16
Page 1 MISC. LOCKS LIFT INTERCOM INTRUDER FIRE CCTV sateon Disclaimer Copyright © 2021, Grosvenor Technology. All rights reserved. SATEON and the SATEON logo are trademarks or registered trademarks of Grosvenor Technology. All other brands, names, or trademarks appearing in this document are acknowledged as the trademarks of their respective owners. No part of this document may be reproduced in any form or by any means for any purpose without the written permission of Grosvenor Technology. While we make every effort to ensure the accuracy of our publications, Grosvenor Technology assumes no responsibility or liability for any errors or inaccuracies that may appear in this document www.grosvenortechnology.com Issue 1.0 March 2021 Sateon IT Administrators Guide

FIRE sateon

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1

MIS

C.LO

CKS

LIFT

INTE

RCO

MIN

TRU

DER

FIRE

CCTV

sateonDisclaimer

Copyright © 2021, Grosvenor Technology. All rights reserved.

SATEON and the SATEON logo are trademarks or registered trademarks of Grosvenor Technology. All other brands, names, or trademarks appearing in this document are acknowledged as the trademarks of their respective owners.

No part of this document may be reproduced in any form or by any means for any purpose without the written permission of Grosvenor Technology.

While we make every effort to ensure the accuracy of our publications, Grosvenor Technology assumes no responsibility or liability for any errors or inaccuracies that may appear in this document

www.grosvenortechnology.com

Issue 1.0 March 2021

Sateon IT Administrators Guide

Page 2

Contents

Document Version 3Sateon and Silverlight End of Support 4Running Sateon Client in the ‘New’ Edge 5

Requirements to enable Sateon in ‘new’ Edge 5

Enable IE mode for Sateon using Local Group Policy Mode 5

Network Layout 9Typical 9

Separate SQL 10

Separate Comms Engine 11

Ports 12Dual Seat (SQL and APP) 12

Dual Seat Split Comms 12

Client – Server 12

Discovering Controllers from the App Server 13

Discovering Controllers from a Client 13

Bandwidth 14Hardware 14

Legacy / EZ 14

Advance 14

Software 15User Interface Bandwidth Usage 15

Page 3

Document Version

Version Date Notes Author/Editor

1.0 18 March 2021 First version Stephen Woolhead1.1 22 March 2021 Minor edits to first version James Savage1.2 23 March 2021 Minor edits Nathan Pilcher

This document supersedes all previous versions of this document.

Page 4

Sateon and Silverlight End of Support

The UI components of Sateon, the parts that run in the client browser, are based on Microsoft Silverlight. Microsoft have announced that mainstream support and security updates for Silverlight will end on the 12th of October 2021. While this is not ideal, it does not mean that Silverlight will stop working on the 12th; the plugin will keep running as long as the IE11 browser engine is supported on Windows.

The best way to manage this situation is to not use IE11 to access Sateon, but to enable the Enterprise mode in the new, chromium based, Edge browser. This will allow you to configure the browser as shown in the steps below to enable the enterprise support mode of the browser for certain websites. This mode in effect loads the legacy IE11 browser engine in a tab in the same browser window as tabs for sites running the latest standards compliant browsing engine.

As this method allows you to whitelist the sites that can load the Silverlight plugin, it helps reduce the risk from a user browsing with an older browser (IE11) to a site on the public internet, instead restricting them to loading Silverlight content from a single trusted internal server.

This approach combined with other best practices such as antivirus and other advanced threat detection systems routinely deployed to client machines, can help provide a secure environment to run the Sateon solution.

Page 5

Running Sateon Client in the ‘New’ Edge

Microsoft’s new Edge browser is based on the open-source Chromium browser engine. This provides evergreen support for modern web standards. To help provide support of older standards, Microsoft have included the older browser engine from IE11 which can be activated for selected sites. This allows users to browse modern websites and legacy sites within a single browser interface.

Requirements to enable Sateon in ‘new’ Edge � Modern Chromium based Edge (version 77 or later) must be installed. � On the server and each client PC, Microsoft Edge administrative templates must be applied to enable Group Policy changes to appear on the PC. ▪ This policy needs to include a list of URLs that should be enabled for ‘Enterprise Compatibility’ mode ▪ The policy can also be selective using the list above or it can be enabled for all intranet sites.

The group policy changes can either be made direct on the machine using Local Group Policy, or the preferred option is to deploy the policies via domain-based Group Policy under central IT control. Centrally managed deployment is the preferred option for client machines that are multipurpose as the client can only have a single site list.

Enable IE mode for Sateon using Local Group Policy Mode1. Ensure both Windows and the new Chromium based Edge browser are fully up to date.2. Download Group Policy files from the Edge for Business site: https://www.microsoft.com/en-us/edge/

business/download ensuring that the channel / build matches the Edge version being used (in Edge select ‘…’ > Settings > About Microsoft Edge).

3. 3. Extract the policy files. Note: The .cab is understood by windows, you can just double click it to browse it’s content and copy them out.

4. 4. Navigate to the following path inside the (extracted) “MicrosoftEdgePolicyTemplates” folder: windows\admx and copy the msedge.admx file and paste into C:\Windows\PolicyDefinitions

Page 6

Running Sateon Client in the ‘New’ Edge

5. Navigate to the following path inside the (extracted) “MicrosoftEdgePolicyTemplates” folder: windows\admx\en-US and copy the msedge.adml file and paste into C:\Windows\PolicyDefinitions\en-US

6. Once you complete the steps, the new policies to enable or disable IE Mode on Edge Chromium will install in the Group Policy Editor.

7. Open Start.8. Search for gpedit and click the top result to open the Group Policy Editor.9. Browse the following path: Computer Configuration > Administrative Templates > Microsoft Edge10. Double-click the Configure Internet Explorer integration policy.

11. Select the Enabled option to enable IE Mode for Microsoft Edge.12. Under the “Options” section, select the Internet Explorer mode from the dropdown menu.

Page 7

Running Sateon Client in the ‘New’ Edge

13. Click the Apply then OK button.14. Double-click the Configure the Enterprise Mode Site List policy.

15. Select the Enabled option and set the site list to the URL https://<mySateonServer>/sites.xml (replace <mySateonServer> with the lower case name of the Sateon server)

16. Click Apply and OK17. In the folder C:\inetpub\wwwroot create a file called sites.xml (Note that the server name MUST be all in

lower case) and paste in the content below (replace the ‘SATEONSERVERNAME’ text with the name of your Sateon server, remembering this must be entered as lower case)

Page 8

Running Sateon Client in the ‘New’ Edge

18. Test that you can download the file by going to the address https://SATEONSERVERNAME/sites.xml in any browser (replace the ‘SATEONSERVERNAME’ text with the name of your sateon server, remembering this must be entered as lower case).

19. Now open Edge and navigate to your Sateon server, i.e. https://SATEONSERVERNAME/sateon/ (replace the ‘SATEONSERVERNAME’ text with the name of your Sateon server, remembering this must be entered as lower case)

20. NOTES: a. The sites file does not have to be placed on a url, it can be:

i. HTTPS location: https://localhost:8080/sites.xmlii. Local network file: \\network\shares\sites.xmliii. Local file: file:///c:/Users/USER-FOLDER-NAME/Documents/sites.xml

b. Check the site list is active edge://policy/c. In this example we only placed a single site in the file, you can put as many as you like, e.g.:

d. Microsoft provide a tool to help you build and manage the site list.e. All these settings can be pushed through Active Directory Group Policy.f. You can only have one site list; on large systems this may have to be co-ordinated with your IT

department.

Page 9

Network Layout

TypicalSingle server either on premises, hosted in the customers own data centre or a 3rd party (for example) Azure.

Example of a relatively small system;

Network Requirements (Software) � Ports 80 / 443 and 4512 between the client and the SATEON Server.

Page 10

Network Layout

Separate SQLSeparate SQL Housing some or all the SATEON databases.

Network Requirements (Software) � Ports 80 / 443 and 4512 between the client and the SATEON Server. � MS-DTC between SATEON Server and SQL Server. � Standard (or reconfigured) SQL ports between SATEON Server and SQL Server.

Page 11

Network Layout

Separate Comms EngineWhere the system is > around 500 Controllers or spread over a large geographical area it is possible to provision multiple Comms engines to handle the local traffic to the controllers.

Network Requirements (Software) � Ports 80 / 443 and 4512 between the client and the SATEON Server. � MS-DTC between SATEON Server and SQL Server. � Standard (or reconfigured) SQL ports between SATEON Server and SQL Server. � Ports 80 / 443 between the Comms Server and the SATEON Server. � MSMQ between the Comms Server and the SATEON Server.

Page 12

Ports

Defaults are assumed unless the customer has specific requirements.

Dual Seat (SQL and APP)

Dual Seat Split Comms

Client – Server

Page 13

Ports

Discovering Controllers from the App ServerWhere the APP server is on the same subnet as the Controller.

Discovering Controllers from a ClientIf the server is clouded and is not seamlessly integrated into your network or resides in a subnet that is different from the subnet of the Controllers the discovery will not work – in this situation the discovery tool (Quickstart) can be run from any machine that is in the same subnet as the controller and can open the Sateon Web Page. During the commissioning process the controller firmware must be to be updated, where the controller cannot make a http connection to the Sateon server this will need to be carried out manually.

Page 14

Bandwidth

Figures based on SATEON Release 2.8.

The bandwidth calculations were based on an average of four readers per user action. The readings show the send and receive request showing the bandwidth in kb.

HardwareLegacy / EZ

Description of operation Bandwidth

1 Box polling no traffic 430 bytes/sec1 Box transaction rate 100 trans/sec 500 bytes/sec5 Boxes polling no traffic 637 bytes/sec5 Boxes transaction rate 100 trans/sec 730 bytes/sec16 Boxes polling no traffic 780 bytes/sec 780 bytes/sec16 Boxes transaction rate 100 trans/sec 875 bytes/sec

The connection for an ECC2 will limit to approx. 1,800 bytes/sec maximum bandwidth.The connection for an IDC-e will limit to approx. 5,400 bytes/sec maximum bandwidth.

Therefore, with five lines and 5 boxes on each line with no transactions you will have a totalbandwidth of 3,185 bytes/sec. With a large amount of traffic, you will see a total of 3,650bytes/sec throughput on the network card.

AdvanceCurrently comparable with Legacy and EZ.

Page 15

Software

User Interface Bandwidth UsageAll the figures are based on a 100 personnel system.

The system has a full set of security rules.

SATEON Function Sent KB Receive KB Total KB

Load SATEON UI 103.95 18,721 18,824.951 Login Process 30.90 670 700.902 Add token 13.99 16.35 30.34Query Token 4.26 14.44 18.70Delete Token 6.79 8.78 15.57Add Personnel 15.34 11.23 26.57Query Personnel 3.95 2.61 6.56Delete Personnel 11.69 15.04 26.73Grant Access Group 21.24 313.54 334.78Revoke Access Group 14.83 314.04 328.87Assign token 8.43 37.51 45.94Revoke Token 10.15 22.66 32.81Control Centre - Per Event 2.07 1.36 3.43Control Centre - Ack Incident 7.97 11.92 19.89Control Centre - Check State Panel

6.02 5.93 11.95

Control Centre - Unlock Door 4.01 3.87 7.88Reports - Initial load 15.36 759 774.36Reports - List Doors 8.44 76.15 84.59

1 The initial load of SATEON loads all the XAP files2 The login process checks all the security rules, languages, module options and the licensing options.

Email: [email protected]: +44 (0)1279 838000Web: www.grosvenortechnology.com

Page 16

Sateon IT Administrators Guide