catalog sw cover - vso · software solutions catalog onguard ... events such as invalid access...
TRANSCRIPT
PERPETUAL INNOVATION
SOFTWARE SOLUTIONS CATALOGOnGuard
®
Acc
ess
Con
trol
Vi
deo
Adv
ance
d C
rede
ntia
l
ContentsOnGuard Overview
Access Control Products
OnGuard Access
OnGuard Area Access Manager
OnGuard Visitor
OnGuard Fire & Intrusion
Credential Management Products
OnGuard ID CredentialCenter
OnGuard Biometrics and Smart Cards
Video Management Products
OnGuard VideoManager
OnGuard GO!
Advanced Products and Options
OnGuard Enterprise
Integration Toolkits
Software Options
Enterprise Diagram
Contact Information
Page1
3
5
7
9
11
13
15
17
19
21
23
25
28
Manage Everything...
Access C
ontrol
Support ■ Windows 2003/XP/2000
■ Microsoft SQL Server, Oracle Server
■ NEC ExpressCluster
■ Single Sign-on Support Using Windows 2000/XP/2003 Accounts
■ Available in Multiple Languages
■ UL 1076 Versions Available
■ FIPS 140-2 Validation Pending
Configuration Options ■ Software-only or Turnkey
Systems Available
■ Client/Server & Web Client Architecture
■ Concurrent Licensing
■ Fault Tolerant, Disaster Tolerant Solutions Available
■ OnGuard GO! (DVR or NVR Based)
■ OnGuard Enterprise
Features ■ Industry-Standard Database
Backups
■ Scheduling Management Tool
■ Scalability - Full Upward Migration Paths
■ Custom Report Writers
■ Advanced Monitoring Capabilities
■ User Friendly GUI
Benefits ■ Reduces Total Cost of Ownership
■ Leverages Existing Infrastructure
■ Increases Return on Investment
Total Security Knowledge Management Solution
The OnGuard Total Security Knowledge Management Solution™ seamlessly integrates synergistic security and information technologies using open architecture design standards. OnGuard offers applications for digital video management, video content analytics, advanced access control, alarm monitoring, intrusion detection, asset management, identity management, visitor management, and integration with information security systems. Individual application modules can be deployed as stand-alone systems or in any combination to deliver a single, seamlessly integrated solution. OnGuard is an established security integration platform, with over 13,000 users worldwide.
Open Architecture Design
As part of its corporate philosophy, Lenel is committed to open architecture. OnGuard has been designed in accordance with de facto information technology standards. This approach strategically benefits customers by allowing them to select the best new products available and/or to leverage their previous technology investments. To that end, OnGuard has been developed in part using Microsoft .NET. OnGuard supports multiple off-the-shelf technologies for operating systems (Windows), database platforms (MS SQL Server, Oracle Server), user directories (Active Directory / LDAP), network (Ethernet, TCP/IP), and administration utilities (Crystal Reports®, NEC ExpressCluster).
Seamless Integration
All OnGuard application modules (Access Control, Alarm Monitoring, Credential Management, Digital Video, Intrusion Detection, Asset Management, Information Security Management, Visitor Management, etc.) can be seamlessly integrated with one another. OnGuard uses a single database server and a single user interface for all applications. All OnGuard application software can be configured and managed from a single administrative workstation, and event activity can be monitored from a single alarm monitoring workstation.
Integration with Corporate Infrastructure
OnGuard Integration Tools enable advanced integration with existing business systems. Using sophisticated database tools, OnGuard can bidirectionally exchange cardholder data with human resources and/or ERP systems, coordinate alarm/event data with emergency response systems, and provide/receive event information with building management, network management and third-party security systems.
Applications to Integrate
■ OnGuard Access■ OnGuard Area Access Manager■ OnGuard ID CredentialCenter
Integration Toolkits and Standards to Enable
■ OnGuard DataExchange■ OnGuard OpenAccess Alliance Program■ OnGuard DataConduIT
Overview
1
■ OnGuard VideoManager■ OnGuard Visitor
■ OPC Server/Client Plug-in Adapter■ SNMP Manager/Agent Plug-in Adapter■ IBM WebSphere MQ Plug-in Adapter
Acc
ess
Con
trol
Partitioning & Permissions
Using OnGuard’s application partitioning, system administrators can provide each client workstation with only those applications that are required for that workstation. Based on licensing, each client workstation can have any combination of OnGuard application modules installed as needed for daily operations, including access control, alarm monitoring, credential management, digital video, intrusion detection and visitor management. Administrators can allow users to log in to only those applications that they are authorized to utilize. Administrators can also restrict the options available to any particular user within any application. From users with wide-ranging responsibilities to those with single function duties, OnGuard enables administrators to tailor users’ system experience to their jobs.
Application and Desktop Single Sign-On
OnGuard allows administrators to link an OnGuard operator’s user account with his Windows account. When an operator logs on to his Windows account, he can access OnGuard automatically, bypassing the need to log on to the individual application. A user does not need to remember a separate username and password. Furthermore, OnGuard ID CredentialCenter can seamlessly integrate with Single Sign-On applications such as Bioscrypt VeriSoft, so that a cardholder can access his Windows account by using his credential with a desktop card reader. VeriSoft helps the employee manage access to multiple password-mandated applications, including web sites. This improves system efficiencies for users of Windows applications. Desktop access events can be monitored like other OnGuard system events, keeping management of physical and logical security within the same user experience.
OnGuard Overview
2
Distributed Network Architecture
OnGuard’s distributed network architecture allows client workstations and intelligent field controllers to be placed directly on the existing network. All local access decisions are made and processed at the field panels, minimizing network traffic and providing real time access determinations. System administration, monitoring and video display can be performed at any client workstation on the network.
Access C
ontrol
Support■ Intelligent System Controller
(ISC) Communications• Ethernet• Modem
■ FIPS 197 128-bit AES Encrypted ISC Communications
■ FIPS 140-2 Validation Pending■ Industry Standard Card Reader
Technologies■ Open Supervised Device Protocol
(OSDP) for RS-485
FeaturesFlexible Programming Functions■ First Card Unlock■ Elevator Control■ (Selective) System Downloads■ Import/Export Utility■ Occupancy Limit■ Local and Global Anti-PassbackFlexible Monitoring Functions■ Alarm Masking Groups■ Graphical Maps and System
Overview Tree■ Monitor Zones■ Alarm/Event Mappings and
Routings■ Customizable Voice Instructions
and AnnunciationFlexible Cardholder Commands■ Escort Control■ Use Limits■ Extended Individual Strike Times
and (On-Demand) Door Held Open Times
■ Destination Assurance (with Elevator Control)
Flexible Card Reader Commands■ Time Zone Overrides■ Cipher Mode■ Multiple Card Formats■ Denied Access Attempts Counter
Options■ CCTV Interface■ Paging/E-mail Interface■ Video Verification■ Mustering■ Guard Tour
Overview
OnGuard Access is an integrated access control and alarm monitoring system that delivers maximum protection, versatility, simple operation and cost efficiency. OnGuard Access incorporates the most advanced technologies available, including modern object-oriented software, an advanced client/server database architecture and Microsoft’s multitasking, multithreading 32-bit Windows 2000/XP/2003 operating system. Solid technology and an intuitive graphical user interface combine to make OnGuard Access the most powerful yet easiest to use integrated security management system on the market.
Unlimited Handling Capacity
OnGuard Access offers unlimited scalability within a single, seamlessly integrated software solution. It has been designed to meet the needs of any size organization, from one that requires an entry-level, two-reader system to a large corporation with numerous facilities and thousands of card readers located around the world. OnGuard Access supports an unlimited number of card readers, alarm points and cardholders.
Segmentation
Segmentation is an optional feature that provides a logical way to group database components. System administrators define segments within the database, then assign each system user or object (access levels, card formats, badge types, etc.) to one or more of those segments. Segmentation is beneficial in environments where not every cardholder needs access to every area within a facility. A user sees only those objects that are in his segment(s) and those objects that are system-wide. In a segmented system, only those records associated with a particular segment are downloaded to the Intelligent System Controllers and associated field hardware in that segment. By minimizing the number of records that must be stored in a given device, segmentation provides more efficient utilization of the limited memory contained in access control hardware.
Scheduler
OnGuard’s scheduling utility allows system administrators to coordinate and plan system actions to be performed in the future. Many system operations can and are often anticipated to occur on certain dates at certain times. To reduce the risk of error in performing these functions manually, administrators can set rules of execution for actions such as starting guard tour, archiving, firmware or database downloads, and DataExchange scripts. Scheduler can also be configured to repeat security actions such as arming/disarming areas or masking/unmasking specific alarms. For any Scheduler action, the iterations can be one-time-only, or repeated at the administrator’s desired frequency. Such actions may occur once every hour, at a specific time every day, on a specific day of the week, or on a specific day of the month, recurring as often as the system requires.
Applications to Integrate
■ OnGuard Area Access Manager■ OnGuard Biometrics & Smart Cards■ OnGuard ID CredentialCenter
Integration Toolkits and Standards to Enable
■ OnGuard DataExchange■ OnGuard OpenAccess Alliance Program■ OnGuard DataConduIT
Access
3
■ OnGuard Fire & Intrusion■ OnGuard VideoManager■ OnGuard Visitor
■ OPC Server/Client■ SNMP Agent/Manager■ WebSphere MQ Adapter
• RS-232• Dual-Path
• Multidrop (RS-485)
Acc
ess
Con
trol
■ Two Person Control allows administrators to require that two individuals be present before being able to access high-security areas and both credentials be presented upon exit of those areas. In between entry and exit of the first two and last two cardholders, individual access may be allowed as the two-cardholder minimum is in effect.
■ Occupancy Limit allows administrators to restrict the amount of cardholders in a specific area at any given time. Once the Occupancy Limit has been reached, a cardholder must use the exit reader before another card read will be accepted at the entry reader. This is a valuable instrument in managing access to parking areas which are at capacity.
Global Input/Output Event Linkage
OnGuard allows administrators to configure linkages where any input/output/event can be linked to any other input/output/event in the system. These linkages can be derived from any OnGuard application and associated hardware. Events such as invalid access level, valid card read, or motion detection might trigger such outputs as unmasking an alarm masking group, open an area or set the active mode of a card reader. With Global I/O, OnGuard is easily automated to ensure rules execute properly and security can be engaged instantly as necessary.
Area Control
■ Global Hard Anti-passback allows administrators to require that cardholders present credentials to both enter and exit an area. This prevents the same credentials from simultaneously being used elsewhere in the area, while reporting an alarm to the Alarm Monitoring workstation(s).
■ Global Soft Anti-passback allows administrators to require that cardholders present credentials to both enter and exit an area. This rule would allow the same credentials to be simultaneously used elsewhere in the area, accompanied by an alarm will be reported to the Alarm Monitoring workstation(s).
■ Timed Anti-passback (across readers) allows administrators to determine how long after an accepted card-read before the same credential may be allowed at the same card reader. This rule can also be applied across a group of readers, a valuable feature for turnstile applications where multiple readers are in close, open proximity and credentials have a chance of being passed back for additional use.
OnGuard Access
4
REGION 1 SECURITY OPERATIONS CENTER LOCAL AREA NETWORK (TCP/IP)
DEDICATED NETWORK VIDEO SUBNET
MOBILE SOLUTION
SAN - STORAGE AREA NETWORK
WEB CLIENTS
TERMINAL SERVER
LAN/WAN
Video WallSmart Card/Biometric Encoder Mobile Guard
Wireless DeviceUSB Smart Card Reader
Remote Monitor
Disaster TolerantBackup Security
Server
OnGuardID CredentialCenter
Network- Management System
(SNMP Manager/Agent)
Building/ProcessAutomation System
(OPC Server/Client)
USB Smart Card Reader
Application Server• Internet Information
Services (IIS)
Fault Tolerant OnGuard Regional Server
• OPC Server/Client • SNMP Manager/Agent• MS SQL or Oracle
OnGuard Integrated Monitoring Workstation
USB Biometric
OnGuard Client Workstation• Integrated Monitoring
• Centralized AdministrationMobile
Badging Station
USB Biometric
USBProx
Dual PathController
IntelligentDual Reader
ControllerIntercom Switcher
Courtesy/Duress Station
Central StationIntrusion Detection
Burg Panel
Intrusion Detection
Burg Panel
Fire Panel NAS - NetworkAttached Storage
Fire Panel
SECURE SOCKET
IrisReader(x4)
Digital VideoRecorder
• Alarm Inputs (13)
*Asset Reader
Biometric Gateway
*Hand Reader (x8)
FingerprintReader
Dual Reader
Interfaces
IDControl Unit
Smart Card Reader
*Card Reader
CardReader
WirelessGateway
16-DoorWireless ReaderInterface
WirelessReader (x16)
SingleReader
Interfaces
2-DoorWirelessReaderInterface
WirelessReader (x2)
CardReader
Smart Card/Biometric
Reader
CCTVCameras
Pan/Tilt/Zoom
Audio(Microphones)
Network VideoRecorder
IntelligentVideoServer
Network Addressable Cameras• Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1)
Input Control Module
Output Control Module
VideoViewerDepartment ManagerDecentralized Access Privilege Management
Alarm Receiver
LOGICALLY TEAMED WITHIN ONGUARD SOFTWAREReception
Visitor Check-in StationDepartment Manager
Decentralized Access Privilege Management
*Supported Readers Include:• Contact/Contactless• Biometric• Proximity
• Wiegand• Magnetic Stripe• Bar Code
Access C
ontrol
Support■ Desktop or Browser-Based Client
■ Available for ADV, PRO and Enterprise Configurations
Features■ Easy Deployment and Installation
■ Wizard-Like Interface
■ Audit Trail
■ Complete Reporting Capabilities
Benefits■ Simple Management of Access
level permissions
■ Powerful Business Productivity Tool
■ Decentralization of Access Privilege Management
■ Reduced Training Costs
■ Less Time Invested in Modifying Access Levels
Business Productivity Tool
OnGuard Area Access Manager is a business productivity solution that enables authorized
managers to control cardholder access to specific physical areas. A manager need only log in to the
Area Access Manager application using a standard desktop PC or browser. OnGuard Area Access
Manager displays a list of areas over which the manager has control, as well as a list of all personnel
who have access to those areas. The manager can then assign or remove the access rights of
employees to areas within his or her operational domain.
Immediate Return on Investment
OnGuard Area Access Manager provides a simple yet robust method for remotely administering
access by individuals to specific areas in a facility. Using OnGuard Area Access Manager, corporate
security departments can give managers independent control over the physical areas and staff for
which they are responsible. This capability eliminates the ongoing need for intervention by a security
administrator in order to assign or remove access privileges for each employee, thereby saving both
time and money.
Audit Trail and Reporting Capabilities
OnGuard Area Access Manager’s seamless integration with other OnGuard applications provides a
complete audit trail and reporting capabilities. All access privilege assignments and removals are
logged to the database with a time and date stamp and the identity of the manager who completed
the transaction.
Intuitive, Wizard-like Interface
OnGuard Area Access Manager uses an intuitive wizard-like interface to provide fast, efficient
management of specific physical areas. The application simplifies process of adding or removing
cardholder access privileges, thereby streamlining training and minimizing the learning curve.
Browser or Client-based User Interface
Area Access Manager offers two different deployment models, desktop and browser-based client.
Both modules are designed to allow users the ability to easily access cardholder information and
assign/modify/revoke access permissions to the designated areas. Customers deciding to migrate
from the desktop model to the browser-based client model will find an identical wizard process,
eliminating the need for re-training. The browser-based client deployment also offers a no-cost
OnGuard VideoViewer component that is built into the user interface, allowing department
managers to view video related to their specific areas.
Required Applications
■ OnGuard Access
Area Access Manager
5
Acc
ess
Con
trol
6
Step 1: Search
Step 3: Select Access Levels
Step 2: Select Cardholders
Step 4: Confirm!
Browser-Based Thin ClientDesktop-Based Rich Client
OnGuard Area Access Manager
Access C
ontrol
Support ■ Uses Existing Desktop
Infrastructure
■ Easy Installation and Deployment
■ OnGuard BadgeDesigner
■ Photo/Signature Capture
■ Bulk Sign-In/Printing
■ Prescheduled Visits
■ Group Enrollment
■ Employee Host Assignment Function
■ Single Click Sign-In/Sign-Out Process
■ Assign Visitors Access to Secured Areas
■ Multiple Page, User-Definable Field Support
■ Customized Visitor Badge Layouts
■ Visitor Tracing
■ Business Card Scanner Interface
■ Track Scheduled versus Actual Visit Times
■ Send E-mail to Hosts Upon Visitor Arrival
■ Biometric Capture and Encoding
Reports ■ Daily Visitors
■ Visitor Activity
■ Visitor Arrival and Departure Times
■ Custom Reports
■ Additions and Changes to Visitor Record
Benefits ■ Reduced Total Cost of Ownership
■ Streamlined Data Collection and Management
Advanced Visitor Management
OnGuard Visitor is a dependable and cost-effective visitor management application that enables an organization to manage and track visitors throughout its facilities, using standard desktop technology. Whether it is implemented as a standalone system or seamlessly integrated with other OnGuard application modules to create a total security management environment, OnGuard Visitor offers unlimited flexibility by allowing IT and security managers to further capitalize on the existing IT investments made in their facilities.
Visitor Enrollment
Visitors can be quickly and efficiently enrolled into the system. Prior to a guest’s arrival, an OnGuard operator can enter pertinent visitor data into the system, assign an employee host to the visitor, assign active date ranges for the person’s scheduled visits, optionally capture the visitor’s photo and signature, and assign access privileges to the visitor. Then, upon arrival, the visitor can be signed in with a simple mouse click, a guest badge can be printed for the person, and the employee host can be notified electronically. For large groups, OnGuard Visitor provides bulk sign-in and printing capabilities.
OnGuard Visitor also offers the ability to enroll in advance both visitors and their upcoming visits. Visitor information can be either imported into the system or manually entered from any licensed desktop within the organization. Employee hosts can be preassigned at the time the visit is scheduled, and a printed badge can be ready for the guest upon arrival.
User-Definable Visitor Fields
A system administrator can customize OnGuard Visitor’s data entry forms to meet an organization’s unique data requirements. New fields can be added, existing ones modified, and unwanted fields deleted on multiple pages of visitor forms. Name, company represented, vehicle information, employee host, and reason for the visit are just a few of the fields that can be created.
Visitor and Visit Tracking
OnGuard Visitor provides detailed visitor and visit tracking mechanisms. OnGuard system administrators can track visitors scheduled arrival and departure times against their actual in and out times. If a visitor has been assigned access rights to card readers, system operators can tightly track the visitor’s movement throughout the facility using the OnGuard Alarm Monitoring application. OnGuard Visitor can be integrated with OnGuard VideoManager, allowing administrators to link digital video clips to visitor activity.
Advanced Visit Activity User Interface
OnGuard Visitor provides an advanced Visit Activity Status user interface. This interface displays a list of all visits that are due to occur and/or are due to expire within a user-defined period of time. It also shows the current status of all active visits in the system. The Visit Activity Status UI refreshes updated information in user-defined increments, providing receptionists and guards at visitor checkpoints with up-to-the-minute information related to all system visit activity.
Required Applications
■ OnGuard ID CredentialCenter
Visitor
7
Acc
ess
Con
trol
Complete Reporting Capabilities
OnGuard Visitor has complete reporting and auditing capabilities. All visitor transactions and movements that occur throughout the facility are recorded and stored in a detailed audit trail. All additions and changes to visitor records are also tracked by the system. Standard reports include Daily Visitors, Visitor Activity, and Arrival and Departure Times, among others. Custom reports can also be produced using industry standard report writers.
OnGuard Visitor
8
Access C
ontrol
Support■ Lenel Alarm Hardware
• LNL-1100 Alarm Input Module
• LNL-1200 Alarm Output Module
■ Supported Intrusion Panels:
• Bosch (Radionics) 9412, 7412
• Bosch (Detection Systems) DS7400xi, DS7400xi 4+
• Galaxy (models 8, 18, 60, 128, 500, 504, 512)
■ Supported Fire Panels:
• Siemens MXL/MXL-IQ
• Notifier AM-2020, NFS-640
• ESPA 4.4.4 protocol
■ Supported Receiver Formats:
• SIA 1, SIA 2, SIA 8, SIA 20, SIA 2000
• Radionics BFSK, Modem II, IIE, 3A
■ Supported Alarm Receivers:
• Bosch/Radionics 6500/6600
• Digitize 3500
• Osborne-Hoffman OH-2000
• AES-Intellinet 7000
■ Ethernet or RS-232 Communication
■ Unlimited Panels and Receivers
Features■ Complete Monitoring & Reporting
Capabilities
■ Integrated User Interface
■ Command and Control of Daily Operations
■ Complete Audit Trail
■ Centralized Data Management
■ Reliable Information Delivery
■ Custom Event Code Mapping
■ Receiver Account Auto-Add Feature
■ Complete Configuration of Alarm Areas for Each Account
■ Custom Alarm Zone Configuration
■ Centralized Monitoring
■ Full Reporting of All System, User and Alarm Events
Benefits■ One System to Monitor, Learn,
and Manage the Security Environment
Advanced Management of Fire & Intrusion Detection Systems
OnGuard Fire & Intrusion is an advanced solution for managing fire and intrusion events and maximizing return on investments in legacy intrusion/burglar/fire panel and central station receivers. Events generated in these parallel systems now have an additional means of monitoring and response. OnGuard allows customers to monitor these disparate systems from a single interface. Support is available for well-known brands such as Bosch (Radionics/Detection Systems) intrusion panels, Galaxy intrusion panels, Siemens fire panels, Notifier fire panels, the ESPA 4.4.4 protocol, and central station receivers from Bosch, Digitize, Osbourne-Hoffman and AES-IntelliNet. The supported central station receivers collectively support hundreds of different alarm panels and numerous industry formats, collectively accounting for over 90% of all burglar, fire, safety, nurse call and remote dialer systems in use today.
Lenel Alarm Hardware
Lenel offers alarm control panels that are seamlessly integrated within the OnGuard field hardware architecture. Lenel Intelligent System Controllers can manage a mix of LNL-1100 (Input Control Module) and LNL-1200 (Output Control Modules) dedicated alarm panels. The LNL-1100 can manage up to 16 inputs with two outputs. The LNL-1200 can manage up to 16 outputs. Lenel also offers the Lenel Command Keypad (LNL-CK), an LCD display keypad for users to execute local I/O functionality. The LNL-CK has 32-character display with a 16-position keypad that features arm, disarm, bypass and force arm alarm groups.
Fire Panel Interface
OnGuard supports secondary annunciation of events from several industry-standard fire alert panels, including models from Siemens and Notifier. When a specific fire alarm is triggered, the event is communicated to OnGuard. Users can define specific immediate response mechanisms, such as linked digital video, global I/O function and e-mail/paging alerts.
Intrusion Panel Interface
OnGuard supports secondary annunciation of events from multiple industry-standard intrusion detection panels. It also allows administrators to define zones and areas with logical names locally in the OnGuard database to identify the physical location of each alarm point, arm/disarm station or motion detector. When an event occurs, OnGuard identifies the source of the event by name, and tells the operator how to respond.
Required Applications
■ OnGuard Access
Options to Deploy
■ Alert System Interface■ Fire Alarm Interface■ Intrusion Panel Interface
Fire & Intrusion
9
■ Intercom Interface■ Central Station Receiver Interface
Acc
ess
Con
trol
Enhanced Reporting Capabilities
With OnGuard’s advanced reporting capabilities, administrators can run complete reports based on related activities from integrated intrusion panels. Here is a sample of report opportunities:
■ A “Fire Zone Missing” report determines if any fire detection zones were not reported as being online.
■ An OnGuard scheduler status report determines if all scheduled activity was executed as instructed.
■ An “Output Relay” report shows every action setup or modified in relation to respective output relays.
■ An “Opening/Closing” report shows when areas were armed/disarmed and when arm delays were active.
■ Cardholder activity reports can be generated to show the activity of all or specific cardholders between access control readers on OnGuard hardware or intrusion panels.
Central Station Receiver Interface
The OnGuard Central Station Receiver Interface provides a number of features to make event information displayed in the OnGuard Alarm Monitoring application more useful. OnGuard administrators can assign account numbers to panels connected to the central station receiver, to ensure accurate identification. Furthermore, groups can be created to lump together multiple panels in expansive deployment settings. Even in situations where an event is generated from a panel not yet named in the system, the database will automatically add the panel (using the account number as the name), which can be accurately identified at a later time.
Alarm panels connected to receivers report their events in a large variety of data formats. OnGuard provides a mapping between the event codes generated from receivers and panels and existing OnGuard events. Custom event code mappings can also be defined based on how a particular panel is configured.
OnGuard Fire & Intrusion
10
Credential
ID CredentialCenter
11
Overview
OnGuard ID CredentialCenter offers the most expansive set of capabilities available to manage the
employee security information life cycle, from data entry to access revocation. Cardholder
information is managed centrally, providing ease of enrollment, information management,
integration with LDAP, badge design, printing and encoding, and cardholder credential activity
reports. OnGuard makes every aspect of working with employees and their credentials easy to use,
easy to investigate and easy to report. Refer also to the OnGuard Biometrics & Smart Cards product
sheet for information about OnGuard’s smart card capabilities, and to the OnGuard Visitor product
sheet for visitor management capabilities.
Centralized Enrollment & Credential Management
A typical organization needs to manage credentials for employees, contractors and visitors.
Administrators need to manage each individual’s data and the credentials he uses to access
organizational resources, both physical and logical. OnGuard can help implement a secure platform
by which employee’s access to the business can be known and managed from beginning to end.
Using OnGuard Integration Tools, cardholder information can be constantly retrieved and updated
from the organization’s central identity management program, keeping the physical security program
in line with all organizational standards. From enrollment through revocation, OnGuard ID
CredentialCenter provides complete management of all data relevant to each cardholder and his
credentials.
Integration with LDAP
Users with an LDAP-based system for managing network identities [Active Directory, Sun Network
Management (formerly iPlanet)] can directly link cardholder accounts in OnGuard to their respective
LDAP accounts. In doing so, administrators in either system can control or restrict both physical and
network access as a security measure against specific employee(s). OnGuard can also automate
the creation or removal of a cardholder account when the LDAP account is created.
Integrating with Identity Management Systems
Businesses are seeking to adhere to stronger and more secure processes in pursuit of legislative
compliance. Increasingly, identity management systems dictate important security permissions for
employees throughout the business, ensuring that business rules are applied in every corner of
every program. OnGuard can be configured to accept security rules from the IDMS to enforce
company-wide standards.
Support■ Support for Industry Standard ID
Card, Reader and Printer Technologies
■ ID Cards/Readers• Lenel OpenCard™• iCLASS®• MIFARE®• DESFire®• Contact Smart Card• Proximity• Magnetic Stripe
■ Printers• Any Printer with Windows
2003/XP/2000 Drivers• Nisca®• Ultra/Magicard®• Evolis®• Zebra®• Fargo®• Datacard®• DFS®
Features■ High Speed Photo Capture
■ Signature Capture
■ Intelli-Check ID Check Integration
■ Full Biometric & Smart Card Management
■ Import Utility to Retrieve Data from Driver’s Licenses, Passports or Other Credentials
■ User-Definable Data Fields
■ High Resolution Lighting Kit
■ Import/Export Feature
■ In-line Encoding of Magnetic Stripe, Bar Code & Contact(less) Smart Card
■ PDF-417 Bar Code Support
■ Image Compression Control
■ Image FX Gallery
■ Program Badge Functionality
■ Chroma key and Ghosting
■ High-Quality, True Color Credential Production
Cre
dent
ial
OnGuard ID CredentialCenter
12
Cardholder RecordsA cardholder record in OnGuard ID CredentialCenter can be created manually, or auto-generated from data received from a third-party application. Once a cardholder profile has been established, the balance of the person’s security permissions can be configured. Categories include:
■ Access Levels - single access points or logical combinations of access points.
■ Assets - create records of laptops, projectors and other office assets assigned to a cardholder and link them to a cardholder account.
■ Biometrics - manage the biometric templates of cardholders needing access to secured areas requiring biometric templates be used and when necessary encode or program this template to a smart card or manage it in an OnGuard Intelligent System Controller.
■ Directory Accounts - link cardholder account to LDAP account.
■ Logical Security - link cardholder account to logical security system. Support includes ActivIdentity CMS and Bioscrypt VeriSoft.
■ Visits - records of individuals who have visited a facility that were sponsored by the cardholder.
BadgeDesignerCardholders are often issued physical credentials (identifiers) which can be used to enable access to facilities and logical resources. For cards, OnGuard offers BadgeDesigner, a program that allows you to create/insert graphics into badge layouts that are used when producing cards. This user-friendly program allows users to manage layouts, both simple and sophisticated, for single sites or enterprise systems.
Card Printing, Encoding & ProgrammingA key component of many ID management programs is the physical card used for access control. OnGuard ID CredentialCenter can manage the processes of laying out the card design text and graphics, and printing the card. During printing, badge IDs can be encoded to magnetic stripes or contactless smart chips. OnGuard is the only non-proprietary solution on the market that offers the ability to program blank HID iCLASS contactless smart cards. From start to finish, OnGuard ID CredentialCenter lets you enable a quick and effective card production process.
Cardholder ReportsAny cardholder can potentially be involved in a security incident. A good security program will immediately recognize when a security incident occurs. It can also promptly and accurately identify problematic trends that might indicate that an incident is about to occur. OnGuard provides standard reports that can be quickly generated. For example, the Badge Use report can list exactly when and where a specific card was used within a given period of time.
Badge Printing and Encoding with Complete Smart Card Support
OnGuard SecurityServer
OnGuard ID CredentialCenter
Image/Photo Capture Device
Smart Card Reader w/Encoding
Card or Badge Printer
Smart Card
Passport, License, or Military ID Scanner
Iris/Retina Capture Device
Fingerprint Capture (Slap or Roll)
Other Supported Biometric Capture Devices
CORPORATE HEADQUARTERS LOCAL AREA NETWORK (TCP/IP)
AD/LDAP NetworkAdministration Server
Card Management System or Certificate Authority* For use with smart card enabled systems or when
using digital certificates and PKI infrastructure External Database(SAP, PeopleSoft, Oracle, etc.,
Human Resources, IDMS)
Credential
Biometrics & Smart Cards
13
Integrated Biometric and Smart Card Management
Biometrics and smart cards are two of the most powerful security solutions available today. While there is an assortment of products on the market purporting to offer high security, not all of them provide the optimal experience for the user. Lenel has developed OnGuard Biometrics & Smart Cards to help customers leverage their OnGuard systems to support industry leading biometric and smart card technologies. This solution offers customers a seamless enrollment and verification experience, to simplify management and optimize security while providing added functionality.
Biometric Templates
Many organizations have begun to use biometrics to add a layer of protection beyond using cards and PIN at specific access points. Cardholders who must use biometrics for secure-area access can enroll their fingerprint, hand geometry or iris data easily and securely using OnGuard ID CredentialCenter. System administrators that add biometric verification capabilities to secured doors and desktops continue to use a single point of enrollment for all cardholders. Rolling out OnGuard Biometrics & Smart Cards involves capturing the cardholder’s biometric data, managing it in a secured database, and storing the template. Templates can be managed in the Intelligent System Controllers or on smart cards. Both models are achieved by leveraging existing investments made in OnGuard Intelligent System Controllers and cardholder credentials. The cardholder’s biometric template is securely managed, ensuring that the individual’s personal data will not be compromised.
Secure Cards
The enhanced security offered by smart cards has increased their popularity. Although magnetic stripe and proximity cards are easier to manage than traditional locks and metal keys, their vulnerability is that someone who can obtain the card-based data can reproduce the cards. By contrast, smart cards perform a procedure known as mutual authentication, which requires the smart card and the card reader to identify each other before data can be communicated. While proximity merely waits for a signal from a badge and automatically transmits data for verification, smart cards work in conjunction with readers to safeguard biometrics and other data on the card.
Smart Card Profiles
The ability to use a smart card for multiple applications besides security presents new opportunities for users. A magnetic stripe card contains a unique identifier that is accessed whenever the card is used—in vending machines, at doors, etc. By contrast, a smart card can support multiple, independent applications, each of which is protected by its own software key stored on the card. Each different application protects its own data, but all data is stored on one physical card. An advantage of the OnGuard solution is its ability to perform in-line encoding of multiple applications on a smart card during cardholder enrollment or badge printing. An OnGuard system administrator can create a unique smart card profile for each cardholder to manage and update the person’s card data.
OpenCard Format
OnGuard can produce smart cards that can be used across multiple systems. Lenel technologies can produce and read a variety of standard card formats, including the new PIV II and a variety of government smart card formats. Additional formats allow creation of iCLASS, MIFARE, DESFire, and magnetic badges that are compatible with many standard readers. This eliminates the need for third-party card encoding software in most cases.
Required Applications
■ OnGuard Access and/or OnGuard ID CredentialCenter
Support■ Supports Template-On-Card and
Template-On-Server Data Models
■ Supports Biometric Readers from:• Bioscrypt (V-Series) • Cross Match (for enrollment only)• Identix• Integrated Engineering SmartTouch• LG (3000+ iCAM 4000 series)• Schlage Recognition Systems• Ultra-Scan• Lenel
■ Supports Contactless Smart Cards / Readers from:• Lenel (OpenCard, PIV End-State,
MIFARE, DESFire)• Banque-Tec (MIFARE)• HID (iCLASS, MIFARE, DESFire,
PIV End-State)• Integrated Engineering (MIFARE,
DESFire, PIV End-State)• OMNIKEY (iCLASS, MIFARE)• XceedID (iCLASS, MIFARE,
DESFire, PIV End-State)
■ Supports Contact Smart Cards / Readers from:• ISO 7816-4 Providers• Gemalto (Cryptoflex, Payflex,
Cyberflex)• OMNIKEY (ISO 7816-4)• Veridt (CombiSmart)
Features■ Fast, Efficient, Enrollment Using
OnGuard ID CredentialCenter
■ User Friendly GUI
■ Accurate, Non-Intrusive
■ Biometric Verification
■ Single Networked System
■ Unique Distributed Architecture
■ Access Decisions Made at the Panel or Credential Level, Even When Off-line with the Database Server
■ Centralized Reporting and Audit Trail
■ Share Biometrics Between PACS & LACS for Login to User’s Directory Accounts
Benefits■ Increases Security
■ Eliminates Multiple Systems and Databases
■ Reduces Total Cost of Ownership
Cre
dent
ial
OnGuard Biometrics & Smart Cards
14
Bioscrypt Support
OnGuard offers a fully-integrated, fingerprint authentication access control application reader for distributed controller and smart card solutions by integrating with the Bioscrypt V-Flex, V-Smart and V-Station fingerprint readers. Credentialholders’ fingerprints are captured during enrollment, and either downloaded to the LNL-2000 or directly written to a smart card chip using standard contactless smart card technology. Once users are enrolled for Bioscrypt physical access control products, they are automatically enrolled for use in Bioscrypt VeriSoft logical access control system. VeriSoft is seamlessly integrated with OnGuard, and allows desktop users to actively maintain their password profile for access to an assortment of network and software applications and web sites.
IR - Schlage Recognition Systems Support
OnGuard provides advanced hand geometry support using Schlage HandKey, HandKey II, and ID3D hand geometry readers. Schlage readers utilize field-proven technology that maps and verifies the size and shape of a person’s hand. Each hand template requires only 9 bytes of information, for fast enrollment and minimal data storage in the OnGuard database and at the LNL-2000.
LG Iris Support
OnGuard provides advanced iris verification support for customers seeking to establish the highest level of access control. By seamlessly integrating iris technologies from LG Electronics, OnGuard supports storage of iris templates on HID iCLASS 16K contactless smart cards for local verification. Users can enroll and receive their encoded credentials via OnGuard ID CredentialCenter.
LNL-500 ISC LNL-2000 ISC LNL-2000 ISC LNL-2000 ISC
LG ICU
Single Sign-On Support
Iris Support Fingerprint/ Hand Geometry Support
LNL-1300 RIM
LNL-1300 RIM
LNL-1300 RIM
LNL-500B RIM
LNL-500B RIM
Bioscrypt V-Flex LNL-BIO-007 HID iCLASSReader
LG IrisScan
LOCAL AREA NETWORK (TCP/IP)
OnGuard Integrated Monitoring Workstation
OnGuard Integrated Monitoring Workstation
USB Desktop Smart Card
Reader
USB DesktopBiometric/Smart Card
AuthenticationUnit
BioscryptV-Smart G
MIFARE Smart Card Reader
Video
Support Multiple Resolution Options:
■ QVGA (320 x 240)
■ CIF (352 x 288)
■ VGA (640 x 480)
■ 4CIF (704 x 576)
■ D1 (720 x 480 DVD quality)
■ Multiple Megapixel Resolutions
Multiple Frame Rates:
■ Up to 60, depending on recorder device
Compression:
■ MPEG-4
■ MJPEG
Recording Options:
■ Analog video input
■ Network video input
■ Continuous
■ Time-lapse
■ Event-driven
■ Synchronized audio & video
Extended Storage Options:
■ Direct-Attached Storage (DAS)
■ Network Attached Storage (NAS)
■ Storage Area Network (SAN)
Monitoring Options:
■ Integrated monitoring
■ VideoViewer
■ Remote monitor
■ Barco display integration
Event Options ■ PTZ on event
■ Auto-launch on event
■ Record on event
■ Monitor events
■ Investigate events
■ Archive event video
Overview
OnGuard VideoManager is the most flexible and dynamic video system available today. With
enormous 3,000+ channel installations operating around the world, OnGuard VideoManager offers
customers the scalability to take small and simple video needs to large and sophisticated enterprise
video. OnGuard VideoManager is seamlessly integrated with OnGuard, offering customers the
many benefits of applications inside the OnGuard portfolio, including OnGuard Access and OnGuard
Fire & Intrusion. By integrating with OnGuard, customers can realize a true, event-driven system
architecture whereby actionable security is enabled by linking real, live security-related events.
Event video can be monitored in several ways. For those organizations with sophisticated
monitoring needs, OnGuard IntelligentVideo offers an array of algorithms and packaged solutions
for everyday security challenges such as loitering, objects entering an area or object leaving an
area. For those customers who want to use OnGuard IntelligentVideo in forensic investigative mode,
there is no additional charge. All angles are covered with OnGuard VideoManager.
Configuration
OnGuard VideoManager’s powerful configuration options enable administrators to design simple
and straightforward systems, or expansive and sophisticated solutions tailored to their specific
needs. Camera resolution support ranges from basic QVGA (320 x 240) to high resolution D1 (720
x 480 DVD quality). An array of frame rates are available, and are dependent on video capture
modules with both MPEG-4 and MJPEG compressions. OnGuard VideoManager also offers several
recording, extended storage and monitoring options. Customers can record in continuous,
time-lapse, event-driven or synchronized audio and video modes, and store that video on
industry-standard, off-the-shelf hardware, including Direct Attached Storage (DAS), Network
Attached Storage (NAS) and Storage Area Networks (SAN.) Once video is set up, it’s time to monitor
it. OnGuard VideoManager offers several options for viewing, including through OnGuard Alarm
Monitoring, OnGuard VideoViewer, OnGuard Remote Monitor and a Barco digital display wall.
OnGuard VideoManager lets you build your video system with our software.
Event-Driven Solution
For every aspect of a video system, alarm event conditions drive the solution. PTZ on event.
Auto-launch on event. Record on event. Monitor events. Investigate events. Archive event video.
OnGuard VideoManager is the event-driven solution.
Monitoring
OnGuard leads the industry with the most robust monitoring application available. OnGuard Alarm
Monitoring communicates the status of video recorders and network cameras, illustrates alarm
location with the use of multimedia graphical maps, and enables operators with in-view PTZ control,
auto-launch of video on alarm and camera touring. OnGuard also offers users a variety of monitoring
interfaces, from the Remote Monitor to the Barco video wall. No matter what the monitoring
requirement is, OnGuard has an interface to match.
VideoManager
15
Vide
o Analytics
Research has proven that even an efficient monitoring staff has a decrease in focus after just one hour of video viewing. Often, situations that should be detected are not, presenting security with a reaction scenario. Short of having full time, highly focused monitoring, video intelligence is a viable option for any customer. By having the system provide more support, security managers and operators can focus on the security of people, information and assets. OnGuard IntelligentVideo offers security conscious organizations the opportunity to configure viewing areas to capture alarms in real time, or to forensically search recorded video post-event. Some situations, such as loitering, may present an immediately acknowledgeable threat to security, while a briefcase being taken usually will reveal itself after the fact. In live scenarios, events go directly to OnGuard Alarm Monitoring and can be brought to the attention of security. In forensic scenarios, security can identify activity that was indicative of a security event in question, such as an object crossing a line showing a person entering a sensitive area containing information, or an object removed, which highlights items such as a briefcase or laptop that was taken from a scene. OnGuard IntelligentVideo offers a multitude of tools for addressing security needs using the existing video infrastructure.
Investigation
Investigations are central to every security program. OnGuard VideoManager has several tools available that are critical to enabling successful investigations. Video event locking allows users to select which alarm event types automatically archive related video recordings. Centralized archiving allows administrators to ensure that event video is locked and archived in the case of late security event realization. Traces allow customers to select a specific badge or alarm point, and poll for all video associated with the badge’s use, or activity at the alarm point. Security evidence clips are available to be exported in industry standard formats, for use in the Lenel Video Player or standard media players such as Windows Media Player.
Management
OnGuard VideoManager offers customers a simple system management experience. OnGuard System Administration allows the customer to set up new video inputs, configure OnGuard IntelligentVideo, deploy an archiving strategy, adjust video tours, scale user permissions, and much more. For customers already using OnGuard, expanding with OnGuard VideoManager is simple and smooth. This enables users to perform video management on a low learning curve.
OnGuard VideoManager
16
NAS - NetworkAttached Storage
SECURE SOCKET
Digital Video Recorder
• Alarm Inputs (13) Network Video
Recorder
DEDICATED NETWORK VIDEO SUBNET
CCTV Cameras
Pan/Tilt/Zoom
Audio (Microphones)
IntelligentVideo Server
Network Addressable Cameras • Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1)
SAN - STORAGE AREA NETWORK
VIDEOVIEWER WEB CLIENTS
REMOTE MONITORS
LAN/WAN
OnGuard Integrated Monitoring Workstation
REGION 1 SECURITY OPERATIONS CENTER LOCAL AREA NETWORK (TCP/IP)
Video Wall
OnGuard Security Server
Third PartyMatrix Switcher
CCTV Cameras
Pan/Tilt/Zoom
Video
Support ■ Windows XP
■ SQL 2005 Express Database
■ 32 Card Readers (Up to 64)
■ Available with 8, 16 or 32 (NVR-based systems only)
Configurations ■ DVR-based
• DVC-ST • DVC-EX
■ NVR-based
• DVC-1U • DVC-Dell
Features ■ Access Control, ID Management
and Digital Video, all in one unit
■ Connects to existing analog video systems
■ Ease of migration to traditional OnGuard architecture
Benefits ■ Preconfigured and ready to GO!
■ Minimum one-day setup time savings over traditional interfaced access control and digital video systems
■ Minimum 1U rack space savings
OnGuard GO! - Seamless & Simple - All In One Box
OnGuard GO! is the fast track to using the most powerful security platform in the industry. With
access control, ID management and digital video all available on the same server as the database,
customers with entry-level system requirements have the luxury of all applications in one unit,
saving valuable IT resources by not requiring a separate security server. OnGuard GO! is the choice
for customers with one to many stand-alone locations and the need for consistent deployments of
access control, ID management and digital video applications. Customers who start with the
simplicity of OnGuard GO! also have the flexibility to expand to larger systems that might require
additional computing resources, while maintaining a consistent user interface and system
administration experience with no retraining required. OnGuard GO! can start your security
deployment today!
Single Unit for Everything
Customers with security applications ranging from access control, to ID management, to digital
video can start with one application and add more as requirements evolve. Customers who want to
start with video only and add modules later can do so without needing additional server hardware.
OnGuard GO! is built with an additional hard drive for the OnGuard application and database,
enabling a true single unit solution for entry-level access control, ID management and digital video.
Easy Upgrades to Traditional OnGuard Architecture
OnGuard GO! can make sense for customer needs today, but what will they do in a couple of years
when they need more? OnGuard GO! is designed to offer standard, entry-level access control, ID
management and digital video. Many customers have realized the investment value of addressing
today’s needs with the simplicity of OnGuard GO! Many more have also expanded on that initial
investment and, when expansion was necessary, upgraded the OnGuard GO! system to a traditional
OnGuard architecture. This migration involves a couple of straightforward steps. A new OnGuard
security server is introduced, the database is moved to the new server, and the original GO! unit is
converted to a dedicated video recorder. OnGuard GO! can start small and grow big to satisfy any
customer’s requirements.
Stand-alone Digital Video
Customers looking for stand-alone digital video recorders can use a Lenel video recorder with the
OnGuard GO! configurations. The OnGuard GO! configuration has the administration applications
and database on the video recorder, saving money by not requiring a separate security server to
launch the most powerful security system available. Furthermore, customers can take the single
stand-alone video recorder and add OnGuard’s robust Access Control, Fire & Intrusion and ID
Management applications, as well as countless software options. For customers expanding an
existing analog environment by upgrading to a DVR, or embracing IP by migrating to network video,
Lenel video recorders offer the flexibility to initiate an integrated security architecture by focusing on
stand-alone digital video, then expanding the system when the time is right.
GO!
17
Vide
o
OnGuard GO!
18
Optional Monitor
OnGuard Security ServerDigital Video
Recorder
CCTV Cameras
CCTV Cameras
CCTV Cameras
Pan/Tilt/Zoom
Client Workstation Client WorkstationClient Workstation
Traditional OnGuard System
Inputs Outputs
Controller
Optional Third Party
Matrix Switcher
Digital Video Recorder
CCTV Cameras
Pan/Tilt/Zoom
Client Workstation Client Workstation
REGION 1 SECURITY OPERATIONS CENTER LOCAL AREA NETWORK (TCP/IP)
OnGuard GO! Integrated Solution
Inputs Outputs
Optional Controller
Optional Third Party
Matrix Switcher
OnGuard GO!:OnGuard ServerOnGuard Client
Digital Video ManagementSystem Administration
Access ControlAlarm MonitoringID Management
13 Dry Contacts (inputs)
CORPORATE HEADQUARTERS LOCAL AREA NETWORK (TCP/IP)
DVC-EX Chassis (3U)
Analog
Analog and Network
DVC-1U
Network
DVC-Dell
NVR-based GO! Systems DVR-based GO! Systems
DVC-ST Chassis (4U)
Network
Advanced
Support ■ Unlimited Regional Servers
■ Unlimited Cardholders
■ Unlimited Simultaneous Users
■ Unlimited Card Readers
■ Unlimited Alarm Inputs
■ Unlimited Client Workstations
■ Unlimited Time Zones
■ Unlimited Simultaneous Monitoring
■ Unlimited User Privilege Levels
■ Unlimited Relay Outputs
Features ■ Data Synchronization Between
Multiple Databases via LAN/WAN Connections
■ MobileBadge™ Functionality for Enrolling Cardholders at Remote Sites
■ Segmented Database Architecture
■ Open Architecture Design Utilizing Commercial, Off-the-Shelf Products
■ Intelligent Fault Tolerant Response System
■ Advanced Network Design
■ Powerful Import & Export Capabilities
Options ■ Multi-Regional Alarm Monitoring
Advanced Enterprise Security Integration
OnGuard Enterprise is the industry’s first multi-server, synchronized database solution designed for enterprises with multiple facilities spread across geographical areas.
OnGuard Enterprise allows corporate security and IT managers to maintain central control over the entire integrated security system, while allowing regional offices to maintain independence and autonomous operations of their respective individual regional security systems.
Central Database Storage Facilities
OnGuard Enterprise gives corporate security and IT managers complete command and control over all system and event information. All cardholder and access control field data accumulated at the regional servers is synchronized and logged to a master enterprise server. This gives corporate security managers full viewing control over central alarm monitoring, reporting, and auditing functionality.
Autonomous Regional Operations
OnGuard Enterprise gives regional system administrators autonomous control over their individual regions, independent of the enterprise server and corporate wide area network. Each regional system administrator has total control over all access control field hardware and system information related to his respective region. Additionally, regional administrators and operators can view, control, and modify only the information and field hardware that is related to their regions.
Multi-Database Synchronization
At periodic intervals, each of the regional servers performs a synchronization process with the enterprise server via wide area network communication. All access control field and event information, as well as updated cardholder information, is uploaded to the enterprise server. The enterprise server then distributes any changes received from other regional servers, so that all servers are equipped operating with up-to-date information.
Scalability for Multinational Sites
OnGuard Enterprise is scalable, which makes it ideal for any size installation. It supports an unlimited number of regional servers and client workstations without system degradation. Its powerful, transaction-based architecture allows the system to grow and expand as the organization grows, while utilizing the same access control field hardware and application software.
Third Party Human Resource Interface
OnGuard Enterprise’s advanced interfacing capabilities allow bidirectional communication with third party databases—such as human resource systems—to transfer cardholder information. Updates occur in real time, and cardholder information is automatically downloaded to all associated access panels. If an employee is terminated, the information is transferred from the HR system to OnGuard Enterprise, which automatically removes all access rights for the cardholder and downloads the required information to the access controllers.
Enterprise
19
Adv
ance
d
Multi-Regional Monitoring and Administration
OnGuard Enterprise’s power and flexibility allows system operators to monitor alarms in multiple regions simultaneously. This means that regional operators might, for example, monitor alarm and event information locally during working hours, while enterprise operators might monitor alarms from all of the regions after hours. An unlimited number of regions can be monitored simultaneously. OnGuard Enterprise also allows enterprise system administrators to configure and administer multiple regions from a single site.
A Single Card Enterprise Solution
With OnGuard Enterprise, each cardholder carries a single ID card that is usable at all regional sites in the system. Once the cardholder database has been distributed to the regions, each regional administrator can assign unique access levels for the cardholders that are allowed at his region. OnGuard Enterprise’s advanced security allows system administrators and operators to assign access levels for only those card readers that are in their respective regions.
OnGuard Enterprise
20
REGION 1 SECURITY OPERATIONS CENTER LOCAL AREA NETWORK (TCP/IP)
DEDICATED NETWORK VIDEO SUBNET
CORPORATE HEADQUARTERS LOCAL AREA NETWORK (TCP/IP)
MOBILE SOLUTION
SAN - STORAGE AREA NETWORK
WEB CLIENTS
TERMINAL SERVER
Region 1
Region n
WIDE AREANETWORK
LAN/WAN
Video Wall
Certification Authority
Card/Biometric Management
System
Smart Card/ Biometric Encoder
Smart Card/ Biometric Encoder
OnGuard ID CredentialCenter
Centralized Enterprise
Administration
Fault TolerantOnGuard Enterprise
Server
OnGuardDataConduIT
Logical AccessControl System
OnGuardDataExchange Human
Resources Database
Active DirectoryLDAP Directory
DataConduITQueue IBMWebSphere
Microsoft Message Queue
Mobile GuardWireless Device
USB Smart Card Reader
Remote Monitor
Disaster TolerantBackup Security
Server
OnGuardID CredentialCenter
Network- Management System
(SNMP Manager/Agent)
Building/ProcessAutomation System
(OPC Server/Client)
USB Smart Card Reader
Application Server• Internet Information
Services (IIS)
Fault Tolerant OnGuard Regional Server
• OPC Server/Client • SNMP Manager/Agent• MS SQL or Oracle
OnGuard Integrated Monitoring Workstation
USB Biometric
OnGuard Client Workstation • Integrated Monitoring
• Centralized Administration Mobile
Badging Station
USB Biometric
USBProx
Dual PathController
IntelligentDual Reader
ControllerIntercom Switcher
Courtesy/Duress Station
Central StationIntrusion Detection
Burg Panel
Intrusion Detection
Burg Panel
Fire Panel NAS - NetworkAttached Storage
Fire Panel
SECURE SOCKET
IrisReader(x4)
Digital Video Recorder
• Alarm Inputs (13)
*Asset Reader
Biometric Gateway
*Hand Reader (x8)
Fingerprint Reader
Dual Reader
Interfaces
ID Control Unit
Smart Card Reader
*Card Reader
Card Reader
Wireless Gateway
16-Door Wireless Reader Interface
Wireless Reader (x16)
Single Reader
Interfaces
2-Door Wireless Reader Interface
Wireless Reader (x2)
Card Reader
Smart Card/ Biometric
Reader
CCTV Cameras
Pan/Tilt/Zoom
Audio (Microphones)
Network Video Recorder
IntelligentVideo Server
Network Addressable Cameras • Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1)
Input Control Module
Output Control Module
VideoViewerDepartment ManagerDecentralized Access Privilege Management
Alarm Receiver
LOGICALLY TEAMED WITHIN ONGUARD SOFTWARE
ReceptionVisitor Check-in Station
Department ManagerDecentralized Access Privilege Management
*Supported Readers Include: • Contact/Contactless • Biometric • Proximity
• Wiegand • Magnetic Stripe • Bar Code
Advanced
Integration Toolkits
21
Features■ Technology Independent with
Support for XML, OLE, etc.
■ Powerful Application Programming Interface
■ Flexible Open Design
■ Easy Script Creation
■ Guaranteed Delivery of Alarms using OnGuard DataConduIT Toolkit
Benefits■ Leverages Existing Available
Information
■ Automates Business Process
■ Increases Return on Investment
■ Stronger Security
■ Reduces Total Cost of Ownership
■ Increases Security Intelligence & Accountability
■ Vast Integration Opportunities
Increased Security Intelligence
Information sharing is critical to the implementation of effective business systems. Proper integration of different systems is essential to increasing a company’s return on investment. Applications that use the same data through the same process increase productivity and reduce maintenance. OnGuard Integration Toolkits help customers achieve this level of integration by leveraging OnGuard as the central repository for all security information, and integrating through scripting to other applications such as human resources, ERP and directory servers.
Automate Business Processes
OnGuard DataConduIT is a great toolkit for automating business processes inside an organization. When events occur in either the security or IT domain, middleware developed using OnGuard DataConduIT can automatically trigger corresponding actions or changes between multiple systems. For example, when using account linkage, the removal of access rights to physical and logical areas can be streamlined. When an employee is terminated from any system (badge disabled in security, Windows Login Account disabled, etc.), OnGuard DataConduIT can trigger all other security or IT accounts to also automatically disable access, immediately suspending the employee’s rights to physical areas, network directories, e-mail, and other intellectual property.
Extensive System Integration Opportunities
OnGuard DataConduIT’s flexibility allows many unique business applications to be implemented by leveraging existing available data. The integration possibilities are endless. For example, programmers can develop the following services using OnGuard DataConduIT:
■ OnGuard cardholder accounts can be created based on the creation of a Windows account for that employee.
■ A disabled OnGuard badge can cause the cardholder’s Windows or other Active Directory/LDAP account to be disabled.
■ Customers can create scripts with sophisticated business rules to automate movement of data to and from human resource systems or directory servers.
■ Customers can create applications for deployment of OnGuard applications onto alternative mobile computing devices such as wireless PDAs.
■ Login access (activation of LDAP accounts) to computers located in a lab can be controlled based on card access of the person who carded into the lab.
Integration Toolkits and Standards to Enable
■ OnGuard DataExchange™■ OnGuard OpenAccess™ Alliance Program■ OnGuard DataConduIT™■ OnGuard DataConduIT™ Queue■ OPC Server/Client■ SNMP Agent/Manager■ Credential Agent
Adv
ance
d
OnGuard Integration Toolkits
22
OnGuard DataExchangeOnGuard DataExchange is an advanced data import/export application. DataExchange can be utilized in several ways. At initial population of the cardholder database, DataExchange facilitates database-to-database or flat-file data import from a human resources database (such as Oracle, PeopleSoft, or SAP) or a displaced legacy system. DataExchange can be configured to handle continual updates to/from these systems, reducing input time and allowing OnGuard to adhere to predefined corporate business rules. Export scripts can also be configured to communicate from OnGuard to other third party systems, such as time & attendance and meal systems.
OnGuard DataConduITOnGuard DataConduIT is an advanced Application Programming Interface, built on Windows Management Instrumentation (WMI), that allows real-time, bidirectional, seamless integration between OnGuard and IT applications. OnGuard DataConduIT enables OnGuard cardholder accounts to be linked to Windows Login Accounts. It also enables OnGuard applications to be deployed (full-scale or scaled-down versions) on alternative computing platforms. It allows information sharing and integration points with third party information system products such as Tivoli, HP OpenView and IBM WebSphere MQ Adapter.
Using OnGuard DataConduIT, system administrators can develop scripts and applications that allow events in one domain (security or IT) to initiate appropriate actions in the other. For example, administrators can link the OnGuard cardholder accounts to their respective Windows Login Accounts such that enabling or disabling one account automatically causes the other account to be enabled or disabled.
DataConduIT QueueDataConduIT Queue allows users of DataConduIT to queue event data if communications are lost. Upon reconnection, all queued events are brought into/out of the system, rather than being lost. DataConduIT Queue is recommended for implementations where data loss is not acceptable. Additional supported queues include Microsoft Message Queue and IBM WebSphere Message Queue.
OPC Client/ServerOnGuard supports OLE for Process Control (OPC) interfaces, which are based on Microsoft OLE/COM technology. OPC was designed to allow interoperability of building automation and process control systems, enabling the systems to bidirectionally communicate. OnGuard allows customers to utilize their systems as client or server for OPC alarms & events (historical) and OPC data access (real-time).
SNMP Agent/ManagerOnGuard has built-in support for network management system security via SNMP (Simple Network Management Protocol). A part of the TCP/IP protocol suite, SNMP facilitates the exchange of management information between network devices. Network administrators are familiar with SNMP’s ability to help them manage performance, identify and resolve network issues and plan for network growth. OnGuard is designed to play the role of agent (sending trap data to a ‘manager’) or manager (receiving trap data from an ‘agent’).
WebSphere MQ AdapterCustomers have the advantage of using OnGuard DataConduIT to implement advanced integration with the IBM WebSphere business integration platform. Customers can utilize WebSphere’s reliable messaging interfaces to develop security-specific, real-time, XML-based messaging. Specific information that can be leveraged includes cardholder data, visitor information, security-centric alarms, secure-credential data, and time & attendance information.
Credential AgentCredential Agent allows customers using smart card technology to efficiently obtain up-to-date information for third-party applications to a dedicated smart card data container. This process sequentially communicates to each established application at the time the card is being encoded, saving customers time in coordinating the data and writing in a single, seamless process.
OnGuard Security Server
CORPORATE HEADQUARTERS LOCAL AREA NETWORK (TCP/IP)
Building/ProcessAutomation System
SAP/PeopleSoft/OracleDatabase
LDAP orActive Directory
IBM WebSphere3rd PartySecurity System
NetworkManagement System
Advanced
Fault Tolerance and Disaster Recovery
Lenel offers multiple options for fault tolerance and disaster recovery, featuring in-the-box redundancy from the NEC Express5800/ft series and the advanced LAN/WAN failover capabilities of NEC ExpressCluster X software. NEC fault tolerant servers help organizations maintain a low cost of ownership by running only one instance of Windows, SQL Server and OnGuard, all while achieving 99.999% uptime. New capabilities even allow Active Upgrade, which enables the system to maintain full functionality while a service pack is applied or a full version upgrade is performed. Lenel also supports Microsoft Clustering.
Barco Wall Integration (SWG-1600)
OnGuard VideoManager offers a means by which to stream video through Barco digital controllers and display the video on high-definition Barco walls. Video can be easily matrixed over a multiple-screen display, providing maximum flexibility in bringing continuous or event-based video to the front of the Barco wall to aid in critical monitoring.
Extended Databases Options (SWG-1290,1293,1295,1440)
OnGuard supports databases from industry-leading vendors. OnGuard ships standard with Microsoft SQL Server. Oracle 9i and 10g Server support is also available for the OnGuard Security Server database. Organizations can choose the database that conforms to their corporate standards and support.
Thin Client Support (SWG-1360,1370)
OnGuard can distribute client applications via Microsoft Terminal Server or Citrix MetaFrame Presentation Server. This is ideal for organizations that have multiple-facility systems and dispersed client workstations that aren’t easily accessible when installations and upgrades are required.
Mustering (SWG-1120)
The OnGuard Mustering capability provides a way to account for cardholders who are located on-site during an emergency. Designated entry and exit card readers are used by cardholders to enter and depart hazardous and safe areas. When an incident occurs that warrants mustering, an online muster report is generated that provides a complete list of all personnel located within hazardous areas, as well as those who have registered at safe locations. The muster report updates in real time whenever a cardholder registers at a safe location.
Guard Tour (SWG-1130)
The Guard Tour feature checks one or more card readers or alarm inputs during routine tours to verify that predefined tour routes have been followed and completed. Guards use credentials at card readers or trigger inputs in a sequence along their watch path. Events sent to the OnGuard Alarm Monitoring application inform system operators that the guard has reached a checkpoint at the appointed time, early or late. Tours can be linked to live video in a “sliding window” format featuring multiple camera views that span the checkpoints already reached, the current checkpoint and anticipated checkpoints.
Software Options
23
Adv
ance
d
FormsDesigner™ (SWG-1210)
OnGuard FormsDesigner enables system users to customize the look and feel of the cardholder and visitor data entry forms. Custom fields can be defined to supplement or replace the application’s standard fields. Customization capabilities include:
■ Moving standard fields to different locations on cardholder forms or deleting undesired standard fields.
■ Adding new field(s) to the cardholder form, each with its own unique set of attributes.
■ Specifying size, text and alignment properties for each of the defined fields.
Language Packs (SWG-LP)
OnGuard software can be translated into multiple languages, to provide regional support in environments where languages other than English are required. Currently supported languages include: Arabic, Simplified Chinese, Traditional Chinese, Croatian, Czech, Dutch, English, Finnish, French, German, Hebrew, Italian, Japanese, Korean, Portuguese, Russian, Spanish and Swedish.
Cardholder Image Export (SW-1040)
The Image Export option enables system administrators to export cardholder images from the OnGuard ID CredentialCenter application to an industry standard JPEG (.jpg) file. The exported cardholder photos can be used in employee galleries, Internet directories or other human resource applications.
CCTV Interface (SW-1010)
The CCTV Interface allows users to integrate OnGuard with any Closed-Circuit Television (CCTV) system that utilizes ASCII switching commands. For each alarm or event in the system, up to three signals can be sent from an OnGuard Alarm Monitoring workstation to the CCTV switcher. OnGuard supports Bosch, Pelco, Vicon and other CCTV brands. The CCTV Interface allows the CCTV devices to be automated for optimal performance during an incident, giving administrators and operators an effective surveillance tool.
Video Verification (SW-1020)
The Video Verification option enables system operators to compare a live view of a person with the photo stored in that cardholder record in the database. As a real-time video stream is received from a CCTV camera at a particular access point, OnGuard displays the stored photo and live video image side by side, providing an additional layer of cardholder verification for access to high-security areas. The system operator can visually determine whether the person at the door is actually the cardholder or someone else who is using the card.
E-mail & Paging Interfaces (SWG-1260, SWG-1250)
Using the E-mail Interface, ASCII text messages can be sent to Microsoft Outlook/Exchange electronic messaging systems in response to system events or alarms. This capability is ideal for environments in which key personnel need to be notified immediately when a particular event occurs.
The Paging Interface generates outbound text messages based on system events or alarms. Numeric or alphanumeric messages can be sent to any pager that communicates using TAP (Telocator Alphanumeric Protocol). In addition, notifications of specific events, including personal duress alarms, are relayed using preprogrammed pager numbers. The Paging Interface is designed for use where responsibilities are distributed among multiple people and where paging is a common means of communication.
24
OnGuard Software Options
Advanced
25
REGION 1 SECURITY OPERATIONS CENTER LOCAL AREA NETWORK (TCP/IP)
DEDICATED NETWORK VIDEO SUBNET
Region 1
Region n
WIDE AREANETWORK
Smart Card/Biometric Encoder
Smart Card/Biometric Encoder
OnGuardID CredentialCenter
OnGuardID CredentialCenter
Network- Management System
(SNMP Manager/Agent)
Building/ProcessAutomation System
(OPC Server/Client)
USB Smart Card Reader
Application Server• Internet Information
Services (IIS)
Fault Tolerant OnGuard Regional Server
• OPC Server/Client • SNMP Manager/Agent• MS SQL or Oracle
OnGuard Client Workstation• Integrated Monitoring
• Centralized AdministrationMobile
Badging Station
USB Biometric
USBProx
Dual PathController
IntelligentDual Reader
Controller
Digital VideoRecorder
• Alarm Inputs (13)
*Asset Reader
Biometric Gateway
*Hand Reader (x8)
FingerprintReader
Dual Reader
Interfaces
*Card Reader
CardReader
SingleReader
Interfaces
CardReader
Smart Card/Biometric
Reader
CCTVCameras
Pan/Tilt/Zoom
Audio(Microphones)
Network VideoRecorder
IntelligentVideoServer
Network Addressable Cameras• Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1)
Input Control Module
Output Control Module
LOGICALLY TEAMED WITHIN ONGUARD SOFTWARE
EnterpriseMulti-Server Architecture
*Supported Readers Include:• Contact/Contactless• Biometric• Proximity
• Wiegand• Magnetic Stripe• Bar Code
Adv
ance
d
26
CORPORATE HEADQUARTERS LOCAL AREA NETWORK (TCP/IP)
MOBILE SOLUTION
SAN - STORAGE AREA NETWORK
WEB CLIENTS
TERMINAL SERVER
LAN/WAN
Video Wall
CertificationAuthority
Card/BiometricManagement
System
Centralized Enterprise
Administration
Fault TolerantOnGuard Enterprise
Server
OnGuardDataConduIT
Logical AccessControl System
OnGuardDataExchange Human
Resources Database
Active DirectoryLDAP Directory
DataConduITQueue IBMWebSphere
Microsoft Message Queue
Mobile GuardWireless Device
USB Smart Card Reader
Remote Monitor
Disaster TolerantBackup Security
Server
OnGuard Integrated Monitoring Workstation
USB Biometric
Intercom Switcher
Courtesy/Duress Station
Central StationIntrusion Detection
Burg Panel
Intrusion Detection
Burg Panel
Fire Panel NAS - NetworkAttached Storage
Fire Panel
SECURE SOCKET
IrisReader(x4)
IDControl Unit
Smart Card Reader
WirelessGateway
16-DoorWireless ReaderInterface
WirelessReader (x16)
2-DoorWirelessReaderInterface
WirelessReader (x2)
VideoViewerDepartment ManagerDecentralized Access Privilege Management
Alarm Receiver
ReceptionVisitor Check-in Station
Department ManagerDecentralized Access Privilege Management
PERPETUAL INNOVATION
27
Corporate Headquarters
1212 Pittsford-Victor RoadPittsford, NY 14534-3820TEL: +1.585.248.9720FAX: +1.585.248.9185
United Kingdom Office & Training Center
95 Maybury RoadWoking, SurreyGU21 5JLTEL: +44.1483.815230FAX: +44.1483.815231
Hong Kong Office & Training Center
Room 1401-2, 14/FChinachem Johnston Plaza178-186 Johnston PlazaWanchai, Hong Kong, SAR, ChinaTEL: +852.2893.2886FAX: +852.2893.7373
Dubai Office & Training Center
Building 5EB - Office 550Dubai Airport Free ZoneDubai, UAETEL: +971.4.609.1019FAX: +971.4.609.1021
Middle East Office & Training Center
Assaydeh Center, Main RoadMansourieh, Al MatnLebanonTEL: +961.4.409184FAX: +961.4.409569
Lenel Systems International is a leading provider of software and turnkey security systems for corporate and government markets. We focus on developing products that enable organizations to effectively protect and manage their people, property and assets by maximizing IT and infrastructure investments.
When we launched the OnGuard integrated solution in 1995, our pioneering efforts brought the power of leading-edge technology, the reliability of software industry standards, and the flexibility of open systems architecture to an historically proprietary security market. We swiftly moved to a leadership position by developing and delivering business solutions that protect people, property and assets. Today we’re recognized as the global leader and de facto standard in software and integrated systems for commercial and government security markets.
With nearly 15,000 system installations in 90 countries worldwide, we boast a blue chip customer base with a strong presence in a broad range of vertical markets. We have earned numerous awards for technology innovation, growth, market leadership and customer satisfaction. Lenel is part of UTC Fire & Security, a business unit of United Technologies Corp. (NYSE:UTX).
Lenel’s world headquarters are located in Rochester, New York. We also have major operational centers in London, Hong Kong, Beirut and Dubai, numerous satellite offices, and sales and support coverage worldwide.
28
Contact Information
www.lenel.com Lenel Systems International, Inc.1212 Pittsford-Victor RoadPittsford, New York 14534 USATel 585.248.9720 Fax 585.248.9185www.lenel.com
© 2007 Lenel Systems International, Inc.
Lenel’s flagship security platform, OnGuard®, seamlessly integrates a full suite of security
management functions and technologies using an open architecture design. OnGuard offers
access control, ID credential issuance and management, alarm monitoring, digital video
surveillance and management, real-time digital video content analysis, intelligent audio,
integration of biometric technologies, intrusion detection, visitor management and smart card
functionality, plus integration with a multitude of third party systems. Individual applications
are available as standalone systems, or can be deployed in any combination to deliver a
single integrated solution that uniquely satisfies each customer’s particular needs. OnGuard
systems offer unlimited scalability, and localization support for major world languages.
The possibilities are endless.