OnGuard ® SOFTWARE SOLUTIONS CATALOG PERPETUAL INNOVATION Manage Everything... Contents OnGuard Overview Page 1 OnGuard Area Access Manager 5 OnGuard Visitor 7 OnGuard Fire & Intrusion 9 Credential Management Products OnGuard ID CredentialCenter 11 OnGuard Biometrics and Smart Cards 13 Credential 3 Video OnGuard Access Access Control Access Control Products OnGuard VideoManager 15 OnGuard GO! 17 Advanced Products and Options OnGuard Enterprise 19 Integration Toolkits 21 Software Options 23 Enterprise Diagram 25 Contact Information 28 Advanced Video Management Products Overview Support Total Security Knowledge Management Solution ■ Windows 2003/XP/2000 ■ Microsoft SQL Server, Oracle Server The OnGuard Total Security Knowledge Management Solution™ seamlessly integrates synergistic security and information technologies using open architecture design standards. OnGuard offers ■ NEC ExpressCluster applications for digital video management, video content analytics, advanced access control, alarm ■ Single Sign-on Support Using Windows 2000/XP/2003 Accounts integration with information security systems. Individual application modules can be deployed as ■ Available in Multiple Languages Access Control ■ UL 1076 Versions Available ■ FIPS 140-2 Validation Pending monitoring, intrusion detection, asset management, identity management, visitor management, and stand-alone systems or in any combination to deliver a single, seamlessly integrated solution. OnGuard is an established security integration platform, with over 13,000 users worldwide. Open Architecture Design As part of its corporate philosophy, Lenel is committed to open architecture. OnGuard has been Configuration Options designed in accordance with de facto information technology standards. This approach strategically ■ Software-only or Turnkey Systems Available benefits customers by allowing them to select the best new products available and/or to leverage ■ Client/Server & Web Client Architecture Microsoft .NET. ■ Concurrent Licensing LDAP), network (Ethernet, TCP/IP), and administration utilities (Crystal Reports®, NEC ■ Fault Tolerant, Disaster Tolerant Solutions Available ExpressCluster). ■ OnGuard GO! (DVR or NVR Based) Seamless Integration ■ OnGuard Enterprise All OnGuard application modules (Access Control, Alarm Monitoring, Credential Management, their previous technology investments. To that end, OnGuard has been developed in part using OnGuard supports multiple off-the-shelf technologies for operating systems (Windows), database platforms (MS SQL Server, Oracle Server), user directories (Active Directory / Digital Video, Intrusion Detection, Asset Management, Information Security Management, Visitor Features ■ Industry-Standard Database Backups Management, etc.) can be seamlessly integrated with one another. OnGuard uses a single database server and a single user interface for all applications. All OnGuard application software can be configured and managed from a single administrative workstation, and event activity can be monitored from a single alarm monitoring workstation. ■ Scheduling Management Tool ■ Scalability - Full Upward Migration Paths Integration with Corporate Infrastructure ■ Custom Report Writers OnGuard Integration Tools enable advanced integration with existing business systems. Using ■ Advanced Monitoring Capabilities sophisticated database tools, OnGuard can bidirectionally exchange cardholder data with human ■ User Friendly GUI resources and/or ERP systems, coordinate alarm/event data with emergency response systems, and provide/receive event information with building management, network management and Benefits ■ Reduces Total Cost of Ownership third-party security systems. Applications to Integrate ■ Leverages Existing Infrastructure ■ Increases Return on Investment ■ OnGuard Access ■ OnGuard VideoManager ■ OnGuard Area Access Manager ■ OnGuard Visitor ■ OnGuard ID CredentialCenter Integration Toolkits and Standards to Enable 1 ■ OnGuard DataExchange ■ OPC Server/Client Plug-in Adapter ■ OnGuard OpenAccess Alliance Program ■ SNMP Manager/Agent Plug-in Adapter ■ OnGuard DataConduIT ■ IBM WebSphere MQ Plug-in Adapter Access Control OnGuard Overview Application and Desktop Single Sign-On Partitioning & Permissions OnGuard allows administrators to link an OnGuard operator’s user Using OnGuard’s application partitioning, system administrators can account with his Windows account. When an operator logs on to his provide each client workstation with only those applications that are Windows account, he can access OnGuard automatically, bypassing required for that workstation. Based on licensing, each client the need to log on to the individual application. A user does not need to workstation can have any combination of OnGuard application remember a separate username and password. Furthermore, OnGuard modules installed as needed for daily operations, including access ID CredentialCenter can seamlessly integrate with Single Sign-On control, alarm monitoring, credential management, digital video, applications such as Bioscrypt VeriSoft, so that a cardholder can intrusion detection and visitor management. Administrators can allow access his Windows account by using his credential with a desktop users to log in to only those applications that they are authorized to card reader. VeriSoft helps the employee manage access to multiple utilize. Administrators can also restrict the options available to any password-mandated applications, including web sites. This improves particular user within any application. From users with wide-ranging system efficiencies for users of Windows applications. Desktop access responsibilities to those with single function duties, OnGuard enables events can be monitored like other OnGuard system events, keeping administrators to tailor users’ system experience to their jobs. management of physical and logical security within the same user experience. Distributed Network Architecture OnGuard’s distributed network architecture allows client workstations and intelligent field controllers to be placed directly on the existing network. All local access decisions are made and processed at the field panels, minimizing network traffic and providing real time access determinations. System administration, monitoring and video display can be performed at any client workstation on the network. 2 Access Support ■ Intelligent System Controller (ISC) Communications • Ethernet • RS-232 • Multidrop • Modem • Dual-Path (RS-485) ■ FIPS 197 128-bit AES Encrypted ISC Communications ■ FIPS 140-2 Validation Pending ■ Industry Standard Card Reader Technologies Access Control ■ Open Supervised Device Protocol (OSDP) for RS-485 Features Flexible Programming Functions ■ First Card Unlock ■ Elevator Control ■ (Selective) System Downloads ■ Import/Export Utility ■ Occupancy Limit Overview OnGuard Access is an integrated access control and alarm monitoring system that delivers maximum protection, versatility, simple operation and cost efficiency. OnGuard Access incorporates the most advanced technologies available, including modern object-oriented software, an advanced client/server database architecture and Microsoft’s multitasking, multithreading 32-bit Windows 2000/XP/2003 operating system. Solid technology and an intuitive graphical user interface combine to make OnGuard Access the most powerful yet easiest to use integrated security management system on the market. Unlimited Handling Capacity OnGuard Access offers unlimited scalability within a single, seamlessly integrated software solution. It has been designed to meet the needs of any size organization, from one that requires an entry-level, two-reader system to a large corporation with numerous facilities and thousands of card readers located around the world. OnGuard Access supports an unlimited number of card readers, alarm points and cardholders. Segmentation ■ Alarm/Event Mappings and Routings Segmentation is an optional feature that provides a logical way to group database components. System administrators define segments within the database, then assign each system user or object (access levels, card formats, badge types, etc.) to one or more of those segments. Segmentation is beneficial in environments where not every cardholder needs access to every area within a facility. A user sees only those objects that are in his segment(s) and those objects that are system-wide. In a segmented system, only those records associated with a particular segment are downloaded to the Intelligent System Controllers and associated field hardware in that segment. By minimizing the number of records that must be stored in a given device, segmentation provides more efficient utilization of the limited memory contained in access control hardware. ■ Customizable Voice Instructions and Annunciation Scheduler ■ Local and Global Anti-Passback Flexible Monitoring Functions ■ Alarm Masking Groups ■ Graphical Maps and System Overview Tree ■ Monitor Zones Flexible Cardholder Commands ■ Escort Control ■ Use Limits ■ Extended Individual Strike Times and (On-Demand) Door Held Open Times ■ Destination Assurance (with Elevator Control) Flexible Card Reader Commands ■ Time Zone Overrides ■ Cipher Mode ■ Multiple Card Formats ■ Denied Access Attempts Counter Options ■ CCTV Interface ■ Paging/E-mail Interface OnGuard’s scheduling utility allows system administrators to coordinate and plan system actions to be performed in the future. Many system operations can and are often anticipated to occur on certain dates at certain times. To reduce the risk of error in performing these functions manually, administrators can set rules of execution for actions such as starting guard tour, archiving, firmware or database downloads, and DataExchange scripts. Scheduler can also be configured to repeat security actions such as arming/disarming areas or masking/unmasking specific alarms. For any Scheduler action, the iterations can be one-time-only, or repeated at the administrator’s desired frequency. Such actions may occur once every hour, at a specific time every day, on a specific day of the week, or on a specific day of the month, recurring as often as the system requires. Applications to Integrate ■ OnGuard Area Access Manager ■ OnGuard Biometrics & Smart Cards ■ OnGuard ID CredentialCenter ■ OnGuard Fire & Intrusion ■ OnGuard VideoManager ■ OnGuard Visitor Integration Toolkits and Standards to Enable ■ Video Verification ■ Mustering ■ Guard Tour 3 ■ OnGuard DataExchange ■ OnGuard OpenAccess Alliance Program ■ OnGuard DataConduIT ■ OPC Server/Client ■ SNMP Agent/Manager ■ WebSphere MQ Adapter OnGuard Access Smart Card/ Biometric Encoder OnGuard ID CredentialCenter Mobile Badging Station REGION 1 SECURITY OPERATIONS CENTER Fault Tolerant OnGuard Regional Server USB Smart Card Reader • Integrated Monitoring • Centralized Administration Video Wall USB Biometric • OPC Server/Client • SNMP Manager/Agent • MS SQL or Oracle OnGuard Client Workstation OnGuard Integrated Monitoring Workstation Application Server • Internet Information Services (IIS) MOBILE SOLUTION Mobile Guard USB Smart Card Reader Wireless Device Remote Monitor LOCAL AREA NETWORK (TCP/IP) SECURE SOCKET Intelligent Dual Reader Controller Dual Path Controller Building/Process Automation System USB Prox NetworkManagement System (OPC Server/Client) Intrusion Detection Burg Panel Intrusion Detection Burg Panel Central Station Alarm Receiver (SNMP Manager/Agent) Single Reader Interfaces Input Control Module Card Reader Biometric Gateway Pan/Tilt/Zoom Digital Video Recorder • Alarm Inputs (13) Network Video Recorder ID Control Unit *Asset Reader *Card Reader *Hand Reader (x8) Card Reader LOGICALLY TEAMED WITHIN ONGUARD SOFTWARE 2-Door Wireless Reader Interface 16-Door Wireless Reader Interface Smart Card/ Biometric Reader Network Addressable Cameras • Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1) CCTV Cameras Disaster Tolerant Backup Security Server Wireless Gateway Output Control Module • Wiegand • Magnetic Stripe • Bar Code NAS - Network Attached Storage Fire Panel Dual Reader Interfaces *Supported Readers Include: • Contact/Contactless • Biometric • Proximity Fire Panel SAN - STORAGE AREA NETWORK Courtesy/Duress Station Fingerprint Reader LAN/WAN Access Control Intercom Switcher USB Biometric TERMINAL SERVER Department Manager Reception Decentralized Access Privilege Management Visitor Check-in Station Iris Reader (x4) IntelligentVideo Server Wireless Reader (x2) WEB CLIENTS Wireless Reader (x16) Audio (Microphones) Department Manager DEDICATED NETWORK VIDEO SUBNET Area Control ■ Global Hard Anti-passback allows administrators to require that cardholders present credentials to both enter and exit an area. This prevents the same credentials from simultaneously being used elsewhere in the area, while reporting an alarm to the Alarm Monitoring workstation(s). ■ Global Soft Anti-passback allows administrators to require that cardholders present credentials to both enter and exit an area. This rule would allow the same credentials to be simultaneously used elsewhere in the area, accompanied by an alarm will be reported to the Alarm Monitoring workstation(s). Smart Card Reader Decentralized Access Privilege Management VideoViewer ■ Two Person Control allows administrators to require that two individuals be present before being able to access high-security areas and both credentials be presented upon exit of those areas. In between entry and exit of the first two and last two cardholders, individual access may be allowed as the two-cardholder minimum is in effect. ■ Occupancy Limit allows administrators to restrict the amount of cardholders in a specific area at any given time. Once the Occupancy Limit has been reached, a cardholder must use the exit reader before another card read will be accepted at the entry reader. This is a valuable instrument in managing access to parking areas which are at capacity. Global Input/Output Event Linkage ■ Timed Anti-passback (across readers) allows administrators to determine how long after an accepted card-read before the same credential may be allowed at the same card reader. This rule can also be applied across a group of readers, a valuable feature for turnstile applications where multiple readers are in close, open proximity and credentials have a chance of being passed back for additional use. OnGuard allows administrators to configure linkages where any input/output/event can be linked to any other input/output/event in the system. These linkages can be derived from any OnGuard application and associated hardware. Events such as invalid access level, valid card read, or motion detection might trigger such outputs as unmasking an alarm masking group, open an area or set the active mode of a card reader. With Global I/O, OnGuard is easily automated to ensure rules execute properly and security can be engaged instantly as necessary. 4 Area Access Manager Support Business Productivity Tool ■ Desktop or Browser-Based Client ■ Available for ADV, PRO and Enterprise Configurations OnGuard Area Access Manager is a business productivity solution that enables authorized managers to control cardholder access to specific physical areas. A manager need only log in to the Area Access Manager application using a standard desktop PC or browser. OnGuard Area Access Manager displays a list of areas over which the manager has control, as well as a list of all personnel Features ■ Easy Deployment and Installation Access Control ■ Wizard-Like Interface ■ Audit Trail ■ Complete Reporting Capabilities who have access to those areas. The manager can then assign or remove the access rights of employees to areas within his or her operational domain. Immediate Return on Investment OnGuard Area Access Manager provides a simple yet robust method for remotely administering access by individuals to specific areas in a facility. Using OnGuard Area Access Manager, corporate security departments can give managers independent control over the physical areas and staff for Benefits ■ Simple Management of Access level permissions ■ Powerful Business Productivity Tool ■ Decentralization of Access Privilege Management which they are responsible. This capability eliminates the ongoing need for intervention by a security administrator in order to assign or remove access privileges for each employee, thereby saving both time and money. Audit Trail and Reporting Capabilities ■ Reduced Training Costs OnGuard Area Access Manager’s seamless integration with other OnGuard applications provides a ■ Less Time Invested in Modifying Access Levels complete audit trail and reporting capabilities. All access privilege assignments and removals are logged to the database with a time and date stamp and the identity of the manager who completed the transaction. Intuitive, Wizard-like Interface OnGuard Area Access Manager uses an intuitive wizard-like interface to provide fast, efficient management of specific physical areas. The application simplifies process of adding or removing cardholder access privileges, thereby streamlining training and minimizing the learning curve. Browser or Client-based User Interface Area Access Manager offers two different deployment models, desktop and browser-based client. Both modules are designed to allow users the ability to easily access cardholder information and assign/modify/revoke access permissions to the designated areas. Customers deciding to migrate from the desktop model to the browser-based client model will find an identical wizard process, eliminating the need for re-training. The browser-based client deployment also offers a no-cost OnGuard VideoViewer component that is built into the user interface, allowing department managers to view video related to their specific areas. Required Applications ■ OnGuard Access 5 OnGuard Area Access Manager Desktop-Based Rich Client Browser-Based Thin Client Access Control Step 1: Search Step 2: Select Cardholders Step 3: Select Access Levels Step 4: Confirm! 6 Visitor Support Advanced Visitor Management ■ Uses Existing Desktop Infrastructure OnGuard Visitor is a dependable and cost-effective visitor management application that enables an ■ Easy Installation and Deployment ■ OnGuard BadgeDesigner organization to manage and track visitors throughout its facilities, using standard desktop technology. Whether it is implemented as a standalone system or seamlessly integrated with other OnGuard application modules to create a total security management environment, OnGuard Visitor ■ Photo/Signature Capture offers unlimited flexibility by allowing IT and security managers to further capitalize on the existing IT ■ Bulk Sign-In/Printing investments made in their facilities. ■ Prescheduled Visits Access Control ■ Group Enrollment Visitor Enrollment ■ Employee Host Assignment Function Visitors can be quickly and efficiently enrolled into the system. Prior to a guest’s arrival, an OnGuard ■ Single Click Sign-In/Sign-Out Process assign active date ranges for the person’s scheduled visits, optionally capture the visitor’s photo and ■ Assign Visitors Access to Secured Areas with a simple mouse click, a guest badge can be printed for the person, and the employee host can ■ Multiple Page, User-Definable Field Support capabilities. ■ Customized Visitor Badge Layouts OnGuard Visitor also offers the ability to enroll in advance both visitors and their upcoming visits. ■ Visitor Tracing desktop within the organization. Employee hosts can be preassigned at the time the visit is ■ Business Card Scanner Interface operator can enter pertinent visitor data into the system, assign an employee host to the visitor, signature, and assign access privileges to the visitor. Then, upon arrival, the visitor can be signed in be notified electronically. For large groups, OnGuard Visitor provides bulk sign-in and printing Visitor information can be either imported into the system or manually entered from any licensed scheduled, and a printed badge can be ready for the guest upon arrival. ■ Track Scheduled versus Actual Visit Times User-Definable Visitor Fields ■ Send E-mail to Hosts Upon Visitor Arrival A system administrator can customize OnGuard Visitor’s data entry forms to meet an organization’s ■ Biometric Capture and Encoding deleted on multiple pages of visitor forms. Name, company represented, vehicle information, unique data requirements. New fields can be added, existing ones modified, and unwanted fields employee host, and reason for the visit are just a few of the fields that can be created. Reports ■ Daily Visitors ■ Visitor Activity Visitor and Visit Tracking OnGuard Visitor provides detailed visitor and visit tracking mechanisms. OnGuard system administrators can track visitors scheduled arrival and departure times against their actual in and out times. If a visitor has been assigned access rights to card readers, system operators can tightly track ■ Visitor Arrival and Departure Times the visitor’s movement throughout the facility using the OnGuard Alarm Monitoring application. ■ Custom Reports digital video clips to visitor activity. ■ Additions and Changes to Visitor Record Advanced Visit Activity User Interface OnGuard Visitor can be integrated with OnGuard VideoManager, allowing administrators to link OnGuard Visitor provides an advanced Visit Activity Status user interface. This interface displays a list of all visits that are due to occur and/or are due to expire within a user-defined period of time. It Benefits ■ Reduced Total Cost of Ownership ■ Streamlined Data Collection and Management also shows the current status of all active visits in the system. The Visit Activity Status UI refreshes updated information in user-defined increments, providing receptionists and guards at visitor checkpoints with up-to-the-minute information related to all system visit activity. Required Applications ■ OnGuard ID CredentialCenter 7 Access Control OnGuard Visitor Complete Reporting Capabilities OnGuard Visitor has complete reporting and auditing capabilities. All visitor transactions and movements that occur throughout the facility are recorded and stored in a detailed audit trail. All additions and changes to visitor records are also tracked by the system. Standard reports include Daily Visitors, Visitor Activity, and Arrival and Departure Times, among others. Custom reports can also be produced using industry standard report writers. 8 Fire & Intrusion Support Advanced Management of Fire & Intrusion Detection Systems ■ Lenel Alarm Hardware • LNL-1100 Alarm Input Module OnGuard Fire & Intrusion is an advanced solution for managing fire and intrusion events and • LNL-1200 Alarm Output Module maximizing return on investments in legacy intrusion/burglar/fire panel and central station receivers. ■ Supported Intrusion Panels: • Bosch (Radionics) 9412, 7412 • Bosch (Detection Systems) DS7400xi, DS7400xi 4+ Access Control • Galaxy (models 8, 18, 60, 128, 500, 504, 512) ■ Supported Fire Panels: • Siemens MXL/MXL-IQ Events generated in these parallel systems now have an additional means of monitoring and response. OnGuard allows customers to monitor these disparate systems from a single interface. Support is available for well-known brands such as Bosch (Radionics/Detection Systems) intrusion panels, Galaxy intrusion panels, Siemens fire panels, Notifier fire panels, the ESPA 4.4.4 protocol, and central station receivers from Bosch, Digitize, Osbourne-Hoffman and AES-IntelliNet. The supported central station receivers collectively support hundreds of different alarm panels and numerous industry formats, collectively accounting for over 90% of all burglar, fire, safety, nurse call and remote dialer systems in use today. • Notifier AM-2020, NFS-640 • ESPA 4.4.4 protocol Lenel Alarm Hardware ■ Supported Receiver Formats: • SIA 1, SIA 2, SIA 8, SIA 20, SIA 2000 Lenel offers alarm control panels that are seamlessly integrated within the OnGuard field hardware • Radionics BFSK, Modem II, IIE, 3A Module) and LNL-1200 (Output Control Modules) dedicated alarm panels. The LNL-1100 can ■ Supported Alarm Receivers: architecture. Lenel Intelligent System Controllers can manage a mix of LNL-1100 (Input Control manage up to 16 inputs with two outputs. The LNL-1200 can manage up to 16 outputs. Lenel also • Bosch/Radionics 6500/6600 offers the Lenel Command Keypad (LNL-CK), an LCD display keypad for users to execute local I/O • Digitize 3500 functionality. The LNL-CK has 32-character display with a 16-position keypad that features arm, • Osborne-Hoffman OH-2000 disarm, bypass and force arm alarm groups. • AES-Intellinet 7000 ■ Ethernet or RS-232 Communication ■ Unlimited Panels and Receivers Fire Panel Interface OnGuard supports secondary annunciation of events from several industry-standard fire alert Features panels, including models from Siemens and Notifier. When a specific fire alarm is triggered, the ■ Complete Monitoring & Reporting Capabilities event is communicated to OnGuard. Users can define specific immediate response mechanisms, such as linked digital video, global I/O function and e-mail/paging alerts. ■ Integrated User Interface ■ Command and Control of Daily Operations Intrusion Panel Interface ■ Complete Audit Trail OnGuard supports secondary annunciation of events from multiple industry-standard intrusion ■ Centralized Data Management detection panels. It also allows administrators to define zones and areas with logical names locally ■ Reliable Information Delivery in the OnGuard database to identify the physical location of each alarm point, arm/disarm station or ■ Custom Event Code Mapping motion detector. When an event occurs, OnGuard identifies the source of the event by name, and ■ Receiver Account Auto-Add Feature tells the operator how to respond. ■ Complete Configuration of Alarm Areas for Each Account Required Applications ■ Custom Alarm Zone Configuration ■ Centralized Monitoring ■ Full Reporting of All System, User and Alarm Events Options to Deploy Benefits ■ Alert System Interface ■ Intercom Interface ■ Fire Alarm Interface ■ Central Station Receiver Interface ■ One System to Monitor, Learn, and Manage the Security Environment 9 ■ OnGuard Access ■ Intrusion Panel Interface Access Control OnGuard Fire & Intrusion Central Station Receiver Interface Enhanced Reporting Capabilities The OnGuard Central Station Receiver Interface provides a number of With OnGuard’s advanced reporting capabilities, administrators can features to make event information displayed in the OnGuard Alarm run complete reports based on related activities from integrated Monitoring application more useful. OnGuard administrators can intrusion panels. Here is a sample of report opportunities: assign account numbers to panels connected to the central station receiver, to ensure accurate identification. Furthermore, groups can be ■ A “Fire Zone Missing” report determines if any fire detection zones created to lump together multiple panels in expansive deployment were not reported as being online. settings. Even in situations where an event is generated from a panel not yet named in the system, the database will automatically add the ■ An OnGuard scheduler status report determines if all scheduled panel (using the account number as the name), which can be activity was executed as instructed. accurately identified at a later time. ■ An “Output Relay” report shows every action setup or modified in Alarm panels connected to receivers report their events in a large relation to respective output relays. variety of data formats. OnGuard provides a mapping between the event codes generated from receivers and panels and existing ■ An “Opening/Closing” report shows when areas were armed/disarmed OnGuard events. Custom event code mappings can also be defined and when arm delays were active. based on how a particular panel is configured. ■ Cardholder activity reports can be generated to show the activity of all or specific cardholders between access control readers on OnGuard hardware or intrusion panels. 10 ID CredentialCenter Support Overview ■ Support for Industry Standard ID Card, Reader and Printer Technologies OnGuard ID CredentialCenter offers the most expansive set of capabilities available to manage the ■ ID Cards/Readers • Lenel OpenCard™ • iCLASS® • MIFARE® • DESFire® • Contact Smart Card • Proximity • Magnetic Stripe Credential ■ Printers • Any Printer with Windows 2003/XP/2000 Drivers • Nisca® • Ultra/Magicard® • Evolis® • Zebra® • Fargo® • Datacard® • DFS® employee security information life cycle, from data entry to access revocation. Cardholder information is managed centrally, providing ease of enrollment, information management, integration with LDAP, badge design, printing and encoding, and cardholder credential activity reports. OnGuard makes every aspect of working with employees and their credentials easy to use, easy to investigate and easy to report. Refer also to the OnGuard Biometrics & Smart Cards product sheet for information about OnGuard’s smart card capabilities, and to the OnGuard Visitor product sheet for visitor management capabilities. Centralized Enrollment & Credential Management A typical organization needs to manage credentials for employees, contractors and visitors. Administrators need to manage each individual’s data and the credentials he uses to access organizational resources, both physical and logical. OnGuard can help implement a secure platform by which employee’s access to the business can be known and managed from beginning to end. Features Using OnGuard Integration Tools, cardholder information can be constantly retrieved and updated ■ High Speed Photo Capture from the organization’s central identity management program, keeping the physical security program ■ Signature Capture ■ Intelli-Check ID Check Integration ■ Full Biometric & Smart Card Management ■ Import Utility to Retrieve Data from Driver’s Licenses, Passports or Other Credentials ■ User-Definable Data Fields ■ High Resolution Lighting Kit ■ Import/Export Feature in line with all organizational standards. From enrollment through revocation, OnGuard ID CredentialCenter provides complete management of all data relevant to each cardholder and his credentials. Integration with LDAP Users with an LDAP-based system for managing network identities [Active Directory, Sun Network Management (formerly iPlanet)] can directly link cardholder accounts in OnGuard to their respective ■ In-line Encoding of Magnetic Stripe, Bar Code & Contact(less) Smart Card LDAP accounts. In doing so, administrators in either system can control or restrict both physical and ■ PDF-417 Bar Code Support the creation or removal of a cardholder account when the LDAP account is created. network access as a security measure against specific employee(s). OnGuard can also automate ■ Image Compression Control ■ Image FX Gallery Integrating with Identity Management Systems ■ Program Badge Functionality ■ Chroma key and Ghosting Businesses are seeking to adhere to stronger and more secure processes in pursuit of legislative ■ High-Quality, True Color Credential Production compliance. Increasingly, identity management systems dictate important security permissions for employees throughout the business, ensuring that business rules are applied in every corner of every program. OnGuard can be configured to accept security rules from the IDMS to enforce company-wide standards. 11 OnGuard ID CredentialCenter Image/Photo Capture Device Badge Printing and Encoding with Complete Smart Card Support Passport, License, or Military ID Scanner Smart Card Reader w/Encoding Iris/Retina Capture Device Card or Badge Printer Fingerprint Capture (Slap or Roll) OnGuard ID CredentialCenter Smart Card Other Supported Biometric Capture Devices Card Management System or Certificate Authority * For use with smart card enabled systems or when using digital certificates and PKI infrastructure LOCAL AREA NETWORK (TCP/IP) AD/LDAP Network Administration Server OnGuard Security Server External Database (SAP, PeopleSoft, Oracle, etc., Human Resources, IDMS) Cardholder Records BadgeDesigner A cardholder record in OnGuard ID CredentialCenter can be created manually, or auto-generated from data received from a third-party application. Once a cardholder profile has been established, the balance of the person’s security permissions can be configured. Categories include: Cardholders are often issued physical credentials (identifiers) which can be used to enable access to facilities and logical resources. For cards, OnGuard offers BadgeDesigner, a program that allows you to create/insert graphics into badge layouts that are used when producing cards. This user-friendly program allows users to manage layouts, both simple and sophisticated, for single sites or enterprise systems. ■ Access Levels - single access points or logical combinations of access points. ■ Assets - create records of laptops, projectors and other office assets assigned to a cardholder and link them to a cardholder account. ■ Biometrics - manage the biometric templates of cardholders needing access to secured areas requiring biometric templates be used and when necessary encode or program this template to a smart card or manage it in an OnGuard Intelligent System Controller. ■ Directory Accounts - link cardholder account to LDAP account. ■ Logical Security - link cardholder account to logical security system. Support includes ActivIdentity CMS and Bioscrypt VeriSoft. ■ Visits - records of individuals who have visited a facility that were sponsored by the cardholder. Credential CORPORATE HEADQUARTERS Card Printing, Encoding & Programming A key component of many ID management programs is the physical card used for access control. OnGuard ID CredentialCenter can manage the processes of laying out the card design text and graphics, and printing the card. During printing, badge IDs can be encoded to magnetic stripes or contactless smart chips. OnGuard is the only non-proprietary solution on the market that offers the ability to program blank HID iCLASS contactless smart cards. From start to finish, OnGuard ID CredentialCenter lets you enable a quick and effective card production process. Cardholder Reports Any cardholder can potentially be involved in a security incident. A good security program will immediately recognize when a security incident occurs. It can also promptly and accurately identify problematic trends that might indicate that an incident is about to occur. OnGuard provides standard reports that can be quickly generated. For example, the Badge Use report can list exactly when and where a specific card was used within a given period of time. 12 Biometrics & Smart Cards Support ■ Supports Template-On-Card and Template-On-Server Data Models ■ Supports Biometric Readers from: • Bioscrypt (V-Series) • Cross Match (for enrollment only) • Identix • Integrated Engineering SmartTouch • LG (3000+ iCAM 4000 series) • Schlage Recognition Systems • Ultra-Scan • Lenel Credential ■ Supports Contactless Smart Cards / Readers from: • Lenel (OpenCard, PIV End-State, MIFARE, DESFire) • Banque-Tec (MIFARE) • HID (iCLASS, MIFARE, DESFire, PIV End-State) • Integrated Engineering (MIFARE, DESFire, PIV End-State) • OMNIKEY (iCLASS, MIFARE) • XceedID (iCLASS, MIFARE, DESFire, PIV End-State) ■ Supports Contact Smart Cards / Readers from: • ISO 7816-4 Providers • Gemalto (Cryptoflex, Payflex, Cyberflex) • OMNIKEY (ISO 7816-4) • Veridt (CombiSmart) Features ■ Fast, Efficient, Enrollment Using OnGuard ID CredentialCenter Integrated Biometric and Smart Card Management Biometrics and smart cards are two of the most powerful security solutions available today. While there is an assortment of products on the market purporting to offer high security, not all of them provide the optimal experience for the user. Lenel has developed OnGuard Biometrics & Smart Cards to help customers leverage their OnGuard systems to support industry leading biometric and smart card technologies. This solution offers customers a seamless enrollment and verification experience, to simplify management and optimize security while providing added functionality. Biometric Templates Many organizations have begun to use biometrics to add a layer of protection beyond using cards and PIN at specific access points. Cardholders who must use biometrics for secure-area access can enroll their fingerprint, hand geometry or iris data easily and securely using OnGuard ID CredentialCenter. System administrators that add biometric verification capabilities to secured doors and desktops continue to use a single point of enrollment for all cardholders. Rolling out OnGuard Biometrics & Smart Cards involves capturing the cardholder’s biometric data, managing it in a secured database, and storing the template. Templates can be managed in the Intelligent System Controllers or on smart cards. Both models are achieved by leveraging existing investments made in OnGuard Intelligent System Controllers and cardholder credentials. The cardholder’s biometric template is securely managed, ensuring that the individual’s personal data will not be compromised. Secure Cards The enhanced security offered by smart cards has increased their popularity. Although magnetic stripe and proximity cards are easier to manage than traditional locks and metal keys, their vulnerability is that someone who can obtain the card-based data can reproduce the cards. By contrast, smart cards perform a procedure known as mutual authentication, which requires the smart card and the card reader to identify each other before data can be communicated. While proximity merely waits for a signal from a badge and automatically transmits data for verification, smart cards work in conjunction with readers to safeguard biometrics and other data on the card. Smart Card Profiles ■ User Friendly GUI ■ Accurate, Non-Intrusive ■ Biometric Verification ■ Single Networked System ■ Unique Distributed Architecture ■ Access Decisions Made at the Panel or Credential Level, Even When Off-line with the Database Server ■ Centralized Reporting and Audit Trail ■ Share Biometrics Between PACS & LACS for Login to User’s Directory Accounts Benefits ■ Increases Security ■ Eliminates Multiple Systems and Databases ■ Reduces Total Cost of Ownership The ability to use a smart card for multiple applications besides security presents new opportunities for users. A magnetic stripe card contains a unique identifier that is accessed whenever the card is used—in vending machines, at doors, etc. By contrast, a smart card can support multiple, independent applications, each of which is protected by its own software key stored on the card. Each different application protects its own data, but all data is stored on one physical card. An advantage of the OnGuard solution is its ability to perform in-line encoding of multiple applications on a smart card during cardholder enrollment or badge printing. An OnGuard system administrator can create a unique smart card profile for each cardholder to manage and update the person’s card data. OpenCard Format OnGuard can produce smart cards that can be used across multiple systems. Lenel technologies can produce and read a variety of standard card formats, including the new PIV II and a variety of government smart card formats. Additional formats allow creation of iCLASS, MIFARE, DESFire, and magnetic badges that are compatible with many standard readers. This eliminates the need for third-party card encoding software in most cases. Required Applications ■ OnGuard Access and/or OnGuard ID CredentialCenter 13 OnGuard Biometrics & Smart Cards USB Desktop Smart Card Reader OnGuard Integrated Monitoring Workstation OnGuard Integrated Monitoring Workstation USB Desktop Biometric/ Smart Card Authentication Unit Single Sign-On Support LOCAL AREA NETWORK (TCP/IP) LNL-500 ISC LNL-1300 RIM LNL-500B RIM LNL-2000 ISC LNL-500B RIM LNL-2000 ISC LNL-1300 RIM LG ICU Credential LNL-1300 RIM LNL-2000 ISC Bioscrypt V-Smart G MIFARE Smart Card Reader Bioscrypt V-Flex LNL-BIO-007 Fingerprint/ Hand Geometry Support HID iCLASS Reader LG IrisScan Iris Support Bioscrypt Support OnGuard offers a fully-integrated, fingerprint authentication access control application reader for distributed controller and smart card solutions by integrating with the Bioscrypt V-Flex, V-Smart and V-Station fingerprint readers. Credentialholders’ fingerprints are captured during enrollment, and either downloaded to the LNL-2000 or directly written to a smart card chip using standard contactless smart card technology. Once users are enrolled for Bioscrypt physical access control products, they are automatically enrolled for use in Bioscrypt VeriSoft logical access control system. VeriSoft is seamlessly integrated with OnGuard, and allows desktop users to actively maintain their password profile for access to an assortment of network and software applications and web sites. IR - Schlage Recognition Systems Support LG Iris Support OnGuard provides advanced hand geometry support using Schlage OnGuard provides advanced iris verification support for customers HandKey, HandKey II, and ID3D hand geometry readers. Schlage seeking to establish the highest level of access control. By seamlessly readers utilize field-proven technology that maps and verifies the size integrating iris technologies from LG Electronics, OnGuard supports and shape of a person’s hand. Each hand template requires only 9 storage of iris templates on HID iCLASS 16K contactless smart cards bytes of information, for fast enrollment and minimal data storage in the for local verification. Users can enroll and receive their encoded OnGuard database and at the LNL-2000. credentials via OnGuard ID CredentialCenter. 14 VideoManager Support Overview Multiple Resolution Options: ■ QVGA (320 x 240) ■ CIF (352 x 288) ■ VGA (640 x 480) ■ 4CIF (704 x 576) ■ D1 (720 x 480 DVD quality) ■ Multiple Megapixel Resolutions OnGuard VideoManager is the most flexible and dynamic video system available today. With enormous 3,000+ channel installations operating around the world, OnGuard VideoManager offers customers the scalability to take small and simple video needs to large and sophisticated enterprise video. OnGuard VideoManager is seamlessly integrated with OnGuard, offering customers the many benefits of applications inside the OnGuard portfolio, including OnGuard Access and OnGuard Fire & Intrusion. By integrating with OnGuard, customers can realize a true, event-driven system architecture whereby actionable security is enabled by linking real, live security-related events. Multiple Frame Rates: Event video can be monitored in several ways. For those organizations with sophisticated ■ Up to 60, depending on recorder device monitoring needs, OnGuard IntelligentVideo offers an array of algorithms and packaged solutions Compression: ■ MPEG-4 for everyday security challenges such as loitering, objects entering an area or object leaving an area. For those customers who want to use OnGuard IntelligentVideo in forensic investigative mode, there is no additional charge. All angles are covered with OnGuard VideoManager. ■ MJPEG Recording Options: Configuration ■ Analog video input ■ Network video input OnGuard VideoManager’s powerful configuration options enable administrators to design simple ■ Continuous and straightforward systems, or expansive and sophisticated solutions tailored to their specific ■ Time-lapse needs. Camera resolution support ranges from basic QVGA (320 x 240) to high resolution D1 (720 ■ Event-driven x 480 DVD quality). An array of frame rates are available, and are dependent on video capture ■ Synchronized audio & video modules with both MPEG-4 and MJPEG compressions. OnGuard VideoManager also offers several Video Extended Storage Options: ■ Direct-Attached Storage (DAS) ■ Network Attached Storage (NAS) ■ Storage Area Network (SAN) Monitoring Options: ■ Integrated monitoring recording, extended storage and monitoring options. Customers can record in continuous, time-lapse, event-driven or synchronized audio and video modes, and store that video on industry-standard, off-the-shelf hardware, including Direct Attached Storage (DAS), Network Attached Storage (NAS) and Storage Area Networks (SAN.) Once video is set up, it’s time to monitor it. OnGuard VideoManager offers several options for viewing, including through OnGuard Alarm Monitoring, OnGuard VideoViewer, OnGuard Remote Monitor and a Barco digital display wall. OnGuard VideoManager lets you build your video system with our software. ■ VideoViewer ■ Remote monitor Event-Driven Solution ■ Barco display integration For every aspect of a video system, alarm event conditions drive the solution. PTZ on event. Auto-launch on event. Record on event. Monitor events. Investigate events. Archive event video. Event Options ■ PTZ on event OnGuard VideoManager is the event-driven solution. Monitoring ■ Auto-launch on event ■ Record on event OnGuard leads the industry with the most robust monitoring application available. OnGuard Alarm ■ Monitor events Monitoring communicates the status of video recorders and network cameras, illustrates alarm ■ Investigate events location with the use of multimedia graphical maps, and enables operators with in-view PTZ control, ■ Archive event video auto-launch of video on alarm and camera touring. OnGuard also offers users a variety of monitoring interfaces, from the Remote Monitor to the Barco video wall. No matter what the monitoring requirement is, OnGuard has an interface to match. 15 OnGuard VideoManager Pan/Tilt/Zoom Digital Video Recorder Network Video Recorder • Alarm Inputs (13) Network Addressable Cameras • Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1) CCTV Cameras IntelligentVideo Server SAN - STORAGE AREA NETWORK Audio (Microphones) DEDICATED NETWORK VIDEO SUBNET REGION 1 SECURITY OPERATIONS CENTER SECURE SOCKET LOCAL AREA NETWORK (TCP/IP) Pan/Tilt/Zoom VIDEOVIEWER WEB CLIENTS LAN/WAN NAS - Network Attached Storage REMOTE MONITORS Video Wall Third Party Matrix Switcher CCTV Cameras Video OnGuard Security Server OnGuard Integrated Monitoring Workstation Investigation Analytics Investigations are central to every security program. OnGuard Research has proven that even an efficient monitoring staff has a VideoManager has several tools available that are critical to enabling decrease in focus after just one hour of video viewing. Often, situations successful investigations. Video event locking allows users to select that should be detected are not, presenting security with a reaction which alarm event types automatically archive related video scenario. Short of having full time, highly focused monitoring, video recordings. Centralized archiving allows administrators to ensure that intelligence is a viable option for any customer. By having the system event video is locked and archived in the case of late security event provide more support, security managers and operators can focus on realization. Traces allow customers to select a specific badge or alarm the point, and poll for all video associated with the badge’s use, or activity IntelligentVideo offers security conscious organizations the opportunity at the alarm point. Security evidence clips are available to be exported to configure viewing areas to capture alarms in real time, or to in industry standard formats, for use in the Lenel Video Player or forensically search recorded video post-event. Some situations, such standard media players such as Windows Media Player. as loitering, may present an immediately acknowledgeable threat to security of people, information and assets. OnGuard security, while a briefcase being taken usually will reveal itself after the Management fact. In live scenarios, events go directly to OnGuard Alarm Monitoring and can be brought to the attention of security. In forensic scenarios, OnGuard VideoManager system security can identify activity that was indicative of a security event in management experience. OnGuard System Administration allows the question, such as an object crossing a line showing a person entering customer to set up offers new customers video inputs, a simple OnGuard a sensitive area containing information, or an object removed, which IntelligentVideo, deploy an archiving strategy, adjust video tours, scale configure highlights items such as a briefcase or laptop that was taken from a user permissions, and much more. For customers already using scene. OnGuard IntelligentVideo offers a multitude of tools for OnGuard, expanding with OnGuard VideoManager is simple and addressing security needs using the existing video infrastructure. smooth. This enables users to perform video management on a low learning curve. 16 GO! Support OnGuard GO! - Seamless & Simple - All In One Box ■ Windows XP ■ SQL 2005 Express Database OnGuard GO! is the fast track to using the most powerful security platform in the industry. With ■ 32 Card Readers (Up to 64) access control, ID management and digital video all available on the same server as the database, ■ Available with 8, 16 or 32 (NVR-based systems only) customers with entry-level system requirements have the luxury of all applications in one unit, saving valuable IT resources by not requiring a separate security server. OnGuard GO! is the choice for customers with one to many stand-alone locations and the need for consistent deployments of Configurations ■ DVR-based • DVC-ST • DVC-EX ■ NVR-based • DVC-1U • DVC-Dell Features ■ Access Control, ID Management and Digital Video, all in one unit ■ Connects to existing analog video systems ■ Ease of migration to traditional OnGuard architecture access control, ID management and digital video applications. Customers who start with the simplicity of OnGuard GO! also have the flexibility to expand to larger systems that might require additional computing resources, while maintaining a consistent user interface and system administration experience with no retraining required. OnGuard GO! can start your security deployment today! Single Unit for Everything Customers with security applications ranging from access control, to ID management, to digital video can start with one application and add more as requirements evolve. Customers who want to start with video only and add modules later can do so without needing additional server hardware. OnGuard GO! is built with an additional hard drive for the OnGuard application and database, enabling a true single unit solution for entry-level access control, ID management and digital video. Easy Upgrades to Traditional OnGuard Architecture Video Benefits OnGuard GO! can make sense for customer needs today, but what will they do in a couple of years ■ Preconfigured and ready to GO! when they need more? OnGuard GO! is designed to offer standard, entry-level access control, ID ■ Minimum one-day setup time savings over traditional interfaced access control and digital video systems management and digital video. Many customers have realized the investment value of addressing ■ Minimum 1U rack space savings OnGuard architecture. This migration involves a couple of straightforward steps. A new OnGuard today’s needs with the simplicity of OnGuard GO! Many more have also expanded on that initial investment and, when expansion was necessary, upgraded the OnGuard GO! system to a traditional security server is introduced, the database is moved to the new server, and the original GO! unit is converted to a dedicated video recorder. OnGuard GO! can start small and grow big to satisfy any customer’s requirements. Stand-alone Digital Video Customers looking for stand-alone digital video recorders can use a Lenel video recorder with the OnGuard GO! configurations. The OnGuard GO! configuration has the administration applications and database on the video recorder, saving money by not requiring a separate security server to launch the most powerful security system available. Furthermore, customers can take the single stand-alone video recorder and add OnGuard’s robust Access Control, Fire & Intrusion and ID Management applications, as well as countless software options. For customers expanding an existing analog environment by upgrading to a DVR, or embracing IP by migrating to network video, Lenel video recorders offer the flexibility to initiate an integrated security architecture by focusing on stand-alone digital video, then expanding the system when the time is right. 17 OnGuard GO! Traditional OnGuard System CCTV Cameras Pan/Tilt/Zoom OnGuard Security Server Digital Video Recorder Client Workstation Inputs Outputs Client Workstation Client Workstation Optional Third Party Matrix Switcher CCTV Cameras Controller CCTV Cameras LOCAL AREA NETWORK (TCP/IP) OnGuard GO! Integrated Solution Optional Monitor OnGuard GO!: OnGuard Server OnGuard Client Digital Video Management System Administration Access Control Alarm Monitoring ID Management Digital Video Recorder Inputs Client Workstation Client Workstation Optional Third Party Matrix Switcher CCTV Cameras Optional Controller 13 Dry Contacts (inputs) REGION 1 SECURITY OPERATIONS CENTER Outputs Pan/Tilt/Zoom LOCAL AREA NETWORK (TCP/IP) DVR-based GO! Systems NVR-based GO! Systems Video CORPORATE HEADQUARTERS DVC-1U DVC-ST Chassis (4U) Network Analog DVC-EX Chassis (3U) Analog and Network DVC-Dell Network 18 Enterprise Support Advanced Enterprise Security Integration ■ Unlimited Regional Servers ■ Unlimited Cardholders ■ Unlimited Simultaneous Users ■ Unlimited Card Readers OnGuard Enterprise is the industry’s first multi-server, synchronized database solution designed for enterprises with multiple facilities spread across geographical areas. OnGuard Enterprise allows corporate security and IT managers to maintain central control over the ■ Unlimited Alarm Inputs entire integrated security system, while allowing regional offices to maintain independence and ■ Unlimited Client Workstations autonomous operations of their respective individual regional security systems. ■ Unlimited Time Zones ■ Unlimited Simultaneous Monitoring Central Database Storage Facilities ■ Unlimited User Privilege Levels OnGuard Enterprise gives corporate security and IT managers complete command and control over ■ Unlimited Relay Outputs all system and event information. All cardholder and access control field data accumulated at the regional servers is synchronized and logged to a master enterprise server. This gives corporate security managers full viewing control over central alarm monitoring, reporting, and auditing Features functionality. ■ Data Synchronization Between Multiple Databases via LAN/WAN Connections Autonomous Regional Operations ■ MobileBadge™ Functionality for Enrolling Cardholders at Remote Sites ■ Segmented Database Architecture ■ Open Architecture Design Utilizing Commercial, Off-the-Shelf Products OnGuard Enterprise gives regional system administrators autonomous control over their individual regions, independent of the enterprise server and corporate wide area network. Each regional system administrator has total control over all access control field hardware and system information related to his respective region. Additionally, regional administrators and operators can view, control, and modify only the information and field hardware that is related to their regions. Multi-Database Synchronization Advanced ■ Intelligent Fault Tolerant Response System At periodic intervals, each of the regional servers performs a synchronization process with the ■ Advanced Network Design enterprise server via wide area network communication. All access control field and event ■ Powerful Import & Export Capabilities information, as well as updated cardholder information, is uploaded to the enterprise server. The enterprise server then distributes any changes received from other regional servers, so that all servers are equipped operating with up-to-date information. Options Scalability for Multinational Sites ■ Multi-Regional Alarm Monitoring OnGuard Enterprise is scalable, which makes it ideal for any size installation. It supports an unlimited number of regional servers and client workstations without system degradation. Its powerful, transaction-based architecture allows the system to grow and expand as the organization grows, while utilizing the same access control field hardware and application software. Third Party Human Resource Interface OnGuard Enterprise’s advanced interfacing capabilities allow bidirectional communication with third party databases—such as human resource systems—to transfer cardholder information. Updates occur in real time, and cardholder information is automatically downloaded to all associated access panels. If an employee is terminated, the information is transferred from the HR system to OnGuard Enterprise, which automatically removes all access rights for the cardholder and downloads the required information to the access controllers. 19 OnGuard Enterprise Smart Card/ Biometric Encoder Certification Authority OnGuard ID CredentialCenter Centralized Enterprise Administration Fault Tolerant OnGuard Enterprise Server OnGuard DataExchange Active Directory LDAP Directory Card/Biometric Management System OnGuard DataConduIT Human Resources Database Region n Logical Access Control System WIDE AREA NETWORK Microsoft Message Queue LOCAL AREA NETWORK (TCP/IP) Smart Card/ Biometric Encoder OnGuard ID CredentialCenter Mobile Badging Station REGION 1 SECURITY OPERATIONS CENTER Fault Tolerant OnGuard Regional Server USB Smart Card Reader • Integrated Monitoring • Centralized Administration Video Wall USB Biometric • OPC Server/Client • SNMP Manager/Agent • MS SQL or Oracle OnGuard Client Workstation OnGuard Integrated Monitoring Workstation Application Server • Internet Information Services (IIS) Region 1 IBM WebSphere DataConduITQueue CORPORATE HEADQUARTERS MOBILE SOLUTION Mobile Guard USB Smart Card Reader Wireless Device Remote Monitor LOCAL AREA NETWORK (TCP/IP) SECURE SOCKET Intelligent Dual Reader Controller Dual Path Controller Intercom Switcher Building/Process Automation System USB Prox NetworkManagement System (OPC Server/Client) Intrusion Detection Burg Panel Intrusion Detection Burg Panel Central Station Alarm Receiver (SNMP Manager/Agent) Single Reader Interfaces Card Reader Input Control Module Biometric Gateway Pan/Tilt/Zoom Digital Video Recorder • Alarm Inputs (13) Network Video Recorder TERMINAL SERVER 2-Door Wireless Reader Interface ID Control Unit *Asset Reader Card Reader *Card Reader *Hand Reader (x8) LOGICALLY TEAMED WITHIN ONGUARD SOFTWARE 16-Door Wireless Reader Interface Smart Card/ Biometric Reader Department Manager Reception Decentralized Access Privilege Management Visitor Check-in Station WEB CLIENTS Network Addressable Cameras • Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1) CCTV Cameras Disaster Tolerant Backup Security Server Wireless Gateway Output Control Module • Wiegand • Magnetic Stripe • Bar Code NAS - Network Attached Storage Fire Panel Dual Reader Interfaces *Supported Readers Include: • Contact/Contactless • Biometric • Proximity Fire Panel SAN - STORAGE AREA NETWORK Courtesy/Duress Station Fingerprint Reader LAN/WAN Iris Reader (x4) IntelligentVideo Server Wireless Reader (x2) Department Manager Wireless Reader (x16) Decentralized Access Privilege Management VideoViewer Audio (Microphones) DEDICATED NETWORK VIDEO SUBNET Smart Card Reader A Single Card Enterprise Solution Multi-Regional Monitoring and Administration With OnGuard Enterprise, each cardholder carries a single ID card that OnGuard Enterprise’s power and flexibility allows system operators to is usable at all regional sites in the system. Once the cardholder monitor alarms in multiple regions simultaneously. This means that database has been distributed to the regions, each regional regional operators might, for example, monitor alarm and event administrator can assign unique access levels for the cardholders that information locally during working hours, while enterprise operators are allowed at his region. OnGuard Enterprise’s advanced security might monitor alarms from all of the regions after hours. An unlimited allows system administrators and operators to assign access levels for number of regions can be monitored simultaneously. OnGuard only those card readers that are in their respective regions. Enterprise also allows enterprise system administrators to configure Advanced USB Biometric and administer multiple regions from a single site. 20 Integration Toolkits Features Increased Security Intelligence ■ Technology Independent with Support for XML, OLE, etc. Information sharing is critical to the implementation of effective business systems. Proper ■ Powerful Application Programming Interface integration of different systems is essential to increasing a company’s return on investment. ■ Flexible Open Design maintenance. OnGuard Integration Toolkits help customers achieve this level of integration by ■ Easy Script Creation ■ Guaranteed Delivery of Alarms using OnGuard DataConduIT Toolkit Applications that use the same data through the same process increase productivity and reduce leveraging OnGuard as the central repository for all security information, and integrating through scripting to other applications such as human resources, ERP and directory servers. Automate Business Processes OnGuard DataConduIT is a great toolkit for automating business processes inside an organization. Benefits When events occur in either the security or IT domain, middleware developed using OnGuard ■ Leverages Existing Available Information systems. For example, when using account linkage, the removal of access rights to physical and ■ Automates Business Process ■ Increases Return on Investment ■ Stronger Security DataConduIT can automatically trigger corresponding actions or changes between multiple logical areas can be streamlined. When an employee is terminated from any system (badge disabled in security, Windows Login Account disabled, etc.), OnGuard DataConduIT can trigger all other security or IT accounts to also automatically disable access, immediately suspending the employee’s rights to physical areas, network directories, e-mail, and other intellectual property. ■ Reduces Total Cost of Ownership ■ Increases Security Intelligence & Accountability Extensive System Integration Opportunities ■ Vast Integration Opportunities OnGuard DataConduIT’s flexibility allows many unique business applications to be implemented by leveraging existing available data. The integration possibilities are endless. For example, programmers can develop the following services using OnGuard DataConduIT: ■ OnGuard cardholder accounts can be created based on the creation of a Windows account for that employee. ■ A disabled OnGuard badge can cause the cardholder’s Windows or other Active Directory/LDAP account to be disabled. Advanced ■ Customers can create scripts with sophisticated business rules to automate movement of data to and from human resource systems or directory servers. ■ Customers can create applications for deployment of OnGuard applications onto alternative mobile computing devices such as wireless PDAs. ■ Login access (activation of LDAP accounts) to computers located in a lab can be controlled based on card access of the person who carded into the lab. Integration Toolkits and Standards to Enable ■ OnGuard DataExchange™ ■ OnGuard OpenAccess™ Alliance Program ■ OnGuard DataConduIT™ ■ OnGuard DataConduIT™ Queue ■ OPC Server/Client ■ SNMP Agent/Manager ■ Credential Agent 21 OnGuard Integration Toolkits OnGuard Security Server CORPORATE HEADQUARTERS 3rd Party Security System LDAP or Active Directory Building/Process Automation System Network Management System IBM WebSphere OnGuard DataExchange OPC Client/Server OnGuard DataExchange is an advanced data import/export application. DataExchange can be utilized in several ways. At initial population of the cardholder database, DataExchange facilitates database-to-database or flat-file data import from a human resources database (such as Oracle, PeopleSoft, or SAP) or a displaced legacy system. DataExchange can be configured to handle continual updates to/from these systems, reducing input time and allowing OnGuard to adhere to predefined corporate business rules. Export scripts can also be configured to communicate from OnGuard to other third party systems, such as time & attendance and meal systems. OnGuard supports OLE for Process Control (OPC) interfaces, which are based on Microsoft OLE/COM technology. OPC was designed to allow interoperability of building automation and process control systems, enabling the systems to bidirectionally communicate. OnGuard allows customers to utilize their systems as client or server for OPC alarms & events (historical) and OPC data access (real-time). OnGuard DataConduIT OnGuard DataConduIT is an advanced Application Programming Interface, built on Windows Management Instrumentation (WMI), that allows real-time, bidirectional, seamless integration between OnGuard and IT applications. OnGuard DataConduIT enables OnGuard cardholder accounts to be linked to Windows Login Accounts. It also enables OnGuard applications to be deployed (full-scale or scaled-down versions) on alternative computing platforms. It allows information sharing and integration points with third party information system products such as Tivoli, HP OpenView and IBM WebSphere MQ Adapter. Using OnGuard DataConduIT, system administrators can develop scripts and applications that allow events in one domain (security or IT) to initiate appropriate actions in the other. For example, administrators can link the OnGuard cardholder accounts to their respective Windows Login Accounts such that enabling or disabling one account automatically causes the other account to be enabled or disabled. DataConduIT Queue DataConduIT Queue allows users of DataConduIT to queue event data if communications are lost. Upon reconnection, all queued events are brought into/out of the system, rather than being lost. DataConduIT Queue is recommended for implementations where data loss is not acceptable. Additional supported queues include Microsoft Message Queue and IBM WebSphere Message Queue. SNMP Agent/Manager OnGuard has built-in support for network management system security via SNMP (Simple Network Management Protocol). A part of the TCP/IP protocol suite, SNMP facilitates the exchange of management information between network devices. Network administrators are familiar with SNMP’s ability to help them manage performance, identify and resolve network issues and plan for network growth. OnGuard is designed to play the role of agent (sending trap data to a ‘manager’) or manager (receiving trap data from an ‘agent’). WebSphere MQ Adapter Customers have the advantage of using OnGuard DataConduIT to implement advanced integration with the IBM WebSphere business integration platform. Customers can utilize WebSphere’s reliable messaging interfaces to develop security-specific, real-time, XML-based messaging. Specific information that can be leveraged includes cardholder data, visitor information, security-centric alarms, secure-credential data, and time & attendance information. Advanced SAP/PeopleSoft/Oracle Database LOCAL AREA NETWORK (TCP/IP) Credential Agent Credential Agent allows customers using smart card technology to efficiently obtain up-to-date information for third-party applications to a dedicated smart card data container. This process sequentially communicates to each established application at the time the card is being encoded, saving customers time in coordinating the data and writing in a single, seamless process. 22 Software Options Fault Tolerance and Disaster Recovery Lenel offers multiple options for fault tolerance and disaster recovery, featuring in-the-box redundancy from the NEC Express5800/ft series and the advanced LAN/WAN failover capabilities of NEC ExpressCluster X software. NEC fault tolerant servers help organizations maintain a low cost of ownership by running only one instance of Windows, SQL Server and OnGuard, all while achieving 99.999% uptime. New capabilities even allow Active Upgrade, which enables the system to maintain full functionality while a service pack is applied or a full version upgrade is performed. Lenel also supports Microsoft Clustering. Barco Wall Integration (SWG-1600) OnGuard VideoManager offers a means by which to stream video through Barco digital controllers and display the video on high-definition Barco walls. Video can be easily matrixed over a multiple-screen display, providing maximum flexibility in bringing continuous or event-based video to the front of the Barco wall to aid in critical monitoring. Extended Databases Options (SWG-1290,1293,1295,1440) OnGuard supports databases from industry-leading vendors. OnGuard ships standard with Microsoft SQL Server. Oracle 9i and 10g Server support is also available for the OnGuard Security Server database. Organizations can choose the database that conforms to their corporate standards and support. Thin Client Support (SWG-1360,1370) OnGuard can distribute client applications via Microsoft Terminal Server or Citrix MetaFrame Presentation Server. This is ideal for organizations that have multiple-facility systems and dispersed client workstations that aren’t easily accessible when installations and upgrades are required. Advanced Mustering (SWG-1120) The OnGuard Mustering capability provides a way to account for cardholders who are located on-site during an emergency. Designated entry and exit card readers are used by cardholders to enter and depart hazardous and safe areas. When an incident occurs that warrants mustering, an online muster report is generated that provides a complete list of all personnel located within hazardous areas, as well as those who have registered at safe locations. The muster report updates in real time whenever a cardholder registers at a safe location. Guard Tour (SWG-1130) The Guard Tour feature checks one or more card readers or alarm inputs during routine tours to verify that predefined tour routes have been followed and completed. Guards use credentials at card readers or trigger inputs in a sequence along their watch path. Events sent to the OnGuard Alarm Monitoring application inform system operators that the guard has reached a checkpoint at the appointed time, early or late. Tours can be linked to live video in a “sliding window” format featuring multiple camera views that span the checkpoints already reached, the current checkpoint and anticipated checkpoints. 23 OnGuard Software Options FormsDesigner™ (SWG-1210) Video Verification (SW-1020) OnGuard FormsDesigner enables system users to customize the look The Video Verification option enables system operators to compare a and feel of the cardholder and visitor data entry forms. Custom fields live view of a person with the photo stored in that cardholder record in can be defined to supplement or replace the application’s standard the database. As a real-time video stream is received from a CCTV fields. Customization capabilities include: camera at a particular access point, OnGuard displays the stored photo and live video image side by side, providing an additional layer of ■ Moving standard fields to different locations on cardholder forms or deleting undesired standard fields. ■ Adding new field(s) to the cardholder form, each with its own unique cardholder verification for access to high-security areas. The system operator can visually determine whether the person at the door is actually the cardholder or someone else who is using the card. set of attributes. ■ Specifying size, text and alignment properties for each of the defined E-mail & Paging Interfaces (SWG-1260, SWG-1250) fields. Using the E-mail Interface, ASCII text messages can be sent to Language Packs (SWG-LP) Microsoft Outlook/Exchange electronic messaging systems in response to system events or alarms. This capability is ideal for OnGuard software can be translated into multiple languages, to provide environments in which key personnel need to be notified immediately regional support in environments where languages other than English when a particular event occurs. are required. Currently supported languages include: Arabic, Simplified Chinese, Traditional Chinese, Croatian, Czech, Dutch, English, Finnish, The Paging Interface generates outbound text messages based on French, German, Hebrew, Italian, Japanese, Korean, Portuguese, system events or alarms. Numeric or alphanumeric messages can be Russian, Spanish and Swedish. sent to any pager that communicates using TAP (Telocator Alphanumeric Protocol). In addition, notifications of specific events, Cardholder Image Export (SW-1040) including personal duress alarms, are relayed using preprogrammed pager numbers. The Paging Interface is designed for use where The Image Export option enables system administrators to export responsibilities are distributed among multiple people and where cardholder images from the OnGuard ID CredentialCenter application paging is a common means of communication. photos can be used in employee galleries, Internet directories or other human resource applications. CCTV Interface (SW-1010) Advanced to an industry standard JPEG (.jpg) file. The exported cardholder The CCTV Interface allows users to integrate OnGuard with any Closed-Circuit Television (CCTV) system that utilizes ASCII switching commands. For each alarm or event in the system, up to three signals can be sent from an OnGuard Alarm Monitoring workstation to the CCTV switcher. OnGuard supports Bosch, Pelco, Vicon and other CCTV brands. The CCTV Interface allows the CCTV devices to be automated for optimal performance during an incident, giving administrators and operators an effective surveillance tool. 24 Enterprise Smart Card/ Biometric Encoder Multi-Server Architecture OnGuard ID CredentialCenter Region n WIDE AREA NETWORK Region 1 Smart Card/ Biometric Encoder OnGuard ID CredentialCenter USB Smart Card Reader Mobile Badging Station • OPC Server/Client • SNMP Manager/Agent • MS SQL or Oracle OnGuard Client Workstation • Integrated Monitoring • Centralized Administration REGION 1 SECURITY OPERATIONS CENTER Intelligent Dual Reader Controller Fault Tolerant OnGuard Regional Server Application Server • Internet Information Services (IIS) LOCAL AREA NETWORK (TCP/IP) Dual Path Controller USB Prox Building/Process Automation System USB Biometric NetworkManagement System (SNMP Manager/Agent) (OPC Server/Client) Fingerprint Reader Advanced Single Reader Interfaces Card Reader Input Control Module Output Control Module *Supported Readers Include: Pan/Tilt/Zoom • Contact/Contactless • Biometric • Proximity Digital Video Recorder • Alarm Inputs (13) CCTV Cameras • Wiegand • Magnetic Stripe • Bar Code Network Video Recorder *Asset Reader *Card Reader *Hand Reader (x8) LOGICALLY TEAMED WITHIN ONGUARD SOFTWARE Card Reader Smart Card/ Biometric Reader Network Addressable Cameras • Pan/Tilt/Zoom • Buffered Storage • Alarm Input (1) Audio (Microphones) DEDICATED NETWORK 25 Dual Reader Interfaces Biometric Gateway VIDEO SUBNET IntelligentVideo Server Certification Authority Fault Tolerant OnGuard Enterprise Server Centralized Enterprise Administration OnGuard DataExchange Human Resources Database Active Directory LDAP Directory Card/Biometric Management System Logical Access Control System OnGuard DataConduIT Microsoft Message Queue IBM WebSphere DataConduITQueue CORPORATE HEADQUARTERS LOCAL AREA NETWORK (TCP/IP) Video Wall OnGuard Integrated Monitoring Workstation USB Biometric MOBILE SOLUTION Mobile Guard USB Smart Card Reader Wireless Device Remote Monitor SECURE SOCKET Intercom Switcher Intrusion Detection Burg Panel Intrusion Detection Burg Panel Central Station Alarm Receiver LAN/WAN Fire Panel Disaster Tolerant Backup Security Server NAS - Network Attached Storage SAN - STORAGE AREA NETWORK Courtesy/Duress Station Fire Panel Advanced Wireless Gateway TERMINAL SERVER 2-Door Wireless Reader Interface ID Control Unit 16-Door Wireless Reader Interface Department Manager Reception Decentralized Access Privilege Management Visitor Check-in Station WEB CLIENTS Iris Reader (x4) Wireless Reader (x2) Department Manager Wireless Reader (x16) Decentralized Access Privilege Management VideoViewer PERPETUAL INNOVATION Smart Card Reader 26 27 Contact Information Lenel Systems International is a leading provider of software and With nearly 15,000 system installations in 90 countries worldwide, we turnkey security systems for corporate and government markets. We boast a blue chip customer base with a strong presence in a broad focus on developing products that enable organizations to effectively range of vertical markets. We have earned numerous awards for protect and manage their people, property and assets by maximizing IT technology innovation, growth, market leadership and customer and infrastructure investments. satisfaction. Lenel is part of UTC Fire & Security, a business unit of United Technologies Corp. (NYSE:UTX). When we launched the OnGuard integrated solution in 1995, our pioneering efforts brought the power of leading-edge technology, the Lenel’s world headquarters are located in Rochester, New York. We reliability of software industry standards, and the flexibility of open also have major operational centers in London, Hong Kong, Beirut and systems architecture to an historically proprietary security market. We Dubai, numerous satellite offices, and sales and support coverage swiftly moved to a leadership position by developing and delivering worldwide. business solutions that protect people, property and assets. Today we’re recognized as the global leader and de facto standard in software and integrated systems for commercial and government security markets. Corporate Headquarters 1212 Pittsford-Victor Road Pittsford, NY 14534-3820 TEL: +1.585.248.9720 FAX: +1.585.248.9185 United Kingdom Office & Training Center Hong Kong Office & Training Center 95 Maybury Road Room 1401-2, 14/F Woking, Surrey Chinachem Johnston Plaza GU21 5JL 178-186 Johnston Plaza TEL: +44.1483.815230 Wanchai, Hong Kong, SAR, China FAX: +44.1483.815231 TEL: +852.2893.2886 FAX: +852.2893.7373 Dubai Office & Training Center Middle East Office & Training Center Building 5EB - Office 550 Assaydeh Center, Main Road Dubai Airport Free Zone Mansourieh, Al Matn Dubai, UAE Lebanon TEL: +971.4.609.1019 TEL: +961.4.409184 FAX: +971.4.609.1021 FAX: +961.4.409569 28 Lenel’s flagship security platform, OnGuard®, seamlessly integrates a full suite of security management functions and technologies using an open architecture design. OnGuard offers access control, ID credential issuance and management, alarm monitoring, digital video surveillance and management, real-time digital video content analysis, intelligent audio, integration of biometric technologies, intrusion detection, visitor management and smart card functionality, plus integration with a multitude of third party systems. Individual applications are available as standalone systems, or can be deployed in any combination to deliver a single integrated solution that uniquely satisfies each customer’s particular needs. OnGuard systems offer unlimited scalability, and localization support for major world languages. The possibilities are endless. www.lenel.com Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, New York 14534 USA Tel 585.248.9720 Fax 585.248.9185 www.lenel.com © 2007 Lenel Systems International, Inc.
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project