities
• Credential activities
• Door activities
• Elevator activities
• Forensic search
• Incidents
• Intrusion detection
area activities
• Intrusion detection
unit events
• Visitor activities
• Zone activities

[Link] | Security Center Administrator Guide 5.2 737

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Event timestamp • Access control health • Config Tool Date and time that the event occurred.
history • Security Desk
• Access control unit • Web Client
events
• Activity trails
• Archiver events
• Area activities
• Bookmarks
• Camera events
• Cardholder activities
• Credential activities
• Door activities
• Elevator activities
• Health history
• Hits
• Intrusion detection
area activities
• Intrusion detection
unit events
• Inventory report
• Reads
• Visitor activities
• Zone activities

Event type • Forensic search • Security Desk Bosch forensic value. For more information,
see the manufacturer documentation.

Failures • Health statistics • Config Tool How many failures have occurred.
• Security Desk
• Web Client

File name • Archive storage • Config Tool Name of the video file.
details • Security Desk

File size • Archive storage • Config Tool Size of the video file.
details • Security Desk

Firmware version • Access control health • Config Tool Firmware version installed on the unit that
history • Security Desk generated the event.
• Hardware inventory

[Link] | Security Center Administrator Guide 5.2 738

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

First name • Area activities • Config Tool Cardholder or visitor’s first name.
• Area presence • Security Desk
• Cardholder access • Web Client
rights
• Cardholder activities
• Cardholder
configuration
• Credential activities
• Credential
configuration
• Cardholder
management
• Credential
management
• Credential request
history
• Door activities
• Door troubleshooter
• Elevator activities
• Time and attendance
• Visit details
• Visitor activities
• Visitor management

Floor • Elevator activities • Security Desk Elevator floor name.

From/to • Zone occupancy • Security Desk Date and timestamp of read vehicles within the
zone.

Granted access by • Cardholder access • Config Tool Access rules granting the cardholder access to
rights • Security Desk at least one of the selected entities (area, door,
etc.).

Health event • Health history • Config Tool Name of the health event.
• Security Desk
• Web Client

Hits • Reads/hits per day • Security Desk Number of hits.

• Reads/hits per zone • Web Client NOTE If the Hit rules and Hit type query filters
are used, this value might not be the total
number of hits in the day.

Icon • Access rule • Config Tool Graphical representation of the affected entity
configuration • Security Desk type.

[Link] | Security Center Administrator Guide 5.2 739

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

ID • Alarm monitoring • Security Desk Alarm instance number. Uniquely identifies

• Alarm report • Web Client each alarm instance.

Impacted entity • Activity trails • Config Tool Which entities were impacted by this activity.
• Security Desk
• Web Client

Impacted entity • Activity trails • Config Tool The type of entity impacted by this activity.
type • Security Desk
• Web Client

Incident time • Incidents • Security Desk The timestamp of the referenced alarm or
event. If no event is referenced, it corresponds
to the incident creation time.

Initiator • Activity trails • Config Tool • In the Activity trails task: Who performed
• Audit trails • Security Desk the activity.
• Web Client • In the Audit trails task: Who made entity
modification.

Initiator • Activity trails • Config Tool • In the Activity trails task: The application
application • Audit trails • Security Desk used for this activity.
• Web Client • In the Audit trails task: The application used
to make the change.

Initiator • Activity trails • Config Tool The version number of the application. This
application • Audit trails • Security Desk field is empty if the activity is initiated by a role
version entity.
• Web Client

Initiator machine • Activity trails • Config Tool • In the Activity trails task: Which computer
• Audit trails • Security Desk the activity was performed on.
• Web Client • In the Audit trails task: The computer used
to make the change.
NOTE If the entity change was initiated from a
Mobile app, this column represents the phone
identification number (for example, a serial
number).

Initiator type • Activity trails • Config Tool • In the Activity trails task: The type of entity
• Audit trails • Security Desk that initiated the activity.
• Web Client • In the Audit trails task: The type of entity
initiating the entity modifications.

Instances • Daily usage per • Security Desk Total number of times the Patroller application
Patroller • Web Client is opened during the day.

[Link] | Security Center Administrator Guide 5.2 740

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Intrusion • Intrusion detection • Security Desk Intrusion detection area name.

detection area area activities • Web Client

Intrusion • Intrusion detection • Security Desk Intrusion detection unit involved.

detection unit area activities • Web Client
• Intrusion detection
unit events

Investigated by • Alarm report • Security Desk Which user put the alarm into the under
investigation state.

Investigated on • Alarm report • Security Desk The timestamp when the alarm was put into
the under investigation state.

IP address • Access control health • Config Tool IP address of the unit or computer that
history • Security Desk generated the event.
• Area activities • Web Client
• Cardholder activities
• Credential activities
• Door activities
• Elevator activities
• Hardware inventory
• Health history
• IO configuration
• Visitor activities

Last access • Area presence • Security Desk Time the cardholder entered the area.
• Web Client

[Link] | Security Center Administrator Guide 5.2 741

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Last name • Area activities • Config Tool Cardholder or visitor’s last name.
• Area presence • Security Desk
• Cardholder access • Web Client
rights
• Cardholder activities
• Cardholder
configuration
• Cardholder
management
• Credential activities
• Credential
configuration
• Credential
management
• Credential request
history
• Door activities
• Door troubleshooter
• Elevator activities
• Time and attendance
• Visit details
• Visitor activities
• Visitor management

Latitude • Hits • Security Desk The coordinates of where the LPR event
• Reads occurred.

Length • Archive storage • Config Tool Length of the video sequence contained in the
details • Security Desk video file, in hours, minutes, and seconds.

Location • Cardholder activities • Security Desk Location (area) where the activity took place.
• Credential activities • Web Client
• Visitor activities

Log on/Log off • Logons per Patroller • Security Desk Log on and log off timestamp.
• Web Client

Longest shutdown • Daily usage per • Security Desk Percentage of Longest shutdown over the total
(%) Patroller • Web Client number of minutes in a day.

Longest shutdown • Daily usage per • Security Desk Single longest number of minutes in a day that
(min.) Patroller • Web Client the Patroller application is closed.

[Link] | Security Center Administrator Guide 5.2 742

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Longest stop (%) • Daily usage per • Security Desk Percentage of longest stop time over operating
Patroller • Web Client time.

Longest stop • Daily usage per • Security Desk Single longest number of minutes in operating
(min.) Patroller • Web Client time when the vehicle is stationary.

Longitude • Hits • Security Desk The coordinates of where the LPR event
• Reads occurred.

Lot • Reads • Security Desk Parking zone where a given parking regulation
• Zone occupancy is in force.

Machine • Health history • Config Tool Computer where the health event occurred.
• Security Desk
• Web Client

Manual capture • Reads • Security Desk Displays the plate number entered manually by
• Inventory report • Web Client the Patroller user.

Manually removed • Inventory report • Security Desk Vehicle was removed manually (towed) from
the parking facility.

Manufacturer • Access control health • Config Tool Manufacturer of the unit.

history • Security Desk
• Hardware inventory
• IO configuration

Member • Access rule • Config Tool Name of the affected entity.

configuration • Security Desk

Member of • Cardholder access • Config Tool All groups the cardholder belongs to.
rights • Security Desk
• Cardholder
configuration
• Cardholder
management

Message • Bookmarks • Security Desk Bookmark message (might be blank if no

message was written).

Model • Hardware inventory • Config Tool Model of the unit involved.

• Security Desk

[Link] | Security Center Administrator Guide 5.2 743

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Modification time • Audit trails • Config Tool • In the Audit trails task: Time the entity was
• Incidents • Security Desk last modified.
• Web Client • In the Incidents task: Time the incident was
last modified.

Modified by • Incidents • Security Desk User who last modified the incident.

MTBF • Health statistics • Config Tool Mean time between failures (in hours).
• Security Desk
• Web Client

MTTR • Health statistics • Config Tool Mean time to recovery (in hours).
• Security Desk
• Web Client

Not enforced hits • Reads/hits per day • Security Desk Number of hits that were not enforced.
• Reads/hits per zone • Web Client

Notes • Incidents • Security Desk Incident description. Point to this field to see
the formatted text in a tooltip.

Occurrence count • Health history • Config Tool Number of times this health event occurred on
• Security Desk the selected entity.
• Web Client

Occurrence period • Access control unit • Security Desk Period when the event occurred.
events • Web Client
• Alarm monitoring
• Alarm report
• Area activities
• Cardholder activities
• Credential activities
• Door activities
• Elevator activities
• Intrusion detection
area activities
• Intrusion detection
unit events
• Visitor activities
• Zone activities

Offload timestamp • Hits • Security Desk The date and time that the Patroller offloaded
• Reads • Web Client the reads/hits to Security Center.

[Link] | Security Center Administrator Guide 5.2 744

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Operating time • Daily usage per • Security Desk Total number of minutes in a day that the
Patroller • Web Client Patroller application is open.

Parking • Inventory report • Security Desk Parking facility name.

Password • Hardware inventory • Config Tool Strength of the password on the unit.
• Security Desk

Patroller • Hits • Security Desk Patroller entity name. The Patroller entity name
• Reads • Web Client field is not populated for fixed Sharp cameras.
• Inventory report In the Inventory report task, this column
represents the Patroller entity that read the
plate. If a handheld device was used, XML
import is shown instead.

Percentage • Zone occupancy • Security Desk Percentage of occupied places within the
occupancy parking zone.

Permit name • Reads • Security Desk Name of the permit list under the permit
restriction.

Physical address • Hardware inventory • Config Tool The MAC address of the equipment's network
• Health history • Security Desk interface.

Physical name • IO configuration • Config Tool Device name.

• Security Desk

[Link] | Security Center Administrator Guide 5.2 745

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Picture • Area activities • Config Tool Cardholder or visitor’s picture.

• Area presence • Security Desk
• Cardholder access • Web Client
rights
• Cardholder activities
• Cardholder
configuration
• Cardholder
management
• Credential activities
• Credential
configuration
• Credential request
history
• Door activities
• Door troubleshooter
• Elevator activities
• Time and attendance
• Visit details
• Visitor activities
• Visitor management

PIN • Credential • Config Tool Credential PIN.

configuration • Security Desk
• Credential
management

Plate image • Hits • Security Desk License plate image captured by the LPR
• Reads • Web Client camera.
• Inventory report

Plate origin • Hits • Security Desk State that issued the license plate.
• Reads • Web Client
• Inventory report

Plate read • Hits • Security Desk The license plate read generated by the Sharp
• Reads • Web Client unit.
• Inventory report

Preview • Archives • Security Desk Timeline showing where video is available

during the selected time range.

[Link] | Security Center Administrator Guide 5.2 746

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Print reason • Credential request • Security Desk Reason why the badge printing job was
history requested.

Priority • Alarm monitoring • Security Desk Alarm priority.

• Alarm report • Web Client NOTE All alarms imported from Omnicast
have their priority set to 1 by default. You can
change their priority at a later time in the
Config Tool.

Protected • Hits • Security Desk Record is not purged from the database of its
• Reads • Web Client parent AutoVu LPR Manager ES when the Hit
Retention period (for this record) expires.

Protection status • Archive storage • Config Tool Protection status of the video file.
details • Security Desk

Reads • Reads/hits per day • Security Desk Number of license plate reads.
• Reads/hits per zone • Web Client

References • Incidents • Security Desk List of entities referenced by the incident.

Reject reason • Hits • Security Desk Reason selected by the Patroller user when
• Web Client rejecting a hit.

Rejected hits • Reads/hits per day • Security Desk Number of hits that were rejected.
• Reads/hits per zone • Web Client

Requester email • Credential request • Security Desk Email address of the user who requested the
history badge printing job.

Role • Cardholder • Config Tool Role type that manages the selected entity.
management • Security Desk
• Credential
management
• Hardware inventory

Row • Inventory report • Security Desk Row name.

RTP packet lost • Health statistics • Config Tool The number of Real-time Transport Protocol
high • Security Desk packets lost.
• Web Client

Rule • Hits • Security Desk Hit rule that matched the plate read.
• Reads • Web Client

Sector • Inventory report • Security Desk Sector name.

[Link] | Security Center Administrator Guide 5.2 747

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Security clearance • Cardholder • Security Desk The cardholder’s security clearance level.
management

Severity • Health history • Config Tool Severity level of the health event:
• Security Desk • Information
• Web Client • Warning
• Error

Side • Door activities • Security Desk Door side name.

• Web Client

Side-Direction • Area activities • Security Desk Entrance or exit.

• Web Client

Source (entity) • Access control health • Config Tool Source entity associated to the alarm or event.
history • Security Desk • In the Alarm monitoring and Alarm report
• Alarm monitoring • Web Client tasks, this column represents the source
• Alarm report entity that triggered the alarm, when the
alarm is triggered by an event-to-action. It
• Archiver events
shows a username when the alarm is
• Archive storage triggered manually.
details
• In the video investigation tasks, this column
• Bookmarks represents the name of the system the
• Health history camera belongs to.
• Health statistics • In the Incidents task, this column is empty if
• Incidents the incident is not based on an alarm or
• Motion search event.

Source time • Alarm monitoring • Security Desk Time of the alarm triggering event. The only
• Alarm report • Web Client time Source time and Triggering time are
different is when the event occurred while the
access control unit was offline.

Spaces • Zone occupancy • Security Desk Number of spaces in the parking lot.

Start time • Archives • Config Tool Beginning of the time range, playback
• Archive storage • Security Desk sequence, or video sequence.
details
• Forensic search
• Motion search

[Link] | Security Center Administrator Guide 5.2 748

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

State • Alarm monitoring • Security Desk Current state of the alarm.

• Alarm report • Web Client • Active. Alarm is not yet acknowledged.
Selecting an active alarm shows the alarm
acknowledge buttons in the report pane.
• Acknowledged (Default). Alarm was
acknowledged using the default mode.
• Acknowledged (Alternate). Alarm was
acknowledged using the alternate mode.
• Acknowledged (Forcibly). Alarm was
forced to be acknowledged by an
administrator.
• Under investigation. Alarm with an
acknowledgement condition that is still
active was put under investigation.
• Acknowledgement required. Alarm with
an acknowledgement condition that was
cleared is ready to be acknowledged.

Status • Visitor management • Security Desk The visitor’s profile status.

Supplemental • Area activities • Security Desk A second credential is sometimes necessary.

credential • Cardholder activities • Web Client For example, when both a card and a PIN are
required to access a door or elevator.
• Credential activities
• Door activities
• Elevator activities
• Visitor activities

Thumbnails • Archives • Security Desk Thumbnail images of the recorded video

• Bookmarks during the selected time range.

Time zone • Access control health • Config Tool Time zone of the unit.
history • Security Desk
• Area activities • Web Client
• Cardholder activities
• Credential activities
• Door activities
• Elevator activities
• Hardware inventory
• Visitor activities

To/from • Zone occupancy • Security Desk Date and timestamp of read vehicles within the
zone.

[Link] | Security Center Administrator Guide 5.2 749

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Total shutdown • Daily usage per • Security Desk Percentage of Total shutdown over the number
(%) Patroller • Web Client of minutes in a day.

Total shutdown • Daily usage per • Security Desk Total number of minutes in a day that the
(min.) Patroller • Web Client Patroller application is closed. The total
shutdown value plus the operating time value
equals 1440 minutes.

Total stop (%) • Daily usage per • Security Desk Percentage of total stop time over operating
Patroller • Web Client time.

Total stop (min.) • Daily usage per • Security Desk Total number of minutes in operating time
Patroller • Web Client when the vehicle is stationary.

Total time • Time and attendance • Security Desk Total time spent in that area on that date by the
cardholder.

Track ID • Forensic search • Security Desk Bosch forensic value. For more information,
see the manufacturer documentation.

Triggering event • Alarm monitoring • Security Desk Event that triggered the alarm (if triggered
• Alarm report • Web Client through an event-to-action). Manual action is
indicated when the alarm was manually
triggered by a user.

Trigger time • Alarm monitoring • Security Desk Time the alarm was triggered in Security
• Alarm report • Web Client Center

Type • Access rule • Config Tool Affected entity type.

configuration • Security Desk

Unexpected down- • Health statistics • Config Tool How many days/hours/minutes the entity has
time • Security Desk been offline or unavailable after not having
been set in Maintenance mode. Unexpected
• Web Client down-time is not caused by user intent.

[Link] | Security Center Administrator Guide 5.2 750

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

Unit • Access control health • Config Tool Access control, video, intrusion detection, or
history • Security Desk LPR unit involved.
• Access control unit NOTE In the Hits and Reads tasks, this query
• Web Client
events filter represents the LPR unit that read the plate
• Area activities and populated for a Patroller (for example,
Patroller - Left, Patroller - Right, etc.), and for a
• Cardholder activities
fixed Sharp.
• Credential activities
• Door activities
• Elevator activities
• Hardware inventory
• Hits
• IO configuration
• Reads
• Visitor activities

Unit type • Access control health • Config Tool Type or model of unit involved.
history • Security Desk
• Access control unit • Web Client
events
• Area activities
• Cardholder activities
• Credential activities
• Door activities
• Elevator activities
• Hardware inventory
• IO configuration
• Visitor activities

Up-time • Health statistics • Config Tool How many days/hours/minutes the entity has
• Security Desk been online and available.
• Web Client

[Link] | Security Center Administrator Guide 5.2 751

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Report pane columns

Associated
Column Associated reports application Description

User • Credential request • Security Desk Name of the user who triggered the event. The
history • Web Client user name is empty if the event was not
• Hits triggered from Security Desk.
NOTE For the Hits and Logons per Patroller
• Intrusion detection
tasks, this query filter represents the Patroller
area activities
user name.
• Intrusion detection
unit events
• Logons per Patroller

• Hardware inventory • Config Tool The user name used to connect to the unit.
report • Security Desk

Vehicles • Zone occupancy • Security Desk Number of vehicles that were read within the
zone.

Weekday • Time and attendance • Security Desk Weekday corresponding to the date (see Date).

Wheel image • Hits • Security Desk Image of the vehicle wheels. Used for virtual
• Reads tire-chalking.

Zone • Reads/hits per zone • Security Desk Zone name.

• Zone activities • Web Client In the Reads/hits per zone task, this column
• Zone occupancy represents the parking zone where the LPR
event occurred.
In the Zone occupancy task, this column
represents the name of the Overtime or Permit
restriction.

[Link] | Security Center Administrator Guide 5.2 752

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 19
Events and actions in Security Center
This section lists all Security Center events and actions in alphabetical order. Each event and
action is covered with a general description of its purpose and usage, and describes the entity it
is associated with.
This section includes the following topics:
• "Event types" on page 754
• "Action types" on page 767

[Link] | Security Center Administrator Guide 5.2 753

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event types
All events in Security Center are associated with a source entity, which is the main focus of the
event. For more information, see "What is an event?" on page 106.
Security Center supports the following event types:

Event Source entity Description

A door of an interlock has an door A door that is part of an interlock configuration has an
unlock schedule configured unlock schedule configured. This invalidates the
interlock.

A door of an interlock is in door A door that is part of an interlock configuration is in

maintenance mode maintenance mode. This disables the interlock.

Ability to write on a drive has Archiver role Ability to write on a drive has been restored.
been restored

AC fail access control unit AC has failed.

Access denied: Antipassback cardholder, door, A cardholder requested access to an area that they have
violation elevator, or area already entered, or requested access to leave an area
that they were never in.

Access denied: Denied by cardholder, door, The cardholder is denied access according to the access
access rule elevator, or area rule.

Access denied: Expired cardholder, door, An expired credential has been used.
credential elevator, or area

Access denied: Inactive cardholder, door, A cardholder with an inactive profile has attempted to
cardholder elevator, or area access a door or area.

Access denied: Inactive cardholder, door, A credential with an inactive profile has been used.
credential elevator, or area

Access denied: Insufficient cardholder, door, The cardholder is denied access because they do not
privileges elevator, or area have the required user level. This event only applies to
the Synergis Master Controller.

Access denied: Invalid PIN cardholder, door, A card and PIN are required to enter an area, and the
elevator, or area cardholder entered an invalid PIN.

Access denied: Lost credential cardholder, door, A credential that has been declared as lost has been
elevator, or area used.

Access denied: No access rule cardholder, door, The cardholder is denied access because they are not
assigned elevator, or area assigned any access rights.

Access denied: Out of schedule cardholder, door, The access rule associated with this cardholder does
elevator, or area not apply during this date/time in the schedule.

[Link] | Security Center Administrator Guide 5.2 754

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Access denied: Stolen cardholder, door, A credential that has been declared as stolen has been
credential elevator, or area used.

Access denied: Unassigned cardholder, door, A credential has been used that has not been assigned
credential elevator, or area to a cardholder.

Access denied: Unknown cardholder, door, A credential has been used that is unknown in the
credential elevator, or area Security Center system.

Access granted cardholder, door, Access has been granted through a door to a
elevator, or area cardholder according to the access rules governing the
door or area. For a perimeter door of an interlock:
When an authorized cardholder accesses a door of an
interlock, Security Center might generate an Access
granted event for the door even though the door does
not unlock (due to another perimeter door already
being open).

Alarm acknowledged alarm or system-wide An alarm has been acknowledged by a user, or auto-
acknowledged by the system.

Alarm acknowledged alarm or system-wide An alarm has been acknowledged by a user using the
(alternate) alternate mode.

Alarm being investigated alarm or system-wide An alarm with a acknowledgement condition that is
still active has been put into the under investigation
state.

Alarm condition cleared alarm or system-wide The acknowledgement condition of an alarm has been
cleared.

Alarm forcibly acknowledged alarm or system-wide An administrative user has forced an alarm to be
acknowledged.

Alarm triggered alarm or system-wide An alarm has been triggered.

An interlock cannot be in hard area An interlock cannot be in hard antipassback mode.

antipassback mode This is an illegal configuration.

An interlock cannot have area An interlock cannot have perimeter floors, because
perimeter floors elevator floors always allow free exit.

Antipassback disabled: area An elevator floor has been added to the perimeter of an
Elevator on area perimeter area.

Antipassback disabled: Invalid area Antipassback disabled: Invalid settings.

settings

[Link] | Security Center Administrator Guide 5.2 755

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Antipassback disabled: Not area Units have been set to mixed mode. Antipassback is
supported when unit is in available according to the unit’s operating mode. For
mixed mode more information about unit limitations, see the
Security Center Release Notes.

Antipassback disabled: Unit is area At least one unit is in offline mode, disabling
offline antipassback. Antipassback is available according to
the unit’s operating mode. Refer to the Security Center
Release Notes for more information about unit
limitations.

Antipassback violation area An access request was made to enter an area with a
credential that is already inside the area, or to exit an
area with a credential that was never in the area.

Antipassback violation area A security operator has granted access to an individual

forgiven responsible for a passback violation.

Application connected application or external Directory or Access Manager has connected to the
system Security Center.

Application lost application or external Directory or Access Manager service has been lost.
system

Archiving disk changed Archiver role The Allotted space on one of the disks assigned for
archive storage for this Archiver has been used up, and
the Archiver has switched to the next disk in line. The
names of the previous disk and current disk are
indicated in the Description field.

Archiving queue full Archiver role The Archiver is unable to write the video stream
(packets) to disk as fast as the encoder sends it, or there
is not enough CPU to process the video stream
received from a camera. A problem with the Archiver
database also triggers this event. The name of the
camera whose packets are lost is indicated in the
Description field.

Archiving stopped Archiver role Archiving has stopped because the disks allocated for
archiving are full. This event always accompanies a
Disks full event.

Audio alarm camera A noise has been detected by the camera.

Battery fail access control unit The unit battery has failed.

Block camera started camera A user has blocked a video stream from other users in
the system.

Block camera stopped camera A user has unblocked a video stream from other users
in the system.

[Link] | Security Center Administrator Guide 5.2 756

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Camera not archiving camera The camera is on an active archiving schedule but the
Archiver is not receiving the video stream.

Camera tampering camera (video analytics) A dysfunction has occurred, potentially due to camera
tampering, resulting in a partial or complete
obstruction of the camera view, a sudden change of the
field of view, or a loss of focus.

Cannot write on the specified Archiver role The Archiver cannot write to a specific drive. The path
location to the drive is indicated in the Description field.

Cannot write to any drive Archiver role The Archiver is unable to write to any of the disk
drives. This situation can arise for the following
reasons: When write accesses to shared drives are
revoked. When shared drives are inaccessible. When
shared drives no longer exist. When this happens,
archiving is stopped. The Archiver re-evaluates the
drive status every 30 seconds.

Client application rollback application Client application rollback failed.

failed

Client application rollback application Client application rollback succeeded.

succeeded

Client application update application Client application update failed.

failed

Client application update application Client application update succeeded.

succeeded

Custom event system-wide See System – General settings – "Custom events" on

page 629 in the Security Center Administrator Guide.

Database lost Any role The connection to the role database was lost. If this
event is related to a role database, it might be because
the data server is down or cannot be reached by the
role server. If the event is related to the Directory
database, the only action you can use is Send an email,
because all other actions require a working connection
the Directory database.

Database recovered Any role The connection to the role database has been
recovered.

Deadbolt locked door, zone The deadbolt on a door has been locked.

Deadbolt unlocked door, zone The deadbolt on a door has been unlocked.

[Link] | Security Center Administrator Guide 5.2 757

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Disk load is over 80% Archiver role More than 80% of the disk space allocated for archiving
has been used, caused by under-evaluating the disk
space required, or by another application that is taking
more disk space than it should. If 100% of the allotted
disk space is used, the Archiver starts to delete old
archive files prematurely in order to free disk space for
new archive files, starting with the oldest files.

Disks full Archiver role All disks allotted for archiving are full and the Archiver
is unable to free disk space by deleting existing video
files. This event can occur when another application
has used up all the disk space reserved for Omnicast, or
when the Delete oldest files when disks full option is
not selected in the Server Admin. When this happens,
archiving is stopped. The Archiver re-evaluates the disk
space every 30 seconds.

Door closed door The door has closed.

Door forced open door The door has been forced open. This event is
unavailable with a readerless door.

Door locked door The door has locked.

Door locked: Maintenance door The door has been taken out of maintenance mode. For
completed more information, see Door - "Properties" on page 409.

Door manually unlocked door In Security Desk, a user has manually unlocked a door.

Door open too long door The door has been held open for too long. To enable
this event, you must set the property “Trigger a ‘Door
open too long’ event” in the Properties tab of a Door
entity in Config Tool.

Door opened door The door has opened.

Door unlocked door The door has been unlocked.

Door unlocked: Maintenance door The door has been put into maintenance mode. For
started more information, see Door - "Properties" on page 409.

Door warning: Unit is offline door The unit associated to this door has gone offline.

Doorknob in place door The doorknob is in place and the door is closed.

Doorknob rotated door The doorknob has rotated.

Edge storage medium failure Event related to a camera that is recording directly on
the unit.

Elevator warning: Unit is elevator The unit associated to this elevator has gone offline.
offline

[Link] | Security Center Administrator Guide 5.2 758

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Entity has expired credential A credential or its associated cardholder has expired
(its status is now Expired).

Entity is expiring soon credential The Security Center generates this event to warn you
that the expiry date of an entity is approaching. The
number of days of advance warning provided by this
event must be set.

Entity warning system-wide A health warning has been issued for this entity.

Entry assumed cardholder, door, or area A cardholder was granted access to a door, elevator, or
area, and it is assumed that they entered.

Entry detected cardholder, door, or area A cardholder was granted access to a door, elevator, or
area, and their entry is detected.

File deleted camera A video file associated to a camera has been deleted
because the retention period has ended, or the archive
storage disk was full.

First person in area A cardholder has entered an empty area.

Floor accessed elevator or area An elevator floor button has been pressed.

Glass break input/zone Glass has broken.

Hardware tamper elevator or door The tamper input on a unit has been triggered.

Health event Health monitor role A health event has occurred.

Interlock is not supported by access control unit Interlock is not supported by the unit.
the unit

Interlock lockdown off access control unit Interlock lockdown has been turned off.

Interlock lockdown on access control unit Interlock lockdown has been turned on.

Interlock override off access control unit Interlock override is off.

Interlock override on access control unit Interlock override is on.

Intrusion detection area alarm intrusion detection area Intrusion detection area alarm activated.
activated

Intrusion detection area intrusion detection area Intrusion detection area arming.
arming

Intrusion detection area intrusion detection area Intrusion detection area arming postponed.
arming postponed

Intrusion detection area intrusion detection area Intrusion detection area canceled alarm.
canceled alarm

[Link] | Security Center Administrator Guide 5.2 759

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Intrusion detection area intrusion detection area Intrusion detection area cancelled postponed request.
cancelled postponed request

Intrusion detection area intrusion detection area Intrusion detection area custom event.
custom event

Intrusion detection area intrusion detection area Intrusion detection area disarm request.
disarm request

Intrusion detection area intrusion detection area Intrusion detection area disarmed.
disarmed

Intrusion detection area intrusion detection area Intrusion detection area duress.
duress

Intrusion detection area entry intrusion detection area Intrusion detection area entry delay activated.
delay activated

Intrusion detection area intrusion detection area Intrusion detection area forced arming.
forced arming

Intrusion detection area input intrusion detection area Intrusion detection area input bypass activated.
bypass activated

Intrusion detection area input intrusion detection area Intrusion detection area input bypass deactivated.
bypass deactivated

Intrusion detection area input intrusion detection area Intrusion detection area input trouble.
trouble

Intrusion detection area intrusion detection area Intrusion detection area master arm request.
master arm request

Intrusion detection area intrusion detection area Intrusion detection area master armed.
master armed

Intrusion detection area intrusion detection area Intrusion detection area perimeter arm request.
perimeter arm request

Intrusion detection area intrusion detection area Intrusion detection area perimeter armed.
perimeter armed

Intrusion detection area intrusion detection area Intrusion detection area postponed arming request.
postponed arming request

Intrusion detection unit input intrusion detection unit Intrusion detection unit input bypass activated.
bypass activated

Intrusion detection unit input intrusion detection unit Intrusion detection unit input bypass deactivated.
bypass deactivated

[Link] | Security Center Administrator Guide 5.2 760

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Intrusion detection unit input intrusion detection unit Intrusion detection unit input trouble.
trouble

Invalid custom encryption Archiver role This warning is issued by the Archiver on startup and
values every 5 minutes if one of the custom encryption values
(initial fingerprint or encryption key) specified in the
Server Admin is invalid.

Last person out area The last cardholder has exited an area.

License plate in sight LPR unit or Patroller A complete license plate has been sighted in the
camera.

License plate hit restriction, LPR unit, or A license plate read has been matched to a hotlist, an
Patroller overtime rule, or a permit restriction.

License plate out of sight LPR unit or Patroller A license plate previously sighted in the camera has
moved out of sight.

License plate read LPR unit or Patroller A license plate has been read.

License plate reading LPR unit or Patroller A clearer or more reliable reading of a sighted license
plate is available.

Live bookmark added camera A user has added a bookmark to a live video. For more
information about adding bookmarks, see the Genetec
Security Desk User Guide.

Lock released access control unit Event related to a zone entity.

Lock secured access control unit Event related to a zone entity.

Loitering camera (video analytics) Loitering activity has been detected in the camera.

Macro aborted macro Execution of a macro has failed.

Marco completed macro Execution of a macro has been completed normally.

Macro started macro Execution of a macro has begun.

Manual station activated door Someone has pulled the door emergency release
(manual pull station).

Manual station reverted to door The door emergency release (manual pull station) has
normal state been restored to it normal operating position.

Motion camera There is motion detected.

Motion off camera This event is issued following a Motion on event when
motion (measured in terms of number of motion
blocks) has dropped below the “motion off threshold”
for at least 5 seconds.

[Link] | Security Center Administrator Guide 5.2 761

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Motion on camera This event is issued when positive motion detection

has been made.

Multiple units are configured area All doors that are part of an interlock configuration
for the interlock must be controlled by the same unit.

No entry detected cardholder, door, A cardholder was granted access to a door, elevator, or
elevator, or area area, but no entry is detected.

No match hotlist A vehicle has not been matched to the hotlist

associated to the Sharp unit.

No RTP packet lost in the last camera The Archiver has received all the RTP packets in the
minute last minute.

Object condition changed camera (video analytics) An object has suddenly changed direction or speed,
such as when a person starts running or slips.

Object crossed line camera (video analytics) An object has crossed a predefined tripwire.

Object detected camera (video analytics) An object is in the camera field of view.

Object entered camera (video analytics) An object has entered the camera field of view.

Object exited camera (video analytics) An object has exited the camera field of view.

Object following route camera (video analytics) An object is following a predetermined route, in a
specific direction.

Object left camera (video analytics) An object has entered and exited the camera field of
view.

Object merged camera (video analytics) Two separate objects in the camera field of view have
merged.

Object removed camera (video analytics) An object has been removed from the camera field of
view.

Object separated camera (video analytics) An object within the camera field of view has separated
into two objects.

Object stopped camera (video analytics) A moving object has stopped.

Offload failed Patroller An offload from Patroller to Security Center has failed.

Offload successful Patroller An offload from Patroller to Security Center was

successful.

People count reset area The number of people counted in an area has been
reset to 0.

[Link] | Security Center Administrator Guide 5.2 762

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

People counting disabled: Unit area A unit has gone offline, thus disabling people counting.
is offline

Person falling camera (video analytics) A person falling has been detected in the camera.

Person running camera (video analytics) A person running has been detected in the camera.

Person sliding camera (video analytics) A person sliding has been detected in the camera.

Playback bookmark added camera A user has added a bookmark to a recorded video. For
more information about adding bookmarks, see the
Genetec Security Desk User Guide.

Protection threshold exceeded Archiver role The Protected video threshold configured for the
Archiver has been exceeded. You can monitor the
percentage of disk space occupied by protected video
files from the Statistics page in the Archiver's
Resources tab in Config Tool.

PTZ activated camera (PTZ) A user started using the PTZ after it has been idle. The
Description field indicates the user who activated the
PTZ. This event is regenerated every time a different
user takes control of the PTZ, even when the PTZ is
still active.

PTZ locked camera (PTZ) A user has tried to move the PTZ while it is being
locked by another user with a higher PTZ priority. The
Description field indicates the machine, application
type, and user who currently holds the lock.

PTZ stopped camera (PTZ) The PTZ has not been manipulated by any user after a
predetermined period of time. The Description field
indicates the user who last used the PTZ.

PTZ zoom by user camera (PTZ) A user started zooming the PTZ. The Description field
indicates the user who performed the zoom.
Subsequent PTZ zoom by user events are generated if
another user zooms the PTZ, or if the original user
zooms the PTZ after the Idle delay has expired.

PTZ zoom by user stopped camera (PTZ) The PTZ has not been zoomed by any user after a
predetermined period of time. The Description field
indicates the user who last zoomed the PTZ.

[Link] | Security Center Administrator Guide 5.2 763

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Receiving RTP packets from camera The Archiver is receiving more than one video stream
multiple sources for the same camera.
IMPORTANT When this rare situation arises, the
Archiver cannot tell which stream is the correct one
simply by looking at the source IP address because of
the NAT (Network Address Translation), so an
arbitrary choice is made. This can result in the wrong
video stream being archived. However, the source IP
address and port number of both streams are indicated
in the Description field, and the two sources are labeled
Archived and Rejected. You can find the faulty unit
that is causing this conflict.

Recording started (alarm) camera The recording on a camera has been started as the
result of an alarm being triggered.

Recording started camera The recording on a camera has been started by a

(continuous) continuous archiving schedule.

Recording started (external) camera The recording on a camera has been started by the Start
recording action. This action could have been triggered
by another event or executed from a macro.

Recording started (motion) camera The recording on a camera has been started through
motion detection.

Recording started (user) camera The recording on a camera has been started manually
by a user.

Recording stopped (alarm) camera The recording on a camera has stopped because the
alarm recording time has elapsed.

Recording stopped camera The recording on a camera has stopped because it is no

(continuous) longer covered by a continuous archiving schedule.

Recording stopped (external) camera The recording on a camera has been stopped by the
Stop recording action. This action could have been
triggered by another event or executed from a macro.

Recording stopped (motion) camera The recording on a camera has stopped because the
motion has ceased.

Recording stopped (user) camera The recording on a camera has been stopped manually
by a user.

Request to exit door Someone has pressed the door release button or has
triggered a request to exit motion detector. The request
to exit event has special filtering to make this feature
compatible with motion detection request to exit
hardware. Set these properties in the Config Tool >
Door > Properties tab.

[Link] | Security Center Administrator Guide 5.2 764

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Request to exit normal door No request to exit is being made.

RTP packets lost camera There are RTP packets that the Archiver never
received. This could happen if the packets have been
lost on the network, or if the Archiver does not have
enough CPU to process all the packets received on the
network card. The Description field indicates the
number of packets lost since the last time this event
was issued (no more than once every minute).

Scheduled controlled access elevator The schedule for controlled access to elevator floors
now applies.

Scheduled free access elevator The schedule for free access to elevator floors now
applies.

Scheduled lock door The door unlock schedule has expired, the lock is now
re-asserted (door is locked).

Scheduled unlock door The door lock is unlocked due to a programmed

unlock schedule.

Signal lost camera The unit signal has been lost.

Signal recovered camera The unit signal has been recovered.

Synchronization completed: external system The synchronization of an external system has

External system completed.

Synchronization error: external system The synchronization of an external system has resulted
External system in an error.

Synchronization started: external system The synchronization of an external system has started.
External system

Tailgating camera (video analytics) Two people have entered a secured area following each
other very closely.

Threat level cleared System, area A threat level has been cleared on your system or on
specific areas.

Threat level set System, area A threat level has been set on your system or on
specific areas.

Transmission lost camera The Archiver is still connected to the camera, but it has
not received any video packets for more than 5
seconds.

Transmission recovered camera The Archiver has started to receive video packets from
the camera once again.

[Link] | Security Center Administrator Guide 5.2 765

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Event types

Event Source entity Description

Undefined video analytics camera (video analytics) A video analytics event has been issued, but it is not yet
event mapped to a Security Center event.

Unit connected unit The connection to a unit has been established or

restored.

Unit failed to respond to edge Event related to a camera that is recording directly on
video request the unit.

Unit lost unit The connection to a unit has been lost.

Update failed Patroller, Mobile Sharp An update on Patroller or a Mobile Sharp unit has
failed, or a file could not be synchronized on a Patroller
computer.

Update installation completed Patroller, Mobile Sharp An update has completed on Patroller or a Mobile
Sharp unit, and no reboot is required.

Update installation started Patroller, Mobile Sharp A user has started an updated on Patroller by clicking
the “Update” icon.

Updated published Patroller, Mobile Sharp An update has been processed, and is ready to be
deployed to Patroller.

Update uninstallation Patroller, Mobile Sharp A rollback on Patroller or a Mobile Sharp unit has
completed completed.

Update uninstallation started Patroller, Mobile Sharp A user has started a rollback on Patroller by clicking
the “Rollback” icon.

User logged off user A user has logged off of a Security Center application.

User logged on user A user has logged on to a Security Center application.

VRM connection attempt The Archiver has attempted to connect to a VRM unit.

VRM connection failure The Archiver has failed to connect to a VRM unit.

Window closed input/zone A physical window has closed.

Window opened input/zone A physical window has opened.

Zone armed zone A zone has been armed.

Zone disarmed zone A zone has been disarmed.

[Link] | Security Center Administrator Guide 5.2 766

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action types

Action types
All actions in Security Center are associated with a target entity, which is the main entity affected
by the action. Additional parameters are indicated in the Description column. All parameters
must be configured for an action to be valid.
For more information, see "Create an event-to-action" on page 107.
Security Center supports the following actions:

Action Target entity Description

Add bookmark camera Adds a bookmark to a camera recording.

Additional parameter:
• Message. Bookmark text.

Arm intrusion intrusion detection Arms an intrusion detection area.

detection area area Additional parameters:
• Mode: Either Master arm or Perimeter arm.
• When. Either immediately or with a delay.

Arm zone virtual zone Arms a virtual zone.

Block and unblock camera Blocks or unblocks a camera from other users in the system.
video Additional parameters:
• Block/Unblock. Select whether the action will block or
unblock the camera.
• End. Select how long to block the video for:
 For. The video is blocked from users for the selected
amount of time.
 Indefinitely. The video is blocked from users until you
manually unblock it.
• User level. Select a minimum user level. All users with a level
lower than the one you select are blocked from viewing video.

Cancel postpone intrusion detection Cancels the postponed arming of an intrusion detection area.
intrusion detection area
area arming

Clear tasks Security Desk Clears the task list in the specified Security Desk monitors.
(Destination) Additional parameter:
• Destination. Online Security Desk application.
 User. All monitors of all Security Desk applications
connected with the specified username.
 Monitor. Specific Security Desk monitor identified by a
machine name and a monitor ID.

[Link] | Security Center Administrator Guide 5.2 767

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action types

Action Target entity Description

Disarm intrusion intrusion detection Disarms an intrusion detection area.

detection area area

Disarm zone virtual zone Disarms a virtual zone.

Display a camera on an analog monitor Displays a camera in an analog monitor in a canvas tile.
analog monitor Additional parameters:
• Camera. Select which camera to display in the analog
monitor. The camera must be supported by the analog
monitor, and use the same video format.
• Analog monitor. Select an analog monitor to display the
camera in.

Display an entity in the users (Recipients) Displays a list of entities in the Security Desk canvas of selected
Security Desk users, in terms of one entity per tile. This action is ignored if a
user does not have a Monitoring task open in Security Desk.
Additional parameters:
• Entities. List of entities to display. Each entity is displayed in a
separate tile.
• Display option
 View in a free tile. Only use free tiles.
 Force display in tiles. Display in free tiles first. When there
are no more free tiles, use the busy tiles following the tile
ID sequence.

Email a report users (Recipients) Sends a report (based on a saved reporting task) as an email
attachment to a list of users.
Additional parameters:
• Report. Public reporting task used as report template.
• Format. Report format, either PDF or Excel.

Forgive antipassback cardholder or Forgives an antipassback violation for a cardholder, or

violation cardholder group cardholder group.

Go home dome camera Commands the selected dome camera to go to its home position.
Not all dome cameras support this feature.

Go to preset dome camera Commands the dome camera to go to the specified preset
position.
Additional parameter:
• Preset. Preset position (number) to go to.

Import from file user (Recipient) Imports a file and sends the import results to a user.
Additional parameter:
• File name. Opens the Import tool window, where you can
select the file that is used to import the data. For more
information, see "Import tool" on page 663.

[Link] | Security Center Administrator Guide 5.2 768

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action types

Action Target entity Description

Override with event camera Sets the Boost quality on event recording to ON for the
recording quality selection camera and applies the custom boost quality recording
settings. Selecting this option overrides the general settings for
event recording. The effect of this action lasts as long as it is not
modified by another action, such as Recording quality as
standard configuration, or until the Archiver restarts.

Override with manual camera Sets the Boost quality on manual recording to ON for the
recording quality selection camera and applies the custom boost quality recording
settings. Selecting this option overrides the general settings for
event recording. The effect of this action lasts as long as it is not
modified by another action, such as Recording quality as
standard configuration, or until the Archiver restarts.

Play a sound user or user group Plays a sound bite in a user or user group’s Security Desk. This
action is ignored if the user is not running Security Desk.
Additional parameter:
• Sound to play. Sound file (.wav) to play. For the user to hear
the sound bite, the same sound file must be installed on the
PC where Security Desk is running. The standard alert sound
files that come with the installation are located in C:\Program
files\Genetec Security Center 5.2\Audio.

Postpone intrusion intrusion detection Postpones the intrusion detection area arming.
detection area arming area Additional parameters:
• Arming mode: Either Master arm or Perimeter arm.
• Postpone for. Set how long to postpone the arming for, in
seconds.
• Arming delay. Set the arming delay in seconds.

Recording quality as camera Cancels the effect of the Override with manual/event recording
standard configuration quality actions and restores the standard recording
configuration.

Reset area people count area Resets the people counter in an area.

Reset external system Omnicast Federation Forces the Omnicast Federation role to reconnect to the remote
role Omnicast system.

Run a macro macro Starts the execution of a macro.

Additional parameter:
• Context: Specific value settings for the context variables.

Run a pattern dome camera Commands the dome camera to run the specified pattern.
Additional parameter:
• Pattern. Pattern number to run.

[Link] | Security Center Administrator Guide 5.2 769

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action types

Action Target entity Description

Send a message user or user group Sends a pop-up message to a user’s Security Desk. This action is
(Recipient) ignored if the user is not running Security Desk.
Additional parameter:
• Message. Text to be to displayed in the pop-up message.

Send an email user, user group, Sends an email to users or cardholders. The selected user must
cardholder, have an email address configured, and the mail server must be
cardholder group properly configured for Security Center, or the action is ignored.
(Recipient) Additional parameter:
• Message. The email text to be sent to the recipient.

Send task Security Desk Sends and adds a public task to a Security Desk application.
(Destination) Additional parameters:
• Task. Public task to send.
• Destination. Online Security Desk application.
 User. All Security Desk connected with that user.
 Monitor. Specific Security Desk monitor identified by a
machine name and a monitor ID.

Set reader mode cardholder, credential (Only available when creating threat levels) Sets a reader mode
for accessing doors when a threat level is set.
Additional parameters:
• Location. The areas where this reader mode applies when a
threat level is set.
• Reader mode. Select whether access is granted using a card
and PIN, or card or PIN, for the selected areas.

Set the door door Sets the Unlocked for maintenance status of a door to on or off.
maintenance mode Additional parameter:
• Maintenance. Desired maintenance mode (On or Off).

Set threat level system, area Sets a threat level on your Security Center system, or on specific
areas.
Additional parameters:
• Area. Select which areas to set the threat level on. Can be your
entire system, or specific areas.
• Threat level. Select which threat level to set.

Silence buzzer door Resets the Buzzer output defined for a door. This action sets the
Buzzer option to None in the Hardware tab of a door in Config
Tool.

Sound buzzer door Sets the Buzzer output defined for a door. The buzzer sound is
specified under the Buzzer option in the Hardware tab of a door
in Config Tool.

[Link] | Security Center Administrator Guide 5.2 770

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action types

Action Target entity Description

Start applying video camera Starts protecting upcoming video recordings against deletion.
protection The protection is applied on all video files needed to store the
protected video sequence. Since no video file can be partially
protected, the actual length of the protected video sequence
depends on the granularity of the video files.
When multiple Start applying video protection actions are
applied on the same video file, the longest protection period is
kept.
Additional parameters:
• Keep protected for. Duration of the video protection.
 Specific. Sets the protection period in number of days.
 Infinite. The protection can only be removed manually
from the Archive storage details task.
• Protect video for next. Duration of the video to protect.
 Specific. Sets the duration in minutes and hours.
 Infinite. All future recordings are protected until the action
Stop applying video protection is executed.

Start recording camera Starts recording on the specified camera. This action is ignored if
the camera is not on an active recording schedule. Recordings
started by this action cannot be stopped manually by a user.
Additional parameter:
• Recording duration. Sets the duration of the video recording.
 Default. Sets the duration to follow the value defined in
Default manual recording length configured for the camera.
 Infinite. The recording can only be stopped by the Stop
recording action.
 Specific. Sets the recording duration in seconds, minutes,
and hours.

Stop applying video camera Stops protecting upcoming video recordings against deletion.
protection This action does not affect the video archives that are already
protected.
Additional parameter:
• Stop in. Sets the video protection to stop Now or in a Specific
amount of time in minutes and hours.

Stop recording camera Stops recording on the specified camera. This action only works
if the recording was started by the Start recording action.
Additional parameter:
• Stop in. Sets the recording to stop Now or in a Specific
amount of time in seconds, minutes and hours.

[Link] | Security Center Administrator Guide 5.2 771

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Action types

Action Target entity Description

Temporarily override door Temporarily locks or unlocks a door for a given period of time.
unlock schedules Additional parameters:
• Lock mode. Select Unlocked or Locked.
 For. Amount of time in minutes or hours.
 From/To. Date and time range to unlock the door.

Trigger alarm alarm Triggers an alarm.

NOTE Triggering an alarm might generate additional events,
depending on the alarm configuration.
Additional parameters:
• Acknowledgement condition. Event type that must be
triggered before the alarm can be acknowledged.
• User acknowledgement required. Select whether the alarm
must be manually acknowledged, or if it is automatically
acknowledged by the system after the acknowledgement
condition is cleared.

Trigger intrusion alarm intrusion detection Triggers a physical alarm on an intrusion detection area.
area Additional parameter:
• Recipient type. Type of alarm trigger, either the intrusion
detection area or a specific alarm input.

Trigger output output pin (unit) Triggers an output behavior on an output pin of a unit. For
example, an action can be configured to trigger the output pin of
a unit (controller or input/output module).
Additional parameter:
• Output behavior. Select the output behavior to trigger.

Trigger role (that needs Starts a synchronization process on the specified role (Active
synchronization synchronization) Directory or Global Cardholder Synchronizer).

Unlock door explicitly door Temporarily unlocks a door for five seconds, or the Standard
grant time configured for that door.

[Link] | Security Center Administrator Guide 5.2 772

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 20
Keyboard shortcuts in Config Tool
Learn about the default keyboard shortcuts available in Config Tool.
This section includes the following topics:
• "Default keyboard shortcuts" on page 774

[Link] | Security Center Administrator Guide 5.2 773

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Default keyboard shortcuts

Default keyboard shortcuts

This table lists the default keyboard shortcuts you can use in Config Tool. This list is categorized
alphabetically by command.
NOTE You can change the keyboard shortcuts in the Keyboard shortcuts tab of the Options dialog
box. See "Keyboard shortcuts" on page 687.

Command Description Shortcut

General commands

Apply changes Apply the changes made to your current configuration tab. CTRL+S

Exit application Close Config Tool. ALT+F4

Full screen Toggle between displaying Config Tool in full screen and F11
windows mode.

Go to next page Switch to the next Config Tool task tab. CTRL+TAB

Go to previous page Switch to the previous Config Tool task tab. CTRL+SHIFT+TAB

Help Open the online help. F1

Home page Go to the Home page. For more information, see "Home page CTRL+GRAVE ACCENT
overview" on page 14. (‘)

Options Open the Options dialog box. CTRL+O

Select columns Select which columns to show/hide in the report pane. CTRL+SHIFT+C

Camera commands

Add a bookmark Add a bookmark to video in the selected tile (for live video B
only).

Copy statistics of the Copy the statistics of the selected tile. CTRL+SHIFT+X
currently selected video
tile

Show statistics overlay Show/hide the statistics summary of the video in the selected CTRL + SHIFT + A
on the video tile tile.

Show status overlay on Show/hide the status summary of the video in the selected CTRL+SHIFT+D
the video tile tile.

PTZ commands

Go to preset Jump to a PTZ preset you select. SHIFT+<PTZ preset>

Pan left Pan the PTZ camera image to the left. LEFT ARROW

[Link] | Security Center Administrator Guide 5.2 774

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Default keyboard shortcuts

Command Description Shortcut

Pan right Pan the PTZ camera image to the right. RIGHT ARROW

Tilt down Tilt the PTZ camera image down. DOWN ARROW

Tilt up Tilt the PTZ camera image up. UP ARROW

Zoom in Zoom in the PTZ camera image. Hold the PLUS SIGN (+)

Zoom out Zoom out the PTZ camera image. Hold the HYPHEN (-)
key

Task commands

Rename task Rename the selected task. F2

Save as Save a task under a different name and scope (private or CTRL+T
public).

Save workspace Save the task list so that it is automatically restored the next CTRL+SHIFT+S
time you log on to the system with the same user name.

Saved tasks Open the Public tasks page from the Home page. For more CTRL+N
information, see "Home page overview" on page 14.

[Link] | Security Center Administrator Guide 5.2 775

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Part VII

Appendices
Learn about the user privileges, event and action types, license options, and HID access control units available
in Security Center.
This part includes the following appendices:
• Appendix A, “License options” on page 777
• Appendix B, “Default Security Center ports” on page 785
• Appendix C, “HID reference” on page 790
• Appendix D, “Bosch reference” on page 812
• Appendix E, “Honeywell reference” on page 814
 A
License options
This section describes all Security Center software license options, and how to view your license
information.
This section includes the following topics:
• "Viewing license information from Config Tool" on page 778
• "Viewing license information from Server Admin" on page 779
• "License option descriptions" on page 780

[Link] | Security Center Administrator Guide 5.2 777

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing license information from Config Tool

Viewing license information from Config Tool

From the Home page in Config Tool, click About.

NOTE You might not see all the tabs shown in this sample screen shot if your license does not
support all the solution components.
• License. This tab tells you when your software license expires, and gives you the
information you need to provide when contacting Genetec Technical Assistance Center:
System ID, Package name, Service maintenance agreement (SMA) number, and so on.
IMPORTANT Seven days before your license expires, you receive a warning message.

• Security Center. This tab shows all generic Security Center options. A feature is either
supported or limited by a maximum use count. For the latter, the Support column shows the
current use vs. the maximum allowed.
• Synergis. This tab is shown only if Synergis (access control) is supported.
• Omnicast. This tab is shown only if Omnicast (video surveillance) is supported.
• AutoVu. This tab is shown only if AutoVu (LPR) is supported.
• Mobile. This tab is shown only if Security Center Mobile is supported.
• Certificates. This tab lists all the supported software certificates, such as plugin certificates.
• Purchase order. This tab reproduces your order.

[Link] | Security Center Administrator Guide 5.2 778

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Viewing license information from Server Admin

Viewing license information from Server Admin

1 Log on to your main server using Server Admin.
For more information, see "Open Server Admin using Internet Explorer" on page 48.
2 Select the Directory tab, scroll to the License section, and click License information.

NOTE You might not see all the tabs shown in this sample screen shot if your license does not
support all the solution components.
• Overview. This tab tells you when your software license expires and gives you the
information you need to provide when contacting Genetec Technical Assistance Center:
System ID, Package name, Service maintenance agreement (SMA) number, and so on.
• Security Center. This tab shows all generic Security Center options. A feature is either
supported or limited by a maximum use count.
• Synergis. This tab is shown only if Synergis (access control) is supported.
• Omnicast. This tab is shown only if Omnicast (video surveillance) is supported.
• AutoVu. This tab is shown only if AutoVu (LPR) is supported.
• Mobile devices. This tab is shown only if Security Center Mobile is supported.
• Certificates. This tab lists all the supported software certificates, such as plugin certificates.

[Link] | Security Center Administrator Guide 5.2 779

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 License option descriptions

License option descriptions

This section describes the meaning of all Security Center license options. A feature is either
supported or limited by a maximum use count. For the latter, only the Config Tool shows the
current use vs. the maximum allowed.
TIP Some options feature an On/Off switch. If you do not use that option in your system, turn
the switch OFF to simplify the user interface.
This section includes the following topics:
• "Security Center license options" on page 780
• "Synergis license options" on page 781
• "Omnicast license options" on page 782
• "AutoVu license options" on page 783
• "Mobile license options" on page 783
• "Certificate license options" on page 784

Security Center license options

This section describes the generic Security Center license options.
• Macros. Allows you to create macros in your system. For more information, see "Using
macros" on page 110.
• Threat level. Allows you to create threat levels in Config Tool, as well as set threat levels in
Security Desk.
• Remote Security Desk. Allows you to remotely monitor and control other Security Desk
workstations and monitors, using the Remote task on your local Security Desk.
• Alarms. Allows you to create and manage alarms in Config Tool, and use the Alarm
monitoring and Alarm report tasks in Security Desk.
• Hot actions. Allows you to trigger hot actions in Security Desk.
• Audio. Allows you to configure sounds bites on your system in Config Tool, and use them
in event-to-actions.
• Partitions. Allows you to configure and use partitions in Security Center.
• Intrusion detection. Allows you to configure intrusion detection entities in Config Tool, as
well as monitor intrusion detection entities in Security Desk.
• Time zone. Allows you to configure the unit time zone when a Location property tab is
displayed, as in video unit configuration for example.
• Automatic email notifications. Allows you to set up an email server for email
notifications, including:
 Receiving email notifications from the Watchdog.

[Link] | Security Center Administrator Guide 5.2 780

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 License option descriptions

 Using Send an email and Email a report actions.

• Web SDK. Allows you to create Web-based SDK roles. For more information, see
"Supporting cross-platform development" on page 164.
• Plan Manager Basic. Allows you to use Plan Manager in Basic mode. For more information
about Plan Manager, see the Plan Manager User Guide.
• Plan Manager Standard. Allows you to use Plan Manager in Standard mode. For more
information about Plan Manager, see the Plan Manager User Guide.
• Plan Manager Advanced. Allows you to use the Advanced configuration of Plan Manager
in Advanced mode. For more information about Plan Manager, see the Plan Manager User
Guide.
• Number of custom fields. Maximum number of custom fields that you are allowed to
define. For more information, see System – General settings – "Custom fields" on page 625.
• Number of federated systems. Maximum number of federated systems allowed, counting
both Omnicast 4.x and Security Center systems. For more information, see "Federating
remote systems" on page 128.
• Number of Security Desk connections. Maximum number of simultaneous Security Desk
connections allowed on your system.
• Number of Active Directories. Maximum number of Active Directory domains that can be
synchronized with your system. For more information, see "Importing users from an Active
Directory" on page 102.
• Number of additional Directory servers. Maximum number of Directory servers you can
have in addition to your main server to set up a high availability system. For more
information, see "Configuring Directory failover and load balancing" on page 66.
• Number of intrusion detection units. Maximum number of intrusion panels supported on
your system. For more information, see "Managing intrusion panels" on page 155.
• Number of input pins. Maximum number of input pins that can be configured for doors,
elevators, and zones.
• Number of output pins. Maximum number of input pins that can be configured can be
configured for doors, elevators, and zones.
• Number of cash registers. Maximum number of cash registers that you can import from an
external point of sale system. For more information, see "Point of Sale" on page 601.

Synergis license options

This section describes the Synergis access control license options.
• Card requests. Allows users to request card credentials to be printed by other users on the
system. Also allows you to create request reasons in Config Tool.
• Import Tool. Allows you to import cardholders and credentials from a flat file. For more
information, see "Import tool" on page 663.

[Link] | Security Center Administrator Guide 5.2 781

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 License option descriptions

• Antipassback. Allows you to configure areas with antipassback restrictions. For more
information, see "Configure antipassback" on page 283.
• People counting. Allows you to use the People counting task in Security Desk.
• Badge template. Allows you to define badge templates in your system.
• USB enrollment reader. Allows you to detect and use USB readers on your system.
• Visitors. Allows you to use the Visitor management task in Security Desk.
• Number of cardholders and visitors. Maximum number of cardholders and visitors
allowed on your system, including those imported from Active Directories. For more
information, see "Configuring cardholders and cardholder groups" on page 286.
• Number of readers. Maximum number of readers that can be configured for doors and
elevators on your system.
• Number of Access Managers. Maximum number of Access Manager roles that can be
created on your system. For more information, see "Configuring the Access Manager role"
on page 263.
• Number of Global Cardholder Synchronizers. Number of Global Cardholder
Synchronizer roles allowed on your system. For more information, see "Managing global
cardholders" on page 300.

Omnicast license options

This section describes the Omnicast video surveillance license options.
• Number of cameras. Maximum number of cameras allowed on your system. Both cameras
managed locally by your system and those federated from remote systems are counted.
• Number of OVReady cameras. Maximum number of OVReady cameras (with video
analytics capabilities) allowed on your system.
• Number of panoramic cameras. Number of panoramic cameras allowed on your system.
• Number of DVR inputs. Number of video inputs from DVRs (digital video recorders)
allowed on your system.
• Number of analog monitors. Maximum number of analog monitors allowed on your
system.
• Number of Auxiliary Archivers. Number of Auxiliary Archiver roles allowed on your
system. For more information, see "Configuring the Auxiliary Archiver role" on page 205.
• Audio. Allows your system to stream audio and enables all audio features on your system.
• Forensic search. Enables the Forensic search task in Security Desk.
• Trickling. Enables data to be transferred in small amounts at specific or pre-determined
time from the edge-recording units to the Archiver. For more information, see
"Configuring video units for trickling" on page 198.
• Camera blocking. Allows you to block video from other users on the system.

[Link] | Security Center Administrator Guide 5.2 782

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 License option descriptions

AutoVu license options

This section describes the AutoVu LPR license options.
• Security Desk map. Type of map engine supported in Security Desk: Bing or MapInfo.
• Geocoder. Type of map engine used by the LPR Manager for geocoding: Bing or MapInfo.
• Microsoft Bing license expiration date. Bing license expiration date.
• Data import. Allows data to be imported from AutoVu 4.3 systems. For more information,
see "Data import" on page 589.
• XML import. Allows you to import data from third-party applications. For more
information, see "XML import" on page 582.
• Number of LPR Managers. Maximum number of LPRManager roles allowed on your
system.
• Number of fixed Sharp units. Maximum number of fixed Sharp units allowed on your
system.
• Number of Patrollers - Law Enforcement. Maximum number of Patrollers configured for
Law Enforcement allowed on your system.
• Number of Patrollers - City Parking Enforcement. Maximum number of Patrollers
configured for City Parking Enforcement allowed on your system.
• Number of Patrollers - University Parking Enforcement. Maximum number of Patrollers
configured for University Parking Enforcement allowed on your system.
• Number of Patrollers - MLPI. Maximum number of Patrollers configured for Mobile
License Plate Inventory allowed on your system.
• Number of Patrollers equipped with maps. Maximum number of Patrollers equipped
with maps allowed on your system.

Mobile license options

This section describes the Genetec Security Center Mobile license options.
• Number of mobile device servers. Maximum number of Mobile Servers allowed on your
system.
• Number of mobile devices. Maximum number of simultaneous Mobile app connections
allowed on your system.
• Number of Web Clients. Maximum number of Web Client connections allowed on your
system.

[Link] | Security Center Administrator Guide 5.2 783

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 License option descriptions

Certificate license options

This section describes the certificate license options. Each certificate is identified by an
application/plugin name and the publisher name. The option specifies the maximum number of
simultaneous connections from each type of application on your system.

[Link] | Security Center Administrator Guide 5.2 784

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 B
Default Security Center ports
This section describes all default ports used by Security Center. Make sure these ports are open
and redirected for firewall and network address translation purposes.
This section includes the following topics:
• "Common communication ports" on page 786
• "AutoVu-specific ports" on page 787
• "Synergis-specific ports" on page 788
• "Omnicast-specific ports" on page 789

[Link] | Security Center Administrator Guide 5.2 785

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Common communication ports

Common communication ports

The following table lists the default network ports used by Security Center applications.
Computer Inbound Outbound Port usage

Main server TCP 5500 Directory connection requests

Expansion servers TCP 5500 Directory connection requests

Client workstations TCP 5500 Directory connection requests

All servers TCP 4502 TCP 4502 Communication between servers

(hosting any role)
HTTP 80 Connection via Server Admin

Intrusion Manager TCP 3001 TCP 3001 Bosch intrusion panels

[Link] | Security Center Administrator Guide 5.2 786

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 AutoVu-specific ports

AutoVu-specific ports
The following table lists the default network ports used by Security Center/AutoVu applications.
Computer Inbound Outbound Port usage

LPR Manager UDP 5000 Fixed Sharp unit discovery

TCP 8731 Fixed Sharp units and Patrollers

TCP 8832 Patroller hotfix requests

[Link] | Security Center Administrator Guide 5.2 787

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Synergis-specific ports

Synergis-specific ports
The following table lists the default network ports used by Security Center/Synergis applications.
Computer Inbound Outbound Port usage

Access UDP/TCP 4070 UDP/TCP 4070 • HID VertX/Edge controllers

Manager • HID Vertx/Edge EVO controllers

TCP 20 TCP 21, 23 HID VertX/Edge controllers

TCP 4050 • HID VertX/Edge controllers

• HID Vertx/Edge EVO controllers

TCP 22 HID Vertx/Edge EVO controllers

For information about HID hardware setup, see "Refer to HID’s documentation for initial
hardware setup" on page 791.

[Link] | Security Center Administrator Guide 5.2 788

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Omnicast-specific ports

Omnicast-specific ports
The following table lists the default network ports used by Security Center/Omnicast
applications.
Computer Inbound Outbound Port usage

Archiver TCP 555 Live and playback stream requests

UDP 15000–16000 UDP 15000–16000 Live unicast streams (audio & video)

TCP & UDP Vendor specific ports for events and

unit discovery

UDP 47806 UDP 47806 Live audio & video multicast streams

TCP 554 or Typical port used to request video from

HTTP 80 a unit

Telnet 5602 Telnet Console connection requests

Auxiliary TCP 558 Playback stream requests

Archiver

Media Router TCP 554 Live and playback stream requests

Redirector TCP 560 Live and playback stream requests

UDP 8000–12000 Live audio & video unicast streams

UDP 47806 UDP 47806 Live audio & video multicast streams

TCP 555 Communication with Archiver

Security Desk UDP 6000–6500 Live audio & video unicast streams
& Config Tool
UDP 47806 Live multicast video streams

UDP 47807 Live multicast audio streams

TCP 554–560 Live and playback audio/video requests

[Link] | Security Center Administrator Guide 5.2 789

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 C
HID reference
This section describes additional information concerning the setup and configuration of HID
access control units.
This section includes the following topics:
• "Network configuration" on page 791
• "Using the HID Discovery GUI utility" on page 792
• "HID initial configurations" on page 793
• "Special considerations when configuring HID units" on page 794
• "Interpreting the Power and Comm LEDs on an HID unit" on page 796
• "Supported features and models" on page 797
• "Access control unit modes of operation" on page 800
• "Access control unit configuration" on page 808
• "Wiring diagrams" on page 809

[Link] | Security Center Administrator Guide 5.2 790

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Network configuration

Network configuration
HID VertX (V1000, V2000), and Edge devices are IP devices that can acquire their network
address automatically when your network has a DHCP server (the default). They can also be
configured with static addresses (recommended).

Refer to HID’s documentation for initial hardware setup

HID device documentation can be found in the Documentation\Controllers folder of your
Security Center installation package:
• HID VertX
 HID VertX OEM Quick Installation Guide V100, V200, V300, V1000, and V2000 for
configuration information.
 HID VertX Install Wiring Diagram Example for wiring examples.
• HID Edge device
 HID EdgeReader Wiring Instructions for wiring examples.

HID documentation can also be downloaded from [Link].

The discovery port of an HID unit is fixed at 4070. Once it is discovered, the unit is assigned to
an Access Manager that uses the ports shown in the following table to control it.

Computer Inbound Outbound Port usage

Access Manager UDP/TCP 4070 UDP/TCP 4070 HID VertX controllers

TCP 20 TCP 21, 23 HID VertX controllers

TCP 4050 HID VertX controllers

The initial discovery can be performed with either the Security Center’s Unit Discovery Tool (see
"Unit discovery tool" on page 659), or with the HID Discovery GUI.
NOTE The Security Center’s Unit Discovery Tool does not let you assign or modify the IP
configuration of an HID unit. If you do not have a DHCP server on your network, or if you want
to modify the initial IP configuration of the HID unit, this should be done with the HID
Discovery GUI. It can be downloaded from [Link]
[Link].

[Link] | Security Center Administrator Guide 5.2 791

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Using the HID Discovery GUI utility

Using the HID Discovery GUI utility

The HID Discovery GUI utility is a Windows application designed to scan a local network and
report what HID devices are found. Typically, is used to perform the initial discovery and apply
IP configurations to your HID hardware before enrolling them into your Security Center
system.

To use the HID Discovery GUI:

1 Launch the utility.
The HID Discovery GUI can be found in your Windows Start menu > All Programs >
VertX Toolbox > Discovery GUI.
2 When the application launches, it immediately scans the local network.

The following columns are displayed:

 Type. HID device model.
 MAC Address. MAC address of the device’s network interface (also used as serial
number).
 Host Name. Name assigned to the device (by default, same as “Type”).
3 To cause the unit’s LED to blink so it can be identified, click the Blink ON button.
4 To go to the unit’s configuration Web page, click the Configure Unit hyperlink.
5 To re-scan the network to find HID devices, click the Refresh button.

[Link] | Security Center Administrator Guide 5.2 792

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 HID initial configurations

HID initial configurations

If no DHCP server is present, you need to assign a static IP configuration to the unit.
As long as an HID unit has a valid IP configuration, it can be “seen” by the Security Center’s
Access Manager, and you know the username and password to connect to the unit, everything
else can be done once it has been enrolled into Security Center.

To prepare your unit for enrollment into Security Center:

1 Launch the HID Discovery GUI and scan for devices on your network.
2 If you do not find the desired results, disconnect your workstation’s network cable from the
wall (or switch) and plug it directly into the HID unit.

The address [Link] is the factory-assigned default address for every HID device.
Even if the unit has been configured with an IP configuration, it still listens on this address
for (possible) troubleshooting needs.
3 If a change in IP configuration is required, this is performed from the device’s configuration
Web page. You can open the device’s Web page one of the following ways:
 In the HID Discovery GUI, click the Configure Unit hyperlink.
 Type [Link] in your Web browser.
4 Authentication is required to connect to an HID unit’s web page. By default:
 User Name: root
 Password: pass
5 The first page displayed from the HID unit will be it’s Basic Setup page. It is on this page
that you can assign the device’s IP configuration.
CAUTION If no DNS server is present on your network, you must use the unit’s own IP
address for the Primary DNS Server value. Furthermore, the Basic Central Station’s IP
address should be set to the IP address of your Security Center server running the Access
Manager role.
6 Scroll down, and click the link to Change Login Password.
(NB: This refers to the user admin not the user root)
7 Scroll to the bottom of the page, and click Submit.
The unit applies the new IP configuration, and reboot.
The unit is now ready to be enrolled in Security Center.

[Link] | Security Center Administrator Guide 5.2 793

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Special considerations when configuring HID units

Special considerations when configuring HID units

Some special considerations should be taken into account when working with HID inputs and
outputs.
This section includes the following topics:
• "For HID V1000 units" on page 794
• "Other HID hardware" on page 794
• "HID factory default input settings" on page 794
• "Modify input configurations" on page 795

For HID V1000 units

It is not recommended to use an HID VertX V1000 inputs and outputs for special purpose
requirements such as:
• A door: REX, door sensor, door lock
• Interlock override or lockdown
• Elevator control floor tracking
• Door buzzer
• IO linking (Hardware zone)
Instead, you should use the inputs and outputs from the V1000’s sub-panels (V200’s, V300’s)
for these purposes.

Other HID hardware

Any unused inputs (including AC Fail, Battery Fail and REX) can be used for other purposes
except the Tamper and Door Monitor inputs. These two types of inputs can only be used for their
specified purpose.

HID factory default input settings

HID units have the following configurations applied to the inputs:
• The door monitor input is configured by default as normally closed (NC), and not
supervised (no EOL resistors). This means that if nothing is connected to the door monitor
input, the unit will emit beeps to signal that the door is open. To correct this, connect the
door monitor input to an actual door monitor, or reconfigure the input to normally open
(NO). See illustration below.
• All other inputs are configured as normally open (NO), not supervised (no EOL resistors).

[Link] | Security Center Administrator Guide 5.2 794

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Special considerations when configuring HID units

Modify input configurations

1 Select the unit from the Config Tool’s Roles view task, and click the Properties tab.
2 In the Additional settings section, modify the Contact type / Supervision mode of the
inputs and outputs attached to the unit.

[Link] | Security Center Administrator Guide 5.2 795

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Interpreting the Power and Comm LEDs on an HID unit

Interpreting the Power and Comm LEDs on an HID unit

HID units are equipped with 2 status LEDS; One is labelled Power, and the other is labelled
Comm. You can find these LED’s on top of the face plate for V1000’s and V2000’s. For Edge and
Edge Plus devices, the LED’s are found on the bottom of the unit.

Table 22-2: V1000, V2000 and Edge Reader power & Comm LED’s
LED indicator State Description

Off Check input voltage to the unit

Power Solid red No network activity

Blinking (Red/Off) Network activity

Solid green All interfaces found (eg. V100, V200, V300)

Solid red No interfaces found

Comm Some interfaces were found (the duty cycle changes

Blinking (Red/Green)
according to the number of interfaces found).

The unit is in “Locate me” mode (somebody clicked

Blinking (Amber/Green)
the “Identify” button).

For VertX V1000 units: If the Comm LED indicator is off, update the firmware for the interface
(V100) part of the unit.

Table 22-3: VertX interface boards (sub-panels) V100, V200, V300

LED indicator State Description

Solid red OK
Power
Anything other than solid red Check input voltage

Blinking (Red/Green) RS-485 bus activity

Comm
Amber Firmware download in progress

If the Comm LED indicator for an interface board is off, verify the wiring for the RS-485 bus.
Then try updating the firmware.

[Link] | Security Center Administrator Guide 5.2 796

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Supported features and models

Supported features and models

Please refer to the tables below to confirm which Security Center features are supported by
which models of HID access control units.

Supported access control software and hardware

This section describes the supported HID access control features in Security Center.

Supported HID keypad reader options

Card and PIN operation depends on the type of unit and the keypad reader installed.
For both HID iCLASS and Prox readers, the “Keypad configuration setting option” is selected
at the time of purchase. Supported options include the following:
• Option 00: “Keypad configuration setting option” of 00 = Buffer one key, no parity, 4-bit
message.
• Option 14: “Keypad configuration setting option” of 14 = Buffer one to five keys (Standard
26-bit output). This reader option is also known as “Galaxy Mode”.
HID keypad Mixed Offline
Unit type reader option Online mode mode mode Observation

HID: “Keypad Not applicable. Card or Card or The keypad readers

V1000 with V100 configuration PIN. PIN. can be used to enroll
V2000 setting option” of PINs.
14
EdgePlus E400
“Keypad Not applicable. Card or PIN. An unknown PIN will
configuration Card and PIN on not generate the
setting option” of schedule. When off- Access denied:
00 schedule, operation Unknown credential
reverts to card only. event in Security
Center.
The reader cannot be
used to enroll PINs for
credential creation.

HID: These units Not applicable. Card only. Card only. —

EdgeReader ER40 cannot be ordered
EdgeReader ERP40 with a keypad.
EdgeReader
ERW400

For HID SmartID keypad readers (SK10), the following option is required to support card and
PIN functionality:
• Option 02PIN-0000: “Pincode Wiegand 4 bit per key no parity”.

[Link] | Security Center Administrator Guide 5.2 797

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Supported features and models

PIN length
Currently, PINs cannot have more than five digits.

Supported HID hardware

For firmware version requirements, see the Security Center release notes.
• iCLASS EdgeReader (POE) ER40, ERP40, ERW400 integrated reader and controller
• EdgePlus (POE) E400 controller
• VertX V2000 reader interface/network gateway
• VertX V1000 network gateway
 VertX V100 reader interface
 VertX V200 input interface
 VertX V300 output interface
Card readers:
• HID units support most industry standard card readers that output card data using the
Wiegand protocol (up to 128-bit card formats).
• For card and keypad readers, see "Access control unit configuration" on page 808.
• HID SmartID readers (MIFARE and DESFire) are also supported.

Supported RF Ideas USB enrollment readers

The RF Ideas readers only support card data formats up to 64 bits. The following USB
enrollment readers are supported:
• pcProx HID USB reader for enrolling proximity cards
• AIR ID Enroll iCLASS ID# USB reader for enrolling HID iCLASS cards
• AIR ID Enroll 14443/15693 CSN USB reader for enrolling a MIFARE card using the CSN
(card serial number)

Support for Power over Ethernet (PoE)

The following units support PoE (15.4W):

Unit type Support

HID V1000, V100, V200, V300 Not supported

HID V2000 Not supported

HID EdgeReader / EdgePlus Supported

[Link] | Security Center Administrator Guide 5.2 798

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Supported features and models

Unit cardholder and reader capacity

The number of cardholders (or credentials) that a unit can support offline is as follows:

Unit type Supported number of cardholders

HID V1000 / V100 22,000, up to 125,000 cardholders with full memory upgrade.

HID V2000 22,000, up to 125,000 cardholders with full memory upgrade.

HID EdgeReader / EdgePlus 22,000 cardholders (maximum). No memory upgrades are possible.

The number of readers that a unit can support is as follows:

Unit type Supported number of readers

HID V1000 / V100 64 readers with 32 V100 reader interface modules

32 doors configured as card in/card out
64 doors configured as card in/REX out

HID V2000 2 readers

1 door configured as card in/card out
2 doors configured as card in/REX out

HID EdgeReader / EdgePlus 1 reader

1 door configured as card in/REX out

[Link] | Security Center Administrator Guide 5.2 799

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit modes of operation

Access control unit modes of operation

This section describes the supported HID access control unit modes of operation in Security
Center.
This section includes the following topics:
• "About offline, mixed, and online modes of operation" on page 800
• "Supported modes of operation per unit type" on page 800

About offline, mixed, and online modes of operation

When the Security Center’s Access Manager role and an HID unit can communicate over an IP
network, the HID unit will be, by definition, in Mixed mode. If the network connection is
disrupted, the unit will fall into offline mode. Online mode is not supported for HID units.

Unit operating mode Description

Mixed mode The unit makes access control decisions locally based on information
downloaded from Security Center/Synergis during unit synchronization.
Access events are reported to Security Center/Synergis in real-time.

Offline Communication with Security Center/Synergis has been lost.

The unit makes access control decisions locally, based on information
downloaded from Security Center/Synergis during unit synchronization.
Access granted and access denied events are logged in the unit and are
uploaded to the Security Center/Synergis when the network connection is
re-established.

Online The unit is under the direct real-time control of Security Center/Synergis.
Security Center/Synergis makes all access control decisions.
This mode is not available with HID VertX and Edge units.

Supported modes of operation per unit type

The following table summarizes which modes of operation are supported by unit type:

Unit Online Mode Mixed Mode Offline Mode

HID V1000/V100 Not supported Supported Supported

HID V2000 Not supported Supported Supported

HID EdgeReader/ Not supported Supported Supported

EdgePlus

[Link] | Security Center Administrator Guide 5.2 800

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit modes of operation

The features available for the HID mixed and HID offline modes of operation are as follows:
• Action: Silence buzzer or Sound buzzer (event-to-action)
• Antipassback
• Card and PIN
• Elevator control
• Elevator floor tracking
• Event-to-action with Trigger output action
• Extended grant time
• Hard antipassback (passback violation event generated and access is denied)
• Interlock
• IO Linking
• Lockdown
• Override
• People Counting
• Readerless Door (use an IO module for a REX, door state, and door lock only)
• Soft Antipassback (passback violation event generated and access is granted)
• Strict Antipassback
• Timed antipassback

Action: Silence buzzer or Sound buzzer (event-to-action)

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

For operation, the mixed and offline modes require the following:
• All inputs and outputs must belong to the same HID controller (one VertX V1000, one
V2000, or one Edge).
NOTE The Action feature is not available with a readerless door.

Antipassback

Operating mode Feature availability

HID mixed mode Depends on the antipassback settings enabled with the Config Tool.

HID offline mode Depends on the antipassback settings enabled with the Config Tool.

For operation, the mixed and offline modes require the following:

[Link] | Security Center Administrator Guide 5.2 801

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit modes of operation

• All units used for this feature must be assigned to the same Access Manager.
• The interlock feature must be disabled. Interlock (including the lockdown and override
functions) and antipassback are mutually exclusive; both features cannot be enabled for an
area at the same time.

HID VertX antipassback

The antipassback feature works best once the access control system has been configured and the
system is operational and relatively static. It is recommended to enable antipassback once the
following entities have been properly configured in Security Center and are not expected to
change on a daily basis:
• Unit time zones
• Doors and associated readers
• Areas (groups of doors)
• Elevators and associated floors (including unlocking schedules)
• Cardholder groups
• Schedules (including card and PIN schedules)
• Access rules
The following section provides guidelines for configuring, enabling, and managing the
antipassback with HID VertX controllers (units):
• You must use either the V1000 or V2000 for antipassback.
 V2000: Antipassback is only supported for an area with a single door having both entry
and exit readers.
 V1000: Antipassback is supported for multiple areas, with each area supporting multiple
doors with entry and exit readers. Limitation in the number of doors is based on the
number of V100 modules installed.
• Antipassback is not recommended with the Edge product line for the following reasons:
 Only a single reader can be specified for either entry or exit (not both) while
antipassback typically requires both entry and exit readers.
 Peer-to-peer communication between Edge devices is not supported by Security Center.
• An area with antipassback must be configured for readers wired to, and doors managed by,
the same unit (V1000 or V2000) because
 Antipassback functions are handled by the unit (V1000 or V2000).
 The Security Center does not support peer-to-peer communication between either
VertX V1000 or V2000 devices.
• Antipassback can be reset using the following methods:
 A unit synchronization operation
 An action (manually or with an event-to-action)
• The following system behavior will reset a unit’s antipassback state:

[Link] | Security Center Administrator Guide 5.2 802

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit modes of operation

 Initial unit synchronization when the Security Center services are started or restarted.
 Unit synchronization following the loss and recovery of a connection with the unit
(V1000 or V2000).
 Unit synchronization following certain configuration changes (see below for more
details).
• Manual synchronization of the unit through the Config Tool page.

Card and PIN

Operating mode Feature availability

HID mixed mode Depends on the card reader hardware options which are selected at the time
of purchase.
See "Supported HID keypad reader options" on page 797 for more details.

HID offline mode Depends on the card reader hardware options which are selected at the time
of purchase.
See "Supported HID keypad reader options" on page 797 for more details.

For operation, the mixed and offline modes require the following:
• All reader interfaces/inputs/outputs for a door should belong to the same HID controller
(HID Edge, VertX V2000, or Vertx V100 interface module).

Elevator control

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

For operation, the mixed and offline modes require the following:
• All interface modules used for elevator control (HID VertX V100, V200, and V300) must be
assigned to the same VertX V1000. Reader, inputs and outputs must be assigned to the same
V2000 (max. of 4 floors) or Edge (max. of 2 floors).
• All units used for this feature must be assigned to the same Access Manager.
• The reader interface, inputs, and outputs must be connected to the same HID controller
(VertX V1000, V2000, or Edge). A maximum of 1 elevator cab reader can be assigned per
HID controller (VertX V1000, V2000, or Edge).

HID VertX elevator control

The use of HID VertX controllers (V1000 and V2000) for elevator control is subject to the
following:
• A VertX controller should be dedicated to the control of a single elevator cab.

[Link] | Security Center Administrator Guide 5.2 803

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit modes of operation

• Once a VertX controller has been assigned to perform elevator control, it should only be
used for that purpose. Door and zone control should not be mixed with elevator control,
even when the unit has unused readers, inputs and outputs.
• When elevator floors are operating under controlled access mode, schedules from different
access rules applied to different floors are merged when the rules are granted to a same
cardholder.

EXAMPLE Suppose that the configuration set in Config Tool is such that Bob should be granted
access to floor 1 from 9 a.m. to 10 a.m. through access rule 1, and to floor 2 from 10 a.m. to 11
a.m. through access rule 2. When Bob presents his card in the elevator, the VertX controller will
actually grant access to Robert from 9 a.m. to 11 a.m. on both floors.

Elevator floor tracking

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Not Supported. Event reporting is unavailable. Events are not regenerated
when the unit reconnects to Synergis and switches from offline to either the
online or the mixed mode of operation.

For operation, the mixed mode requires the following:

• All units used for this feature must be assigned to the same Access Manager.

Event-to-action with Trigger output action

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Partially Supported

For operation, the mixed and offline modes require the following:
• All units used for this feature must be assigned to the same Access Manager.

Extended grant time

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

[Link] | Security Center Administrator Guide 5.2 804

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit modes of operation

Hard antipassback (passback violation event generated and access is

denied)

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

NOTE Antipassback using the HID units is available with the VertX V2000 (area with a single
door) and the VertX V1000 (multiple areas and multiple doors per area). Antipassback with the
HID Edge products is not supported.

Interlock

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

For operation, the mixed and offline modes require the following:
• The antipassback feature must be disabled. Interlock (including the lockdown and override
functions) and antipassback are mutually exclusive; both features cannot be enabled for an
area at the same time.
• The inputs of an HID VertX V1000 must be not used for this feature.
• All perimeter doors of an interlocked area must be assigned to the same HID controller
(one VertX V1000 or one V2000).
NOTE If a perimeter door of an interlock is open, when an authorized cardholder accesses a
second perimeter door of the same interlock, an Access Granted event for the second door might
be generated, even through the second door does not unlock.

IO Linking

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

For operation, the mixed and offline modes require the following:
• The inputs of an HID VertX V1000 must be not used for this feature.
• All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).

[Link] | Security Center Administrator Guide 5.2 805

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit modes of operation

Lockdown

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

NOTE The Lockdown feature is only supported for areas where the Interlock feature is enabled.

Override

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

NOTE The Override feature is only supported for areas where the Interlock feature is enabled.

People Counting

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Not Supported. If a unit assigned to one of the perimeter doors of an area is in
this mode of operation, the feature is disabled for the entire area.

For operation, the mixed mode requires the following:

• All units used for this feature must be assigned to the same Access Manager.

Readerless Door (use an IO module for a REX, door state, and door lock
only)

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Supported

NOTE There are no door activity reports during the time period when
the unit is in this mode of operation.

For operation, the mixed and offline modes require the following:
• The inputs of an HID VertX V1000 must be not used for this feature.
• All inputs and outputs must belong to the same HID controller (one V2000 or one Edge).

[Link] | Security Center Administrator Guide 5.2 806

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit modes of operation

NOTE A readerless door does not generate a Door forced open event. A readerless door also
does not support the buzzer feature.

Soft Antipassback (passback violation event generated and access is

granted)

Operating mode Feature availability

HID mixed mode Supported

HID offline mode Not Supported. Event reporting is unavailable. Events are not regenerated
when the unit reconnects to Synergis and switches from offline to either the
online or the mixed mode of operation.

Strict Antipassback
With HID units, Hard and Strict antipassback are one in the same, as there is no distinction
between the two.
See "Hard antipassback (passback violation event generated and access is denied)" on page 805.

Timed antipassback

Operating mode Feature availability

HID mixed mode Not Supported. All perimeter doors of an area must be in online mode.

HID offline mode Not Supported. All perimeter doors of an area must be in online mode.

[Link] | Security Center Administrator Guide 5.2 807

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Access control unit configuration

Access control unit configuration

This section describes the supported HID access control unit configurations in Security Center.

General versus dedicated inputs

When a unit is used to control a door, some inputs must be used only for their intended purpose
(dedicated inputs). For example, if a door has a REX sensor or a door sensor, the unit’s inputs
intended for these sensors must be used.
If the door does not have a REX sensor or a door sensor, sometimes the unit input channels
intended for these inputs can be used as general-purpose inputs.
This is shown in the table below.

Unit Input When used as Required configuration

HID units (V100, REX A REX input signal When any unit REX input is used for a REX,
V2000, and Edge you must also set:
devices) Automatically grant request to exit in the door
Properties tab, which generates Request to exit
events when the input is triggered. Events are
logged, and can be used for event-to-actions.
The input configuration in the Door, Unit tab
to program the unit to react to a REX input by
releasing the lock.

Another purpose (a Deselect Automatically grant request to exit

general purpose in the Door, Properties tab.
input) Configure the input for a zone, interlock, etc.

HID units (V100, Door Monitor A door position Set this in the input configuration in the Door,
V2000, and Edge sensor input (door Unit tab.
devices) open or door closed). NOTE This input cannot be used as a
general purpose input.

Configuring a door with reader

A door with a reader assigned to a V2000, V100, or an Edge device, must have all inputs (for
example door contact, REX) and outputs (for example door lock) associated to that same device.
Inputs and outputs must not be distributed across several devices.

Configuring a door with two door sensors

It is not recommended to configure a door with two door sensors (or door contacts) without
physically wiring the sensors in series. In the Security Center, only a single door sensor should
be configured per door.

[Link] | Security Center Administrator Guide 5.2 808

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Wiring diagrams

Wiring diagrams
The following wiring diagrams can also be found at [Link]

HID Edge reader & Edge Plus

[Link] | Security Center Administrator Guide 5.2 809

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Wiring diagrams

HID VertX V1000

[Link] | Security Center Administrator Guide 5.2 810

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Wiring diagrams

HID VertX V2000

[Link] | Security Center Administrator Guide 5.2 811

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 D
Bosch reference
This section describes additional information concerning the setup and configuration of Bosch
GV2, GV3, and GV4 series intrusion panels.
This section includes the following topics:
• "How Bosch intrusion panel integration works" on page 813

[Link] | Security Center Administrator Guide 5.2 812

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 How Bosch intrusion panel integration works

How Bosch intrusion panel integration works

Bosch intrusion panels are integrated to Security Center using the Intrusion Manager role. The
Intrusion Manager role receives events from the intrusion panel over an IP network or serial
connection, reports them live in Security Desk, and logs them in a database for future reporting.
The role also relays user commands to the intrusion panel (such as arming and disarming the
intrusion detection areas), and triggers the outputs connected to the panel through event-to-
actions (for example, an Intrusion area master armed event in Security Center can trigger an
output on the intrusion panel).

For more information about setting up your Bosch intrusion panel in Security Center, see the
Bosch Intrusion Panel Integration Guide, found in the Documentation\Controllers folder of your
Security Center installation package.

[Link] | Security Center Administrator Guide 5.2 813

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 E
Honeywell reference
This section describes additional information concerning the setup and configuration of
Honeywell Galaxy Dimension series control panels.
This section includes the following topics:
• "How Galaxy Dimension control panel integration works" on page 815

[Link] | Security Center Administrator Guide 5.2 814

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 How Galaxy Dimension control panel integration works

How Galaxy Dimension control panel integration works

Honeywell Galaxy Dimension series control panels are integrated to Security Center using the
Intrusion Manager role. The Intrusion Manager role receives events from the control panel over
an IP network, reports them live in Security Desk, and logs them in a database for future
reporting. The role also relays user commands to the control panel (such as arming and
disarming the intrusion detection areas), and triggers the outputs connected to the panel
through event-to-actions (for example, an Intrusion detection area master armed event in
Security Center can trigger an output on the panel).
For more information about setting up your Galaxy Dimension control panel in Security Center,
see the Honeywell Galaxy Control Panel Integration Guide, found in the
Documentation\Controllers folder of your Security Center installation package.

[Link] | Security Center Administrator Guide 5.2 815

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Glossary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Security Center is the unified platform for all Genetec’s IP security solutions, which include AutoVu™,
Omnicast™, and Synergis™ modules. The definitions in this glossary pertain to all three modules.

A
accepted user A user who has read access over all entities contained in a partition. This allows
the user to view them in all entity browsers. Additional access rights may be
granted through user privileges.

Access control health Type of maintenance task that reports on access control unit malfunction
history events.
See also Health history.

access control unit Type of entity that represents an access control device, such as Synergis Master
Controller (SMC) or an HID VertX controller, that communicates directly
with the Access Manager over an IP network. Access control units usually
control other slave units (or interface modules) such as the HID VertX V100
and V200, and the Mercury MR50 and MR52, which are connected to door
sensors and readers.
See also Access Manager, interface module and Synergis Master Controller.

Access control unit events Type of maintenance task that reports on events pertaining to selected access
control units.

Access Manager Type of role that manages and monitors access control units on the system.

access point Any monitored point that can be used to enter or exit a secured area, usually a
door side or an elevator floor. Note that an elevator floor can only be used as
an entry point.

access rule Type of entity that defines the access control logic which grants or denies
passage to a cardholder through an access point, based on a schedule.

Access rule configuration Type of maintenance task that reports on entities and access points affected by
a given access rule.

[Link] | Security Center Administrator Guide 5.2 816

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Access troubleshooter Tool that helps you detect and diagnose access configuration problems. It
allows you to find out about the following:
• Who are allowed to use an access point at a given time
• Which access points a cardholder is allowed to use at a given time
• Why a given cardholder can or cannot use an access point at a given time.
access right access right.
(1) Type of rights a user has over entities in the system (view, add, modify,
delete), which are defined by a combination of partitions and user
privileges.
(2) The right a cardholder has to pass through an access point at a given date
and time.

action User-programmable function that can be triggered as an automatic response to

an event (door held open for too long, object left unattended) or executed
according to a specific time table.
See also event and event-to-action.

active alarm An alarm that has not yet been acknowledged.

See also alarm.

Active Directory Active Directory (AD).

(1) A directory service created by Microsoft.
(2) Type of role that imports users and cardholders from an Active Directory
and keeps them synchronized.

Activity trails Type of maintenance task that reports on the user activity related to video and
LPR functionality. This task can provide information such as who played back
which video recordings, who used the Hotlist and permit editor, who enabled
hotlist filtering, and much more.

Advanced Systems Format Advanced Systems Format or ASF (formerly Advanced Streaming Format) is a
Microsoft streaming format associated with Windows Media Player.

agent Subprocess created by a Security Center role to run simultaneously on multiple

servers for the purpose of sharing its load.
See also redirector agent.

alarm Type of entity that describes a particular trouble situation that requires
immediate attention and how it should be handled in Security Center. Namely,
its priority, what entities (usually cameras and doors) best describe it, who
should be notified, how it should be displayed to the user, and so on.

[Link] | Security Center Administrator Guide 5.2 817

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

alarm acknowledgement User response to an alarm. There are two variants of alarm acknowledgement
in Security Center:
• Default acknowledgement
• Alternate acknowledgement
Each variant is associated to a different event so that specific actions can be
programmed based on the alarm response selected by the user.
See also action and event.

Alarm monitoring Type of operation task that allows you to monitor and respond to alarms
(acknowledge, forward, snooze, among other things) in real time, as well as
review past alarms.
See also monitor group.

alarm panel Another name for intrusion panel.

See also intrusion panel.

Alarm report Type of investigation task that allows you to search and view current and past
alarms.

analog monitor Type of entity that represents a monitor that displays video from an analog
source, such as a video decoder or an analog camera. This term is used in
Security Center to refer to monitors not controlled by a computer.
See also monitor group and video decoder.

antipassback Access restriction placed on a secured area that prevents a cardholder from
entering an area that they have not yet exited from, and vice-versa.

Archive storage details Type of maintenance task that reports on the video files (file name, start and
end time, file size, protection status, and so on) used to store video archive, and
which allows you to change the protection status of those files, among other
things.

Archiver Type of role that is responsible for the discovery, status polling, and control of
video units. The Archiver also manages the video archive, and performs
motion detection when it is not done on the unit itself.
See also Auxiliary Archiver and video unit.

Archiver events Type of maintenance task that reports on events pertaining to selected
Archiver roles.

Archives Type of investigation task that allows you to find and view available video
archives by camera and time range.

[Link] | Security Center Administrator Guide 5.2 818

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

area Type of entity that represents a concept or a physical location (room, floor,
building, and so on) used for the logical grouping of entities in the system.
See also Logical view.
When Synergis is enabled, the area entity can also be used to configure a
secured area with access rules and access control behavior.
See also antipassback and interlock.

Area activities Type of investigation task that reports on area related activities (access granted,
access denied, first person in, last person out, antipassback violation, and so
on).

Area presence Type of investigation task that provides a snapshot of all cardholders and
visitors currently present in a selected area.

ASF See Advanced Systems Format.

asset Type of entity that represents any valuable object with an RFID tag attached,
allowing it to be tracked by an asset management software.
See also RFID tag.

asynchronous video Simultaneous playback video from more than one camera that are not
synchronized in time.

audio decoder Device or software that decodes compressed audio streams for playback.
Synonym of "speaker".

audio encoder Device or software that encodes audio streams using a compression algorithm.
Synonym of "microphone".

Audit trails Type of maintenance task that reports on the configuration changes and who
made them, on selected entities in the system.

automatic discovery The process by which IP units on a network are automatically discovered by
Security Center. This is done by broadcasting a discovery request on the
discovery port and waiting for all listening units to respond with a packet that
contains connection information about itself. Security Center uses the
information to automatically configure the connection to the unit, thus
enabling communication. Not all units support this feature.
See also unit.

[Link] | Security Center Administrator Guide 5.2 819

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

AutoVu AutoVu™ is the IP license plate recognition (LPR) system of Security Center
that automates the reading and verification of vehicle license plates. AutoVu
Sharp cameras capture license plate images, and send the data to Patroller or
Security Center to verify against lists of vehicles of interest (hotlists) and
vehicles with permits (permit lists). You can install AutoVu in a fixed
configuration (e.g. on a pole in a parking lot), or in a mobile configuration (e.g.
on a police car). You can use AutoVu for scofflaw and wanted vehicle
identification, city-wide surveillance, parking enforcement, parking permit
control, vehicle inventory, security, and access control.

AutoVu LPR Processing Processing component of the SharpX system. The LPR Processing Unit is
Unit available with two or four camera ports, with one dedicated processor per
camera (if using SharpX) or per two cameras (if using SharpX VGA). This
ensures maximum, per-camera, processing performance. The LPR Processing
Unit is sometimes referred to as the "trunk unit" because it is typically installed
in a vehicle's trunk.
See also LPR camera and SharpX.

Auxiliary Archiver Type of role that supplements the video archive produced by the Archiver.
Unlike the Archiver, the Auxiliary Archiver is not bound to any particular
discovery port, therefore, it can archive any camera in the system, including the
federated ones (Security Center 5.x systems only). The Auxiliary Archiver
depends on the Archiver to communicate with the video units. It cannot
operate on its own.
See also Archiver and discovery port.

B
Badge designer Tool that allows you to design and modify badge templates.

Badge printer Tool that allows you to print badges in bulk, based on a badge template and a
list of cardholders or credentials.

badge template Entity type used to configure a printing template for badges.

bit rate Data transfer rate expressed in kilobits per second (Kbps).

block face (2sides) Type of parking regulation characterizing an overtime rule. A block face is the
length of a street between two intersections. A vehicle is in violation if it is seen
parked within the same block over a specified period of time. Moving the
vehicle from one side of the street to the other does not make a difference.

bookmark Short text used to mark a specific position in a recorded video sequence that
can be used to search for that video sequence at a later stage.

[Link] | Security Center Administrator Guide 5.2 820

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Bookmarks Type of investigation task that searches for bookmarks related to selected
cameras within a specified time range.

Breakout box Genetec's proprietary connector box for AutoVu mobile solutions that use
Sharp version 2.0 cameras. The breakout box provides power and network
connectivity to the Sharp units and the in-vehicle computer. Currently, the
AutoVu SharpX system is the preferred solution for a mobile AutoVu
installation.

broadcast Communication between a single sender and all receivers on a network

C
camera Type of entity that represents a single video source on the system. The video
source can be an IP camera or an analog camera connected to the video
encoder of a video unit. Multiple video streams can be generated from the same
video source.
See also video encoder.

camera blocking Omnicast feature that lets you restrict the viewing of video (live or playback)
from certain cameras to users with a minimum user level.
See also user level.

Camera events Type of investigation task that reports on events pertaining to selected cameras
within a specified time range.

camera sequence Type of entity that defines a list of cameras that are displayed one after another
in a rotating fashion within a single tile in Security Desk.

canvas One of the panes found in the Security Desk's task workspace. The canvas is
used to display multimedia information, such as videos, maps, and pictures. It
is further divided into three panels: the tiles, the dashboard, and the properties.
See also tile.

card and pin An access point mode that requires a cardholder to present their card and then
enter a personal identification number (PIN).

cardholder Type of entity that represents a person who can enter and exit secured areas by
virtue of their credentials (typically access cards) and whose activities can be
tracked.

Cardholder access rights Type of maintenance task that reports on which cardholders and cardholder
groups are granted or denied access to selected areas, doors, and elevators.

Cardholder activities Type of investigation task that reports on cardholder activities (access denied,
first person in, last person out, antipassback violation, and so on).

[Link] | Security Center Administrator Guide 5.2 821

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Cardholder configuration Type of maintenance task that reports on cardholder properties (first name,
last name, picture, status, custom properties, and so on).

cardholder group Type of entity that configures the common access rights of a group of
cardholders.

Cardholder management Type of operation task that allows you to create, modify, and delete
cardholders, as well as manage their credentials, including temporary
replacement cards.

cash register Type of entity that represents a single cash register (or terminal) in a point of
sale system.
See also point of sale system.

certificate Additional license information that is required to run plugins or SDK-based

applications.

City Parking Enforcement Patroller software installation that is configured for city parking enforcement:
the enforcement of parking permit and/or overtime restrictions.
See also overtime rule and permit.

City Parking Enforcement A "City Parking Enforcement" installation of a Patroller application that also
with Wheel Imaging includes wheel imaging. The use of maps and of the Navigator is mandatory.
See also City Parking Enforcement.

compatibility pack See Omnicast compatibility pack.

Config Tool Security Center administrative application used to manage all Security Center
users, and configure all Security Center entities such as areas, cameras, doors,
schedules, cardholders, Patroller/LPR units, and hardware devices.

Conflict resolution utility Tool that helps you resolve conflicts caused by importing users and
cardholders from an Active Directory.

context camera A camera connected to an LPR unit that produces a wider angle color image of
the vehicle whose license plate was read by the LPR camera.
See also LPR camera and LPR unit.

controlled exit Credentials are necessary to leave a secured area.

controller module Processing component of Synergis Master Controller with IP capability, pre-
loaded with the controller firmware and the web-based administration tool,
Controller Portal.
See also Controller Portal, four-port RS-485 module, and Synergis Master
Controller.

[Link] | Security Center Administrator Guide 5.2 822

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Controller Portal Web-based administration tool hosted on every Synergis Master Controller
unit, used to configure, administer, and upgrade the controller firmware.
See also controller module and Synergis Master Controller.

Copy configuration tool Tool that copies the configuration of one entity to many other entities.

covert hit Read (captured license plate) that is matched to a covert hotlist. Covert hits are
not displayed on the Patroller screen, but can be displayed in the Security Desk
by a user with proper privileges.

covert hotlist Hotlist hidden from the AutoVu Patroller users. Reads matching a covert
hotlist generate covert hits.

credential Type of entity that represents a proximity card, a biometrics template, or a PIN
required to gain access to a secured area. A credential can only be assigned to
one cardholder at a time.

Credential activities Type of investigation task that reports on credential related activities (access
denied due to expired, inactive, lost, or stolen credential, and so on).

credential code A textual representation of the credential showing the credential data (typically
the Facility code and the Card number). For credentials using custom card
formats, the user can choose what to include in the credential code.

Credential configuration Type of maintenance task that reports on credential properties (status,
assigned cardholder, card format, credential code, custom properties, and so
on).

Credential management Type of operation task that allows you to create, modify, and delete credentials,
and print badges. It also allows you to enroll large numbers of card credentials
into the system, either by scanning them at a designated card reader, or by
entering a range of values.

custom event An event added after the initial system installation. Events defined at system
installation are called system events. Custom events can be user-defined or
automatically added through plugin installations. Unlike system events,
custom events may be renamed and deleted.

custom field User defined property associated to an entity type to store additional
information that is useful to your particular organization.

D
Daily usage per Patroller Type of investigation task that reports on the daily usage statistics of a selected
Patroller (operating time, longest stop, total number of stops, longest
shutdown, and so on) for a given date range.

[Link] | Security Center Administrator Guide 5.2 823

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

dashboard One of the three panels that belong to the canvas in Security Desk. It contains
the graphical commands (or widgets) pertaining to the entity displayed in the
current tile.
See also widget.

Data Server Plan Manager Server module that manages the Plan Manager database where
the map configuration is stored.
See also Plan Manager Server.

database Collection of data that is organized so that its contents can easily be accessed,
managed, and updated.

database server An application that manages databases and handles data requests made by
client applications. Security Center uses Microsoft SQL Server as its database
server.

debounce The amount of time an input can be in a changed state (for example, from
active to inactive) before the state change is reported. Electrical switches often
cause temporarily unstable signals when changing states, possibly confusing
the logical circuitry. Debouncing is used to filter out unstable signals by
ignoring all state changes that are shorter than a certain period of time (in
milliseconds).

dewarping Transformation used to straighten a digital image taken with a fish-eye lens.

DHCP server A DHCP (Dynamic Host Configuration Protocol) server provides

configuration parameters necessary for a unit to automatically connect to an IP
network. DHCP automatically supplies the unit with an IP address, the
network mask, a gateway IP address, and a DNS server IP address.

Directory The main role that identifies your system. It manages all entity configurations
and system wide settings in Security Center. Only a single instance of this role
is permitted on your system. The server hosting the Directory role is called the
main server. All other servers in Security Center must connect to the main
server and are called expansion servers.
See also expansion server, main server, and server.

Directory Manager The role that manages the Directory failover and load balancing in order to
produce the high availability characteristics in Security Center.
See also Directory server and high availability.

Directory server Any one of the multiple servers simultaneously running the Directory role in a
high availability configuration.
See also Directory, high availability, and server.

[Link] | Security Center Administrator Guide 5.2 824

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

discovery port Port used by certain Security Center roles (Access Manager, Archiver, LPR
Manager) to find the units they are responsible for on the LAN. No two
discovery ports can be the same on one system.
See also automatic discovery.

district Type of parking regulation characterizing an overtime rule. A district is a

geographical area within a city. A vehicle is in violation if it is seen within the
boundaries of the district over a specified period of time.

door Type of entity that represents a physical barrier. Often, this is an actual door
but it could also be a gate, a turnstile, or any other controllable barrier. Each
door has two sides named by default “A” and “B”. Each side is an access point
(entrance or exit) to a secured area.

Door activities Type of investigation task that reports on door related activities (access denied,
door forced open, door open too long, hardware tamper, and so on).

door contact A door contact monitors the state of a door, whether it is open or closed. It can
also be used to detect improper state (door open too long).

door controller See access control unit.

door side Every door has two sides, named by default "A" and "B". Each side is an access
point to an area. For example, passing through side A leads into an area, and
passing through side B leads out of that area. For the purposes of access
management, the credentials necessary to pass through a door in one direction
are not necessarily the same to pass through in the opposite direction.

Door troubleshooter Type of maintenance task that lists all the cardholders who have access to a
particular door side or elevator floor at a specific date and time.

Driver Development kit Driver Development Kit (DDK). An SDK for creating device drivers.

duress A special code used to disarm an alarm system that quietly alerts the
monitoring station that the alarm system was disarmed under threat.

E
edge recording Video is recorded on the unit itself, eliminating the need to constantly stream
video to a centralized server.
See also Archiver.

electric door strike An electric device that releases the door latch when current is applied.

elevator Type of entity that provides access control properties to elevators. For an
elevator, each floor is considered an entry point for the area corresponding to
that floor.

[Link] | Security Center Administrator Guide 5.2 825

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Elevator activities Type of investigation task that reports on elevator related activities (access
denied, floor accessed, unit is offline, hardware tamper, and so on).

enforce To take action following a confirmed hit. For example, a parking officer can
enforce a scofflaw (unpaid parking tickets) violation by placing a wheel boot on
the vehicle.

entity Entities are the basic building blocks of Security Center. Everything that
requires configuration is represented by an entity. An entity may represent a
physical device, such as a camera or a door, or an abstract concept, such as an
alarm, a schedule, a user, or a software module.

entity tree The graphical representation of Security Center entities in a tree structure
illustrating the hierarchical nature of their relationships.
See also Logical view.

event Indicates the occurrence of an activity or incident, such as access denied to a

cardholder or motion detected on a camera. Events are automatically logged in
Security Center, and can be programmed to trigger actions, conferring
intelligent behavior to the system. Every event mainly focuses on one entity,
called the event source.
See also event-to-action.

event-to-action The coupling of an action to an event to confer automatic and intelligent

behavior to the system.

expansion server Any server machine in a Security Center system that does not host the
Directory role. The purpose of the expansion server is to add to the processing
power of the system.
See also main server and server.

F
failover A backup operational mode in which a role (system function) is automatically
transferred from its primary server to a secondary server that is on standby
when the primary server becomes unavailable, either through failure or
through scheduled downtime.
See also high availability and load balancing.

federated entity Any entity that is imported from an independent system via a federation role.

[Link] | Security Center Administrator Guide 5.2 826

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

federated system A independent system (Omnicast or Security Center) that is unified under
your local Security Center via a federation role, so that the local users can view
and manipulate its entities as if they belong to the local system.
See also Omnicast Federation and Security Center Federation.

Federation The Federation™ is a virtual system formed by joining multiple remote

independent Genetec IP security systems together. The purpose of the
Federation is to allow the users on your local system (the Federation host) to
access the entities belonging to independent systems as if they were on your
local system.

four-port RS-485 module RS-485 communication component of Synergis Master Controller with four
ports (or channels) named A, B, C, and D. The number of interface modules
you can connect to each channel depends on the type of hardware you have.
See also controller module, interface module, and Synergis Master Controller.

frame A single video image.

free access Access point state where no credentials are necessary to enter a secured area.
The door is unlocked. This is typically used during normal business hours, as a
temporary measure during maintenance, or when the access control system is
first powered up and is yet to be configured.

free exit Access point state where no credentials are necessary to leave a secured area.
The person releases the door by turning the doorknob, or by pressing the REX
button, and walks out. An automatic door closer shuts the door so it can be
locked after being opened.

G
G64 G64 is the native data format used by all archiving roles (Archiver and
Auxiliary Archiver) to store video files. This data format incorporates all
information related to the video data, including audio, bookmarks,
timestamps, motion and event markers, and supports watermarking.
See also ASF, video file, and video watermarking.

Genetec Server Windows service at the core of Security Center architecture that must be
installed on every computer that is part of the Security Center's pool of servers.
Every such server is a generic computing resource capable of taking on any role
(set of functions) you assign to it.
See also server.

[Link] | Security Center Administrator Guide 5.2 827

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

geocoding The process of finding associated geographic coordinates (latitude and

longitude) from a street address.
See also reverse geocoding.

ghost camera Entity used as a stand in camera that is automatically created by the Archiver
when video archives are detected for a camera whose definition has been
deleted from the Directory, either accidentally or because the physical device
no longer exists. Ghost cameras cannot be configured. They only exist so users
can reference the video archive that would otherwise not be associated to any
camera.
See also camera.

ghost Patroller Entity automatically created by the LPR Manager when the AutoVu license
includes the XML Import module. In Security Center, all LPR data must be
associated to a Patroller entity or an LPR unit corresponding to a fixed Sharp
camera. When you import LPR data from an external source via a specific LPR
Manager using the XML Import module, the system uses the ghost entity to
represent the LPR data source. You can formulate queries using the ghost
entity as you would with a normal entity.
See also Patroller.

GIS Geographic information system (GIS) is a third party map provider that Plan
Manager can connect to, to bring maps and all types of geographically
referenced data to Security Center.
See also KML, OGC, and WMS.

Global Cardholder Type of role that ensures the two-way synchronization of shared cardholders
Synchronizer and their related entities between the local system (sharing participant) and the
central system (sharing host).
See also sharing guest and sharing host.

global entity Entity that is shared across multiple independent Security Center systems by
virtue of its membership to a global partition. Only cardholders, cardholder
groups, credentials, and badge templates are eligible for sharing.
See also global partition.

global partition Partition that is shared across multiple independent Security Center systems by
the partition owner, called the sharing host.
See also global entity, partition, and sharing guest.

GUID A globally unique identifier, or GUID, is a special type of identifier used in

software applications to provide a unique reference number.

[Link] | Security Center Administrator Guide 5.2 828

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

H
H.264 H.264/MPEG-4 AVC (Advanced Video Coding) is a standard for video
compression.

Hardware inventory Type of maintenance task that reports on the characteristics (unit model,
firmware version, IP address, time zone, and so on) of access control, video,
intrusion detection, and LPR units in your system.

hardware zone A subtype of zone entity where the IO linking is done by hardware. A hardware
zone is controlled by a single access control unit and works only in mixed and
offline mode. Hardware zones cannot be armed or disarmed from Security
Desk.
See also virtual zone and zone.

Health history Type of maintenance task that reports on health issues.

See also Health statistics and Health Monitor.

Health Monitor The central role that monitors system entities such as servers, roles, units, and
client applications for health issues.
See also Health history and Health statistics.

Health statistics Type of maintenance task that gives you an overall picture of the health of your
system.
See also Health history and Health Monitor.

high availability Design approach used to enable a system to perform at a higher than normal
operational level. This often involves failover and load balancing.
See also failover and load balancing.

HIP A hardware integration package, or HIP, is an update that can be applied to

Security Center. It enables the management of new functionalities (for
example, new video unit types), without requiring an upgrade to the next
Security Center release.

hit License plate read that matches a hit rule (hotlist, overtime rule, permit, or
permit restriction). A Patroller user can choose to reject or accept a hit. An
accepted hit can subsequently be enforced.
See also enforce.

hit rule Type of LPR rule used to identify vehicles of interest (called "hits") using license
plate reads. The hit rules include the following types: hotlist, overtime rule,
permit, and permit restriction.
See also hit, hotlist, overtime rile, permit, and permit restriction.

[Link] | Security Center Administrator Guide 5.2 829

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Hits Type of investigation task that reports on hits reported within a selected time
range and geographic area.
See also hit and hotlist.

hot action An action mapped to a PC keyboard function key (Ctrl+F1 through Ctrl+F12)
in Security Desk for quick access.

hotlist Type of entity that defines a list of wanted vehicles, where each vehicle is
identified by a license plate number, the issuing state, and the reason why the
vehicle is wanted (stolen, wanted felon, Amber alert, VIP, and so on). Optional
vehicle information might include the model, the color, and the vehicle
identification number (VIN).
See also hit rule.

Hotlist and permit editor Type of operation task used to edit an existing hotlist or permit list. A new list
cannot be created with this task, but after an existing list has been added to
Security Center, users can edit, add, or delete items from the list, and the
original text file is updated with the changes.
See also hotlist and permit.

hotspot Type of map object that represents an area on the map that requires special
attention. Clicking on a hotspot displays associated fixed and PTZ cameras.
See also map object.

HTTPS Secure Hypertext Transfer Protocol for the World Wide Web that provides safe
data transmission by encrypting and decrypting information sent over the
Internet.

I
I-frame Synonym of intra-frame and key frame.
See also key frame.

illuminator A light in the Sharp unit that illuminates the plate, thereby improving the
accuracy of the images produced by the LPR camera.
See also LPR camera.

Immersive view Plan Manager feature that lets you 'walk' inside a building or a city in a first
person view.

Import tool Tool that allows you to import cardholders, cardholder groups, and credentials
from a CSV (Comma Separated Values) file.

[Link] | Security Center Administrator Guide 5.2 830

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

inactive entity An entity that is shaded in red in the entity browser. It signals that the real
world entity it represents is either not working, offline, or incorrectly
configured.
See also entity.

incident Any incident reported by a Security Desk user. Incident reports can use
formatted text and include events and entities as support material.
See also Incidents.

Incidents Type of investigation task that allows you to search, review, and modify
incident reports.

interface module A third-party device that communicates with Synergis Master Controller over
IP, USB, or RS-485, and provides input, output, and reader connections to the
controller module.
See also controller module, four-port RS-485 module, and Synergis Master
Controller.

interlock Access restriction placed on a secured area that permits only one door to be
open at any given time. When one perimeter door is open, all other perimeter
doors are locked.

intra-frame Synonym of I-frame and key frame.

See also key frame.

intrusion detection area Type of entity that corresponds to a zone or a partition (group of sensors) on
an intrusion panel.
See also intrusion detection unit.

Intrusion detection area Type of investigation task that reports on activities (master arm, perimeter
activities arm, duress, input trouble, and so on) in selected intrusion detection areas.

intrusion detection unit Type of entity that represents an intrusion panel (or alarm panel) that is
monitored and controlled by Security Center.
See also Intrusion Manager.

Intrusion detection unit Type of investigation task that reports on events (AC fail, battery fail, unit lost,
events input trouble, and so on) pertaining to selected intrusion detection units.

Intrusion Manager Type of role that monitors and controls intrusion panels. It also logs the
intrusion events in a database for intrusion activity reports.
See also intrusion detection unit.

[Link] | Security Center Administrator Guide 5.2 831

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

intrusion panel A wall-mounted unit where the alarm sensors (motion sensors, smoke
detectors, door sensors, and so on) and wiring of the intrusion alarms are
connected and managed.
See also intrusion detection unit.

Inventory management Type of operation task that allows you to add and reconcile license plate reads
to a parking facility inventory.

Inventory report Type of investigation task that allows you to view a specific inventory (vehicle
location, vehicle length of stay, and so on) or compare two inventories of a
selected parking facility (vehicles added, vehicles removed, and so on).

IO configuration Type of maintenance task that reports on the IO configurations (controlled

access points, doors, and elevators) of access control units.

IO linking IO (input/output) linking is controlling an output relay based on the combined

state (normal, active, or trouble) of a group of monitored inputs. A standard
application would be to sound a buzzer (via an output relay) when any window
on the ground floor of a building is shattered (assuming that each window is
monitored by a "glass break" sensor connected to an input).
See also zone.

IP The protocol that routes data packets through a local area network (LAN) and
the Internet.

IP address An IP Address is a unique numeric address for a specific computer or

computing device connected to the Internet, or to a LAN.
See also IPv4 and IPv6.

IP camera A video unit incorporating a camera.

See also video unit.

IPv4 First generation IP protocol using a 32-bit address space.

IPv6 New generation IP protocol extending the address space from 32 to 128 bits.

J
K
key frame A key frame (or I-frame, or intra-frame) is a frame that contains a complete
image by itself as opposed to a usual frame that only holds information that
changed compared to the previous frame. It is used as reference in video image
compression.

[Link] | Security Center Administrator Guide 5.2 832

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

KML Keyhole Markup Language (KML) is a file format used to display geographic
data in an Earth browser such as Google Earth and Google Maps.
See also GIS.

L
Law Enforcement Patroller software installation that is configured for law enforcement: the
matching of license plate reads against lists of wanted license plates (hotlists).
The use of maps is optional.
See also hotlist.

license key Software key used to unlock the Security Center software. The license key is
specifically generated for each computer where the Directory role is installed.
You need the System ID (which identifies your system) and the Validation key
(which identifies your computer) in order to obtain your license key.

license plate inventory List of license plate numbers of vehicles found in a parking facility within a
given time period, showing where each vehicle is parked (sector and row).
See also Inventory report.

license plate read License plate number captured from a video image using LPR technology.
See also hit and License Plate Recognition.

License Plate Recognition Image processing technology used to read license plate numbers. License Plate
Recognition (LPR) converts license plate numbers cropped from camera
images into a database searchable format.
See also LPR camera and OCR equivalence.

live hit A hit matched by the Patroller and immediately sent to the Security Center
over a wireless network.

live read A license plate captured by the Patroller and immediately sent to the Security
Center over a wireless network.

load balancing Distribution of workload across multiple computers.

See also failover and high availability.

logical ID Unique IDs assigned to each entity in the system for ease of reference. Logical
IDs are only unique within a particular entity type.

[Link] | Security Center Administrator Guide 5.2 833

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Logical view Browser view that organizes all viewable entities in Security Desk (such as
areas, cameras, doors, elevators, maps, and so on) according to their logical
relationships. Areas are used as logical groupings for other entities. Each area
may represent a concept or a physical location.
See also Security Desk.

Logons per Patroller Type of investigation task that reports on the logon records of a selected
Patroller.

long term Type of parking regulation characterizing an overtime rule. The "long term"
regulation uses the same principle as the "same position" regulation, but the
parking period is over 24 hours. No more than one overtime rule may use the
long term regulation in the entire system.

LPR See License Plate Recognition.

LPR camera A camera connected to an LPR unit that produces high resolution close-up
images of license plates.
See also context camera and SharpX.

LPR Manager Type of role that manages and controls Patrollers and fixed Sharp units. The
LPR Manager manages the data (reads and hits) collected by the LPR units it
controls and updates the configuration of the mobile units (Patrollers) every
time they begin a new shift.

LPR rule Method used by Security Center/AutoVu for processing a license plate read.
An LPR rule can be a "hit rule" or a "parking facility".
See also hit rule and parking facility.

LPR unit Type of entity that represents a hardware device dedicated to the capture of
license plate numbers. An LPR unit is typically connected to an LPR camera
and a context camera. These cameras can be incorporated to the unit or
external to the unit.
See also AutoVu LPR Processing Unit, License Plate Recognition, LPR
Manager, and Sharp unit.

M
macro Type of entity that encapsulates a C# program that adds custom functionalities
to Security Center.

[Link] | Security Center Administrator Guide 5.2 834

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

main server The only server in a Security Center system hosting the Directory role. All
other servers on the system must connect to the main server in order to be part
of the same system. In an high availability configuration where multiple servers
host the Directory role, it is the only server that can write to the Directory
database.
See also Directory server, expansion server, and server.

manual capture When license plate information is entered into the system by the user, and not
by the LPR.

manufacturer extension Manufacturer specific settings for access control units, video units, and
intrusion detection units.

Map Generator Map Server module that imports raster and vector maps to Plan Manager
database.
See also Mlap Server.

map link Type of map object that lets you jump to either another map or another area of
the same map.
See also map object.

Map mode Security Desk canvas operating mode where the main area of the canvas is used
to display a geographical map.

map object A graphical object displayed on a Plan Manager map, such as a camera, a door,
or a hyperlink, that allows you to monitor and control your Security Center
system, or to navigate through your maps.
See also hotspot, map link, and Plan Manager Client.

Map Server Plan Manager Server module that manages the private maps imported by the
Plan Manager administrator. Map Server includes two modules: Map
Generator and Tile Server.
See also Map Generator, Tile Server, and Plan Manager Server.

map view A defined display position and zoom level for a given map.

master arm Arming an intrusion detection area in such a way that all sensors attributed to
the area would set the alarm off if one of them is triggered. Some manufacturers
call this arming mode “Away arming”.

Media Router The central role that handles all stream (audio and video) requests in Security
Center. It establishes streaming sessions between the stream source (camera or
Archiver) and its requesters (client applications). Routing decisions are based
on the location (IP address) and the transmission capabilities of all parties
involved (source, destinations, networks, and servers).

[Link] | Security Center Administrator Guide 5.2 835

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

metadata Metadata is data about data. Any data that describes or enriches the raw data.

Migration tool Tool used to migrate Omnicast 4.x systems to Security Center 5. This tool must
be executed on every server computer where Omnicast 4.x components are
installed.

mixed mode Access control unit operation mode where all access control decisions are
made by the unit locally based on information downloaded from the Access
Manager during unit synchronization. Access events are reported to the Access
Manager in real-time.
See also offline mode, online mode.

M-JPEG Motion JPEG (M-JPEG) is an informal name for a class of video formats where
each video frame of a digital video sequence is separately compressed as a JPEG
image.

MLPI See Mobile License Plate Inventory.

Mobile Admin Web-based administration tool used to configure the Mobile Server.
See also Mobile Server.

Mobile app The client component of Security Center Mobile installed on mobile devices.
Mobile app users connect to Mobile Server to receive alarms, view live video
streams, view the status of doors, and more, from Security Center.
See also mobile device, Mobile Server, and Web Client.

Mobile Data Computer Mobile Data Computer (MDC). Tablet computer or ruggedized laptop used in
patrol vehicles to run the AutoVu Patroller application. The MDC is typically
equipped with a touch-screen with a minimum resolution of 800 x 600 pixels
and wireless networking capability.

mobile device Any handheld device that can connect to Wi-Fi or wireless carrier networks,
such as a smartphone, tablet, and so on, on which the Mobile app is installed.
See also Mobile app.

Mobile License Plate Patroller software installation that is configured for collecting license plates
Inventory and other vehicle information for creating and maintaining a license plate
inventory for a large parking area or parking garage.
See also license plate inventory and parking facility.

[Link] | Security Center Administrator Guide 5.2 836

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Mobile Server The server component of Security Center Mobile that connects Mobile apps
and Web Clients to Security Center. The Mobile Server connects to Security
Center, and synchronizes the data and video between Security Center and
supported Mobile client components.
See also Mobile Admin, Mobile app, and Web Client.

monitor group Type of entity used to designate analog monitors for alarm display. Besides the
monitor groups, the only other way to display alarms in real time is to use the
Alarm monitoring task in Security Desk.
See also Alarm monitoring and analog monitor.

monitor ID ID used to uniquely identify a workstation screen controlled by Security Desk.

Monitoring Type of operation task that allows you to monitor and respond to real time
events pertaining to selected entities of interest.

motion detection The software component that watches for changes in a series of video images.
The definition of what constitutes motion in a video can be based on highly
sophisticated criteria.

Motion search Type of investigation task that searches for motion detected in specific areas of
a camera's field of view.

motion zone User defined areas within a video image where motion should be detected.

Move unit Tool used to move units from one manager role to another. The move preserves
all unit configurations and data. After the move, the new manager immediately
takes on the command and control function of the unit, while the old manager
continues to manage the unit data collected before the move.

MPEG-4 A patented collection of methods defining compression of audio and visual

(AV) digital data.

multicast Communication between a single sender and multiple receivers on a network.

N
NAT See network address translation.

Navigator Genetec's proprietary in-vehicle device that provides GPS coordinates and
odometer readings to Patroller. The Patroller uses this information to provide
precise reverse geocoding to vehicles and reads.
See also reverse geocoding.

network Entity type used to capture the characteristics of a network for stream routing
purposes.

[Link] | Security Center Administrator Guide 5.2 837

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

network address The process of modifying network address information in datagram (IP)
translation packet headers while in transit across a traffic routing device, for the purpose
of remapping one IP address space into another.

Network view Browser view that illustrates your network environment by showing each
server under the network they belong to.

new wanted In Patroller, a manually entered hotlist item. When you are looking for a plate
that does not appear in the hotlists loaded in the Patroller, you can enter the
plate in order to raise a hit if the plate is captured.

O
OCR equivalence The interpretation of OCR equivalent characters performed during license
plate recognition. OCR equivalent characters are visually similar, depending
on the plate’s font. For example, the letter “O” and the number “0”, or the
number “5” and the letter “S”. There are several pre-defined OCR equivalent
characters for different languages.
See also Optical Character Recognition.

offline mode Access control unit operation mode when the communication with the Access
Manager has been lost. The unit makes access control decisions locally, based
on information downloaded from the Access Manager during unit
synchronization. Access events are logged in the unit and are uploaded to the
Access Manager when the network connection is re-established.
See also mixed mode and online mode.

OGC Open Geospacial Consortium (OGC) is a standards organization for

geographic information systems.
See also GIS and WMS.

Omnicast Omnicast™ is the IP video surveillance system of Security Center that provides
seamless management of digital video. Omnicast allows for multiple vendors
and CODEC (coder/decoder) to be used within the same installation,
providing the maximum flexibility when selecting the appropriate hardware
for each application.

Omnicast compatibility Software component that you need to install to make Security Center
pack compatible with an Omnicast 4.x system.

Omnicast Federation Type of role that imports entities from an independent Omnicast 4.x system so
that its cameras and events can be used by your local Security Center users.

[Link] | Security Center Administrator Guide 5.2 838

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

online mode Access control unit operation mode where the unit is under the direct real-time
control of the Access Manager. The Access Manager makes all access control
decisions. This mode is not available with HID VertX and Edge units.
See also mixed mode and offline mode.

Optical Character Optical Character Recognition (OCR) is the technology used to translate the
Recognition characters found in images into machine editable text.
See also OCR equivalence.

output behavior Type of entity that defines a custom output signal format such as a pulse with
a delay and duration.

overtime rule Type of entity that defines a parking time limit and the maximum number of
violations enforceable within a single day. Overtime rules are used in city and
university parking enforcement. For university parking, an overtime rule also
defines the parking zone where these restrictions apply.
See also hit rule and parking zone.

P
parking facility Type of entity that defines a large parking area as a number of sectors and rows
for the purpose of inventory tracking.
See also Mobile License Plate Inventory.

parking lot A polygon that defines the location and shape of a parking area on a map. By
defining the number of parking spaces inside the parking lot, Security Center
can calculate its percentage of occupancy during a given time period.
See also parking zone.

parking zone General concept used to designate the area where a given parking regulation
(overtime rule, permit, or permit restriction) is enforced. When used in the
context of university parking enforcement, the parking zone must be explicitly
defined as a list of parking lots.
See also parking lot.

partition Type of entity that defines a set of entities that are only visible to a specific
group of users. For example, a partition could include all doors, elevators, and
cameras in one building.
See also accepted user and partition manager.

partition manager An accepted user of a partition who has full administrative rights over the
partition and its members. A partition manager can add, modify, and delete all
entities within the partition, including users and user groups.

[Link] | Security Center Administrator Guide 5.2 839

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Patroller Patroller.
(1) Type of entity that represents a patrol vehicle equipped with the Patroller
software.
(2) AutoVu software application installed on an in-vehicle computer. Patroller
connects to Security Center and is controlled by the LPR Manager.
Patroller verifies license plates read from LPR cameras against lists of
vehicles of interest (hotlists) and vehicles with permits (permit lists). It also
collects data for time-limited parking enforcement. Patroller alerts you of
hotlist or permit hits so that you can take immediate action.
See also LPR camera and LPR Manager.

Patroller Config Tool Patroller administrative application used to configure Patroller-specific

settings such as: adding Sharp cameras to the in-vehicle LAN; enabling features
such as Manual Capture or New Wanted; and specifying that a username and
password are needed to log on to Patroller.

People counting Type of operation task that keeps count in real time of the number of
cardholders in all secured areas of your system.

perimeter arm Arming an intrusion detection area in such a way that only sensors attributed
to the area perimeter would set the alarm off if triggered. Other sensors such as
motion sensors inside the area will be ignored.

permit Type of entity that defines a single parking permit holder list. Each permit
holder is characterized by a permit ID, a license plate number, a license issuing
state, and optionally, a permit validity range (effective date and expiry date).
Permits are used in both city and university parking enforcement.
See also City Parking Enforcement and University Parking Enforcement.

permit hit A hit that is generated when a read (license plate number) does not match any
entry in a permit or when it matches an invalid permit.

[Link] | Security Center Administrator Guide 5.2 840

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

permit restriction Type of entity that applies time restrictions to a series of parking permits for a
given parking zone. Permit restrictions are only used in university parking
enforcement. Different time restrictions can be associated to different permits.
For example, a permit restriction may limit the parking in zone A from
Monday to Wednesday for permit P1 holders, and from Thursday to Sunday
for permit P2 holders.
A plate read generates a permit hit in the following instances:
• Does not match any entry in the list
• Matches one or more permit in the list that are not valid in the parking zone
• Matches an invalid permit
• Matches a valid permit, but the permit is not valid at that time
• Matches a valid permit number, but the permit is temporarily not allowed
to park.
Additionally, a shared permit hit occurs when two plates sharing the same
permit ID are read in the same parking zone within a specific time period.
See also parking zone, permit, and permit hit.

Plan Manager Map-based interface built into Security Center that allows you to view, control,
and monitor your access control, LPR, and video equipement directly from an
interactive map within Security Desk.
See also Plan Manager Client and Plan Manager Server.

Plan Manager Client Client component of Plan Manager that runs as a tile plugin within Security
Desk. It enables operators to use maps to monitor and control cameras, doors,
and other security devices, and administrators to create map objects.
See also map object, tile plugin, and Tile Server.

Plan Manager Server Server component of Plan Manager that must be hosted by a Security Center
Plugin role. Plan Manager Server includes two server modules, Data Server and
Map Server, which can be hosted on the same Plugin role or two separate
Plugin roles.
See also Data Server, Map Server, and Plugin.

Plate Reader Software component of the Sharp unit that processes the images captured by
the LPR camera to produce license plate reads, and associates each license plate
read with a context image captured by the context camera. The Plate Reader
also handles the communications with the Patroller and the LPR Manager. If
an external wheel imaging camera is connected to the Sharp unit, the Plate
Reader also captures wheel images from this camera.
See also LPR Manager, Patroller, SharpOS, and Sharp unit.

[Link] | Security Center Administrator Guide 5.2 841

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Plugin Plugin. There are two definitions:

(1) Proper noun – Type of role that hosts a specific plugin.
(2) Common noun – A software module that adds a specific feature or service
to a larger system.

Point of Sale Type of role that imports transaction data from an external point of sale system
so that transaction reports can be generated from Security Desk for
investigation purposes.
See also point of sale system.

point of sale system Point of sale (POS) typically refers to the hardware and software used for
checkouts - the equivalent of an electronic cash register. Point of sale systems
are used in supermarkets, restaurants, hotels, stadiums, and casinos, as well as
almost any type of retail establishment.
Today's POS systems handle a vast array of features, including, but not limited
to, detailed transaction capture, payment authorization, inventory tracking,
loss prevention, sales audit and employee management.

Portable Archive Player Self-contained video player that can play exported Security Center video files
on computers that do not have Security Center installed.
See also video file.

primary server The default server chosen to perform a specific function (or role) in the system.
To increase the system's fault-tolerance, the primary server can be protected by
a secondary server on standby. When the primary server becomes unavailable,
the secondary server automatically takes over.
See also failover.

private IP address An IP address chosen from a range of addresses that are only valid for use on a
LAN. The ranges for a private IP address are: [Link] to [Link],
[Link] to [Link], and [Link] to [Link]. Routers on
the Internet are normally configured to discard any traffic using private IP
addresses.

private task Entity that represents a saved type of task that is visible only to the user who
created it.
See also public task and task.

properties panel One of the three panels found in the Security Desk canvas. It is used to show
the metadata associated to the entity displayed in the current tile.

Public partition A special partition created at system installation that has the unique
characteristic that all its members are visible to all users on the system,
regardless whether they are accepted users or not.

[Link] | Security Center Administrator Guide 5.2 842

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

public task Entity that represents a saved task that can be shared among multiple Security
Center users.
See also private task and task.

Q
R
read See license plate read.

reader A sensor that reads the credential for an access control system. For example,
this can be a card reader, or a biometrics scanner.

Reads Type of investigation task that reports on license plate reads performed within
a selected time range and geographic area.

Reads/hits per day Type of investigation task that reports on the number of reads and hits per day
for a selected date range.

Reads/hits per zone Type of investigation task that reports on the number of reads and hits per
parking zone for a selected date range.

recording mode The criteria by which the Archiver schedules the recording of video streams.
There are four possible recording modes:
• Off (no recording allowed)
• Manual (record only on user requests)
• Continuous (always record)
• On motion/manual (record according to motion detection settings or on
user request).

recording state Current recording status of a given camera. There are four possible recording
states:
• Enabled
• Disabled
• Currently recording (unlocked)
• Currently recording (locked).

redirector Server assigned to host a redirector agent created by the Media Router role.

redirector agent Agent created by the Media Router role to redirect data streams from one IP
endpoint to another.

redundant archiving Option that allows a copy of all the video streams of an Archiver role to be
archived simultaneously on the standby server as a protection against data loss.

[Link] | Security Center Administrator Guide 5.2 843

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Remote Type of operation task that allows you to remotely monitor and control other
Security Desks that are part of your system, using the Monitoring task and the
Alarm monitoring task.
See also Monitoring and Alarm monitoring.

Report Manager Type of role that automates report emailing and printing based on schedules.

report pane A section in the Security Desk's task workspace used to display information in
a tabular form. The rows may correspond to query results or real-time events.
See also task workspace.

request to exit Request to exit (REX).

(1) Door release button normally located on the inside of a secured area that
when pressed, allows a person to exit the secured area without having to
show any credential. This can also be the signal from a motion detector.
(2) The signal received by the controller for a request to exit.

reverse geocoding AutoVu feature that translates a pair of latitude and longitude into a readable
street address.
See also geocoding and Navigator.

RFID tag Radio Frequency Identification tag. A device that communicates location data,
and other data related to the location, of an object to which it is attached.

role A software module that performs a specific function (or job) within Security
Center. Roles must be assigned to one or more servers for their execution.
See also server.

Role view Browser view that lists all roles on your system with the devices they control as
child entities.

route Entity used to configure the transmission capabilities between two end points
in a network for the purpose of routing media streams.

Route playback Type of investigation task that replays the route followed by a Patroller on a
given date on a map.

S
same position Type of parking regulation characterizing an overtime rule. A vehicle is in
violation if it is seen parked at the exact same spot over a specified period of
time. The Patroller must be equipped with GPS capability in order to enforce
this type of regulation.

[Link] | Security Center Administrator Guide 5.2 844

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

schedule Type of entity that defines a set of time constraints that can be applied to a
multitude of situations in the system. Each time constraint is defined by a date
coverage (daily, weekly, ordinal, or specific) and a time coverage (all day, fixed
range, daytime, and nighttime).
See also standard schedule and twilight schedule.

scheduled task Type of entity that defines an action that executes automatically on a specific
date and time, or according to a recurring schedule.

secondary server Any alternate server on standby intended to replace the primary server in the
case the latter becomes unavailable.
See also failover and primary server.

Security Center Security Center is the unified security platform that seamlessly blends
Genetec's IP security and safety systems within a single innovative solution.
The systems unified under Security Center include Genetec's Omnicast IP
video surveillance system, Synergis IP access control system, and AutoVu IP
license plate recognition (LPR) system.
See also Security Desk.

Security Center Federation Type of role that imports entities from an independent Security Center system
so that its entities can be used by your local Security Center users.

Security Center Mobile Security Center Mobile is a feature of Genetec’s unified platform that lets you
remotely connect to your Security Center system over a wireless IP network.
Supported Mobile client components include a platform-independent, unified
Web Client, as well as various Mobile apps for smartphones and tablets.
See also Mobile Admin, Mobile app, Mobile Server, and Web Client.

security clearance Numerical value used to further restrict the access to an area when a threat level
is in effect. Cardholders can only access (enter or exit) an area if their security
clearance is equal or higher than the minimum security clearance set on the
area.
See also threat level.

Security Desk Security Desk is the unified user interface of Security Center. It provides
consistent operator flow across all of the Security Center’s main systems,
Omnicast, Synergis, and AutoVu. Security Desk’s unique task-based design lets
operators efficiently control and monitor multiple security and public safety
applications.
See also Security Center.

[Link] | Security Center Administrator Guide 5.2 845

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

selector One of the panes found in the Security Desk's task workspace. The selector
contains different sets of tools, grouped in tabs, to help you find and select the
information you need to work on.
See also task workspace.

server Type of entity that represents a server machine on which Genetec Server is
installed.
See also expansion server, Genetec Server, and main server.

Server Admin Web application running on every server machine in Security Center that
allows you to configure the settings of Genetec Server. Server Admin also
allows you to configure the Directory role on the main server.

sharing guest Security Center system that is given the rights to view and modify entities
shared by another system, called the sharing host.
See also Global Cardholder Synchronizer and global partition.

sharing host Security Center system that owns partitions that are shared with other Security
Center systems, called sharing guests.
See also global partition.

Sharp EX Sharp unit that includes an integrated image processor and supports two
standard definition NTSC or PAL inputs for external cameras (LPR and
context cameras).
See also context camera, LPR camera, and Sharp unit.

Sharp Portal Web-based administration tool used to configure Sharp cameras for fixed or
mobile AutoVu systems. From a Web browser, you log on to a specific IP
address (or the Sharp name in certain cases) that corresponds to the Sharp you
want to configure. When you log on, you can configure options such as
selecting the LPR context (e.g. Alabama, Oregon, Quebec, etc), selecting the
read strategy (e.g. fast moving or slow moving vehicles), viewing the Sharp’s
live video feed, and more.
See also Sharp unit.

Sharp unit Genetec's proprietary LPR unit that integrates license plate capturing and
processing components, as well as digital video processing functions, inside a
ruggedized casing.
See also context camera, Plate Reader, LPR camera, Sharp EX, Sharp VGA,
Sharp XGA, SharpOS, and SharpX.

[Link] | Security Center Administrator Guide 5.2 846

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Sharp VGA Sharp unit that integrates the following components: an infrared illuminator; a
standard definition (640 x 480) LPR camera for plate capture; an integrated
image processor; an NTSC or PAL color context camera with video streaming
capabilities.
See also context camera, LPR camera, and Sharp unit.

Sharp XGA Sharp unit that integrates the following components: an infrared illuminator; a
high-definition (1024 x 768) LPR camera for plate capture; an integrated image
processor; an NTSC or PAL color context camera with video streaming
capabilities and optional internal GPS.
See also context camera, LPR camera, and Sharp unit.

SharpOS The software component of a Sharp or SharpX unit. SharpOS is responsible for
everything related to plate capture, collection, processing, and analytics. For
example, a SharpOS update may include new LPR contexts, new firmware,
Sharp Portal updates, and updates to the Sharp's Windows services (Plate
Reader, HAL, updater service, and so on).
See also Plate Reader.

SharpX Camera component of the SharpX system. The SharpX camera unit integrates
a pulsed LED illuminator that works in total darkness (0 lux), a monochrome
LPR camera (1024 x 946 @ 30 fps), and a color context camera (640 x 480 @ 30
fps). The LPR data captured by the SharpX camera unit is processed by a
separate hardware component called the AutoVu LPR Processing Unit.
See also AutoVu LPR Processing Unit.

SharpX VGA Camera component of the SharpX system. The SharpX VGA camera unit
integrates a pulsed LED illuminator that works in total darkness (0 lux), a
monochrome LPR camera (640 x 480 @ 30 fps), and a color context camera
(640 x 480 @ 30 fps). The LPR data captured by the SharpX VGA camera unit
is processed by a separate hardware component called the AutoVu LPR
Processing Unit.
See also AutoVu LPR Processing Unit.

SMC See Synergis Master Controller.

Software Development Kit Software Development Kit (SDK). Allows end-users to develop custom
applications or custom application extensions for Security Center.

SSL Secure Sockets Layer is a protocol used to secure applications that need to
communicate over a network.

[Link] | Security Center Administrator Guide 5.2 847

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

standard schedule A subtype of schedule entity that may be used in all situations. Its only
limitation is that it does not support daytime or nighttime coverage.
See also twilight schedule.

standby server See secondary server.

stream stream.
(1) Video stream.
(2) Entity representing a specific video quality configuration on a camera.

strict antipassback Antipassback option. When enabled, a passback event is generated when a
cardholder attempts to leave an area that they were never granted access to.
When disabled, Security Center only generates passback events for cardholders
entering an area that they never exited.
See also timed antipassback.

synchronous video Simultaneous live video or playback video from more than one camera that are
synchronized in time.

Synergis Synergis™ is the IP access control system of the Security Center designed to
offer end-to-end IP connectivity, from access control reader to client
workstation. Synergis™ seamlessly integrates a variety of access control
capabilities including, but not limited to, badge design, visitor management,
elevator control, zone monitoring and more.

Synergis Master Controller Genetec's access control unit that supports a variety of third party readers and
(SMC) interface modules over IP, USB, and RS-485. SMC is seamlessly integrated to
Security Center, and is capable of making the access control decisions
independently of the Access Manager.
See also access control unit, controller module, and four-port RS-485 module.

system event A system event is a standard Security Center event defined at system
installation. Unlike custom events, system events cannot be renamed or
deleted.
See also custom event.

System status Type of maintenance task that monitors the status of all entities of a given type
in real time, and allows you to interact with them.

T
tailgating A person who enters a secure area without presenting a credential, by following
behind another person who has presented their credential.

[Link] | Security Center Administrator Guide 5.2 848

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

task The central concept on which the entire Security Center user interface is built.
Each task corresponds to one aspect of your work as a security professional. For
example, use a monitoring task to monitor system events in real-time, use an
investigation task to discover suspicious activity patterns, or use an
administration task to configure your system. All tasks can be customized and
multiple tasks can be carried out simultaneously.
See also private task and public task.

task cycling Security Desk feature that automatically cycles through all tasks in the active
task list following a fixed dwell time.

task workspace Area in the Security Center client application window reserved for the current
task. The workspace is typically divided into three panes:
• canvas
• selector
• report pane
See also canvas, report pane, and selector.

taskbar User interface element of the Security Center client application window,
composed of the Home button and the task list. The taskbar can be configured
to appear on either edge of the application window.

threat level Emergency handling procedure that a Security Desk operator can enact on one
area or the entire system to deal promptly with a potentially dangerous
situation, such as a fire or a shooting.

tile An individual window within the tile panel, used to display a single entity. The
entity displayed is typically the video from a camera, a map, or anything of a
graphical nature. The look and feel of the tile depends on the displayed entity.
See also tile panel.

tile ID The number displayed at the upper left corner of the tile. This number uniquely
identifies each tile within the tile panel.
See also tile and tile panel.

Tile mode Security Desk canvas operating mode where the main area of the canvas is used
to display the tile panel and the dashboard.

tile panel Panel within the canvas used to display multimedia information, such as
videos, maps and pictures. The tile panel is composed of individual display
windows called tiles.
See also canvas and tile.

[Link] | Security Center Administrator Guide 5.2 849

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

tile pattern Predefined tile arrangements within the tile panel.

See also tile panel.

Tile Server Map Server module that answers the map requests issued from Plan Manager
Client.
See also Map Server and Plan Manager Client.

tile plugin Type of entity that represents an application that runs inside a Security Desk
tile. Examples of tile plugins include a web browser (available as standard
Security Center feature) and Plan Manager Client.
See also Plan Manager and plugin.

Time and attendance Type of investigation task that reports on who has been inside a selected area
and the total duration of their stay within a given time range.

timed antipassback Antipassback option. When Security Center considers a cardholder to be

already in an area, a passback event is generated when the cardholder attempts
to access the same area again during the time delay defined by Timeout. When
the time delay has expired, the cardholder can once again pass into the area
without generating a passback event.
See also strict antipassback.

timeline A graphic illustration of a video sequence, showing where in time, motion, and
bookmarks are found. Thumbnails can also be added to the timeline to help the
user select the segment of interest.

Transmission Control The Transmission Control Protocol (TCP) is a connection-oriented protocol

Protocol used to send data over an IP network. The TCP/IP protocol defines how data
can be transmitted in a secure manner between networks. TCP/IP is the most
widely used communications standard and is the basis for the Internet.

trickling The process of transferring data in small amounts.

twilight schedule A subtype of schedule entity that supports both daytime and nighttime
coverages. A twilight schedule may not be used in all situations. Its primary
function is to control video related behaviors.
See also standard schedule.

U
unicast Communication between a single sender and a single receiver over a network.

[Link] | Security Center Administrator Guide 5.2 850

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

Uniform Resource Locator A URL (Uniform Resource Locator, previously Universal Resource Locator) is
the unique address for a file that is accessible on the Internet. The URL contains
the name of the protocol (http:, ftp:, file:) to be used to access the file resource,
a domain name that identifies a specific computer on the Internet, and a path
name, a hierarchical description that specifies the location of a file in that
computer.

unit A hardware device that communicates over an IP network that can be directly
controlled by a Security Center role. We distinguish four types of units in
Security Center:
• Access control units, managed by the Access Manager role
• Video units, managed by the Archiver role
• LPR units, managed by the LPR Manager role
• Intrusion detection units, managed by the Intrusion Manager role.
See also access control unit, Access Manager, Archiver, Intrusion Manager, LPR
Manager, LPR unit, and video unit.

Unit discovery tool Tool that allows you to discover IP units connected to your network, based on
their type (access control or video), manufacturer, and network properties
(discovery port, IP address range, password, and so on). Once discovered, the
units can be added to your system.

Unit replacement Tool used to replace a failed hardware device with a compatible one, while
ensuring that the data associated to the old unit gets transferred to the new one.
For an access control unit, the configuration of the old unit is copied to the new
unit. For a video unit, the video archive associated to the old unit is now
associated to the new unit, but the unit configuration is not copied.

University Parking Patroller software installation that is configured for university parking
Enforcement enforcement: the enforcement of scheduled parking permits or overtime
restrictions. The use of maps is mandatory. Hotlist functionality is also
included.
See also overtime rule, permit, and permit restriction.

unreconciled read MLPI license plate read that has not been committed to an inventory.
See also Mobile License Plate Inventory.

user Type of entity that identifies a person who uses Security Center applications
and defines the rights and privileges that person has on the system. Users can
be created manually or imported from an Active Directory.
See also Active Directory and user group.

[Link] | Security Center Administrator Guide 5.2 851

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

User Datagram Protocol The User Datagram Protocol (UDP) is a connectionless protocol used to
exchange data over an IP network. UDP is more efficient than TCP for video
transmission because of lower overhead.

user group Type of entity that defines a group of users who share common properties and
privileges. By becoming member of a group, a user automatically inherits all
the properties of the group. A user can be member of multiple user groups.
User groups can also be nested.
See also user.

user level A numeric value assigned to users to restrict their ability to perform certain
operations, such as controlling a camera PTZ, viewing the video feed from a
camera, or to stay logged on when a threat level is set. The smaller the value, the
higher the priority.
See also threat level, user, and user group.

user privilege Privileges that control what operations a user is allowed to perform in Security
Center, independent of what entities they can access, and within the
constraints set by the software license. User privileges can be inherited from
user groups.
See also access right, partition, user, and user group.

V
validation key Serial number uniquely identifying a computer that must be provided to obtain
the license key.
See also license key.

vehicle identification All vehicles have a manufacturer assigned vehicle identification number (VIN).
number This is usually visible from outside the vehicle as a small plate on the
dashboard. A VIN can be included as additional information with license plate
entries in a hotlist or permit list, to further validate a hit and ensure that it is the
correct vehicle.

video analytics The software technology that is used to analyze video for specific information
about its content. Examples of video analytics include counting the number of
people going through a door, license plate recognition, detection of unattended
objects, or the direction of people walking or running.

video archive Video archive includes both the recorded audio/video footage and the database
that documents those recordings (source camera, timestamps, events,
bookmarks, and so on).

[Link] | Security Center Administrator Guide 5.2 852

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Glossary

video encoder Device that converts an analog video source to a digital format using a standard
compression algorithm (H.264, MPEG-4, MPEG-2 or M-JPEG). The video
encoder is one of the many devices found on a video encoding unit.
See also camera and video unit.

video decoder Device that converts a digital video stream into analog signals (NTSC or PAL)
for display on an analog monitor. The video decoder is one of the many devices
found on a video decoding unit.
See also analog monitor and video unit.

video file File created by an archiving role (Archiver or Auxiliary Archiver) to store
archived video. The file extension is G64. You need the Security Desk or the
Portable Archive Player to read video files.
See also Archiver, Auxiliary Archiver, and G64.

Video file player Type of investigation task that browses through your file system for video files
(G64) and allows you to play, convert to ASF, and verify the authenticity of
these files.

video sequence Any recorded video stream of a certain duration.

video unit Type of entity that represents a video encoding or decoding device capable of
communicating over an IP network and incorporating one or more video
encoders. They come in a wide variety of brands and models. Some support
audio, others support wireless communication. The high-end encoding models
come with their own recording and video analytics capabilities.
See also Archiver, video decoder, and video encoder.

video watermarking Process by which a digital signature (watermark) is added to each recorded
video frame to ensure its authenticity. If anyone later tries to make changes to
the video (add, delete or modify a frame), the signatures will no longer match,
thus, showing that the video has been tampered with.

virtual zone A subtype of zone entity where the IO linking is done by software. The input
and output devices may belong to different units of different types. A virtual
zone is controlled by the Zone Manager and only works online. It can be armed
and disarmed from Security Desk.
See also hardware zone and zone.

Visit details Type of investigation task that reports on the stay (check-in and check-out
time) of current and past visitors.

Visitor activities Type of investigation task that reports on visitor activities (access denied, first
person in, last person out, antipassback violation, and so on).

[Link] | Security Center Administrator Guide 5.2 853

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Visitor management Type of operation task that allows you to check in, check out, and modify
visitors, as well as manage their credentials, including temporary replacement
cards.

visual tracking Visual tracking is a feature in Security Desk that allows you to follow an
individual across different areas of your company without ever loosing sight of
that individual, as long as the places this person goes through are monitored by
cameras. This feature displays transparent overlays on the video to show you
where you can click to switch to adjacent cameras.

VSIP port The VSIP port is the name given to the discovery port of Verint units. A given
Archiver can be configured to listen to multiple VSIP ports.
See also discovery port.

W
watchdog Security Center service installed alongside the Genetec Server service on every
server computer, whose sole purpose is to monitor the operation of Genetec
Server, and to restart it if abnormal conditions are detected.

Web-based SDK Type of role that exposes the Security Center SDK methods and objects as Web
services to support cross-platform development.

Web Client The client component of Security Center Mobile that provides access to
Security Center features from a Web browser. Web Client users connect to
Mobile Server to configure and monitor various aspects of your Security
Center system.
See also Mobile Server.

wheel imaging Virtual tire-chalking technology that takes images of the wheels of vehicles to
prove whether they have moved between two license plate reads.

widget A component of the graphical user interface (GUI) with which the user
interacts.

Wiegand An electrical interface standard and format used between a reader and
controller (from the original Wiegand card reader).

Windows Communication Windows Communication Foundation (WCF) is a communication

Foundation architecture used to enable applications, in one machine or across multiple
machines connected by a network, to communicate. AutoVu Patroller uses
WCF to communicate wirelessly with Security Center.

[Link] | Security Center Administrator Guide 5.2 854

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
WMS Web Map Service (WMS) is a standard protocol for serving over the Internet,
georeferenced map images that are generated by a map server using data from
a GIS database.
See also GIS and OGC.

X
Y
Z
zone Type of entity that monitors a set of inputs and triggers events based on their
combined states. These events can be used to control output relays.
See also hardware zone, IO linking, and virtual zone.

Zone activities Type of investigation task that reports on zone related activities (zone armed,
zone disarmed, lock released, lock secured, and so on).

Zone Manager Type of role that manages virtual zones and triggers events or output relays
based on the inputs configured for each zone. It also logs the zone events in a
database for zone activity reports.

Zone occupancy Type of investigation task that reports on the number of vehicles parked in a
selected parking zone, and the percentage of occupancy (for university parking
only).
See also University Parking Enforcement.

[Link] | Security Center Administrator Guide 5.2 855

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Index
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A troubleshooting, 327
viewing, 329
ABA field, defining, 680 access rule
about about, 353
entity tree, 85 applying, 280
Logical view, 85 configuring, 284
System entity, 85 creating, 284
accepted user, partitions, 92, 453 viewing configurations, 321
access control Access rule configuration
setting entity expiration, 640 about, 321
troubleshooting configurations, 324 generating report, 321
Access control health history, about, 312 Access troubleshooter
access control unit about, 298, 324, 658
about, 341 limitations, 324
adding troubleshooting
using Unit discovery tool, 268 access requirements, 327
configuring, 270 cardholder access rights, 326
connection parameters, 348 doors, 325
renaming, 349 accessing storage devices, 227
SMC, 270 action
synchronizing about, 106
about, 270 action privileges, users, 714
modes, 352 actions
viewing events, 313 action types, 767–772
viewing health events, 312 reference list, 767
viewing IO configurations, 314 task-related, 24
viewing properties, 184 activating
wiring doors, 271 Genetec Server Directory, 482
Access control unit events, about, 313 roles, 51
access denied events, investigating, 329 user profiles, 487
Access diagnosis, using, 327 Active Directory
access granted events, investigating, 329 about, 520
Access Manager encrypted communication, 144
about, 263, 515 importing cardholders, 287
adding, 263 importing ccredentials, 290
configuring, 263 importing users, 102
keeping events, 516 synchronizing entities, 142
resolving conflicts, 519 active tasks, list, 489
access rights active tasks, updating, 692

[Link] | Security Center Administrator Guide 5.2 856

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

Activity trails Analyzing the stream, error, 238

about, 182 antipassback
generating report, 182 about, 365
adding configuring, 283
accepted partition users, 92 application privileges, users, 701
access control units, 264 applying
Access Mangers, 263 access rules for elevators, 280
Archivers, 193 custom filters, 43
area members, 282 custom filters using search tool, 43
cameras to camera sequences, 219 name filters, 43
cameras to doors, 273 architecture
cash registers, 603 Security Center system, 6
expansion servers, 47 Synergis system, 255
parition members, 452 archive database, about, 225
parity checks, 679 archive storage
partition members, 92 about, 225
secondary servers, 64, 538 accessing, 227
tasks, 22 estimating requirements, 226
tasks to favorites, 24 managing, 226
video units, 194, 247 monitoring, 227
administrative privileges, users, 703 Archive storage details
Administrators user group, about, 97 about, 234
advanced settings protecting video files, 232
Archiver, 545 archive viewing, user limitations, 491, 496
video units, 536 Archiver
alarm about, 525
about, 355 adding, 193
attached entities, 357 Bosch VRM settings, 535
automatic acknowledgement, 359 camera details, 544
automatic video recording, 360 configuring, 193
broadcast mode, 357 servers, 538
configuring, 112 standby archiving, 539
creating incidents on acknowlegement, 359 discovering video units, 533
entities, 111 failover, 228
managing, 111 limitation, 230
procedure, 359 protected video file statistics, 543
protecting recorded video, 360 recording modes, 526
reactivation threshold, 358 recording options, 527, 549
recipients, 357 settings
responding, 115 advanced, 545
schedules, 359 database, 540
setting priority, 356 network card, 542
testing, 112 storage, 540
triggering, 113 video units, 532
troubleshooting, 112 statistics, 542
video display options, 359 what is, 193
Alarm Monitoring, assigning Logical IDs, 632 Archiver events, about, 252
analyzing report results, 30 Archiver role, searching for events, 252

[Link] | Security Center Administrator Guide 5.2 857

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

archives video archives, 228

viewing storage details, 234 Badge designer, about, 370
area badge template
about, 364 about, 369
adding members, 282 Badge designer tool, 370
antipassback properties, 365 creating, 292
associating doors, 282 preview, 297
configuring, 281 best practices
creating, 281 configuring cameras, 210, 221
interlock properties, 366 configuring system administrators, 97
viewing cardholder access rights, 329 deploying Omnicast, 190
arming deploying Synergis, 259
delaying arming, 509 resolving reader issues, 331
hardware zones, 509 solving HID unit issues, 318
virtual zones, 512 system configuration, 90
zones, 160 wiring doors to access control units, 271
assigning bit rate
Keyboard shortcuts, 688 camera settings, 376
associating setting priority, 376
access control units to hardware zones, 507 video unit settings, 501
doors to areas, 282 boosting recording quality
hardware zone states to events, 508 manual recording, 380
virtual zone states to events, 512 settings, 380
virtual zones to Zone Managers, 511 special events, 213
audio alarm, about, 395 system events, 380
Audit trails, about, 181 broadcast mode, about, 357
automatic stream selection, video units, 212 buzzer, configuring, 272
automating
alarm acknowledgement, 359
database backup, 58 C
disk cleanup, 226 camera
system behavior, 103 about, 210, 221, 372
video recording on alarms, 360 audio alarm events, 395
AutoVu boost quality
ports used (default), 787 settings, 380
Auxiliary Archiver boosting quality
about, 547 on event recording, 380
recording modes, 549 on manual recording, 380
settings configuring, 210, 221
database, 552 motion detection, 383
network, 552 lens type, 396
storage, 552 linking speakers/microphones, 395
not recording, 244
rotating images, 396
B setting
backing up bit rate, 376
databases, 57 bit rate priority, 376

[Link] | Security Center Administrator Guide 5.2 858

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

connection type, 378 user password, 10, 487

video quality, 374 video file protection status, 232
stream usage, 377 checking macro syntax, 434
tampering, 395 choosing zone type, 163
visual tracking, 392 closing Security Center, 10
camera details, Archiver, 544 closing Security Desk
camera recording, troubleshooting, 244 options, 693
camera sequence columns
about, 397 reference list, 730
adding cameras, 219 reordering, 33
configuring cameras, 219 resizing, 32
creating, 219 selecting, 32
removing cameras, 219 showing/hiding, 32
camera tampering, about, 395 Comm LED, about, 796
cannot add video units, troubleshooting, 247 command port, about, 501
cannot delete video units, troubleshooting, 250 common configuration tabs
cardholder about, 336
about, 399 Cameras tab, 338
configuring, 286 Custom fields tab, 339
creating, 286 Identity tab, 336
importing Location tab, 340
from Active Directory, 287 concurrent logons, limiting, 488
from flat file, 287 Config Tool
managing, 287 interface, 13
setting picture size, 287, 641 configuration changes, investigating, 181
troubleshooting access rights, 326 configuring
viewing access rights, 329 Access Manager, 263
viewing properties, 322 access rules, 284
Cardholder access rights, about, 329 alarms, 112
Cardholder configuration, about, 322 antipassback, 283
cardholder group Archiver, 193
about, 402 Archiver servers, 538
configuring, 286 areas, 281
creating, 287 automatic disk cleanup, 226
viewing access rights, 329 camera sequences, 219
viewing member properties, 322 cameras, 210, 221
Cardholder troubleshooter cardholder groups, 286
about, 326 cardholders, 286
using, 326 credentials, 288
cash register database notifications, 57
about, 404 Directory, 477
adding, 603 door buzzers, 272
CCTV matrix doors, 271
integration, 190 elevator floors, 278
using, 129 elevator relays, 279
changing elevators, 277
role servers, 50 entities, 85
taskbar position, 27 entity tree, 86

[Link] | Security Center Administrator Guide 5.2 859

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

federated entities, 129 access rules, 284

full screen mode, 95 areas, 281
Genetec Server, 480 badge templates, 292
hardware zones, 162 camera sequences, 219
HID units, 808 cardholder groups, 287
inputs, 507 cardholders, 286
interlock, 283 credentials, 288
Media Router, 203 databases, 55
motion detection, 383 doors, 271
output pins, 502 entities, manually, 37
partitions, 90 incidents
PTZ, 394 for door state overrides, 641
readerless doors, 272 on alarm alcknowledgement, 359
role groups, 135 intrusion detection areas, 159
roles, 49 Intrusion Managers, 156
Saved tasks page, 23 macros, 110
Security Center/Patroller communication, 575 network entities, 83
servers, 48 parent user groups, 98
standby archiving, 539 partitions, 92
user groups, 96 roles, 50
user password expiration, 488 tasks, 22
user privileges, 99 user groups, 97
users, 93 users, 94
video streams, 211 credential
virtual zones, 162 about, 405
visual tracking, 213 configuring, 288
conflict resolution utility, using, 149 creating, 288
connecting enrolling, 290
Security Center, 9 importing
Connecting to Archiver, error, 238 from Active Directory, 290
Connecting to Media Router, error, 238 from flat file, 290
connection parameters information, 406
access control units, 348 state, 406
federated Omnicast systems, 598 viewing properties, 323
federated Security Center systems, 609 Credential configuration, about, 323
contacting technical support, 878 cross-platform development
contextual command toolbar, 17 about, 164
converting Web-based SDK, 164
expansion servers to main servers, 482 CSV file
main servers to expansion servers, 49, 483 importing, 664
primary servers to expansion servers, 538 fields, 668
Copy configuration tool custom card format
about, 674 benefits, 290
using, 674 using, 290, 641
countdown buzzer, about, 509 Custom card format editor
create about, 676
event-to-actions, 107 adding parity checks, 679
creating defining

[Link] | Security Center Administrator Guide 5.2 860

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

ABA fields, 680 Genetec Server Directory, 483

formats, 676 roles, 51
Wiegand fields, 678 user profiles, 487
deleting custom card formats, 683 default
custom data type network, 83
add, 138 schedule, 104
configuration tab, 627 user, 94
modify, 139 defining
properties, 627 ABA fields, 680
what is, 138 custom card formats, 676
custom field partitions, 91
add, 136 schedules, 105
configuration tab, 625 Wiegand fields, 678
properties, 625 delaying
purpose, 136 hardware zone arming, 509
standard data types, 625 virtual zone arming, 512
custom fields deleting
importing limitations, 671 current task, 25
custom filter, applying, 43 custom card formats, 683
cycling tasks, 24 databases, 59
discovered entities, 45
entities, 45, 88
D intrusion detection unit logs, 428
database partition members, 452
backing up tasks, 24
automatic, 58 deleting video units, 250
manual, 57 demo license, acquiring, 878
configuring notifications, 57 deploying
creating, 55 Omnicast, 190
deleting, 59 Synergis, 259
finding version, 56 determining Web service address, 612
managing, 52 diagnosing
relocating, 53 entities, 180
restoring, 58 impossible to establish video session error, 241
settings, 52 video streams, 236
archiving, 540, 552 waiting for signal error, 238
database failover Directory
backup and restore, 72 about, 555
automatically reconnect to master database, 73 configuring, 477
contingency backup, 72 troubleshooting connection problems, 685
configuring, 72 Directory Availability Manager, what is, 66
database server, about, 53 Directory Manager
date and time options about, 556
configuring, 696 Directory server, what is, 66
displaying time zone abbreviations, 696 disarming zones, 160
date coverage, setting, 468 discovered entities
deactivating about, 39
deleting, 45

[Link] | Security Center Administrator Guide 5.2 861

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

discovery port, video units, 501 basic information, 38

displaying configuring, 85
Security Desk in full screen, 24 creating
document information, ii network entities, 83
documentation. See production documentation creating manually, 37
door deleting, 45
about, 361, 408, 436 diagnosing, 180
adding cameras, 273 discovering, 39
behavior, 409 duplicating, 87
buzzer, 272 entity types, 335–509
configuring, 271 renaming, 85, 87
creating, 271 searching, 42
door state override incidents, 641 by custom filter, 43
troubleshooting, 330 by name, 43
troubleshooting access rights, 328 using global search, 42
unlock schedules, 411 using search tool, 43
viewing cardholder access rights, 329 state types, 179
wiring, 271 viewing, 85
See also readerless door entity states
Door troubleshooter about, 179
about, 325, 328 red, 85
generating a report, 328 troubleshooting, 179
using, 325 yellow, 85
duplicating entity tree
entities, 87 configuring, 86
deleting entities, 88
duplicating entities, 87
E reorganizing, 87
editing keyboard shortcuts, 688 entity tree, about, 85
elevator entity types
about, 414 access control unit, 341
access rules, applying, 280 access rule, 353
configuring, 277 alarm, 355
floors, 278 analog monitor, 361, 436
relays, 279 area, 364
hardware requirements, 277 badge template, 369
viewing cardholder access rights, 329 camera, 372
enabling task cycling, 489 camera sequence, 397
encryption cardholder, 399
communication Security Center and Active cardholder group, 402
Directory, 144 cash register, 404
enrolling credential, 405
credentials, 290 door, 408
intrusion panels, 156 elevator, 414
enryption key, setting up, 231 hardware zone, 506
entities hotlist, 418
availability, 171 intrusion detection area, 425
intrusion detection unit, 427

[Link] | Security Center Administrator Guide 5.2 862

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

LPR unit, 430 Security Desk full screen, 24

macro, 433 expansion server
network, 438 adding, 47
output behavior, 441 what is, 7
overtime rule, 443 exporting
parking facility, 448 keyboard shortcut configurations, 688
partition, 451 report results, 31
Patroller, 454
permit, 457
permit restriction, 461 F
public task, 465 F11 command, disabling, 95
role, 466 failover
schedule, 467 how does it work?, 61
scheduled task, 473 limitation, Archiver, 230
server, 475 load planning, 229
tile plugin, 484 third-party solutions, 60
user, 486 favorites
user group, 493 adding tasks, 24
video unit, 498 removing tasks, 24
virtual zone, 510 features, Omnicast system, 187
entity, what is, 36 federated entity
error configuring, 129
analyzing the stream, 238 exceptions, 130
connecting to Archiver, 238 identifying, 128
connecting to Media Router, 238 using, 129
impossible to establish video session, 241 what is, 128
initializing, 238 Federating
requesting live stream, 238 Omnicast systems, 131
waiting for signal, 238 Security Center systems, 133
error messages, investigating, 170 Federation
estimating archive storage requirements, 226 about, 128
evaluating zone states, 507 advanced settings, 134
event Omnicast Federation, 131
about, 106 types of, 128
custom events, 106 Federation host, definition, 128
event types, 754–766 filtering report queries, 718
event recording, boosting quality, 380 finding
event types, reference list, 754 Archiver role events, 252
event-to-action database information, 56
compared to scheduled task, 109 who made configuration changes, 181
create, 107 See also searching
search, 108 firmware upgrade, video units, 500
using, 106 flat file
See also event, action importing cardholders, 287
exceptions importing credentials, 290
federated alarms, 130 floor, elevators, 278
execution context, defining, 435 full screen mode
expanding

[Link] | Security Center Administrator Guide 5.2 863

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

configuring as default, 95 countdown buzzer, 509

full screen, enabling for Security Desk, 24 delaying arming, 509
evaluating zone state, 507
setting reactivation threshold, 508
G See also zone
general privileges, users, 702 Health history, about, 170
generating health issues, viewing, 168
Access rule configuration report, 321 Health Monitor
Activity trails report, 182 about, 564
Door troubleshooter report, 328 Health Monitor, what is, 75
reports, 30 health monitoring
generating reports maintenance mode, 80
maximum results, 30 health monitoring, what is, 75
Genetec Server Health statistics, about, 171
activating Directory, 482 HID Discovery GUI utility
configuring, 480 about, 792
deactivating Directory, 483 using, 792
expansion servers, 7 HID Edge plus, wiring, 809
main server, 7 HID Edge reader, wiring, 809
what is, 7 HID unit
geocoding, about, 578 configuring, 808
global cardholder management, what is, 300 door with reader, 808
Global Cardholder Synchronizer door with two sensors, 808
about, 561 inputs, 808
connection parameters, 562 network, 791
shared partitions, 563 discovering, 792
synchronization options, 563 features available, 801
Global Cardholder Synchronizer, what is?, 302 interpreting
global search, using, 42 Comm LED, 796
Power LED, 796
operation modes, 800
H setting up, 793
hardware, 791
H.264 issues, solving, 251 special considerations
Hardware inventory, about, 184 default input settings, 794
hardware matrix, integration, 190 HID hardware, 794
hardware requirements HID V1000 units, 794
HID units, 791 supported software/hardware, 797
hardware requirements, elevators, 277 troubleshooting, 318
hardware zone discovery issues, 319
about, 161, 506 enrollment issues, 319
arming wiring diagrams, 809
on a schedule, 509 HID VertX units
using a switch key, 509 wiring
associating VertX V1000, 810
access control units, 507 VertX V2000, 811
zone states to events, 508 hiding
configuring, 162 columns, 32

[Link] | Security Center Administrator Guide 5.2 864

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

dashboard, 24 about, 366

report pane, 24 configuring, 283
selector, 24 intrusion detection area
taskbar, 27 about, 155, 425
unassigned logical IDs, 631 creating, 159
high availability properties, 426
how does it work?, 60 intrusion detection unit
what is, 60 about, 155, 427
Home page, 14 deleting logs, 428
hotlist interface types, 428
about, 418 renaming peripherals, 158
HTTPS communication, 501 synchronizing clock, 428
intrusion detection, entity types, 155
Intrusion Manager
I about, 156, 567
idenfitying federated entities, 128 creating, 156
identifying system instabilities, 171 keeping events, 568
idle delay, PTZ, 394 limitations, 156
image rotation, about, 396 intrusion panel
Import tool enrolling, 156
about, 663 managing, 155
custom field limitations, 671 investigating
import scenarios, 663 malfunction events, 170
importing system configuration changes, 181
CSV file fields, 668 user activity, 182
CSV files, 664 investigation tasks
entities, 670 generating reports, 30
replacing old credentials, 672 IO configuration, about, 314
importing IO configurations, viewing, 314
cardholders from Active Directory, 287 IO linking, about, 160
cardholders from flat file, 287 IP address, video unit, 500
credentials from Active Directory, 290 IPv4, display modes, 440
credentials from flat file, 290 IPv6, about, 440
CSV file fields, 668
CSV files, 664
entities, 670
K
macros from files, 434 keeping events
users from Active Directory, 102 Access Manager, 516
importing keyboard shortcut configurations, 688 Intrusion Manager, 568
Impossible to establish video session, error, 241 Zone Manager, 615
information messages, investigating, 170 key switch, zone arming, 509
inheriting user privileges, 100 keyboard shortcuts
Initializing, error, 238 assigning, 688
inputs, configuring, 507 configuring, 687
instabilities, identifying in system, 171 editing, 688
interface, about, 13 exporting configurations, 688
interlock importing configurations, 688

[Link] | Security Center Administrator Guide 5.2 865

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

restoring default configurations, 688 entity tree, 86

managing, 85
logs, deleting, 428
L LPR Manager
launching Walkthrough wizard, 275 about, 571
lens type, about, 396 configuring
level, users, 490, 495 Security Center/Patroller communication, 575
license information enabling hotlist filtering, 578
viewing from Config Tool, 778 enabling permit filtering, 578
viewing from Server Admin, 779 geocoding, 578
licensing, 878 importing data, 589
limitations managed hotlists and permits, 576
importing custom fields, 671 matching license plate reads, 577
Intrusion Manager, 156 providing Patroller updates, 588
motion detection, 389 XML exporting, 584
Omnicast Federation, 131 XML importing, 582
limiting LPR unit
concurrent user logons, 488 about, 430
report results, 606 LPR unit, viewing properties, 184
linking
map files to maps, 165
microphones to cameras, 395
M
speakers to cameras, 395 macro
Web pages to maps, 165 about, 433
Live video, dialog box, 214 checking syntax, 434
PTZ commands, 215 creating, 110
loading saved tasks, 23 defining execution contexts, 435
location, setting, 40 importing from files, 434
lock delay, PTZ, 395 using, 110
log in, video unit credentials, 534 main server
log off, Security Center, 10 converting to expansion servers, 49
log on what is, 7
basic authentication, 9 maintenance mode, 80
supervised, 491, 496 maintenance tasks
user schedules, 488 generating reports, 30
using Windows credentials, 153 malfunction events, investigating, 170
using Windows credentials in a multi-AD managing
environment, 153 alarms, 111
logging on archive storage, 226
options, 685 cardholders, 287
wrong Directory, 685 database, 52
logical ID intrusion panels, 155
hiding unassigned entities, 631 Logical view, 85
showing, 631 Network view, 82
logical ID, showing, 692 roles, 47
Logical view servers, 47
about, 85 software security, 89

[Link] | Security Center Administrator Guide 5.2 866

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

threat levels, 117 nesting partitions, 93

video archives, 225 network
zones, 160 about, 438
manual recording, boosting quality, 380 IPv4 display modes, 440
map IPv6 address, 440
linking proxy server, 440
map files, 165 routes, 440
Web pages, 165 settings, 378
map file, linking to maps, 165 transmission capabilities, 439
matching license plate reads, 577 network card settings, Archiver, 542
maximum results, Security Desk reports, 30 network entities
Media Router about, 83
about, 591 creating, 83, 84
configuring, 203 network options, configuring, 687
redirecting video streams, 592 Network view
RTSP port, 594 managing, 82
RTSP port conflict, 204 purpose, 82
setting multicast port number, 594 what is, 82
what is, 203 Network view, what is, 82
microphone notification settings, video unit, 534
linking to cameras, 395 notification tray
properties, 504 viewing system messages, 168
monitoring NTP settings, video unit, 536
archive storage usage, 227
resource availability, 171
status of entities, 177 O
status of system, 177 offline video units
system health, 171 troubleshooting, 237
Monitoring task Omnicast
viewing tiles only, 24 deploying
motion block, about, 384 prerequisities, 190
motion detection procedure, 191
about, 383 entities, 188
configuring, 383 features, 187
drawing motion zones, 387 federating, 131
event types, 390 ports used (default), 789
H.264 streams, 386 what is, 187
limitations, 389 Omnicast Federation
motion blocks, 384 about, 131, 596
positive motion detection, 384 connection parameters, 598
testing, 388 defining role groups, 597
motion zones, drawing, 387 limitations, 131
Move unit, about, 661 receiving information, 598
opening
Server Admin, 48
N Options dialog box
name filter, applying, 43 about, 684

[Link] | Security Center Administrator Guide 5.2 867

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

date/time display, 696 about, 454

general options performance options
network, 687 configuring, 695
user logon, 685 limiting
keyboard shortcuts, 687 report results, 695
performance options, 695 perimeter door, configuring, 282
user interaction, 691 permanently saving tasks, 26
video options, 694 permit
visual options, 689 about, 457
ordinal pattern, schedules, 472 permit restriction
organizing video stream settings, 211 about, 461
output behavior, about, 441 picture size, cardholders, 287, 641
output pin, settings, 502 playback video
overtime rule troubleshooting, 242
about, 443 Plugin
overtime violations, 446 about, 600
overtime violations, about, 446 Point of Sale
overwriting databases, 55 about, 601
adding cash registers, 603
retrieving database information, 602
P saving transaction data, 602
parition manager ports
promoting users, 93 AutoVu-specific, 787
parity check, defining, 679 common to Security Center, 786
parking facility Omnicast-specific, 789
about, 448 Synergis-specific, 788
partition positive motion detection, about, 384
about, 89, 451 Power LED, about, 796
adding preventing system failures, 171
accepted users, 92, 453 primary server
members, 92, 452 switching to secondary server, 538
configuring, 90 printing
creating, 92 report results, 31
defining, 91 private task
deleting members, 452 saving, 24
nesting, 93 using, 23
promoting users to managers, 93 privilege templates
public partition, 91 about, 101
purpose, 91 purpose, 101
system partition, 91 usage tips, 101
user privileges, 101 using, 101
partition manager, about, 91 privileges, users, 700–716
partition user, promoting, 93 product documentation, about, 877
password promoting partition users to managers, 93
changing, 10, 487 protected video file statistics, 543
expiration, 488 protecting
Patroller alarm video recordings, 360
video archives, 228

[Link] | Security Center Administrator Guide 5.2 868

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

protecting video files, 232 report columns, 730

proxy server, about, 440 relay settings, configuring, 279
PTZ relocating databases, 53
configuring, 394 remote connection, enabling on SQL Server, 54
using remote user, controlling, 491, 496
idle delay, 394 removing
lock delay, 395 tasks from favorites, 24
PTZ commands removing cameras from camera sequences, 219
advanced configuration, 215 renaming
Center-on-click, 215 access control units, 349
testing, 215 entities, 85, 87
Zoom-box, 215 intrusion detection unit peripherals, 158
PTZ coordinates, dialog box, 215 renaming tasks, 24
public parition, about, 91 reordering
public task columns, 33
saving, 24 tasks, 25
using, 23 reorganzing, entity tree, 87
public task, about, 465 replacing old credentials, 672
report
analyzing results, 30
Q columns available, 730
query filters exporting, 31
reference list, 718 filtering query, 718
Query tab printing, 31
query filters available, 718 saving, 31
saving templates, 30
viewing results, 730
R Report Manager
about, 605
reactivation threshold limiting results, 606
alarms, 358 report pane
hardware zone, 508 columns available, 730
virtual zone, 512 reordering columns, 33
readerless door, configuring, 272 resizing columns, 32
receiving information showing/hiding columns, 32
Omnicast Federation, 598 working with, 29
Security Center Federation, 609 report results
recipients, alarms, 357 analyzing, 30
recording modes, Archiver, 526 report results, limiting, 695
recording modes, Auxiliary Archiver, 549 reporting tasks
recording options, Archiver, 527, 549 generating reports, 30
red entity state, about, 85 Requesting live stream, error, 238
redirecting video streams, 592 resizing columns, 32
redundant archiving, using, 228 resolving conflicts
reference list Access Manager, 519
action types, 767 how to, 149
event types, 754 overlapping schedules, 105
query filters, 718 resources, monitoring availability, 171

[Link] | Security Center Administrator Guide 5.2 869

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

responding, alarms, 115 saving

restoring active task list, 693
databases, 58 open tasks, 24
default keyboard shortcuts, 688 report results, 31
video archives, 228 report templates, 30
retrieving Point of Sale system data, 602 tasks, 24
role workspace, 24
about, 49, 466 saving Point of Sale transaction data, 602
activating/deactivating, 51 schedule
changing servers, 50 about, 467
configuring, 49 default schedule, 104
creating, 50 definition, 103
managing, 47 ordinal patterns, 472
role types, 514–616 resolving conflicts, 105
troubleshooting, 51 setting
what is, 7 date coverage, 468
role group time coverage, 468
configuring, 135 time range, 469
defining, 597 time zones, 104
setting, 608 twilight schedule, 104
what is, 134 user logon, 488
role types using, 103
Access Manager, 515 scheduled task
Active Directory, 520 about, 473
Archiver, 525 compared to event-to-action, 109
Auxiliary Archiver, 547 create, 109
Directory, 555 using, 109
Directory Manager, 556 what is, 109
Global Cardholder Synchronizer, 561 schedules
Health Monitor, 564 defining, 105
Intrusion Manager, 567 scheduling
LPR Manager, 571 alarms, 359
Media Router, 591 hardware zone arming, 509
Omnicast Federation, 596 search
Plugin, 600 event-to-actions, 108
Point of Sale, 601 search box
Report Manager, 605 using, 43
Security Center Federation, 607 search box, using, 42
Web-based SDK, 611 search tool, using, 43
Zone Manager, 614 searching for
routes, network, 440 Archiver role events, 252
RTSP port, about, 204, 594 entities, 42
by name, 43
global search, 42
S tasks, by name, 42
Saved tasks page video files, 234
configuring, 23 secondary server
switching to primary server, 538

[Link] | Security Center Administrator Guide 5.2 870

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

secondary server, adding, 64, 538 multicast port number, 594

secure communication, video units, 501 picture size, 287, 641
Security Center schedule date coverage, 468
about, 3 schedule time coverage, 468
action types, 767 time ranges, 469
architecture, 6 user group privileges, 497
changing user password, 10 user levels, 490, 495
closing, 10 user privileges, 492
common ports used, 786 video unit bit rates, 501
connecting, 9 virtual zone reactivation threshold, 512
event types, 754 setting up HID units, 793
federating, 133 sharing guest, what is?, 302
logging off, 10 sharing host, what is?, 301
logging on, 9, 153 showing
ports, default, 785–789 columns, 32
system features, 4 logical IDs, 631
Security Center Federation tiles only, 24
about, 607 SMC units
connection parameters, 609 about, 270
receiving information, 609 software security
setting role groups, 608 about, 89
Security Desk managing, 89
displaying full screen, 24 sorting
Security Desk, about, 657 tasks, 24, 25
selecting speaker
columns, 32 linking to cameras, 395
Server Admin properties, 503
open SQL Server, remote connection, 54
using Config Tool, 48 starting
using Internet Explorer, 48 task cycling, 24
using, 477 state types, entities, 179
servers status, user profiles, 487
about, 475 stopping
configuring, 48 task cycling, 24
Directory, 477 storage settings, Archiver, 540
Genetec Server, 480 storage settings, Auxiliary Archiver, 552
managing, 47 stream usage, about, 377
using Server Admin, 477 supervised log on, about, 491, 496
setting supporting cross-platform development, 164
alarm priorities, 356 synchronization modes, access control units, 352
bit rate priority, 376 synchronizing
camera bit rate priority, 376 access control units, 270
camera bit rates, 376 entities with Active Directory, 142
camera connection type, 378 intrusion detection unit clocks, 428
camera video quality, 374 Synergis
entity expiration, 640 about, 255
hardware zone reactivation threshold, 508 architecture, 255
location, 40 deploying

[Link] | Security Center Administrator Guide 5.2 871

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

alone, 261 saving on exit, 693

prerequisities, 259 sorting, 24
procedure, 260 task privileges, users, 710
with Omnicast, 262 task types
entities, 256 maintenance tasks
ports used (default), 788 Access control health history, 312
testing system, 298 Access control unit events, 313
unique model, 257 Access rule configuration, 321
System entity, about, 85 Activity trails, 182
system health Archive storage details, 234
monitoring, 171 Archiver events, 252
troubleshooting, 170 Audit trails, 181
system messages Cardholder access rights, 329
about, 168 Cardholder configuration, 322
viewing, 168 Credential configuration, 323
system messages, display options, 692 Door troubleshooter, 328
system partition, about, 91 Hardware inventory, 184
System status Health history, 170
about, 177 Health statistics, 171
monitoring entity statuses, 177 IO configuration, 314
system, monitoring status, 177 System status, 177
taskbar
changing position, 27
T display options, 689
task hiding, 27
adding, 22 technical support, contacting, 878
adding to favorites, 24 testing
administration tasks, 617–636 alarms, 112
commands, 24 motion detection, 388
creating, 22 threat level
deleting, 24 managing, 117
loading saved tasks, 23 purpose, 117
removing from favorites, 24 threat, definition, 117
renaming, 24 tile plugin
reordering, 25 about, 484
saving, 24 time coverage, setting, 468
as private task, 24 time range
as public task, 24 daily time, 469
layout, 24 setting, 469
tasks permanently, 26 specific dates, 471
sorting, 25 twilight, 471
working with, 24 weekly, 470
task cycling time zone
starting, 24 displaying abbreviations, 696
stopping, 24 time zones, warning about, 104
task cycling, enabling, 489 tips
task list privilege templates, 101
tool types

[Link] | Security Center Administrator Guide 5.2 872

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

Access troubleshooter, 658 U

Copy configuration tool, 674
Custom card format editor, 676 UI component
Import tool, 663 Logical view, 85
Move unit, 661 UI element
Options dialog box, 684 Home page, 14
Security Desk, 657 Tools menu, 698
Unit Discovery tool, 659 task workspace
Unit replacement, 660 administration, 16
Tools contextual command toolbar, 17
Access troubleshooter, 324 Unit discovery tool
Tools menu, 698 about, 659
transmission capabilities, network, 439 adding
trickling, what is, 198 access control units, 268
triggering alarms, 113 video units, 196
troubleshooting Unit replacement, about, 660
access configuration problems, 324 unprotecting video files, 232
access requirements, 327 upgrading video unit firmware, 500
access rights to doors, 328 user
access rule configurations, 321 about, 89, 93, 486
Access troubleshooter, 298 activating, 487
alarms, 112 changing password, 10, 487
cameras not recording, 244 configuring, 93
cannot add video units, 247 controlling remote workstations, 491, 496
cannot delete video units, 250 creating, 94
cardholder access rights, 326 deactivating, 487
doors, 325, 330 enabling task cycling, 489
credentials, 330 entering personal information, 487
readers, 331 importing
Request to exit, 330 from Active Directory, 102
entity states, 179 investigating activity, 182
H.264 video stream, 251 limitations, archive viewing, 491, 496
HID units, 318 limiting concurrent logons, 488
impossible to establish video session error, 241 logon schedules, 488
malfunction events, 170 password expiration, 488
no video signal, 238 setting level, 490, 495
offline video units, 237 setting privileges, 492
playback video, 242 supervised log on, 491, 496
roles, 51 user group
system health, 170 about, 89, 97, 493
unstable entities, 171 configuring, 96
video streams, 236 creating, 97
waiting for signal, 238 creating parent user groups, 98
troushooting members, 494
user logon, 685 setting privileges, 497
twilight schedule, about, 104 user interaction options
configuring, 691
displaying system messages, 692

[Link] | Security Center Administrator Guide 5.2 873

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

exiting Security Desk, 693 V

renaming devices, 692
showing logical IDs, 692 video archive
updating public tasks, 692 about, 225
user logon archive database, 225
options, 685 Archiver failover, 228
troubleshooting, 685 backing up, 228
user password encryption key, 231
changing, 10, 487 failover load planning, 229
configuring expiration, 488 hardware failure protection, 228
user privileges managing, 225
about, 99, 492 protecting, 228
action privileges, 714 redundant archiving, 228
administrative privileges, 703 restoring, 228
application privileges, 701 routine cleanup protection, 230
configuring, 99 storage, 225
general privileges, 702 storage failure protection, 228
hierarchy, 99 tampering protection, 230
inheriting, 100 video display options, alarms, 359
partitions, 101 video encoder, about, 372
settings, 99 video file
task privileges, 710 changing protection status, 232
templates, 101 protecting, 232
using searching, 234
Access troubleshooter, 327 unprotecting, 232
Archiver failover, 228 viewing properties, 234
Cardholder troubleshooter, 326 video options
Copy configuration tool, 674 configuring, 694
custom card formats, 290, 641 video protection, alarms, 360
Door troubleshooter, 325 video quality
event-to-actions, 106 testing, 214
federated entities, 129 video quality, cameras, 374
global search, 42 video recording on alarms, 360
HID Discovery GUI utility, 792 video stream
macros, 110 automatic stream selection, 212
ordinal patterns, 472 boosting recording quality, 213
partitions, 91 configuring, 211
redundant archiving, 228 diagnosing, 236
scheduled tasks, 109 organizing settings, 211
schedules, 103 video unit
search box, 42, 43 about, 498
search tool, 43 adding
Server Admin, 477 manually, 194
SSL connection, 612 using Unit discovery tool, 196
Web-based SDK, 164 advanced settings, 536
authenticating, 501
automatic discovery, 196
bit rate settings, 501

[Link] | Security Center Administrator Guide 5.2 874

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

cannot add, 247 Zone Manager, 511

cannot delete, 250 See also zone
command port, 501 visual options
discovery port, 501 configuring, 689
discovery settings, 533 taskbar, 689
enabling UPnP, 501 visual tracking
IP address, 500 about, 392
notification settings, 534 configuring, 213
NTP settings, 536
peripherals
configuring output pins, 502 W
microphone properties, 504 Waiting for signal, error, 238
settings, 502 Walkthrough wizard
speaker properties, 503 about, 274
secure communication, 501 launching, 275
setting login credentials, 534 modes, 275
settings, 532 purpose, 274
SSL settings, 535 warning messages
troubleshooting offline units, 237 investigating, 170
upgrading firmware, 500 viewing, 168
viewing properties, 184 Watchdog, about, 482
viewing Web page, linking to maps, 165
access control unit events, 313 Web-based SDK
access control unit health events, 312 about, 164, 611
access rule configurations, 321 determining Web service address, 612
active task list, 489 using, 164
archive storage details, 234 SSL connection, 612
cardholder access rights, 329 Wiegand field, defining, 678
cardholder properties, 322 wiring diagrams
credential properties, 323 HID Edge plus, 809
entities, 85 HID Edge reader, 809
health issues, 168 HID VertX V1000, 810
IO configurations, 314 HID VertX V2000, 811
license information wiring doors, 271
from Config Tool, 778 working with
from Server Admin, 779 report pane, 29
report results, 730 tasks, 24
system messages, 168
unit properties, 184
warnings, 168 X
virtual zone
about, 161, 510 XML
arming, 512 exporting, 584
associating zone states to events, 512 importing, 582
configuring, 162
delaying arming, 512
evaluating zone state, 511
Y
setting reactivation threshold, 512 yellow state, entities, 85

[Link] | Security Center Administrator Guide 5.2 875

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
 Index

Z
zone
about, 160
arming, 160
choosing zone type, 163
disarming, 160
hardware zone
about, 161, 506
configuring, 162
IO linking, 160
managing, 160
virtual zone
about, 161, 510
configuring, 162
Zone Manager
about, 161, 614
associating zones, 511
keeping events, 615

[Link] | Security Center Administrator Guide 5.2 876

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Where to find product documentation
You can find our product documentation in the following locations:
• Installation package. The documentation is available in the Documentation folder of the
installation package. Some of the documents also have a direct download link to the latest
version of the document.
• Genetec Technical Assistance Portal (GTAP). The latest version of the documentation is
available from the GTAP Documents page. Note, you’ll need a username and password to
log on to GTAP.
• Help. Security Center client and web-based applications include help, which explain how
the product works and provide instructions on how to use the product features. Patroller
and the Sharp Portal also include context-sensitive help for each screen. To access the help,
click Help, press F1, or tap the ? (question mark) in the different client applications.

[Link] | Security Center Administrator Guide 5.2 877

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014
Technical support
Genetec Technical Assistance Center (GTAC) is committed to providing its worldwide clientele
with the best technical support services available. As a Genetec customer, you have access to the
Genetec Technical Assistance Portal (GTAP), where you can find information and search for
answers to your product questions.
• Genetec Technical Assistance Portal (GTAP). GTAP is a support website that provides in-
depth support information, such as FAQs, knowledge base articles, user guides, supported
device lists, training videos, product tools, and much more.
Prior to contacting GTAC or opening a support case, it is important to look at this website for
potential fixes, workarounds, or known issues. You can log in to GTAP or sign up at
[Link]
• Genetec Technical Assistance Center (GTAC). If you cannot find your answers on GTAP, you
can open a support case online at [Link] For GTAC's contact information in
your region see the Contact page at [Link]
NOTE Before contacting GTAC, please have your System ID (available from the About button in
your client application) and your SMA contract number (if applicable) ready.
• Licensing.
 For license activations or resets, please contact GTAC at [Link]
 For issues with license content or part numbers, or concerns about an order, please contact
Genetec Customer Service at customerservice@[Link], or call 1-866-684-8006
(option #3).
 If you require a demo license or have questions regarding pricing, please contact Genetec
Sales at sales@[Link], or call 1-866-684-8006 (option #2).

Additional resources
If you require additional resources other than the Genetec Technical Assistance Center, the
following is available to you:
• GTAP Forum. The Forum is an easy to use message board that allows clients and Genetec staff
to communicate with each other and discuss a variety of topics, ranging from technical
questions to technology tips. You can log in or sign up at [Link]
• Technical training. In a professional classroom environment or from the convenience of your
own office, our qualified trainers can guide you through system design, installation, operation,
and troubleshooting. Technical training services are offered for all products and for customers
with a varied level of technical experience, and can be customized to meet your specific needs
and objectives. For more information, go to [Link]

[Link] | Security Center Administrator Guide 5.2 878

EN.500.003-V5.2.C4(5) | Last updated: June 2, 2014