OnGuard®
OnGuard
®
SOFTWARE SOLUTIONS CATALOG
PERPETUAL INNOVATION
Manage Everything...
Contents
OnGuard Overview
Page
1
OnGuard Area Access Manager
5
OnGuard Visitor
7
OnGuard Fire & Intrusion
9
Credential Management Products
OnGuard ID CredentialCenter
11
OnGuard Biometrics and Smart Cards
13
Credential
3
Video
OnGuard Access
Access Control
Access Control Products
OnGuard VideoManager
15
OnGuard GO!
17
Advanced Products and Options
OnGuard Enterprise
19
Integration Toolkits
21
Software Options
23
Enterprise Diagram
25
Contact Information
28
Advanced
Video Management Products
Overview
Support
Total Security Knowledge Management Solution
■ Windows 2003/XP/2000
■ Microsoft SQL Server, Oracle
Server
The OnGuard Total Security Knowledge Management Solution™ seamlessly integrates synergistic
security and information technologies using open architecture design standards. OnGuard offers
■ NEC ExpressCluster
applications for digital video management, video content analytics, advanced access control, alarm
■ Single Sign-on Support Using
Windows 2000/XP/2003
Accounts
integration with information security systems. Individual application modules can be deployed as
■ Available in Multiple Languages
Access Control
■ UL 1076 Versions Available
■ FIPS 140-2 Validation Pending
monitoring, intrusion detection, asset management, identity management, visitor management, and
stand-alone systems or in any combination to deliver a single, seamlessly integrated solution.
OnGuard is an established security integration platform, with over 13,000 users worldwide.
Open Architecture Design
As part of its corporate philosophy, Lenel is committed to open architecture. OnGuard has been
Configuration Options
designed in accordance with de facto information technology standards. This approach strategically
■ Software-only or Turnkey
Systems Available
benefits customers by allowing them to select the best new products available and/or to leverage
■ Client/Server & Web Client
Architecture
Microsoft .NET.
■ Concurrent Licensing
LDAP), network (Ethernet, TCP/IP), and administration utilities (Crystal Reports®, NEC
■ Fault Tolerant, Disaster Tolerant
Solutions Available
ExpressCluster).
■ OnGuard GO! (DVR or NVR
Based)
Seamless Integration
■ OnGuard Enterprise
All OnGuard application modules (Access Control, Alarm Monitoring, Credential Management,
their previous technology investments. To that end, OnGuard has been developed in part using
OnGuard supports multiple off-the-shelf technologies for operating systems
(Windows), database platforms (MS SQL Server, Oracle Server), user directories (Active Directory /
Digital Video, Intrusion Detection, Asset Management, Information Security Management, Visitor
Features
■ Industry-Standard Database
Backups
Management, etc.) can be seamlessly integrated with one another. OnGuard uses a single database
server and a single user interface for all applications. All OnGuard application software can be
configured and managed from a single administrative workstation, and event activity can be
monitored from a single alarm monitoring workstation.
■ Scheduling Management Tool
■ Scalability - Full Upward
Migration Paths
Integration with Corporate Infrastructure
■ Custom Report Writers
OnGuard Integration Tools enable advanced integration with existing business systems. Using
■ Advanced Monitoring Capabilities
sophisticated database tools, OnGuard can bidirectionally exchange cardholder data with human
■ User Friendly GUI
resources and/or ERP systems, coordinate alarm/event data with emergency response systems,
and provide/receive event information with building management, network management and
Benefits
■ Reduces Total Cost of Ownership
third-party security systems.
Applications to Integrate
■ Leverages Existing Infrastructure
■ Increases Return on Investment
■ OnGuard Access
■ OnGuard VideoManager
■ OnGuard Area Access Manager
■ OnGuard Visitor
■ OnGuard ID CredentialCenter
Integration Toolkits and Standards to Enable
1
■ OnGuard DataExchange
■ OPC Server/Client Plug-in Adapter
■ OnGuard OpenAccess Alliance Program
■ SNMP Manager/Agent Plug-in Adapter
■ OnGuard DataConduIT
■ IBM WebSphere MQ Plug-in Adapter
Access Control
OnGuard Overview
Application and Desktop Single Sign-On
Partitioning & Permissions
OnGuard allows administrators to link an OnGuard operator’s user
Using OnGuard’s application partitioning, system administrators can
account with his Windows account. When an operator logs on to his
provide each client workstation with only those applications that are
Windows account, he can access OnGuard automatically, bypassing
required for that workstation. Based on licensing, each client
the need to log on to the individual application. A user does not need to
workstation can have any combination of OnGuard application
remember a separate username and password. Furthermore, OnGuard
modules installed as needed for daily operations, including access
ID CredentialCenter can seamlessly integrate with Single Sign-On
control, alarm monitoring, credential management, digital video,
applications such as Bioscrypt VeriSoft, so that a cardholder can
intrusion detection and visitor management. Administrators can allow
access his Windows account by using his credential with a desktop
users to log in to only those applications that they are authorized to
card reader. VeriSoft helps the employee manage access to multiple
utilize. Administrators can also restrict the options available to any
password-mandated applications, including web sites. This improves
particular user within any application. From users with wide-ranging
system efficiencies for users of Windows applications. Desktop access
responsibilities to those with single function duties, OnGuard enables
events can be monitored like other OnGuard system events, keeping
administrators to tailor users’ system experience to their jobs.
management of physical and logical security within the same user
experience.
Distributed Network Architecture
OnGuard’s distributed network architecture allows client workstations and intelligent field controllers to be placed directly on the existing network. All local
access decisions are made and processed at the field panels, minimizing network traffic and providing real time access determinations. System
administration, monitoring and video display can be performed at any client workstation on the network.
2
Access
Support
■ Intelligent System Controller
(ISC) Communications
• Ethernet • RS-232 • Multidrop
• Modem • Dual-Path (RS-485)
■ FIPS 197 128-bit AES Encrypted
ISC Communications
■ FIPS 140-2 Validation Pending
■ Industry Standard Card Reader
Technologies
Access Control
■ Open Supervised Device Protocol
(OSDP) for RS-485
Features
Flexible Programming Functions
■ First Card Unlock
■ Elevator Control
■ (Selective) System Downloads
■ Import/Export Utility
■ Occupancy Limit
Overview
OnGuard Access is an integrated access control and alarm monitoring system that delivers
maximum protection, versatility, simple operation and cost efficiency. OnGuard Access incorporates
the most advanced technologies available, including modern object-oriented software, an advanced
client/server database architecture and Microsoft’s multitasking, multithreading 32-bit Windows
2000/XP/2003 operating system. Solid technology and an intuitive graphical user interface combine
to make OnGuard Access the most powerful yet easiest to use integrated security management
system on the market.
Unlimited Handling Capacity
OnGuard Access offers unlimited scalability within a single, seamlessly integrated software solution.
It has been designed to meet the needs of any size organization, from one that requires an
entry-level, two-reader system to a large corporation with numerous facilities and thousands of card
readers located around the world. OnGuard Access supports an unlimited number of card readers,
alarm points and cardholders.
Segmentation
■ Alarm/Event Mappings and
Routings
Segmentation is an optional feature that provides a logical way to group database components.
System administrators define segments within the database, then assign each system user or object
(access levels, card formats, badge types, etc.) to one or more of those segments. Segmentation is
beneficial in environments where not every cardholder needs access to every area within a facility.
A user sees only those objects that are in his segment(s) and those objects that are system-wide. In
a segmented system, only those records associated with a particular segment are downloaded to
the Intelligent System Controllers and associated field hardware in that segment. By minimizing the
number of records that must be stored in a given device, segmentation provides more efficient
utilization of the limited memory contained in access control hardware.
■ Customizable Voice Instructions
and Annunciation
Scheduler
■ Local and Global Anti-Passback
Flexible Monitoring Functions
■ Alarm Masking Groups
■ Graphical Maps and System
Overview Tree
■ Monitor Zones
Flexible Cardholder Commands
■ Escort Control
■ Use Limits
■ Extended Individual Strike Times
and (On-Demand) Door Held
Open Times
■ Destination Assurance (with
Elevator Control)
Flexible Card Reader Commands
■ Time Zone Overrides
■ Cipher Mode
■ Multiple Card Formats
■ Denied Access Attempts Counter
Options
■ CCTV Interface
■ Paging/E-mail Interface
OnGuard’s scheduling utility allows system administrators to coordinate and plan system actions to
be performed in the future. Many system operations can and are often anticipated to occur on
certain dates at certain times. To reduce the risk of error in performing these functions manually,
administrators can set rules of execution for actions such as starting guard tour, archiving, firmware
or database downloads, and DataExchange scripts. Scheduler can also be configured to repeat
security actions such as arming/disarming areas or masking/unmasking specific alarms. For any
Scheduler action, the iterations can be one-time-only, or repeated at the administrator’s desired
frequency. Such actions may occur once every hour, at a specific time every day, on a specific day
of the week, or on a specific day of the month, recurring as often as the system requires.
Applications to Integrate
■ OnGuard Area Access Manager
■ OnGuard Biometrics & Smart Cards
■ OnGuard ID CredentialCenter
■ OnGuard Fire & Intrusion
■ OnGuard VideoManager
■ OnGuard Visitor
Integration Toolkits and Standards to Enable
■ Video Verification
■ Mustering
■ Guard Tour
3
■ OnGuard DataExchange
■ OnGuard OpenAccess Alliance Program
■ OnGuard DataConduIT
■ OPC Server/Client
■ SNMP Agent/Manager
■ WebSphere MQ Adapter
OnGuard Access
Smart Card/
Biometric Encoder
OnGuard
ID CredentialCenter
Mobile
Badging Station
REGION 1 SECURITY OPERATIONS CENTER
Fault Tolerant
OnGuard Regional Server
USB Smart
Card Reader
• Integrated Monitoring
• Centralized Administration
Video Wall
USB
Biometric
• OPC Server/Client • SNMP Manager/Agent
• MS SQL or Oracle
OnGuard
Client Workstation
OnGuard Integrated
Monitoring Workstation
Application Server
• Internet Information
Services (IIS)
MOBILE SOLUTION
Mobile Guard
USB Smart
Card Reader
Wireless Device
Remote Monitor
LOCAL AREA NETWORK (TCP/IP)
SECURE SOCKET
Intelligent
Dual Reader
Controller
Dual Path
Controller
Building/Process
Automation System
USB
Prox
NetworkManagement System
(OPC Server/Client)
Intrusion
Detection
Burg Panel
Intrusion
Detection
Burg Panel
Central Station
Alarm Receiver
(SNMP Manager/Agent)
Single
Reader
Interfaces
Input
Control
Module
Card
Reader
Biometric
Gateway
Pan/Tilt/Zoom
Digital Video
Recorder
• Alarm Inputs (13)
Network Video
Recorder
ID
Control
Unit
*Asset Reader
*Card Reader *Hand Reader (x8)
Card
Reader
LOGICALLY TEAMED WITHIN ONGUARD SOFTWARE
2-Door
Wireless
Reader
Interface
16-Door
Wireless
Reader
Interface
Smart Card/
Biometric
Reader
Network Addressable Cameras
• Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1)
CCTV
Cameras
Disaster Tolerant
Backup Security
Server
Wireless
Gateway
Output
Control
Module
• Wiegand
• Magnetic Stripe
• Bar Code
NAS - Network
Attached Storage
Fire Panel
Dual
Reader
Interfaces
*Supported Readers Include:
• Contact/Contactless
• Biometric
• Proximity
Fire Panel
SAN - STORAGE AREA NETWORK
Courtesy/Duress Station
Fingerprint
Reader
LAN/WAN
Access Control
Intercom Switcher
USB
Biometric
TERMINAL SERVER
Department Manager
Reception
Decentralized Access Privilege Management
Visitor Check-in Station
Iris
Reader
(x4)
IntelligentVideo
Server
Wireless
Reader (x2)
WEB CLIENTS
Wireless
Reader (x16)
Audio
(Microphones)
Department Manager
DEDICATED NETWORK
VIDEO SUBNET
Area Control
■ Global Hard Anti-passback allows administrators to require that
cardholders present credentials to both enter and exit an area. This
prevents the same credentials from simultaneously being used
elsewhere in the area, while reporting an alarm to the Alarm Monitoring
workstation(s).
■ Global Soft Anti-passback allows administrators to require that
cardholders present credentials to both enter and exit an area. This rule
would allow the same credentials to be simultaneously used elsewhere
in the area, accompanied by an alarm will be reported to the Alarm
Monitoring workstation(s).
Smart Card
Reader
Decentralized Access Privilege Management
VideoViewer
■ Two Person Control allows administrators to require that two
individuals be present before being able to access high-security areas
and both credentials be presented upon exit of those areas. In between
entry and exit of the first two and last two cardholders, individual
access may be allowed as the two-cardholder minimum is in effect.
■ Occupancy Limit allows administrators to restrict the amount of
cardholders in a specific area at any given time. Once the Occupancy
Limit has been reached, a cardholder must use the exit reader before
another card read will be accepted at the entry reader. This is a
valuable instrument in managing access to parking areas which are at
capacity.
Global Input/Output Event Linkage
■ Timed Anti-passback (across readers) allows administrators to
determine how long after an accepted card-read before the same
credential may be allowed at the same card reader. This rule can also
be applied across a group of readers, a valuable feature for turnstile
applications where multiple readers are in close, open proximity and
credentials have a chance of being passed back for additional use.
OnGuard allows administrators to configure linkages where any
input/output/event can be linked to any other input/output/event in the
system. These linkages can be derived from any OnGuard application
and associated hardware. Events such as invalid access level, valid
card read, or motion detection might trigger such outputs as unmasking
an alarm masking group, open an area or set the active mode of a card
reader. With Global I/O, OnGuard is easily automated to ensure rules
execute properly and security can be engaged instantly as necessary.
4
Area Access Manager
Support
Business Productivity Tool
■ Desktop or Browser-Based Client
■ Available for ADV, PRO and
Enterprise Configurations
OnGuard Area Access Manager is a business productivity solution that enables authorized
managers to control cardholder access to specific physical areas. A manager need only log in to the
Area Access Manager application using a standard desktop PC or browser. OnGuard Area Access
Manager displays a list of areas over which the manager has control, as well as a list of all personnel
Features
■ Easy Deployment and Installation
Access Control
■ Wizard-Like Interface
■ Audit Trail
■ Complete Reporting Capabilities
who have access to those areas. The manager can then assign or remove the access rights of
employees to areas within his or her operational domain.
Immediate Return on Investment
OnGuard Area Access Manager provides a simple yet robust method for remotely administering
access by individuals to specific areas in a facility. Using OnGuard Area Access Manager, corporate
security departments can give managers independent control over the physical areas and staff for
Benefits
■ Simple Management of Access
level permissions
■ Powerful Business Productivity
Tool
■ Decentralization of Access
Privilege Management
which they are responsible. This capability eliminates the ongoing need for intervention by a security
administrator in order to assign or remove access privileges for each employee, thereby saving both
time and money.
Audit Trail and Reporting Capabilities
■ Reduced Training Costs
OnGuard Area Access Manager’s seamless integration with other OnGuard applications provides a
■ Less Time Invested in Modifying
Access Levels
complete audit trail and reporting capabilities. All access privilege assignments and removals are
logged to the database with a time and date stamp and the identity of the manager who completed
the transaction.
Intuitive, Wizard-like Interface
OnGuard Area Access Manager uses an intuitive wizard-like interface to provide fast, efficient
management of specific physical areas. The application simplifies process of adding or removing
cardholder access privileges, thereby streamlining training and minimizing the learning curve.
Browser or Client-based User Interface
Area Access Manager offers two different deployment models, desktop and browser-based client.
Both modules are designed to allow users the ability to easily access cardholder information and
assign/modify/revoke access permissions to the designated areas. Customers deciding to migrate
from the desktop model to the browser-based client model will find an identical wizard process,
eliminating the need for re-training. The browser-based client deployment also offers a no-cost
OnGuard VideoViewer component that is built into the user interface, allowing department
managers to view video related to their specific areas.
Required Applications
■ OnGuard Access
5
OnGuard Area Access Manager
Desktop-Based Rich Client
Browser-Based Thin Client
Access Control
Step 1: Search
Step 2: Select Cardholders
Step 3: Select Access Levels
Step 4: Confirm!
6
Visitor
Support
Advanced Visitor Management
■ Uses Existing Desktop
Infrastructure
OnGuard Visitor is a dependable and cost-effective visitor management application that enables an
■ Easy Installation and Deployment
■ OnGuard BadgeDesigner
organization to manage and track visitors throughout its facilities, using standard desktop
technology. Whether it is implemented as a standalone system or seamlessly integrated with other
OnGuard application modules to create a total security management environment, OnGuard Visitor
■ Photo/Signature Capture
offers unlimited flexibility by allowing IT and security managers to further capitalize on the existing IT
■ Bulk Sign-In/Printing
investments made in their facilities.
■ Prescheduled Visits
Access Control
■ Group Enrollment
Visitor Enrollment
■ Employee Host Assignment
Function
Visitors can be quickly and efficiently enrolled into the system. Prior to a guest’s arrival, an OnGuard
■ Single Click Sign-In/Sign-Out
Process
assign active date ranges for the person’s scheduled visits, optionally capture the visitor’s photo and
■ Assign Visitors Access to
Secured Areas
with a simple mouse click, a guest badge can be printed for the person, and the employee host can
■ Multiple Page, User-Definable
Field Support
capabilities.
■ Customized Visitor Badge
Layouts
OnGuard Visitor also offers the ability to enroll in advance both visitors and their upcoming visits.
■ Visitor Tracing
desktop within the organization. Employee hosts can be preassigned at the time the visit is
■ Business Card Scanner Interface
operator can enter pertinent visitor data into the system, assign an employee host to the visitor,
signature, and assign access privileges to the visitor. Then, upon arrival, the visitor can be signed in
be notified electronically. For large groups, OnGuard Visitor provides bulk sign-in and printing
Visitor information can be either imported into the system or manually entered from any licensed
scheduled, and a printed badge can be ready for the guest upon arrival.
■ Track Scheduled versus Actual
Visit Times
User-Definable Visitor Fields
■ Send E-mail to Hosts Upon
Visitor Arrival
A system administrator can customize OnGuard Visitor’s data entry forms to meet an organization’s
■ Biometric Capture and Encoding
deleted on multiple pages of visitor forms. Name, company represented, vehicle information,
unique data requirements. New fields can be added, existing ones modified, and unwanted fields
employee host, and reason for the visit are just a few of the fields that can be created.
Reports
■ Daily Visitors
■ Visitor Activity
Visitor and Visit Tracking
OnGuard Visitor provides detailed visitor and visit tracking mechanisms. OnGuard system
administrators can track visitors scheduled arrival and departure times against their actual in and out
times. If a visitor has been assigned access rights to card readers, system operators can tightly track
■ Visitor Arrival and Departure
Times
the visitor’s movement throughout the facility using the OnGuard Alarm Monitoring application.
■ Custom Reports
digital video clips to visitor activity.
■ Additions and Changes to Visitor
Record
Advanced Visit Activity User Interface
OnGuard Visitor can be integrated with OnGuard VideoManager, allowing administrators to link
OnGuard Visitor provides an advanced Visit Activity Status user interface. This interface displays a
list of all visits that are due to occur and/or are due to expire within a user-defined period of time. It
Benefits
■ Reduced Total Cost of Ownership
■ Streamlined Data Collection and
Management
also shows the current status of all active visits in the system. The Visit Activity Status UI refreshes
updated information in user-defined increments, providing receptionists and guards at visitor
checkpoints with up-to-the-minute information related to all system visit activity.
Required Applications
■ OnGuard ID CredentialCenter
7
Access Control
OnGuard Visitor
Complete Reporting Capabilities
OnGuard Visitor has complete reporting and auditing capabilities. All visitor transactions and movements that occur throughout the facility are recorded
and stored in a detailed audit trail. All additions and changes to visitor records are also tracked by the system. Standard reports include Daily Visitors,
Visitor Activity, and Arrival and Departure Times, among others. Custom reports can also be produced using industry standard report writers.
8
Fire & Intrusion
Support
Advanced Management of Fire & Intrusion Detection Systems
■ Lenel Alarm Hardware
• LNL-1100 Alarm Input Module
OnGuard Fire & Intrusion is an advanced solution for managing fire and intrusion events and
• LNL-1200 Alarm Output Module
maximizing return on investments in legacy intrusion/burglar/fire panel and central station receivers.
■ Supported Intrusion Panels:
• Bosch (Radionics) 9412, 7412
• Bosch (Detection Systems)
DS7400xi, DS7400xi 4+
Access Control
• Galaxy (models 8, 18, 60, 128,
500, 504, 512)
■ Supported Fire Panels:
• Siemens MXL/MXL-IQ
Events generated in these parallel systems now have an additional means of monitoring and
response. OnGuard allows customers to monitor these disparate systems from a single interface.
Support is available for well-known brands such as Bosch (Radionics/Detection Systems) intrusion
panels, Galaxy intrusion panels, Siemens fire panels, Notifier fire panels, the ESPA 4.4.4 protocol,
and central station receivers from Bosch, Digitize, Osbourne-Hoffman and AES-IntelliNet. The
supported central station receivers collectively support hundreds of different alarm panels and
numerous industry formats, collectively accounting for over 90% of all burglar, fire, safety, nurse call
and remote dialer systems in use today.
• Notifier AM-2020, NFS-640
• ESPA 4.4.4 protocol
Lenel Alarm Hardware
■ Supported Receiver Formats:
• SIA 1, SIA 2, SIA 8, SIA 20, SIA
2000
Lenel offers alarm control panels that are seamlessly integrated within the OnGuard field hardware
• Radionics BFSK, Modem II, IIE, 3A
Module) and LNL-1200 (Output Control Modules) dedicated alarm panels. The LNL-1100 can
■ Supported Alarm Receivers:
architecture. Lenel Intelligent System Controllers can manage a mix of LNL-1100 (Input Control
manage up to 16 inputs with two outputs. The LNL-1200 can manage up to 16 outputs. Lenel also
• Bosch/Radionics 6500/6600
offers the Lenel Command Keypad (LNL-CK), an LCD display keypad for users to execute local I/O
• Digitize 3500
functionality. The LNL-CK has 32-character display with a 16-position keypad that features arm,
• Osborne-Hoffman OH-2000
disarm, bypass and force arm alarm groups.
• AES-Intellinet 7000
■ Ethernet or RS-232 Communication
■ Unlimited Panels and Receivers
Fire Panel Interface
OnGuard supports secondary annunciation of events from several industry-standard fire alert
Features
panels, including models from Siemens and Notifier. When a specific fire alarm is triggered, the
■ Complete Monitoring & Reporting
Capabilities
event is communicated to OnGuard. Users can define specific immediate response mechanisms,
such as linked digital video, global I/O function and e-mail/paging alerts.
■ Integrated User Interface
■ Command and Control of Daily
Operations
Intrusion Panel Interface
■ Complete Audit Trail
OnGuard supports secondary annunciation of events from multiple industry-standard intrusion
■ Centralized Data Management
detection panels. It also allows administrators to define zones and areas with logical names locally
■ Reliable Information Delivery
in the OnGuard database to identify the physical location of each alarm point, arm/disarm station or
■ Custom Event Code Mapping
motion detector. When an event occurs, OnGuard identifies the source of the event by name, and
■ Receiver Account Auto-Add
Feature
tells the operator how to respond.
■ Complete Configuration of Alarm
Areas for Each Account
Required Applications
■ Custom Alarm Zone Configuration
■ Centralized Monitoring
■ Full Reporting of All System, User
and Alarm Events
Options to Deploy
Benefits
■ Alert System Interface
■ Intercom Interface
■ Fire Alarm Interface
■ Central Station Receiver Interface
■ One System to Monitor, Learn,
and Manage the Security
Environment
9
■ OnGuard Access
■ Intrusion Panel Interface
Access Control
OnGuard Fire & Intrusion
Central Station Receiver Interface
Enhanced Reporting Capabilities
The OnGuard Central Station Receiver Interface provides a number of
With OnGuard’s advanced reporting capabilities, administrators can
features to make event information displayed in the OnGuard Alarm
run complete reports based on related activities from integrated
Monitoring application more useful. OnGuard administrators can
intrusion panels. Here is a sample of report opportunities:
assign account numbers to panels connected to the central station
receiver, to ensure accurate identification. Furthermore, groups can be
■ A “Fire Zone Missing” report determines if any fire detection zones
created to lump together multiple panels in expansive deployment
were not reported as being online.
settings. Even in situations where an event is generated from a panel
not yet named in the system, the database will automatically add the
■ An OnGuard scheduler status report determines if all scheduled
panel (using the account number as the name), which can be
activity was executed as instructed.
accurately identified at a later time.
■ An “Output Relay” report shows every action setup or modified in
Alarm panels connected to receivers report their events in a large
relation to respective output relays.
variety of data formats. OnGuard provides a mapping between the
event codes generated from receivers and panels and existing
■ An “Opening/Closing” report shows when areas were armed/disarmed
OnGuard events. Custom event code mappings can also be defined
and when arm delays were active.
based on how a particular panel is configured.
■ Cardholder activity reports can be generated to show the activity of all
or specific cardholders between access control readers on OnGuard
hardware or intrusion panels.
10
ID CredentialCenter
Support
Overview
■ Support for Industry Standard ID
Card, Reader and Printer
Technologies
OnGuard ID CredentialCenter offers the most expansive set of capabilities available to manage the
■ ID Cards/Readers
• Lenel OpenCard™
• iCLASS®
• MIFARE®
• DESFire®
• Contact Smart Card
• Proximity
• Magnetic Stripe
Credential
■ Printers
• Any Printer with Windows
2003/XP/2000 Drivers
• Nisca®
• Ultra/Magicard®
• Evolis®
• Zebra®
• Fargo®
• Datacard®
• DFS®
employee security information life cycle, from data entry to access revocation. Cardholder
information is managed centrally, providing ease of enrollment, information management,
integration with LDAP, badge design, printing and encoding, and cardholder credential activity
reports. OnGuard makes every aspect of working with employees and their credentials easy to use,
easy to investigate and easy to report. Refer also to the OnGuard Biometrics & Smart Cards product
sheet for information about OnGuard’s smart card capabilities, and to the OnGuard Visitor product
sheet for visitor management capabilities.
Centralized Enrollment & Credential Management
A typical organization needs to manage credentials for employees, contractors and visitors.
Administrators need to manage each individual’s data and the credentials he uses to access
organizational resources, both physical and logical. OnGuard can help implement a secure platform
by which employee’s access to the business can be known and managed from beginning to end.
Features
Using OnGuard Integration Tools, cardholder information can be constantly retrieved and updated
■ High Speed Photo Capture
from the organization’s central identity management program, keeping the physical security program
■ Signature Capture
■ Intelli-Check ID Check Integration
■ Full Biometric & Smart Card
Management
■ Import Utility to Retrieve Data
from Driver’s Licenses, Passports
or Other Credentials
■ User-Definable Data Fields
■ High Resolution Lighting Kit
■ Import/Export Feature
in line with all organizational standards. From enrollment through revocation, OnGuard ID
CredentialCenter provides complete management of all data relevant to each cardholder and his
credentials.
Integration with LDAP
Users with an LDAP-based system for managing network identities [Active Directory, Sun Network
Management (formerly iPlanet)] can directly link cardholder accounts in OnGuard to their respective
■ In-line Encoding of Magnetic
Stripe, Bar Code & Contact(less)
Smart Card
LDAP accounts. In doing so, administrators in either system can control or restrict both physical and
■ PDF-417 Bar Code Support
the creation or removal of a cardholder account when the LDAP account is created.
network access as a security measure against specific employee(s). OnGuard can also automate
■ Image Compression Control
■ Image FX Gallery
Integrating with Identity Management Systems
■ Program Badge Functionality
■ Chroma key and Ghosting
Businesses are seeking to adhere to stronger and more secure processes in pursuit of legislative
■ High-Quality, True Color
Credential Production
compliance. Increasingly, identity management systems dictate important security permissions for
employees throughout the business, ensuring that business rules are applied in every corner of
every program. OnGuard can be configured to accept security rules from the IDMS to enforce
company-wide standards.
11
OnGuard ID CredentialCenter
Image/Photo Capture Device
Badge Printing and Encoding with
Complete Smart Card Support
Passport, License, or Military ID Scanner
Smart Card Reader w/Encoding
Iris/Retina Capture Device
Card or Badge Printer
Fingerprint Capture (Slap or Roll)
OnGuard ID CredentialCenter
Smart Card
Other Supported Biometric Capture Devices
Card Management System or Certificate Authority
* For use with smart card enabled systems or when
using digital certificates and PKI infrastructure
LOCAL AREA NETWORK (TCP/IP)
AD/LDAP Network
Administration Server
OnGuard Security
Server
External Database
(SAP, PeopleSoft, Oracle, etc.,
Human Resources, IDMS)
Cardholder Records
BadgeDesigner
A cardholder record in OnGuard ID CredentialCenter can be created
manually, or auto-generated from data received from a third-party
application. Once a cardholder profile has been established, the
balance of the person’s security permissions can be configured.
Categories include:
Cardholders are often issued physical credentials (identifiers) which
can be used to enable access to facilities and logical resources. For
cards, OnGuard offers BadgeDesigner, a program that allows you to
create/insert graphics into badge layouts that are used when producing
cards. This user-friendly program allows users to manage layouts, both
simple and sophisticated, for single sites or enterprise systems.
■ Access Levels - single access points or logical combinations of
access points.
■ Assets - create records of laptops, projectors and other office assets
assigned to a cardholder and link them to a cardholder account.
■ Biometrics - manage the biometric templates of cardholders
needing access to secured areas requiring biometric templates be
used and when necessary encode or program this template to a
smart card or manage it in an OnGuard Intelligent System
Controller.
■ Directory Accounts - link cardholder account to LDAP account.
■ Logical Security - link cardholder account to logical security system.
Support includes ActivIdentity CMS and Bioscrypt VeriSoft.
■ Visits - records of individuals who have visited a facility that were
sponsored by the cardholder.
Credential
CORPORATE HEADQUARTERS
Card Printing, Encoding & Programming
A key component of many ID management programs is the physical
card used for access control. OnGuard ID CredentialCenter can
manage the processes of laying out the card design text and graphics,
and printing the card. During printing, badge IDs can be encoded to
magnetic stripes or contactless smart chips. OnGuard is the only
non-proprietary solution on the market that offers the ability to program
blank HID iCLASS contactless smart cards. From start to finish,
OnGuard ID CredentialCenter lets you enable a quick and effective
card production process.
Cardholder Reports
Any cardholder can potentially be involved in a security incident. A
good security program will immediately recognize when a security
incident occurs. It can also promptly and accurately identify problematic
trends that might indicate that an incident is about to occur. OnGuard
provides standard reports that can be quickly generated. For example,
the Badge Use report can list exactly when and where a specific card
was used within a given period of time.
12
Biometrics & Smart Cards
Support
■ Supports Template-On-Card and
Template-On-Server Data Models
■ Supports Biometric Readers from:
• Bioscrypt (V-Series)
• Cross Match (for enrollment only)
• Identix
• Integrated Engineering SmartTouch
• LG (3000+ iCAM 4000 series)
• Schlage Recognition Systems
• Ultra-Scan
• Lenel
Credential
■ Supports Contactless Smart Cards /
Readers from:
• Lenel (OpenCard, PIV End-State,
MIFARE, DESFire)
• Banque-Tec (MIFARE)
• HID (iCLASS, MIFARE, DESFire,
PIV End-State)
• Integrated Engineering (MIFARE,
DESFire, PIV End-State)
• OMNIKEY (iCLASS, MIFARE)
• XceedID (iCLASS, MIFARE,
DESFire, PIV End-State)
■ Supports Contact Smart Cards /
Readers from:
• ISO 7816-4 Providers
• Gemalto (Cryptoflex, Payflex,
Cyberflex)
• OMNIKEY (ISO 7816-4)
• Veridt (CombiSmart)
Features
■ Fast, Efficient, Enrollment Using
OnGuard ID CredentialCenter
Integrated Biometric and Smart Card Management
Biometrics and smart cards are two of the most powerful security solutions available today. While
there is an assortment of products on the market purporting to offer high security, not all of them
provide the optimal experience for the user. Lenel has developed OnGuard Biometrics & Smart
Cards to help customers leverage their OnGuard systems to support industry leading biometric and
smart card technologies. This solution offers customers a seamless enrollment and verification
experience, to simplify management and optimize security while providing added functionality.
Biometric Templates
Many organizations have begun to use biometrics to add a layer of protection beyond using cards
and PIN at specific access points. Cardholders who must use biometrics for secure-area access can
enroll their fingerprint, hand geometry or iris data easily and securely using OnGuard ID
CredentialCenter. System administrators that add biometric verification capabilities to secured doors
and desktops continue to use a single point of enrollment for all cardholders. Rolling out OnGuard
Biometrics & Smart Cards involves capturing the cardholder’s biometric data, managing it in a
secured database, and storing the template. Templates can be managed in the Intelligent System
Controllers or on smart cards. Both models are achieved by leveraging existing investments made
in OnGuard Intelligent System Controllers and cardholder credentials. The cardholder’s biometric
template is securely managed, ensuring that the individual’s personal data will not be compromised.
Secure Cards
The enhanced security offered by smart cards has increased their popularity. Although magnetic
stripe and proximity cards are easier to manage than traditional locks and metal keys, their
vulnerability is that someone who can obtain the card-based data can reproduce the cards. By
contrast, smart cards perform a procedure known as mutual authentication, which requires the smart
card and the card reader to identify each other before data can be communicated. While proximity
merely waits for a signal from a badge and automatically transmits data for verification, smart cards
work in conjunction with readers to safeguard biometrics and other data on the card.
Smart Card Profiles
■ User Friendly GUI
■ Accurate, Non-Intrusive
■ Biometric Verification
■ Single Networked System
■ Unique Distributed Architecture
■ Access Decisions Made at the Panel or
Credential Level, Even When Off-line
with the Database Server
■ Centralized Reporting and Audit Trail
■ Share Biometrics Between PACS &
LACS for Login to User’s Directory
Accounts
Benefits
■ Increases Security
■ Eliminates Multiple Systems and
Databases
■ Reduces Total Cost of Ownership
The ability to use a smart card for multiple applications besides security presents new opportunities
for users. A magnetic stripe card contains a unique identifier that is accessed whenever the card is
used—in vending machines, at doors, etc. By contrast, a smart card can support multiple,
independent applications, each of which is protected by its own software key stored on the card.
Each different application protects its own data, but all data is stored on one physical card. An
advantage of the OnGuard solution is its ability to perform in-line encoding of multiple applications
on a smart card during cardholder enrollment or badge printing. An OnGuard system administrator
can create a unique smart card profile for each cardholder to manage and update the person’s card
data.
OpenCard Format
OnGuard can produce smart cards that can be used across multiple systems. Lenel technologies
can produce and read a variety of standard card formats, including the new PIV II and a variety of
government smart card formats. Additional formats allow creation of iCLASS, MIFARE, DESFire,
and magnetic badges that are compatible with many standard readers. This eliminates the need for
third-party card encoding software in most cases.
Required Applications
■ OnGuard Access and/or OnGuard ID CredentialCenter
13
OnGuard Biometrics & Smart Cards
USB Desktop
Smart Card
Reader
OnGuard Integrated
Monitoring Workstation
OnGuard Integrated
Monitoring Workstation
USB Desktop
Biometric/
Smart Card
Authentication
Unit
Single Sign-On Support
LOCAL AREA NETWORK (TCP/IP)
LNL-500 ISC
LNL-1300
RIM
LNL-500B
RIM
LNL-2000 ISC
LNL-500B
RIM
LNL-2000 ISC
LNL-1300
RIM
LG ICU
Credential
LNL-1300
RIM
LNL-2000 ISC
Bioscrypt
V-Smart G
MIFARE Smart
Card Reader
Bioscrypt V-Flex
LNL-BIO-007
Fingerprint/ Hand Geometry Support
HID iCLASS
Reader
LG IrisScan
Iris Support
Bioscrypt Support
OnGuard offers a fully-integrated, fingerprint authentication access control application reader for distributed controller and smart card solutions by
integrating with the Bioscrypt V-Flex, V-Smart and V-Station fingerprint readers. Credentialholders’ fingerprints are captured during enrollment, and
either downloaded to the LNL-2000 or directly written to a smart card chip using standard contactless smart card technology. Once users are enrolled
for Bioscrypt physical access control products, they are automatically enrolled for use in Bioscrypt VeriSoft logical access control system. VeriSoft is
seamlessly integrated with OnGuard, and allows desktop users to actively maintain their password profile for access to an assortment of network and
software applications and web sites.
IR - Schlage Recognition Systems Support
LG Iris Support
OnGuard provides advanced hand geometry support using Schlage
OnGuard provides advanced iris verification support for customers
HandKey, HandKey II, and ID3D hand geometry readers. Schlage
seeking to establish the highest level of access control. By seamlessly
readers utilize field-proven technology that maps and verifies the size
integrating iris technologies from LG Electronics, OnGuard supports
and shape of a person’s hand. Each hand template requires only 9
storage of iris templates on HID iCLASS 16K contactless smart cards
bytes of information, for fast enrollment and minimal data storage in the
for local verification. Users can enroll and receive their encoded
OnGuard database and at the LNL-2000.
credentials via OnGuard ID CredentialCenter.
14
VideoManager
Support
Overview
Multiple Resolution Options:
■ QVGA (320 x 240)
■ CIF (352 x 288)
■ VGA (640 x 480)
■ 4CIF (704 x 576)
■ D1 (720 x 480 DVD quality)
■ Multiple Megapixel Resolutions
OnGuard VideoManager is the most flexible and dynamic video system available today. With
enormous 3,000+ channel installations operating around the world, OnGuard VideoManager offers
customers the scalability to take small and simple video needs to large and sophisticated enterprise
video. OnGuard VideoManager is seamlessly integrated with OnGuard, offering customers the
many benefits of applications inside the OnGuard portfolio, including OnGuard Access and OnGuard
Fire & Intrusion. By integrating with OnGuard, customers can realize a true, event-driven system
architecture whereby actionable security is enabled by linking real, live security-related events.
Multiple Frame Rates:
Event video can be monitored in several ways. For those organizations with sophisticated
■ Up to 60, depending on recorder
device
monitoring needs, OnGuard IntelligentVideo offers an array of algorithms and packaged solutions
Compression:
■ MPEG-4
for everyday security challenges such as loitering, objects entering an area or object leaving an
area. For those customers who want to use OnGuard IntelligentVideo in forensic investigative mode,
there is no additional charge. All angles are covered with OnGuard VideoManager.
■ MJPEG
Recording Options:
Configuration
■ Analog video input
■ Network video input
OnGuard VideoManager’s powerful configuration options enable administrators to design simple
■ Continuous
and straightforward systems, or expansive and sophisticated solutions tailored to their specific
■ Time-lapse
needs. Camera resolution support ranges from basic QVGA (320 x 240) to high resolution D1 (720
■ Event-driven
x 480 DVD quality). An array of frame rates are available, and are dependent on video capture
■ Synchronized audio & video
modules with both MPEG-4 and MJPEG compressions. OnGuard VideoManager also offers several
Video
Extended Storage Options:
■ Direct-Attached Storage (DAS)
■ Network Attached Storage (NAS)
■ Storage Area Network (SAN)
Monitoring Options:
■ Integrated monitoring
recording, extended storage and monitoring options. Customers can record in continuous,
time-lapse, event-driven or synchronized audio and video modes, and store that video on
industry-standard, off-the-shelf hardware, including Direct Attached Storage (DAS), Network
Attached Storage (NAS) and Storage Area Networks (SAN.) Once video is set up, it’s time to monitor
it. OnGuard VideoManager offers several options for viewing, including through OnGuard Alarm
Monitoring, OnGuard VideoViewer, OnGuard Remote Monitor and a Barco digital display wall.
OnGuard VideoManager lets you build your video system with our software.
■ VideoViewer
■ Remote monitor
Event-Driven Solution
■ Barco display integration
For every aspect of a video system, alarm event conditions drive the solution. PTZ on event.
Auto-launch on event. Record on event. Monitor events. Investigate events. Archive event video.
Event Options
■ PTZ on event
OnGuard VideoManager is the event-driven solution.
Monitoring
■ Auto-launch on event
■ Record on event
OnGuard leads the industry with the most robust monitoring application available. OnGuard Alarm
■ Monitor events
Monitoring communicates the status of video recorders and network cameras, illustrates alarm
■ Investigate events
location with the use of multimedia graphical maps, and enables operators with in-view PTZ control,
■ Archive event video
auto-launch of video on alarm and camera touring. OnGuard also offers users a variety of monitoring
interfaces, from the Remote Monitor to the Barco video wall. No matter what the monitoring
requirement is, OnGuard has an interface to match.
15
OnGuard VideoManager
Pan/Tilt/Zoom
Digital Video
Recorder
Network Video
Recorder
• Alarm Inputs (13)
Network Addressable Cameras
• Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1)
CCTV
Cameras
IntelligentVideo
Server
SAN - STORAGE AREA NETWORK
Audio
(Microphones)
DEDICATED NETWORK
VIDEO SUBNET
REGION 1 SECURITY OPERATIONS CENTER
SECURE SOCKET
LOCAL AREA NETWORK (TCP/IP)
Pan/Tilt/Zoom
VIDEOVIEWER WEB CLIENTS
LAN/WAN
NAS - Network
Attached Storage
REMOTE MONITORS
Video Wall
Third Party
Matrix Switcher
CCTV
Cameras
Video
OnGuard
Security
Server
OnGuard Integrated
Monitoring Workstation
Investigation
Analytics
Investigations are central to every security program. OnGuard
Research has proven that even an efficient monitoring staff has a
VideoManager has several tools available that are critical to enabling
decrease in focus after just one hour of video viewing. Often, situations
successful investigations. Video event locking allows users to select
that should be detected are not, presenting security with a reaction
which alarm event types automatically archive related video
scenario. Short of having full time, highly focused monitoring, video
recordings. Centralized archiving allows administrators to ensure that
intelligence is a viable option for any customer. By having the system
event video is locked and archived in the case of late security event
provide more support, security managers and operators can focus on
realization. Traces allow customers to select a specific badge or alarm
the
point, and poll for all video associated with the badge’s use, or activity
IntelligentVideo offers security conscious organizations the opportunity
at the alarm point. Security evidence clips are available to be exported
to configure viewing areas to capture alarms in real time, or to
in industry standard formats, for use in the Lenel Video Player or
forensically search recorded video post-event. Some situations, such
standard media players such as Windows Media Player.
as loitering, may present an immediately acknowledgeable threat to
security
of
people,
information
and
assets.
OnGuard
security, while a briefcase being taken usually will reveal itself after the
Management
fact. In live scenarios, events go directly to OnGuard Alarm Monitoring
and can be brought to the attention of security. In forensic scenarios,
OnGuard
VideoManager
system
security can identify activity that was indicative of a security event in
management experience. OnGuard System Administration allows the
question, such as an object crossing a line showing a person entering
customer
to
set
up
offers
new
customers
video
inputs,
a
simple
OnGuard
a sensitive area containing information, or an object removed, which
IntelligentVideo, deploy an archiving strategy, adjust video tours, scale
configure
highlights items such as a briefcase or laptop that was taken from a
user permissions, and much more. For customers already using
scene. OnGuard IntelligentVideo offers a multitude of tools for
OnGuard, expanding with OnGuard VideoManager is simple and
addressing security needs using the existing video infrastructure.
smooth. This enables users to perform video management on a low
learning curve.
16
GO!
Support
OnGuard GO! - Seamless & Simple - All In One Box
■ Windows XP
■ SQL 2005 Express Database
OnGuard GO! is the fast track to using the most powerful security platform in the industry. With
■ 32 Card Readers (Up to 64)
access control, ID management and digital video all available on the same server as the database,
■ Available with 8, 16 or 32
(NVR-based systems only)
customers with entry-level system requirements have the luxury of all applications in one unit,
saving valuable IT resources by not requiring a separate security server. OnGuard GO! is the choice
for customers with one to many stand-alone locations and the need for consistent deployments of
Configurations
■ DVR-based
• DVC-ST
• DVC-EX
■ NVR-based
• DVC-1U
• DVC-Dell
Features
■ Access Control, ID Management
and Digital Video, all in one unit
■ Connects to existing analog video
systems
■ Ease of migration to traditional
OnGuard architecture
access control, ID management and digital video applications. Customers who start with the
simplicity of OnGuard GO! also have the flexibility to expand to larger systems that might require
additional computing resources, while maintaining a consistent user interface and system
administration experience with no retraining required. OnGuard GO! can start your security
deployment today!
Single Unit for Everything
Customers with security applications ranging from access control, to ID management, to digital
video can start with one application and add more as requirements evolve. Customers who want to
start with video only and add modules later can do so without needing additional server hardware.
OnGuard GO! is built with an additional hard drive for the OnGuard application and database,
enabling a true single unit solution for entry-level access control, ID management and digital video.
Easy Upgrades to Traditional OnGuard Architecture
Video
Benefits
OnGuard GO! can make sense for customer needs today, but what will they do in a couple of years
■ Preconfigured and ready to GO!
when they need more? OnGuard GO! is designed to offer standard, entry-level access control, ID
■ Minimum one-day setup time
savings over traditional interfaced
access control and digital video
systems
management and digital video. Many customers have realized the investment value of addressing
■ Minimum 1U rack space savings
OnGuard architecture. This migration involves a couple of straightforward steps. A new OnGuard
today’s needs with the simplicity of OnGuard GO! Many more have also expanded on that initial
investment and, when expansion was necessary, upgraded the OnGuard GO! system to a traditional
security server is introduced, the database is moved to the new server, and the original GO! unit is
converted to a dedicated video recorder. OnGuard GO! can start small and grow big to satisfy any
customer’s requirements.
Stand-alone Digital Video
Customers looking for stand-alone digital video recorders can use a Lenel video recorder with the
OnGuard GO! configurations. The OnGuard GO! configuration has the administration applications
and database on the video recorder, saving money by not requiring a separate security server to
launch the most powerful security system available. Furthermore, customers can take the single
stand-alone video recorder and add OnGuard’s robust Access Control, Fire & Intrusion and ID
Management applications, as well as countless software options. For customers expanding an
existing analog environment by upgrading to a DVR, or embracing IP by migrating to network video,
Lenel video recorders offer the flexibility to initiate an integrated security architecture by focusing on
stand-alone digital video, then expanding the system when the time is right.
17
OnGuard GO!
Traditional OnGuard System
CCTV
Cameras
Pan/Tilt/Zoom
OnGuard
Security
Server
Digital Video
Recorder
Client Workstation
Inputs
Outputs
Client Workstation
Client Workstation
Optional
Third Party
Matrix Switcher
CCTV
Cameras
Controller
CCTV
Cameras
LOCAL AREA NETWORK (TCP/IP)
OnGuard GO! Integrated Solution
Optional
Monitor
OnGuard GO!:
OnGuard Server
OnGuard Client
Digital Video Management
System Administration
Access Control
Alarm Monitoring
ID Management
Digital Video
Recorder
Inputs
Client Workstation
Client Workstation
Optional
Third Party
Matrix Switcher
CCTV
Cameras
Optional
Controller
13 Dry Contacts
(inputs)
REGION 1 SECURITY OPERATIONS CENTER
Outputs
Pan/Tilt/Zoom
LOCAL AREA NETWORK (TCP/IP)
DVR-based GO! Systems
NVR-based GO! Systems
Video
CORPORATE HEADQUARTERS
DVC-1U
DVC-ST Chassis (4U)
Network
Analog
DVC-EX Chassis (3U)
Analog and Network
DVC-Dell
Network
18
Enterprise
Support
Advanced Enterprise Security Integration
■ Unlimited Regional Servers
■ Unlimited Cardholders
■ Unlimited Simultaneous Users
■ Unlimited Card Readers
OnGuard Enterprise is the industry’s first multi-server, synchronized database solution designed for
enterprises with multiple facilities spread across geographical areas.
OnGuard Enterprise allows corporate security and IT managers to maintain central control over the
■ Unlimited Alarm Inputs
entire integrated security system, while allowing regional offices to maintain independence and
■ Unlimited Client Workstations
autonomous operations of their respective individual regional security systems.
■ Unlimited Time Zones
■ Unlimited Simultaneous
Monitoring
Central Database Storage Facilities
■ Unlimited User Privilege Levels
OnGuard Enterprise gives corporate security and IT managers complete command and control over
■ Unlimited Relay Outputs
all system and event information. All cardholder and access control field data accumulated at the
regional servers is synchronized and logged to a master enterprise server. This gives corporate
security managers full viewing control over central alarm monitoring, reporting, and auditing
Features
functionality.
■ Data Synchronization Between
Multiple Databases via LAN/WAN
Connections
Autonomous Regional Operations
■ MobileBadge™ Functionality for
Enrolling Cardholders at Remote
Sites
■ Segmented Database
Architecture
■ Open Architecture Design
Utilizing Commercial,
Off-the-Shelf Products
OnGuard Enterprise gives regional system administrators autonomous control over their individual
regions, independent of the enterprise server and corporate wide area network. Each regional
system administrator has total control over all access control field hardware and system information
related to his respective region. Additionally, regional administrators and operators can view, control,
and modify only the information and field hardware that is related to their regions.
Multi-Database Synchronization
Advanced
■ Intelligent Fault Tolerant
Response System
At periodic intervals, each of the regional servers performs a synchronization process with the
■ Advanced Network Design
enterprise server via wide area network communication. All access control field and event
■ Powerful Import & Export
Capabilities
information, as well as updated cardholder information, is uploaded to the enterprise server. The
enterprise server then distributes any changes received from other regional servers, so that all
servers are equipped operating with up-to-date information.
Options
Scalability for Multinational Sites
■ Multi-Regional Alarm Monitoring
OnGuard Enterprise is scalable, which makes it ideal for any size installation. It supports an
unlimited number of regional servers and client workstations without system degradation. Its
powerful, transaction-based architecture allows the system to grow and expand as the organization
grows, while utilizing the same access control field hardware and application software.
Third Party Human Resource Interface
OnGuard Enterprise’s advanced interfacing capabilities allow bidirectional communication with third
party databases—such as human resource systems—to transfer cardholder information. Updates
occur in real time, and cardholder information is automatically downloaded to all associated access
panels. If an employee is terminated, the information is transferred from the HR system to OnGuard
Enterprise, which automatically removes all access rights for the cardholder and downloads the
required information to the access controllers.
19
OnGuard Enterprise
Smart Card/
Biometric Encoder
Certification
Authority
OnGuard
ID CredentialCenter
Centralized
Enterprise
Administration
Fault Tolerant
OnGuard Enterprise
Server
OnGuard
DataExchange
Active Directory
LDAP Directory
Card/Biometric
Management
System
OnGuard
DataConduIT
Human
Resources
Database
Region n
Logical Access
Control System
WIDE AREA
NETWORK
Microsoft
Message Queue
LOCAL AREA NETWORK (TCP/IP)
Smart Card/
Biometric Encoder
OnGuard
ID CredentialCenter
Mobile
Badging Station
REGION 1 SECURITY OPERATIONS CENTER
Fault Tolerant
OnGuard Regional Server
USB Smart
Card Reader
• Integrated Monitoring
• Centralized Administration
Video Wall
USB
Biometric
• OPC Server/Client • SNMP Manager/Agent
• MS SQL or Oracle
OnGuard
Client Workstation
OnGuard Integrated
Monitoring Workstation
Application Server
• Internet Information
Services (IIS)
Region 1
IBM
WebSphere
DataConduITQueue
CORPORATE HEADQUARTERS
MOBILE SOLUTION
Mobile Guard
USB Smart
Card Reader
Wireless Device
Remote Monitor
LOCAL AREA NETWORK (TCP/IP)
SECURE SOCKET
Intelligent
Dual Reader
Controller
Dual Path
Controller
Intercom Switcher
Building/Process
Automation System
USB
Prox
NetworkManagement System
(OPC Server/Client)
Intrusion
Detection
Burg Panel
Intrusion
Detection
Burg Panel
Central Station
Alarm Receiver
(SNMP Manager/Agent)
Single
Reader
Interfaces
Card
Reader
Input
Control
Module
Biometric
Gateway
Pan/Tilt/Zoom
Digital Video
Recorder
• Alarm Inputs (13)
Network Video
Recorder
TERMINAL SERVER
2-Door
Wireless
Reader
Interface
ID
Control
Unit
*Asset Reader
Card
Reader
*Card Reader *Hand Reader (x8)
LOGICALLY TEAMED WITHIN ONGUARD SOFTWARE
16-Door
Wireless
Reader
Interface
Smart Card/
Biometric
Reader
Department Manager
Reception
Decentralized Access Privilege Management
Visitor Check-in Station
WEB CLIENTS
Network Addressable Cameras
• Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1)
CCTV
Cameras
Disaster Tolerant
Backup Security
Server
Wireless
Gateway
Output
Control
Module
• Wiegand
• Magnetic Stripe
• Bar Code
NAS - Network
Attached Storage
Fire Panel
Dual
Reader
Interfaces
*Supported Readers Include:
• Contact/Contactless
• Biometric
• Proximity
Fire Panel
SAN - STORAGE AREA NETWORK
Courtesy/Duress Station
Fingerprint
Reader
LAN/WAN
Iris
Reader
(x4)
IntelligentVideo
Server
Wireless
Reader (x2)
Department Manager
Wireless
Reader (x16)
Decentralized Access Privilege Management
VideoViewer
Audio
(Microphones)
DEDICATED NETWORK
VIDEO SUBNET
Smart Card
Reader
A Single Card Enterprise Solution
Multi-Regional Monitoring and Administration
With OnGuard Enterprise, each cardholder carries a single ID card that
OnGuard Enterprise’s power and flexibility allows system operators to
is usable at all regional sites in the system. Once the cardholder
monitor alarms in multiple regions simultaneously. This means that
database has been distributed to the regions, each regional
regional operators might, for example, monitor alarm and event
administrator can assign unique access levels for the cardholders that
information locally during working hours, while enterprise operators
are allowed at his region. OnGuard Enterprise’s advanced security
might monitor alarms from all of the regions after hours. An unlimited
allows system administrators and operators to assign access levels for
number of regions can be monitored simultaneously. OnGuard
only those card readers that are in their respective regions.
Enterprise also allows enterprise system administrators to configure
Advanced
USB
Biometric
and administer multiple regions from a single site.
20
Integration Toolkits
Features
Increased Security Intelligence
■ Technology Independent with
Support for XML, OLE, etc.
Information sharing is critical to the implementation of effective business systems.
Proper
■ Powerful Application
Programming Interface
integration of different systems is essential to increasing a company’s return on investment.
■ Flexible Open Design
maintenance. OnGuard Integration Toolkits help customers achieve this level of integration by
■ Easy Script Creation
■ Guaranteed Delivery of Alarms
using OnGuard DataConduIT
Toolkit
Applications that use the same data through the same process increase productivity and reduce
leveraging OnGuard as the central repository for all security information, and integrating through
scripting to other applications such as human resources, ERP and directory servers.
Automate Business Processes
OnGuard DataConduIT is a great toolkit for automating business processes inside an organization.
Benefits
When events occur in either the security or IT domain, middleware developed using OnGuard
■ Leverages Existing Available
Information
systems. For example, when using account linkage, the removal of access rights to physical and
■ Automates Business Process
■ Increases Return on Investment
■ Stronger Security
DataConduIT can automatically trigger corresponding actions or changes between multiple
logical areas can be streamlined. When an employee is terminated from any system (badge
disabled in security, Windows Login Account disabled, etc.), OnGuard DataConduIT can trigger all
other security or IT accounts to also automatically disable access, immediately suspending the
employee’s rights to physical areas, network directories, e-mail, and other intellectual property.
■ Reduces Total Cost of Ownership
■ Increases Security Intelligence &
Accountability
Extensive System Integration Opportunities
■ Vast Integration Opportunities
OnGuard DataConduIT’s flexibility allows many unique business applications to be implemented by
leveraging existing available data. The integration possibilities are endless.
For example,
programmers can develop the following services using OnGuard DataConduIT:
■ OnGuard cardholder accounts can be created based on the creation of a Windows account for that
employee.
■ A disabled OnGuard badge can cause the cardholder’s Windows or other Active Directory/LDAP
account to be disabled.
Advanced
■ Customers can create scripts with sophisticated business rules to automate movement of data to
and from human resource systems or directory servers.
■ Customers can create applications for deployment of OnGuard applications onto alternative
mobile computing devices such as wireless PDAs.
■ Login access (activation of LDAP accounts) to computers located in a lab can be controlled based
on card access of the person who carded into the lab.
Integration Toolkits and Standards to Enable
■ OnGuard DataExchange™
■ OnGuard OpenAccess™ Alliance Program
■ OnGuard DataConduIT™
■ OnGuard DataConduIT™ Queue
■ OPC Server/Client
■ SNMP Agent/Manager
■ Credential Agent
21
OnGuard Integration Toolkits
OnGuard Security Server
CORPORATE HEADQUARTERS
3rd Party
Security System
LDAP or
Active Directory
Building/Process
Automation System
Network
Management System
IBM WebSphere
OnGuard DataExchange
OPC Client/Server
OnGuard DataExchange is an advanced data import/export
application. DataExchange can be utilized in several ways. At initial
population of the cardholder database, DataExchange facilitates
database-to-database or flat-file data import from a human resources
database (such as Oracle, PeopleSoft, or SAP) or a displaced legacy
system. DataExchange can be configured to handle continual updates
to/from these systems, reducing input time and allowing OnGuard to
adhere to predefined corporate business rules. Export scripts can also
be configured to communicate from OnGuard to other third party
systems, such as time & attendance and meal systems.
OnGuard supports OLE for Process Control (OPC) interfaces, which
are based on Microsoft OLE/COM technology. OPC was designed to
allow interoperability of building automation and process control
systems, enabling the systems to bidirectionally communicate.
OnGuard allows customers to utilize their systems as client or server
for OPC alarms & events (historical) and OPC data access (real-time).
OnGuard DataConduIT
OnGuard DataConduIT is an advanced Application Programming
Interface, built on Windows Management Instrumentation (WMI), that
allows real-time, bidirectional, seamless integration between OnGuard
and IT applications. OnGuard DataConduIT enables OnGuard
cardholder accounts to be linked to Windows Login Accounts. It also
enables OnGuard applications to be deployed (full-scale or
scaled-down versions) on alternative computing platforms. It allows
information sharing and integration points with third party information
system products such as Tivoli, HP OpenView and IBM WebSphere
MQ Adapter.
Using OnGuard DataConduIT, system administrators can develop
scripts and applications that allow events in one domain (security or IT)
to initiate appropriate actions in the other. For example, administrators
can link the OnGuard cardholder accounts to their respective Windows
Login Accounts such that enabling or disabling one account
automatically causes the other account to be enabled or disabled.
DataConduIT Queue
DataConduIT Queue allows users of DataConduIT to queue event data
if communications are lost. Upon reconnection, all queued events are
brought into/out of the system, rather than being lost. DataConduIT
Queue is recommended for implementations where data loss is not
acceptable. Additional supported queues include Microsoft Message
Queue and IBM WebSphere Message Queue.
SNMP Agent/Manager
OnGuard has built-in support for network management system security
via SNMP (Simple Network Management Protocol). A part of the
TCP/IP protocol suite, SNMP facilitates the exchange of management
information between network devices. Network administrators are
familiar with SNMP’s ability to help them manage performance, identify
and resolve network issues and plan for network growth. OnGuard is
designed to play the role of agent (sending trap data to a ‘manager’) or
manager (receiving trap data from an ‘agent’).
WebSphere MQ Adapter
Customers have the advantage of using OnGuard DataConduIT to
implement advanced integration with the IBM WebSphere business
integration platform. Customers can utilize WebSphere’s reliable
messaging interfaces to develop security-specific, real-time,
XML-based messaging. Specific information that can be leveraged
includes cardholder data, visitor information, security-centric alarms,
secure-credential data, and time & attendance information.
Advanced
SAP/PeopleSoft/Oracle
Database
LOCAL AREA NETWORK (TCP/IP)
Credential Agent
Credential Agent allows customers using smart card technology to
efficiently obtain up-to-date information for third-party applications to a
dedicated smart card data container. This process sequentially
communicates to each established application at the time the card is
being encoded, saving customers time in coordinating the data and
writing in a single, seamless process.
22
Software Options
Fault Tolerance and Disaster Recovery
Lenel offers multiple options for fault tolerance and disaster recovery, featuring in-the-box
redundancy from the NEC Express5800/ft series and the advanced LAN/WAN failover capabilities
of NEC ExpressCluster X software. NEC fault tolerant servers help organizations maintain a low cost
of ownership by running only one instance of Windows, SQL Server and OnGuard, all while
achieving 99.999% uptime. New capabilities even allow Active Upgrade, which enables the system
to maintain full functionality while a service pack is applied or a full version upgrade is performed.
Lenel also supports Microsoft Clustering.
Barco Wall Integration (SWG-1600)
OnGuard VideoManager offers a means by which to stream video through Barco digital controllers
and display the video on high-definition Barco walls. Video can be easily matrixed over a
multiple-screen display, providing maximum flexibility in bringing continuous or event-based video to
the front of the Barco wall to aid in critical monitoring.
Extended Databases Options (SWG-1290,1293,1295,1440)
OnGuard supports databases from industry-leading vendors. OnGuard ships standard with
Microsoft SQL Server. Oracle 9i and 10g Server support is also available for the OnGuard Security
Server database. Organizations can choose the database that conforms to their corporate standards
and support.
Thin Client Support (SWG-1360,1370)
OnGuard can distribute client applications via Microsoft Terminal Server or Citrix MetaFrame
Presentation Server. This is ideal for organizations that have multiple-facility systems and dispersed
client workstations that aren’t easily accessible when installations and upgrades are required.
Advanced
Mustering (SWG-1120)
The OnGuard Mustering capability provides a way to account for cardholders who are located
on-site during an emergency. Designated entry and exit card readers are used by cardholders to
enter and depart hazardous and safe areas. When an incident occurs that warrants mustering, an
online muster report is generated that provides a complete list of all personnel located within
hazardous areas, as well as those who have registered at safe locations. The muster report updates
in real time whenever a cardholder registers at a safe location.
Guard Tour (SWG-1130)
The Guard Tour feature checks one or more card readers or alarm inputs during routine tours to
verify that predefined tour routes have been followed and completed. Guards use credentials at card
readers or trigger inputs in a sequence along their watch path. Events sent to the OnGuard Alarm
Monitoring application inform system operators that the guard has reached a checkpoint at the
appointed time, early or late. Tours can be linked to live video in a “sliding window” format featuring
multiple camera views that span the checkpoints already reached, the current checkpoint and
anticipated checkpoints.
23
OnGuard Software Options
FormsDesigner™ (SWG-1210)
Video Verification (SW-1020)
OnGuard FormsDesigner enables system users to customize the look
The Video Verification option enables system operators to compare a
and feel of the cardholder and visitor data entry forms. Custom fields
live view of a person with the photo stored in that cardholder record in
can be defined to supplement or replace the application’s standard
the database. As a real-time video stream is received from a CCTV
fields. Customization capabilities include:
camera at a particular access point, OnGuard displays the stored photo
and live video image side by side, providing an additional layer of
■ Moving standard fields to different locations on cardholder forms or
deleting undesired standard fields.
■ Adding new field(s) to the cardholder form, each with its own unique
cardholder verification for access to high-security areas. The system
operator can visually determine whether the person at the door is
actually the cardholder or someone else who is using the card.
set of attributes.
■ Specifying size, text and alignment properties for each of the defined
E-mail & Paging Interfaces (SWG-1260, SWG-1250)
fields.
Using the E-mail Interface, ASCII text messages can be sent to
Language Packs (SWG-LP)
Microsoft
Outlook/Exchange
electronic
messaging
systems
in
response to system events or alarms. This capability is ideal for
OnGuard software can be translated into multiple languages, to provide
environments in which key personnel need to be notified immediately
regional support in environments where languages other than English
when a particular event occurs.
are required. Currently supported languages include: Arabic, Simplified
Chinese, Traditional Chinese, Croatian, Czech, Dutch, English, Finnish,
The Paging Interface generates outbound text messages based on
French, German, Hebrew, Italian, Japanese, Korean, Portuguese,
system events or alarms. Numeric or alphanumeric messages can be
Russian, Spanish and Swedish.
sent to any pager that communicates using TAP (Telocator
Alphanumeric Protocol). In addition, notifications of specific events,
Cardholder Image Export (SW-1040)
including personal duress alarms, are relayed using preprogrammed
pager numbers. The Paging Interface is designed for use where
The Image Export option enables system administrators to export
responsibilities are distributed among multiple people and where
cardholder images from the OnGuard ID CredentialCenter application
paging is a common means of communication.
photos can be used in employee galleries, Internet directories or other
human resource applications.
CCTV Interface (SW-1010)
Advanced
to an industry standard JPEG (.jpg) file. The exported cardholder
The CCTV Interface allows users to integrate OnGuard with any
Closed-Circuit Television (CCTV) system that utilizes ASCII switching
commands. For each alarm or event in the system, up to three signals
can be sent from an OnGuard Alarm Monitoring workstation to the
CCTV switcher. OnGuard supports Bosch, Pelco, Vicon and other
CCTV brands. The CCTV Interface allows the CCTV devices to be
automated for optimal performance during an incident, giving
administrators and operators an effective surveillance tool.
24
Enterprise
Smart Card/
Biometric Encoder
Multi-Server Architecture
OnGuard
ID CredentialCenter
Region n
WIDE AREA
NETWORK
Region 1
Smart Card/
Biometric Encoder
OnGuard
ID CredentialCenter
USB Smart
Card Reader
Mobile
Badging Station
• OPC Server/Client • SNMP Manager/Agent
• MS SQL or Oracle
OnGuard
Client Workstation
• Integrated Monitoring
• Centralized Administration
REGION 1 SECURITY OPERATIONS CENTER
Intelligent
Dual Reader
Controller
Fault Tolerant
OnGuard Regional Server
Application Server
• Internet Information
Services (IIS)
LOCAL AREA NETWORK (TCP/IP)
Dual Path
Controller
USB
Prox
Building/Process
Automation System
USB
Biometric
NetworkManagement System
(SNMP Manager/Agent)
(OPC Server/Client)
Fingerprint
Reader
Advanced
Single
Reader
Interfaces
Card
Reader
Input
Control
Module
Output
Control
Module
*Supported Readers Include:
Pan/Tilt/Zoom
• Contact/Contactless
• Biometric
• Proximity
Digital Video
Recorder
• Alarm Inputs (13)
CCTV
Cameras
• Wiegand
• Magnetic Stripe
• Bar Code
Network Video
Recorder
*Asset Reader
*Card Reader
*Hand Reader (x8)
LOGICALLY TEAMED WITHIN ONGUARD SOFTWARE
Card
Reader
Smart Card/
Biometric
Reader
Network Addressable Cameras
• Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1)
Audio
(Microphones)
DEDICATED NETWORK
25
Dual
Reader
Interfaces
Biometric
Gateway
VIDEO SUBNET
IntelligentVideo
Server
Certification
Authority
Fault Tolerant
OnGuard Enterprise
Server
Centralized
Enterprise
Administration
OnGuard
DataExchange
Human
Resources
Database
Active Directory
LDAP Directory
Card/Biometric
Management
System
Logical Access
Control System
OnGuard
DataConduIT
Microsoft
Message Queue
IBM
WebSphere
DataConduITQueue
CORPORATE HEADQUARTERS
LOCAL AREA NETWORK (TCP/IP)
Video Wall
OnGuard Integrated
Monitoring Workstation
USB
Biometric
MOBILE SOLUTION
Mobile Guard
USB Smart
Card Reader
Wireless Device
Remote Monitor
SECURE SOCKET
Intercom Switcher
Intrusion
Detection
Burg Panel
Intrusion
Detection
Burg Panel
Central Station
Alarm Receiver
LAN/WAN
Fire Panel
Disaster Tolerant
Backup Security
Server
NAS - Network
Attached Storage
SAN - STORAGE AREA NETWORK
Courtesy/Duress Station
Fire Panel
Advanced
Wireless
Gateway
TERMINAL SERVER
2-Door
Wireless
Reader
Interface
ID
Control
Unit
16-Door
Wireless
Reader
Interface
Department Manager
Reception
Decentralized Access Privilege Management
Visitor Check-in Station
WEB CLIENTS
Iris
Reader
(x4)
Wireless
Reader (x2)
Department Manager
Wireless
Reader (x16)
Decentralized Access Privilege Management
VideoViewer
PERPETUAL INNOVATION
Smart Card
Reader
26
27
Contact Information
Lenel Systems International is a leading provider of software and
With nearly 15,000 system installations in 90 countries worldwide, we
turnkey security systems for corporate and government markets. We
boast a blue chip customer base with a strong presence in a broad
focus on developing products that enable organizations to effectively
range of vertical markets. We have earned numerous awards for
protect and manage their people, property and assets by maximizing IT
technology innovation, growth, market leadership and customer
and infrastructure investments.
satisfaction. Lenel is part of UTC Fire & Security, a business unit of
United Technologies Corp. (NYSE:UTX).
When we launched the OnGuard integrated solution in 1995, our
pioneering efforts brought the power of leading-edge technology, the
Lenel’s world headquarters are located in Rochester, New York. We
reliability of software industry standards, and the flexibility of open
also have major operational centers in London, Hong Kong, Beirut and
systems architecture to an historically proprietary security market. We
Dubai, numerous satellite offices, and sales and support coverage
swiftly moved to a leadership position by developing and delivering
worldwide.
business solutions that protect people, property and assets. Today we’re
recognized as the global leader and de facto standard in software and
integrated systems for commercial and government security markets.
Corporate Headquarters
1212 Pittsford-Victor Road
Pittsford, NY 14534-3820
TEL: +1.585.248.9720
FAX: +1.585.248.9185
United Kingdom Office & Training Center
Hong Kong Office & Training Center
95 Maybury Road
Room 1401-2, 14/F
Woking, Surrey
Chinachem Johnston Plaza
GU21 5JL
178-186 Johnston Plaza
TEL: +44.1483.815230
Wanchai, Hong Kong, SAR, China
FAX: +44.1483.815231
TEL: +852.2893.2886
FAX: +852.2893.7373
Dubai Office & Training Center
Middle East Office & Training Center
Building 5EB - Office 550
Assaydeh Center, Main Road
Dubai Airport Free Zone
Mansourieh, Al Matn
Dubai, UAE
Lebanon
TEL: +971.4.609.1019
TEL: +961.4.409184
FAX: +971.4.609.1021
FAX: +961.4.409569
28
Lenel’s flagship security platform, OnGuard®, seamlessly integrates a full suite of security
management functions and technologies using an open architecture design. OnGuard offers
access control, ID credential issuance and management, alarm monitoring, digital video
surveillance and management, real-time digital video content analysis, intelligent audio,
integration of biometric technologies, intrusion detection, visitor management and smart card
functionality, plus integration with a multitude of third party systems. Individual applications
are available as standalone systems, or can be deployed in any combination to deliver a
single integrated solution that uniquely satisfies each customer’s particular needs. OnGuard
systems offer unlimited scalability, and localization support for major world languages.
The possibilities are endless.
www.lenel.com
Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, New York 14534 USA
Tel 585.248.9720 Fax 585.248.9185
www.lenel.com
© 2007 Lenel Systems International, Inc.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement