advertisement
7.3
DataConduIT User Guide
Lenel
®
OnGuard
®
7.3 DataConduIT User Guide
This guide is item number DOC-920, revision 7.018, August 2016.
© 2016 United Technologies Corporation. All rights reserved.
Lenel
®
, OnGuard
®
and Prism
®
(Registered trademarks of UTC Fire & Security Americas Corporation, Inc.)
Lenel is a part of UTC Climate, Controls & Security, a unit of United Technologies Corporation.
All trademarks are the property of their respective owners.
Information in this document is subject to change without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of UTC Fire & Security Americas Corporation, Inc.
Non-English versions of Lenel documents are offered as a service to our global audiences. We have attempted to provide an accurate translation of the text, but the official text is the English text, and any differences in the translation are not binding and have no legal effect.
The software described in this document is furnished under a license agreement and may only be used in accordance with the terms of that agreement.
Crystal Reports for Windows is a trademark of Crystal Computer Services, Inc.
OnGuard includes ImageStream
®
Graphic Filters. © 2002 eBT International, Inc. (f/k/a Inso Corporation). All rights reserved. ImageStream Graphic Filters and ImageStream are registered trademarks of eBT
International, Inc. (f/k/a Inso Corporation).
Integral and FlashPoint are trademarks of Integral Technologies, Inc.
Portions of this product were created using LEADTOOLS ©1991-2011, LEAD Technologies, Inc. ALL
RIGHTS RESERVED. Portions of this product are licensed under US patent 5,327,254 and foreign counterparts.
Active Directory, Microsoft, SQL Server, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Oracle is a registered trademark of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Other product names mentioned may be trademarks or registered trademarks of their respective companies and are hereby acknowledged.
Table of Contents
Using DataConduIT for Data Access . . . . . . . . . . . . . . . . . . . . . . . . 21
DataConduIT User Guide
3
Table of Contents
Using DataConduIT to Receive Events . . . . . . . . . . . . . . . . . . . . . . 27
Using DataConduIT to Send Alarms to OnGuard . . . . . . . . . . . . . . 33
Working with MobileVerify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Troubleshooting and Advanced Options . . . . . . . . . . . . . . . . . . . . . . 37
Getting Started with DataConduIT Message Queues . . . . . . . . . . . . 41
4
DataConduIT User Guide
Table of Contents
DataConduIT Message Queues Folder . . . . . . . . . . . . . . . . . . . . . . . 49
Logical Sources Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
OPC Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Using SNMP with OnGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
DataConduIT User Guide
5
Table of Contents
6
Data and Association Class Reference . . . . . . . . . . . . . . . . . . . . . . . 71
DataConduIT User Guide
Table of Contents
DataConduIT User Guide
7
Table of Contents
Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Property Qualifiers Used In DataConduIT . . . . . . . . . . . . . . . . . . 155
Event Generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
8
DataConduIT User Guide
Table of Contents
APPENDIX C Common DataConduIT Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 171
APPENDIX D Technical Support Pre-Call Checklist . . . . . . . . . . . . . . . . . . . . . . . 173
DataConduIT User Guide
9
Table of Contents
10
DataConduIT User Guide
CHAPTER 1
Introduction
DataConduIT is a platform for managing OnGuard and for integrating OnGuard with IT systems.
DataConduIT provides access to ID management data, access control events, and real-time notification when changes are made to cardholders and their credentials. Administrators use this platform to write scripts and applications that improve the manageability of the OnGuard system and that provide new levels of integration between OnGuard and IT systems. These scripts and applications are written using a standard Microsoft API, Windows Management Instrumentation
(WMI).
The following are some common scenarios where DataConduIT can integrate OnGuard with IT systems:
•
When a cardholder is created, the IT department creates a Windows account for that person. The
Windows account name is derived from the OnGuard cardholder name. The account is linked to the cardholder in the OnGuard software.
• A single script creates an LDAP account, a cardholder, a badge for this cardholder (with a badge type, assigning default access levels), and a link between the account and this cardholder.
• A single script terminates a person’s access to all company resources by disabling all of the person’s badge(s) and LDAP accounts.
•
When a cardholder is granted access to an area, that cardholder is granted access to use the computers in that area.
• A cardholder enters the building under duress. The cardholder’s LDAP accounts are disabled to prevent potential unauthorized use.
• A cardholder’s phone number changes in the OnGuard software. The new phone number is propagated to the associated Windows account in the company’s Active Directory.
Administrators can also write scripts and applications that interact only with the OnGuard software.
Examples include command line tools that automate frequent administrative tasks and web user interfaces that provide thin-client access to ID management data. In addition, since DataConduIT is built using WMI technology, administrators can use WMI-enabled third-party management tools to manage OnGuard data and events.
All the dates and time fields reported by DataConduIT will be presented in the local time of the server, including the offset. The client can convert the displayed time to local time, or modify the formatting of the date and time, if desired.
DataConduIT User Guide
11
12
Introduction
Documentation Contents
This documentation package contains the following files and folders:
File
DataConduIT
DataConduIT Samples\ASEC
DataConduIT Samples\JScript
DataConduIT Samples\Solutions
DataConduIT Samples\VBDemo
DataConduIT Samples\VBScript
Description
This manual
Tools for using
DataConduIT
with the Active Script Event
Consumer
Sample code in the manual (in JScript)
Solutions for integrating OnGuard and Active Directory (in
JScript)
The Visual Basic Demo application, which can be used to demonstrate some of the capabilities of
DataConduIT
. (For more information, refer to Appendix E: Visual Basic Demo on page 175.)
Sample code in the manual (in VBScript)
IMPORTANT: All scripts and code (“sample code”) provided with this documentation are
examples of how to use DataConduIT. This sample code is for educational purposes only and is not supported by Lenel.
Some sample code requires ADsSecurity.dll to be registered on the machine. You can learn more about this DLL from Microsoft Knowledge Base article Q251390, which is available at http:// support.microsoft.com/default.aspx?scid=kb;en-us;Q251390 .
Documentation Prerequisites
This guide assumes that the reader is familiar with Microsoft scripting languages such as VBScript and JScript. All sample code given in this guide is written in JScript, but samples in both JScript and
VBScript are included separately with this documentation. Basic experience with object-oriented programming is also required.
Experience with Windows Management Instrumentation (WMI) is recommended but not required.
Definitions, Acronyms, Abbreviations
Class
“A template for a type of object.”
1
For instance, the Lnl_Reader class is a template for an access control reader.
Client
A script or application that accesses DataConduIT.
1. From the WMI documentation, URL below.
DataConduIT User Guide
References and Applicable Documents
Hardware event
An event that is displayed in Alarm Monitoring. These events generally originate in the security hardware. An example is when a reader grants access to a cardholder.
Namespace
“A unit for grouping classes and instances to control their scope and visibility. Namespaces are not physical locations; they are more like logical databases containing specific classes and instances. Namespaces are represented by the __Namespace system class or a class derived from it.”
1
Object/Instance
“A representation of a real-world entity that belongs to a particular class. Instances contain actual data.”
2
Person
A cardholder or visitor.
SDK
Software Development Kit.
Software event
An event that occurs when an object in OnGuard is added, modified, or deleted. Examples of such objects include cardholders, visitors, and badges.
WMI
Windows Management Instrumentation. “WMI is the Microsoft portion of the Distributed
Management Task Force’s (DMTF) Web-Based Enterprise Management (WBEM) initiative and provides a set of interfaces for access to components that provide management capabilities across an enterprise.”
3
References and Applicable Documents
Microsoft Scripting Technologies documentation, which is located in the MSDN library at http://msdn2.microsoft.com/en-us/library/ms950396.aspx
.
Microsoft WMI documentation, which is located in the MSDN library at http://msdn2.microsoft.com/en-us/library/aa394582.aspx
.
1. From the WMI documentation, located at http://msdn2.microsoft.com/en-us/library/aa394582.aspx
.
2. From the WMI documentation, located at http://msdn2.microsoft.com/en-us/library/aa394582.aspx
.
3. From the WMI documentation, located at http://msdn2.microsoft.com/en-us/library/aa394582.aspx
.
DataConduIT User Guide
13
Introduction
14
DataConduIT User Guide
CHAPTER 2
Getting Started
DataConduIT is installed as part of a standard server installation.
Note that DataConduIT must be installed on the same machine as the Linkage Server if you want to receive events through DataConduIT. DataConduIT may be run on additional server machines as well, but you will not be able to register to receive events from DataConduIT on those machines.
DataConduIT runs as a Windows service under the Local System account. It does not run as an application. Since the Local System account does not have permissions on the local network, if your database is not on the same machine as DataConduIT you will need to ensure that your ODBC connection uses TCP/IP, not named pipes. Otherwise, DataConduIT will not be able to connect to the database.
License for DataConduIT
DataConduIT is a licensed feature. The DataConduIT license is count-based; you are licensed to have a certain number of clients. The number of clients you are licensed to use is displayed in the
“Maximum Number of DataConduIT Clients” setting in the General section of the license. To view this setting, start to License Administration. or more information, refer to “Using OnGuard in the
Supported Operating Systems” in the Installation Guide.
Authentication
When a client makes a call into DataConduIT, whether it is to view some data, add an instance of a class, register an event query, or simply to get a class definition, the first thing DataConduIT does is decide whether the client is permitted to perform the operation. To do this, DataConduIT checks which Windows account has made the DataConduIT call. This is the account that the script or application is running from, which is generally the account of the person logged on to the machine.
Once DataConduIT retrieves this account, it attempts to perform automatic single sign-on (SSO) using this account. This is the same SSO mechanism used by all OnGuard applications. If the SSO succeeds, then the client is logged on to the system as the appropriate OnGuard user. DataConduIT
DataConduIT User Guide
15
16
Getting Started
then uses the OnGuard user information to decide whether the client has permission to perform the requested operation.
Note that to perform this authentication, the client application doesn’t need to call any special
“Logon” method. The authentication is done implicitly based on the account running the application.
It is not possible to use OnGuard internal authentication with DataConduIT. Automatic SSO is the only authentication mechanism. Therefore, to use DataConduIT, single sign-on must be configured.
To configure single sign-on in OnGuard:
1.
2.
Add the directory that you wish to use. (For more information please refer to “Add a Directory” in the Directories Folder chapter of the System Administration User Guide.)
Link the user account that you want to use automatic single sign-on to a directory account. (For more information please refer to “Link a User Account to a Directory Account” in the Users
Folder chapter of the System Administration User Guide.)
Each OnGuard software manual contains the “Log into the Application Using Single Sign-On” procedure. Refer to this procedure to log into OnGuard after single sign-on has been configured.
Authorization
For a user to be able to use DataConduIT, the user must have the DataConduIT service user permission. This permission may be set on the Software Options sub-tab of the System Permission
Groups form in the Users folder in System Administration.
All functionality available through DataConduIT is controlled by the same permissions that you are already using to manage data in ID CredentialCenter. For instance, if you want to add a cardholder through DataConduIT, you must have the Add Cardholder user permission. If you want to view readers through DataConduIT, you must have the View Reader user permission.
Note:
DataConduIT caches user credentials for one minute by default. This is done for performance reasons. (See
Tuning Parameters on page 39 for information on how to
change this default timeout.) Therefore, if a user is using DataConduIT and that user’s permissions or segments change, the user will continue to have his old permissions until the one-minute timeout is reached.
Receiving Events
If you want to be able to receive events from DataConduIT, the “LS Linkage Server” service must be running. The Linkage Server sends events of all supported types to DataConduIT. The Linkage Server host name is set on the System Options form in System Administration.
In addition, if you would like to receive software events through DataConduIT, you need to select the
Generate software events checkbox on the System Options form in System Administration.
Using DataConduIT from a Remote Computer
If you want to be able to use DataConduIT from a computer other than the one on which the
DataConduIT service is running, you must first enable the appropriate WMI namespace permissions.
DataConduIT User Guide
Viewing DataConduIT Classes with the Microsoft WMI SDK
To do this, open the Computer Management MMC snap-in. For more information, refer to “Using
OnGuard in the Supported Operating Systems” in the Installation Guide.
Once opened, go to Services and Applications\WMI Control. Open the WMI control property page, and go to the Security tab. Select the root\onguard namespace, and click the security button. Once here, make sure that any account that needs to access DataConduIT remotely has the “Remote
Enable” permission.
Note:
You should not give the “Remote Enable” permission to users in any other namespace.
Viewing DataConduIT Classes with the Microsoft WMI SDK
Microsoft’s WMI Software Development Kit (SDK) is a useful tool for exploring the capabilities of
DataConduIT. The SDK provides a convenient graphical user interface that allows users to view the
WMI classes exposed by DataConduIT, to perform queries and to add, modify, and delete instances of these classes, and to register permanent event consumers that receive events from DataConduIT.
The WMI SDK may be downloaded from the MSDN subscriber downloads at http:// msdn.microsoft.com/downloads . See the WMI SDK for instructions on installation procedures.
Note:
You do not need the WMI SDK in order to use DataConduIT. The WMI SDK is a tool that can be helpful to developers who are writing DataConduIT scripts and applications.
Once you have installed the WMI SDK, open the WMI CIM Studio application. This application allows you to view and manage data through WMI. When you start this application, you will first need to select a namespace to which you want to connect. The namespace used by DataConduIT is called root\onguard. Enter this into the dialog and click [OK].
The WMI CIM Studio Login dialog will appear. Click [OK].
The main browser window should now display the contents of this namespace. On the left side of the window are all of the classes in the namespace. These include system classes, which are prefixed by two underscore characters, and classes provided by DataConduIT, which are prefixed with ‘Lnl_’. A class’s subclasses appear below the class in the tree. Expand nodes in the tree to view all of the classes provided by DataConduIT.
Note:
If you do not see the Lnl_Person, Lnl_Cardholder, Lnl_Visitor, Lnl_Visit, and
Lnl_Badge classes, then you have not correctly configured the user’s permissions to use
DataConduIT.
On the right are all the properties of the currently selected class. System properties are prefixed by two underscore characters.
DataConduIT User Guide
17
Getting Started
18
Note:
Additional classes are available if the system is segmented.
Overview of DataConduIT Functions
DataConduIT provides access to the following objects:
Object(s)
Cardholders and visitors
Badges
Visits
Class
Lnl_Person and subclasses
Lnl_Badge
Lnl_Visit
Cardholder directory accounts
Cardholder photos and signatures
Visit E-mail Recipients
Lnl_Account
Lnl_MultimediaObject
Lnl_VisitEmailRecipients All
User-defined value types Lnl_Building, Lnl_BadgeStatus,
Lnl_Title, Lnl_Department,
Lnl_VisitType, Lnl_Location
All
Properties
System and userdefined
System and userdefined
System and userdefined
System and userdefined
All
Operations
All
All
All
All
All
View only
All
DataConduIT User Guide
Overview of DataConduIT Functions
Object(s)
Directories
Panels
Readers
APB Areas
Alarms
Access Levels
Access Level
Assignments
Access Groups
Badge Types
Segments (in segmented systems only)
Manager
Sending Alarms to
OnGuard
Mobile Verify
Class
Lnl_Directory
Lnl_Panel
Lnl_Reader
Lnl_Area
Lnl_Alarm
Lnl_AccessLevel
Lnl_AccessLevelAssignments
Lnl_AccessGroup
Lnl_BadgeType
Lnl_Segment and subclasses
Lnl_DataConduITManager
Lnl_IncomingEvent
Lnl_MobileVerify
Properties
All
Essential
Essential
Essential
Essential
Essential
All
Essential
Essential
Essential
None
None
Operations
View only
View only
View only
View only
View only
All
All
View only
View only
View only
Custom
Custom
None Custom
DataConduIT also provides a number of association classes that relate these classes. For example, the
Lnl_BadgeOwner class relates badges with the cardholders and visitors that own them. Querying for all instances of Lnl_BadgeOwner will return a list of associations between each badge and its owner.
DataConduIT provides access to the following events:
Event(s)
Intercom events
Function execution events
Status changes
Video events
Fire events
Transmitter events
Other hardware events
Access granted and access denied hardware events
Cardholder and visitor software events
Badge software events
Cardholder directory account software events
Class
Lnl_IntercomEvent
Lnl_FunctionExecEvent
Lnl_StatusChangeEvent
Lnl_VidoeEvent
Lnl_FireEvent
Lnl_TransmitterEvent
Lnl_OtherSecurityEvent
Lnl_AccessEvent
__InstanceOperationEvent and subclasses
Properties
All
All
All
All
All
All
All
All
All properties listed above are in embedded instances. Event data includes previous and current instances for modification events.
DataConduIT User Guide
19
Getting Started
20
DataConduIT User Guide
CHAPTER 3
Using DataConduIT for Data Access
Connecting to DataConduIT
In order to access data and events through DataConduIT, you must first connect to DataConduIT. To connect to the namespace used by DataConduIT, root\onguard, you can use the GetObject() call from
JScript or VBScript. For example, in JScript: var wbemServices = GetObject(“winmgmts://./root/onguard”);
Here, wbemServices is a SWbemServices COM component defined in the WMI Scripting Library.
This component will be our main interface for accessing data and events from DataConduIT.
The ‘.’ in the above code sample means that you are connecting to the namespace on the local computer. To connect to DataConduIT on a remote machine, swap the name of the computer for the
‘.’.
Searching for Objects
Now that you are connected to DataConduIT, you can use the SWbemServices component to list and search for objects in the OnGuard software. SWbemServices provides a couple ways to search for objects. The simplest way is to use its InstancesOf() method. InstancesOf() is passed in a class name, and it returns a list of all the instances of that class. The client can then scroll through these instances
DataConduIT User Guide
21
22
Using DataConduIT for Data Access
and access their properties. For example, here is a simple script that prints the first and last names of all the cardholders in OnGuard: var wbemServices = GetObject(“winmgmts://./root/onguard”); var cardholderSet = wbemServices.InstancesOf(“Lnl_Cardholder”); for ( var e = new Enumerator( cardholderSet ); !e.atEnd(); e.moveNext() )
{
var cardholder = e.item();
WScript.Echo(cardholder.FirstName + “ “ + cardholder.LastName);
}
Let’s examine the sample above in detail. On the first line, we connect to DataConduIT as described above. Next, we retrieve a list of all the instances of the Lnl_Cardholder class. (This list is an
SWbemObjectSet component.) Now that we have this list, we iterate through it using the JScript
Enumerator object. Each item in the list is a SWbemObject component, which is accessed using the enumerator’s item() method. Finally, this SWbemObject (stored here in the cardholder variable) can be used to access all the properties of the particular instance. These properties are accessed simply by specifying the property name, as in cardholder.FirstName in the above example. Note that property names are case insensitive.
Accessing instance properties is straightforward for text and numeric fields. Text fields are represented as the string property type, and numeric fields are represented as the sint32 type for integers, and the real64 type for floating point numbers. Date fields are represented as the datetime type, which is actually a string containing the date in the DMTF format. This format is described in the Microsoft WMI documentation.
List fields, such as those configured through the List Builder, are specified as the database ID of the list value. This ID is mapped to the list value using the Values and ValueMap property qualifiers.
Examples in the supplied sample code show how to enumerate and find the list values in these qualifiers.
The InstancesOf() allows you to retrieve all instances of a particular class, but what if you want to perform a more complicated query? This is done using ExecQuery() method in the SWbemServices component. Queries are specified in the WMI Query Language (WQL), which is a subset of the
Structured Query Language (SQL) supported by most databases. One main difference between a SQL query and a WQL query is that the FROM clause in a SQL query contains a list of table names, whereas in WQL it contains a single class name. To give you a feel for WQL, here are a few WQL queries that you could use with DataConduIT:
Find all directories with a hostname of “windows.mydomain.com”:
select * from Lnl_Directory where HostName=”windows.mydomain.com”
Find all people (cardholders and visitors) whose last name is not “Lake”:
select * from Lnl_Person where LastName!=”Lake”
Find all active badges that are APB exempt:
select * from Lnl_Badge where Status=1 and APBExempt = TRUE
Find all readers:
select * from Lnl_Reader
DataConduIT User Guide
Searching for Objects
The second example demonstrates how you can specify a superclass in the query. In this case,
Lnl_Person is the superclass of the Lnl_Cardholder and Lnl_Visitor classes. When you specify a superclass, all instances of that class and its subclasses matching the query will be returned.
Note that executing the fourth query is equivalent to calling InstancesOf(“Lnl_Reader”).
Let’s take a look at how we would use a WQL query with the ExecQuery() method: var wbemServices = GetObject(“winmgmts://./root/onguard”); var cardholderSet =
wbemServices.ExecQuery(“select * from Lnl_Visitor where
Zip='14534'”); for ( var e = new Enumerator( cardholderSet ); !e.atEnd(); e.moveNext() )
{
// access properties in the same way as above...
}
This sample searches for all visitors who have a zip code of 14534. It then enumerates these visitors as in the previous example.
WQL supports a subset of the regular SQL syntax. See the Microsoft WMI documentation for more information.
You can also access a single instance of a class in DataConduIT by using the Get() method in
SWbemServices. The Get() method can be used to get a class definition or an instance of a class.
Here, we’ll focus on using it to get an instance. The Get() method takes as a parameter an object path, which is basically the class name plus a list of the class keys and their values. You can determine which class properties are keys by looking for the “key” property qualifier. In the WMI SDK, key properties are identified by a key symbol next to the property name.
For instance, the key property for Lnl_Person is ID. (Note that ID is the internal database ID, not the person’s social security number or other identification number - that property is named SSNO.)
Here’s an example of how you would get a cardholder if you know the cardholder’s ID: var wbemServices = GetObject(“winmgmts://./root/onguard”); var cardholder = wbemServices.Get(“Lnl_Cardholder.ID=1”);
// access properties in the same way as above...
If the class has multiple key properties, such as Lnl_Reader, those properties would be separated by commas: var wbemServices = GetObject(“winmgmts://./root/onguard”); var reader = wbemServices.Get(“Lnl_Reader.PanelID=1,ReaderID=1”);
// ...
DataConduIT User Guide
23
Using DataConduIT for Data Access
Adding Objects
Some classes in DataConduIT allow you to add, modify, and delete instances of those classes. Adding a new instance of a class takes four steps. First, you get the class for which you want to create an instance. Second, you spawn an instance of that class. Third, you assign values to properties of that instance. Finally, you tell DataConduIT to add the instance. Here’s a code sample that adds a new cardholder: var wbemServices = GetObject(“winmgmts://./root/onguard”); var cardholderClass = wbemServices.Get(“Lnl_Cardholder”); var cardholder = cardholderClass.SpawnInstance_(); cardholder.FirstName = “John”; cardholder.LastName = “Smith”; cardholder.City = “Rochester”; var cardholderPath = cardholder.Put_(); cardholder = wbemServices.Get(cardholderPath);
// use cardholder object...
Earlier, it was mentioned that the Get() method can be used to get a class definition. Line 2 of this sample shows how this is done. Instead of listing the key properties in the object path, only the class name is specified. Line 3 uses this class definition to create an instance of the class.
Lines 4-6 assign values to the properties of this new instance. Properties are used here to set values just as in
Searching for Objects on page 21 where they were used to get values.
Next, line 7 actually commits the changes. Note that if the Put_() method is not called, the instance will not be sent to DataConduIT, and therefore the change will not be made in the OnGuard database.
If successful, the Put_() method returns the object path to the newly created instance. If you plan to use this instance for further operations, you should re-get the instance using this path. This is becauseDataConduIT will set default properties for you, and those values will not be reflected in the instance that you called the Put_() method on. To get those default values, you need to re-get the instance from DataConduIT.
Note that the above example did not assign a value to the ID key property for the Lnl_Cardholder instance. This is because DataConduIT auto-generates the value for you.
Modifying Objects
The process of modifying objects in DataConduIT is similar to the process of adding them. First, you search up the object that you want to modify. This can be done in any of the ways described in
24
DataConduIT User Guide
Deleting Objects
Searching for Objects on page 21 . Next, you set new values to the object’s properties. Finally, you
call the same Put_() method that was used for adding objects. Here’s an example: var wbemServices = GetObject(“winmgmts://./root/onguard”); var visitor = wbemServices.Get(“Lnl_Visitor.ID=2”); visitor.Address = “1050 Pittsford-Victor Road”; var visitorPath = visitor.Put_(); visitor = wbemServices.Get(visitorPath);
As you can see, modifying an object is very similar to adding one. Just as when we added a new object, we re-get the object after we have committed our modifications. This makes sure that all fields are refreshed. For instance, DataConduIT sets the LastChanged property on instances of
Lnl_Cardholder, Lnl_Visitor, and Lnl_Badge when an instance of one of those classes is added or modified. You must re-get the object in order to view the updated LastChanged time.
Deleting Objects
There are two ways to delete an object in DataConduIT. The easiest way is to search up the object you want to delete, and then just call the Delete_() method on that object. For example: var wbemServices = GetObject(“winmgmts://./root/onguard”); var visitor = wbemServices.Get(“Lnl_Visitor.ID=2”); visitor.Delete_();
You can also delete an instance if you know its object path. The example below is equivalent to the one above, but it is more efficient because the actual visitor object is never requested: var wbemServices = GetObject(“winmgmts://./root/onguard”); wbemServices.Delete(“Lnl_Visitor.ID=2”);
Features and Limitations
The following features and limitations are specific to class.
Cardholders and Visitors
Each cardholder and visitor instance has all of its user-defined fields (UDFs) exposed through
DataConduIT. This includes system fields such as first name (FIRSTNAME), last name
(LASTNAME), social security number (SSNO), and internal ID (ID). All fields except for the internal ID and last changed timestamp are available for read/write access, subject to additional UDF validation and field/page viewing permissions.
DataConduIT User Guide
25
26
Using DataConduIT for Data Access
If cardholders/visitors are segmented, an additional property named PrimarySegmentID will be made part of the Lnl_Cardholder/Lnl_Visitor class. If the client is a member of only one segment, this property will default to that segment ID. Otherwise, the client must specify the primary segment ID when a new cardholder/visitor is added.
Badges
Each badge instance has all of its UDFs exposed through DataConduIT. This includes system fields such as badge ID (ID), badge type (TYPE), badge status (STATUS), and the internal ID
(BADGEKEY). All fields except for the internal ID, number of badge prints, last changed, and last printed timestamps are available for read/write access subject to the validation described above.
The PIN code is exposed in a manner similar to the way it is done in ID CredentialCenter. You can set the badge PIN code by setting the property during an add or modify operation. However, if you search up a badge and attempt the read the PIN code, the property will always contain a null value.
A client will be able to assign access levels to a new badge by giving it a badge type. The new badge will be assigned the default access levels for that badge type.
In a segmented system, the client cannot change the badge type if it controls a different set of segments than the previous badge type. This is because changing the badge type of a badge could possibly remove access levels from that badge without user confirmation.
Directory Accounts
Adding an instance of Lnl_Account is equivalent to linking a directory account to a cardholder or visitor in ID CredentialCenter. Similarly, deleting an instance is equivalent to unlinking the account.
When adding an instance of Lnl_Account, all fields except for the ID are required. The AccountID property refers to the value of the LDAP attribute provided in the Lnl_Directory.AccountIDAttr property. For Microsoft Active Directory accounts, this defaults to the account security identifier, or
SID. Other LDAP directories will probably use a different LDAP attribute.
Visits
Each visit instance has all of its UDFs exposed through DataConduIT. This includes system fields such as host id (CARDHOLDERID), type (TYPE), visitor id (VISITORID), and the internal ID (ID).
All fields except for the internal ID, last changed, time in, and time out are available for read/write access subject to the validation described above.
Once a visit has been signed in, scheduled time in cannot be changed, nor can the cardholder or visitor of the visit, same thing with signing out a visitor.
E-mail recipients configured through Lnl_Visit cannot be viewed through Lnl_Visit;
Lnl_VisitEmailRecipient must be used for viewing.
User-Defined List Values
All user-defined list (populated via List Builder) are available for view/add/modify/delete. The only values that cannot be modified are:
• Active BadgeStatus (ID = 1)
•
Supervisor Two Man Type
•
Team Member Two Man Type
DataConduIT User Guide
CHAPTER 4
Using DataConduIT to Receive Events
The previous section described how to receive and modify data using DataConduIT. This section describes how to receive real-time events. DataConduIT produces two types of events - hardware events and software events. Hardware events are generally events that originate in the access control hardware. Software events occur when data in the OnGuard database changes.
There are two ways to receive events from DataConduIT: via temporary event consumers and via permanent event consumers. A temporary event consumer registers to receive events when it starts, receives those events while running, and then ends its registration when it terminates. A permanent event consumer submits an event registration to WMI and binds that registration to a particular COM component. Whenever WMI receives an event that matches the registration, that component is created and passed the event. This occurs until the event registration is deleted or unbound from the component.
Here is an example of a simple temporary event consumer: var wbemServices = GetObject(“winmgmts://./root/OnGuard” ); var sink = WScript.CreateObject( “WbemScripting.SWbemSink”, “SINK_” ); wbemServices.ExecNotificationQueryAsync(
sink, “SELECT * FROM Lnl_AccessEvent” ); var wshShell = WScript.CreateObject( “WScript.Shell” ); wshShell.Popup( “Click OK to stop listening for events...” ); sink.Cancel(); function SINK_OnObjectReady( wbemObject, asyncContext ) {
WScript.Echo(“Hardware event received: “ + wbemObject.Description);
}
This sample demonstrates the three steps necessary for a temporary event consumer to receive events from DataConduIT. First, the client creates an event sink object. Second, the client registers an event query describing which events the client would like to receive. Like data queries, this event query is written in WQL. Unlike data queries, this query does not return events from WMI immediately.
Instead, it tells WMI which events it wants to receive when WMI gets them in the future.
DataConduIT User Guide
27
28
Using DataConduIT to Receive Events
The ExecNotificationQueryAsync() method also takes in the event sink object. This ensures that the function SINK_OnObjectReady() is called whenever WMI receives an event that matches the event query. The first argument to this function is the event object itself. The properties of the event object can then be read. (Setting the properties of an event object has no effect.)
The final step is to unregister the event query, which is accomplished by calling the event sink’s
Cancel() method.
The following sections describe particular features of registering for and receiving hardware and software events, as well as how to use permanent event consumers with DataConduIT.
Registering to Receive Hardware Events
DataConduIT provides access to all OnGuard events in the system. These events are accessed using the general WMI class Lnl_SecurityEvent. This class has several subclasses that can be used to simplify filtering specific types of events. For example, the Lnl_AccessEvent subclass can be used to receive access granted and access denied events in the system. The Lnl_IntercomEvent subclass can be used to only receive intercom related events. Objects retrieved using Lnl_SecurityEvent must be set to the specific subclass object in order to retrieve specific properties. You can use the __CLASS property to identify which subclass object to use in order to retrieve all of the event’s properties.
The sample code in the previous section showed how to receive all access events. If the system is not segmented, this event query will always succeed for users that are permitted to use DataConduIT. In a segmented system, users can only receive events from hardware in segments to which they have access. Due to the implementation of WMI, when you register an event query, you must be able to receive all possible instances of that event. Therefore, you need to make sure that your query explicitly specifies the segments, readers, and/or panels to which you have access. If you register for events that you don’t have access to, you will receive an access denied error when you try to register your event query. Here are a few sample hardware event queries:
Receive all access events at all readers in the segment with ID 1:
select * from Lnl_AccessEvent where SegmentID=1
Receive all access events at all readers in segments with ID 1 or ID 2:
select * from Lnl_AccessEvent where SegmentID=1 or SegmentID=2
Receive all access events at all readers on the panel with ID 8:
select * from Lnl_AccessEvent where PanelID=8
Receive all access events for the reader with ID 5 on the panel with ID 8:
select * from Lnl_AccessEvent where DeviceID=5 and PanelID=8
Receive all events
select * from Lnl_SecurityEvent
Receive only intercom related events
select * from Lnl_IntercomEvent
DataConduIT will obtain the set of segments specified by the event query, and it will make sure that the user has permissions to receive events from all of these segments.
DataConduIT User Guide
Receiving Hardware Events
Receiving Hardware Events
Once the event query is registered, DataConduIT will begin sending hardware events to the client.
The Lnl_AccessEvent class has a number of properties that can be accessed by the client. These properties are generally self-explanatory. For details, see the description qualifier on the Lnl_Event,
Lnl_SecurityEvent, and Lnl_AccessEvent class definitions.
Registering to Receive Software Events
Software events are instances of the standard WMI intrinsic event classes, namely
__InstanceOperationEvent and its subclasses. The __InstanceOperationEvent class has one property,
TargetInstance, which contains the instance that was added, modified, or deleted. If the instance was modified, the __InstanceModificationEvent event subclass also contains the previous version of the instance in its PreviousInstance property. Both the TargetInstance and PreviousInstance properties are of type object, meaning that they contain the embedded WMI instances of the affected class.
As was the case with hardware events, you must only register to receive those software events for which you have permission to receive. In general, you can view a software event for an object if you could view that object normally. For instance, if you do not have permission to view visitors, then you cannot receive software events indicating that a visitor was created, modified, or deleted. If you don’t have access to segment A, then you can’t receive software events for objects in segment A.
Furthermore, if you do not have view permissions for each property of a class, then you can’t receive software events for instances of that class. For example, if you can’t view the visitor address field (set through the field/page permission groups in System Administration), you can’t view visitor software events.
The following classes are supported by DataConduIT for software event registration:
Lnl_Cardholder, Lnl_Visitor, Lnl_Badge, and Lnl_Account.
Common software event queries that you might use include:
Receive an event whenever a cardholder is added, modified, or deleted:
select * from __InstanceOperationEvent where TargetInstance ISA
“Lnl_Cardholder”
Receive an event whenever a badge is printed:
select * from __InstanceModificationEvent where TargetInstance ISA
“Lnl_Badge” and TargetInstance.Prints > PreviousInstance.Prints
Receive an event whenever a badge changes from active to inactive:
select * from __InstanceModificationEvent where TargetInstance ISA
“Lnl_Badge” and TargetInstance.Status!=1 and PreviousInstance.Status=1
Receive an event whenever a cardholder, visitor, or badge is created:
select * from __InstanceCreationEvent where TargetInstance ISA
“Lnl_Person” or TargetInstance ISA “Lnl_Badge”
The first example demonstrates how the __InstanceOperationEvent class can be used to receive events for all add, modify, and delete operations. It is also the first example of the ISA operator. As you might guess, the ISA operator is used to query for an object only when its class name equals the specified name. To successfully register this query, the user must be an All Segments user with the
View Cardholder permission and the view permission to all cardholder fields.
DataConduIT User Guide
29
30
Using DataConduIT to Receive Events
The second and third examples show how properties of the TargetInstance and PreviousInstance objects can be used as part of an event query. To successfully register these two queries, the user must be an All Segments user with the View Badge permission and view permission for the appropriate badge field (prints or status). The last example demonstrates that the ISA operator can be used with a superclass (Lnl_Person) to indicate that it and all of its subclasses are included in the query. It also demonstrates that the ISA operator can be used with the regular boolean (“and”, “or”) operators. A user registering this query must be an All Segments user with the View Cardholder, View Visitor, and
View Badge permissions, and must be able to view all properties of those classes.
Receiving Software Events
As mentioned above, the TargetInstance and PreviousInstance contain all the data in the current and previous instances. This data can then be used in the event handler to perform other actions. For instance, when a cardholder is created, a script could use the cardholder’s name and department to create an LDAP account for that cardholder and link it back to the cardholder by creating an instance of the Lnl_Account class.
Assuming the software event feature is enabled (refer to
Receiving Events on page 16 ), software
events are generated whenever changes are made to particular tables in the database. This includes changes made by all OnGuard applications, and even changes made by directly editing data in the database.
There are two situations, however, in which software events will not be generated. The first is when a truncate table SQL command is issued on a table. In this case, no cardholder and visitor deletion events will be fired. The second case is in a full download from an enterprise master to an enterprise region. Software events will be fired on the region in an incremental download.
Using Permanent Event Consumers with DataConduIT
The
Using DataConduIT to Receive Events on page 27 gave an example of how to use a temporary
event consumer to receive events from DataConduIT. Temporary event consumers only run when the consumer is running. Therefore, unless this consumer is running in a service, a user must be physically logged on to a machine and running that consumer. A permanent event consumer can be setup once, and WMI will invoke it whenever a matching event is fired. Therefore, no one needs to be logged onto the machine where DataConduIT is located for a permanent event consumer to work.
Microsoft provides a permanent event consumer called the Active Script Event Consumer (ASEC).
The ASEC runs a script (JScript or VBScript) when an event is received. This is exactly the functionality that many customers want. Please refer to the Microsoft WMI documentation to see how to use the ASEC.
There are a couple things to note when using the ASEC with DataConduIT. First, the ASEC is not installed by default in the root\onguard namespace. To install it, find the DataConduIT
Samples\ASEC\asec-onguard.mof file provided with this documentation and run “mofcomp aseconguard.mof.” This will install the ASEC in the root\onguard namespace. Also provided with this documentation is a utility, regpermscript.exe, that will help you install scripts for use with the ASEC.
The utility takes as parameters an event query to register and the script file containing the script to run when an event is received. Note that the currently logged on user must be authorized to register this event query according to the rules in
Registering to Receive Hardware Events on page 28 and
Registering to Receive Software Events on page 29 of this user guide.
DataConduIT User Guide
Using Permanent Event Consumers with DataConduIT
A second note on ASEC and DataConduIT is that when the ASEC runs your script, it will be running under the security context of the WMI service. If your script tries to connect back to DataConduIT,
DataConduIT will try to use single sign-on to log on, looking for the user that is linked to the
LocalSystem account on the local machine. If it doesn’t find such an account, your call will fail.
Unfortunately, WMI does not allow you to connect to it with an alternate username and password on the local machine. Therefore, the best way to resolve this situation is to link the LocalSystem account to a user in the OnGuard software. To do this, you first create a Windows Local Accounts directory for the machine on which DataConduIT is running. Then, link the LocalSystem account in this directory to a user. Your script will now execute under the user to which you linked the account.
Scripts run by the ASEC cannot interact with the desktop, so they cannot write to the console (e.g. using Echo()) or show UI components (e.g. using MsgBox()). If an error occurs in the script, the error will not be displayed to the screen. Instead, it will be written to one of the standard WMI error logs.
DataConduIT User Guide
31
Using DataConduIT to Receive Events
32
DataConduIT User Guide
CHAPTER 5
Using DataConduIT to Send Alarms to
OnGuard
DataConduIT provides the capability of sending alarms to the Alarm Monitoring application. These alarms are also logged to the OnGuard database just like other alarms.
It is necessary to first setup a Logical Source using System Administration before using this capability of DataConduIT. DataConduIT will use this source as the device to display alarms for in
Alarm Monitoring. For more information, refer to Add a Logical Source on page 58.
Note:
In order to receive logical source events, add at least one online panel to the same monitor zone as the source.
After configuring the Logical Source, you should also add any Logical Device and Logical Sub-
Device downstream devices in System Administration. Use of devices and sub-devices is optional.
OnGuard uses devices and sub-devices to report alarms for Logical Source child and sub-child devices in Alarm Monitoring. For more information, refer to
Add a Logical Device on page 60 and
Add a Logical Sub-Device on page 62
.
Sending alarms to Alarm Monitoring is very simple.
Here is an example using JavaScript:
1 var wbemServices = GetObject("winmgmts://./root/onguard");
2 oReg = wbemServices.Get("Lnl_IncomingEvent");
3 oMethod = oReg.Methods_.Item("SendIncomingEvent");
4 oInParam = oMethod.InParameters.SpawnInstance_();
5 oInParam.Source = " Logical Source 6";
6 oInParam.Description = "Test Event From DataConduIT ";
7 wbemServices.ExecMethod("Lnl_IncomingEvent", "SendIncomingEvent", oInParam);
The above sample will display and log an alarm with the description “Test Event From DataConduIT” from controller name “Logical Source 6”. This sample assumes System Administration was used to create a Logical Source called “Logical Source 6” and demonstrates how to send an alarm to Alarm
Monitoring. The Source refers to the logical source setup in System Administration. The Description property is the actual text of the alarm that will display in Alarm Monitoring and be logged into the
OnGuard database.
DataConduIT User Guide
33
Using DataConduIT to Send Alarms to OnGuard
The Lnl_IncomingEvent object has no properties and currently supports the methods
“SendIncomingEvent” and “AcknowledgeAlarm”. For more information, refer to
The DataConduIT SendIncomingEvent method allows the ability to generate Access Granted and
Access Denied events for a Logical Source, Device and Sub-Device. This is made possible via the following additional optional parameters that may be specified to the SendIncomingEvent method:
IsAccessGrant, IsAccessDeny, BadgeID, and ExtendedID.
If ‘IsAccessGrant’ is set to true, the ‘Granted Access’ event will be reported for the Logical Source,
Device or Sub-Device specified in the script. Similarly, if ‘IsAccessDeny’ is set to true, the ‘Access
Denied’ event will be reported. If both of these are set to true, the method will fail since only of these
Generating Access Granted and Access Denied Events on page 94.
The process is similar if the name of the Source and Device parameters correspond to the name of an access panel and reader respectively. OnGuard checks to see if the Logical Source name provided matches a Logical Source. If not, then a check is made to see if it matches the name of a Lenel access panel. If so, OnGuard checks the Device parameter and see if it matches the name of a reader assigned to the access panel. If these conditions are met, the ‘Granted Access’ or ‘Access Denied’ events are reported based on how ‘IsAccessGrant’ and ‘IsAccessDeny’ are set.
The BadgeID or ExtendedID parameter can be specified when either ‘IsAccessGrant’ or
‘IsAccessDeny’ are set to true to report an event for a specific OnGuard cardholder. BadgeID is not required when using ‘IsAccessGrant’ or ‘IsAccessDeny’.
34
DataConduIT User Guide
CHAPTER 6
Working with MobileVerify
MobileVerify is a feature that allows the cardholder view in OnGuard to make grant and deny decisions similar to a reader. DataConduIT has an Lnl_MobileVerify object that provides the ability to determine the configuration settings of MobileVerify and also help make grant or deny decisions.
Here is an example using Lnl_MobileVerify: var wbemServices = GetObject("winmgmts://./root/onguard"); var mvClass = wbemServices.Get( "Lnl_MobileVerify" ); var mv = mvClass.SpawnInstance_(); oMethod = mv.Methods_.Item("RecommendProperties"); oOutParam = oMethod.OutParameters.SpawnInstance_(); var mvResult = wbemServices.ExecMethod("Lnl_MobileVerify",
"RecommendProperties", oOutParam);
WScript.Echo("LogicalName: " + mvResult.LogicalName + "\n" +
"AssociatedDropdown: " + mvResult.AssociatedDropdown + "\n" +
"DenyText: " + mvResult.DenyText + "\n" +
"DenyColor: " + mvResult.DenyColor + "\n" +
"GrantText: " + mvResult.GrantText + "\n" +
"GrantColor: " + mvResult.GrantColor + "\n"
);
The sample above will retrieve important configuration settings about the MobileVerify feature and display them. The other supporting methods for the MobileVerify feature are IsGrant, LogGrant,
LogDeny, and SystemSetting. Programmers can use these methods to simulate the MobileVerify
DataConduIT User Guide
35
Working with MobileVerify
36
DataConduIT User Guide
CHAPTER 7
Troubleshooting and Advanced Options
Receiving Error Information from DataConduIT
DataConduIT performs authorization and validation checks on all incoming queries and requests to write data to the OnGuard software. If these checks do not pass or some other type of error occurs, an error code and message will be returned to the client. To retrieve the error message, you need to use the SWbemLastError object. Here’s an example that demonstrates its use: try {
// do something that would cause an error...
} catch (e) {
var extStatus = new ActiveXObject("WbemScripting.SWbemLastError");
if (extStatus != null && extStatus.Description != null) {
WScript.Echo("Error: " + extStatus.Description);
} else { throw e; }
}
The code sample above catches an error that occurs in DataConduIT. Next, it creates an instance of the SWbemLastError object and tries to retrieve a detailed error message from it, stored in its
Description property. (Note that the extStatus object is actually an instance of the Lnl_Error WMI class, if such an error was returned by DataConduIT.) If a detailed description exists, it is printed out.
Otherwise, if some other type of error occurred, such as a scripting error, that error will be printed out to the command line when the error is re-thrown.
DataConduIT reports the correct WMI error codes from all its functions. WMI error codes and their meanings can be found in the Microsoft WMI documentation reference.
DataConduIT User Guide
37
38
Troubleshooting and Advanced Options
Before Calling Technical Support
DataConduIT relies on several configuration options and environment settings of both OnGuard and the operating system used. If you are experiencing problems, please be sure to do the following
BEFORE contacting technical support:
1.
2.
Consult the list of common DataConduIT problems. For more information, refer to Appendix C:
Common DataConduIT Problems on page 171.
If the list of common problems did not provide a solution, perform all steps in the pre-call
This will help technical support more accurately identify the problem and provide some quick potential solutions to the problem you are experiencing.
Error Logging
DataConduIT maintains an error log in the standard WMI logging directory. This directory is located at:
• <windows directory>\system32\wbem\logs
or, if using a 64-bit operating system at:
• <windows directory>\SysWOW64\wbem\Logs
The log file is named DataConduIT.log. Any errors that occur in DataConduIT are logged to this file, along with the data and time that they occurred. This includes errors that can be retrieved from
DataConduIT using the SWbemLastError object described in the previous section.
OnGuard allows you to configure the filename of the DataConduIT log file as well as how verbose the logging is. Both of these parameters are configured in the registry on the machine where
DataConduIT is running. Both registry values are located in the registry at:
•
HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard\DataConduIT or, if using a 64-bit operating system at:
•
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenel\OnGuard\DataConduIT
(Note that the DataConduIT key does not exist by default - you will have to create it.)
The log file filename is stored in the value “DebugFile” in this key. This is the full path to the log file, such as c:\program files\OnGuard\DataConduIT.log. The logging level is stored in the value
“DebugLevel” in this key. Possible values are 0 (normal/default), 1 (verbose), 2 (extra verbose). Note that when DebugLevel is set to 1 or 2, the log file can become large very quickly. Therefore, the
DebugLevel should only be set above 0 when trying to debug an error. Note that the debug logging level must be a DWORD for the process to work correctly.
If you need to call tech support regarding a DataConduIT issue, you should first reproduce your particular error while the DebugLevel is set to 2. Next, create a ZIP archive containing the contents of the WMI log folder, the DataConduIT log file, and the Lenel error log. This will be very helpful to tech support as they help you with your issue.
DataConduIT User Guide
Changing the Database Connection Pool Time
Changing the Database Connection Pool Time
DataConduIT uses a database connection pool. A connection in the pool is closed after a certain period of inactivity. This period of time is specified in the value “DATABASETIMEOUT” in the
HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard\DataConduIT registry key. (Note that the
DataConduIT key does not exist by default - you will have to create it.)
By default, the DATABASETIMEOUT value is not specified in the registry, and the timeout value is
5 minutes. If the DATABASETIMEOUT value is specified in the registry, the time specified (in seconds) will be used for the timeout value.
Tuning Parameters
DataConduIT allows administrators to tune some parameters that it uses for general operation and for communication with other servers. All of these parameters are stored in the database in the
LNLCONFIG table. These parameters are described the table below. ID refers to the value in the
LNLCONFIG.LNLCONFIGID column. The default value is the value assigned to the parameter if the
LNLCONFIG table does not contain a record with this ID.
ID
33
34
35
36
37
38
39
Default
Value Description
60
Number of seconds for which
DataConduIT
caches user logon credentials. After this time, the cached credentials are refreshed from the database.
60
15
3
10
30
3600
Number of seconds for which
DataConduIT
caches its panel/ segment ID map.
Number of seconds in polling interval for software events by the Linkage Server.
Number of seconds between which changes to tables for the same object are considered part of the same software event.
Number of seconds between attempts by
DataConduIT
to contact the Linkage Server to notify it of WMI event registrations.
Number of seconds after startup that the Linkage Server waits to receive event registrations from DataConduIT servers.
Number of seconds for which DataConduIT caches class definitions for dynamically generated classes.
Used By
DataConduIT
DataConduIT
Linkage
Server
Linkage
Server
DataConduIT
Linkage
Server
Linkage
Server
IMPORTANT: These configuration parameters should only be set by system administrators
when trying to correct a problem.
Setting or changing any of these tuning parameters requires a restart of the appropriate server to take effect.
DataConduIT User Guide
39
Troubleshooting and Advanced Options
Stopping and Restarting the DataConduIT Service
Stopping and restarting the
DataConduIT
service is generally unnecessary. During normal operation, the server should be left running at all times. Although
DataConduIT
is installed as a manually-run service, WMI will start it automatically whenever it has a request to make. This includes a request for data as well as event query registrations.
In a few limited circumstances, however, you will need to stop and restart
DataConduIT
to allow it to retrieve new configuration information.
DataConduIT
needs to be stopped and restarted after any of the following changes are made:
•
You change the data source DSN in your ACS.INI file. For more information, refer to the
Configuration Editor appendix in the Installation Guide.
•
You modify a cardholder, visitor, or badge layout in FormsDesigner.
•
You change any of the tuning parameters (discussed above) that
DataConduIT
uses.
•
You install a new license.
Note:
If you have any event consumers running and you stop
DataConduIT
, WMI will automatically restart
DataConduIT
after a couple seconds.
Receiving Hardware or Software Events
When running DataConduIT in debug without installed product, extra steps are required in order to receive hardware or software events.
1.
2.
3.
4.
5.
6.
Note:
7.
The following steps are required every time the service is unregistered and then reregistered.
Configure the Linkage Server to run.
Start the Linkage Server.
Go to Start > Run and type dcomcnfg.
Expand the section Component Services > Computers > DCOM Config.
Right-click on LS Link IT Service and select Properties.
Add the NETWORK SERVICE account and assign Local Activation rights in addition to what is already assigned (for example, Local Launch).
Save the settings.
Note:
In order for the Linkage Server to send a hardware event to DataConduIT, the originating panel must be marked as online. It is possible to use Event Generator to send events from a “fake” panel as long as the “fake” panel is marked as online. Otherwise,
DataConduIT will not publish the hardware event.
40
DataConduIT User Guide
CHAPTER 8
Getting Started with DataConduIT
Message Queues
DataConduIT
can be used alone, or it can be used in combination with message queues. Message queues are used to store
DataConduIT
software events. When message queues are used, the LS
DataConduIT
Message Queue Server service is used to package
DataConduIT
events into XML and send them across the queue. The service also receives XML and packages it up into
DataConduIT requests.
The LS
DataConduIT
Message Queue Server service uses Windows Management Instrumentation or
WMI for short to talk to
DataConduIT
. WMI is a Windows service that allows providers to expose application data and events to consumers. Microsoft uses WMI to expose information about the local machine’s installed hardware and software, performance statistics, registry entries, Active Directory data, and much more. WMI ships with Windows, and it may be installed on Windows as a separate software package. Data exposed through WMI can be accessed by any COM-capable language, such as C++, Visual Basic, and VB Script.
Since the
DataConduIT
service is implemented as a WMI provider, it allows access to OnGuard cardholders, badges, photos, and linked accounts, through a queue. OnGuard hardware events are also exposed.
The picture below gives a high-level overview of how the
DataConduIT
and
DataConduIT
Message
Queue Server services are related to the other major parts of the OnGuard software.
DataConduIT User Guide
41
42
Getting Started with DataConduIT Message Queues
DataConduIT
Message Queue runs as a Windows service on a machine. The service registers with
DataConduIT
who in turn registers with the Linkage Server to receive events. The Linkage Server receives hardware events by contacting all the communication servers in its region. The Linkage
Server receives software events directly from the OnGuard database.
Note that while the Linkage Server, the
DataConduIT
Service, the
DataConduIT
Message Queue
Service and the client workstation are pictured as residing on different machines, the setup has all four running on the same computer. Also, note that
DataConduIT
Message Queue requires/depends on a third party queue system running on the machine that is to receive XML packages from the
DataConduIT
Message Queue service. The workstation and the third party queue system are shown separately but actually reside on the same machine.
Overview of DataConduIT Message Queue Functions
The DataConduIT Message Queue service includes most of the capabilities of DataConduIT, including:
•
Send/receive Cardholder data
•
Send/receive Visitor data
•
Send Cardholder/Visitor Photos
•
Send/receive Badge data
•
Send/receive Linked Account data
•
Send hardware events
Data will be sent/received when any of the above are created, modified, or deleted. However, the following DataConduIT capabilities are not supported:
•
View directory definitions
•
View information about readers, anti-passback areas, and the relationships between them
•
View information about segments and segment groups
All photos are sent with the cardholder/visitor data, and are sent with base-64 encoding. Photos are not sent when a cardholder is deleted, because when a cardholder is deleted, the photo is also deleted.
Each message sent across the queue contains either a hardware event or all information for one cardholder. So, if a badge is modified, the message contains the cardholder, the badge, the pictures (if configured to do so), and the linked accounts along with what has changed.
Directories, readers and segments cannot be viewed via the queue. However, these are available as enumerations inside the XML Schema just like the user-defined field dropdowns are, and the XML message contains the ID of the referencing object.
Supported Queue Types
OnGuard supports IBM WebSphere® MQ, formerly known as MQSeries. You must purchase the
IBM WebSphere MQ software to setup DataConduIT Message Queue. IBM WebSphere MQ supports two types of message queues: incoming and outgoing. A queue must be designated as incoming or outgoing; it cannot be both.
Incoming queues allow you to send a request to the OnGuard software. Incoming queues are used to receive cardholder data, visitor data, cardholder/visitor photos, badge data, and linked account data from the user.
DataConduIT User Guide
Schema Overview
Outgoing queues allow OnGuard to send messages to you. Outgoing queues are used to send cardholder data, visitor data, cardholder/visitor photos, badge data, linked account data, and hardware events to the user.
Outgoing Queue Overview
DataConduIT
Message Queue takes
DataConduIT
events, packages them up in XML, and sends them out. If a cardholder is added,
DataConduIT
will take the add cardholder object and send it out to whomever wants to know about it. You might tell
DataConduIT
to give you all the cardholder adds. If you’re just using
DataConduIT
, you must install scripts that say what you want to register for, what you want to know about, and you’re sent limited information. For example, if you’re sent a badge add, you’re sent only badge properties. You wouldn’t know what the cardholder properties are. You then have to know that the EMP ID, which is something that is only used by OnGuard, is paired to this cardholder. This puts the responsibility on you to look up the EMP ID and then ask
DataConduIT
to give you the cardholder object. Basically, you have to talk back and forth to
DataConduIT
.
DataConduIT
Message Queue is designed to take away that layer. You do not need to talk to
DataConduIT
, and you do not need to run scripts; everything is automated through the user interface.
When you tell the user interface what kind of information you want, it will automatically set you up to get that information, and all the information will be put on these queues, instead of just being sent across to you. You can let them build up for days if you want, they’ll just be sitting in the queue.
Because OnGuard does not allow you to talk back and forth to these queues, the queues are designed to be one-way. When they receive events, there’s a one-way traffic. When a cardholder’s properties, badges, or accounts are changed,
DataConduIT
Queue will look up all cardholder information and send it across the queue as XML. Photos are optional because they are large. All of this information is sent as XML. This way you can store the data you want without having to look up anything extra. Any data in the XML packet can be ignored if you wish.
Schema Overview
The schema shows the structure of the OnGuard events going across the queue and the format for making requests to the OnGuard software. The schema is available through the OnGuard user interface by clicking the [Generate Schema] button on the
DataConduIT
Message Queues form. This will detect all UDF drop-down values as well as custom cardholder forms. The schema is saved as a separate file with a .XSD extension. The schema is not sent across the queue and there is no way to request it other than to generate it in System Administration. If FormsDesigner changes are made,
DataConduIT
and
DataConduIT
Message Queue must be restarted to pick up the new layout, and the schema must be regenerated.
In order to have the schema dynamically generated via System Administration, you must be logged in using single sign-on. This is required for WMI, which is needed to build the schema.
When you’re generating the schema, you have to make sure you’re generating the schema on a machine that
DataConduIT
is running on. This is because to generate the schema, OnGuard needs to communicate with
DataConduIT
to get database information. If it’s not, an error will be generated that tells you to check the log.
When the
DataConduIT
Message Queue service starts up, it will also generate its own copy of the schema. If you receive a message with a format or value that is not in the schema, you must generate a new one to use. If the
DataConduIT
Message Queue service cannot validate the
DataConduIT
request that it was sent with the XML schema that it has, an error will occur. You may need to restart both services so that a new schema is generated.
DataConduIT User Guide
43
44
Getting Started with DataConduIT Message Queues
How DataConduIT Message Queue Handles Database Layout
Changes
It is strongly recommended that all necessary changes to FormsDesigner be made before using
DataConduIT
or
DataConduIT
Message Queue. After using FormsDesigner to make changes to the database, you must restart the LS
DataConduIT
Service, LS Linkage Server, and LS
DataConduIT
Message Queue Server services in order to pick up the new database layouts. You must also regenerate the schema.
Updating the Database with Queue Changes
Consider the scenario where you have five queues configured and the
DataConduIT
Message Queue service is running. If you decide that you don’t want badge events or notifications on one queue, you can modify the queue and tell it not to send badge events.
DataConduIT
Message Queue will check and see if anything has changed about these queues, and will pickup the change. How often does
DataConduIT
Message Queue check the queues?
DataConduIT
Message Queue periodically looks at the database to see if anything has changed. This period of time is specified in the value “DATABASEUPDATE” in
HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard\DataConduITQueue registry key.
Note:
The DataConduITQueue key does not exist by default - you will have to create it.
By default, the DATABASEUPDATE value is not specified in the registry, and the update value is one minute. If the DATABASEUPDATE value is specified in the registry, the time specified (in seconds) will be used for the update value.
Error Logging
DataConduIT
Message Queue errors are written to the DataConduITQueue.log file in the OnGuard logs directory (located in C:\ProgramData\Lnl\logs by default). Here are a few of the most common situations where an error message would be written to the DataConduITQueue.log file.
If connection to the queue/queue manager is lost. Constant connection to the queue/queue
manager is critical. If at any time the connection is lost, the LS
DataConduIT
Message Queue Server service will try to reconnect. Incoming queues try to reconnect every 15 seconds and outgoing queues will try to reconnect every time a message is about to be sent.
The service will not write errors to the log if it is shut down. An error will be written only when the queue manager or queue is unreachable or if the queue was not configured correctly in System
Administration.
Can’t log in.
Can’t connect to DataConduIT.
Can’t send request to DataConduIT for validation reasons.
A request that does not match the schema. If a message with an invalid schema is received, an
error will be written to the DataConduITQueue.log file.
DataConduIT User Guide
Installing DataConduIT Message Queue
If the DataConduITQueue.log does not provide enough information or if you are directed to do so,
refer to the DataConduIT.log file. For more information, refer to Error Logging on page 38.
Installing DataConduIT Message Queue
DataConduIT Message Queue is installed as part of a standard server installation. Note that
DataConduIT must be on the same machine that the Linkage Server is running on if you want to receive events. Therefore,
DataConduIT
Message Queue is required to be on the same machine as the
Linkage Server and
DataConduIT
is configured to run on; it cannot be run on a separate machine.
DataConduIT
Message Queue runs as a Windows service under the same account that single sign-on is enabled for.
DataConduIT
Message Queue is installed with the login as LocalSystem, as all the other
OnGuard services are, but it will not work under the LocalSystem account. You must change the account that
DataConduIT
Message Queue runs under by following
DataConduIT Message Service is Run With on page 47 .
The Linkage Server does not need to be running if you are using incoming queues. The Linkage
Server is only used to receive events. Since you can only set up one instance of the Linkage Server per system, you can only setup one instance of
DataConduIT
Message Queue per system. If you set up
DataConduIT
Message Queue on machine A and you want to get events on machine B, all you have to do is setup your queue software to have client tools to B. You can still receive events at any machine that you want; it’s where your queues reside that is key. Your queue doesn’t have to physically reside on the machine you’re setting up, but you must have the IBM WebSphere client tools on the machine you’re setting up the queue on.
License for DataConduIT Message Queue
DataConduIT
and
DataConduIT
Message Queue are separately licensed features. You can have a license for only
DataConduIT
, or a license for
DataConduIT
and
DataConduIT
Message Queue.
The
DataConduIT
Message Queue license is count-based; you are licensed to use a certain number of queues. Every time you click [Add] on the
DataConduIT
Message Queues form in System
Administration, this counts as another queue.
The number of queues you are licensed to use is displayed in the “Maximum Number of Message
Queues”setting in the General section of the license. To view this setting, open License
Administration. For more information, refer to “Using OnGuard in the Supported Operating
Systems” in the Installation Guide.
Setting Permissions to Use DataConduIT
Configure the System Options
1.
2.
3.
In the System Administration application, select Administration > System Options > General
System Options form.
In the Linkage Server host field, ensure that the correct host computer that runs the Linkage
Server is identified. If not, click Browse and select the correct host computer.
Select the Generate software events checkbox.
DataConduIT User Guide
45
46
Getting Started with DataConduIT Message Queues
Note:
4.
Selecting this checkbox ensures that events are generated for DataConduIT Message
Queue to package up into XML and send over the queue.
When done, click OK at the bottom of the General System Options form to save the changes made.
2.
3.
4.
Configure the User Permissions
In order for a user to use the
DataConduIT
Message Queue, the user must have the
DataConduIT
message queues and DataConduIT Service user permissions.
1.
In the System Administration application, select Administration > Users > System Permission
Groups form.
From the Permission Group list, select the desired user.
From the Listing window, scroll to the Software options entry and expand the entry.
Ensure that the selected user has at least View/Access permission for DataConduIT message
queues. If not, click the key icon to enable View/Access permission for the selected user.
Note:
If desired, the selected user can also have Add, Modify, and/or Delete permissions for
DataConduIT message queues.
5.
6.
7.
Scroll to the Software Options - Applications entry and expand it.
Ensure that the selected user has at least View/Access permission for DataConduIT Service. If not, click the key icon to enable View/Access permission for the selected user.
When done, click OK at the bottom of the System Permission Groups form to save the changes made.
All functionality available through
DataConduIT
is controlled by the same permissions that already used to manage data in ID CredentialCenter. For example, to add a cardholder through
DataConduIT
, the user adding the cardholder must have the Add Cardholder user permission. To view readers through
DataConduIT
, the user viewing readers must have the View Reader user permission.
Existing permissions also control who can receive hardware and software events. For hardware events, the client should only be able to receive events on its segment. For software events, the client should only be able to receive events for objects that the client can view on its segment. This means that the object must be in one of the client’s segments, and the client must have permission to view the object and all of its properties (for objects with view/access permissions).
Configuring DataConduIT Message Queue
1.
2.
3.
Configure the DataConduIT Message Queue
Install IBM WebSphere MQ software.
In IBM WebSphere MQ, configure the queues that you want for use with the OnGuard software.
Set up
DataConduIT
as you normally would. This includes:
a.
Set up the Linkage Server.
b.
c.
d.
Check the software events.
Select the Generate software events checkbox on the General System Options form in the
System Options folder.
Set up single sign-on for
DataConduIT
.
DataConduIT User Guide
Configuring DataConduIT Message Queue
4.
Change the account the
DataConduIT
Message Queue Server service is run with.
2.
3.
4.
Change the Account the DataConduIT Message Service is Run With
DataConduIT Message Queue Server is installed with the login as LocalSystem, as all the other services do. However, it will not work under the LocalSystem account. You must change the LS
DataConduIT Message Queue Server service to logon under the account that single sign-on is enabled for. To do this:
1.
In Windows, open the Control Panel.
For more information, refer to “Using OnGuard in the Supported Operating Systems” in the
Installation Guide.
Double-click “Administrative Tools”.
Double-click “Services”.
Select the “LS DataConduIT Message Queue Server” service, as shown.
5.
6.
Right-click on the “LS DataConduIT Message Queue Server” service and select Properties from the right-click menu.
Click the Log On tab.
a.
Select the This account radio button.
b.
c.
Click [Browse...].
In the Select User window, select the user account that single sign-on is enabled for, then click [OK].
d.
e.
f.
In the Password field, type the Windows password for the user account that you selected.
In the Confirm Password field, retype the password.
Click [OK]. A confirmation message similar to the following will be displayed:
DataConduIT User Guide
47
Getting Started with DataConduIT Message Queues g.
h.
Click [OK].
In the Services window, the user account you selected will be displayed in the Log On As column, as shown.
48
DataConduIT User Guide
CHAPTER 9
DataConduIT Message Queues Folder
•
Add, modify, or delete DataConduIT message queues.
•
Generate a schema for the user to reference.
•
Configure whether photo and signature information is included in messages.
•
Configure when messages are sent.
• Add, modify, or delete a custom object event WMI query, custom access and security event WMI query.
The DataConduIT Message Queues folder contains one form: the DataConduIT Message Queues form. The DataConduIT Message Queues form contains three sub-tabs: General, Settings, and
Advanced.
DataConduIT Message Queues Form (General Sub-tab)
DataConduIT User Guide
49
50
DataConduIT Message Queues Folder
Listing window
Lists currently defined DataConduIT message queues. Each entry contains the queue’s name and type.
Generate Schema
Generates a schema for you to reference. If clicked, the Save As window is displayed, and you must select where to save the schema.
After any changes to the database have been made using FormsDesigner, you must regenerate the schema so that the updated database is reflected in the schema file.
DataConduIT uses the Windows account of the person who is logged on to the machine at the time of schema creation. Because of this, it is probably more preferable for a system administrator to handle all schema generation.
Add
Click this button to add a DataConduIT message queue.
Modify
Click this button to change a selected DataConduIT message queue.
Delete
Click this button to delete a selected DataConduIT message queue.
Help
Displays online help for this form.
Close
Closes the DataConduIT Message Queues folder.
Queue name
Enter the queue’s name. This field is case-sensitive.
Queue/SNMP manager
This field does not pertain to Microsoft Message Queues. If adding an IBM WebSphere MQ queue, enter the queue manager’s name. This field is case-sensitive. If adding an SNMP Trap
Messages queue, enter the SNMP manager’s IP address. Depending on the network configuration, a fully qualified NetBios name may be required.
Queue type
OnGuard supports the following types of queues: IBM WebSphere MQ, Microsoft Message
Queue, and SNMP Trap Messages. The queue type is selected when a queue is added, and it cannot be modified after the queue has been added.
Operation
The IBM WebSphere MQ queue type supports two operations: incoming and outgoing. A queue is designated as either incoming or outgoing when it is added. The SNMP Trap
Messages queue type only supports outgoing queues. The operation cannot be modified after a queue has been added.
Online
Shows whether the queue is online or offline. While checked the queue is online and will function normally. Unchecked makes the queue become offline. Being offline means no events are sent or received from the queue.
DataConduIT User Guide
DataConduIT Message Queues Form (Settings Sub-tab)
DataConduIT Message Queues Form (Settings Sub-tab)
Note:
This sub-tab is only displayed for outgoing queues.
Include photos and signature in messages
Specifies whether photos, signatures, and fingerprints are included in messages. If this option is selected, the size of the messages sent is much larger.
Include access level assignments in messages
Check this box to include access level assignments in the outgoing messages.
Cardholder
If selected, a message will be sent whenever a cardholder record is added, modified, or deleted.
Badge
If selected, a message will be sent whenever a badge record is added, modified, or deleted.
Visitor
If selected, a message will be sent whenever a visitor record is added, modified, or deleted.
Linked Account
If selected, a message will be sent whenever a linked account record is added, modified, or deleted.
Send a message when access events occur
If selected, a message will be sent every time an access event occurs. Two examples of access events are access granted and access denied events.
Send a message when security events occur
If selected, a message will be sent every time a security event occurs. Two examples of security events are door forced open and alarm restored events.
Guarantee Delivery
Check this box to guarantee delivery of hardware events. This works by first sending the events to a table where the DataConduITQueue will then retrieve them. The guarantee is
DataConduIT User Guide
51
DataConduIT Message Queues Folder
assured because the table is used as a preliminary queue and the events are not deleted until picked up by the DataConduITQueue. The DataConduITQueue will not mark the event as processed until it is written on the designated message queue. There is a mathematically small possibility that you could receive a duplicate event, but the chances are negligible.
DataConduIT Message Queues Form (Advanced Sub-tab)
52
Note:
This sub-tab is only displayed for outgoing queues.
Object event WMI query
You can type an object event WMI query in directly. Objects include cardholders, linked accounts, badges, and visitors.
Access and security event WMI query
You can type an access and security event WMI query in directly. Access events are events such as access granted and access denied. Security events are events such as door forced open and alarm restored.
DataConduIT Message Queues Form Procedures
Use the following procedures on this form.
1.
2.
3.
Add DataConduIT Message Queue
From the Administration menu, select DataConduIT Message Queues.
On the DataConduIT Message Queues form, click the [Add] button.
The Add DataConduIT Message Queue window opens.
a.
Select the queue Type.
b.
Select the queue Operation. The operation cannot be modified after a queue has been added.
•
The Microsoft Message Queue and IBM WebSphere MQ queue types support two operations: incoming and outgoing.
DataConduIT User Guide
DataConduIT Message Queues Form Procedures
•
The SNMP Trap Messages queue type supports only the outgoing operation.
4.
5.
6.
c.
Click [OK].
On the General sub-tab:
a.
In the Queue name field, type the name of the queue. The name is case-sensitive. For IBM
WebSphere MQ queues, this name must be exactly the same name that you used when setting up the queue in the IBM WebSphere MQ software.
b.
c.
In the Queue manager or SNMP manager field, enter the manager’s name. If adding an
IBM WebSphere MQ queue, enter the queue manager’s name. If adding an SNMP Trap
Messages queue, enter the SNMP manager’s IP address. Depending on the network configuration, a fully qualified NetBios name may be required. If adding a Microsoft
Message Queue this field is not present.
Note that the Queue type and Operation that you selected are displayed, but cannot be modified.
If you added an incoming queue, click [OK] and the queue will be added. If you added an outgoing queue, continue on to step 6 .
On the Settings sub-tab:
a.
If you wish to have photo, signature, and fingerprint information sent in messages, select the
Include photos and signature in messages check box.
Note:
7.
8.
Including photo information in the messages makes the size of the message sent much larger.
b.
c.
Select whether a message will be sent when cardholder, badge, visitor, and linked accounts are added, modified, or deleted.
If you wish to have a message sent when an access event occurs, select the Send a message
when access events occur check box.
d.
If you wish to have a message sent when a security event occurs, select the Send a message
when security events occur check box.
Using the Advanced sub-tab is optional and for advanced users. On the Advanced sub-tab you may:
a.
b.
Type an object event WMI query directly into the Object event WMI query textbox.
Type an access and security event WMI query directly into the Access and security event
WMI query textbox.
Click the [OK] button.
Note:
If you configured an SNMP Trap Messages queue, load the lenel.mib file into the
SNMP Manager so that it knows how to handle and display the variables it receives.
DataConduIT User Guide
53
DataConduIT Message Queues Folder
The Lenel MIB file is located in the Support Center/SNMP folder on the
Supplemental Materials disc.
1.
2.
3.
4.
5.
Modify a DataConduIT Message Queue
From the Administration menu, select DataConduIT Message Queues.
In the listing window of the DataConduIT Message Queues form, select the queue record you wish to modify.
Click the [Modify] button.
Make the changes you want to the fields. Changes can be made on any sub-tab.
Click the [OK] button to save the changes, or the [Cancel] button to revert to the previously saved values.
1.
2.
3.
4.
5.
Delete a DataConduIT Message Queue
From the Administration menu, select DataConduIT Message Queues.
In the listing window of the DataConduIT Message Queues form, select the queue record you wish to delete.
Click the [Delete] button.
Click the [OK] button.
Click the [Yes] button to confirm the deletion.
54
DataConduIT User Guide
CHAPTER 10
Logical Sources Folder
DataConduIT is an advanced application integration service that allows real time, bidirectional integration between OnGuard and third party IT sources. DataConduIT allows System Administrators to develop scripts and/or applications that allow events in one domain (security or IT) to cause appropriate actions in the other.
Logical Sources Folder
Note:
In order to receive logical source events, add at least one online panel to the same monitor zone as the source.
The Logical Sources folder is found in System Administration and allows System Administrators to add, modify and delete third-party Logical Sources, Devices, and Sub-Devices. After third-party sources are added, users can send the incoming events to OnGuard via DataConduIT, and view thirdparty events in Alarm Monitoring.
To send an event to OnGuard via DataConduIT, System Administrators must:
•
Define the incoming source in the Logical Sources folder
•
Use the Lnl_IncomingEvent::SendIncomingEvent method
Note:
The Logical Sources method has four parameters: the source, description, device
(optional), and sub-device (optional). The source of the Logical Sources method must match the source name on the Logical Sources form. If the optional parameters are used, the device of the Logical Sources method must match the device name on the Logical
Devices form, and the sub-device must match the sub-device name on the Logical Sub-
Devices form.
•
Have at least one panel (non-system Logical Source) configured and marked online so that the
Communications Server will work properly with Logical Sources. The panel does not need to exist or actually be online in Alarm Monitoring; it simply needs to exist and show up in the
System Status view. Once this is configured, events can be received successfully by Alarm
Monitoring from Logical Sources.
This folder is displayed by selecting Logical Sources from the Additional Hardware menu, or by selecting the Logical Sources toolbar buttonin System Administration or ID CredentialCenter.
DataConduIT User Guide
55
Logical Sources Folder
Toolbar Shortcut
Logical Source Downstream Devices
A Logical Source may have Logical Device or Logical Sub-Device downstream devices. A Logical
Device is a child of a Logical Source, similar to how an alarm panel is a child of an access panel. A
Logical Sub-Device is a sub-child device of a Logical Device, similar to how an alarm input is a subchild of an alarm panel. The following diagram illustrates this hierarchy.
Logical Devices and Logical Sub-Devices also display in Alarm Monitoring in the System Status
Tree. For example, a Logical Source named “Tivoli” with a Logical Device named “Tivoli device” and a Logical Sub-Device named “Tivoli sub-device” would display in Alarm Monitoring in the following manner:
56
User Permissions Required
DataConduIT Service Permission
The permission required to use the LS DataConduIT Service in general is the DataConduIT service user permission. This permission is located in Administration > Users > System Permission Groups tab > Software Options sub-tab in System Administration or ID CredentialCenter.
DataConduIT User Guide
Logical Sources Form
Add, Modify, and Delete Logical Sources, Devices, and Sub-Devices
The add, modify, and/or delete Logical Sources permissions, determine what functions a user can perform on Logical Sources, Logical Devices, and Logical Sub-Devices in the Logical Sources folder. These permissions are located in Administration > Users > System Permission Groups tab >
Additional Data Sources sub-tab in System Administration or ID CredentialCenter.
Trace Logical Sources, Devices, and Sub-Devices
In addition, user permissions are required to trace Logical Sources, Logical Devices, and Logical
Sub-devices in Alarm Monitoring. These permissions are located in Administration > Users >
Monitor Permission Groups tab > Monitor sub-tab in System Administration or ID
CredentialCenter.
Logical Sources Form
Listing window
Lists Logical Source names.
Name
Identifies the name of the Logical Source. This is a “friendly” name assigned to each Logical
Source to make it easy to identify.
Online
The Logical Source is always online and ready for use. This status does not apply to the
Logical Source.
World time zone
Select the world time zone for the selected access panel’s geographical location. The selections in the drop-down list are listed sequentially, and each includes:
• The world time zone’s clock time relative to Greenwich Mean Time. For example,
(GMT+05:00) indicates that the clock time in the selected world time zone is 5 hours ahead of the clock time in Greenwich, England.
• The name of one or more countries or cities that are located in that world time zone.
DataConduIT User Guide
57
58
Logical Sources Folder
Daylight savings
Select this check box if Daylight Savings Time is enforced in the selected access panel’s geographical location.
Add
Click this button to add a Logical Source.
Modify
Click this button to modify a Logical Source.
Delete
Click this button to delete a Logical Source.
Help
Click this button to display online help for this form.
Multiple Selection
If selected, more than one entry in the listing window can be selected simultaneously. The changes made on this form will apply to all selected Logical Sources.
Close
Click this button to close the Logical Sources folder.
Logical Sources Form Procedures
Use the following procedures on this form.
2.
3.
4.
5.
6.
7.
Add a Logical Source
1.
From the Additional Hardware menu, select Logical Sources. The Logical Sources folder opens.
On the Logical Sources tab, click [Add].
If segmentation is not enabled, skip this step. If segmentation is enabled:
a.
b.
The Segment Membership window opens. Select the segment to which this Logical Source will be assigned.
Click [OK].
In the Name field, type a name for the Logical Source.
Select whether the Logical Source will be online.
Select the world time zone and daylight savings options as you see fit.
Click [OK].
IMPORTANT: In addition to having a Logical Source configured, there must be at least one
panel (non-system Logical Source) configured and marked online so that the
Communications Server will work properly with Logical Sources. The panel does not need to exist or actually be online in Alarm Monitoring; it simply needs to exist and show up in the System Status view. Once this is set up, events can be received successfully by Alarm Monitoring and event subscribers from Logical Sources.
DataConduIT User Guide
Logical Devices Form
1.
2.
3.
4.
5.
6.
Modify a Logical Source
From the Additional Hardware menu, select Logical Sources.
On the Logical Sources tab, select the entry you want to modify from the listing window.
Click [Modify].
Make any changes.
Click [OK].
A prompt to confirm that you want to make the modification displays. Click [OK].
1.
2.
3.
4.
5.
Delete a Logical Source
To suspend a Logical Source without deleting it, take it offline.
From the Additional Hardware menu, select Logical Sources.
On the Logical Sources tab, select the entry you want to delete from the listing window.
Click [Delete].
Click [OK].
A prompt to confirm that you want to make the deletion will be displayed. Click [OK].
Logical Devices Form
Listing window
Lists Logical Device names.
Name
Identifies the name of the Logical Device. This is a “friendly” name assigned to each Logical
Device to make it easy to identify.
Logical Source
Select the Logical Source that is the parent of the child device being configured. Logical
Sources are configured on the Logical Sources tab (Additional Hardware > Logical Sources >
Logical Sources tab).
DataConduIT User Guide
59
60
Logical Sources Folder
Add
Click this button to add a Logical Device.
Modify
Click this button to modify a Logical Device.
Delete
Click this button to delete a Logical Device.
Help
Click this button to display online help for this form.
Multiple Selection
If selected, more than one entry in the listing window can be selected simultaneously. The changes made on this form will apply to all selected Logical Devices.
Close
Click this button to close the Logical Sources folder.
Logical Devices Form Procedures
Use the following procedures on this form.
Add a Logical Device
Prerequisite: Before a Logical Device can be configured, its parent Logical Source must first be configured.
2.
3.
4.
5.
Note:
1.
If segmentation is enabled, the segment of the Logical Source will be used as the segment for the Logical Device.
From the Additional Hardware menu, select Logical Sources. The Logical Sources folder opens.
Click the Logical Devices tab.
Click [Add].
In the Name field, type a name for the Logical Device.
Select the Logical Source that is the parent of the Logical Device.
Note:
6.
The Logical Source must be configured on the Logical Sources tab.
Click [OK].
1.
2.
3.
4.
5.
Modify a Logical Device
From the Additional Hardware menu, select Logical Sources.
Click the Logical Devices tab.
Select the entry you want to modify from the listing window.
Click [Modify].
Make any changes.
DataConduIT User Guide
Logical Sub-Devices Form
6.
7.
Click [OK].
A prompt to confirm that you want to make the modification displays. Click [OK].
1.
2.
3.
4.
5.
6.
Delete a Logical Device
From the Additional Hardware menu, select Logical Sources.
Click the Logical Devices tab.
Select the entry you want to delete from the listing window.
Click [Delete].
Click [OK].
A prompt to confirm that you want to make the deletion will be displayed. Click [OK].
Logical Sub-Devices Form
Listing window
Lists Logical Sub-Device names, along with the parent Logical Device and Logical Source.
Name
Identifies the name of the Logical Sub-Device. This is a “friendly” name assigned to each
Logical Sub-Device to make it easy to identify.
Logical Device
Select the Logical Device that is the parent of the child Sub-Device being configured. Logical
Devices are configured on the Logical Devices tab (Additional Hardware > Logical Sources
> Logical Devices tab).
Add
Click this button to add a Logical Sub-Device.
Modify
Click this button to modify a Logical Sub-Device.
DataConduIT User Guide
61
62
Logical Sources Folder
Delete
Click this button to delete a Logical Sub-Device.
Help
Click this button to display online help for this form.
Multiple Selection
If selected, more than one entry in the listing window can be selected simultaneously. The changes made on this form will apply to all selected Logical Sub-Devices.
Close
Click this button to close the Logical Sources folder.
Logical Sub-Devices Form Procedures
Use the following procedures on this form.
Add a Logical Sub-Device
Prerequisite: Before a Logical Sub-Device can be configured, its parent Logical Source and Logical
Device must be configured.
2.
3.
4.
5.
Note:
1.
If segmentation is enabled, the segment of the Logical Source will be used as the segment for the Logical Sub-Device.
From the Additional Hardware menu, select Logical Sources. The Logical Sources folder opens.
Click the Logical Sub-Devices tab.
Click [Add].
In the Name field, type a name for the Logical Sub-Device.
Select the Logical Device that is the parent of the Logical Sub-Device.
Note:
6.
The Logical Device must be configured on the Logical Devices tab.
Click [OK].
5.
6.
7.
1.
2.
3.
4.
Modify a Logical Sub-Device
From the Additional Hardware menu, select Logical Sources.
Click the Logical Sub-Devices tab.
Select the entry you want to modify from the listing window.
Click [Modify].
Make any changes.
Click [OK].
A prompt to confirm that you want to make the modification displays. Click [OK].
Delete a Logical Sub-Device
1.
From the Additional Hardware menu, select Logical Sources.
DataConduIT User Guide
Logical Sub-Devices Form Procedures
2.
3.
4.
5.
6.
Click the Logical Sub-Devices tab.
Select the entry you want to delete from the listing window.
Click [Delete].
Click [OK].
A prompt to confirm that you want to make the deletion will be displayed. Click [OK].
DataConduIT User Guide
63
Logical Sources Folder
64
DataConduIT User Guide
CHAPTER 11
OPC Connections
The OnGuard OPC Client is a solution for integrating OnGuard with existing third party OPC
Servers. The OnGuard OPC Client is an OPC-Alarms and Events client that can connect to any OPC
Alarms and Events server. The purpose of the OnGuard OPC Client is to allow OPC Servers to send event and alarm notifications to OnGuard using the OLE for Process Control (OPC) industry standard format.
The OnGuard OPC Client consists of an user interface component to configure OPC Connections and a service component that subscribes to specified OPC Servers to receive event and alarm notifications.
OPC Client Functions
The purpose of the OnGuard OPC Client is to:
•
Provide real time communication with any compatible OPC source
•
Monitor events and alarms shared by the OnGuard OPC Client and compatible OPC sources
Note:
Events and alarms sent by an OPC Server can be viewed, logged and even used to trigger specific actions.
OnGuard OPC Client Scenario
Let’s look at a hypothetical customer in the airline industry. This customer has an existing central control room with several OPC compliant servers monitoring every flight and traveler information.
New high security access control card readers, cameras and motion detectors have been installed and the customer wants to integrate these devices with their existing systems and monitor access control alarms and events from the same control room.
How does the customer monitor the access control alarms and events using the existing OPC Servers?
DataConduIT User Guide
65
OPC Connections
By making OnGuard an OPC Client, the customer can use OnGuard to communicate directly with their existing OPC Servers. To make OnGuard an OPC Client the OPC support license must be purchased.
The OnGuard OPC Client receives and translates alarms and events from the OPC Server and outputs them in the Alarm Monitoring application along with the alarm and events received from the newly installed access control system.
In OnGuard 7.0 and later, the OPC client can receive and translate status events from the OPC server, and display the appropriate status icon for the OPC server in Alarm Monitoring. The messages that must be sent from the OPC server to indicate status are:
•
LNL_OPC_PANEL_ONLINE, which indicates online status, and
•
LNL_OPC_PANEL_OFFLINE, which indicates offline status.
66
DataConduIT User Guide
CHAPTER 12
Using SNMP with OnGuard
Note:
OnGuard only supports SNMPv1 Traps, whether they are sent when OnGuard is configured as an Agent, or if they are received when OnGuard is configured as an
SNMP Trap Manager.
SNMP (Simple Network Management Protocol) is used primarily for managing and monitoring devices on a network. This is achieved through the use of get and set requests which access and modify variables on a given device, as well as SNMP traps which are used to notify Managers of changes as they occur. The device which is being managed or monitored is called the Agent. The application that is doing the managing or monitoring is called the Manager. You can think of a
Manager as the coach of a team, and Agents as all the players on the team. The following diagram illustrates how OnGuard can be used as an SNMP Manager:
Agents generate trap messages, which are sent to a Manager to indicate that something has changed.
Trap messages generally contain the system uptime, the trap type, and the enterprise number.
OnGuard uses Enterprise specific trap messages to send alarms to SNMP Managers. OnGuard generates trap messages, but does not listen for messages from SNMP Managers. The following diagram illustrates how OnGuard can be used as an SNMP Agent:
Configuring OnGuard as an SNMP Agent requires the use of DataConduIT and the DataConduIT
Queue Server, as shown in the diagram that follows.
Why use SNMP with OnGuard? This depends on whether you are using OnGuard as an SNMP
Manager or as an SNMP Agent.
OnGuard as an SNMP Manager
When OnGuard is used as an SNMP Manager:
•
You can monitor hardware or software applications in OnGuard that you couldn’t monitor before without a specific integration.
•
If you already have OnGuard installed and are using a third-party application to monitor SNMP traps, you can now move that functionality over to OnGuard and monitor everything in a central location.
DataConduIT User Guide
67
68
Using SNMP with OnGuard
•
By loading into OnGuard the MIB file for the SNMP Agents you are monitoring, you can customize how the information from the SNMP Agent is displayed in Alarm Monitoring
•
Based on the information received and displayed in OnGuard, you can create custom alarm and
Global I/O linkages for the trap, as well as take advantage of other existing OnGuard functionality.
To set up OnGuard to function as an SNMP Manager, you must configure an SNMP Manager on a workstation. This is done through System Administration. In addition to configuring the SNMP
Manager, you can also load up third party MIB files into OnGuard, which will allow you to customize how SNMP Traps are handled and displayed in the OnGuard software. For more information, refer to the SNMP Managers Folder chapter in the System Administration User Guide.
OnGuard as an SNMP Agent
OnGuard hardware and software events can be reported as SNMP traps to third-party applications with SNMP trap support.
To configure OnGuard as an SNMP Agent, you must configure an SNMP Trap Message queue within the DataConduIT Message Queue configuration in System Administration. You can specify what events you want sent out through this queue (as SNMP Traps) and where you want them sent. For more information, refer to the DataConduIT Message Queues Folder chapter in the System
Administration User Guide.
After setting this up, you must load the Lenel MIB file (located in the SNMP folder on the OnGuard
Supplemental Materials disc) into your SNMP Manager application. For more information, refer to the SNMP Managers Folder chapter in the System Administration User Guide.
SNMP Manager Copyright Information
---- Part 1: CMU/UCD copyright notice: (BSD like) -----
Copyright 1989, 1991, 1992 by Carnegie Mellon University
Derivative Work - 1996, 1998-2000
Copyright 1996, 1998-2000 The Regents of the University of California
All Rights Reserved
Permission to use, copy, modify and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU and The Regents of the University of California not be used in advertising or publicity pertaining to distribution of the software without specific written permission.
CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA DISCLAIM ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL CMU OR
THE REGENTS OF THE UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL,
INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
RESULTING FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
DataConduIT User Guide
SNMP Manager Copyright Information
---- Part 2: Networks Associates Technology, Inc copyright notice (BSD) -----
Copyright (c) 2001-2002, Networks Associates Technology, Inc
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
•
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
•
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
•
Neither the name of the Networks Associates Technology, Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
“AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
---- Part 3: Cambridge Broadband Ltd. copyright notice (BSD) -----
Portions of this code are copyright (c) 2001-2002, Cambridge Broadband Ltd.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
•
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
•
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
•
The name of Cambridge Broadband Ltd. may not be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER “AS IS” AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
DataConduIT User Guide
69
Using SNMP with OnGuard
70
DataConduIT User Guide
CHAPTER 13
Data and Association Class Reference
Data Classes
Notes:
All class and property access is subject to OnGuard user permissions.
In the following tables, View indicates that the property is view only and not editable.
Read indicates that the property is editable on Add only. Edit indicates that the property
is always editable.
Lnl_AccessGroup
Description: An access group defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32
Name
ID
SEGMENTID
Description
Internal database ID. Key field.
Segment to which the access group belongs.
Display name.
string NAME
Methods: void AssignGroup([in]int32 badgeKey);
Assigns all the access levels in the group to a specific badge.
Parameters:
Access
View
View
View
DataConduIT User Guide
71
72
Data and Association Class Reference
Type
int32 int32 string boolean boolean boolean badgeKey - int32 internal ID of the badge to which the access levels are assigned.
Lnl_AccessLevel
Description: An access level defined in the security system.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Name
ID
SegmentID
Name
HasCommandAuthority
DownloadToIntelligentReaders
FirstCardUnlock
Description
Internal database ID. Key field.
Access
View
Segment to which the access level belongs.
Read
Display name.
Command authority is enabled for the access level
Edit
Edit
Level is download to
Intelligent Readers
Edit
First Card Unlocks the reader Edit
Lnl_AccessLevelAssignment
Description: An access level assignment defined in the security system.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32
Name
ACCESSLEVELID
BADGEKEY
Description
Lnl_AccessLevel.ID - ID of the access level. Key field.
Lnl_Badge.BADGEKEY -
BadgeKey of the badge.
Key field.
Access
Read
Read
DataConduIT User Guide
Data Classes
Type
datetime (string) datetime (string)
Name
ACTIVATE
DEACTIVATE
Description
Date and time when this assignment will become active.
Date and time when this assignment will become inactive.
Access
Read
Read
Lnl_AccessLevelReaderAssignment
Description: An access level reader assignment defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32 int32 int32
Name
AccessLevelID
PanelID
ReaderID
TimezoneID
Description
Access level to which the link belongs. Key field.
Lnl_Panel which is linked to this level. Key field. Reference to Lnl_Panel.ID.
Lnl_Reader ID which is linked to this level. Key field.
Lnl_Timezone in which this level is active
Access
View
View
View
View
Lnl_Account
Description: A directory account belonging to a person in the security system.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32
Name
ID
Description
Internal database ID. Key field.
Access
View
DataConduIT User Guide
73
74
Data and Association Class Reference
Type
int32 int32 string int32 string string
Type
string string int32
Name
ACCOUNTID
DIRECTORYID
PERSONID
Description
ID of the entry in the external directory. For example, with
Microsoft directories, this property would contain the account’s security identifier (SID).
Internal ID of the directory to which this account belongs.
Internal ID of the person who owns this account. See
Lnl_Person.ID.
Access
Read
Read
Read
Lnl_AlarmDefinition
Description: Defines how the alarm that is received from the panel is displayed. Lnl_AlarmDefinition instances are queried by an end user in order to establish configuration details. This contrasts with
Lnl_Alarm instances, which come in with all security events that come through the Communication
Server.
Note:
Abstract: No
Access: View
Text instructions are required in order for an instance from this alarm class to appear in
DataConduIT. Text instructions are created using the System Administration >
Monitoring > Alarms > Alarm Configuration form.
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Name
ID
Priority
Description
SegmentID
TextInstructionName
TextInstructionData
Description
Internal database ID.
Key field.
Alarm priority (0-255)
Parameter description.
Segment to which the alarm definition belongs.
Text instruction name
Text instruction.
Access
View
View
View
View
View
View
Lnl_Area
Description: An APB area defined in the security system.
Abstract: No
Access: View
DataConduIT User Guide
Data Classes
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32
Name
ID
AREATYPE
Description Access
Internal database ID. Key field.
View
View Type of APB area. Possible values:
0: Other
1: Unknown
2: Local Area
3: Global Area
4: Hazardous Location
5: Safe Location
Display name.
View string NAME
Methods: void MoveBadge();
Moves a badge from one area into another.
void MoveBadge([in] int32 areaID, [in] int64 badgeID, [in] int32 panelID, [in] int32 readerID, [in] int32 segmentID, [in] datetime UTCTime);
Parameters:
• areaID - This is ID of the area to move the badge to.
• badgeID - This is the badge ID of the badge you want to move.
• panelID - This is the ID of the panel of the reader responsible for moving the badge to the new area.
• readerID - This is the ID of the reader responsible for moving the badge.
• segmentID - This is the segment associated with the panelID, readerID.
•
UTCTime - The time when the badge was moved to the area.
Lnl_AuthenticationMode
Description: Authentication modes for pivCLASS authenticated readers. Authentication modes specify the authentication mechanism used by the reader to authenticate a cardholder. These modes are configured as assurance profiles in the pivCLASS Validation Server. Use the ID of a retrieved
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
75
76
Data and Association Class Reference
Properties:
Type
int32 string
Name
ID
Name
Description Access
Internal database ID. Key field.
View
Name of the authentication mode.
View
Lnl_Badge
Description: A badge in the security system.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 datetime
(string) boolean datetime
(string) boolean
Name
BADGEKEY
ACTIVATE
APBEXEMPT
DEACTIVATE
DEADBOLT_OVERRIDE
Description
Internal database ID. Key field.
Badge activate date.
Note:
Default for
ACTIVATE is the current date and time.
Whether the badge is APB exempt
Badge deactivate date.
Note:
Default for
DEACTIVATE is determined by the configuration for the badge type in
System
Administration.
If true, the selected cardholder will have deadbolt override privileges, which allows the cardholder to access a door with a deadbolt function mortise lock even when the deadbolt is thrown.
Access
View
Edit
Edit
Edit
Edit
DataConduIT User Guide
Data Classes
Type
int32 int32 boolean int32 boolean string(hex) int64 int32 datetime
(string) datetime
(string)
Name
DEFAULT_DOOR
DEFAULT_FLOOR
DEST_EXEMPT
Description
Indicates which elevator door is opened at the default floor when the badge is presented to a reader associated with a DEC
(elevator terminal).
1 = Front
2 = Rear
Indicates the floor number that is called by default when the badge is presented to a reader associated with a
DEC (elevator terminal).
Possible values: -128 to
127.
If true, the badge will not be included in the destination assurance processing and no alarms will be generated if the cardholder violates any of the destination assurance settings.
Access
Edit
Edit
Edit
Edit
Edit
EMBOSSED Embossed
EXTEND_STRIKE_HELD Use extended strike/held times
EXTENDED_ID Extended ID. This parameter must be in hexadecimal string format. The FASCN or
UUID needs to be converted to a binary value that begins with
"
0x
"
and includes the values of the FASCN/UUID.
Edit
ID
ISSUECODE
LASTCHANGED
ID of the badge.
Issue code.
Note:
Default for
ISSUECODE is determined by the
First Issue Code configured for the badge type in
System
Administration.
Badge last changed
Edit
Edit
View
LASTPRINT Badge last printed View
DataConduIT User Guide
77
78
Data and Association Class Reference
Type
boolean int32 string int32 int32 int32 int32
Name
PASSAGE_MODE
PERSONID
PIN
PRINTS
STATUS
TWO_MAN_TYPE
TYPE
Description
If true, the cardholder is allowed to use the card twice
(within the lock's unlock duration) to place the lock in an unlock mode for an indefinite duration.
Internal ID of the person who owns this badge. See
Lnl_Person.ID.
PIN code.
Note:
You cannot view or search the contents of this property.
Number of times badge has been printed
Badge status ID. 1 =
“Active”. For more information, refer to User-
Defined Value Lists on page 128.
Access
Edit
Read
Edit
View
Edit
Specifies the two-man type designation for the selected cardholder.
For more information, refer to User-Defined Value Lists on page 128.
Badge type ID. For more information, refer to
Use limit
Edit
Edit
Edit int32 USELIMIT
Methods:
• void AddBadge([in] object BadgeIn, [out] object BadgeOut);
Adds badge to the system.
Parameters:
– BadgeIn - The badge to be added to the system.
– BadgeOut - The badge that was just added to the system with the new badge ID.
• void AssignAccessLevel([in] sint32[] LevelIn);
Assigns the access level(s) of a badge.
Parameters:
– LevelIn - Array that includes all the access level IDs the badge needs to be assigned with, in the format:
[{"ID":1}, {"ID":2}, {"ID":3}]
DataConduIT User Guide
Data Classes
Lnl_BadgeFIPS201
Description: Holds the data imported from FIPS 201 credentials.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32
Name
BADGEKEY string(hex) binary int32 string(hex) int32
FASCN
TWICPrivacyKey
TPKAlgorithmId
UUID
CredentialType
Description
Internal database ID of the associated badge record. Key field.
Federal Agency Smart Credential
Number.
TWIC Privacy Key. The key used to encrypt/decrypt the fingerprints on TWICs.
TWIC Privacy Key algorithm identifier. The algorithm used for encrypting/decrypting the fingerprints on TWICs. Paired with the TWIC Privacy Key.
Cardholder’s globally unique identifier.
The type of FIP 201 credential.
0 = Unknown
1 = PIV
2 = TWIC
3 = CAC with PIV Endpoint or
Next Generation (NG) applet
4 = CAC without PIV applet
5 = PIV-I or CIV
Access
Read
Edit
Edit
Edit
Edit
Edit
Lnl_BadgeLastLocation
Description: Shows at what reader the badge was presented last.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
79
80
Data and Association Class Reference
Properties:
Type
int64 int32 int32 int32
Name
BadgeID
AccessFlag
DatabaseID
PanelID int32 ReaderID datetime (string) int32
EventTime
EventID int32 int32 int32
EventType
PersonID
IsFromReplication
Description
Badge ID. Key field.
Shows whether the access was granted. Key field.
The database identifier in an
Enterprise system that identifies the system containing the reader to which the badge was last presented. Key field.
Panel ID where access event occurred. Reference to
Lnl_Panel.ID.
Reader ID at which access occurred
Time at which access occurred
ID of the event associated with the access.
Type of the event associate with access
Lnl_Person for which access occurred
Shows whether badge last location came over for other region in the system.
Access
View
View
View
View
View
View
View
View
View
View
Lnl_BadgeProperties
Description: Additional properties for the badge.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32
Name
BADGEKEY
Description
Internal database ID of the associated Badge record. Key field.
Access
Read
DataConduIT User Guide
Data Classes
Type
int32 int32 string string string boolean int32
Name
CardInterface
CardTechnology
Description
Defines the contact or contactless interface of the badge. Key field.
0 = contact interface
1 = contactless interface
Defines the technology of the card. Key field.
0 = contact
1 = iCLASS
2 = MiFare
3 = DESFire
4 = Proximity
SerialNumber
DeviceType
The serial number of the card.
This may be different for each card interface.
The device type of the badge specific to the ActivIdentity CMS
3.8 integration.
ATR The Answer to Reset of the badge specific to the
ActivIdentity CMS integration.
IsRegisteredWithActivIdentity Determines whether or not this badge is registered for logical access with ActivIdentity CMS. A badge is registered if it has been bound or issued to a user.
IssuingCmsID If the badge is registered with
CMS, then this specifies the ID of the Card Management
System that issued the badge.
This ID can be found in the
ActivIdentity CMS server configuration screen in System
Administration.
Access
Read
Read
Edit
Edit
Edit
View
Edit
Lnl_BadgeType
Description: A badge type in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
81
82
Data and Association Class Reference
Properties:
Type
int32 string int32
Name
ID
NAME
BadgeTypeClass int32 boolean int32
DefaultAccessGroup
IsDisposable
SegmentId
Description
Internal database ID. Key field.
Name of the badgetype.
Class of the badgetype
Possible values:
1: Standard
2: Temporary
3: Visitor
4: Guest
A group of access levels to be associated with this badge type.
If true, indicates that the visitor's badge will be a disposable badge.
Segment to which the badge type belongs.
Access
View
View
View
View
View
View
Type
int32 int32 string sint32 string int32 string
Lnl_Camera
IMPORTANT: The CameraType property for Lnl_Camera should not be used. Instead use the
CameraTypeName property.
Description: A camera defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Name
ID
PanelID
Name
CameraType
CameraTypeName
Channel
VideoStandard
Description
Internal database ID. Key field.
Lenel NVR ID. Reference to
Lnl_Panel.ID. Key field.
Camera Name.
Camera Type
Camera Type Name
Lenel NVR Channel
Video Standard (Ex.: NTSC).
Access
View
View
View
View
View
View
View
DataConduIT User Guide
Data Classes
Type
int32 int32 int32 int32 int32 int32 int32 string
Name
IPAddress
Port
HorizontalResolution
VerticalResolution
MotionBitRate
NonMotionBitRate
FrameRate
Workstation
Description
IP address of the camera
Port of the camera
Horizontal resolution
Vertical Resolution
Motion Bit Rate
Non-motion Bit Rate
Frame rate
Workstation of the host Lenel
NVR.
Access
View
View
View
View
View
View
View
View
Methods: void GetHardwareStatus([out] uint32 Status)
Lnl_CameraGroup
Description: Camera group definition.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 string int32
Name
ID
Name
SegmentID
Description
Internal database ID.
Key field.
Group name.
Segment to which the camera group belongs.
Access
View
View
View
Lnl_CameraGroupCameraLink
Description: An association between a camera and camera group.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
83
84
Data and Association Class Reference
Properties:
Type
int32 int32 int32
Name
CameraGroupID
PanelID
CameraID
Description
Camera group for this link.
Lnl_CameraGroup.ID. Key field.
Panel ID for the camera.
Reference to Lnl_Panel.ID.
Key field.
Camera ID. Key field. See
Lnl_Camera.ID.
Access
View
View
View
Lnl_Cardholder
Description: A cardholder in the security system.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Person
Platforms: OnGuard
Properties: The class has all the properties of the Lnl_Person class, plus any custom fields defined by the end user. In addition, the class has the following properties:
Type
boolean string datetime (string) int32 string int32 int32 string
Name
ALLOWEDVISITORS
ADDR1
BDATE
BUILDING
CITY
DEPT
DIVISION
Description
Whether this cardholder is allowed to have visitors
Access
Edit
The cardholder’s address. Edit
The cardholder’s birth date.
Edit
Edit Reference to
Lnl_BUILDING. For more information, refer to User-
Defined Value Lists on page 128.
The cardholder’s city.
For more information, refer to User-Defined
Reference to
Lnl_DIVISION. For more information, refer to User-
Defined Value Lists on page 128.
The cardholder’s email address.
Edit
Edit
Edit
Edit
DataConduIT User Guide
Data Classes
Type
string string boolean int32 string string int32 string int32
Name
EXT
Description
The cardholder’s extension.
Access
Edit
FLOOR
ISGRANT
LOCATION
OPHONE
PHONE
Reference to
Lnl_LOCATION. For more information, refer to User-
Defined Value Lists on page 128.
The cardholder's office phone number.
The cardholder’s phone number.
PRIMARYSEGMENTID This property is only visible when cardholders are segmented.
STATE
TITLE
ZIP
The cardholder’s floor.
Indicates whether the recommendation for this cardholder is grant (true) or deny (false). In order to use this class, users must have a Mobile Sentry license.
Edit
View
Edit
Edit
Edit
Read
The cardholder’s state.
Reference to Lnl_TITLE.
For more information, refer to User-Defined
Edit
Edit
The cardholder’s zip code. Edit string
Lnl_DataConduITManager
Description: Used for non-object related methods.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties: None
Methods:
[static]void RefreshCache();
Refreshes all of the objects, reading in the UDF layout and list values.
[static]string GetCurrentUser();
DataConduIT User Guide
85
86
Data and Association Class Reference
Returns the user currently logged into DataConduIT using the format: LastName, FirstName
(UserID).
Lnl_Directory
Description: A directory defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string string string string string string string sint32 string sint32 boolean
Name
ID
ACCOUNTCATEGORY
Description
Internal database ID. Key field.
Account category.
Access
View
View
ACCOUNTCLASS Account class. View
ACCOUNTDISPLAYNAMEATTR Account display name attribute. View
ACCOUNTIDATTR
ACCOUNTUSERNAMEATTR
Account ID attribute.
Account user name attribute.
View
View
HOSTNAME
NAME
PORT
STARTNODE
TYPE
USESSL
Host name or domain.
Display name.
Port
Start node.
Directory type. Possible values:
0: LDAP
1: Microsoft Active Directory
2: Microsoft Windows NT 4
Domain
3: Microsoft Local Accounts
Use SSL
View
View
View
View
View
View
See the ID CredentialCenter User Guide for more information about directory properties.
Lnl_Element
Description: The base class for many data classes.
Abstract: Yes
Access: None
Superclass: None
Platforms: OnGuard
DataConduIT User Guide
Data Classes
Properties: None
Lnl_ElevatorTerminal
Description: An elevator terminal defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32 int32 string int32
Name
ID
IPAddress
PanelId
Hostname
Name
Description
Internal database ID. Key field.
The IP address of the associated elevator terminal. Key field
Reference to Lnl_Panel.ID. Key field.
Host name or domain.
The name of the associated elevator terminal.
Access
View
View
View
View
View
– 1 = default floor only
– 2 = Access to authorized floors
– 3 = User entry of destination floor
– 4 = Default floor or user entry of destination floor which floors and doors are accessible via the elevator terminal without supplying security credentials. This method takes a single parameter named AllowedFloorListID which corresponds to a Floor List in the OnGuard software. the elevator terminal’s operational mode for interacting with the cardholder. This method takes the numerical value of a single parameter named Mode. Possible values are:
– 1 = Default floor only. When the cardholder presents a valid badge to the elevator reader, or enters a valid PIN code or floor number on the elevator terminal, the system calls the default floor.
– 2 = Access to authorized floors. When the cardholder presents a valid badge to the elevator reader, and then selects an authorized floor, the system calls the authorized floor.
– 3 = User entry of destination floor. The cardholder has the option to select a floor with or without presenting a valid badge to the elevator reader. If the selected floor is an allowed floor, the system calls the floor. If the floor is a non-allowed floor, the cardholder is requested to present a valid badge.
– 4 = Default floor or user entry of destination floor. When the cardholder presents a valid badge to the elevator reader, the system calls the cardholder’s default floor. Within a configurable timeout period, the cardholder can override the default floor call by entering another floor number.
DataConduIT User Guide
87
88
Data and Association Class Reference
int32 int32 int32 int32
Type
int32 int32 int32
Lnl_EventAlarmDefinitionLink
Description: The link between the event type and alarm for a particular device.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Name
DeviceID
EventParameterID
EventSubtypeDefinitionID
EventTypeID
PanelID
SecondaryDeviceID
AlarmDefinitionID
Description
Device ID (ex.: Alarm panel,
Reader). Key field.
Event parameter ID. Key field.
See Lnl_EventParameter.ID.
Event Subtype. Key field. See
Lnl_EventSubtypeDefinition.ID.
Event Type. Key field. See
Lnl_EventType.ID.
Panel ID (ex.: ISC). Key field.
Reference to Lnl_Panel.ID.
Secondary device ID (ex.: Input,
Output). Key field.
Alarm Definition. See
Lnl_AlarmDefinition SubtypeID.
Access
View
View
View
View
View
View
View
Lnl_EventParameter
Description: An event parameter.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 string int32
Name
ID
Description
Value
Description
Internal database ID. Key field.
Parameter description.
Parameter value
Access
View
View
View
DataConduIT User Guide
Data Classes
Type
int32 int32 int32 string int32 int32
Lnl_EventSubtypeDefinition
Description: An event subtype defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Name
ID
TypeID
SubtypeID
Description
SupportParameters
Category
Description
Internal database ID. Key field.
Event Type ID, see
Lnl_EventType.ID.
ID within the subtype.
Sub type description.
Supporting Parameter ID
Event subtype category
Access
View
View
View
View
View
View
Lnl_EventSubtypeParameterLink
Description: An association between an event subtype and event parameter.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32
Name
EventParameterID
EventSubtypeDefinitionID
Description
Key field. See
Lnl_EventParameter.ID.
Key field. See
Lnl_EventSubtypeDefinition.ID.
Access
View
View
Lnl_EventType
Description: An event type defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
DataConduIT User Guide
89
90
Data and Association Class Reference
Platforms: OnGuard
Properties:
Type
int32 string
Name
ID
Description
Description
Internal database ID. Key field.
Event type description.
Access
View
View
Lnl_GuardTour
Description: A guard tour provides a security guard with a defined set of tasks that must be performed within a specified period of time.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 string
Name
ID
Name
Description
Internal database ID. Key field.
Guard tour name.
Access
View
View
Methods:
•
void LaunchTour([in] int64 BadgeId, [in] int32 MonStationId, [out] int32 ReturnValue);
Parameters:
– BadgeId - Badge ID
– MonStationID - Monitoring station (workstation) ID
– ReturnValue - Result of the guard tour. Possible values: 0: Success, 1: Tour Already in
Progress
Lnl_Holiday
Description: A holiday that is defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32
Name
ID
Description
Internal database ID. Key field.
Access
View
DataConduIT User Guide
Data Classes
Type
int32 int32 datetime
(string) string
Name
SegmentID
ExtentDays
StartDate
Name
Description
Segment to which the holiday belongs.
How many days the holiday lasts
Date the holiday starts
Access
View
View
View
Holiday name. View
Lnl_HolidayType
Description: A holiday that is defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32 string
Name
ID
SegmentID
Name
Description
Internal database ID. Key field.
Segment to which the holiday belongs.
Holiday name.
Access
View
View
View
Lnl_HolidayTypeLink
Description: Defines what holiday type that is associated with a given holiday
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32
Name
HolidayID
HolidayTypeID
Description
Holiday. Key field.
Holiday type. Key field.
Access
View
View
DataConduIT User Guide
91
92
Data and Association Class Reference
Lnl_IncomingEvent
Description: An data class that supports sending incoming events via DataConduIT. This object has no properties; it only has the methods listed below.
Abstract: No
Superclass: Lnl_Element
Platforms: OnGuard
Properties: None
Methods:
•
void SendIncomingEvent([in] string Source, [in] string Device, [in] string SubDevice, [in]
string Description, [in] datetime Time, [in] boolean IsAccessGrant, [in] boolean IsAccessDeny,
[in] int64 BadgeID, [in] string ExtendedID);
Parameters:
– Source - text representation of the object/device that generated the event
Variable-length Unicode string with a maximum length of 96 Unicode characters. This parameter is required. The source must be defined in the DataConduIT Sources folder (in the
System Administration application) prior to using the
Lnl_IncomingEvent::SendIncomingEvent method. For more information, refer to Add a
– Device (Optional; available in OnGuard 2006 or later, only) - text representation of a device associated with a DataConduIT Source that generated the event
Variable-length Unicode string with a maximum length of 64 Unicode characters. This parameter is optional. The device must be defined in the DataConduIT Sources folder >
DataConduIT Devices tab (in System Administration) prior to using the
Lnl_IncomingEvent::SendIncomingEvent method.
– SubDevice (Optional; available in OnGuard 2006 or later, only) - text representation of a sub device associated with a DataConduIT Device that generated the event.
Variable-length Unicode string with a maximum length of 64 Unicode characters. This parameter is optional. The device must be defined in the DataConduIT Sources folder >
DataConduIT Sub-Devices tab (in System Administration) prior to using the
Lnl_IncomingEvent::SendIncomingEvent method.
– Description - text that describes the event
Variable-length Unicode string with a maximum length of 2000 Unicode characters.
– Time - The time when this event occurred. If this is empty, the current time will be used.
– IsAccessGrant - boolean value that specifies whether the event reported for the
DataConduIT Source, Device or Sub-Device will be the “Granted Access” event. This parameter is optional. However, if this parameter is set to true, BadgeID or ExtendedID can be specified to report an “Granted Access” event for a specific OnGuard cardholder. The
DataConduIT Source, Device or Sub-Device must be defined in the DataConduIT Sources folder > DataConduIT Devices tab (in the System Administration application) prior to using the Lnl_IncomingEvent::SendIncomingEvent method with the IsAccessGrant parameter set
to true. For more information, refer to Generating Access Granted and Access Denied
– IsAccessDeny - boolean value that specifies whether the event reported for the DataConduIT
Source, Device or Sub-Device will be the “Access Denied” event. This parameter is optional. However, if this parameter is set, then BadgeID or ExtendedID can be specified to report an “Access Denied” event for a specific OnGuard cardholder. The DataConduIT
Source, Device or SubDevice must be defined in the DataConduIT Sources folder >
DataConduIT Devices tab (in the System Administration application) prior to using the
DataConduIT User Guide
Data Classes
Lnl_IncomingEvent::SendIncomingEvent method with the IsAccessDeny parameter set to
true. For more information, refer to Generating Access Granted and Access Denied Events on page 94.
– BadgeID - Numeric identifier that refers to a badge in the OnGuard database that generated the event. This parameter is optional and is used in association with all badge related events.
– ExtendedID - Extended length string identifier that refers to a PIV-based badge in the
OnGuard database that generated the event. Specifies the 128-bit UUID or 200-bit FASC-N.
This parameter is optional and is used in association with all badge-related events.
Note:
BadgeID is always given precedence over ExtendedID during the search for the badge information to be displayed in Alarm Monitoring.
•
int32 AcknowledgeAlarm([in] int32 CurrentAckStatus, [in] int32 SerialNumber, [in] string
CommServerHostName, [in] int32 PanelID, [in] int32 AlarmID, [in] datetime AlarmTime, [in]
int32 AckStatus, [in] string AckNotes, [out] int32 SimultaneousAckStatus);
Description:
Allows acknowledgment of alarms received from the system. Most of the parameters can be extracted from the Lnl_SecurityEvent.
Return:
0 - If acknowledgment fails. Examine the SimultaneousAckStatus value to see if the conflict occurred when processing the request.
1 - If acknowledgment succeeds.
Parameters:
– CurrentAckStatus - current acknowledgment status of the alarm to ensure that simultaneous acknowledgment by other means does not interfere with user’s intent. Possible values are:
0 - No. Initial status for an unacknowledged event.
1 - Yes. Acknowledge.
2 - Note. Acknowledge with note.
3 - In-Progress. Mark event as “in-progress”
– SerialNumber - serial number of the event to acknowledge
– CommServerHostName - host name of the Communication server through which the event arrived
– PanelID - Panel ID associated with the event to ensure the integrity of the acknowledgment request
– AlarmID - Event type ID associated with the event to ensure the integrity of the acknowledgment request
– AlarmTime - Time the event occurred to ensure the integrity of the acknowledgment request
– AckStatus - Acknowledgment status to set. See the CurrentAckStatus parameter description for possible values.
– AckNotes - Acknowledgment notes to set. AckStatus must be 2.
– SimultaneousAckStatus - Value greater than 0 if alarm had been acknowledged by other means. Contains the new acknowledgment status if that was the case. See the
CurrentAckStatus parameter description for possible values.
Note:
Return value of 4 indicates that no simultaneous acknowledgment occurred.
DataConduIT User Guide
93
94
Data and Association Class Reference
Generating Access Granted and Access Denied Events
The IsAccessGrant, IsAccessDeny, Badge ID and ExtendedID parameters can be used to generate access granted and access denied events as follows:
•
IsAccessGrant and IsAccessDeny are mutually exclusive (i.e., either one or the other can be set to true but not both).
•
If IsAccessGrant or IsAccessDeny is set to true, any text that may be specified for the
Description parameter will be ignored.
Notes:
When a user writes a script that invokes the Lnl_IncomingEvent::SendIncomingEvent method, he or she may optionally specify the IsAccessGrant or IsAccessDeny parameters to generate “Granted Access” or “Access Denied” events respectively.
The above functionality will work similarly if the name of the Source and Device parameters correspond to an Access panel and Reader configured in the system. If these conditions are met then the “Granted Access” or “Access Denied” events will be reported for the specified Access panel and Reader based on how the IsAccessGrant and
IsAccessDeny parameters are set.
Using Device and SubDevice in Scripts
A script that invokes the Lnl_IncomingEvent::SendIncomingEvent method may optionally include the Device and SubDevice name. These parameters are reported (to Alarm Monitoring) in the following manner:
•
If the Device name is empty, the event will only be reported for the DataConduIT Source
•
If the Device name exists and is found in the OnGuard database, the event will be reported for the
DataConduIT Device (i.e., Controller and Device columns respectively show the DataConduIT
Source and DataConduIT Device that generated the alarm).
•
If the SubDevice name exists and is found in the OnGuard database, the event will be reported for the DataConduIT Sub-Device (i.e., Controller, Device, and Input/Output columns respectively show the DataConduIT Source, DataConduIT Device, and DataConduIT Sub-
Device that generated the alarm).
Note:
The DataConduIT Source, Device, and SubDevice names must all match what has been configured in the OnGuard database in order for the event to be reported in Alarm
Monitoring.
Lnl_IntrusionZone
Description: Implements the control methods for the Intrusion Zone.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32
Name
DeviceId
Description
The ID of the intrusion zone.
Key field.
Access
View
DataConduIT User Guide
Data Classes
Type
int32 int32 string string
Name
ID
PanelId
HostName
Name
Description
Internal database ID. Key field.
The ID of the associated intrusion panel.
Key field.
Reference to Lnl_Panel.ID.
The name of the workstation where the communication server associated with the intrusion panel is running.
The name of the associated intrusion zone.
Access
View
View
View
View
Methods: void Bypass()
Sends a command to open by pass the alarm zone.
void UnBypass();
Sends a command to un-bypass the alarm zone. void GetHardwareStatus([out] uint32 Status)
Lnl_IntrusionZoneOutput
Description: Inherits from Lnl_Output, and therefore has the same properties. Implements the relay control methods and represents an Output Zone defined on the Intrusion Panel.
Abstract: No
Access: View
Superclass: Lnl_IntrusionOutput
Platforms: OnGuard
Properties:
Type
int32 int32 int32 string
Name
ID
DeviceId
PanelId
HostName
Description
Internal database ID. Key field.
The ID of the intrusion output.
Key field.
The ID of the associated intrusion panel.
Key field.
Reference to Lnl_Panel.ID.
The name of the workstation where the communication server associated with the intrusion panel is running.
Access
View
View
View
View
DataConduIT User Guide
95
96
Data and Association Class Reference
Type
string
Name
Name
Description
The name of the intrusion output.
Access
View
Methods: void Activate()
Sends a command to activate a specific alarm relay.
void Deactivate()
Sends a command to deactivate a specific alarm relay.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the hardware when the
UpdateHardwareStatus is called on the parent ISC.
uint32 Status – device status: uint32 Status
ALRM_STATUS_SECURE
ALRM_STATUS_ACTIVE
Description
Output Secure
Output Active
Device status
0
1
Lnl_LoggedEvent
Description: Represents a hardware event that has been logged to the database.
Notes:
When requesting instances of Lnl_LoggedEvent with a get instances call, a filter is required due to the large number of instances this class usually contains. Also, be careful what you specify as the order_by value. If left blank, the key values (PanelID,
SerialNumber) are used, which works well.
You can also specify Time as the order_by value. If you filter by Time, you will improve performance if you also order_by Time. However, it is not recommended to use any other combination without an index in place on the EVENTS table, as doing so might generate a timeout error.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32
Name
SerialNumber
Description
Serial number of the event. Key field.
Access
View
DataConduIT User Guide
Data Classes
string int64 int32 int32 int32
Type
int32 datetime
(string) string int32 string(hex) int32 int32 int32 int32 boolean
Name
PanelID
Time
Description
Panel at which the event occurred. Key field. Reference to
Lnl_Panel.ID.
Time when event occurred
Access
View
View
Description
DeviceID
ExtendedID
SecondaryDeviceID
SegmentID
Type
SubType
EventText
CardNumber
IssueCode
AssetID
AccessResult
CardholderEntered
Description of the event.
Device ID at which event occurred (Lnl_Reader,
Lnl_AlarmPanel, etc.)
Extended identifier of the card
(where available) which caused the event.
Secondary device ID at which event occurred (ex. Lnl_Input)
Segment where event occurred.
Event type i.e., “duress”,
“system”, etc. Corresponds to
Lnl_EventSubtypeDefinition.TypeI
D and Lnl_EventType.ID.
Event sub-type i.e., “granted”,
“door forced open”, etc.
Corresponds to
Lnl_EventSubtypeDefinition.SubT
ypeID.
Text associated with event.
Card (where available) which caused the event
Issue code of the card
Asset (where available) which caused the event
The level of access that was granted that resulted from reading the card.
Possible values:
0: Other
1: Unknown
2: Granted
3: Denied
4: Not Applicable
Whether entry was made by the cardholder
View
View
View
View
View
View
View
View
View
View
View
View
View
DataConduIT User Guide
97
98
Data and Association Class Reference
Type
boolean int32
Name
Duress
PersonID
Description
Indicates whether this card access indicates an under duress/ emergency state
Internal ID of the person who is assigned the badge at the time of the access event. See
Lnl_Person.ID.
Access
View
View
Lnl_LogicalSystemAccount
Description: An account in a logical system that is associated with a given person.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32 int32 string
Name
PersonID
LogicalSystemType
LogicalSystemID
UserName
Description
Reference to the associated
Lnl_Person
Identifies the Card or Identity
Management System.
1 = ActivIdentity CMS
The identifier for the Card or
Identity Management System.
ActivIdentity CMS logical system
ID's are identified by their ID as seen in the CMS server configuration in System
Administration.
The user’s login name.
Access
Read
Read
Edit
Edit
Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
Data Classes
Properties:
Type
sint32 string sint32 sint32 boolean boolean boolean boolean boolean sint32
Name
ID
Name
Type
SegmentID
PTZPriority
CanLoginToDataConduIT
CanViewLiveVideo
CanViewRecordedVideo
CanSearchVideo
DevicesExcluded
Description
Permission Group Type:
System = 1
Cardholder = 2
Monitor = 3
Access
Internal database ID. Key field.
View
View Permission Group name.
Maximum length is 32 characters.
View
View Segment to which the user permission group belongs.
PTZ Priority for the users belonging to this group
Shows if the user in this group can login to DataConduIT
Shows if the user in this group can view live video
View
View
View
Shows if the user in this group can view recorded video
Shows if the user in this group can search video
Shows if the devices in the associated group are excluded
View
View
View
Lnl_UserFieldPermissionGroup
Description: The permission group assigned to the user.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string sint32
Name
ID
Name
SegmentID
Description
Internal database ID. Key field.
Permission Group name. Maximum length is 32 characters.
Segment to which the user field permission group belongs.
Access
View
View
View
DataConduIT User Guide
99
100
Data and Association Class Reference
Lnl_UserPermissionDeviceGroupLink
Description: Describes a link between a device group and a permission.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 sint32
Name
UserPermissionGroupID
DeviceGroupID
Description
User permission group. See
Lnl_UserPermissionGroup.ID. Key field.
Device Group ID. See
Lnl_CameraGroup.ID. Key field.
Access
View
View
Lnl_UserReportPermissionGroup
Description: A report permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string
Name
ID
Name sint32 sint32
SegmentID
DatabaseID
Description
Internal database ID. Key field.
Permission Group name.
Maximum length is 255 characters.
Segment to which the user report permission group belongs.
Access
View
View
View
The database identifier in an
Enterprise system that identifies the replication setting for the group. The value has a default value of ‘Local System Only’ which matches the default through the OnGuard software.
View
DataConduIT User Guide
Data Classes
Lnl_MobileVerify
Description: Specifically designed for OnGuard MobileVerify software application. The class currently contains two static methods that allow to log an access grant or deny transaction based on input parameters.
Abstract: No
Superclass: Lnl_Element
Platforms: OnGuard
Access: In order to use this class, users must have a Mobile Sentry license.
Properties: None
Methods:
•
[static] void RecommendProperties( [out] string LogicalName, [out] string
AssociatedDropdown, [out] string DenyText, [out] int32 DenyColor, [out] string GrantText,
[out] int32 GrantColor;
Retrieves configuration information of how the MobileVerify feature is setup.
Note:
This should be called prior to using all other methods of this object. Use the value returned in the AssociatedDropdown parameter as the name of the property in
Lnl_Cardholder to retrieve the enumerated values.
Parameters:
– LogicalName - The default logical name is Force Protection, and represents a threat level.
– AssociatedDropdown - The drop-down field that will be used to determine the recommendation. For MobileVerify systems, this is Force Protection Setting.
– DenyText - Text to be presented to the user when the recommendation is to deny access.
– DenyColor - Color of the button used to deny access.
– GrantText - Text to be presented to the user when the recommendation is to grant access.
– GrantColor - Color of the button used to grant access.
•
[static] void LogGrantTransaction( [in] sint32 CurrentLevel, [in] sint32 SystemLevel, [in] string
CardholderName, [in] string SSNo, [in] string ReaderName, [in] string GateName );
Logs an access grant transaction based on the input parameters. This method is used to specify that the operator has granted the user access.
Note:
This should be called when the operator clicks a grant button. It should not reflect whether or not the cardholder’s force protection level was actually grant or deny. This routine will appropriately log the correct transaction. For example, if the operator clicks
Grant on a cardholder whose force protection level is LESS than the system setting
(deny access), this routine will log a grant-override transaction.
Parameters:
– CurrentLevel - This is the index of the combo box from the cardholder’s force protection level.
– SystemLevel - This is the index of the combo box from the current system’s force protection level.
– CardholderName - name of cardholder
– SSNo - social security number of cardholder
– ReaderName - Name of reader being opened (can be null)
DataConduIT User Guide
101
102
Data and Association Class Reference
– GateName - Name of gate or building associated with this reader or mobile unit
•
[static] void LogDenyTransaction( [in] sint32 CurrentLevel, [in] sint32 SystemLevel, [in] string
CardholderName, [in] string SSNo, [in] string ReaderName, [in] string GateName );
Logs an access deny transaction based on the input parameters.
Parameters:
– CurrentLevel - This is the index of the combo box from the cardholder’s force protection level.
– SystemLevel - This is the index of the combo box from the current system’s force protection level.
– CardholderName - name of cardholder
– SSNo - social security number of cardholder
– ReaderName - Name of reader being opened (can be null)
– GateName - Name of gate or building associated with this reader or mobile unit
•
[static] void IsGrant( [in] sint32 CardholderThreatLevelID, [in] sint32 SystemSettingID;
Parameters:
– CardholderThreatLevelID - This is the ID of the value of the cardholder’s threat level.
– SystemSettingID - This is the ID of the value of the system setting.
•
[static] void RecommendedSystemSetting( [in/out] sint32 ReturnValue;
Parameters
– RecommendedSystemSetting - To be supplied.
Lnl_MonitoringZone
Description: A Monitoring zone defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Type
int32 string int32
Name
ID
Name
SegmentID
Description
Internal database ID. Key field.
Monitoring zone name.
Segment to which the monitoring zone belongs.
Access
View
View
View
Lnl_MonitoringZoneCameraLink
Description: Defines what cameras are associated with a given monitoring zone.
Abstract: No
Access: View
Superclass: Lnl_Element
DataConduIT User Guide
Data Classes
Platforms: OnGuard
Type
int32 int32
Name
CameraID
MonitoringZoneID int32 PanelID
Description
Camera ID. Key field. See
Lnl_Camera.ID.
Monitoring Zone ID. Key field. See
Lnl_MonitoringZone.ID.
field. Reference to
Lnl_Panel.ID.
Access
View
View
Lnl_MultimediaObject
Description: An image, signature, or biometric template belonging to a person in the security system.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32
Name
DATATYPE int32 int32
OBJECTTYPE
PERSONID binary DATA datetime (string) LASTCHANGED
Description
Data type. Key field.
Possible values:
0: Normal Image
1: Normal Image with
Chromakey Mask
2: Thumbnail Image
3: Fingerprint Template
4: Handprint Template
5: Iris template
Object type. Key field.
Possible values:
1: Photo
8: Signature
16: Hand Geometry
32: Fingerprint (Bioscrypt)
64: Iris (Iridian)
Internal ID of the person who owns this object. See
Lnl_Person.ID.
Array of image data.
Image last changed
Access
Read
Read
Read
Read
View
DataConduIT User Guide
103
104
Data and Association Class Reference
Note:
DATATYPE and OBJECTTYPE Pairings on page 133
Lnl_Panel
Description: A panel defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 boolean string string string int32 string int32
Name
ID
IsOnline
NAME
PANELTYPE
PrimaryDialupHost-
Number
PrimaryIPAddress
SecondaryDialupHost-
Number
SEGMENTID
WORKSTATION
Description
Internal database ID. Key field.
Access
View
The panel is online.
Display name.
View
View
Panel type name.
The primary phone number to use when connecting to a server with dial-up access.
The primary IP address to use when connecting to a server with network access.
The back-up phone number to use when connecting to a server with dial-up access.
View
View
View
View
Segment to which the panel belongs.
View
Panel workstation name. View string
Methods: void DownloadFirmware()
Sends a download firmware command to the ISC.
void DownloadDatabase()
Sends a command to the ISC to download the cardholder database.
void ResetUseLimit()
Sends a command to reset the use limit of all cardholders within the ISC.
void UpdateHardwareStatus()
DataConduIT User Guide
Data Classes
Sends a command to retrieve the status of the Intelligent System controller and all downstream hardware connected to the specific system controller.
void Connect()
Used for dial-up only. This command instructs the host to connect to the ISC via dial-up.
void Disconnect()
Used for dial-up only. This command instructs the host to send a disconnect command to the ISC.
void SetClock()
Sends the current time down to the ISC.
void GetHardwareStatus([out] uint32 Status)
If the device is offline, the status is returned with a value of “0”.
uint32 Status – device status: uint32 Status
ONLINE_STATUS
OPTIONS_MISMATCH_STATUS
CABINET_TAMPER
POWER_FAIL
DOWNLOADING_FIRMWARE
Description
Online
Options Mismatch
Cabinet Tamper
Power Failure
Downloading Firmware
Device status
0x01
0x02
0x04
0x8
0x10
Lnl_Person
Description: A cardholder or visitor in the security system.
Abstract: Yes
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Note:
The properties listed below with Edit access are editable only through instances of
Lnl_Cardholder and Lnl_Visitor.
Type
int32
Name
ID string FIRSTNAME datetime (string) LASTCHANGED string string
LASTNAME
MIDNAME
Description
Internal database ID. Key field.
First name.
Person last changed
Last name.
Middle name.
Access
View
Edit
View
Edit
Edit
DataConduIT User Guide
105
106
Data and Association Class Reference
Type
string
Name
SSNO
Description
Person’s identification number.
Access
Edit
Lnl_PrecisionAccessGroup
Description: A defined set of unique access privileges for assignment to individual cardholders.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 string int32 int32
Name
ID
Name
Type
SegmentID
Description
The ID of the precision access group. Key field.
The name of the precision access group.
The type of precision access group. Possible values: 1
(Inclusion), 2 (Exclusion)
The ID of the segment associated with the precision access group.
Access
View
View
View
View
Lnl_PrecisionAccessGroupAssignment
Description: An assignment relationship between a badge and a precision access group.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32
Name
BadgeKey
PrecisionAccessGroupID
Description
A key value uniquely identifying a badge. Key field.
The ID of the precision access group assigned to the badge.
Key field.
Access
Read
Read
DataConduIT User Guide
Data Classes
Lnl_Reader
Description: A reader defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32 string int32 int32 string
Name
PANELID
READERID
NAME
TimeAttendanceType
ControlType
HostName
Description
ID of the panel to which this reader belongs. Key field. Reference to
Lnl_Panel.ID.
Internal database ID. Key field.
Display name.
The time and attendance reader configuration.
not used = 0 (or <empty>)
Entrance Reader = 1
Exit Reader = 2
The type of reader.
The name of the workstation where the communication server associated with this reader’s panel is running.
Access
View
View
View
View
View
View
Methods: void OpenDoor()
Sends a command to open the door for a specific reader.
void SetMode([in] int32 Mode)
Sends a command to set the current operating mode of a reader.
void GetMode ([out] int32 Mode)
Retrieves current mode of the reader. Mode is only retrieved from the hardware when the
UpdateHardwareStatus is called on the parent ISC.
Parameters:
int32 Mode: Reader mode to be set. Allowed values are:
MODE_LOCKED 0x0
MODE_CARDONLY
MODE_PIN_OR_CARD
0x1
0x2
DataConduIT User Guide
107
108
Data and Association Class Reference int32 Mode: Reader mode to be set. Allowed values are:
MODE_PIN_AND_CARD
MODE_UNLOCKED
0x3
0x4
MODE_FACCODE_ONLY
MODE_CYPHERLOCK
MODE_AUTOMATIC
0x5
0x6
0x7
You can set the current mode of the reader to an authentication mode using the ID retrieved with the Lnl_AuthenticationMode class. Authentication mode IDs are not static like the systemdefined reader modes in the table above.
void SetBiometricVerifyMode([in] boolean Value)
Sends a command to enable/disable the biometric mode of verification for a reader.
Note:
Using this method requires that you configure at least one biometric type for the reader’s controller. You must also configure the desired biometric template type to greater than 0 on the System Options > Biometrics tab.
Parameters: boolean Value: True – enable biometric mode of verification. False – disable biometric mode of verification.
void SetFirstCardUnlockMode([in] boolean Value)
Sends a command to enable/disable first card unlock mode for the reader.
Note:
Using this method requires that you enable the First Card Unlock option on the reader's controller.
Parameters: boolean Value: True – enable first card unlock mode. False – first card unlock mode.
void DownloadFirmware()
Sends a download firmware command to the reader interface module.
void GetHardwareStatus([out] uint32 Status)
Lnl_Segment
Description: A segment or segment group defined in the security system. Present in segmented systems only.
Abstract: Yes
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
Data Classes
Properties:
Type
int32 string
Name
ID
NAME
Description
Internal database ID. Key field.
Display name.
Access
View
View
Lnl_SegmentGroup
Description: A segment group in the security system. Present in segmented systems only. Refer to
Lnl_SegmentGroupMember on page 132 to determine which segments make up a segment group.
Abstract: No
Access: View
Superclass: Lnl_Segment
Platforms: OnGuard
Properties: Same properties as in Lnl_Segment.
Lnl_SegmentUnit
Description: A segment in the security system. Present in segmented systems only.
Abstract: No
Access: View
Superclass: Lnl_Segment
Platforms: OnGuard
Properties: Same properties as in Lnl_Segment.
Lnl_Timezone
Description: A time zone defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32 string
Name
ID
SegmentID
Name
Description
Internal database ID. Key field.
Segment ID to which the time zone belongs.
Name of the timezone.
Access
View
View
View
DataConduIT User Guide
109
110
Data and Association Class Reference
Lnl_TimezoneInterval
Description: A time zone interval used by instances of Lnl_Timezone.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32
Name
ID
TimezoneID datetime (string) StartTime datetime (string) EndTime boolean Monday - Sunday boolean HolidayType1 -
HolidayType8
Description
Internal database ID. Key field.
Lnl_Timezone of which this interval is a part of. Key field.
Time of day when interval becomes active
Time of day when interval stops being active
Day of the week when interval is active. There are seven individual boolean properties, one for each day of the week.
Holiday type during which the interval is active. There are eight individual boolean properties, one for each holiday type.
Access
View
View
View
View
View
View
Lnl_User
Description: A user defined in the system.
Abstract: No
Access: View/Add /Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32
Name
ID string LogonID string Password string FirstName
Description
Internal database ID. Key field.
Access
View
Internal Account User name. Edit
Internal Password. Read
Maximum length is 50 characters.
This property cannot be viewed.
First Name. Edit
DataConduIT User Guide
Data Classes
Type Name
string LastName boolean Enabled sint32 sint32 sint32
SystemPermissionGroupID
Determines whether user is enabled
System User Permission Group.
See Lnl_UserPermissionGroup.ID.
MonitoringPermissionGroupID Monitor User Permission Group.
See Lnl_UserPermissionGroup.ID.
CardPermissionGroupID Cardholder User Permission
Group. See
Lnl_UserPermissionGroup.ID.
sint32 ReportPermissionGroupID
Description
sint32 FieldPermissionID
Indicates the Report Permission
Group ID. This is a required field, but defaults to 0 which provides no report permissions.
Field/Page Access Group.
Reference to
.
Lnl_UserFieldPermissionGroup.ID
sint32 sint32
PrimarySegmentID
MonitoringZoneID
Created
User’s Primary Segment ID
Monitoring Zone ID. Reference to
Lnl_MonitoringZone.ID.
Date user was created
Access
Edit
Edit
Edit
Edit
Edit
Edit
Edit
Read
Edit
View datetime
(string) datetime
(string) string boolean
LastChanged
Notes
AutomaticallyCreated
Date user was modified View
View
View sint32 DatabaseID
Notes associated with the user.
An automatic user is one that has been created in “bulk” using the
Bulk User Tool. This property is set to false for all users except those created using the Bulk User Tool. It is included in the application programming interface (API) for filtering only.
The database identifier in an
Enterprise system that identifies the replication setting for the User.
The value has a default value of
‘Local System Only’ which matches the default through the
OnGuard software.
Edit
Lnl_UserAccount
Description: An association between a user and its directory account.
DataConduIT User Guide
111
112
Data and Association Class Reference
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 sint32
Name
ID
UserID string sin32
AccountID
DirectoryID
Description
Internal database ID. Key field.
Internal ID of the user who owns this account. See Lnl_User.ID. Key field.
ID of the entry in the external directory. The ID is the value of the attribute specified in the
Lnl_Directory.AccountIDAttr property. For example, for
Microsoft directories, this property would contain the account’s security identifier (SID).
Internal ID of the directory to which this account belongs. See
Lnl_Directory.ID.
Access
View
View/Edit
View/Edit
View/Edit
Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string
Name
ID
Name sint32 sint32
Type
SegmentID
Description Access
Internal database ID. Key field.
View
View Permission Group name.
Maximum length is 32 characters.
View Permission Group Type:
System = 1
Cardholder = 2
Monitor = 3
Segment to which the user permission group belongs.
View
DataConduIT User Guide
Data Classes
Type
sint32 boolean boolean boolean boolean boolean
Name
PTZPriority
CanLoginToDataConduIT
CanViewLiveVideo
CanViewRecordedVideo
CanSearchVideo
DevicesExcluded
Lnl_UserFieldPermissionGroup
Description: The permission group assigned to the user.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Description
PTZ Priority for the users belonging to this group
Shows if the user in this group can login to DataConduIT
Shows if the user in this group can view live video
Shows if the user in this group can view recorded video
Shows if the user in this group can search video
Shows if the devices in the associated group are excluded
Access
View
View
View
View
View
View
Type
sint32 string sint32
Name
ID
Name
SegmentID
Description
Internal database ID. Key field.
Permission Group name. Maximum length is 32 characters.
Segment to which the user field permission group belongs.
Access
View
View
View
Lnl_UserPermissionDeviceGroupLink
Description: Describes a link between a device group and a permission.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
113
114
Data and Association Class Reference
Properties:
Type
sint32 sint32
Name
UserPermissionGroupID
DeviceGroupID
Description
User permission group. See
Lnl_UserPermissionGroup.ID. Key field.
Device Group ID. See
Lnl_CameraGroup.ID. Key field.
Access
View
View
Lnl_UserReportPermissionGroup
Description: A report permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string
Name
ID
Name sint32 sint32
SegmentID
DatabaseID
Description
Internal database ID. Key field.
Permission Group name.
Maximum length is 255 characters.
Access
View
View
Segment to which the user report permission group belongs.
The database identifier in an
Enterprise system that identifies the replication setting for the group. The value has a default value of ‘Local System Only’ which matches the default through the OnGuard software.
View
View
Lnl_UserSecondarySegment
Description: An association between a user and all assigned segments.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
Data Classes
Properties:
Type
int32 sint32
Name
UserID
SegmentID
Description
Internal ID of the user
Lnl_User.ID.
A segment to which the user belongs.
Access
Read
Read sint32 sint32 boolean boolean boolean boolean boolean
Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string sint32
Name
ID
Name
Type
SegmentID
PTZPriority
CanLoginToDataConduIT
CanViewLiveVideo
CanViewRecordedVideo
CanSearchVideo
DevicesExcluded
Description Access
Internal database ID. Key field.
View
View Permission Group name.
Maximum length is 32 characters.
Permission Group Type:
System = 1
Cardholder = 2
Monitor = 3
Segment to which the user permission group belongs.
PTZ Priority for the users belonging to this group
Shows if the user in this group can login to DataConduIT
Shows if the user in this group can view live video
Shows if the user in this group can view recorded video
Shows if the user in this group can search video
Shows if the devices in the associated group are excluded
View
View
View
View
View
View
View
View
DataConduIT User Guide
115
116
Data and Association Class Reference
Lnl_UserFieldPermissionGroup
Description: The permission group assigned to the user.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string sint32
Name
ID
Name
SegmentID
Description
Internal database ID. Key field.
Permission Group name. Maximum length is 32 characters.
Segment to which the user field permission group belongs.
Access
View
View
View
Lnl_UserPermissionDeviceGroupLink
Description: Describes a link between a device group and a permission.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 sint32
Name
UserPermissionGroupID
DeviceGroupID
Description
User permission group. See
Lnl_UserPermissionGroup.ID. Key field.
Device Group ID. See
Lnl_CameraGroup.ID. Key field.
Access
View
View
Lnl_UserReportPermissionGroup
Description: A report permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
DataConduIT User Guide
Data Classes
Properties:
Type
sint32 string sint32 sint32
Name
ID
Name
SegmentID
DatabaseID
Description
Internal database ID. Key field.
Permission Group name.
Maximum length is 255 characters.
Access
View
View
Segment to which the user report permission group belongs.
The database identifier in an
Enterprise system that identifies the replication setting for the group. The value has a default value of ‘Local System Only’ which matches the default through the OnGuard software.
View
View
Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string sint32 sint32 sint32 boolean
Name
ID
Name
Type
SegmentID
PTZPriority
CanLoginToDataConduIT
Description Access
Internal database ID. Key field.
View
View Permission Group name.
Maximum length is 32 characters.
Permission Group Type:
System = 1
Cardholder = 2
Monitor = 3
Segment to which the user permission group belongs.
PTZ Priority for the users belonging to this group
Shows if the user in this group can login to DataConduIT
View
View
View
View
DataConduIT User Guide
117
118
Data and Association Class Reference
Type
boolean boolean boolean boolean
Name
CanViewLiveVideo
CanViewRecordedVideo
CanSearchVideo
DevicesExcluded
Lnl_UserFieldPermissionGroup
Description: The permission group assigned to the user.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Description
Shows if the user in this group can view live video
Shows if the user in this group can view recorded video
Shows if the user in this group can search video
Shows if the devices in the associated group are excluded
Access
View
View
View
View
Type
sint32 string sint32
Name
ID
Name
SegmentID
Description
Internal database ID. Key field.
Permission Group name. Maximum length is 32 characters.
Segment to which the user field permission group belongs.
Access
View
View
View
Lnl_UserPermissionDeviceGroupLink
Description: Describes a link between a device group and a permission.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32
Name
UserPermissionGroupID
Description
User permission group. See
Lnl_UserPermissionGroup.ID. Key field.
Access
View
DataConduIT User Guide
Data Classes
Type
sint32
Name
DeviceGroupID
Description
Device Group ID. See
Lnl_CameraGroup.ID. Key field.
Lnl_UserReportPermissionGroup
Description: A report permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string sint32 sint32
Name
ID
Name
SegmentID
DatabaseID
Access
View
Description
Internal database ID. Key field.
Permission Group name.
Maximum length is 255 characters.
Segment to which the user report permission group belongs.
Access
View
View
View
The database identifier in an
Enterprise system that identifies the replication setting for the group. The value has a default value of ‘Local System Only’ which matches the default through the OnGuard software.
View
Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32
Name
ID
Description Access
Internal database ID. Key field.
View
DataConduIT User Guide
119
120
Data and Association Class Reference
Type
string sint32 sint32 sint32 boolean boolean boolean boolean boolean
Name
Name
Type
SegmentID
PTZPriority
CanLoginToDataConduIT
CanViewLiveVideo
CanViewRecordedVideo
CanSearchVideo
DevicesExcluded
Lnl_UserFieldPermissionGroup
Description: The permission group assigned to the user.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Description
Permission Group name.
Maximum length is 32 characters.
Permission Group Type:
System = 1
Cardholder = 2
Monitor = 3
Segment to which the user permission group belongs.
PTZ Priority for the users belonging to this group
Shows if the user in this group can login to DataConduIT
Shows if the user in this group can view live video
Shows if the user in this group can view recorded video
Shows if the user in this group can search video
Shows if the devices in the associated group are excluded
Access
View
View
View
View
View
View
View
View
View
Type
sint32 string sint32
Name
ID
Name
SegmentID
Description
Internal database ID. Key field.
Permission Group name. Maximum length is 32 characters.
Segment to which the user field permission group belongs.
Access
View
View
View
Lnl_UserPermissionDeviceGroupLink
Description: Describes a link between a device group and a permission.
DataConduIT User Guide
Data Classes
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 sint32
Name
UserPermissionGroupID
DeviceGroupID
Description
User permission group. See
Lnl_UserPermissionGroup.ID. Key field.
Device Group ID. See
Lnl_CameraGroup.ID. Key field.
Access
View
View
Lnl_UserReportPermissionGroup
Description: A report permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string
Name
ID
Name sint32 sint32
SegmentID
DatabaseID
Description
Internal database ID. Key field.
Permission Group name.
Maximum length is 255 characters.
Access
View
View
Segment to which the user report permission group belongs.
The database identifier in an
Enterprise system that identifies the replication setting for the group. The value has a default value of ‘Local System Only’ which matches the default through the OnGuard software.
View
View
Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
DataConduIT User Guide
121
122
Data and Association Class Reference
sint32 sint32 boolean boolean boolean boolean boolean
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string
Name
ID
Name sint32 Type
SegmentID
PTZPriority
CanLoginToDataConduIT
CanViewLiveVideo
CanViewRecordedVideo
CanSearchVideo
DevicesExcluded
Description
Permission Group Type:
System = 1
Cardholder = 2
Monitor = 3
Access
Internal database ID. Key field.
View
View Permission Group name.
Maximum length is 32 characters.
View
View Segment to which the user permission group belongs.
PTZ Priority for the users belonging to this group
Shows if the user in this group can login to DataConduIT
Shows if the user in this group can view live video
View
View
View
Shows if the user in this group can view recorded video
Shows if the user in this group can search video
Shows if the devices in the associated group are excluded
View
View
View
Lnl_UserFieldPermissionGroup
Description: The permission group assigned to the user.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string
Name
ID
Name
Description
Internal database ID. Key field.
Permission Group name. Maximum length is 32 characters.
Access
View
View
DataConduIT User Guide
Data Classes
Type
sint32
Name
SegmentID
Description
Segment to which the user field permission group belongs.
Lnl_UserPermissionDeviceGroupLink
Description: Describes a link between a device group and a permission.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 sint32
Access
View
Name
UserPermissionGroupID
DeviceGroupID
Description
User permission group. See
Lnl_UserPermissionGroup.ID. Key field.
Device Group ID. See
Lnl_CameraGroup.ID. Key field.
Access
View
View
Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string
Name
ID
Name sint32 sint32
Type
SegmentID
Description Access
Internal database ID. Key field.
View
View Permission Group name.
Maximum length is 32 characters.
Permission Group Type:
System = 1
Cardholder = 2
Monitor = 3
Segment to which the user permission group belongs.
View
View
DataConduIT User Guide
123
124
Data and Association Class Reference
Type
sint32 boolean boolean boolean boolean boolean
Name
PTZPriority
CanLoginToDataConduIT
CanViewLiveVideo
CanViewRecordedVideo
CanSearchVideo
DevicesExcluded
Description
PTZ Priority for the users belonging to this group
Shows if the user in this group can login to DataConduIT
Shows if the user in this group can view live video
Shows if the user in this group can view recorded video
Shows if the user in this group can search video
Shows if the devices in the associated group are excluded
Access
View
View
View
View
View
View
Lnl_UserReportPermissionGroup
Description: A report permission group defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
sint32 string sint32 sint32
Name
ID
Name
SegmentID
DatabaseID
Description
Internal database ID. Key field.
Permission Group name.
Maximum length is 255 characters.
Segment to which the user report permission group belongs.
The database identifier in an
Enterprise system that identifies the replication setting for the group. The value has a default value of ‘Local System Only’ which matches the default through the OnGuard software.
Access
View
View
View
View
Lnl_Visit
Description: A visit in the security system.
DataConduIT User Guide
Data Classes
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32 boolean boolean boolean string int32 string
Name
ID
CARDHOLDERID
EMAIL_INCLUDE_DEF_
RECIPENTS
EMAIL_INCLUDE_HOST
EMAIL_INCLUDE_
VISITOR
EMAIL_LIST datetime (string) LASTCHANGED string PURPOSE datetime (string) SCHEDULED_TIMEIN datetime (string) SCHEDULED_TIMEOUT datetime (string) TIMEIN datetime (string) TIMEOUT int32 TYPE
VISIT_EVENTID
VISIT_KEY
Description
Internal database ID. Key field.
LNL_CARDHOLDER.ID - the host
Whether the default recipients are notified
Access
View
Read
Edit
Whether the host is notified Edit
Whether the visitor is notified Edit
A list of semi-colon separated e-mail recipients (other than the visitor, host or defaults)
Ex: [email protected];xyz@123.
com
Visit last changed
Visit purpose.
Scheduled start time
Scheduled end time
Actual start time
Actual end time
Visit type, values are userdefined
The ID of the visit event.
Reference to
Lnl_VisitEvent.ID.
A unique identifier assigned to a scheduled visit, used to sign visitors in or out.
Lnl_Visitor.ID - the visitor.
Edit
View
Edit
Edit
Edit
View
View
Edit
View
View
Read int32 VISITORID
Methods: void SignVisitOut();
Signs a visit out, modifying the visit and setting TIMEOUT to current date/time. Any associated badge with the visitor is deactivated and set to the status as configured in the OnGuard software.
DataConduIT User Guide
125
126
Data and Association Class Reference
void SignVisitIn([in]int32 BadgeTypeID, [in]string PrinterName, [in]int64 AssignedBadgeID);
Signs a visit in, modifying the visit and setting TIMEIN to current date/time. If
AssignedBadgeID is set to a valid ID, the badge is automatically assigned to the visitor and made active.
Parameters:
• badgeTypeID - This is the badge type you want to assign the visitor.
• AssignedBadgeID - This is the badge ID you want to assign the visitor, a badge already in the system.
• printerName - The name of the printer you want to use to print out the disposable badge
Note:
If badgeTypeID is provided so must the printerName (unless there is a default printer set up for the badgeTypeID specified) and AssignedBadgeID will be ignored. If
AssignedBadgeID is specified, badgeTypeID and printerName are ignored. See the
Visitor Management User Guide for more detailed documentation on visits and signing them in.
Lnl_VisitEmailRecipient
Description: A visit e-mail recipient in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32 int32 string string string boolean boolean boolean
Name
RECIPIENTNUMBER
VISITID
ACCOUNTID
DIRECTORYID
EMAILADDRESS
INCLUDEDEFAULTRECIPIE
NTS
INCLUDEHOST
INCLUDEVISITOR
Description
Internal database ID. Key field.
Lnl_Visit.ID - ID of the visit.
Key field.
ID of the entry in the external directory. For example, with
Microsoft directories, this property would contain the account’s security identifier
(SID).
Internal ID of the directory to which this account belongs.
Access
View
View
View
View
Recipient e-mail address.
Whether the default recipients are notified
View
View
Whether the visit host is notified
View
Whether the visitor is notified View
DataConduIT User Guide
Data Classes
Type
int32 int32
Name
PERSONID
SEGMENTID
Description
Lnl_Person.ID - ID of the person receiving the e-mail
Segment to which the visit email recipient belongs.
Access
View
View
Type
int32 string int32 int32
Lnl_VisitEvent
Description: A hosted event with visits and visitors.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties: int32 datetime
(string) datetime
(string) datetime
(string) int32
Name
ID
Name
CardholderID
DelegateID
DatabaseID
Scheduled_TimeIn
Scheduled_TimeOut
LastChanged
SignInLocationID
Description
The internal database ID
The user-friendly name of this object.
The host of the visit event.
Reference to Lnl_Cardholder.ID.
The person who schedules or maintains the event instead of the host.
The database identifier in an
Enterprise system that identifies the system containing the event data.
The time the visit event is scheduled to start.
The time the visit event is scheduled to complete.
The last time the properties of the visit event changed.
The ID of the visitor sign in location.
Access
View
View
View
View
View
View
View
View
View
Lnl_Visitor
Description: A visitor in the security system.
Abstract: No
Access: View/Add/Modify/Delete
DataConduIT User Guide
127
128
Data and Association Class Reference
Type
string string string string string string int32
Superclass: Lnl_Person
Platforms: OnGuard
Properties: The class has all the properties of the Lnl_Person class, plus custom fields defined by the end user and the following: string string string
Name
ADDRESS
CITY
Description
The visitor’s address.
The visitor’s city.
The visitor’s email address.
Access
Edit
Edit
Edit
EXT
OPHONE
ORGANIZATION
The visitor’s extension.
The visitor’s office phone number.
Edit
Edit
The visitor’s organization. Edit
Read PRIMARYSEGMENTID This property is only available when visitors are segmented.
STATE The visitor’s state.
TITLE
ZIP
The visitor’s title.
The visitor’s zip code.
Edit
Edit
Edit
User-Defined Value Lists
Description: Any user-defined list in the system, populated via List Builder. Some examples include:
•
Lnl_BadgeStatus
•
Lnl_BUILDING
•
Lnl_DEPARTMENT
•
Lnl_DIVISION
•
Lnl_LOCATION
•
Lnl_TITLE
•
Lnl_VISIT_TYPE
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
int32
Name
ID
Description Access
Internal database ID. Key field.
View
DataConduIT User Guide
Association Classes
Type
string int32
Name
NAME
SEGMENTID
Description
Name of the list value.
Segment to which the userdefined value list belongs.
Access
Edit
Read
Association Classes
Lnl_AccessLevelGroupAssignment
Description: An association between an access level and the group in which it belongs.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_AccessLevel ref:Lnl_AccessGroup
Name
ACCESSLEVEL
ACCESSGROUP
Description
Reference to the access level
Reference to the access group
Lnl_BadgeOwner
Description: An association between a badge and the person who owns it.
Abstract: Yes
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_Badge ref:Lnl_Person
Name
BADGE
PERSON
Description
Reference to the badge
Reference to the person
Lnl_CardholderAccount
Description: An association between an account and the cardholder with which it is associated.
Abstract: No
DataConduIT User Guide
129
130
Data and Association Class Reference
Access: View
Superclass: Lnl_PersonAccount
Platforms: OnGuard
Properties:
Type
ref:Lnl_Account ref:Lnl_Cardholder
Name
ACCOUNT
PERSON
Description
Reference to the account
Reference to the cardholder
Lnl_CardholderBadge
Description: An association between a badge and the cardholder who owns it.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_Badge ref:Lnl_Cardholder
Name
BADGE
PERSON
Description
Reference to the badge
Reference to the cardholder
Lnl_CardholderMultimediaObject
Description: An association between a multimedia object and the cardholder who owns it.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_MultimediaObject ref:Lnl_Cardholder
Name
MULTIMEDIAOBJECT
PERSON
Description
Reference to the multimedia object
Reference to the cardholder
Lnl_DirectoryAccount
Description: An association between an account and the directory in which it is stored.
Abstract: No
DataConduIT User Guide
Association Classes
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_Account ref:Lnl_Directory
Name
ACCOUNT
DIRECTORY
Description
Reference to the account
Reference to the directory
Lnl_MultimediaObjectOwner
Description: An association between a multimedia object and the person who owns it.
Abstract: Yes
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_MultimediaObject ref:Lnl_Person
Name
MULTIMEDIAOBJECT
PERSON
Description
Reference to the multimedia object
Reference to the person
Lnl_PersonAccount
Description: An association between an account and the person with which it is associated.
Abstract: Yes
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_Account ref:Lnl_Person
Name
ACCOUNT
PERSON
Description
Reference to the account
Reference to the person
Lnl_ReaderEntersArea
Description: An association between a reader and the APB area to which it allows entry.
Abstract: No
DataConduIT User Guide
131
132
Data and Association Class Reference
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_Area ref:Lnl_Reader
Name
AREA
READER
Description
Reference to the APB area
Reference to the reader
Lnl_ReaderExitsArea
Description: An association between a reader and the APB area to which it allows departure from.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_Area ref:Lnl_Reader
Name
AREA
READER
Description
Reference to the APB area
Reference to the reader
Lnl_SegmentGroupMember
Description: An association between a segment unit and the segment group of which the unit is a member. Present in segmented systems only.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_SegmentGroup ref:Lnl_SegmentUnit
Name
GROUP
MEMBER
Description
Reference to the segment group
Reference to the segment unit
Lnl_VisitorAccount
Description: An association between an account and the visitor with which it is associated.
DataConduIT User Guide
Association Classes
Abstract: No
Access: View
Superclass: Lnl_PersonAccount
Platforms: OnGuard
Properties:
Type
ref:Lnl_Account ref:Lnl_Visitor
Name
ACCOUNT
PERSON
Description
Reference to the account
Reference to the visitor
Lnl_VisitorBadge
Description: An association between a badge and the visitor who owns it.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_Badge ref:Lnl_Visitor
Name
BADGE
PERSON
Description
Reference to the badge
Reference to the visitor
Lnl_VisitorMultimediaObject
Description: An association between a multimedia object and the visitor who owns it.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Type
ref:Lnl_MultimediaObject ref:Lnl_Visitor
Name
MULTIMEDIAOBJECT
PERSON
Description
Reference to the multimedia object
Reference to the visitor
DataConduIT User Guide
133
134
Data and Association Class Reference
Type
sint32 sint32 sint32 string boolean sint32 boolean sint32 string sint32 boolean
Event Classes
All event classes are view only and are not abstract.
Lnl_AccessEvent
Description: An event occurring due to the presentation of credentials at a reader. Credentials here are represented as being stored on a card, but the “card” could be any form factor. Similarly, the “reader” represents any system that can read the credentials on the card. This class includes information read from the card (card number, biometric information) in addition to what access was granted (granted/ denied and under duress).
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Name
ACCESSRESULT
AREAENTEREDID
AREAEXITEDID
ASSETID
CARDHOLDERENTERED
CARDNUMBER
DURESS
ELEVATORFLOOR
ExtendedID
FACILITYCODE
ISREADABLECARD
Description
The level of access that was granted that resulted from reading the card. Possible values:
0: Other
1: Unknown
2: Granted
3: Denied
4: Not Applicable
The ID of the area that was entered, if any.
The ID of the area that was exited, if any.
The ID of the asset related to this event, if any.
Whether entry was made by the cardholder.
The badge ID for the card that was read, if available.
Indicates whether this card access indicates an under duress/emergency state.
The elevator floor on which the access event was generated, if any.
The extended length identifier for the card that was read, if available.
The facility code for the card that was read, if available.
Whether the card could be read. If it could not be read (due to an invalid card format or damage to the card), the other properties of this class relating to card information will be null.
DataConduIT User Guide
Event Classes
Type
string string boolean boolean sint32 sint32
Type
sint32
Name
ISSUECODE
Description
The issue code for the card that was read, if available.
Lnl_Alarm
Description: An alarm in the system. The Lnl_Alarm class is embedded directly into the
Lnl_SecurityEvent class, because an alarm cannot happen without an event and an event can be mapped to one and only one alarm definition. Since this is an embedded object, you cannot query for it.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties: These priorities are based off the Alarm Configuration folder in System Administration.:
Name
DESCRIPTION
EVENTPARAMDESCRIPTION
ISACTIVE
MUSTACKNOWLEDGE
PRIORITY
ID
Description
A human readable of the event parameter
A human readable brief description of the event parameter
Whether the alarm is active
Whether the alarm has to be acknowledged
The alarm’s priority
The ID that uniquely identifies the alarm, and which can be used to acknowledge the alarm
Lnl_Event
Description: An event occurring in the OnGuard system.
Superclass: __ExtrinsicEvent
Platforms: OnGuard
Properties:
Type
string datetime (string)
Name
DESCRIPTION
TIME
Description
A human readable, brief description of this event.
The time when this event occurred.
DataConduIT User Guide
135
136
Data and Association Class Reference
Lnl_FireEvent
Description: An event that relates to a fire hazard and/or fire hardware.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Type
sint32
Name
TroubleCode
Description
A trouble code associated with the fire event.
Lnl_FunctionExecEvent
Description: An event that consists of a function that is executed when a given event occurs. Input arguments may also be included.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Type
sint32 sint32 sint32
Name
FunctionID
InitiatingEventID
FunctionInputArguments
Description
The ID of the function that was executed.
The ID of the event that caused the function to be executed.
Any input arguments to the function that was executed.
Lnl_IntercomEvent
Description: An event occurring on intercom hardware such as an intercom exchange or an intercom station.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Type
sint32 sint32
Name
IntercomData
LineNumber
Description
Additional data for the intercom event that occurred.
The line number involved in the intercom event.
DataConduIT User Guide
Event Classes
Lnl_OtherSecurityEvent
Description: An event that is not card related and not access-related, such as door forced open and alarm restored. The Lnl_OtherSecurity event class supports all event types that were not included in the other event sub-classes. A combination of all of the above classes yields all security events and alarms available in the system.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties: All properties belong to the superclass.
Lnl_SecurityEvent
Description: An event occurring in the physical security system.
Superclass: Lnl_Event
Platforms: OnGuard
Properties:
Type
sint32 sint32 sint32
Name
ID
DEVICEID
PANELID
Description
Internal database ID. Key field.
The ID of the device where this event originated
The ID of the panel where this event originated. Reference to Lnl_Panel.ID.
sint32 sint32
SECONDARYDE
VICEID
SEGMENTID sint32 SERIALNUMBER A number that uniquely identifies the instance of the event for a particular panel object:Lnl_Alarm ALARM The alarm associated with the event, if there is one sint32 Type
The ID of the secondary device where this event originated
Segment in which the security event occurred.
sint32 SubType
Event type i.e., “duress”, “system”, etc.
Corresponds to
Lnl_EventSubtypeDefinition.TypeID and
Lnl_EventType.ID.
Event sub-type i.e., “granted”, “door forced open”, etc. Corresponds to
Lnl_EventSubtypeDefinition.SubTypeID.
Access
Read
View
View
Lnl_StatusChangeEvent
Description: An event that indicates a change of status for the device specified.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
DataConduIT User Guide
137
138
Data and Association Class Reference
Properties:
Type
sint32 sint8 sint8
Name
CommunicationStatus
NewStatus
OldStatus
Description
The status for the communication link with the device specified in the event.
The new status of the device specified in the event.
The old status for the device specified in the event.
Lnl_TransmitterEvent
Description: A personal safety event involving a transmitter.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Type
sint32 sint32 sint32
Name
TransmitterBaseID
TransmitterID
TransmitterInputID boolean VerifiedAlarm
Description
The base ID of the transmitter associated with the event.
The ID of the transmitter associated with the event.
The ID of the input on the transmitter associated with the event.
Boolean value indicating whether the transmitter message is known to be verified.
Lnl_VideoEvent
Description: An event associated with video equipment such as video recorders and cameras.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Type
datetime (string) datetime (string)
Name
StartTime
EndTime
Description
The time the video event started.
The time the video event ended.
DataConduIT User Guide
Command and Control: Classes and Methods
Type
sint32
Name
Channel
Description
The physical channel the camera is connected to that is creating this event.
Command and Control: Classes and Methods
Lnl_AlarmInput
Description: Inherits from Lnl_Input, described below. Implements the input control methods and represents an alarm input found on an input control module.
Properties:
Type
int32 int32 string int32 string int32
Name
ID
AlarmPanelId
HostName
InputId
Name
PanelId
Description
Internal database ID. Key field.
The ID of the associated alarm panel.
The name of the workstation where the communication server associated with the alarm input’s panel is running.
The input number configured for this input.
The name of the alarm input.
The ID of the associated access panel. Reference to
Lnl_Panel.ID.
Access
View
View
View
View
View
View
Lnl_AlarmOutput
Description: Inherits from Lnl_Output, described below. Implements the relay control methods and represents an alarm relay found on an input or output control module.
Notes:
The Activate(), Deactivate(), and Pulse() methods are not supported on Mercury, NGP, or Casi alarm panels when those panels are designated as elevator hardware.
Access panels with a dual reader that are designated as elevator hardware will not generate instances of this class.
Properties:
Type
int32
Name
ID
Description
Internal database ID. Key field.
Access
View
DataConduIT User Guide
139
140
Data and Association Class Reference
Type
int32 int32 string int32 string int32
Name
AlarmPanelId
Duration
HostName
OutputId
Name
PanelId
Description
The ID number of the associated alarm panel.
The duration of the alarm, in seconds.
The name of the workstation where the communication server associated with the alarm output’s panel is running.
The ID number of the associated alarm output.
The name of the associated alarm output.
The ID number of the associated access panel.
Reference to Lnl_Panel.ID.
Access
View
View
View
View
View
View
Lnl_AlarmPanel
Description: This class represents the Alarm input or output control module.
Properties:
Type
int32 int32 int32 int32
Name
ID
PanelId
ControlType
Name
Description
Internal database ID. Key field.
The ID of the associated alarm panel.
Key field. Reference to
Lnl_Panel.ID.
The type of alarm panel.
The name of the associated alarm panel.
Access
View
View
View
View
Methods: void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the hardware when the
UpdateHardwareStatus is called on the parent ISC.
uint32 Status – device status: uint32 Status
ONLINE_STATUS
Description
Online
OPTIONS_MISMATCH_STATUS Options Mismatch
CABINET_TAMPER Cabinet Tamper
Device status
0x01
0x02
0x04
DataConduIT User Guide
Command and Control: Classes and Methods uint32 Status – device status: uint32 Status
POWER_FAIL
Description
Power Failure
Device status
0x8
Lnl_Input
Description: Abstract class that represents any kind of alarm input. It declares methods for controlling such output.
Methods: void Mask();
Sends a command to mask a specific alarm input.
void Unmask();
Sends a command to unmask a specific alarm input.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the hardware when the
UpdateHardwareStatus is called on the ISC.
uint32 Status – device status:
ALRM_STATUS_SECURE
ALRM_STATUS_ACTIVE
ALRM_STATUS_GND_FLT
ALRM_STATUS_SHRT_FLT
ALRM_STATUS_OPEN_FLT
ALRM_STATUS_GEN_FLT
ALRM_STATUS_MASKED
0x00
0x01
0x02
0x03
0x04
0x05
0x100
Lnl_IntrusionArea
Description: Implements the control methods for the Intrusion Area.
Properties:
Type
int32 int32 int32
Name
ID
AreaNumber
AreaType
Description
Internal database ID. Key field.
The number of the associated intrusion area.
The type of the associated intrusion area.
Access
View
View
View
DataConduIT User Guide
141
Data and Association Class Reference
Type
string string int32
Name
HostName
Name
PanelId
Description
The name of the workstation where the communication server associated with the intrusion panel is running.
The name of the associated intrusion area.
The ID of the associated intrusion panel. Reference to
Lnl_Panel.ID.
Methods: void Arm([in] sint32 armState); armState - the desired arm state of the area. Values include:
Access
View
View
View
9
10
11
12
6
7
4
5
2
3
Value
1
Name
PerimeterArm
EntirePartitionArm
MasterDelayArm
MasterInstantArm
PerimeterDelayArm
PerimeterInstantArm
PartialArm
AwayArm
AwayForcedArm
StayArm
StayForcedArm void Disarm()
Sends a command to disarm the area.
void SilenceAlarms ()
Sends a command to silence area alarms.
void GetHardwareStatus([out] uint32 Status)
Description
Sends a command to perform a perimeter arm.
Sends a command to perform an entire partition arm.
Sends a command to perform a delayed master arm.
Sends a command to perform an instant master arm.
Sends a command to perform a delayed perimeter arm.
Sends a command to perform an instant perimeter arm.
Sends a command to perform a partial arm.
Sends a command to perform an away arm.
Sends a command to perform an away forced arm.
Sends a command to perform a stay arm.
Sends a command to perform a stay forced arm.
142
DataConduIT User Guide
Command and Control: Classes and Methods
Retrieves the hardware status for the device. Status is only retrieved from the hardware when the
UpdateHardwareStatus is called on the parent ISC.
uint32 Status – device status:
OFFLINE_STATUS
ONLINE_STATUS
0x00
0x01
Lnl_IntrusionDoor
Description: Implements the control methods for the Intrusion Door.
Properties:
Type
int32 int32 int32 string string
Name
DeviceId
ID
PanelId
HostName
Name
Methods: void Open()
Sends a command to open the intrusion door.
void SetMode([in] sint32 Mode);
Sends a command to change the door mode.
void GetHardwareStatus([out] uint32 Status);
Retrieves the hardware status for the device.
Description
The ID of the intrusion door. Key field.
Internal database ID. Key field.
The ID of the associated intrusion panel.
Key field.
Reference to Lnl_Panel.ID.
The name of the workstation where the communication server associated with the intrusion panel is running.
The name of the associated intrusion door.
Access
View
View
View
View
View
Mode – door mode:
DoorLock
DoorUnlock
SetDoorSecure
0x0
0x1
0x2
DataConduIT User Guide
143
144
Data and Association Class Reference
Lnl_IntrusionOutput
Description: Abstract class that inherits from Lnl_Output. Declares the relay control methods and represents an output device of the Intrusion Panel.
Note:
Properties:
This class does not support the Pulse() method.
Type
int32 int32 string string
Name
DeviceId
PanelId
HostName
Name
Description
The ID of the intrusion output.
Key field.
The ID of the associated intrusion panel.
Key field.
Reference to Lnl_Panel.ID.
The name of the workstation where the communication server associated with the intrusion panel is running.
The name of the intrusion output.
Access
View
View
View
View
Lnl_IntrusionZone
Description: Implements the control methods for the Intrusion Zone.
Properties:
Type
int32 int32 int32 string string
Name
DeviceId
ID
PanelId
HostName
Name
Description
The ID of the intrusion zone.
Key field.
Internal database ID. Key field.
The ID of the associated intrusion panel.
Key field.
Reference to Lnl_Panel.ID.
The name of the workstation where the communication server associated with the intrusion panel is running.
The name of the associated intrusion zone.
Access
View
View
View
View
View
Methods: void Bypass()
Sends a command to open by pass the alarm zone.
void UnBypass();
DataConduIT User Guide
Command and Control: Classes and Methods
Sends a command to un bypass the alarm zone. void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the hardware when the
UpdateHardwareStatus is called on the parent ISC.
uint32 Status – device status:
OFFLINE_STATUS
ONLINE_STATUS
0x00
0x01
Lnl_IntrusionZoneOutput
Description: Inherits from Lnl_Output, and therefore has the same properties. Implements the relay control methods and represents an Output Zone defined on the Intrusion Panel.
Note:
This class does not support the Pulse() method.
Lnl_OffBoardRelay
Description: Inherits from Lnl_Output, and therefore has the same properties. Implements the relay control methods and represents an Off-Board relay connected to the Intrusion Panel.
Methods: void Toggle();
Toggles the state of the specific alarm relay.
Note:
This class does not support the Pulse() method.
Lnl_OnBoardRelay
Description: Inherits from Lnl_Output, and therefore has the same properties. Implements the relay control methods and represents an On-Board relay of the Intrusion Panel.
Note:
This class does not support the Pulse() method.
Lnl_Output
Description: Abstract class that represents any kind relay output. It declares methods for controlling such output.
Methods: void Activate()
Sends a command to activate a specific alarm relay.
void Deactivate()
Sends a command to deactivate a specific alarm relay.
void Pulse()
Sends a momentary pulse command to a specific alarm relay.
DataConduIT User Guide
145
146
Data and Association Class Reference
Example (VB Script):
Set wbemServices = GetObject(“winmgmts://./root/onguard”)
‘ run the query. this call returns a SWbemObjectSet that contains a
‘ list of all outputs in the system.
Set outputSet = wbemServices.ExecQuery(
" select * from Lnl Output
"
)
Dim Counter
Counter = 0
‘ for each output - pulse three times
While Counter < 3 ‘ Test value of Counter.
for each output in outputSet
‘ Pulse the output output.Pulse()
WScript.Sleep 1000 next
Counter = Counter + 1 ‘ Increment Counter.
Wend void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the hardware when the
UpdateHardwareStatus is called on the parent ISC.
uint32 Status – device status: uint32 Status
ALRM_STATUS_SECURE
ALRM_STATUS_ACTIVE
Description
Output Secure
Output Active
Device status
0
1
Lnl_Panel
Description: This class represents the Intelligent System Controller.
Methods: void DownloadFirmware()
Sends a download firmware command to the ISC.
void DownloadDatabase()
Sends a command to the ISC to download the cardholder database.
void ResetUseLimit()
Sends a command to reset the use limit of all cardholders within the ISC.
void UpdateHardwareStatus()
Sends a command to retrieve the status of the Intelligent System controller and all downstream hardware connected to the specific system controller.
void Connect()
DataConduIT User Guide
Command and Control: Classes and Methods
Used for dial-up only. This command instructs the host to connect to the ISC via dial-up.
void Disconnect()
Used for dial-up only. This command instructs the host to send a disconnect command to the ISC.
void SetClock()
Sends the current time down to the ISC.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the hardware when the
UpdateHardwareStatus is called on the ISC.
uint32 Status – device status: uint32 Status
ONLINE_STATUS
OPTIONS_MISMATCH_STATUS
CABINET_TAMPER
POWER_FAIL
DOWNLOADING_FIRMWARE
Description
Online
Options Mismatch
Cabinet Tamper
Power Failure
Downloading Firmware
Device status
0x01
0x02
0x04
0x8
0x10
Lnl_Reader
Description:
Methods: void OpenDoor()
Sends a command to open the door for a specific reader.
void SetMode([in] sint32 Mode)
Sends a command to set the current operating mode of a reader.
void GetMode ([out] sint32 Mode)
Retrieves current mode of the reader. Mode is only retrieved from the hardware when the
UpdateHardwareStatus is called on the parent ISC.
Parameters:
sint32 Mode: Reader mode to be set. Allowed values are:
MODE_LOCKED 0x0
MODE_CARDONLY
MODE_PIN_OR_CARD
0x1
0x2
MODE_PIN_AND_CARD
MODE_UNLOCKED
0x3
0x4
DataConduIT User Guide
147
148
Data and Association Class Reference sint32 Mode: Reader mode to be set. Allowed values are:
MODE_FACCODE_ONLY
MODE_CYPHERLOCK
MODE_AUTOMATIC
0x5
0x6
0x7
You can set the current mode of the reader to an authentication mode using the ID retrieved with the Lnl_AuthenticationMode class. Authentication mode IDs are not static like the systemdefined reader modes in the table above.
void SetBiometricVerifyMode([in] boolean Value)
Sends a command to enable/disable the biometric mode of verification for a reader.
Parameters: boolean Value: True – enable biometric mode of verification. False – disable biometric mode of verification.
void SetFirstCardUnlockMode([in] boolean Value)
Sends a command to enable/disable first card unlock mode for the reader.
Parameters: boolean Value: True – enable first card unlock mode. False – first card unlock mode.
void DownloadFirmware()
Sends a download firmware command to the reader interface module.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the hardware when the
UpdateHardwareStatus is called on the parent ISC.
uint32 Status – device status: uint32 Status
RDRSTATUS_ONLINE
RDRSTATUS_OPTION_MISMATCH
RDRSTATUS_CNTTAMPER
RDRSTATUS_PWR_FAIL
RDRSTATUS_TAMPER
Description
Online
Options Mismatch
Cabinet Tamper
Power Failure
Reader Tamper
Device status
0x1
0x2
0x4
0x8
0x10
RDRSTATUS_FORCED
RDRSTATUS_HELD
RDRSTATUS_AUX
RDRSTATUS_AUX2
RDRSTATUS_AUX3
Door Forced Open
Door Held Open
Auxiliary Input 1
Auxiliary Input 2
Auxiliary Input 3
0x20
0x40
0x80
0x100
0x400
DataConduIT User Guide
Command and Control: Classes and Methods uint32 Status – device status: uint32 Status Description
Bio Verify
Device status
0x800 RDRSTATUS_BIO_VERIFY
RDRSTATUS_DC_GND_FLT
RDRSTATUS_DC_SHRT_FLT
RDRSTATUS_DC_OPEN_FLT
RDRSTATUS_DC_GEN_FLT
RDRSTATUS_RX_GND_FLT
RDRSTATUS_RX_SHRT_FLT
RDRSTATUS_RX_OPEN_FLT
RDRSTATUS_RX_GEN_FLT
DC Ground Fault
DC Short Fault
DC Open Fault
DC Generic Fault
RX Ground Fault
RX Short Fault
RX Open Fault
RX Generic Fault
RDRSTATUS_FIRST_CARD_UNLOCK
RDRSTATUS_EXTENDED_HELD_MODE
RDRSTATUS_CIPHER_MODE
First Card Unlock Mode
Extended Held Mode
Cipher Mode
0x100000
0x200000
0x400000
0x1000
0x2000
0x4000
0x8000
0x10000
0x20000
0x40000
0x80000
RDRSTATUS_LOW_BATTERY
RDRSTATUS_MOTOR_STALLED
RDRSTATUS_READHEAD_OFFLINE
RDRSTATUS_MRDT_OFFLINE
RDRSTATUS_DOOR_CONTACT_OFFLIN
E
Low Battery
Motor Stalled
Read Head Offline
MRDT Offline
Door Contact Offline
0x800000
0x1000000
0x2000000
0x4000000
0x8000000
Lnl_ReaderInput
Description: Abstract class, inherits from Lnl_Input. Declares the input control methods and represents an auxiliary input found on a reader interface module.
Properties:
Type
int32
Name
PanelId
Description
The ID of the associated panel.
Key field. Reference to
Lnl_Panel.ID.
Access
View
DataConduIT User Guide
149
150
Data and Association Class Reference
Type
int32 string string int32 string string
Name
ReaderId
HostName
Name
ReaderId
HostName
Name
Description
The ID of the associated reader.
Key field.
The name of the workstation where the communication server associated with the reader’s access panel is running.
The name of the associated reader input.
Access
View
View
View
Lnl_ReaderInput1
Description: Inherits from Lnl_ReaderInput. Declares the input control methods and represents the first auxiliary input found on a reader interface module.
Lnl_ReaderInput2
Description: Inherits from Lnl_ReaderInput. Declares the input control methods and represents the second auxiliary input found on a reader interface module.
Lnl_ReaderOutput
Description: Abstract class, inherits from Lnl_Output. Declares the relay control methods and represents an auxiliary relay found on a reader interface module.
Properties:
Type
int32
Name
PanelId
Description
The ID of the associated panel.
Key field. Reference to
Lnl_Panel.ID.
The ID of the associated reader.
Key field.
The name of the workstation where the communication server associated with the reader’s access panel is running.
The name of the associated reader output.
Access
View
View
View
View
Lnl_ReaderOutput1
Description: Inherits from Lnl_ReaderOutput. Implements the relay control methods and represents the first auxiliary relay found on a reader interface module.
DataConduIT User Guide
Command and Control: Classes and Methods
Lnl_ReaderOutput2
Description: Inherits from Lnl_ReaderOutput. Implements the relay control methods and represents the second auxiliary relay found on a reader interface module.
DataConduIT User Guide
151
Data and Association Class Reference
152
DataConduIT User Guide
Appendices
APPENDIX A
Property Qualifiers Used In
DataConduIT
The following property qualifiers are used for user-defined fields (UDFs) with the following settings.
Some of these qualifiers are standard among WMI applications; others are DataConduIT specific.
UDF Setting
Required
Read-only
Can’t view
Maximum Length
Display Name
Database Key
Database Foreign Key
Default, Not Required
Default
Unique
Property Qualifier Name
not_null read noedit noview maxlen
DisplayName key propagated
Optional
DefaultValue
Unique
Property Qualifier Value
true true true true
[maximum length value]
[display name value] true
[Foreign Class Name].[Foreign
Property Name] true
[field default value] true
DataConduIT User Guide
155
Property Qualifiers Used In DataConduIT
156
DataConduIT User Guide
APPENDIX B
Event Generator
The Event Generator is a utility that is used to generate events without having “live” or online hardware connected to a system; it enables customers who wish to generate events without purchasing hardware to do so.
The Event Generator is available on the Lenel Web site: https://partner.lenel.com/downloads/ onguard/software . (You will need your Lenel login to gain access to this site.)
Note:
When accessing the Downloads section at https://partner.lenel.com
, make sure to select the version of OnGuard that is currently installed.
It is also available on the OnGuard Software Development Kit (SDK) installation disc.
Event Generator Main Window
The Event Generator Main Window displays automatically when the Communication Server is run as an application after the Event Generator is set up. To correctly set up the Event Generator, refer to
Required Event Generator Files on page 165 .
DataConduIT User Guide
157
158
Event Generator
Number of times
Number of times each event in the listing window will be generated
End delay
Amount of time that will elapse after the last event is sent
Random end time
If selected, the End delay value specified will be ignored, and instead a random time will be used
In between delay
Amount of time that will elapse between events that are sent
Random in between time
If selected, the In between delay value specified will be ignored, and instead a random time will be used
Random badge IDs
If selected, badge ID numbers will be randomly generated. This check box must be selected for Badge ID min, Badge ID max, and [Auto-populate with min and max badge IDs] to be enabled and available for selection.
Badge ID min
The lowest badge ID that is allowed to be randomly selected. Badge IDs will be randomly determined, but will fall in the range between the specified badge ID min and max.
Badge ID max
The highest badge ID that is allowed to be randomly selected. Badge IDs will be randomly determined, but will fall in the range between the specified badge ID min and max.
Auto-populate with min and max badge IDs
Automatically populates the Badge ID min and Badge ID max fields with values appropriate for your particular database
Listing window
Lists events that have been added, along with the event type, event ID, device ID, input ID, message type, data type, badge ID, Panel ID, and text associated with each.
Edit Event (Simple) Window
The Edit Event (Simple) window is used to add new events or modify existing events using the minimum number of required parameters.
Only non-receiver/intrusion events in the OnGuard system are available in the Edit Event (Simple) window. For receiver/intrusion events, use the Edit Event (Advanced) window.
The Edit Event (Simple) window opens when you select either:
•
Edit > Create Event > Create Event (Simple), or
•
Edit > Modify Event > Modify Event (Simple) when an event is selected
DataConduIT User Guide
Edit Event (Simple) Window
Event type
Lists all non-receiver/intrusion events in the OnGuard system. For receiver/intrusion events, use the Advanced user interface.
Event sub-type
Lists sub-categories of the selected event type.
Panel
Lists all available panels for the selected event type. The event will be generated for the selected panel.
Device
Lists all available readers for the selected event type (if applicable). The event will be generated for the selected reader.
Input or output
Lists all available inputs and outputs for the selected event type (if applicable). The event will be generated for the selected input or output.
Badge ID to use for event
The entered badge ID will be used in generating the event (if applicable).
OK
If adding a new event, the event will be added. If modifying an event, the modifications will be saved.
Cancel
Closes the Edit Event (Simple) window without adding or modifying any events.
DataConduIT User Guide
159
Event Generator
Edit Event (Advanced) Window
The Edit Event (Advanced) window is used to add new events or modify existing events using advanced parameters.
In the Edit Event (Advanced) window, both non-receiver/intrusion and receiver/intrusion events are available. In the Edit Event (Simple) window, only non-receiver/intrusion events are available.
The Edit Event (Advanced) window opens when you select either:
•
Edit > Create Event > Create Event (Advanced), or
•
Edit > Modify Event > Modify Event (Advanced) when an event is selected
The fields available on this window for the data type change depending on which data type is selected. For example, if the EVENT_DATA_TYPE_STATUS data type is selected, the New status,
Old status, and Comm status fields are displayed and active.
There are six custom data fields: data1, data2, data3, data4, dat5, and data6. If a data type uses custom fields, then the field names are displayed instead of data1, data2, data3, etc.
When a data type contains less than six custom data fields, the extra fields are disabled. For example:
– New status = data1
– Old status = data2
– Comm status = data3
– data4, data5 and data6 are not used and are disabled
160
Event type
Lists all categories of events in the OnGuard system. This field is used in combination with the
Event category drop-down to filter what events are listed in the Events drop-down.
Event category
Allows the events in the Events drop-down listbox to be filtered based on the category. Nonreceiver/intrusion events and receiver/intrusion events are available in this drop-down; in the
Simple user interface only non-receiver/intrusion events are available.
DataConduIT User Guide
Edit Event (Advanced) Window
Events
Lists all events for the selected event type and event category.
Parameterized
Select this check box to generate an event that uses event parameters.
Note:
Not all events support parameters. For more information on event parameters, refer to the OpenDevice Events Guide in the OnGuard Software Development Kit (Program
Files\OnGuard Software Development Kit\OpenDevice).
Parameter
Enter the parameter value associated with the event to generate. For more information, refer to the OpenDevice Events Guide for events that have the sb_EventParam listed.
Message type
Indicates the message type of the event. The available choices are: Event, Status, Video. Most messages will be of the Event type. Status messages are for messages which pass back status information and will not display in Alarm Monitoring. Video events are special events used by video.
Data type
Indicates the type of additional data to be used with the message. For example, some messages can have a badge ID and a specific data type will be used for these so this information can be passed back.
The fields available on this window for the data type change depending on which data type is selected. For example, if the EVENT_DATA_TYPE_STATUS data type is selected, the New
status, Old status, and Comm status fields are displayed and active.
There are six custom data fields: data1, data2, data3, data4, dat5, and data6. If a data type uses custom fields, then the field names are displayed instead of data1, data2, data3, etc.
When a data type contains less than six custom data fields, the extra fields are disabled. For example:
•
New status = data1
•
Old status = data2
•
Comm status = data3
• data4, data5 and data6 are not used and are disabled
If your event does not have additional data, use the EVENT_DATA_TYPE_STATUS.
For more information, refer to Custom Data Fields Displayed for Each Data Type Setting on page 162.
Associated event text
If selected, the text field will become enabled. Indicates if the message is to have associated text with it.
Text
Enter text to be associated with the event
Device ID
This is a downstream device ID that can be used to represent the event is from a downstream device instead of just from a panel. OnGuard uses a three tiered device ID in the format P-D-I; this is the second value.
DataConduIT User Guide
161
162
Event Generator
Input ID
This is a downstream input ID that can be used to represent that the event is from a downstream device instead of just for a panel or its downstream device. OnGuard uses a three tiered device ID in the format P-D-I; this is the third value.
Override Event Generator’s panel ID
This checkbox can be used to override the event generator’s panel ID so that you can generate an event that is from a different panel.
Panel ID
If the Override Event Generator’s panel ID option is being used, you will need to specify the panel ID that will be used for the event in replacement for the event generator’s panel ID.
Generate Receiver Account event
Select this check box to generate an event that would be sent from a burglary/intrusion panel to a Central Station receiver connected to the OnGuard software.
This check box is only available when EVENT_DATA_TYPE_RECEIVER is selected from
Data type. When this box is checked, the Account Number and Event Code Template fields
become available.
Account Number
Enter the account number for the receiver. This number is then displayed in Alarm Monitoring under the Controller column.
Event Code Template
Select the event code format that is used to decode the receiver account event data.This is the same field in System Administration > Additional Hardware > Receivers > Event Code
Templates tab.
Note:
When using the Event Code Template drop-down list, the Event type, Event
category, and Events drop-down lists are not used.
OK
If adding a new event, the event will be added. If modifying an event, the modifications will be saved.
Cancel
Closes the Edit Event (Advanced) window without adding or modifying any events
Custom Data Fields Displayed for Each Data Type Setting
Data type
EVENT_DATA_ASSET
EVENT_DATA_TYPE_AREAAPB
EVENT_DATA_TYPE_CA
(Card Access)
Custom data fields and descriptions
Badge ID - Card number associated with the asset event.
Area APB ID - Area anti-passback ID.
Badge ID - Card number associated with the card event.
Issue code - Issue code associated with the card.
Bio score - Biometric score for biometric card events.
DataConduIT User Guide
Edit Event (Advanced) Window
Custom Data Fields Displayed for Each Data Type Setting
Data type
EVENT_DATA_TYPE_CNA
(Card No Access)
EVENT_DATA_TYPE_FC (Facility Code)
Custom data fields and descriptions
Badge ID - Card number associated with the event.
EVENT_DATA_TYPE_INTERCOM
EVENT_DATA_TYPE_INTRUSION
EVENT_DATA_TYPE_RECEIVER
EVENT_DATA_TYPE_STATUS
EVENT_DATA_TYPE_STATUSREQUEST
EVENT_DATA_TYPE_TRANSMITTER
EVENT_DATA_TYPE_VIDEO
Facility code - Facility code associated with the event.
Issue code - Issue code.
Intercom data - Special intercom data associated with the event.
Line number - Line number used by special intercom events.
Area ID - Area ID for the intrusion event.
User ID - User ID associated with the intrusion event.
Receiver ID - ID of the receiver.
Line number - Line number on the receiver.
Area ID - Area ID for the event.
User ID - User ID associated with the event.
Event Code - Event code for the event.
The Event Code depends on the selection made from the Event Code Template drop-down list. For example, if SIA is selected from the Event Code
Template drop-down list, enter “BA” in the Event
Code field for a Burglary Alarm event.
New status - New status, which is dependent on the type of message.
Old status - Old status, which is dependent on type of message.
Comm status - Communication status, which is dependent on the type of message.
If your event really does not have additional data, you can use the EVENT_DATA_TYPE_STATUS.
Status type - Type of status request. OnGuard has a number of pre-defined types.
Status - Status associated with the status type.
These values depend on the type of status.
Transmitter ID - Transmitter ID associated with the transmitter event
Channel - Channel number associated with the video event
DataConduIT User Guide
163
164
Event Generator
Event Generator Menus
File
Save Events
Saves the event list as a file with an EVT extension. This is generally done after the event configuration has been completed.
Load Events
Enables you to load a previously saved event configuration.
Edit
Create Event
Contains a sub-menu of options that are used to create events.
– Create Event (Advanced): Enables you to create an event using additional advanced parameters that are not available in the simple mode.
– Create Event (Simple): Enables you to create an event using the least number of parameters possible.
Modify Event
Contains a sub-menu of options that are used to modify events.
– Modify Event (Advanced): For a selected event, displays the basic parameters and enables you to change them.
– Modify Event (Simple): For a selected event, displays advanced parameters and enables you to change them.
Delete Event
Used to delete a selected event. A confirmation message is displayed before the actual deletion occurs.
Clear Events
Clears all events listed in the main window. Make sure to save the events before executing this command if you wish to use the events in the future; otherwise, you will need to recreate them.
Send Event
Generate Events
Send Event
Generates a single selected event, which is then sent to Alarm Monitoring.
DataConduIT User Guide
Required Event Generator Files
Generate Events
Generates multiple events according to the configured frequency settings, and sends them to
Alarm Monitoring.
Required Event Generator Files
To use the Event Generator, you will need the following files:
•
EventGeneratorSetupTool.exe
•
LnlEventGeneratoru.dll
•
(Optional) EventGenerator.chm
These files are copied to the <Windows Configured Program Files Location>\OnGuard Software
Development Kit directory when the SDK software is installed. Typically, this directory is
C:\Program Files\OnGuard Software Development Kit\EventGenerator.
You will need to manually copy the files listed above to the OnGuard installation directory, which is typically C:\Program Files\OnGuard. Although the EventGenerator.chm file is not required for the Event Generator to run, we recommend that you copy this as well, since this contains the online help for the Event Generator application. All of these files are also located on the OnGuard SDK disc in the program files\OnGuard Software Development Kit\Event Generator directory.
You must also manually register the LnlEventGeneratoru.dll. For more information, refer to
Registering the LnlEventGeneratoru.dll
Setting Up the Event Generator
1.
2.
Install the OnGuard SDK software.
Copy the EventGeneratorSetupTool.exe, LnlEventGeneratoru.dll, EventGenerator.chm files from the Software Development Kit to your hard drive.
Copy from C:\Program Files (x86)\OnGuard Software Development Kit\EventGenerator directory to C:\Program Files (x86)\OnGuard directory
Note:
3.
4.
5.
If you receive an information message stating that the LnlEventGeneratoru.dll already exists in the C:\Program Files\OnGuard directory (or C:\Program Files
(x86)\OnGuard directory), replace the file.
Register the LnlEventGeneratoru.dll. For more information, refer to Registering the
In the OnGuard software, add hardware such as access panels, readers, etc. Keep in mind this hardware does not have to be “online”; it might even be hardware that doesn’t really exist.
Run the Event Generator Setup Tool. To do this, navigate to the EventGeneratorSetupTool.exe file in your OnGuard installation directory (C:\Program Files (x86)\OnGuard) and doubleclick it.
Note:
6.
If you receive an error saying that the LnlFCDBu.dll file could not be found in the
specified path, register the LnlEventGeneratoru.dll. For more information, refer to
Registering the LnlEventGeneratoru.dll
Click [Add Necessary Information].
DataConduIT User Guide
165
Event Generator
7.
The [Add Necessary Information] button will then become grayed out. At this point, you can close the Event Generator Setup Tool.
8.
Run the Communication Server as an application. To do this:
a.
Open the Communication Server.
For more information, refer to “Using OnGuard in the Supported Operating Systems” in the
Installation Guide.
b.
Right-click on the icon in the system tray, and then select Open Communication
Server. The Communication Server will open in one window, and the Event Generator will open in another window.
1.
2.
3.
Registering the LnlEventGeneratoru.dll
One way to register the LnlEventGeneratoru.dll file is the following:
Navigate to the LnlEventGeneratoru.dll file in the OnGuard installation directory.
Right-click on the file, select Open With > Choose Program.
A warning message displays, indicating the potential danger of opening dll files. Click [OK].
4.
5.
Click [Open With...].
Select the Select the program from list radio button, then click [OK].
166
DataConduIT User Guide
Setting Up the Event Generator
6.
The Open With window opens. Click [Browse...], navigate to C:\Windows\system32, and then double-click on the regsvr32.exe file.
Note:
7.
Run the regsvr32.exe file as an administrator. Otherwise, an error message will appear.
In the Open With window, Microsoft Register Server will now be highlighted. Click [OK].
The following message is displayed, indicating that the file was successfully registered:
8.
The LnlEventGeneratoru.dll file is now registered. If you were setting up Event Generator, return to
Setting Up the Event Generator on page 165 .
DataConduIT User Guide
167
168
Event Generator
Adding an Event to the Event Generator
A Simple user interface and an Advanced user interface are available for adding events to the Event
Generator. Only non-receiver/intrusion events are available in the Simple user interface; both nonreceiver/intrusion events and receiver/intrusion events are available in the Advanced user interface.
Adding an Event Using the Simple User Interface
To add a new event to be generated using the Simple user interface:
1.
2.
3.
4.
From the Edit menu in the Event Generator main window, select Create Event > Create Event
(Simple).
When the Edit Event (Simple) window appears, select the desired Event type. Depending on your selection, the other drop-down lists will be enabled/disabled accordingly.
Once you’ve filled in all necessary items, click [OK].
Repeat these steps for all the events you wish to create.
Adding an Event Using the Advanced User Interface
To add a new event to be generated using the Advanced user interface:
1.
2.
3.
4.
From the Edit menu in the Event Generator main window, select Create Event > Create Event
(Advanced).
When the Edit Event (Simple) window appears, select the desired Event type. Depending on your selection, the other drop-down lists will be enabled/disabled accordingly.
Once you’ve filled in all necessary items, click [OK].
Repeat these steps for all the events you wish to create.
Generating Events
Events are generated differently depending on whether you are generating a single event or multiple events.
Generating a Single Event
Select the event you wish to generate from the list of events and then select Edit > Send Event. You should see that event in Alarm Monitoring.
Generating Multiple Events
1.
2.
3.
4.
In the Event Generator main window, enter a value in the Number of times field. This will be the number of times each event in the list is generated.
Either fill in the End delay and In between delay fields with new values, stay with defaults, or select to use a random time for one or both using the check boxes.
You can also select to use random cardholders along with these events, by clicking the Random
badge IDs check box. To save time you can click [Auto-populate with min and max badge IDs],
and then the fields will be automatically filled with the proper numbers from your database.
Click Edit > Generate Events.
DataConduIT User Guide
Saving an Event List
Saving an Event List
After you have completed your event configuration, you can save the event list by doing the following:
1.
2.
From the File menu, select Save Events.
Navigate to the location where you wish to save the event list, enter a file name, and then click
[Save]. The event list will be saved in a file with the extension EVT.
Loading an Event List
To load a previously saved list:
1.
2.
From the File menu, select Load Events.
Navigate to the event list that you wish to load, select the EVT file, and then click [Open].
Closing the Event Generator
To close the Event Generator, simply exit the Communication Server. After a short delay, the Event
Generator window will close as well. You cannot close the Event Generator manually while the
Communication Server is running; if you attempt to do so, the following error message will be displayed:
DataConduIT User Guide
169
Event Generator
170
DataConduIT User Guide
APPENDIX C
Common DataConduIT Problems
The following are common problems that you may encounter:
Can’t receive cardholder events.
If you can’t receive cardholder events, be sure the Linkage Server is running and that the System
Options form has the correct setting for where LS Linkage Server is to be running. The Generate
software events check box must also be selected.
Selecting the Generate software events check box on the System Options form and saving causes an unexpected error.
Try executing the query new_sw_event.sql in the SoftwareEventsAlternate directory. This can be found in the DataConduIT TroubleShooting directory of the DataConduIT documentation file structure.
Permanent consumer.
Permanent consumer only works with machines on a domain; it does not work with workgroup machines.
Multiple threads require multiple user login accounts.
Since DataConduIT uses database connection pooling, the same database connections will be used across multiple threads and will cause unexpected behavior and likely hang or crash at different times of execution. If DataConduIT is being used by separate applications or multiple threads, each application or thread must have its own OnGuard single sign-on account. Use impersonation if necessary to accomplish this.
Not receiving events or messages in a queue when using DataConduIT Message
Queue.
Check and make sure the DataConduIT Message Queue service is not set to a local system account and that it has a valid NT account that is linked to OnGuard for single sign-on with the necessary permissions. We recommend testing with an administrator’s NT account that is linked to the OnGuard SA account for testing.
Not receiving messages in a Microsoft Message Queue when using DataConduIT
Message Queue
Make sure your Microsoft Message Queue is NOT configured to use transactional mode.
DataConduIT User Guide
171
Common DataConduIT Problems
Receiving events may not work with Active directory.
Use domain.exe located in the TroubleShooting directory of the DataConduIT documentation file structure to determine if this may be the problem. If the NT4Domain is different from the
W2KDomain, then you will need to update the LNL_DIRECTORY.DIR_HOSTNAME to match the NT4Domain. In case this is Oracle, please use all upper case. A sample SQL query to do this is below; it assumes the NT4Domain name is “Lenel” from domain.exe and that the directory to be updated is LNL_DIRECTORYID = 1.
update lnl_directory set dir_hostname = 'LENEL' where lnl_directoryid=1
172
DataConduIT User Guide
APPENDIX D
Technical Support Pre-Call Checklist
Before calling technical support for anything related to DataConduIT, please complete the following steps.
1.
2.
3.
4.
5.
6.
IMPORTANT: These steps must occur on the server running the DataConduIT and Linkage
Server services!
Confirm that single sign-on is working. To do this, log into System Administration and confirm you are able to automatically log in.
Set the DEBUGLEVEL key. For more information, refer to Error Logging on page 38.
Stop the LS DataConduIT service if it is currently running.
Delete or rename the LenelError.log in the OnGuard directory.
Delete or rename the DataConduIT.log which is located in the
C:\WINDOWS\system32\wbem\Logs directory by default.
Confirm that the Linkage Server is successfully running. You can do this by running it as an application - NOT A SERVICE. The application window should look something like this:
7.
8.
9.
Start the LS DataConduIT service.
Start WMI CIM Studio and go to the root\OnGuard directory. WMI CIM studio can be found at http://www.microsoft.com/downloads/details.aspx?familyid=6430f853-1120-48db-8cc5f2abdc3ed314&displaylang=en .
Connect to the OnGuard namespace “root\OnGuard” using WMI CIM Studio.
DataConduIT User Guide
173
Technical Support Pre-Call Checklist
Note:
Be sure to use the “Login as current user” option so the currently logged in user is the one being verified and used for single sign-on.
10.
11.
12.
Expand the Lnl_Element class and confirm that the Lnl_Panel class exists.
Check the DataConduIT.log; it should look something like the SampleDataConduIT.log file.
This file can be found in the DataConduIT TroubleShooting directory of the DataConduIT documentation file structure.
Confirm the Lnl_Person and Lnl_Badge classes are also under the Lnl_Element class. If you do not see them, DataConduIT cannot successfully connect to the OnGuard software. Please verify once again that single sign-on is working.
174
DataConduIT User Guide
APPENDIX E
Visual Basic Demo
In the DataConduIT Samples\VBDemo directory of the DataConduIT documentation, there is a file named SampleDataConduIT.exe. This file is an application written in Visual Basic 6.0 that can be used to demonstrate some of the capabilities of DataConduIT. The source to this application is also included, but is not heavily commented and is not intended to be used for any kind of development training or sample.
This demo application, including its source code, is provided as is and is in no way supported by UTC
Fire & Security Americas Corporation, Inc.
Installing the Visual Basic Demo
The three files necessary for the demo application to run are located in the DataConduIT
Samples\VBDemo directory in the DataConduIT documentation and are called:
•
SampleDataConduIT.exe - Visual Basic 6.0 demo program
•
Msflxgrd.ocx - Visual Basic grid component used by demo program
•
Msvbvm60.dll - Visual Basic 6.0 runtime dll (may not be necessary if already installed)
There is no installation or setup program. You will have to manually copy these files to a directory and run the SampleDataConduIT.exe file either by using Windows Explorer and clicking on the file, or by using the Run command from the Start menu.
Visual Basic Demo Configuration Prerequisites
You must have DataConduIT running and properly configured before using the demo application.
This means that the DataConduIT service is running and single sign-on is configured and working with the NT account that will be used while running the demo.
Parts of the demo, such as receiving cardholder events, will require OnGuard to be configured to use the Linkage Server and to also enable “Generate software events” on the General System Options form in the System Options folder in the System Administration application.
DataConduIT User Guide
175
Visual Basic Demo
Using the Visual Basic Demo
After you log into the Visual Basic demo, you can see demonstrations of the following:
•
Sending alarms to the OnGuard software. For more information, refer to Send Alarms to
•
•
Working with cardholders, including searching for cardholders and detecting changes made to
cardholder records. For more information, refer to Working with Cardholders on page 178.
•
Logging In
To use the Visual Basic demo program you must first log in to it. To do this:
1.
2.
Double-click the SampleDataConduIT.exe file.
From the File menu, select Login. The Login dialog below appears.
176
a.
b.
Enter the computer that DataConduIT is running on. This is typically the same machine that the Visual Basic demo program is running on, so the default is the current computer name.
The Use current account to login checkbox determines what NT account to use to communicate with DataConduIT. The NT account specified must have a user account in
OnGuard and be configured for single sign-on. It must also have user permissions to access
DataConduIT.
– If the checkbox is selected, the current NT account logged in will be used.
– If the checkbox is deselected, then the User name and Password fields will be used.
Note:
3.
Be sure that the remote enabled permission in WMI Security is enabled for the NT account if you are using this Visual Basic demo from a computer that is not running the
DataConduIT service. For more information, refer to Using DataConduIT from a
Once you have configured what login account to use to access DataConduIT, click [OK] to login.
DataConduIT User Guide
Using the Visual Basic Demo
Send Alarms to OnGuard
The Visual Basic demo program has a “Send Alarms” feature that demonstrates how you can send an alarm from a third party application and have it displayed in Alarm Monitoring. This feature is incredibly powerful because now third party applications can take advantage of all the functionality that OnGuard provides with an alarm, such as executing Global I/O, sending an e-mail, or bringing up video, etc.
To use this part of the demo:
1.
2.
3.
Log into the sample DataConduIT application. For more information, refer to Logging In on page 176.
From the File menu, select Send Alarms. The Send Alarms window opens, as shown.
4.
5.
Verify that the Source field matches the Logical Source in System Administration.
Click [Send]. The text specified in the Alarm Description field should appear as an alarm in
Alarm Monitoring.
Receive Alarms from OnGuard
The Visual Basic demo program has a “Receive Alarms” feature that demonstrates how a third party application can receive alarms that are displayed in the Alarm Monitoring application in real time.
This allows customers and third party developers to use alarms/events that occur in OnGuard in their own applications. Developers can use this capability to customize OnGuard even further and add their own custom business rules to the system.
1.
2.
Log into the Visual Basic demo application. For more information, refer to Logging In on page 176.
From the File menu, select Receive Alarms. The Receive Alarms window opens, as shown.
When alarms come into Alarm Monitoring, the same alarm should appear in this window.
Note:
The [Clear] button clears the events in the list.
DataConduIT User Guide
177
Visual Basic Demo
Working with Cardholders
The Visual Basic demo program has a “Cardholders” feature that demonstrates two capabilities: searching cardholders, and receiving changes from OnGuard when changes happen to a cardholder.
This capability is very important to third party developers for integrating cardholder information across multiple systems such as Active Directory or Human Resources Departments. Keep in mind that although the capability is not demonstrated, DataConduIT has the ability to change access levels and modify badges. This capability can be used to develop business rules to have an employee’s physical access controlled from another application such as Active Directory. This way you can combine physical and logical access as well as other types of information like vending, membership, library privileges, from other systems. Terminating an employee in one system can revoke all their privileges across several systems.
To work with cardholders:
1.
From the Administration menu in System Administration, select System Options. Make sure that the following settings have been set:
•
In the Linkage Server host drop-down listbox, the workstation where the Linkage Server is running must be specified. The name specified must be the workstation’s NetBIOS name.
(The NetBIOS name is configured when Windows networking is installed/configured.)
•
The Generate software events checkbox must be selected.
Note:
2.
3.
If you change these settings, it is recommended that you restart the Linkage Server and the DataConduIT Server services. You will also then have to log back into the Visual
Basic demo application.
Log into the Visual Basic demo application. For more information, refer to Logging In on page 176.
From the File menu, select Cardholders. The Cardholders window opens, as shown.
178
DataConduIT User Guide
Using the Visual Basic Demo
Searching for Cardholders
Use the search criteria data at the bottom to do some adhoc searches by Last Name. Clicking [Search] will find all cardholders whose last name begin with the letters typed into the LastName field. These cardholders’ last name, first name and address (if any) will be displayed in the Cardholders - address listing window. Selecting a cardholder from the list will automatically find the cardholder’s badges and display their badge ID, activate date, and deactivate date in the Badges listing window.
Modifying Cardholders
If you go into OnGuard and modify a cardholder’s first name or address, these changes will be reflected automatically in the Cardholder - address listing window within a few seconds. Remember, this feature is only available if you have specified a Linkage Server and selected the Generate
software events checkbox on the General System Options form in the System Options folder in
System Administration.
Integrating OnGuard with Active Directory
A typical use of DataConduIT is integrating physical access to logical access by combining OnGuard access control with an IT department’s Active Directory. This part of the demo program shows this integration by adding, automatically creating, or modifying an account for any cardholder that is created or modified in the OnGuard software. This demonstration is strictly a one way integration and shows OnGuard controlling the Active Directory status. Customers who want Active Directory to control OnGuard can use DataConduIT to make the changes to OnGuard data.
To see a demonstration of OnGuard controlling the Active directory status:
1.
2.
Log into the Visual Basic demo application. For more information, refer to Logging In on page 176.
From the File menu, select Active Directory Integration. The Active Directory Integration window opens, as shown.
3.
4.
5.
Before continuing, verify that the account you used to log into the Visual Basic demo program has rights and privileges for adding directory/NT accounts.
In the Directory Name field, enter the name of the active directory or the NT based computer that you intend on adding accounts to.
The Operations History listing window will display a read-only information list of each operation made through this window. Before using OnGuard cardholders, we recommend that you test the ability to add/modify user accounts to the directory. To do this:
a.
b.
c.
Type in a last name and a first name in the respective fields.
Be sure the Account Disabled checkbox is NOT selected.
Click [Create/Update User Account].
DataConduIT User Guide
179
Visual Basic Demo
6.
d.
Confirm an NT account with the username of Lastname combined with Firstname was indeed added to the system. Once this has indeed been confirmed, you should now be able to go to the Cardholders form in OnGuard and add cardholders to the system.
As cardholders are added in OnGuard, the demo program will detect a change in OnGuard, populate the Lastname and Firstname fields, and automatically execute the [Create/Update
User Account] operation. The Account Disabled checkbox will be automatically set based on the operation performed in the OnGuard software. Deactivating an active badge, or deleting an active badge will disable the account. Adding an active badge will activate an account.
Note:
There is no option to delete an NT account in this Visual Basic demo, so you will have to manually remove the accounts using Active Directory Users and Computers or using
Computer Management depending on the type of system being controlled.
180
DataConduIT User Guide
Index
A
Abbreviations
................................................... 12
......................................................... 12
..................................................... 40
Active Script Event Consumer
Add
DataConduIT message queue
Event to the Event Generator
........................................ 60
Logical Source
........................................
Logical Sub-Device
................................ 62
Adding objects
................................................. 24
............................................... 12
Alarms
...................................................... 33
Test Event
................................................. 33
ASEC
................................................................
Association classes
.......................................
Lnl_AccessLevelGroupAssignment
Lnl_BadgeOwner
.................................. 129
Lnl_CardholderAccount
Lnl_CardholderMultimediaObject
Lnl_PersonAccount
.............................. 131
Lnl_ReaderEntersArea
........................... 132
Lnl_VisitorAccount
.............................. 132
Authentication
.................................................
Authorization
................................................... 16
B
Badges
..............................................................
C
Caching user credentials
................................ 16
.............................................. 28
...................................................... 25
Changing the database connection pool time
Class definition
...............................................
Classes association
.............................................. 129
data
............................................................ 71
........................................................ 134
Class-specific features and limitations
.............................................. 12
Closing the Event Generator
Command and control classes and methods
....................................
Lnl_AlarmOutput
.................................
Lnl_AlarmPanel
.................................... 140
Lnl_Input
................................................ 141
Lnl_IntrusionArea
................................
................................ 143
............................. 144
......................... 94, 144
Lnl_IntrusionZoneOutput
Lnl_OffBoardRelay
.............................. 145
..............................
Lnl_Output
............................................. 145
Lnl_Panel
............................................... 146
Lnl_Reader
............................................
Lnl_ReaderInput
................................... 149
Lnl_ReaderInput1
................................. 150
Lnl_ReaderInput2
................................. 150
Lnl_ReaderOutput
................................ 150
DataConduIT User Guide
181
182
Index
Lnl_ReaderOutput1
.............................. 150
Lnl_ReaderOutput2
.............................. 151
Connecting to DataConduIT
D
...................................................... 71
Lnl_AccessGroup
................................... 71
Lnl_AccessLevel
....................................
Lnl_AccessLevelAssignment
Lnl_AccessLevelReaderAssignment
Lnl_Account
............................................ 73
Lnl_AlarmDefinition
.................................. 76, 79, 87
Lnl_BadgeProperties
.............................. 80
Lnl_BadgeType
....................................... 81
Lnl_Camera
............................................. 82
Lnl_CameraGroup
.................................. 83
Lnl_CameraGroupCameraLink
Lnl_Cardholder
....................................... 84
.......................................... 86
Lnl_Element
............................................ 86
Lnl_EventAlarmDefinitionLink
Lnl_EventParameter
............................... 88
Lnl_EventSubtypeDefinition
Lnl_EventType
................................. 89, 90
............................................. 90
Lnl_HolidayType
.................................... 91
Lnl_HolidayTypeLink
............................ 91
Lnl_IncomingEvent
................................ 92
Lnl_LoggedEvent
................................... 96
Lnl_LogicalSystemAccount
Lnl_MobileVerify
................................. 101
............................ 102
Lnl_MonitoringZoneCameraLink
Lnl_MultimediaObject
............................................... 104
Lnl_Person
.................................... 105, 106
............................................. 107
Lnl_Segment
.......................................... 108
.............................. 109
Lnl_SegmentUnit
.................................. 109
Lnl_Timezone
.......................................
Lnl_TimezoneInterval
.......................... 110
Lnl_UserAccount
.................................. 111
Lnl_UserPermissionDeviceGroupLink
................ 113, 116, 118, 120, 123
Lnl_UserPermissionGroup
...................................119, 121, 124
Lnl_UserSecondarySegment
................. 115, 117, 119, 121, 123
.................................. 110
.............................. 124
Lnl_Visit
................................................. 124
Lnl_VisitEmailRecipient
Lnl_Visitor
............................................. 127
user-defined value lists
DATABASETIMEOUT registry setting
DataConduIT connecting to
...........................................
description
................................................ 11
error log
.................................................... 38
installing
................................................... 15
integration scenarios
............................... 11
samples
..................................................... 12
stopping and restarting the DataConduIT service
....................................... 40
user credential caching
........................... 16
using for data access
............................... 21
using from a remote computer
using permanent event consumers with
viewing DataConduIT classes with the
DataConduIT Message Queues form
.................................... 52
....................................... 49
................................................ 52
Settings sub-tab
....................................... 51
DataConduIT.log file
...................................... 38
DebugFile registry setting
............................. 38
Definitions
.......................................................
Delete
Logical Device
........................................ 61
........................................
Logical Sub-Device
................................ 62
Deleting objects
..............................................
Directory
..........................................................
.......................................... 26
Documentation contents
..................................................... 12
Microsoft Scripting Technologies
Microsoft WMI
....................................... 13
prerequisites
............................................. 12
Documentation prerequisites
....................................................... 12
................................................... 12
Windows Management Instrumentation
E
Error logging
...................................................
.................................................. 134
Lnl_AccessEvent
.................................. 134
Lnl_Alarm
.............................................. 135
Lnl_Event
............................................... 135
Lnl_FireEvent
........................................ 136
Lnl_IntercomEvent
............................... 136
DataConduIT User Guide
Index
Lnl_OtherSecurityEvent
Lnl_SecurityEvent
................................ 137
Lnl_TransmitterEvent
.......................... 138
Lnl_VideoEvent
.................................... 138
Event Generator add an event to the Event Generator
closing
..................................................... 169
generating a single event
generating events
.................................. 168
generating multiple events
main window
......................................... 157
menus
...................................................... 164
saving an event list
...............................
................................................ 165
Events add an event to the Event Generator
event classes
..........................................
Generate software events checkbox
generating
............................................... 168
generating multiple
............................... 168
generating single
................................... 168
................................................... 27
loading an event list
.............................. 169
..................................... 16, 29, 30
receiving hardware or software events
receiving software events
....................... 28, 29
saving an event list
...............................
.................................................... 27
using DataConduIT to receive
using permanent event consumers with
DataConduIT
........................... 30
ExecNotificationQueryAsync() method
G
Generate software events checkbox
Generating a single event
............................ 168
Generating Access Granted and Access Denied events
................................................ 94
......................................... 168
Generating multiple events
................................................. 15
H
Hardware
......................................
Hardware event definition
............................. 13
.............................................. 27
I
Install
................................................................
Installing
Visual Basic Demo
............................... 175
Integrating OnGuard with Active Directory
...................................................... 11
J
............................................................... 12
L
Linkage Server
................................................ 15
Lnl_AccessEvent
.......................................... 134
Lnl_AccessGroup
........................................... 71
Lnl_AccessLevel
............................................
Lnl_AccessLevelGroupAssignment
Lnl_AccessLevelReaderAssignment
Lnl_Account
.................................................... 73
Lnl_Alarm
...................................................... 135
.....................................
............................................
Lnl_AlarmOutput
.........................................
Lnl_AlarmPanel
............................................ 140
Lnl_Area
..........................................................
.............................. 75
Lnl_Badge
........................................................ 76
........................................ 79
Lnl_BadgeLastLocation
................................ 79
.......................................... 129
Lnl_BadgeProperties
...................................... 80
Lnl_BadgeType
............................................... 81
Lnl_Camera
..................................................... 82
.......................................... 83
............................................... 84
.............................. 129
Lnl_CardholderBadge
.................................. 130
Lnl_CardholderMultimediaObject
Lnl_DataConduITManager
........................... 85
Lnl_Directory
.................................................. 86
Lnl_DirectoryAccount
................................. 130
Lnl_Element
.................................................... 86
Lnl_ElevatorTerminal
.................................... 87
Lnl_Event
....................................................... 135
Lnl_EventParameter
....................................... 88
Lnl_EventSubtypeDefinition
Lnl_EventSubtypeParameterLink
Lnl_EventType
................................................ 89
Lnl_FireEvent
................................................ 136
.............................. 136
Lnl_GuardTour
................................................ 90
Lnl_Holiday
..................................................... 90
Lnl_HolidayType
............................................ 91
.................................... 91
Lnl_IncomingEvent
................... 19, 33, 34, 92
Lnl_Input
........................................................ 141
Lnl_IntercomEvent
....................................... 136
Lnl_IntrusionArea
........................................
........................................ 143
..................................... 144
................................. 94, 144
Lnl_IntrusionZoneOutput
............................ 145
DataConduIT User Guide
183
184
Index
Lnl_LoggedEvent
........................................... 96
Lnl_LogicalSystemAccount
Lnl_MobileVerify
.................................. 35, 101
.................................... 102
Lnl_MonitoringZoneCameraLink
Lnl_MultimediaObject
................................. 103
...................................... 145
Lnl_OnBoardRelay
......................................
Lnl_OtherSecurityEvent
.............................. 137
Lnl_Output
..................................................... 145
.............................................. 104, 146
Lnl_Person
..................................................... 105
Lnl_PersonAccount
...................................... 131
Lnl_PrecisionAccessGroup
Lnl_PrecisionAccessGroupAssignment
............................................ 107, 147
Lnl_ReaderEntersArea
................................. 131
................................... 132
Lnl_ReaderInput
........................................... 149
......................................... 150
......................................... 150
Lnl_ReaderOutput
........................................ 150
Lnl_ReaderOutput1
...................................... 150
Lnl_ReaderOutput2
...................................... 151
Lnl_SecurityEvent
........................................ 137
Lnl_Segment
.................................................. 108
...................................... 109
Lnl_SegmentUnit
.......................................... 109
.............................. 137
Lnl_Timezone
...............................................
Lnl_TimezoneInterval
.................................. 110
Lnl_TransmitterEvent
.................................. 138
Lnl_UserAccount
.......................................... 111
Lnl_UserFieldPermissionGroup
...........................................118, 120, 122
Lnl_UserPermissionDeviceGroupLink
......................... 113, 116, 118, 120, 123
Lnl_UserPermissionGroup
..................................119, 121, 123, 124
Lnl_UserSecondarySegment
.......................................... 119, 121, 123
Lnl_VideoEvent
............................................ 138
.......................................... 110
...................................... 124
Lnl_Visit
......................................................... 124
Lnl_VisitEmailRecipient
............................. 126
Lnl_Visitor
..................................................... 127
Lnl_VisitorAccount
...................................... 132
Lnl_VisitorBadge
.......................................... 133
LnlEventGeneratoru.dll
location
................................................... 165
registering
..............................................
Loading an event list
.................................... 169
Log for errors
................................................... 38
Logging in
...................................................... 176
Logical Sources
.....................................
user permissions required
.......................................... 16
M
MobileVerify
............................................ 35
Modify cardholders
............................................. 179
Logical Device
........................................ 60
........................................
Logical Sub-Device
................................ 62
objects
....................................................... 24
......................................... 26
N
..................................... 13
O
Objects adding
.......................................................
deleting
..................................................... 25
................................................. 24
searching for
............................................ 21
OPC Connections
......................................................... 65
Overview
DataConduIT functions
P
Permissions - Remote Enable
Person definition
............................................. 13
........................................................... 26
Pre-call checklist
........................................... 173
PreviousInstance
............................................. 30
......................................................... 171
Procedures adding objects
.......................................... 24
changing the database connection pool
............................................ 39
deleting objects
.......................................
modifying objects
................................... 24
receiving error information from
DataConduIT
........................... 37
receiving events
........................ 16, 29, 30
registering to receive events
searching for objects
..............................
stopping and restarting the DataConduIT service
....................................... 40
using DataConduIT from a remote
................................... 16
using DataConduIT to receive events
using permanent event consumers with
DataConduIT
........................... 30
DataConduIT User Guide
Index
viewing DataConduIT classes with the
Microsoft WMI SDK
Property qualifiers used in DataConduIT
R
Receiving alarms from OnGuard
.......................... 177
error information from DataConduIT
events
.......................................... 16, 29, 30
Receiving Hardware or Software Events
Reference
.........................................................
References and applicable documents
Registering the LnlEventGeneratoru.dll
Registering to receive events
Registry settings
DebugFile
................................................. 38
.............................................. 38
Remote Enable permission
............................ 17
Required
Visual Basic Demo files
S
Sample code add a cardholder
...................................... 24
connect to the namespace used by
DataConduIT (JScript)
delete an object
........................................ 25
delete an object in DataConduIT
example of a simple temporary event consumer
.................................. 27
find all active badges that are APB exempt
(WQL query)
........................... 22
find all directories with a specified hostname (WQL query)
find all people whose last name is not
"Lake" (WQL Query)
............. 22 find all readers (WQL query)
get a cardholder if you know the cardholder’s ID
hardware event queries
................................... 25
multiple key properties in the class
print first and last names of all cardholders
..............................
retrieve error information
use a WQL query with the ExecQuery() method
...................................... 23
Samples
............................................................
Saving an event list
....................................... 169
................................................ 13
Searching for cardholders
............................................. 179
objects
....................................................... 21
........................................... 26
Setting up the Event Generator
Single sign-on
.................................................. 15
SINK_OnObjectReady() function
Software receiving events
......................................
.............................. 13
Software events
............................................... 27
SSO
...................................................................
Stopping and restarting the DataConduIT service
............................................... 40
................................ 37
SWbemServices
.............................................. 21
T
TargetInstance
.................................................. 30
Technical support pre-call checklist
................................... 33
Timeout value for the database connection pool
..............................................................39
Troubleshooting and advanced options
Tuning parameters
.......................................... 39
U
UDF
................................................................. 155
User account
.................................................... 16
User-defined fields
.......................................
User-defined list values
.................................
User-defined value lists
...............................
Using permanent event consumers with
DataConduIT
........................... 30
Visual Basic Demo
............................... 176
Using DataConduIT
.........................................
to receive events
...................................... 27
V
........................................................... 12
Viewing DataConduIT classes with the
.............................................................. 25
Visits
.................................................................
Visual Basic Demo
installing
................................................. 175
integrating OnGuard with Active
Directory
................................
...............................................
modify cardholders
............................... 179
required files
.......................................... 175
.......................... 179
........................................................ 176
work with cardholders
DataConduIT User Guide
185
Index
Visual Basic Demo configuration prerequisites
.............................................................175
W
Windows Management Instrumentation definition
.......................................... 13
WMI definition
.................................................. 13
Working with cardholders
............................................. 178
MobileVerify
............................................ 35
186
DataConduIT User Guide
Index
DataConduIT User Guide
187
UTC Fire & Security Americas Corporation, Inc.
1212 Pittsford-Victor Road
Pittsford, New York 14534 USA
Tel 866.788.5095 Fax 585.248.9185
www.lenel.com
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement