StoneLock Gateway Installation Manual · section 2 stonelock gateway ... section 3.5.4 removing a...

StoneLock Gateway Installation Manual

TABLE OF CONTENTS

SECTION 1 INSTALLATION PREREQUISITS

SECTION 1.1 SYSTEM REQUIREMENTS SECTION 1.2 PACS REQUIREMENTS SECTION 1.3 MIGRATION

SECTION 2 STONELOCK GATEWAY

SECTION 2.1 INSTALLING THE STONELOCK GATEWAY HARDWARE MICRO-APPLIANCE SYSTEM SECTION 2.2 INSTALLING THE STONELOCK GATEWAY LINUX SYSTEM SECTION 2.3 INSTALLING THE STONELOCK GATEWAY HARDWARE APPLIANCE SYSTEM SECTION 2.4 ESTABLISHING A SECURE SSH TUNNEL FOR PACS COMMUNICATION SECTION 2.5 CLUSTERING FOR ENTERPRISE

SECTION 3 PACS INTEGRATION SETUP

SECTION 3.1 AMAG SYMMETRY SECTION 3.1.1 AMAG SHIM SETUP SECTION 3.1.2 SETTING UP DEVICES IN SYMMETRY SECTION 3.1.3 SETTING UP SYMMETRY USERS AS STONELOCK USERS SECTION 3.1.4 REMOVING AN SYMMETRY USER FROM A STONELOCK DEVICE SECTION 3.2 AVIGILON ACM SECTION 3.2.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO ACM SECTION 3.2.2 SETTING UP DEVICES IN GENETEC SECTION 3.2.3 SETTING UP GENETEC USERS AS STONELOCK USERS SECTION 3.2.4 REMOVING A GENETEC USER FROM A STONE LOCK DEVICE SECTION 3.3 GENETEC SECURITY CENTER SECTION 3.3.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO GENETEC SECURITY CENTER SECTION 3.3.2 SETTING UP DEVICES IN VELOCITY SECTION 3.3.3 SETTING UP VELOCITY USERS AS STONELOCK USERS SECTION 3.3.4 REMOVING A VELOCITY USER FROM A STONELOCK DEVICE

SECTION 3.4 HIRSCH VELOCITY SECTION 3.4.1 HIRSCH SHIM SETUP SECTION 3.4.2 SETTING UP DEVICES IN VELOCITY SECTION 3.4.3 SETTING UP VELOCITY USERS AS STONELOCK USERS SECTION 3.4.4 REMOVING A VELOCITY USER FROM A STONELOCK DEVICE SECTION 3.5 HONEYWELL PROWATCH SECTION 3.5.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO PROWATCH SECTION 3.5.2 SETTING UP DEVICES IN PROWATCH SECTION 3.5.3 SETTING UP PROWATCH USERS AS STONELOCK USERS SECTION 3.5.4 REMOVING A PROWATCH USER FROM A STONELOCK DEVICE SECTION 3.6 LENEL ONGUARD SECTION 3.6.1 LENEL SHIM SETUP SECTION 3.6.2 SETTING UP DEVICES IN ONGUARD SECTION 3.6.3 SETTING UP ONGUARD USERS AS STONELOCK USERS SECTION 3.6.4 REMOVING AN ONGUARD USER FROM A STONELOCK DEVICE SECTION 3.7 S2 SECTION 3.7.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO S2 SECTION 3.7.2 SETTING UP DEVICES IN S2 SECTION 3.7.3 SETTING UP S2 USERS AS STONELOCK USERS SECTION 3.7.4 REMOVING A S2 USER FROM A STONELOCK DEVICE SECTION 3.8 SOFTWARE HOUSE CCURE 9000 2.60 SECTION 3.8.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO CCURE 9000 2.60 USING VICTOR WEB SERVICES SECTION 3.8.2 SETTING UP DEVICES IN CCURE SECTION 3.8.3 SETTING UP CCURE USERS AS STONELOCK USERS SECTION 3.8.4 REMOVING A CCURE USER FROM A STONELOCK DEVICE SECTION 3.8 SOFTWARE HOUSE CCURE 9000 2.50 SECTION 3.9.1 CONFIGURING THE GATEWAY TO COMMUNICATE TO CCURE 9000 2.50 SECTION 3.9.2 SETTING UP DEVICES IN CCURE SECTION 3.9.3 SETTING UP CCURE USERS AS STONELOCK USERS SECTION 3.9.4 REMOVING A CCURE USER FROM A STONELOCK DEVICE

SECTION 4 STONELOCK WEB CLIENT (WITH PACS INTEGRATION)

SECTION 4.1 PREPARING A USER PROFILE FOR ENROLLMENT SECTION 4.2 ENROLLMENT SECTION 4.3 VERIFICATION TRANSACTIONS SECTION 4.4 HEALTH MONITORING SECTION 4.5 MANAGEMENT TRANSACTIONS SECTION 4.6 GATEWAY LOG SECTION 4.7 ANALYSIS

SECTION 5 STONELOCK WEB CLIENT (STANDALONE)

SECTION 5.1 CREATING AN ACCESS GROUP SECTION 5.2 REMOVING AN ACCESS GROUP SECTION 5.3 CREATING A DEVICE SECTION 5.4 DELETING A DEVICE SECTION 5.5 ADDING A NEW USER SECTION 5.6 EDITING A USER SECTION 5.7 DELETING A USER SECTION 5.8 ENROLLMENT SECTION 5.9 VERIFICATION TRANSACTIONS SECTION 5.10 HEALTH MONITORING SECTION 5.11 MANAGEMENT TRANSACTIONS SECTION 5.12 GATEWAY LOG SECTION 5.13 ANALYSIS

Section 1 Installation Prerequisites Section 1.1 System Requirements

• Native Linux based o Ubuntu 14 though 17 o Debian 8 and 9

o RHEL 6 and 7 o Fedora 17 through 26 o CentOS 6 and 7

• Hardware based o Network drop.

Section 1.2 PACS Requirements Each PACS system has its own prerequisite before the StoneLock Gateway integration will run. These prerequisites are not available from StoneLock and must be obtained through the Access Control manufacturer.

• AMAG Symmetry – Open XML, Data Connect

• Avigilon ACM – N/A

• Genetec Security Center 5.6 and 5.7 – Genetec part Number GSC-1SDK-SL-Gateway

• Hirsch Velocity – Velocity SDK

• Honeywell ProWatch - HSDK

• Lenel OnGuard - DataConduIT

• S2 – N/A

• Software House CCURE 9000 – Site License, Victor Web Services license.

Section 1.3 Migration These procedures can be used to migrate all user templates in the following scenarios:

• Upgrading from a previous non-gateway integration to the StoneLock gateway.

• Upgrading from the SLN (StoneLock Network Software) to the StoneLock Gateway.

• Moving between PACS, i.e. From CCURE to Avigilon. These steps are not required if a StoneLock integration has not been installed prior to the StoneLock Gateway, or if the previous Install was the StoneLock Gateway and the PACS is not changing. Before starting a migration, you will need to get a list of all of the users in the StoneLock devices and their StoneLock IDs. In order to merge the profiles with the new integration the StoneLock IDs will need to remain the same. Note: Before performing the Migration procedure, read through steps 1-9 carefully. Failure to follow the steps can lead to the loss of all user templates in the StoneLock devices forcing re-enrollment. Back up your current database. Users may be pulled off the device temporality as they are migrated with the new integration. To not interrupt activity, it is recommended that this migration be performed during off peak hours.

1. Stop the previous integration driver.

2. Preform the StoneLock Gateway install per Section 2 of the StoneLock Gateway Installation manual. 3. Do NOT create the StoneLock Devices in the PACS at this time. Doing so will cause the Gateway to delete the users. 4. Do NOT start the shim for the PACS. Note: If you are using the pre-gateway integration with the same PACS, the devices created with the old integration will not affect this process. This applies to the devices created per the StoneLock Gateway Installation manual. 5. If the StoneLock devices are on a different subnet than the Gateway you will need to add the individual device IP Addresses in the Gateway

Config file. 6. Log into the StoneLock Web Client. See Section 5. 7. In the Network Subnets field, enter the IP Addresses of all of the StoneLock devices that are not on the same subnet as the StoneLock

Gateway. 8. Open a terminal session in the StoneLock Gateway.

a. Type systemctl restart slg_web_server.service and hit enter i. The password is slgateway

Note: If using the StoneLock Micro Appliance add sudo before any systemctl command. 9. Type cd /sl_applications and hit enter. 10. Type sudo ./sl_migration and hit enter.

a. The password is slgateway. The migration application will run and move the users to the migration archive in the StoneLock Gateway. The application will stop itself and the command line will be redisplayed. Do NOT proceed to Step 6 until the command line is present.

11. Perform the PACS setup per Section 3 of the StoneLock Gateway Installation Manual. Note: You can now create the new devices based on the PACS setup instructions. Enter the StoneLock ID (User ID) for the users exactly as they were in the StoneLock Device. If the PACS does not have the ability to create the StoneLock ID, continue to step 7 and enter the StoneLock ID in step 8. 12. Start the StoneLock Gateway service.

a. In a Terminal Session in the Gateway enter systemctl start slg.service and hit enter. b. The password is slgateway.

13. In the Token Management tab of the StoneLock Web Client, enter the StoneLock ID (User ID) for each user exactly as it was in the StoneLock device prior to the Migration process.

14. When all users have been entered click Update Device. a. If there are a lot of users, you can click Update Device in between each user to push that individual user. Otherwise all users that

have the StoneLock (User ID) will be pushed back to the device when Update Device is clicked. 15. Restart the StoneLock Gateway service

a. In a Terminal Session in the StoneLock Gateway, enter systemctl restart slg.service and hit enter. b. The password is slgateway.

The users will now be pushed back to each device based on the Access associated in the PACS. Provided the same StoneLock ID (User ID) was used for each user, the templates will still be on the devices.

Section 2 StoneLock Gateway The StoneLock Gateway is designed to allow multiple StoneLock devices integrate with existing PACS systems. It is a Linux based solution that can run natively in a Linux environment, or on a standalone piece of hardware. If the Gateway is to be run in a Linux environment, a separate piece of hardware, or if running the virtual system, the Windows services for Lenel OnGuard, AMAG Symmetry, and Hirsch Velocity will need to be installed on the server housing the PACS. See Section 2.4. The StoneLock Gateway handles all communication to and from the StoneLock devices.

Section 2.1 Installing the StoneLock Gateway Hardware Micro-Appliance System The StoneLock Gateway comes preloaded on a Hardware Micro-Appliance. The Micro-Appliance can be installed at any location provided it has a hardwired network connection available.

1. Connect the Micro-Appliance to a keyboard, mouse, monitor, and the local network. 2. Find the IP Address of the Micro-Appliance using one of the following:

a. Hold the mouse over the two arrows in the upper right of the screen. i. The IP Address of the Micro-Appliance will be displayed.

b. Open a Terminal session by clicking on the Terminal Icon on the left or using Ctrl-Alt-T. i. Type ifconfig at the prompt and hit enter. ii. The IP Address will be listed at the top after inet addr:

c. Write the IP Address down for later.

3. Open a Terminal session if not already open by clicking on the Terminal Icon on the left or using Ctrl-Alt-T. 4. Type sudo systemctl status slg.service and hit enter.

a. Ensure is shows the slg.service is running. If not type sudo systemctl start slg.service and hit enter. i. The password is slgateway.

5. Repeat Step 5 for the following services: a. sudo systemctl start slg_web_server.service

6. At the prompt type cd /etc/stone_lock and hit enter. 7. Type sudo nano config.gateway.json and hit enter. 8. The configuration file will open in a new window. 9. Use the arrow keys to move to the lines that will be edited. 10. If the PACS system adds an offset number to the cards, add that offset number in the card_number_offset field.

a. This field is defaulted to 0 for no offset applied. 11. If using TLS, click the check box next to TLS Enabled. 12. Enter the password for the certificate in the TLS Encryption Password Seed box. 13. Enter the activation length of the certificate in the TLS Certificate Active Days box. 14. Hit Ctrl x. 15. Type Y to save and hit enter. 16. Hit enter again. The cmd line will return.

Fig 2.3.1

17. At the prompt in the Terminal session type sudo systemctl restart slg_web_server.service and hit enter. a. The password is slgateway.

18. Proceed to Section 3 to set up the PACS communication

19. Proceed to Section 2.4 to set up the Tunnel to communicate to the PACS. 20. If connecting multiple StoneLock Gateways together follow Section 2.5 Clustering for Enterprise. 21. At the prompt in the Terminal session type sudo systemctl restart slg.service and hit enter.

a. The password is slgateway.

Section 2.2 Installing the StoneLock Gateway Linux System The StoneLock Gateway can be installed directly on a Linux system. The install kit for the StoneLock Gateway Linux System consists of a single file. *

• sl_gateway_build_X_X_X.tar.bz

*See Section 3.9 Software House CCURE 9000 2.50 for the additional file requirements for the CCURE 2.50 integration.

1. Place the sl_gateway_build_X_X_X.tar.bz file on the Linux system. It can be placed in any folder. 2. In a terminal session cd into the folder that the tar file was opened in.

3. Type sudo tar -xzvf sl_gateway_build_X_X_X.tar.bz and hit enter. Replace the (X) with the version number listed in the file

4. In terminal cd into the build_package directory created by Step 3.

5. Type sudo ./build_script.sh and hit enter. The install will begin. When the command prompt reappears, the install is

complete. 6. Find the IP Address of the Linux Server/computer.

a. Open a Terminal session i. Type ifconfig at the prompt and hit enter. ii. The IP Address will be listed at the top after inet addr:

b. Write the IP Address down for later. 7. Type systemctl status slg.service and hit enter. 8. Ensure is shows the slg.service is running. If not type systemctl start slg.service at the command prompt and hit enter. 9. Repeat Step 5 for the following services:

a. systemctl start slg_web_server.service 10. At the prompt type cd /etc/stone_lock and hit enter.

Note: The folowwing commands are based on the StoneLock Appliance runnign Ubuntu. If gedit is not on your system, use whatever program is avialable to edit text files.

Note: If using the StoneLock Micro Appliance, use sudo nano config_gateway.json. Arrow down to the lines to edit and make the change. Use Ctrl x to exit after making the changes. Type y and hit enter to save then hit enter again. The cmd line will return.

11. Type gedit config.gateway.json and hit enter. 12. The configuration file will open in a new window. 13. If the PACS system adds an offset number to the cards, add that offset number in the card_number_offset field.

a. This field is defaulted to 0 for no offset applied. 14. If using TLS, click the check box next to TLS Enabled. 15. Enter the password for the certificate in the TLS Encryption Password Seed box. 16. Enter the activation length of the certificate in the TLS Certificate Active Days box.

Fig 2.3.1

17. At the prompt in the Terminal session type systemctl restart slg_web_server.service and hit enter. 18. Proceed to Section 3 to set up the PACS communication 19. Proceed to Section 2.4 to set up the Tunnel to communicate to the PACS. 20. If connecting multiple StoneLock Gateways together follow Section 2.5 Clustering for Enterprise. 21. At the prompt in the Terminal session type systemctl restart slg.service and hit enter.

Section 2.3 Installing the StoneLock Gateway Hardware Appliance System The StoneLock Gateway comes preloaded on a Hardware Appliance. The Appliance can be installed at any location provided it has a hardwired network connection available.

22. Connect the Appliance to a keyboard, mouse, monitor, and the local network. 23. Turn on the Appliance by pressing the power button on the top of the Appliance. 24. Find the IP Address of the Appliance using one of the following:

a. Left Click on the double arrows in the top right of the display. i. Left Click on Connection Information. ii. The IP Address of the Appliance is displayed in the IPv4 section.

b. Left Click on the Power Icon on the top right of the display. i. Left Click on System Settings. ii. Left Click on Network. iii. Left Click on Wired at the left. iv. The IP Address is displayed in the IPv4 Address field.

c. Open a Terminal session by clicking on the Terminal Icon on the left or using Ctrl-Alt-T. i. Type ifconfig at the prompt and hit enter. ii. The IP Address will be listed at the top after inet addr:

d. Write the IP Address down for later. 25. Open a Terminal session if not already open by clicking on the Terminal Icon on the left or using Ctrl-Alt-T. 26. Type systemctl status slg.service and hit enter.

a. Ensure is shows the slg.service is running. If not type systemctl start slg.service and hit enter. i. The password is slgateway.

27. Repeat Step 5 for the following services: a. systemctl start slg_web_server.service b. systemctl start sl_cluster.service

28. At the prompt type cd /etc/stone_lock and hit enter. 29. Type sudo gedit config.gateway.json and hit enter. 30. The configuration file will open in a new window. 31. If the PACS system adds an offset number to the cards, add that offset number in the card_number_offset field.

a. This field is defaulted to 0 for no offset applied. 32. If using TLS, click the check box next to TLS Enabled. 33. Enter the password for the certificate in the TLS Encryption Password Seed box. 34. Enter the activation length of the certificate in the TLS Certificate Active Days box.

Fig 2.3.1

35. At the prompt in the Terminal session type systemctl restart slg_web_server.service and hit enter. a. The password is slgateway.

36. Proceed to Section 3 to set up the PACS communication 37. Proceed to Section 2.4 to set up the Tunnel to communicate to the PACS. 38. If connecting multiple StoneLock Gateways together follow Section 2.5 Clustering for Enterprise. 39. At the prompt in the Terminal session type systemctl restart slg.service and hit enter.

a. The password is slgateway.

Section 2.4 Establishing a Secure SSH Tunnel for PACS Communication The Windows services for Lenel OnGuard, AMAG Symmetry, and Hirsch Velocity are required to run on the same server as the PACS system. The SSH Tunnel allows the StoneLock Gateway to be installed on a separate Windows or Linux server, or on a separate piece of hardware like the StoneLock Gateway Hardware System. The StoneLock Gateway Appliances also use the Tunnel to communicate with the PACS system, even if installed on the same server.

1. Open Notepad as an Administrator. 2. Select File and click Open 3. Navigate to the Program Files>StoneLock folder. 4. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt)

5. Select the config_XXXX.XML file that correlates to the correct PACS and click Open. o config_amag o config_hirsch o config_lenel

6. Enter the IP Address of the machine/server housing the StoneLock Gateway in the <external_ditrectory> field. Example: If the StoneLock Gateway is at 192.168.1.231, the external directory field will be: <external_directory>\\192.168.1.231\SLGateway_SAMBA</external_directory>

Fig 2.4.1 7. Select File and click Save. 8. Close the Notepad session.

The Secure SSH Tunnel is now set up. When the PACS setup is complete, the Shim will push the data via the tunnel to the Gateway.

Section 2.5 Clustering for Enterprise Multiple StoneLock Gateways can be connected together to push user templates between the gateways. This capability allows the StoneLock Gateway to be Enterprise compatible. This feature also allows the ability to move a user template between different PACS systems, provided the StoneLock ID (User ID) is the same in the different systems. For a CCURE Enterprise system, the StoneLock Gateway would be installed on each SAS that a StoneLock device is installed on. For a Lenel Enterprise System, the StoneLock Gateway would be installed on each Region that a StoneLock device is installed on.

1 Ensure the Users have the same StoneLock ID (User ID) on each gateway. a. The StoneLock Gateway Cluster service uses the StoneLock ID (User ID) to match users in the archive. The users template will not be

merged if the StoneLock ID (User ID) does not match.

2 Open a Terminal session in the StoneLock Gateway. 3 At the prompt type systemctl stop sl_cluster.service. and hit enter.

a. The password is slgateway. Note: If using the StoneLock Micro Appliance add sudo before any systemctl command.

4 At the prompt type cd /etc/stone_lock and hit enter. 5 Type sudo gedit config_cluster.json and hit enter.

a. The password is slgateway. Note: The folowwing commands are based on the StoneLock Appliance runnign Ubuntu. If gedit is not on your system, use whatever program is avialable to edit text files. Note: If using the StoneLock Micro Appliance, use sudo nano config_cluster.json. Arrow down to the lines to edit and make the change. Use Ctrl x to exit after making the changes. Type y and hit enter to save then hit enter again. The cmd line will return.

6 The configuration file will open in a separate window. Enter the IP Address of the other StoneLock Gateways. Not to include the current

Gateway. a. The default number of members in the configuration file is 4. Add additional members as needed by following the same format

used for the default members.

Fig 2.5.1

7 Click Save then the red X in the top corner. 8 At the prompt in the Terminal session type systemctl start sl_cluster.service and hit enter.

a. The password is slgateway. 9 Repeat Steps 1-9 for all gateways that will be communicating to each other.

Section 3 PACS Integration Setup The following sections will show how to setup the StoneLock Gateway with the following PACS.

• AMAG Symmetry

• Avigilon ACM

• Genetec Security Center

• Hirsch Velocity

• Honeywell ProWatch

• Lenel OnGuard

• S2

• Software House CCURE 9000

Section 3.1 AMAG Symmetry Section 3.1.1 AMAG Shim Setup The StoneLock Gateway uses a windows service named AMAG_Shim to communicate between Symmetry and the gateway. The StoneLock_Shims.MSI installs this Shim.

o Run the MSI file. The Shim will be installed in the Program Files\StoneLock folder.

The person installing the AMAG_Shim will need the valid Windows user name and password to access the AMAG Symmetry.

1. Open a CMD prompt. 2. Type ipconfig and hit enter to find the IP address of the server/computer that Symmetry is installed on.

Fig 3.1.1.1

3. Write this IP address down for a later step. 4. Open Notepad as an Administrator. 5. Select File and click Open 6. Navigate to the Program Files>StoneLock folder. 7. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 8. Select the AMAG_Shim.exe.config file and click Open. 9. In the line that begins with <endpoint address= replace the IP address with the IP address recorded in step 3 above.

Fig 3.1.1.2 10. Select File and click Save. 11. Select File and click Open. 12. Navigate to the Program Files>StoneLock folder. 13. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 14. Select the config_amag.xml file and click Open. 15. In the <userpwd> feild, enter the user name and password for the Symmetry log on.

Note: This file defaults to the AMAG default user name and password of installer:install. If that is still active you do not need to change this field.

16. Enter the name of the server that houses the AMAG databases in the <datasource> field.

Fig 3.1.1.3

17. Select File and click Save. 18. Open the Windows Services application. 19. Scroll down to the AMAG_Shim service.

Fig 3.1.1.6 20. Right click on the AMAG_Shim service click on Properties. 21. Click on the Log On tab.

22. Click on the circle next to This account. 23. Enter the account information that has access to Symmetry.

Fig 3.1.1.7 24. Click on the General tab. 25. Select applicable Startup type, from the Startup Type dropdown, for the location.

a. Automatic is recommended in the event of a computer/server reboot. 26. Click Apply. 27. Click OK. 28. Start the AMAG_Shim service.

Section 3.1.2 Setting up Devices in Symmetry Any users in Symmetry can be set up as a StoneLock device reader.

1. Open the reader in Symmetry that the StoneLock device will be associated with. 2. At the end of the reader name in the Description field enter an underscore _ followed by the last six digits of the device MAC

address. These six digits are also the serial number of the control box.

Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:03:2f. If that device is to be associated with Symmetry Reader Test, the reader name in Symmetry will be test_10:03:2f. See Fig 3.1.2.1

Fig 3.1.2.1

3. Click Ok to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in Symmetry and display it in the Remote Enrollment and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: The reader needs to be included in an active Clearance in Symmetry in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.

Section 3.1.3 Setting up Symmetry Users as StoneLock Users Any Symmetry user that has been assigned an access right that includes a Symmetry reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client.

The following changes to an Employee or Card are automatically updated on the StoneLock device.

• First Name

• Last Name

• Card Number

• Card Status. The following status messages will display on the StoneLock device based on the Card status:

o Card Status of Card Lost- Illegal User (Will display as Alarm Blacklist in the Symmetry Alarm Monitoring and the StoneLock Web Client)

o Card Status of Stop- Illegal User (Will display as Alarm Blacklist in the Symmetry Alarm Monitoring and the StoneLock Web Client)

o Card Status of Inactive- Illegal User (Will display as Alarm Blacklist in the Symmetry Alarm Monitoring and the StoneLock Web Client)

Note: Denied events for Card Status and Verification failures will be displayed in the Alarm Monitoring window of Symmetry. Successful events will be displayed in the Activity Monitoring Window along with the Successful events from the Panel.

Fig 3.1.3.1

• The User ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrollment.

Section 3.1.4 Removing a Symmetry user from a StoneLock Device Symmetry users are associated to StoneLock devices based on their Access Rights in Symmetry. To delete that user from a StoneLock device, remove that Access Right from that user then click update device in the StoneLock Web Client when the user is removed from the tree. The device associated with that Access Right will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in Symmetry. See Section 4 StoneLock Web Client.

Section 3.2 Avigilon ACM Section 3.2.1 Configuring the Gateway to communicate to ACM

1. Bring up a Terminal session. On the StoneLock Appliance or Miro Appliance use Ctrl-Alt-T on the keyboard. 2. At the command line in the Terminal window type cd /etc/stone_lock/ Hit enter.

Note: The folowwing commands are based on the StoneLock Appliance runnign Ubuntu. If gedit is not on your system, use whatever program is avialable to edit text files. Note: If using the StoneLock Micro Appliance, use sudo nano config_avigilon.xml. Arrow down to the lines to edit and make the change. Use Ctrl x to exit after making the changes. Type y and hit enter to save then hit enter again. The cmd line will return.

Fig 3.2.1.1

3. Type sudo gedit config_avigilon.xml Hit enter. Type in slgateway for the password and hit enter.

Fig 3.2.1.2

4. In the <acm url> field enter the IP address for the Avigilon ACM.

a. This can be found by looking at the URL used to access ACM or login to ACM click Settings>Appliance>Ports. The address is listed under Ethernet ports.

Fig 3.2.1.3

5. Click Save. 6. On the comand line in the terminal type systemctl enable /sl_services/ avglshim.service then hit enter. Type slgateway for the

password and hit enter. It may require it to be entered twice. Note: If using the StoneLock Micro Appliance add sudo before any systemctl command.

Fig 3.2.1.4 7. On the comand line in the terminal type systemctl start avglshim.service then hit enter. Type slgateway for the password and hit

enter.

Fig 3.2.1.5

Section 3.2.2 Setting up Devices in ACM Any door in ACM can be set up as a StoneLock device reader.

1. Click on the Physical Access tab in ACM 2. Click on Doors and Click on the +Add New Door button. 3. Enter a device name, based on the naming convention rules of ACM. 4. Under the Alt Name field assign the last six characters of the devices’ MAC address. The last six characters of the MAC address

will always be the six characters of the control units’ serial number. For example, the Alt Name in Fig 3.2.2.1 is 10:03:3a. The serial number listed on the sticker of the control box for that device is C-10033A.

Fig 3.2.2.1

5. Set the Door mode to Card Only, or Card and Pin. Note: This does not affect the Verification mode on the device. This is a required setting in ACM to enable the StoneLock Device to become Active in the StoneLock Gateway.

6. Click Save. 7. Add the door to the correct Access Group. The schedules for that door, and all StoneLock users assigned to that Access Group,

will automatically be pushed to that door.

Section 3.2.3 Setting up ACM Users as StoneLock Users 1. Select the ACM user from the Identity list that will become a StoneLock user. 2. Under the External System ID, enter the number that will be that users StoneLock ID. This number may be from 2-18 numbers

long. See Fig 3.2.3.1 Note: the StoneLock device will allow IDs from 1-18 numbers long, but the External System ID field will not accept a single digit.

Users are pushed to each StoneLock device on the network based on their Access Group assigned in ACM.

Fig 3.2.3.1 The following changes to an Identity or Token are automatically updated on the StoneLock device:

• First Name

• Last Name

• Token Internal Number (This is the number that is sent to the device for the card number of the user).

• Token Status. The following status messages will display on the StoneLock device based on the token status. o Token Status of Expired- Expired User (Will display as Expired in the StoneLock Web Client).

o Token Status of Inactive- Illegal User (Will display as Blacklist in the StoneLock Web Client)

o Token Status of Not Yet Active- Illegal User (Will display as Blacklist in the StoneLock Web Client)

• The External System ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrollment.

See Section 4 StoneLock Web Client for enrollment and device user type.

Section 3.2.4 Removing an ACM user from a StoneLock Device ACM users are associated to StoneLock devices based on their Access Group in ACM. To delete that user from a StoneLock device remove that Access Group from that user. The device associated with that Access Group will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in ACM. See Section 4 StoneLock Web Client.

Section 3.3 Genetec Security Center Section 3.3.1 Configuring the Gateway to communicate to Genetec Security Center

1. Ensure the Genetec Part Number GSC-1SDK-SL-Gateway has been installed. 2. Create a Web-based SDK role in Genetec.

a. Click on the properties of the Web-based SDK role. b. Write down the Port (not the Streaming Port) and the Base URI. These will be needed for later.

3. Bring up a Terminal session in the StoneLock Gateway. In Ubuntu use Ctrl-Alt-T on the keyboard. 4. At the command line in the Terminal window type cd /etc/stone_lock/ Hit enter.

Fig 3.3.1.1

Note: The folowwing commands are based on the StoneLock Appliance runnign Ubuntu. If gedit is not on your system, use whatever program is avialable to edit text files.

5. Type sudo gedit config_genetec.xml Hit enter. Type in slgateway for the password and hit enter. Note: If using the StoneLock Micro Appliance, use sudo nano config_gentec.xml. Arrow down to the lines to edit and make the change. Use Ctrl x to exit after making the changes. Type y and hit enter to save then hit enter again. The cmd line will return.

Fig 3.3.1.2

6. In the <server url> field enter the IP address, Web Port and the Base URI for the Genetec Web-Based SDK. 7. In the <user> field enter the Username that has access to the Web SDK. Ensure not to change the information behind the ; in

the <user> field. a. For example, in the figure below the user is Admin follwed by a semi colon.

8. In the <password> field enter the password for the above entered user.

Fig 3.3.1.3

9. Click Save. 10. On the comand line in the terminal type

systemctl enable /sl_services/genetec.service then hit enter. Type slgateway for the password and hit enter. It may require it to be entered twice. Note: If using the StoneLock Micro Appliance add sudo before any systemctl command.

Fig 3.3.1.4 11. On the comand line in the terminal type systemctl start genetec.service then hit enter. Type slgateway for the password and hit

enter.

Fig 3.3.1.5

Section 3.3.2 Setting up Devices in Genetec. Any Door in Genetec can be set up as a StoneLock device reader.

1. Select the Door in Genetec which will be associated with the StoneLock device. 2. Open the Door. 3. At the end of the Door name in the Name field enter an underscore _ followed by the last six digits of the device MAC address.

These six digits are also the serial number of the control box. Example: Control Box Serial number 1002B6 will have a MAC address of a4:58:0f:10:02:b6. If that device is to be associated with Genetec reader Office Door, the Door name in Genetec will be Office Door_10:02:b6. See Fig 3.3.2.1

Fig 3.3.2.1

4. Click Apply to save the Door name change. This Door will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the Door in Genetec and display it in Device and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: The Door needs to be included in an active Access Rule in Genetec in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.

Section 3.3.3 Setting up GENETEC Users as StoneLock Users Any Genetec user that has been assigned an Access Rule that includes a Genetec Door associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: In Security Center 5.6 the Access Rule needs to be assigned directly to the user. An Access Rule assigned to the user via a Cardholder Group will not move the user to StoneLock Gateway. Genetec added this ability in Security Center 5.7.

The following changes to an Employee or Card are automatically updated on the StoneLock device:

• First Name

• Last Name

• Card Number

• Card Status. The following status messages will display on the StoneLock device based on the Card status. o Card Status of Inactive- Illegal User (Will display as Blacklist in the StoneLock Web Client)

o Card Status of Expired- Illegal User (Will display as Blacklist in the StoneLock Web Client)

o Card Status of Lost- Lost Card User (Will display as Lost Card in the StoneLock Web Client)

o Card Status of Stolen- Illegal User (Will display as Blacklist in the StoneLock Web Client)

Section 3.3.4 Removing a GENETEC user from a StoneLock Device Genetec users are associated to StoneLock devices based on their Access Rule in Genetec. To remove that user from a StoneLock device remove that Access Rule from that user. The device associated with that Access Rule will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in Genetec. See Section 4 StoneLock Web Client.

Note: In Security Center 5.6 the Access Rule needs to be assigned directly to the user. An Access Rule assigned to the user via a Cardholder Group will not move the user to StoneLock Gateway. Genetec added this ability in Security Center 5.7.

Section 3.4 Hirsch Velocity The StoneLock Gateway integration with Velocity requires a valid SDK license obtained from Hirsch directly. To install the SDK license, refer to the documentation provided by Hirsch.

Section 3.4.1 Hirsch Shim Setup The StoneLock Gateway uses a windows service named Hirsch_Shim to communicate between Velocity and the Gateway. The person installing the Hirsch_Shim will need the valid Windows user name and password to access the Velocity SDK.

The StoneLock_Shims.MSI installs this Shim.

1. Navigate to the Hirsch PSG folder were the Velocity SDK is installed in. 2. Open the Velocity SDK folder. 3. Copy the sdklicense.txt file. 4. Move the copy of the sdklicense.txt file to the StoneLock folder created by the StoneLock Gateway install. This defaults to

“C:Program Files\StoneLock”. You will see the Hirsch_Shim.exe file in this same folder. They need to be located in the same folder.

5. Open Notepad as an Administrator. 6. Select File and click Open 7. Navigate to the Program Files>StoneLock folder. 8. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 9. Select the config_hirsch.xml file and click Open. 10. Enter the name of the server that houses the Hirsch databases in the <datasource> field.

Fig 3.4.1.1

11. Select File and click Save. 12. Open the Windows Services application. 13. Scroll down to the Hirsch_Shim service.

Fig 3.4.1.2 14. Right click on the Hirsch_Shim service click on Properties. 15. Click on the Log On tab. 16. Click in the circle next to this account. 17. Enter the account information that has access to Velocity.

Fig 3.4.1.3 18. Select the General tab. 19. Select applicable Startup type for the location.

a. Automatic is recommended should the event of a computer/server reboot be required. 20. Click Apply. 21. Click OK. 22. Start the Hirsch_Shim service.

Section 3.4.2 Setting up Devices in Velocity Any reader in Velocity can be set up as a StoneLock device reader.

1. Open the Door in Velocity that will be associated with the StoneLock reader. 2. Click on the Entry Reader tab. 3. In the Reader name field, enter the last six digits of the device MAC address. These six digits are also the serial number of the

control box. Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:03:2f. The reader name in Velocity will be 10:03:2f.

Fig 3.4.2.1

4. Click Ok to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in Velocity and display it in the Remote Enrollment and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: The Door needs to be included in an active Door Group in Velocity in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.

Section 3.4.3 Setting up Velocity Users as StoneLock Users Any Velocity user assigned a Function that includes a Velocity Door Group associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Prior to a user being enrolled on a StoneLock device they will need to have a StoneLock ID created and have their card number associated to their profile. See Sections 4.1 Assigning a StoneLock ID to a User and Section 4.2 Assigning a card to a User. The following changes to an Employee or Card are automatically updated on the StoneLock device.

• First Name

• Last Name

• Card Number

• Card Status. The following status messages will display on the StoneLock device based on the Card status: o Card Status of Disable- Illegal User (Will display as Blacklist in the StoneLock Web Client)

o Card Status of Lost- Lost Card (Will display as lost Card in the StoneLock Web Client)

o Card Status of Destroyed- Illegal User (Will display as Blacklist in the StoneLock Web Client)

o Card Status of Expired- Expired User (Will display as Blacklist in the StoneLock Web Client)

Section 3.4.4 Removing a Velocity user from a StoneLock Device Velocity users are associated to StoneLock devices based on their Function in Velocity. To delete that user from a StoneLock device, remove that Function from that user. The device associated with that Door Group will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in Velocity. See Section 4 StoneLock Web Client.

Section 3.5 Honeywell ProWatch

The StoneLock Gateway integration with ProWatch requires a valid HSDK license. To set up the HSDK refer to the HSDK setup manual provided by Honeywell.

Section 3.5.1 Configuring the Gateway to talk to ProWatch The StoneLock Gateway uses the URL of the HSDK Application Module to communicate to ProWatch.

1. In ProWatch click on Database Configuration. 2. Click on the Application Module link. 3. Open and connect to the Application Module created for the StoneLock integration. Enter the Username and Password for the

Application Module.

Fig 3.5.1.1 4. Click on the Subscribed Objects tab. Write down the URL listed in the Start from URL: field. You will not need the http://.

Fig 3.5.1.2

5. Bring up a Terminal session in the StoneLock Gateway. On the StoneLock Appliance or Micro Appliance use Ctrl-Alt-T on the keyboard.

6. At the comand lind in the Terminal window type cd /etc/stone_lock/ Hit enter. Note: The folowwing commands are based on the StoneLock Appliance runnign Ubuntu. If gedit is not on your system, use whatever program is avialable to edit text files. Note: If using the StoneLock Micro Appliance, use sudo nano config_honeywell.xml. Arrow down to the lines to edit and make the change. Use Ctrl x to exit after making the changes. Type y and hit enter to save then hit enter again. The cmd line will return.

Fig 3.5.1.3

7. Type sudo gedit config_honeywell.xml Hit enter. Type in slgateway for the passwrd and hit enter.

Fig 3.5.1.4

8. In the <acm url> field enter the URL for the ProWatch HSDK Application Module that was writen down in step 4. You will need to enter pacs after the URL. See Fig 3.5.1.5.

9. In the <userpwd> field enter the user name and password that has access to the HSDK Application Module. Enter a : between the user name and password.

Example: User name- user, password- password would be entered as user:password. See Fig 3.5.1.5.

Fig 3.5.1.5

10. Click Save. 11. Click the “x” to close the gedit session.

Note: If using the StoneLock Micro Appliance add sudo before any systemctl command. 12. On the comand line in the terminal type systemctl enable /sl_services/honeywell.service then hit enter. Type slgateway for the

password and hit enter. It may require it to be entered twice.

Fig 3.5.1.6 13. On the comand line in the terminal type systemctl start honeywell.service then hit enter. Type slgateway for the password and

hit enter.

Fig 3.5.1.7

Section 3.5.2 Setting up Devices in ProWatch Any reader in ProWatch can be set up as a StoneLock device reader.

5. Select the reader in ProWatch which will be associated with the StoneLock device. 6. Open the reader and click on the Define Logical Device tab. 7. At the end of the reader name in the Description field enter an underscore _ followed by the last six digits of the device MAC

address. These six digits are also the serial number of the control box. Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:03:2f. If that device is to be associated with ProWatch reader Entrance 2, the reader name in ProWatch will be Entrance 2_10:03:2f. See Fig 3.5.2.1

Fig 3.5.2.1

8. Click Ok to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in ProWatch and display it in the Remote Enrollment and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: The reader needs to be included in an active Clearance Code in ProWatch in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.

Section 3.5.3 Setting up ProWatch Users as StoneLock Users Any ProWatch user that has been assigned a Clearance Code that includes a ProWatch reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client. Before these users can be enrolled on a StoneLock device they will need to have their card number associated with their profile. See Sections 4.1 Assigning a StoneLock ID to a User and Section 4.2 Assigning a card to a User.

1. In ProWatch click on Administration. 2. Click the + next to Badge Utilities. 3. Click on Badge Fields. 4. Right Click under the Badge Fields table and select Add Badge Field.

Fig 3.5.3.1

5. Enter STONELOCK_ID in the Colum Name field. 6. Enter StoneLock ID in the Display Name field. 7. Change Data Type to varchar 8. Click OK. 9. Click on the + next to Executables. 10. Double click on Badge Builder.

a. This will open a separate program.

Fig 3.5.3.2

11. Click on the + on Badge Profiles. 12. Click on the + on General Fields. 13. Click on Badge Information. 14. Find StoneLock ID in the Description field on the left. 15. Drag and drop the StoneLock ID field from the column and place it in the Badge Information screen on the right.

Fig 3.5.3.3

16. Close the Badge Builder Application. The StoneLock ID field is now available in the Advanced Badge Manager. Note: If the Advance Badge Manager is open you will need to close it and reopen it before the added field will appear.

17. Open the Advance Badge Manager application. 18. Select the ProWatch user that will be assigned a StoneLock ID. 19. Click Edit. 20. According to internal policies, assign the user a StoneLock ID which may be from 1-18 numbers long. 21. Click Save.

Users are pushed to each StoneLock device on the network based on their Clearance Code assigned in ProWatch.

The following changes to an Employee or Card are automatically updated on the StoneLock device:

• First Name

• Last Name

• Card Number

• Card Status. The following status messages will display on the StoneLock device based on the Card status. o Card Status of Disabled- Illegal User (Will display as Blacklist in the StoneLock Web Client)

o Card Status of Expired- Expired User (Will display as Expired in the StoneLock Web Client)

o Card Status of Terminated- Illegal User (Will display as Blacklist in the StoneLock Web Client)

o Card Status of Unaccounted- Illegal User (Will display as Blacklist in the StoneLock Web Client)

o Card Status of Void- Illegal User (Will display as Blacklist in the StoneLock Web Client)

Section 3.5.4 Removing a ProWatch user from a StoneLock Device ProWatch users are associated to StoneLock devices based on their Clearance Code in ProWatch. To remove that user from a StoneLock device remove that Clearance Code from that user. The device associated with that Access Group will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in ProWatch. See Section 4 StoneLock Web Client.

Section 3.6 Lenel OnGuard The StoneLock Gateway integration with OnGuard requires a valid DataConduIT license. To set up DataConduIT refer to the DataConduIT setup manual provided by Lenel.

Section 3.6.1 Lenel Shim Setup The StoneLock Gateway uses a windows service named Lenel_Shim to communicate between DataConduIT and the gateway. The person installing the Lenel_Shim will need the OnGuard DataConduIT Directory authentication user name and password. This can be

found in OnGuard > System Administration > Administration > Directories. If this is using a Domain you will need to use the fully qualified domain name with the user name. The StoneLock_Shims.MSI installs this Shim.

1. Open Notepad as an Administrator.

2. Select File and click Open 3. Navigate to the Program Files>StoneLock folder. 4. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 5. Select the config_Lenel.xml file and click Open. 6. Enter the name of the server that houses the Lenel databases in the <datasource> field.

Fig 3.6.1.1

7. Select File and click Save. 8. Open the Windows Services application. 9. Scroll down to the Lenel_Shim service.

Fig 3.6.1.2 10. Right click on the Lenel_Shim service click on Properties. 11. Click on the Log On tab. 12. Click on the circle next to This account. 13. Enter the account information that has access to OnGuard via DataConduIT.

b. Automatic is recommended in the event of a computer/server reboot. 16. Click Apply. 17. Click OK. 18. Start the Lenel_Shim service.

Section 3.6.2 Setting up Devices in OnGuard Any reader in OnGuard can be set up as a StoneLock device reader.

1. Go to Access Control > Readers and Doors in OnGuard. 2. Find the reader that will be associated with the StoneLock device.

3. Select Modify to enable editing of that reader. 4. At the end of the reader name enter an underscore _ followed by the last six digits of the device MAC address. These six digits

are also the serial number of the control box. Example: Control Box Serial number 10032F will have a MAC address of a4:58:0f:10:03:2f. If that device is to be associated with OnGuard reader Front Door, the reader name in OnGuard will be Front Door_10:03:2f. See Fig 3.6.2.1.

Fig 3.6.2.1

5. Click Ok to save the reader name change. Click OK on Confirm Record Modify window. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in OnGuard and display it in the Remote Enrollment and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: The reader needs to be included in an active Access Level in OnGuard in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.

Section 3.6.3 Setting up OnGuard Users as StoneLock Users Any OnGuard user that has been assigned an Access Level that includes an OnGuard reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client. Before these users can be enrolled on a StoneLock device they will need to have a StoneLock ID created and have their card number associated with their profile. See Sections 4.1 Assigning a StoneLock ID to a User and Section 4.2 Assigning a card to a User. The following changes to an Employee or Card are automatically updated on the StoneLock device.

• First Name

• Last Name

• Card Number

• Card Status. The following status messages will display on the StoneLock device based on the Card status:

o Card Status of Returned- Illegal User (Will display as Blacklist in the StoneLock Web Client) o User created statuses in OnGuard for a status other than Active, Lost, or Returned- Illegal User (Will display as

Blacklist in the StoneLock Web Client)

• The User ID (StoneLock ID) should not be altered once it is pushed to the StoneLock device. If the number is altered you may cause a system error on the device, which would result in the user no longer being recognized without a re-enrolment.

Section 3.6.4 Removing an OnGuard User from a StoneLock Device OnGuard users are associated to StoneLock devices based on their Access Level in OnGuard. To remove that user from a StoneLock device remove that Access Level from that user. The device associated with that Access Level will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in OnGuard. See Section 4 StoneLock Web Client.

Section 3.7 S2 Section 3.7.1 Configuring the Gateway to communicate to S2

12. Bring up a Terminal session. On the StoneLock Appliance or Micro Appliance use Ctrl-Alt-T on the keyboard. 13. At the command line in the Terminal window type cd /etc/stone_lock/ Hit enter.

Note: The folowwing commands are based on the StoneLock Appliance runnign Ubuntu. If gedit is not on your system, use whatever program is avialable to edit text files. Note: If using the StoneLock Micro Appliance, use sudo nano config_S2.xml. Arrow down to the lines to edit and make the change. Use Ctrl x to exit after making the changes. Type y and hit enter to save then hit enter again. The cmd line will return.

Fig 3.7.1.1

14. Type sudo gedit config_S2.xml Hit enter. Type in slgateway for the password and hit enter.

Fig 3.7.1.2

15. In the <server url> field enter the IP address for the S2 Network Controller. a. This can be found by looking at the URL used to access S2.

Fig 3.7.1.3

16. Click Save. 17. On the comand line in the terminal type systemctl enable /sl_services/s2.service then hit enter. Type slgateway for the password

and hit enter. It may require it to be entered twice. Note: If using the StoneLock Micro Appliance add sudo before any systemctl command.

Fig 3.7.1.4 18. On the comand line in the terminal type systemctl start s2.service then hit enter. Type slgateway for the password and hit enter.

Fig 3.7.1.5

Section 3.7.2 Setting up Devices in S2. Any reader in S2 can be set up as a StoneLock device reader.

9. Select the reader in S2 which will be associated with the StoneLock device. 10. Open the reader and click on rename if it is an existing reader. 11. At the end of the reader name in the Name field enter an underscore _ followed by the last six digits of the device MAC address.

These six digits are also the serial number of the control box. Example: Control Box Serial number 1002B6 will have a MAC address of a4:58:0f:10:02:b6. If that device is to be associated with S2 reader Office Door, the reader name in S2 will be Office Door_10:02:b6. See Fig 3.7.2.1

Fig 3.7.2.1

12. Click Save to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the Gateway will associate it with the reader in S2 and display it in Device and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: The reader needs to be included in an active Access Level in S2 in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client.

Section 3.7.3 Setting up S2 Users as StoneLock Users Any S2 user that has been assigned an Access Level that includes a S2 reader associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client. The following changes to an Employee or Card are automatically updated on the StoneLock device:

• First Name

• Last Name

• Card Number

o Card Status of Expired- Illegal User (Will display as Blacklist in the StoneLock Web Client)

Section 3.7.4 Removing a S2 user from a StoneLock Device S2 users are associated to StoneLock devices based on their Access Level in S2. To remove that user from a StoneLock device remove that Access Level from that user. The device associated with that Access Level will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in S2. See Section 4 StoneLock Web Client.

Section 3.8 Software House CCURE 9000 2.60 The StoneLock Gateway integration with CCURE 9000 requires a valid CCURE site license and Victor Web Service License provided by Software House. To set up the licenses refer to the setup manual provided by Software House.

Section 3.8.1 Configuring the Gateway to communicate to CCURE 9000 2.60 using Victor Web Services

1. Ensure the Software House Site License and Victor Web Service License have been applied to the CCURE system. 2. Bring up a Terminal session. On the StoneLock Applicance or Micro Appliance use Ctrl-Alt-T on the keyboard. 3. At the command line in the Terminal window type cd /etc/stone_lock/ Hit enter.

Note: The folowwing commands are based on the StoneLock Appliance runnign Ubuntu. If gedit is not on your system, use whatever program is avialable to edit text files. Note: If using the StoneLock Micro Appliance, use sudo nano config_ccure.xml. Arrow down to the lines to edit and make the change. Use Ctrl x to exit after making the changes. Type y and hit enter to save then hit enter again. The cmd line will return.

Fig 3.8.1.1

4. Type sudo gedit config_ccure.xml Hit enter. Type in slgateway for the password and hit enter.

Fig 3.8.1.2

5. In the <server url> field enter the IP address of the CCURE server that is running the Victor Web Service. 6. In the <user> field enter the Username that has access to Victor Web Service 7. In the <password> field enter the password for the above entered user. 8. In the <domain> field enter the name of the Computer/Server that CCURE is running on

Fig 3.8.1.3

9. Click Save. 10. On the comand line in the terminal type

systemctl enable /sl_services/ccure.service then hit enter. Type slgateway for the password and hit enter. It may require it to be entered twice. Note: If using the StoneLock Micro Appliance add sudo before any systemctl command.

Fig 3.8.1.4 11. On the comand line in the terminal type systemctl start ccure.service then hit enter. Type slgateway for the password and hit

enter.

Fig 3.8.1.5

Section 3.8.2 Setting up Devices in CCURE. Any door in CCURE 9000 can be set up as a StoneLock device reader.

1. Select the door in CCURE which will be associated with the StoneLock device. 2. Open the reader and click on rename if it is an existing reader. 3. At the end of the reader name in the Name field enter an underscore _ followed by the last six digits of the device MAC address.

These six digits are also the serial number of the control box. Example: Control Box Serial number 10033A will have a MAC address of a4:58:0f:10:03:3a. If that device is to be associated with the CCURE door Office Door, the reader name in CCURE will be Office Door_10:03:3a. See Fig 3.8.2.1

Fig 3.8.2.1 4. Click Save to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the

Gateway will associate it with the Door in CCURE and display it in Device and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: The Door needs to be assigned an active clearance in CCURE in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client. At this time, the Clearance needs to have the Doors manually assigned to it. A Clearance assigned to a Door Group will not associate that Clearance to the Door for the Gateway.

Section 3.8.3 Setting up CCURE Users as StoneLock Users Any CCURE user that has been assigned a Clearance that includes a CCURE door associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client. The following changes to an Employee or Card are automatically updated on the StoneLock device:

• First Name

• Last Name

• Card Number

• Card Status. The following status messages will display on the StoneLock device based on the Card status.

o Card Status of Disabled- Illegal User (Will display as Blacklist in the StoneLock Web Client)

• The CCURE Object ID is defaulted as the User ID (StoneLock ID).

Section 3.8.4 Removing a CCURE user from a StoneLock Device CCURE users are associated to StoneLock devices based on their Clearance in CCURE. To remove that user from a StoneLock device remove that Clearance from that user. The device associated with that Clearance will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in CCURE. See Section 4 StoneLock Web Client.

Section 3.9 Software House CCURE 9000 2.50 The StoneLock Gateway integration with CCURE 9000 2.50 requires the StoneLock_Server_Compenent.msi to be installed.

Section 3.9.1 Configuring the Gateway to communicate to CCURE 9000 2.50 The StoneLock Gateway uses a windows service named SL_CCure_Server to communicate between CCURE and the Gateway. The person installing the StoneLock_Server_Component.msi will need CCURE 9000 administrator rights and Windows administrator rights to install the service.

1. Run the StoneLock_Server_Component.msi file. 2. Navigate to the Program Files folder on the commuter/server. 3. Right click on the StoneLock folder and click properties. 4. In the Security tab, ensure that System, Administrator, Users, and Trusted Installer all have Full control of the folder. 5. Open Notepad as an Administrator. 6. Select File and click Open 7. Navigate to the Program Files>StoneLock folder.

8. In the drop down at the bottom of the window select All Files (*.txt). It defaults to Text Documents (*.txt) 9. Select the config_ccure.xml file and click Open. 10. Enter the IP of the CCURE server in the IP sections of the external directory and server_url fields.

Fig 3.9.1.1

11. Select File and click Save. 12. Open the Windows Services application. 13. Scroll down to the SL_CCure_Server service.

Fig 3.9.1.2 14. Right click on the SL_CCure_Server service click on Properties. 15. Click on the Log On tab. 16. Click on the circle next to This account. 17. Enter the account information that has access to CCURE.

c. Automatic is recommended in the event of a computer/server reboot. 20. Click Apply. 21. Click OK. 22. Start the SL_CCure_Server service.

Section 3.9.2 Setting up Devices in CCURE. Any door in CCURE 9000 can be set up as a StoneLock device reader.

1. Select the door in CCURE which will be associated with the StoneLock device. 2. Open the reader and click on rename if it is an existing reader. 3. At the end of the reader name in the Name field enter an underscore _ followed by the last six digits of the device MAC address.

These six digits are also the serial number of the control box. Example: Control Box Serial number 10033A will have a MAC address of a4:58:0f:10:03:3a. If that device is to be associated with the CCURE door Office Door, the reader name in CCURE will be Office Door_10:03:3a. See Fig 3.9.2.1

Fig 3.9.2.1 4. Click Save to save the reader name change. This reader will now be sent to the StoneLock Gateway. If the device is online the

Gateway will associate it with the Door in CCURE and display it in Device and Health Monitor tabs of the StoneLock Web Client. See Section 4 StoneLock Web Client.

Note: The Door needs to be assigned an active clearance in CCURE in order to be displayed in the Remote Enrollment tab of the StoneLock Web Client. At this time, the Clearance needs to have the Doors manually assigned to it. A Clearance assigned to a Door Group will not associate that Clearance to the Door for the Gateway.

Section 3.9.3 Setting up CCURE Users as StoneLock Users Any CCURE user that has been assigned a Clearance that includes a CCURE door associated with a StoneLock device, will be automatically pushed to the StoneLock Gateway. These users will be displayed in the Remote Enrollment tab of the StoneLock Web Client. See Section 4 StoneLock Web Client. The following changes to an Employee or Card are automatically updated on the StoneLock device:

• First Name

• Last Name

• Card Number

• The CCURE Object ID is defaulted as the User ID (StoneLock ID).

Section 3.9.4 Removing a CCURE user from a StoneLock Device CCURE users are associated to StoneLock devices based on their Clearance in CCURE. To remove that user from a StoneLock device remove that Clearance from that user. The device associated with that Clearance will be removed from the user in the Remote Enrollment tab of the StoneLock Web Client. The user will be removed from the device(s) and no longer have access at that door until access is given again in CCURE. See Section 4 StoneLock Web Client.

Section 4 StoneLock Web Client (With PACS integration) The StoneLock Web Client provides a location to change and monitor the features of the StoneLock integration that are not available in all of the PACS integrations. The StoneLock Web Client can be pulled up from any browser on the same network as the StoneLock Gateway.

1. Launch a compatible web browser. 2. In the address bar enter the IP address of the StoneLock Gateway. 3. On the login screen enter the correct login information.

a. User name: admin b. Password: 888888 c. Gateway IP Address: The same IP used in Step 2.

4. Click on the Login button.

Section 4.1 Preparing a User Profile for Enrollment Every user in a StoneLock device must have a StoneLock ID before they will be pushed to a device. For the PACS that do not have the ability to assign this number, the Web Client provides a location to create a StoneLock ID for each user.

1. Login to the StoneLock Web Client. 2. Click on the Users link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.

a. The search box is case sensitive. Use a capital letter for the first letter of the last name and lower case letters for the remainder of the last name.

4. After the desired Last Name has been entered in the Search box, click the Refresh Tree button. a. The list of users will now only show the users matching the search criteria.

Fig 4.1.1

5. Click on the symbol of the head next to the identity name. a. This will move that users name to the User Configuration Box.

Fig 4.1.2

6. Select the Token that will be associated for the user at the StoneLock devices by clicking the green dot next to the token number.

a. The token will be displayed in the Token (Card Number) box. Note: Anytime you make a change to the User, the token must be selected with that user to unsure the change is pushed to the device.

FIG 4.1.3

7. Enter the desired StoneLock ID from 1-18 numbers long in the User ID(Pin) box.

8. Check the New ID box.

Fig 4.1.4 9. Select the desired Credential Type.

a. Card Only: Card Only enables that user to verify at the StoneLock device with only a card. Card Only examples are visitors or emergency workers

b. Blacklist: Blacklist disables that user’s ability to gain access at the StoneLock devices. If connected to a PACS, the users will follow the status of the credential in the PACS when available.

c. Mixed Mode: Mixed Mode enables that user to gain access to the StoneLock device using only the face while other users must present their pin/card before verifying with their face. Note: This setting requires the StoneLock device to be set in Mixed Verification Mode. See the StoneLock Pro User Manual for setting the device Verification Modes.

d. None: Selecting None will turn off the previously selected Credential Type. A user is defaulted to the None setting.

Fig 4.1.5

10. Select the desired User Type. a. The StoneLock device has three user types available for enrolled users. See the StoneLock Pro manual for definitions.

Fig 4.1.6

11. The Access Groups that the User is assigned to from the PACS will be listed in red in the Access Group Box. 12. Click the Save User. A pop up status message will appear showing success. 13. Click Ok.

Fig 4.1.7

14. Click the Update Devices button. A pop up status message will appear showing success. 15. Click Ok.

Fig 4.1.8

Section 4.2 Enrollment For a user to be able to use the StoneLock devices they first must create an enrollment template. This template can be enrolled at any of the StoneLock devices that were created in the PACS.

1. Login to the StoneLock Web Client. 2. Click on the Remote Enrollment link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.

Fig 4.2.1

5. Click on the symbol of the head next to the identity name.

a. This will move that users name to the blank box below the Capture button. b. If the symbol of a head is red, that user does not have a template enrolled yet.

Fig 4.2.2

Fig 4.2.3

6. Click on the purple circle next to the device that will be used as the enrollment device from the Devices box.

Fig 4.2.4

a. This will move the device name to the blank box below the Stop button. b. The StoneLock devices that the user has access to will show up in the Devices box. c. Instruct the user that they are about to be enrolled. Read the Enrollment Section of the StoneLock Pro Manual on how to

position the user to be enrolled. 7. Once both the name and deice are listed in the bottom boxes, click the Video button to start the live video feed.

a. A pop up status message will appear showing success. b. Click Ok.

Fig 4.2.5

8. Once the user has been identified as the correct person and they are prepared, click the Capture button. a. Click the Select box. A pop up status message will appear showing success. b. Click Ok.

Fig 4.2.6

c. The StoneLock device will enter the capture mode. See StoneLock Pro User Manual. d. The StoneLock Web Client shows the enrollment process. The progress bar at the bottom shows the progress of the

enrollment. e. When the progress bar displays 100%, click the Stop button.

i. Click the Select box. A pop up status message will appear showing success. ii. Click Ok.

Fig 4.2.7

Fig 4.2.8

Section 4.3 Verification Transactions When available in the PACS, event transactions will be sent to the PACS native monitoring application. Not all PACS have the ability to receive the StoneLock event transactions, or all of the information that the StoneLock device sends on a transaction. The StoneLock Web Client displays the following transaction information.

• Time of the event

• StoneLock ID (User ID)

• User Name

• Device name (The StoneLock device that the event took place at.)

• Credential (The card number that was presented at the StoneLock device.)

• Status (The status of the verification event, successful, failure, etc…)

• Verification Picture (The picture of the person that was being verified. This will also show the picture of a person on a denied event.)

• Enrollment Picture (The picture taken at time of enrollment.)

1. Click on the Home link at the top of the page.

2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button to pause the updates. Click on Resume to restart the updates. Transactions that take place while the Pause button is selected will automatically be displayed after Resume is selected.

Fig 4.3.1 3. Click on a Picture in either the Verification Picture or Enrollment Picture columns to enlarge the image.

Fig 4.3.2

Section 4.4 Health Monitoring The Health Monitor screen shows the online status of all StoneLock devices on the gateway. All devices that are online are displayed with a green circle next to the device name. Offline devices are displayed with a red circle next to the device name.

1. Click on the Health Monitor link at the top of the page. 2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button

to pause the updates. Click on Resume to restart the updates.

Fig 4.4.1

Section 4.5 Management Transactions This Space Intentionally Left Blank

Section 4.6 Gateway Log Like the Management Transactions between the Gateway and devices, the Gateway provides a log of the Gateway Service. This log aids in troubleshooting by showing Gateway status.

1. Click on the Log link at the top of the page. 2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button

Fig 4.6.1

Section 4.7 Analysis This Space Intentionally Left Blank

Section 5 StoneLock Web Client (Standalone) The StoneLock Web Client provides the ability to connect multiple StoneLock devices together remotely without the need for a PACS integration. The StoneLock Web Client can be pulled up from any browser on the same network as the StoneLock Gateway.

1. Launch a compatible web browser. 2. In the address bar enter the IP address of the StoneLock Gateway. 3. On the login screen enter the correct login information.

a. User name: admin b. Password: 888888 c. Gateway IP Address: The same IP used in Step 2.

4. Click on the Login button.

Section 5.1 Creating an Access Group An Access Group(s) must be created to give a user rights to a StoneLock device.

1. Login to the StoneLock Web Client. 2. Click on the Devices link at the top of the screen. 3. In the Access Group box, enter a name for the Access Group. 4. Enter an ID number for the Access Group. This is a unique number to distinguish the Access Groups from each other. 5. Click the New ID button.

Fig 5.1.1

6. Click the Save Access Group button. a. A pop up status message will appear showing success. b. Click OK

Fig 5.1.2

7. Click the Refresh Tree button. a. The Access Group will be displayed in the tree

Fig 5.1.3

Section 5.2 Removing an Access Group. 1. Click on the green circle next to the Access group. 2. Click Remove Access Group.

a. A pop up status message will appear showing success. b. Click OK

Fig 5.2.1

3. Click on the Refresh Tree Button. a. The Access Group will no longer be displayed.

Section 5.3 Creating a Device

1. Login to the StoneLock Web Client. 2. Click on the Devices link at the top of the screen.

3. Click on the green circle next to the Access Group that the device will be associated with. 4. Enter a Name for the Device in the Name box. 5. Enter an ID for the Device. This is a unique number to distinguish the Devices from each other. 6. Click the New Device button. 7. Click on the Active button. 8. In the MAC dropdown box select the desired device serial number.

a. The MAC box shows all of the StoneLock devices that the Gateway is able to discover on the network. If the network configuration does not allow for discovery, enter the IP Address of the device.

9. Chose the verification mode desired for the device.

Fig 5.3.1

10. Click on the “+” button next to the Access Group to associate it with the device. a. A pop up status message will appear showing success. b. Click OK

Fig 5.3.2

11. Click Save Device a. A pop up status message will appear showing success. b. Click OK

Fig 5.3.3

12. Click the Refresh Tree button. a. The device will not show up under the associated Access Group.

Fig 5.3.4

Section 5.4 Deleting a Device 1. Click on the purple circle next to the Device. 2. Click Remove Device.

a. A pop up status message will appear showing success. b. Click OK

Fig 5.4.1

3. Click on the Refresh Tree Button. a. The Device will no longer be displayed.

Section 5.5 Adding A New User 1. Login to the StoneLock Web Client. 2. Click the Users link at the top of the screen. 3. Enter the name of the new user in the Name box.

a. Enter the name in the following format. i. Last name, First name.

4. Enter the desired StoneLock ID from 1-18 numbers long in the User ID(Pin) box. 5. Check the New ID box.

Fig 5.5.1 6. Select the desired Credential Type.

a. Card Only: Card Only enables that user to verify at the StoneLock device with only a card. Card Only examples are visitors or emergency workers

b. Blacklist: Blacklist disables that user’s ability to gain access at the StoneLock devices. If connected to a PACS, the users will follow the status of the credential in the PACS when available.

c. Mixed Mode: Mixed Mode enables that user to gain access to the StoneLock device using only the face while other users must present their pin/card before verifying with their face. Note: This setting requires the StoneLock device to be set in Mixed Verification Mode. See the StoneLock Pro User Manual for setting the device Verification Modes.

d. None: Selecting None will turn off the previously selected Credential Type. A user is defaulted to the None setting.

Fig 5.5.2

7. Select the desired User Type.

a. The StoneLock device has three user types available for enrolled users. See the StoneLock Pro manual for definitions.

Fig 5.5.3

8. Enter the Card Number in the Token (Card Number) box. If not using cards this box can be left blank. 9. Select the desired Access Group for the user from the Access Group box. 10. Click Save User. A pop up status message will appear showing success. 11. Click Ok.

Fig 5.5.4

12. Click the Refresh Tree button. The new user will be displayed in the box. 13. Click the Update Devices button. A pop up status message will appear showing success. 14. Click Ok.

Fig 5.5.5

Section 5.6 Editing a User 1. Login to the StoneLock Web Client. 2. Click the Users link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.

Fig 5.6.1

Fig 5.6.2

FIG 5.6.3

7. Make the desired change to the user. a. Name b. Credential Type c. User Type d. New toke/change existing token number. e. Add/Remove Access Group.

i. Any Access Group in red is the active Access Group. Note: Do not change the User ID after a user has been enrolled in a StoneLock device. Doing so may cause the user to be denied at the device.

8. Click Save User. A pop up status message will appear showing success. 9. Click Ok.

Fig 5.6.4

10. Click the Refresh Tree button. The change to the user will be displayed in the box. 11. Click the Update Devices button. A pop up status message will appear showing success. 12. Click Ok.

Fig 5.6.5

Section 5.7 Deleting a User

1. Login to the StoneLock Web Client. 2. Click the Users link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.

Fig 5.7.1

Fig 5.7.2

FIG 5.7.3

7. Click the Remove User button. A pop up status message will appear showing success. 8. Click Ok.

Fig 5.7.4

9. Click the Update Devices button. A pop up status message will appear showing success. 10. Click Ok.

Fig 5.7.5

11. Click the Refresh Tree button. a. The User will no longer be in the list.

Section 5.8 Enrollment For a user to be able to use the StoneLock devices they first must create an enrollment template. This template can be enrolled at any of the StoneLock devices that were created in the PACS.

1. Login to the StoneLock Web Client. 2. Click on the Remote Enrollment link at the top of the screen. 3. Use the Search box above the Users box to search for the desired Last Name of the user.

Fig 5.8.1

5. Click on the symbol of the head next to the identity name. a. This will move that users name to the blank box below the Capture button. b. If the symbol of a head is red, that user does not have a template enrolled yet.

Fig 5.8.2

Fig 5.8.3

6. Click on the purple circle next to the device that will be used as the enrollment device from the Devices box.

Fig 5.8.4

a. This will move the device name to the blank box below the Stop button. b. The StoneLock devices that the user has access to will show up in the Devices box. c. Instruct the user that they are about to be enrolled. Read the Enrollment Section of the StoneLock Pro Manual on how to

position the user to be enrolled. 7. Once both the name and deice are listed in the bottom boxes, click the Video button to start the live video feed.

a. A pop up status message will appear showing success. b. Click Ok.

Fig 5.8.5

8. Once the user has been identified as the correct person and they are prepared, click the Capture button. a. Click the Select box. A pop up status message will appear showing success. b. Click Ok.

Fig 5.8.6

c. The StoneLock device will enter the capture mode. See StoneLock Pro User Manual. d. The StoneLock Web Client shows the enrollment process. The progress bar at the bottom shows the progress of the

enrollment. e. When the progress bar displays 100%, click the Stop button.

i. Click the Select box. A pop up status message will appear showing success. ii. Click Ok.

Fig 5.8.7

Fig 5.8.8

Section 5.9 Verification Transactions When available in the PACS, event transactions will be sent to the PACS native monitoring application. Not all PACS have the ability to receive the StoneLock event transactions, or all of the information that the StoneLock device sends on a transaction. The StoneLock Web Client displays the following transaction information.

• Time of the event

• StoneLock ID (User ID)

• User Name

• Device name (The StoneLock device that the event took place at.)

• Credential (The card number that was presented at the StoneLock device.)

• Status (The status of the verification event, successful, failure, etc…)

• Verification Picture (The picture of the person that was being verified. This will also show the picture of a person on a denied event.)

• Enrollment Picture (The picture taken at time of enrollment.)

1. Click on the Home link at the top of the page. 2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button

to pause the updates. Click on Resume to restart the updates. Transactions that take place while the Pause button is selected will automatically be displayed after Resume is selected.

Fig 5.9.1 3. Click on a Picture in either the Verification Picture or Enrollment Picture columns to enlarge the image.

Fig 5.9.2

Section 5.10 Health Monitoring The Health Monitor screen shows the online status of all StoneLock devices on the gateway. All devices that are online are displayed with a green circle next to the device name. Offline devices are displayed with a red circle next to the device name.

1. Click on the Health Monitor link at the top of the page.

2. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button to pause the updates. Click on Resume to restart the updates.

Fig 5.10.3

Section 5.11 Management Transactions This Space Intentionally Left Blank

Section 5.12 Gateway Log Like the Management Transactions between the Gateway and devices, the Gateway provides a log of the Gateway Service. This log aids in troubleshooting by showing Gateway status.

1. Click on the Log link at the top of the page. 3. Use the scroll bar at the right to move the list up and down. The list auto updates on a time schedule. Click on the Pause button

Fig 5.12.1

Section 5.13 Analysis This Space Intentionally Left Blank

Technical Support 800.970.6168 Option 2

support@stonelock.com www.stonelock.com

StoneLock Gateway Installation Manual · section 2 stonelock gateway ... section 3.5.4 removing a...

Documents

Lenel OnGuard Access Control Cryptographic Module Non ......Nov 14, 2019 · 1.2 12-30-2011 R Pethick Updated 6.1 Roles and Services and Table 4 in Section 6.2 1.3 01-09-2013 R. Martinez

SmartCard Solution Kuwait Total Physical(Lenel) and Logical(Windows) Security System

Lenel OnGuard Access Control Cryptographic Modules - Cryptsoft

Milestone XProtectTM Corporate, Expert Integration with ...download.milestonesys.com/Lenel/Old_LicenseModel/User Manual... · 1 Milestone XProtectTM Corporate, Expert Integration

Lenel Systems International Inc. - ssts.net.inssts.net.in/images/products/accesscontrol/Lenel/OnGuard_Hardware... · Access Control Hardware Controllers & Interfaces Intelligent System

Higher Education Lenel Users Group - Stanford University

IITrove Mercury Lenel D09R

7. Lenel OnGuard 2010 Job Aid - Running Reports NOV2013 · 7.!Lenel!Job!Aid:!RunningReports!! Page3!of!16! 3. Once!in!the!reporting!area,!you!will!want!to!navigate!to!the!Reader!Reports!tab.Make!sure!

OpenVideo Guide - Lenel

Lenel OnGuard and Bioscrypt V-Smart CONFIGURATION GUIDE -Veriadmin configuration -OnGuard configuration

StoneLock Gateway Installation Manual - StoneLock: …€¦ · · 2018-01-04The migration application will run and move the users to the migration archive in the StoneLock Gateway

Lenel Access Hardware Demo System User Guidepartner.lenel.com/file/onguard/6.5/userguides/DemoCase.pdf · Lenel OnGuard® 2012 Lenel Access Hardware Demo System User Guide, product

Higher Education Lenel Users Group - Stanford Universityweb.stanford.edu/.../docs/Lenel-Users-Group-Presentation-Cisco.pdf · Higher Education Lenel Users Group How Cisco uses Lenel

Lenel OnGuard 2008 Integrated security systems product datasheet

OnGuard Integration User Guide v. 17.01 - StoneLock · Reference the section on “Connecting StoneLock Pro to an Access Control System” in the StoneLock Pro User Manual ... User

Lenel OnGuard and Bioscrypt V-Smart

Lenel Command Keypad LNL-CK Hardware and Software Configuration Slide 1 of

LENEL FEBRUARY 2013 VAR PRICELIST - Galaxy …galaxyintegrated.com/wp-content/uploads/2013/07/Lenel-VAR-Pricing.pdf · Part # Description MSRP HTS Code ECCN COO OG-MEDIA OnGuard Software

Lenel OnGuard Access Control Cryptographic Modules: Security

IITrove Mercury Lenel J25Q