Essentials Presentation File

Transcription

SYMMETRY TRAINING
SYMMETRY ESSENTIALS CERTIFICATION
Introduction to Symmetry (pg 10-17)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification Module 1
Product Introduction
 Objectives
 Identify the key terms used in the Symmetry platform
 Explain the key differences between versions of Symmetry Software
 Describe the key modules that integrate within the Symmetry Security
Management System
 Identify the standard and optional features of the Symmetry Software
 Describe the Optional Modules of the Symmetry Software
Introduction to Symmetry (pg 11)
 System Components & Key Terms
 Symmetry System Server - The PC
that manages the Security Management
System, it handles all communication to
the Symmetry including all processes and
transactions
 System Database – Holds all the
information for operating the Security
Management System
 Client - The computer providing a
Graphical User Interface (GUI) for
system users.
 Client also refers to the Symmetry
Polling Client (Communications Client)
 Node - A microprocessor-controller that is
the hardware interface device that
Node
controls card readers/doors functions(up
Chain
to 16 readers)
 Door Controller (also DC): A remote
board hardwired to a DBU/DBC which
provides door access functions. It has no
local memory and is completely
dependent upon the DBU/DBC to remain
functional
 Chain: May be a single Node and/or up
to 32 like Nodes interconnected (chained)
together electrically
 NIC (Network Interface Card): A device
which allows the Node to communicate
with the Polling Client over Ethernet
 Reader: A device typically located at an access point
to allow/enable personnel to present cards or enter
codes to gain access
 Door: Refers to an access point/location such as a
door, gate, turnstile, etc.
 Door Lock: An electrical device such as door strike
or magnetic lock that secures and releases the door,
as directed by the Node through simple relay logic
 Door Unlock Relay: A Node relay for each reader
port, wired to the Door Lock and activates during
valid access transactions
 Door Contact: Typically a Balanced Magnetic Switch
(BMS) located on the door and facing, and wired to the
Node indicating the door state, whether open/closed
(integral part of a Reader Port)
 Exit Request: Commonly called a REX, may be a
button or infrared-detector typically located near exit
location and wired to Node to allow or invoke an
exit/unlock action
 Monitor Point: May also be a BMS, infrared-detector or
similar device, wired to the Node and provides
notification of movement or forced entry into spaces (not
to be confused with the Door Contact, not part of Reader
Port)
 Auxiliary Output: A relay that is pre-programmed to
activate/change state on a timed schedule or in reaction
to a trigger input (such as Monitor Point in Alarm)
 Product Overview – What is Symmetry?
 Symmetry Security Management System is a powerful integrated solution for
organizations requiring automated security.
 Depending on the modules and hardware selected, the system can provide integrated
control and monitoring of all key elements of site security, including:
 Access Control
 Video Management
 Intrusion Management
 Visitor Management
 Guard Patrolling
Symmetry Software Product Types
 There are different types (editions) of Symmetry software
AMAG Symmetry Business
 A client/server system suitable for use on a customer network
– 3 clients, 64 readers, 16 cameras
» Each Node can recognize up to 2000 cards (uses specific controllers)
– Software can be installed on a single PC.
AMAG Symmetry Professional
 A client/server system
– Up to of 9 clients, 512 readers, 256 cameras
Both Business & Professional Editions use SQL Server Express
Symmetry Software Product Types
AMAG Symmetry Enterprise
 Utilizes the full Microsoft SQL Server relational database management system
 Unrestricted expansion for large systems
 The use of a separate SQL database server if required
 This edition also supports "clustering"
Clustering - Two independent servers are seen as a single server by Symmetry. If one
server in the cluster should fail, the other automatically steps in to continue normal
operation.
AMAG’s Professional Services team must be involved in implementing a cluster!
 Symmetry Software Product Types
 Global Edition Systems –
– Built on Enterprise Edition to provide enhanced capabilities for remote
management of multiple systems spread over a number of geographically
separate sites (not yet released for v8)
 Symmetry Homeland
A variant of the Symmetry software is available for US Government installations.
Symmetry Homeland includes additional fields when defining card details
– Designed to meet Federal Smartcard standards and meet HS Directive
12
– Professional, Enterprise, and Global Editions (versions prior to v8.0.1)
NOTE: Symmetry Homeland is required if using SR-Series (Symmetry Retrofit) hardware
System Architecture
 Installation on a Single Computer - Smaller companies use Symmetry
Business or Professional Edition
 The standalone Server/Client system can be expanded by just adding another
client to the system
System Architecture
 Separate Symmetry Server - Used with any edition of Symmetry
 Often used with Professional or Enterprise Edition in medium-to-large-sized
organizations
System Architecture
 Using Separate Symmetry and Database Servers - Enterprise Edition provides
the option of installing the Symmetry database on a separate database server
 This architecture is often used in large organizations that prefer to use a
dedicated computer to run databases, often for security reasons
NOTE: A Domain-based network must be used due to the security requirements
needed for such an architecture.
 Symmetry - Standard Features












Complete control of access rights
Easy card administration (bulk
amendments)
Dynamic alarms management
Graphics interface
Badge designing and printing
Database partitioning
Login permissions control user access
Extensive reporting options
Visitor management
Antipassback management
Emailing of Alarms
Identity Verification (enhanced with
Symmetry v8.0.1)
 Symmetry - Optional Features








Integration with digital video systems
Integration with intrusion systems
Integration with SALTO™ online/offline
readers (Disconnected Door)
Magnetic Stripe and Smart Card Encoding
XML Developer's Kit
Intercom Control Integration
Card Data Import and Card Data Export
(Standard with Enterprise)
Workflow
Introduction to Symmetry
QUESTIONS?
Hardware Fundamentals (pg 18-32)
Symmetry Training
Symmetry™ v8.0.2 Essentials Certification Module 2
Fundamentals of Hardware
 Objectives
 Perform a review of the On Demand Hardware Course
 Describe Node and External Controller Configuration
 Demonstrate Network interface device programming
 Symmetry Learning Center Hardware Certification Course
 Designed for installers who do not normally configure Symmetry software
 Provides detailed information on the full range of Symmetry hardware
 The course can be found at:
http://amagtraining.leads2learning.com/course/view.php?id=8
NOTE: Your Instructor may require you to complete this On Demand course (if you have not already done so) prior
to completing the Essentials training and achieving your certification.
 Hardware Course Design
 The Hardware Certification course is divided into a series modules
 The modules contain a variety of activities and other resources
 The course ends with a Final Quiz.
Hardware Fundamentals (pg 21)
 Symmetry Device Configuration
 Each Node and Controller requires a unique address for proper
functionality
 Nodes will also require configuring COM Port Usage
 Two types of Symmetry device addressing
 Node
– Node addressing identifies the location of a Node, most notably
when there are several Nodes on the same Chain
 Door Controller Unit (DCU)
– Each External Controller unit (xDC, AC 24/4 or OC 4/24) requires a
unique DCU address to identify the readers, monitor points and
auxiliary outputs connected
 Node Addressing
 Each database unit requires a unique address in the range 1 to 32, which is set
using dip switches on the PCB
 Refer to the appropriate controller’s Installation Guide for the proper settings)
 While the range is from 1 to 32, the first Node on the chain (or if it is the only Node
on the chain) must always use address 1
 Node Addressing
 M2150 & SR-DBU
Addressing
 Multiple Nodes on a
chain
 Node COM Port Usage
 Setting for COM C, D, and E need to be defined
 Example displayed for the first (or only) Node with only one NIC4 module:

Door Controller Addressing
 Each External Controller unit (xDC, AC 24/4 or OC 4/24) requires a unique
DCU address
 In the range of 1 to 8 (depending upon the controller model and to which
database unit type it is connected)
− Set using dip switches or links (stake-pin jumpers) on the PCB
− Refer to the appropriate controller’s Installation Guide for the
proper settings
 Consider that each DCU consists of one pair of readers.
– For a Node with Integrated Door Control, DCU addresses are
consumed internally

Door Controller Addressing
 Consider that each DCU consists of one pair of readers. For a Node with
Integrated Door Control, DCU addresses are consumed internally
 M2150 2DBC, for example, only one DCU is consumed by the Node’s
two integrated readers. This makes the first possible external controller
address as “2”
 M2150 8DBC, four DCU addresses are consumed by the Node, making
“5” the next possible address
 The AC 24/4 and OC 4/24 each occupy two addresses, and thus follow
the same rules as the M2150 4DC (consuming two addresses)
− This results in decrease of available readers possible
 EN-LDBU connects to Aperio™ serial hubs, not door controllers
− Wiring is same but addressing is different
 M2150 2DC
 Note: Addressing is based upon Database Unit type
 M2150 4DC
 M2150 AC 24/4 and OC 4/24
 M2150 8DC
 M2150 EN-LDBU
 Aperio™ hub addressing
Exercise - Node Type and DC Addressing
Node
_____
Chain 1
Server
Chain 2
Node
____
Node
____
>>>>
Node
____
R
2DC
____
R
8DC
____
R
8DC
____
R
8DC
____
R
4DC
____
R
8DC
____
R
2DC
____
R
4DC
____
R
2DC
____
R
2DC
____
R
2DC
____
Node 1
Node 8
Node 3
>>>>
What are the Node types (assume 16 readers per node),
the DC addresses and their reader numbers?
Node
32
 Network Interface Programming Utilities
 Edge Network and SR-Node LAN Interface Addressing
 G4FlashNet Utility
 M2150 (and earlier) Node LAN Interface Addressing
 CoBox Utility
 Network Interface Programming
 Edge Network and SR-Node LAN Interface Addressing
 G4FlashNet Utility
– Configures: EN-1DBC, EN-2DBC, SR-DBU, EN-LDBU and EN-DBU
 Edge Network Device Programming
 Configuration using the G4FlashNet utility
 The utility is a standalone utility
 Found in Symmetry DVD\Extras folder
 G4FlashNet will automatically locate any nodes on your local network
 Directly connecting to a Node can be done by selecting the Use Direct IP
addressing check-box
 G4FlashNet will automatically locate any nodes on your local network
 Simply select the node you wish to configure from the Located Nodes drop
down list to proceed.
 Configuration using the G4FlashNet utility
 Enter the required device addressing and click Configure
 Network Interface Programming
 M2150 (and earlier) Node LAN Interface Addressing
 CoBox Utility
– Configures: MSS1-Lite, CoBox, XPort (NIC3), NIC4 and NIC-WI
Wireless modules
 NIC- 4 Programming
 Configuration using the CoBox utility
 Found in the Security Management System folder of Program Files once
Symmetry is installed
 If Symmetry is not installed, create a shortcut to the “CoBox.exe” file
onto your Desktop from the Symmetry DVD\Symmetry\Disk1\Program
Files\Security Management System folder.
 Also copy the “COBOX.ini” (Configuration settings) file from the
Symmetry DVD\Symmetry\Disk1\CommonAppData\Security
Management System folder to the Windows installation folder of your
computer.
 Configuration using the COBOX utility
 COBOX.ini settings:
 For a non-encryption-enabled COBOX or XPort module, if you want to
be able to default the NIC, use the following settings in COBOX.ini
– AllowColdStart=1
– DisplayEncryption=0
– EnableCurrentNIC=0
 For an encryption-enabled COBOX or XPort module, if you want to be
able to default the NIC, use the following settings in COBOX.ini:
– AllowColdStart=1
– DisplayEncryption=1
– EnableCurrentNIC=1
 The instructor will demonstrate the Programming/Configuration of the NIC
Using the COBOX utility
 Follow the steps in the workbook to complete NIC4 programming when
directed
In-Class Exercise – NIC Programming
1.
Conduct NIC-4 programming as previously demonstrated
2.
Use the IP parameters provided by the Instructor
Hardware Fundamentals
QUESTIONS?
Symmetry Specification & Planning (pg 33-44)
Symmetry Training
System Specification and Planning
 Objectives
 Define Installation Options
 Describe Pre-install Consideration
 Define Windows Groups and Accounts
 Identify System Requirements
Symmetry Specification & Planning (pg 34)
 Installation Overview
 Single Computer Installation
 Server, Database, and single client
 Symmetry Business and smaller Professional Edition systems
 Multiple Computer Installation – Non-detached Database
 Server and Database on same computer
 One or more additional Client workstations
 Medium to large Professional Edition or typically Enterprise Edition systems
 Multiple Computer Installation - Detached Database
 Symmetry Server and Database on different computers
 One or more additional Client workstations
 Larger Symmetry Edition systems
– Requires a Domain-based network due to security requirements
– DB Server hardware must meet req’s for Enterprise Edition server
– Low network latency (<2ms)
– SQL Backup folder must be shared
 Installation Considerations
 Verify network performance if a Separate Database server is to be used
 System performance can be negatively affected if inadequate computer
systems are utilized
 A fixed IP address must be used for any type of Symmetry server and for
any Symmetry client that is managing one or more LAN chains.
 Computer Names – Do not use the underscore character in computer
names!!!
 Automatic updates – Turn off if possible
 Refer to the latest Microsoft Security Updates document
 Obtain all necessary Symmetry licenses
 Disable Database Optimization Software (if used)
 Set Server(s) Power Options
 Set “Hibernate” and “Sleep” to Never
 Verify Windows Time Service Configuration
 Recommendation is to use Network Time Protocol
 Download drivers (may be necessary for 3rd party equipment if
installing into a 64-bit O/S such as Windows 8.1)
 Workgroup or Windows Active Directory
 Local Administrator rights to logon locally on a computer for Workgroup
software install
– Workgroup installs could be conducted in offsite, if necessary
 Domain Administrative rights are required to conduct a Domain installation
– Domain installation MUST be conducted at the customer’s site and
usually requires pre-planning and coordination with corporate IT
dept. for Administrative logins
 Windows Groups in Symmetry
 The default Symmetry groups are: ACSUsers, ACSAdmin, and ACSGuest
 In Workgroup installations these are automatically created
 For Domain/Active Directory installations these must be created on the A/D Server
 Group Permissions
 ACSUsers - This is used to provide the privileges necessary for a user to use the
Symmetry client software.
 ACSAdmin - This is used by the Symmetry services on the Symmetry server
– Any user who can also perform database restorals
 ACSGuest - This is for third party applications needing read-only access to the
Symmetry database, such as a reporting application
Hardware and Operating System Requirements
 Review the Security Management System Software Installation Manual
Hardware and Operating System Requirements
 Review the Symmetry System Requirements
Symmetry Specification & Planning
QUESTIONS?
Symmetry Software Installation (pg 44-55)
Symmetry Training
Symmetry Software Installation
 Objectives
 Describe Installation details
 Perform Software Installation
 Identify Software Licensing and activation
NOTE: The Instructor will now demonstrate the software installation
process. Observe the steps and you will later be directed to conduct
these same steps on your system.
 Symmetry Software Installation Sequence
 Review Module 3 information
 Perform Software Installation as described in the Software Installation
Manual
 Use Chapter 3 for a “Quick Install”
 Use Chapter 4 for an “Advanced Installation”
 Apply and activate Software Licensing
 Perform post-installation tasks as required
 Post-Installation Tasks
 Anti-Virus Exclusions
 When using anti-virus software exclude the following folders*, including all
subfolders (‘on-demand’ and ‘end-point’ scanning must also be configured with
the same exceptions)
 On the Symmetry Server:
– Program Files\Microsoft SQL Server
 On the Symmetry Server and all Clients:
– Windows\System32\msmq
– Program Files\Security Management System
– Program Files\Security Management System\Import
– Program Files\Security Management System\Export
– Program Files\Security Management System\Images
* The above paths are generic, they may be different on your system
Symmetry Software Installation (pg 49)
 Loss of Network Communications - If a client loses its network communications
to the server, the client will continually attempt to re-establish communications over
a period of time
– Default time is 600 seconds
 Configuring Alarm, Visitor or Workflow Emails
 Please refer to the Software Installation Manual, Appendix D, if Symmetry is
required to send emails for alarm messages, visitor sign-ins or workflow events.
 Firewall - The Port Numbers that may be used by Symmetry (found in the SIM
Appendix F - Port Usage)
– The port that Symmetry uses for communication to the NIC Module is 3001
– If a separate Symmetry database server is used, this uses inbound
connections on UDP port 1433.
 Configuring Windows Users
 If users other than who installed Symmetry will be using the software, these
must be added to the ACSUsers group.
 If users other than who installed Symmetry will need administrative rights to
the database (e.g. to perform a database restoral), these must be added to
the ACSAdmin group.
– To create these users, go to “Computer Management”, then “Local
Users & Groups”, then select “Users” and define as required
 If 3rd party applications will need read-only access to the software, these must
be added to the ACSGuest group.
In- Class Exercise – Installing Software
1. Install Symmetry Version 8
2. Use the Serial number provided by the instructor
3. Setup Type – Choose Typical
4. Follow the prompts
5. At the Registration screen, stop and wait until instructed to continue
Licensing the Software
 You need to obtain an activation code to activate the Symmetry software.
You can obtain the activation code in one of two ways:
 Over the Internet by clicking Register Online. You will be prompted to log in
and register your details. The login username and password are provided on
the Software License Certificate
 By phone using one of the numbers displayed in the dialog. If you use this
method, you will need the Serial Number and Registration Key displayed near
the top of the license activation dialog box.
 If adding features, repeat the licensing process
 Registration details will be automatically uploaded to activation server if online
Verify Software Installation - Service Monitor
 By default, the Symmetry Service Monitor is installed during installation
 It is typically located in the System Tray (hidden icons)
Software Installation Quiz
1. What is the default location of the Symmetry software? ______________
2. What is the default location of the database? _______________
3. Where can I find the Symmetry Documentation folder after installation?
_______________________
4. What three Windows Groups are created during a Symmetry
Professional installation?
A. ________________________
B. ________________________
C. ________________________
5. Symmetry v8.0.2 Professional uses what database
engine?___________________________
Software Installation Quiz
6. Symmetry v8.0.2 standalone installation uses 1 Client license.
True or False
7. What is the default Facility Code installed during installation? _________
8. The default Facility Code cannot be changed after installation.
True or False
9. When installing Enterprise edition, SQL Server is installed before
installation of the Symmetry Software.
True or False
10. Installing Symmetry with a separate database server can be done in a
Workgroup.
True or False
Symmetry Software Installation
QUESTIONS?
Basic System Configuration (pg 56-100)
Symmetry Training
Basic System Configuration
 Objectives
 Access Control Programming – (Hardware)
 Basic Card Access Programming
 Basic Communication
 Points, Outputs and Command Basics
NOTE: The Instructor will now demonstrate the programming process.
Observe the steps and you will later be directed to conduct these
same steps on your system.
Basic System Configuration (pg 57)
 Opening the Symmetry Software
 Double-click the icon on the Windows desktop:
 You are now prompted to log in:
 Enter your assigned user name and password to gain access to
the screens of the Symmetry software
 The service user name is "Installer"
 The password is "install”
 Installation Wizard
 This wizard prompts for the unique name for the Client PC
 This name should represent the function of Client (e.g.
Guard's Computer, Admin Computer, etc)
 Clients
 In all Symmetry Editions (except Global) all clients get access
to all allowed screens of the security management system
(depending on user permissions and the licenses purchased).
 Each Client PC requires a unique name that best describes
the purpose of the Client (such as: Visitor Computer, Guard
Station, etc…)
 New Client – Select this if defining the Client for the first time
 Existing Client – Select this if the client has already be
defined in the database
 Check the “Display real-time activity at this client” option if
the Activity and Identification Verification screens will be able
to be used at the client
 After the Client is correctly named the Wizard can be closed
 The wizard can also assist with defining additional clients, nodes, readers,
monitor points and auxiliary outputs
 Install Menu Ribbon
 Symmetry's top-level menu, as shown in the below example,
provides access to all Categorized Ribbons (and sub-menus)
needed to program a system.
Installing the Access Control Hardware within Symmetry
 The following steps are required when first configuring the Access Control
Hardware:
 Define Client Port(s)
 Define Chain(s)
 Define Node(s)
 Define Reader(s) and additional hardware
 Client Ports define the type of security management hardware
connected to each of the client's ports
 Select the type of Client Port for a LAN Chain – Network
 The Network Port identifies the communication path from the
Symmetry Database Server’s polling client to the defined chains
 Client Port Options
 Network - Used as the supervising client to communicate with nodes on
LAN chain(s) via its network (Ethernet) port.
 IPNet - Used as the supervising client to communicate with intrusion
system(s) via its network port.
 COMNet - Used as the supervising client to communicate with a Bosch
D6600 intrusion communications receiver via its network port.
 IntercomNET- Used as the supervising client to communicate with a
Stentofon Alphacom intercom system via its network port.
 USB - Used to define a connection to one of the client's USB ports.
 COMxx (RS-232) - Used to define a connection to one of the client's COM
ports.
 Up to 16 can be used for connection to hardwired or dial-up chains.
 Chains (LAN Chain) define the name for each LAN Chain
and the communication parameters for the LAN Chain
 When selecting LAN for the Chain option the following
parameters need to be set:
 LAN Chain Name – Unique Name for LAN Chain
 LAN Client Name – The Client that will communicate with
the LAN Chain
 LAN Port Name - Network defined in the Client Port
settings
 LAN Interface – COBOX/XPort - if the LAN Chain uses a
COBOX, XPort, NIC4 or NIC-WI module
 IP Address – either DHCP or Static
* If configuring the server offsite, uncheck the Enabled box!
 Chains (LAN Chain) define the name for each LAN Chain
and the communication parameters for the LAN Chain
 New Password – Up to 16 alphanumeric characters.
 Time Difference - The time difference between the polling
client and remote chain.
 Continuous - The client will continuously poll the chain.
 If there are two or more continuously-polled chains or other
devices communicating with the same network port on a
client, each is polled in turn.
 Periodic - The client contacts the chain only when there is
data to download (such as new card data) and at the times
specified in the Periodic Contact tab.
 If the are alarms the chain contacts the client, events are
uploaded when the client initiates contact
 Anti-passback Mode - The purpose of anti-passback is
to prevent people from passing back a card to a second
person to gain entry or exit. The two modes are Timed
and Zonal.
 Timed - Once a card has been used at a timed antipassback
reader, the card causes an anti-passback violation if it is used
again at the same or another timed anti-passback reader
within a predefined period of time.
 Zonal - In the case of Zonal anti-passback, the building needs
to be partitioned into zones.
 Global Client – Anti-passback status is monitored on nodes
tied to the same polling client
 Global System – Anti-passback status is monitored on nodes
reporting to any polling client in the system
 Node Description – The unique name of the Node (e.g.
location of the doors it controls)
 Chain Name – The chain to which that Node is connected
 Node Type – Model of the Node
 M2150 Nodes (2DBC, 4DBC, 8DBC)
 M2100/M2150 Node
 multiNODE-2
 Wiegand Format – Card format used by readers
connected to this Node
Installing the Access Control Hardware
within Symmetry – Edge Network Devices
 Node Definition:
 Chain Name - Select “New”
 Node Type – Model of the Edge Network Node




EN-1DBC/EN-2DBC
EN-DBU
EN-LDBU
SR-Node (only available in Homeland Edition)
 Click Discover and select the desired device
 Configure the Communications tab
 Door & I/O Controllers – Specify any remote door, alarm or
output controllers used by the Node
 1DC - One-door remote control unit (M2100 1DCR-P).
 2DC - Two-door remote control unit (M2100 2DCR or M2100
2DCR-P, or M2150 2DC).
 4DC - Four-door remote control unit (M2100 4DCR-P, or
M2150 4DC/4DCN).
 8DC - Eight-door remote control unit (M2150 only).
 AC24/4 - Alarm controller (M2100 ACR or M2150 AC24/4).
 OC4/24 - Output controller (M2150 only).
 Reader defines the name and type for the reader interface and the door
hardware or furniture associated with reader ports on the door controllers
within this Node
 What types of readers are supported in Symmetry?
 Reader Screen options:
 Reader Description – Unique name of the Reader/Door connected to the
controller
 Owned by Company (if multiple companies) – Which company the reader
is used by
 Description – Node to which that reader is connected
 Controller Description - Door controller to which the reader is connected
 Reader Screen options:
 Reader Type – This specifies the reader/card format name
What type of readers are used in this class ?
– In an SR-Node select the card format for the F/2F cards
– For Wiegand cards select “Display Additional Reader Types”. Use
the same format entered in the Node definition for “Default
Wiegand”.
 Reader Port – The port on the controller to which the reader is connected
In- Class Exercise – Basic Access Control Configuration
Ask Instructor for assistance if needed
1.
2.
3.
4.
5.
6.
Log into the Symmetry Client
Define the Client (name the Client)
Define the Client Port (Network – LAN Chain)
Define the Chain
Define the Node (your choice of the name or description)
Define the Reader “Reader Port 1” (your choice of the name or
description)
*Use screenshots on pages 75-82 for reference
Inform Instructor when complete
Symmetry Basic Programming
 The following section defines the basics for defining:




Facility/Customer Codes
Card Holders
Access Rights
Trigger and Scheduled Commands
 Additional details for Card Holder, Access Rights and Commands will be discussed
within the Basic System Administration module
 Card Holder Administration
 Some card technologies have a Customer Code (otherwise known
as a Facility Code) encoded within the card data, which is used to
identify the company that the card holder is associated with in the
Symmetry software
 By default, the number per system is limited to 8, the installer is able
to remove this restriction by modifying a setting in the multiMAX.ini
file
System Log Report
 The System Log can be used to identify the Facility/Customer Code of the
Access Card if the correct code is not downloaded in the Node
 The System Log is located under the Reports/Configuration Reports menu
 Select the Output to “Screen”
 The Listing Type to “System Log”
 The System Log displays the latest record at the top and can be refreshed by
clicking the “Today” button
 The System Log can also assist identifying issues with the installation and
configuration of the hardware. The System Log displays engineering
messages from the Nodes and other debug information
System Log Report
 The System Log can be used to identify the Facility/Customer Code of
the Access Card if the correct code is not downloaded in the Node
 The Node cannot recognize and decipher card reads or Facility Codes until the
correct “Wiegand Card format” is configured
 When a card is presented to the reader:
 The System Log report results indicate this:
“TXNALMVWDec. No Name. Card 113 Cust 0….."
 If the correct Wiegand Card format is defined, the Facility Code is
displayed between “Card” and “Cust” (113 in this example) in the System
Log when presenting a card to the reader
 The Wiegand Format is defined under the Node definition screen for
AMAG readers
 It is defined in the Readers definition screen for non-AMAG readers
Card Holder Administration
 The Facility/Customer Code screen can be
defined under the Setup/Configuration ribbon
 Select the Facility/Customer Code icon
 Click the New button on the Selection screen
 Enter the Code in the Facility/Customer Code
field
 Select the Company or Companies and add
them to the “List of Companies to use the
Code” field
 Card Holder Administration
 Double-click the Card Holder’s name or enter text and click “Find
 Wildcards search supported such as “Mic*” would return “Michael” or “Michelle”
Find
 Card Holder Administration – Standard Card Holder
 Card Holder Administration – HSE Card Holder (for SR-Node)
 The Card Holder screen allows the following tasks:
 Creating, modifying, finding, copying and deleting Card Holder and
their details in Symmetry
 Configurable details such as:





Access Rights
Photograph and signature
Biometric data
Personal data
Additional access control options
 Required for Standard Editions:
 First name, Last name, Facility Code, Card number
 Card Details Tab
 Enter Card Number if known (the system can auto-generate a number or this
field can be left blank)
 By default the PIN number will be auto-generated
 The Facility/Customer Code is required for standard editions of Symmetry
 Click the Save button to return to the selection screen
 Assigning Access Rights
 Select and click the “Open” button or double click
the Card Holder from the selection screen
 Click the Access Rights tab
 Either right-click the reader/reader group or select
readers click the “Assign” button on the right side of
screen
 In the Assign Reader dialog, you choose one or
more readers that the card holder is allowed to
access from the list in the top-left corner
 Additive Rights – Advanced Rights can now be
added to Normal Rights instead of replacing them
 Creating a Time Code (Access Rights category)
Select “New”
under the Select
Time Code Area
Create a Time
Code Description
Click the
dropdown arrow
beside the days of
the week
click the OK
button
 Defining Time Codes within the Access Rights screen:
 Select “New” under the Select Time Code Area on the bottom of the
Assign Reader dialog box
 Create a Time Code Description such as:
 “24/7” or “Master Access Time” to represent 24 hours a day, 7 days a
week
 M-F 9am-5pm to represent access from Monday through Friday at
9:00 am to 5:00 pm
 Click the dropdown arrow beside the days of the week and select the
appropriate Hours Definition, according to the Time Code Description
that was created
 When finished click the "OK" button
 Assigning a Card to a Card Holder
Card Number
Unique
Card
Facility/Customer
Code
 Adding the Facility/Customer Code and Card Number to the Card Holder
 In the Card Holder screen select the correct Facility/Customer Code from the
dropdown box
 Enter the Card Number
 Click the Save button
Card Holder
Facility /
Customer
Code
Access Rights
on Reader
connected to
the Node
Downloading Facility Code to Node
Facility Code
Downloaded
to NODE
In- Class Exercise – Card Holder Administration
Ask Instructor for assistance if needed*
1. Create a Card Holder (Choice of Name)
2. Grant Access to the Reader/Door (Reader port 1)
3. Create a Master Time Code 24/7 (Access Rights)
4. Ensure Access Granted is displayed in Activity Screen
Communication Tools
 Client Communications - located under the
Maintenance/Communications/Client ribbon allows
for visual confirmation of chain communications and
verification of two-way data exchange between the
polling client computer and its associated chains.
 TX – Symmetry Polling Client initiates polling with
Transmitted (TX)
 RX – Chain Controllers respond with Received (Rx)
Communication Tools
 The Client Communications option serves as a debugging tool that should
be used by technicians to verify normal communications, downloads and to
analyze system anomalies
 Common Card Transaction Examples:
 *Ca/Cd = Card Added or Deleted
 CT = Card at the Wrong Time: Card has access to the door, but not at this time
 CU = Card type is known but the card is not
 CV = Card Valid (Granted Access)
 CW = Card at the Wrong Door: Card has no access to door (This could be due to
no Access rights or due to Keycard mode)
 CX = Unrecognized Card Read: Card type does not match the card format
programmed, or the Facility Code is not in the Node
 MRX = Mismatched database
* Note the capital “C”, if lower case it is invalid
Communication Tools
 Node Status is another useful tool for verifying communications. All system
Nodes and door/alarm controllers may be verified using this screen.
 Node Status is selected under Maintenance/Access Control ribbon and allows for
selection of one or multiple Nodes to query
 The query to the Nodes and the associated door and alarm controllers provides a
status of verified communications for each
 The status includes the device’s firmware version
Command Center
 The Command Center provides a realtime status of devices within the system
 The Command Center screen can be
used to:
 Send manual commands to perform
actions such as unlock a door
 To send a command, select the relevant
item (for example, Reader) in the tree
view, choose the command in the
Available Commands area, and then
click Send.
 Determine the current status of any item
in the tree view.
In- Class Exercise – Verifying Communication and using System Tools
Open Client Communication and present each card to Reader 1
1.
What Response Code was displayed when reading the cards?________
2.
What was displayed in the System Log between “Card & Cust”? ___________
3.
Add the new Facility Code to Symmetry and assign it to a new card holder. Present the card
again. What was displayed in the System Log? _______________________
Open Node Status, select and open the Node.
1.
What version of firmware is loaded on the controller?_______________
2.
How many DCUs have reported their status? ________________
Open the Command Center and expand Readers
1.
Select the first reader in the list and expand it, what is the current status? _______________
2.
Select from the available commands and perform the following:
1.
Grant Access, Unlock Door and Lock Door
 Monitor Point and Auxiliary Outputs define the name and type of I/O that are
connected to an associated Node
 Monitor Points and Auxiliary Outputs can be connected to what type of boards?
 Monitor Points are defined using the Install Ribbon, selecting
the Monitor Point icon
 Selecting the New button on the selection screen makes the
following options available:
 Monitor Point Description – The unique name of the Input
connected to alarm controller or M/N-I/O (AC8/4 or OC4/8)
 Owned by Company (if multiple companies) –Which
company the monitor point is used by
 Node Description – The Node that the alarm controller or
M/N-I/O is connected to
 Controller Description – The door or alarm controller the
input is connected to
 Monitor Point Number – The input on the node the monitor
point is connected to. Inputs that are already used are not
displayed in the drop-down list.
 When selecting the New button on the Selection Screen the
following options are available:
 Auxiliary Output Description – The Node that the output is
connected to
 Controller Description – The door or alarm controller the output
is connected to
 Auxiliary Output Number - Which output on the node the
auxiliary output is connected to (numbering is the same as the
Monitor Point description)
 Pulse Time - When the auxiliary output receives a pulse
command, it operates for the specified pulse time, and then
reverts automatically to its idle state.
The Maximum Pulse time for the Node type in this class is?
SR-Series Node Flexible I/O
 Symmetry v8.0.2 adds the flexibility to reassign Monitor Points as a REX or
Door Contact
 In addition, it allows assignment of any Auxiliary Output for door control
 Conversely, it is possible to map the standard Door Inputs to any undefined (not
configured) Monitor Point.
 It is also possible to map the standard Door Outputs to any undefined (not configured)
Auxiliary Output
 Groups
 Devices can be grouped for a variety of reasons, based on what is being
grouped
 Multiple readers, for example, can be unlocked with one command
 Commands for grouped devices are Server-based
 Shared devices are shared between multiple companies
 Groups
Symmetry Basic Programming
 Trigger and Scheduled Commands
 Trigger Commands (also called Conditional Commands) are
“If”/”Then” statements
 Scheduled Commands are actions on a time schedule
In- Class Exercise – Basic I/O Configuration
Ask Instructor for assistance if needed*
1.
2.
3.
4.
Log into the Symmetry Client (if not already)
Define 2 Monitor Points (your choice of the name or description)
Define 2 Auxiliary Outputs (your choice of the name or description)
Create a Trigger Command:
1.
5.
If Monitor Point 1 is in alarm, pulse Aux Output 1
Create a Scheduled Command:
1.
Unlock the door on Reader 1 from 11:30 AM to 12:45 PM today
QUESTIONS?
Basic System Administration (pg 100-143)
Symmetry Training
Basic System Administration
 Objectives







Define Card Administration
Describe Visitor Management
Describe Badge Design
Configure Time Codes, System Holidays and Access Codes
Configure Commands
Describe Activity and Alarm Management
Describe Video Management
Basic System Administration (pg 101)
Card Holder Additional Fields
 In addition to the Card Number, PIN number and Facility/Customer options,
these are some of additional items are located under the Card Details tab
 The Active Date and Inactive Date is used to specify the period over which
the card can be used to gain access (the doors and times that the card can be
used are defined in the Access Rights tab).
 The Approving Official is the name of the person who has authorized you to
issue the person's badge. The names of the approving officials are defined in
the "Setup/Identity/Approving Official" screen.
 Badge Expires – After you have selected a Badge Design, this field
shows the card expiry date, assuming an expiry period has been set in the
"Setup/Identity/Badge Designer" screen.
 Set for Batch Printing – Choose this option if you do not yet wish to print
the badge. It serves as a reminder that the badge has not yet been printed.
 You can print all badges flagged in this way in one operation by using the
"Home/Identity/Print Badges" screen.
 Card Status – This displays and enables you to change the current status of
a card
 Card Lost – This is useful if the card has been lost or stolen. A "Lost Card"
alarm/event is generated and access is not granted.
 Expired status can be set automatically if the card remains unused for a
specified period of time or if Expiry date is defined in Personal Data
 Multiple and Temporary cards – This option allows you to define up to ten
cards per card holder. One card may be a “temporary card”. If assigned, the
other cards are made inactive.
 Card Holder's Picture
 The option provides two alternative methods to capture the
person's picture, Live and Import:
 Live – Click this to capture a live picture of the card holder's from a
camera connected to your PC.
 The tool that provides configuration of the camera for capturing
the picture is dxconfig.exe
 This tool is located in the root of the Security Management
System folder
 Import – Click this to import a stored picture of the card holder
 Export – Click this to save a captured picture of the card holder to
the client
 Additional Card Options - The checkboxes in the Additional Options area
to specify additional privileges for the card holder
 Area Occupancy Card - This option is used if the person is going to use readers
to gain entry and exit from an area that has a controlled occupancy count
 Card Watch - The card can be used normally, but the reader generates a
"Cardwatch" alarm/event
 Command Card Holder - This enables the card holder to generate card
command messages at keypad readers. The messages can be made use of by
trigger commands, for example to arm or disarm intruder alarm systems or to
switch lights on or off.
 A Card Command is initiated at a keypad reader by pressing the star “*” key
(the key on Javelin readers), keying in the defined command number
(between 1 and 99), followed by a valid card read
 Additional Card Options - The check boxes in the Additional Options area
to specify additional privileges for the card holder:
 Conditional Card - The card holder can use this card only to activate trigger
commands or as part of a patrol tour transaction; it does not open doors. A
Conditional Card can activate a trigger command by setting the IF part of a trigger
command to Valid Card Transaction
 Executive Card – An Executive card:
 Need not enter a PIN at readers in Card + PIN mode
 Is excluded from Auto Set Unused Cards Expiry
 Is excluded from Anti-Passback rules.
 Extended Door Times – This is useful for card holders who are disabled, or for
another reason, may require more time than is normally necessary to open and get
through a door.
 Keycard Holder - Readers that have been enabled as keycard readers recognize the
card as a keycard
 When a reader is in Keycard-Out state, all cards except keycards are denied access,
irrespective of access rights.
 When a card reader is in Keycard-In state, normal operation is resumed.
 A keycard holder can switch the reader between Keycard-In and Keycard-Out states
(access rights permitting) by presenting his or her card, followed by a four-digit PIN
in a special sequence
 To change the state from Keycard-In to Keycard-Out a card holder with a PIN of 1234
would enter 3412
 To change the state from Keycard-Out to Keycard-In a card holder with a PIN of 1234
would enter 3412
 Visitor Escort - This option allows the card holder to be selected for escorting visitors
 Personal Data – This tab allows you to specify personal data such as Department,
Employee number, contact telephone number, etc.
 Symmetry allows up to 50 Personal Data Title fields for card holders or Visitors
 Symmetry allows up to 10 Personal Data Title fields for use in Identity Verification
 To define the Personal Data Titles
– Select the Setup Menu
– Select the Personal Data dropdown arrow (Setup/Identity Ribbon)
– Select Card Holder Titles
 Four types of Data Fields (note the significance of each)
– List Only
– Expiry date
– Edit List
– String
 Define the data fields using the Card Holder Data option
 Personal Data
 Mandatory - Information for that title will have to be specified when adding or
editing a card holder/visitor
 Category - Determines the required format of the information entered
– Custom - Use # to indicate an alphanumeric character, use 0 for a
numeric character
– Other Categories include Email, Date and General
 After Creating the Card Holder titles they will appear in the Card Holder Screen,
Personal tab
 Personal Data titles can also be included for display in Identity Verification
In- Class Exercise – Personal Data
Ask Instructor for assisted if needed
1.
2.
3.
Define three Card Holder Data Titles, one each using these Personal Data
types:
a. List Only type (named Department)
b. Edit List type (named Manager)
c. String type (named Phone Number)
Define Card Holder Data for each of the lists:
a. Department: HR and IT
b. Manager: any name you choose
Add Personal Data to the Card Holders
 Locator - This tab lists the last 25 valid transactions for this card and allows
resetting the anti-passback location for this card only
 Biometrics - This tab allows you to capture and store the person's signature (to
print on a badge) and to enroll biometric data, e.g. a hand print from a Hand
Geometry Unit (HGU) or a fingerprint from a fingerprint enrollment reader
 Vacation - This tab allows you to specify the card holder's vacation times in a
calendar. Vacations are used to specify times when individual card holders are
taking a period of leave or rest from work.
 This is to comply with employment law in some countries
– By default, the Installer does not have permission for this tab
 Vacation times have a resolution of 1 hour
Selection Screen Definitions – Common Options
 Notes Icon
 Notes Button
 Move Button (card holder Definition screen only)
 Permissions Button
Visitor Management
 The Symmetry Visitor Management features enable:
 Improved efficiency of the visitor check-in process
 Enhanced site security and management of visitor details more effectively
 The Visitors screen is used to create, find, view, modify, copy or delete visitor
details, including Visitor Data Titles, if defined
Visitor Management
 Visitor Details – This tab enables you to specify general details of the visitor, such
as when the visitor is expected to arrive and depart, who he/she is visiting, and the
name of the escort
 A major benefit of the Visitor Management module is the ability to sign visitors in
and out from the Visitor Details tab, using the Sign In and Sign Out buttons
 The current status of the visitor is displayed in a color-coded box near the bottomleft corner of the screen, which can instantly show you whether the visitor is still on
site.
 Visitors can be automatically deactivated following a successful transaction at a
specified reader.
Visitor Management
 Email Notification of Visitor Signing In can be automatically sent
to the card holder when the visitor is signed in. The email address is
defined using a Personal Data Title in the Card Holder's details
 Another option is the ability to scan driver licenses and business
card information to diminish data entry and provide further
authentication
 Other Options of the Visitor Detail tab:
 Arriving, Arriving Time, Departing and Departing Time Specify the dates and times of arrival and departure
 Visiting – allow the selection person the visitor is visiting (any
Card Holder)
 Visitor Escort – The person who has been nominated to escort
the visitor
Badge Designer
Badge Designer
 The Security Management System software provides a comprehensive set
of tools that allow you to design and print ID badges quickly and easily
 Graphics toolkit - Provides all the tools needed to create customized badge designs
 A library of badge designs can be created, each for a different group of visitors
 A photograph, signature, graphics and personal details can be included on a
badge design
 The photograph and signature can be captured live from a video camera or
webcam
 The signature can also be captured using a signature pad
 Each badge design can be assigned different default access rights
 Card encoding (requires the Magnetic Stripe or Smart Card Encoding option)
Badge Designer
 The Badge Design Graphics toolkit can be launched by selecting the Badge
Designer icon from the Setup/Identity menu ribbon
 Clicking on the “New” button on the opens the Badge Designer screen and a new
tab in the ribbon bar that provides the options necessary for designing badges.
Badge Designer
 A Rule enables you to set up what determines whether or not the item is
displayed for a card holder or visitor card, depending on personal data.
 For example, you may want a logo to be displayed only for card holders who
belong to a specific department.
 To create a rule click on the item that can change (hidden or shown) based on the
Cardholder and/or Personal Data fields in the Card Holder definitions
In- Class Exercise – Badge Designing
1. Create a Badge Design in Portrait orientation
2. Add a graphic (using the AMAG logo) to the upper left area, less than ¼ of the
badge, and the card holder’s picture in the upper right area
3. Add two Personal Data fields, one for First Name and one for Last Name
(make the last name field smaller) in the center of the design
4. Create two fields for Department, color coded differently for HR and IT, one
overlaid on the other to be selected by the system
5. Assign the badge design to the Card Holders created earlier
Defining System Times
 Hours and Time Codes
 The hours definition consists of a series of time intervals within a 24-hour period.
There can be up to 10 intervals in an hour’s definition.
 Hours & Time Codes are used in the following definitions:
 Access rights
 Scheduled commands
 Trigger commands
 Arm/Disarm warning (used in M2150 Intrusion Detection Systems – “IDS”)
 Vacation (Hours)
 The Time Code definition screen contains three tabs
 Standard Weekly Hours – This tab enables you to choose the default hours to use
for each day of the week
 Holiday Hours - This tab is for the access rights or commands that will use the
time code needed to operate differently on defined holidays
 Calendar Overview - Overview of how the time code is set up and enables you to
override the Standard Weekly Hours for specific dates
 Time Code definition screen options:
 Time Codes Description - This is the name of
the time code.
 Category - This displays the selected purpose of
the time code.
 Creating a Time Code
 Define the Description of the Time Code
 Use the dropdown menu or enter the hours
definition number
 Click OK to save the Time Code
System Holidays

Holidays are defined under the Operations/Times
ribbon
 Name the Holiday Types in the boxes near the
bottom of the screen
 Types such as:
– National Holidays
– Company Holidays
 There can be a total of 9 Holiday Types for the
system
 Select the date and either right-click on the date
and select Assign or select the Assign button and
check the box beside the Holiday type
Access Codes
 Access Codes - A pre-defined set of access rights that allow access to any
of the following:




Reader Groups
Readers
Floor Groups
M2150 Intrusion Areas
 Access codes can save time if you need to assign the same complex access
rights to more than one person.
Before defining access codes, make sure that the items necessary to define the
required access codes have previously been defined
Access Codes
Creating Access Codes
Select the "New" button on the Access Code
Selection Screen
Give the Access Code a Unique Name
Assigned Access Rights tree view, select the
appropriate branch. For example, Readers.
Select the Assign button or the same option
in the right-click menu
Specify the required access rights in the
screen displayed
In- Class Exercise – Holidays, Time & Access Codes
1. Create 2 Holiday Types and assign to dates
a.
b.
Federal
Company (assign to today’s date)
2. Create the following Hours and Time Codes:
a.
b.
c.
Access Rights type: “8am to 5pm M-F With Holidays”
Scheduled Command type: “8am to 12pm & 1pm to 5pm M-F” (No hours on Holidays)
Scheduled Command type: “After hours” - for the following: 5pm to 8 am M-F and 0:0024:00 on Weekends and Holidays
3. Create 2 Access Codes
a.
b.
Master Access with Holidays – 24/7 all Doors or Groups
8-5 M-F (no holiday access) on one reader/door only
I
Commands
•
Scheduled, Triggered and Predefined Commands are accessed on the
Operation/Commands ribbon
 Scheduled Commands initiate a Start command, then a Stop command
to be executed, typically at a device or group of devices such as readers,
monitor points and auxiliary outputs
 Examples:
 Switch lights on and off at specific times
 Unlock and lock doors at specific times
Scheduled Commands
 Configuration Tab
 Device - Select the type of item that the scheduled command applies to
 Location - Choose the specific device or item that the command applies to. The
items in this menu depends on what you have selected in Device
 Start and Stop Commands - When you select a Start command the opposite
command is inserted automatically in the Stop Command box
 When - Select the time code to be used from the menu. The Start command is
executed at each start time in the time code, and the Stop command is executed
at each end time.
 The meaning of all commands can be found in the Symmetry software’s
online help and the Software Reference Manual
Scheduled Commands
 Override Tab
 Select the time code to be used from the menu. The Start command is executed at
each start time in the time code, and the Stop command is executed at each end
time.
 Use this feature to change the operation of the scheduled command during a
scheduled time code, such as during a site shutdown period
Scheduled Commands
 To set up the override:
 Choose the required option from the Override menu.
 Specify the Start Time, Stop Time or Time Code as applicable
 If the time code is defined as follows:
– Start = 09:00, Stop = 12:00, Start = 14:00, Stop = 17:00
 Overriding the stop time with a time of 18:00 results in the following:
– Start = 09:00, Start = 14:00, Stop = 18:00
 Use the calendar buttons to specify the start date and end date of the
override.
 Save the changes
Scheduled Commands
 Options Tab
 Sync Command on Close - If you are setting up a new scheduled command
and you select Sync Command on Close, the Start Command is executed
immediately you select OK
 Status - This displays one of the following:
 The current status of the command, as determined by the Validity Period
settings.
 OVERRIDDEN if an override is currently active, as set up in the
Override tab.
 “Actioned By” means the command is controlled at the Node or by the
Server
• Trigger Commands cause a command to be executed at a device (or group of
devices) if an alarm/event message is received from another device within a period
of a specified time code

Examples of use:
– Switch a video camera on when a monitor point is activated at certain times
of the day
– Run a specified executable file from the server when a monitor point
activated
 There are three parts to a trigger command:
– "If" - Specifies the message that will trigger the trigger command.
– "Then" - Defines the command that will be sent. More than one “Then” can
be triggered by the same “If”
– “When” – Specifies the time code when the trigger command can be
generated
 Creating a Trigger Command
 Select the “New” button under the “Schedule Selection” screen
 Description - The unique name of the trigger command.
Trigger Commands
 Configuration Tab
 "If"
– Device - Choose the type of device that should activate the trigger
command. If you choose a group, the trigger command can be activated by
any device in the group.
– Location - Select the device or group that is to activate the trigger command
– Message - Select the specific alarm/event message that should activate the
trigger command
 A complete list of the Alarm/Event messages can be found where?
Online Help or Software Reference Manual
Trigger Commands
 “Then”
 Device - the type of device to send the command to
 Location - Select the specific device or group of devices to send the
command to
 Command - Select the specific command to send to the device or
group of devices when the trigger command is activated
 Command No - More than one command to be triggered by the same
"If" condition , up to 99 “Then” commands
 “When”
 Select the time code to be used by the trigger command. The Then
command is executed only when the If message occurs between any
pair of start and end times in the time code.
Trigger Commands
 Options Tab
 From/To - The trigger command will be executed on and between the From and
To dates only
 Report As - Determines whether the 'Trigger Operation' message generated
when the command is executed should be reported as an alarm, event, or not at
all
Predefined Commands
 Commands available to only users belonging to a nominated role
 Predefined commands are associated with a User Role, not a Company
 Commands are assigned for use in various screens, e.g. the Command Center
Activity and Alarm Management
 The Activity Screen displays, on a by-day basis, all alarms and
events stored in the log
 It can be accessed by selecting the Home/Monitoring ribbon
 Activity Screen features includes:
 The Current Activity screen displays alarms and events in realtime as they are received.
 Selection of the Date Selector and Filter by pull downs provide
for viewing previously logged items and filtering by alarm
categories such as Card Activity, Door Activity and more.
 Selection of the Today button displays all items previously
logged for today’s date.
 No alarms or events are cleared from the logs in this screen –
they are only viewed.
 The Activity Screen displays
 What - The alarm message. If Show Card Number with Alarm/Event is
selected in the "Maintenance/Users & Preferences/System Preferences" screen,
the person's card number (if known) is displayed in square brackets after the
alarm/event message.
 Where - The location of the alarm.
 Who - The person who caused the alarm, if known.
 Time and Date - The time and date the alarm occurred.
 In addition to the above fields, supplementary fields can further identify the event
 Location, Category and Personal Data Titles can be added to the fields
 Right-click menu allows options such as:
 History and Freeze
 Data option - to choose the optional columns to display
 Use the Configure option to change the column order
 The Inline Filtering option enables further filtering of Activity list:
 Enter part of the column item
 The Alarm screen manages alarms routed to your client
 Alarm management is the process of viewing, acknowledging and clearing alarms
that are received at this client
 Alarms that have been verified or investigated may be cleared to be removed
from the screen
 Alarms are displayed and maintained in the list according to Priority (1-999)
– Priority 1 being most critical and 999 being the least.
 The display provides for current statistics, which may be turned on/off by client.
 Alarms have three primary colors:
 Red is a new alarm that has not yet been acknowledged
 Blue indicates that someone has opened/acknowledged the alarm but
that it is still in an alarm state – and thus cannot be cleared until reset at
the device
 Green indicates it has been acknowledged, is its normal state, and can
now be cleared

The option to change the look of the Alarm Management screen to combined Alarm/Acknowledgement into the
same screen can be found under what Menu/Ribbon?
 The Alarm screen has two view possibilities
 Normal - Alarms must be double-clicked to open and acknowledge
 Combined – Alarm display and acknowledgement are on the same screen
– Single click selects the alarm
– Statistics and Multiple Alarm selection are disabled
The option to change the look of the Alarm Management screen to combined
Alarm/Acknowledgement into the same screen can be found under what Menu/Ribbon?
 Multiple Client System
 If both can manage the same alarms only one should be allowed to do so
 Enable “Maintenance/User & Preferences/System Preferences” option Show
Alarm Handling
 Masking Alarms – The Mask button (or right-click menu) located on the Alarm
screen allows the alarm to be masked for a specified length of time
 Masking an alarm removes it from the All Alarms tab and from any Filter tabs,
and moves it to the Masked Alarms tab.
 Masking an alarm example:
– An alarm that cannot be cleared because the device is faulty and cannot be
reset to its normal state
– A Motion Alarm that is too sensitive and needs to be adjusted
 Masking an alarm does not affect its status
 Masked alarms can be opened, acknowledged and cleared
 Masked alarms are not displayed in graphics
 Alarm Masking
 You can mask an alarm by selecting an alarm in the
All Alarms tab or in a Filter tab and clicking Mask.
 Alternatively, click Mask after opening an alarm that
has not already been masked.
 Set the duration of the mask
 A second user may be required to confirm the mask.
This option is defined in the System Preferences.
This requires both the logged in user and a second
user in any role to authorize an alarm mask
 Alarm Masking
 A Clear Mask button is available in the Masked Alarms tab or after opening a
masked alarm.
 This button clears the mask and returns the alarm to the All Alarms tab.
 Alarm filters provide a method to partition the viewing of alarms in the
Alarms screen
 Alarm filters can display only alarms of a specified type or from a specified location
 Alarm Filters screen is used define alarm filters and their rules
 To create a new alarm filter:




Open the Alarm Filters screen.
Click New.
Specify a name for the filter in the Description field.
Use Column Name, Operator, Value Type and Value to specify a filter rule, then
click Apply Rule.
 If you want to apply additional rules to the filter, click Add OR (or Add AND), then
repeat Step 4.
 Click OK.
 Alarm Instructions
 An Alarm Instruction is a single line of text, such as "Call Duty Supervisor". You can
display up to five of these instructions when using the “Acknowledgement" screen
to specify what to do when acknowledging an alarm
 If you have selected an existing alarm instruction from the Selection screen, this
displays that instruction
 If an existing instruction is displayed in Current Message, it is replaced by this
instruction when you select OK
 Alarm Comments
 An alarm comment is a single line of text, such as "Intruder Apprehended". When
acknowledging an alarm, a user can select one of these comments or type a
different comment using the keyboard
 Alarm Commands
 This screen enables a command to be associated with items such as monitor
points or readers. If the item generates an alarm, an associated command can
executed by clicking the Command button when acknowledging the alarm
 Alarm Definitions
 This screen enables the following alarm or event conditions to be specified:
 Type Selected - This shows the type of alarm you selected in the Selection
screen.
 Alarm Condition - This displays the alarm message you selected in the
Selection screen.
 Alarm Attributes – Defines the Priority, Color, Alarm Sound, Custom Routing
type, etc
 Instructions - You can specify up to five lines of instructions for the alarm
 Email - Use this tab if you want details of the alarm to be sent by email to a
selected email recipient
 Alarm Routing Screen
 Alarm Routing can specify where to send each company's alarms, and the times to
send the alarms. For example, you may choose to send alarms to one Symmetry
client during normal office hours and to another at other times
 Alarm Reporting Screen
 Use this screen to:
 Set up defaults to be used within the "Operation/Alarms/Definitions" screen.
 Specify whether messages are to be reported by the server as alarms, events or
not at all and whether they are to be printed in real time.
 Alter the standard alarm/event messages displayed to the guard.
In- Class Exercise – Alarms
1.
2.
3.
4.
Create a Filter for “All Door Alarms” include all readers on the system, using
“At Wrong Door”, “Door Forced”, and Door Held Open”
Mask an alarm from “Monitor Point 1” for 60 Seconds
Create a custom Alarm Definition that will display the following alarm type:
“Door forced” on all doors:
a. Custom sound and color
b. Priority of 10
c. Alarm Routing type “Custom Alarm”
d. Custom Instruction “Check the door”
Define a Standard Comment that states “All is clear”
Introduction to Video Management
 Symmetry Video Management
 The Digital Video Management option provides integration with a variety of CCTV
and Digital Video systems.
 This option enables video images to be viewed, recorded and replayed from easyto-use screens within the Symmetry software
 The Digital Video Management option provides an open platform that supports a
variety of:
 IP cameras
 Symmetry Network Video Recorders (NVRs)
 Digital Video Recorders (DVRs)
Please check with your local sales rep for the latest integration information!!!
Installing and Activating Video Management Licenses
 The Maintenance/Licensing/System Licenses ribbon allows the
installation and registration of licenses for optional software modules,
or for packages that extend the capabilities of the Symmetry software.
 To add a license perform the following:
 Click the Add button
 Enter the serial number given to you when the license was purchased
Installing and Activating Video Management Licenses
 An activation code can obtained in one of the following ways:
 Automatically over the Internet by selecting “Activate your license via the
Internet”
 By accessing the registration website and entering the required information
– (The login username and password are provided on the Software
License Certificate)
 By phone using one of the numbers displayed
 Click OK.
 Restart the Symmetry software if the required options are not displayed
The maximum number of cameras is license dependent!
Symmetry NVR
 The NVR records video from all digital video cameras that are assigned to it.
 Typically, the repositories use separate network-attached storage, but it is
allowable to use any local or network-accessible disk.
Symmetry NVR
 There can be multiple NVRs in the same system.
 Each requires a separate PC, which can be a Symmetry server, client or any
other suitable PC on the network.
 An NVR can be shared by more than one Symmetry company.
 Video stored by an NVR can be replayed using the "Home/Video &
Audio/Video Playback" screen.
 Each NVR stores the details of the cameras that are assigned to it. Any
changes in the Symmetry software are automatically downloaded to the
NVR.
Installation of a Symmetry NVR is recommended on a physical computer,
and not in a Shared Virtual Machine!
Symmetry NVR
 Tasks carried out by an NVR
 Manages the storage of recordings for all cameras that are assigned to it.
 Determines the recording mode. An NVR can be set up to record on demand
(as a result of user actions in the Symmetry software or according to a
specified schedule), continuously or never. The default mode is "on demand".
 Retrieves video for playback. For example, for the "Home/Video &
Audio/Video Playback" screen.
 Provides a web interface that allows you to configure and monitor the NVR
(see below for further details).
 Purges old video automatically, based on purging rules defined in the web
interface.
 Communicates alarms and events to the Symmetry software.
Defining NVRs in the Symmetry Software
 You can define NVRs using the "Install/Video & Audio/Digital Video-NVR"
screen.
 The screen also allows access to the NVR web interface
NVR Web Interface
 The web interface allows you to manage the recording capabilities of the NVR
 If the Installer password is changed in Symmetry it will need to be updated on each
NVR manually!
Symmetry CompleteView
 Symmetry CompleteView is a suite of seven
software applications
 Symmetry CompleteView options include:
 Symmetry POWERPROTECT NVR Systems provide from 1TB to 40TB of storage,
with an 88TB expansion option
 Symmetry TOUCHVIEW Mobile – Symmetry
TOUCHVIEW Mobile offers mobile apps for
the iPhone®, iPad®, iPod® touch and
Android™ smartphones
 Basic Video Programming
 Installing IP cameras from the Install/Digital Video ribbon
 The Digital Video Device selection screen can be used to set up devices such as
digital video servers, recorders and cameras
 Basic Video Programming
 Use the Camera settings screen to define the settings for an IP
camera
 Description - Enter a unique name for the device
 Address – Enter the IP Address for the IP cameras
 User Name and Password - Enter the username and password of the
camera you are adding. This will allow Symmetry to connect as the
camera’s user and enable live video to be displayed at Symmetry clients
 Connect - Use this if you want to display live video from the camera in
the Configuration Settings tab
 Click Save, then Close
 Basic Operation - Video Matrix
 Simultaneously displays multiple live images from digital video
cameras
 Up to 72 simultaneous live images per PC, depending on PC
specifications
 Includes controls for camera pan, tilt, zoom and focus
 Instant record feature
 Camera sequencing
 Camera tours
 Supports display of web pages
 Alarm and activity display
 Basic Operation - Video Playback
 Save, print and export images.
 Instant replay feature
 Allows easy replay of video recordings
 Filter options enable recordings to be located quickly from the database
 Simultaneous replay of up to 4 recordings.
 JPEG picture or video clip export
 Basic Operation - Tagging
 Tagged recordings are produced by, for example, a Record Video trigger
command or user recording. They are prevented from being overwritten and
enables easy playback.
 Also supports tagging by a user-applied "bookmark”
 Playback recording from alarms or events via history reports or
Home/Monitoring/Alarms
 Video Integration with Access Control
 Identity Verification - Operators can compare the live image of a card holder
who is using a reader against their stored image
 The Identity Verification menu allows for viewing remotely and cross verification
of the live image of the card user and their stored image
* Identity Verification will be covered later in this training
 When there is a transaction from a known card at an associated reader, the stored
image of the card holder or visitor is displayed next to the live image
 This enables an operator to compare the live and stored images to verify the
person's identity
 Graphics Integration - Live video can be played from a graphic, such as
a floor plan or map of the building
 Digital video and CCTV switcher cameras can be added to the graphics
screen.
 Adding cameras to a graphic makes it easy for you to locate a camera
on the “Graphics" screen and view live video from that camera
 Right-clicking the icon for an IP camera displays the following options:
–
–
–
–
Live Video
Start Recording
Stop Recording
Command Center
In-Class Exercise – Video Management
1.
Open Symmetry software and select Install - Digital Video to add a
Symmetry encoder.
2.
Add a Description, using Training Encoder 1, the IP address (as provided
by your Instructor), and the encoder's Username and Password.
3.
Select the Connect button to view the camera’s video.
Inform instructor when finished
QUESTIONS?
Advanced System Configuration (pg 154-172)
Symmetry Training
Advanced System Configuration
 Objectives
 Describe how to configure and create User Roles and Accounts
 Configure System and Client Preferences
 Install and configure Graphics
User Roles
 A User Role defines a set of
access permissions to ribbons,
screens and options in the
Symmetry software.
 Additional options are also available
for definition
User Roles
 A User Role allows users the following permission levels:




View-only access
Modify access
Delete (full) access
No access at all
 Changes take effect the next time the user in the role logs in
User Accounts
 User Account - A person who is allowed to use the Symmetry software
 Default User Account information can be found in the Software Installation
Manual, page 33
 Includes Visitor Management Users - User accounts created by Allow Visitor
Management Login for this Cardholder in the "Home/Identity/Card Holders"
screen are visible only if this option is selected.
 Defines security features such as Password Expiration by account and Secure
Logon to the Symmetry software using a fingerprint or Smartcard reader.
 Provides for personalization with selection of a Language Pack for this account
that presents text in that language upon login.
 Other features include permitting Enable Clear All Alarms and restricting the
duration of Instant Replay of recorded video
User Accounts – Setup
 Passwords
 Enable Password Expiry - Select this option if the password is to
expire after the number of days specified in Duration
 Enable (check box) - The option is automatically deselected if a user
provides an incorrect password a specified number of times, as
determined by the Maintenance/User & Preferences/System
Preferences setting “Limit Invalid Logon Attempts”
Advanced System Configuration (pg 160)
User Accounts – Setup
 Passwords by default, are 5 characters in length
 Strong Passwords criteria:
 The minimum length for a strong password is 6 characters
 At least one numeric character
 One uppercase character
 One lowercase character… and…
 One punctuation mark
– Allowable are . / , / ! / ; / : / ? /  A strong password will not be able to contain any full word of the user's
name.
User Accounts – Options
 Language
 This option allows the selection of a different language for the user. When the
user logs in the system will display text, such as in menus and screens, in the
selected language
 Home Screen – This option allows the selected Home Screen to be displayed
automatically when the user logs in
 Lock Position prevents the user from being able to close, adjust the size, or
change the position of the home screen
 The Home Screen is configured under the Maintenance/User & Preferences
Ribbon
 Task list - This option is relevant to task processing and assignment
 All Users - The user is able to view and process any task, irrespective of the
user or role it is assigned to.
 Same User Profile - The user is able to view and process any task assigned to
the user's own role, or any user who has that role.
 User Only - The user is able to view and process only tasks assigned to the
user or to the user's own role.
 Ignore/Bypass Permission Filters - This option allows the user account
to bypass any permissions set up in the Permissions screen for items
such as:
– Card holders
– Cameras
– Readers and reader groups
 Enable Permission - This option allows the Permissions button to be
available in screens available to that user
 Enable Clear All Alarms - This option will enable the user to use the
Clear option on the Alarm screen
 User Accounts
 User Accounts – Options
 Status Tool Bar is an IDS function. This provides an additional ribbon for
managing the Intrusion Detection System
 Only Show Badge From Alarm - If selected, this option will preview the card
holder’s badge design only when clicking the Card button in the
Home/Monitoring/Alarms Acknowledgement screen.
– If not selected, the card holder’s record opens.
 Instant Replay - This option specifies the maximum period of recorded video that
can be reviewed in the Video Replay screen, when accessed by selecting Instant
Replay in the "Home/Video & Audio/Virtual Matrix" screen.
 System and Client Preferences
 There are two Preferences menus: System
and Client.
 The System Preferences menu allows the
selection or observance of many optional
configurations that affect the entire system.
 The System Preferences “Settings” tab
provides a broad cross section of options
that range from 7-Day Advance Notification
of Holidays to Strong Password settings to
Default Language Packs.
 The Alarm Settings tab contains selections
for managing/recording system alarms.
Examples: Save Alarm Comments and
Purge Daily Logs
 There are two Preferences menus:
System and Client.
 The System Preferences menu allows the
selection or observance of many optional
configurations that affect the entire system.
 The Card Settings tab provides a broad
selection of configuration and automation
with respect to cards administration:
From Auto Set Unused Cards Expired
setting to requiring that Visitor Escort is
Mandatory.
 The Digital Video tab defines the
location and login credentials of the
Symmetry Database for digital video
cameras/encoders
 The Client Preferences menu provides
selections that only affect how the Client
you are on operates
 The Client Preferences “Settings”
tab provides options Auto Logoff Time
and Background Image selections,
among others.
 The Alarm Settings tab contains
selections for managing alarm sounds
and how Alarms and Graphics appear
on this computer. This includes
selecting multiple alarms on the
Home/Alarms ribbon
 The Client Preferences menu provides
selections that only affect how the
Client you are on operates
 The Account Settings tab provides a
method of setting a Windows account
to automatically logon to this
computer for convenience. This is
less secure.
 The Digital Video tab provides for
identifying where the client will look to
find recorded video.
In- Class Exercise – Preferences
1.
2.
Log into the Symmetry Client (if not already)
Select under System Preferences:
1.
2.
3.
Allow Engineer Access
Strong Password
Select under Client Preferences:
1.
2.
Auto Logoff time 10 minutes
Enable Multiple Alarm Selection
 Graphics
 Typically a map or floor plan with icons representing system devices
 Allowable file types are:
 bmp
 jpg
 wmf / emf
 dxf
 Assign devices (or groups), cameras, and/or additional graphics
 Define Permissions
 User roles who can use this graphic
In- Class Exercise – Roles & Graphics
1.
Add and Configure a Graphic
1.
2.
2.
Add all Doors, Monitor Points and Auxiliary Outputs to the Graphic
Have the Graphic display on a Door Forced Alarm
Create a new Role and User Account (Limited Guard Permissions)
1.
2.
3.
Role should only have Modify permissions for Application/Logoff
Role should be allowed to Modify Alarms and View Graphics on Home ribbon
Account should have a Home screen of the Alarm Screen that cannot be closed
QUESTIONS?
System Architecture (pg 174-192)
Symmetry Training
System Architecture
 Objectives
 Describe Symmetry Database Management
 Identify the Symmetry System Services
 Demonstrate the Disaster Recovery Process
System Architecture (pg 175)
Database Management
 The Database Engine
 The core of the software system and is responsible for recording all programmed
items and historical events in the system’s production databases
 Microsoft SQL Server is employed in all Security Management System products:
 SQL Server 2008 R2 Express is used for Symmetry Business and Professional
editions
– SQL Server Express 2008 R2 is free
– Limitation on database size raised from 2 GB to 10 GB
 Microsoft SQL Server 2008/2012 is used with Symmetry Enterprise and Global
editions
 Requires a license - all Symmetry Client computers
 Must be purchased
 Suitable for high-end solutions requiring expanded system capacities and larger
databases
 In the installation of SQL Server with the Symmetry Business & Professional
editions the Microsoft SQL Server Management Studio is installed
 This tool that may be used to view the system databases and their
properties
 In can be found under Windows Start/All Programs in Windows 7
 When installed it creates a set of SQL system databases that contain specific data
about the installed instance of the SQL engine
 This data is used to manage the database engine itself and record information
about other user production databases
 Example SQL system databases are:
– Master
– Model
– MSDB
– TempDB
 The Symmetry software installs new databases unique to the Security
Management System.
 Each has a specific purpose and none are optional in a fully functional system.
 The following are examples of the databases, each a variation of the name
multiMAX.
– multiMAX Card Holder related data
– multiMAXImport Imported card data from Excel or CSV
– multiMAXTXN Transaction data
– multiMAXTxnOps Non-card holder configuration data
 Windows Explorer can be used to view the SQL and Symmetry (multiMAX) physical
database files
 The default location of the system databases for Symmetry Business and
Professional is:
<Drive>:\Program Files\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data
 The Database Engine – Shared Folders
 Symmetry Enterprise, if using a Separate Database server, will need to have
the Microsoft SQL\Backup folder set for a Network share
 Non-separated database servers will need a Network share folder for
Backup and Archive functions
Backup and Archiving - Backup
 A backup, which can be produced using the "Operation/Data/Backup"
screen, is a copy of the data in the Symmetry databases.
 A backup enables your data to be recovered in the event of a
computer fault
 Prior to performing a backup several steps must be taken.
 Enable File Sharing and Network Discovery
 Create a Shared Folder
 Add the Windows User(s) which will need access to the folder
 Enable Read/Write permissions for the user(s)
 Highlight the user and click Share
This share must include the ACSUsers group and any other user than that which
installed the Security Management System software
 A backup takes the form of a series of SQL "bak" files that include the following:






Configuration settings
Card details
Card transactions
Alarms & Events
Tasks
User activity stored in the Symmetry databases
– The backup also takes a copy of the multimax.ini and crf.ini files
from the Windows installation folder and places them into the
network share folder, with dated copies of the backup
 Backup and Archiving
 Performing Backups
 Select the backup location (must be a network destination)
– Ensure the Symmetry Service account has rights to the location
 Use the Immediate option to start the backup process immediately
 Use the options in the Timed Backup area to configure the backup to
occur at a specified time on selected days.
Discussion Points….
1.
When should a Backup be performed?
2.
Database Backups in relation to the “Purge Daily Logs After” setting?
 Archive Introduction
 An archive is a copy of the historical transaction data from the Symmetry database
 Transactions
 Alarms
 Events
 User activity
 The archive is stored in a *.bak file in a specified location.
 When producing a report, such as in the "Reports/History/Activity" screen, you can
choose an archive as the reporting source
 Backup and Archiving
 Performing an Archive
 The file copied to the archive location has the current date and time appended to
its filename.
 Archive Location - Choose the folder in which to store the archive. This must be a
network drive.
 If you want to use a folder on the local PC, it must be a shared folder.
– This share must include the ACSUsers group and any other user than that
which installed the Security Management System software
 Period to Archive - This specifies the amount of the log that is to be archived
 All information in the log that is dated between Earliest Un-Archived Log and
Archive Log End Date (inclusive) will be archived
Reports
 System Reporting provides for comprehensive reports in these categories:
 History
 Identity
 Configuration
Reports
 History provides:
 Activity – Produces full details of previous alarms and events.
 User Audit – Lists previous user actions within the screens of the
Symmetry software.
 Onsite Times – Lists the amount of time card holders have spent on site.
The report can, for example, be used to verify contractor invoices.
 Cardholders Onsite – Lists the cards that are currently on site. The
report could be used by emergency services.
 Patrols – Produces information about previous patrol tours (see the
Guard Patrol Manager Installation & User Guide). The report provides
details of when patrol tours were started and completed and any rule
infringements.
Reports
 History provides:
 System - This report is for Engineer use only, and enables the content of the
system log to be examined. You may be asked by Technical Support to provide this
report.
 Video Archive Audit – Examines the date and time of each recording stored in a
video storage folder of a Symmetry NVR, and shows the date and time of the most
recent recording for the selected camera(s).
 Predefined Reports – Enables you to run a report that has been previously set up
and customized from the "Reports/Configuration/Predefined Reports" menu. You
can run the report manually or automatically at scheduled intervals. Predefined
reports enable you to set up a library of your favorite reports, which saves time if
you need to run the same report frequently.
Reports
 Identity provides:
 Cards – Lists the details of how cards have been set up in the
"Home/Identity/Cards" or "Home/Identity/Visitors" screen.
 Access – Enables you to produce different types of access-rights listings:
 Card holders who can use a specified door.
 Cards that are to expire between specified badge or inactive dates.
 Cards unused for a specified number of days.
 Cards using a specified access code or time code.
 Card holders who can use a specified floor/output group or reader group.
 Doors that can be accessed by a specified card.
 Visitors - Produces a report of current, previous or future visitors. You may, for
example, want to run a report that shows all the visitors expected on a specified
date.
Visitor Reports
 The system provides extensive visitor reporting capabilities:
 “Reports/Identity Reports/Visitors" – You can list details of visitor cards.
 "Reports/Identity Reports/Access" – You can list details of the access rights of
visitor cards.
 "Reports/History/Activity" – You can view previous alarms and events generated
by visitors.
 "Reports/History/Cardholders Onsite" – You can find out which visitors used an
Entrance reader.
 "Home/Identity/Locator" – You can find out the current location of selected
visitors.
 "Home/Identity/Muster" – The muster (roll call) report includes visitors.
Reports
 Configuration provides:
 System Configuration – Displays a tree view of the software as licensed
and configured.
Reports
 Configuration provides:
 Reports – Enables you to produce a large number
of different reports to view how readers, holidays,
time codes, users, commands, etc. have been set
up.
 Predefined Reports – Allows you to define
customized reports to run from
"Reports/History/Predefined Reports".
System Architecture
In- Class Exercise – Backup and Archive
1.
2.
3.
Perform an Immediate Backup
Perform an Archive from the first day available to yesterday
Run an Activity Report and select the Archived data
Symmetry System Services
 Symmetry Service Monitor
 Created during the install process
 Available from the Windows Taskbar
 Provides easy access to all Symmetry services, as well as to the SQL Server
service.
 Stopping, starting and viewing the status of all services may be conducted from this
single applet
 Symmetry Service Monitor
 Service Monitor Interface
 The fields and options in the dialog have the following meanings:
 Network Name - The name of the PC on which the services are running
 Polling Interval - This determines how often the Service Monitor refreshes the
dialog (to reflect the current status of the services)
 Stop - Stops the selected service
 Start - Re-starts the selected service
 Refresh - Refreshes the dialog box
 Show All Services - When selected, all Windows services are listed. When
deselected, only those services relevant to the Security Management System are
listed.
 Close - Closes the dialog box. This does not stop any of the services, and you
will still be able display the dialog again by double-clicking the icon in the System
Tray.
 Symmetry Service Functions
 The following are some of the responsibilities of the Symmetry Services and
Microsoft Services related to the Security Management System
 The MSSQL Server Service manages all system database files and processes
all Transact-SQL statements invoked by client software applications, such as
those sent from the Symmetry Clients.
 The SMS Services service is responsible some of the following
Symmetry functions:
–
–
–
–
–
–
Downloading
Uploading
Scheduled commands
Network messaging
Import functions
Tagging DVR transactions
NOTE: This is not an inclusive list
 SMS Transaction Service is a dependency service as well, which means that
the SMS Services must be started before it can start. Among other functions,
this service processes alarms, trigger commands, logging system/node
transactions, and processing and display of current activity.
 SMS Client Service: The communications service, which runs on the server and
each client.
NOTE: The services that run on the server are essential for system operation and must be running continuously
 SMS Services Service and SMS Transaction Service (server only): Services
for management and transaction processing.
 SMS State Service (server only): The SMS State Service has been introduced
for the Identity Verification window. It caches the states of all the readers defined
as entry points.
 SMS Integration Server (server only): Provides a common interface for
transferring transactions from an Edge Network Video Server (ENVS) or thirdparty system into the SMS software
NOTE: The services that run on the server are essential for system operation and must be running continuously
Discussion Points….
1. The SMS Services service is a Dependent Service, what does that mean?
2. What happens to SMS Transaction Service if the SMS Services Service stops?
3. If the Symmetry Server shuts down and restarts what is a way to ensure the
SMS Services starts back up?
4. What is a recommended practice when it comes to the service “Log On”
account?
Disaster Recovery
 System Database Restore
 To perform a System Database Restore, complete the steps as
described in the Software Installation Manual, Appendix G
 When finished, run the ReAssignPerms.exe file from:
“Installation Media\Symmetry\Disk1\DB\Recovery” (v8.0.1 path)
 The Windows user (if not who installed Symmetry) must be a
member of the ACSAdmin group to restore a database!
NOTE: Ensure that all clients have been closed and that the backup files are in the default location
System Architecture
In- Class Exercise – System Restore
1.
2.
Delete all Cardholders via the Bulk Card Amendments (Home/Identity ribbon)
Perform a Restore procedure of the multiMAX database
System Architecture
QUESTIONS?
Troubleshooting & Best Practices (pg 193-206)
Symmetry Training
Troubleshooting & Best Practices
 Objectives
 Hardware Maintenance and Test Procedures
 System Tools
 Best Practices
 Uninstalling Symmetry
 Cold-start the NIC4
 Flattening a Node
Troubleshooting & Best Practices (pg 194)
Hardware Installation Considerations
 General Design Preparation
 System design considerations should include computer(s)
specifications, electronic hardware specifications, the operating
environment and the Local Area Network architecture/limitations
 Site schematics detail placement and which node/controller types will
be utilized
 Review the Site Schematic Check List, located in the M2150 Design
Guide Appendix D
NOTE: The EN-DBU cannot be converted into an EN-LDBU, likewise
the EN-LDBU cannot be converted into an EN-DBU.
Hardware and Electronics
 Primary power and site grounding should be addressed.
 All cabinets MUST be grounded for proper operation and provide ample
power/current to operate internal and external components
 The M2150 Design Guide pgs 29-31 provides guidance for planning and
installation.
 Wire and Cable Requirements
 For 20mA (Card Readers/Nodes) and RS-485 (Remote
Controllers) it is especially critical in data communications to
employ supported wiring types, otherwise communications
may be affected or rendered non-functional.
 The M2150 Design Guide pg 32, SR-Node Installation &
Migration Manual pg 74, or the controller’s installation
document provides guidance for wiring types and distances
for planning purposes.
Noise Suppression:
 Door releases or other inductive loads (relays) should contain noise
suppression devices.
 Some lock devices have internal noise suppression and so no action is
typically needed in those instances
 For DC devices a 1N4004 series suppression diode (or an MOV for AC
suppression) is required to protect circuitry from failure and severe damage.
 The M2150 Design Guide pgs 27-28 provide guidance for noise suppression
planning and installation.
 M2150 Nodes/controllers
 Dipswitch settings to allow for multiple forms of communication and
other add-in devices.
 The Controller Installation Guides provides guidance for DBU/DBC
dipswitch settings for Node Addressing and Port Usage and DC
dipswitch settings for remote controller addressing
 Common choices are the COM D settings for a single NIC4 installed in
the COM D socket and for an optional secondary NIC4 in the COM E
socket
Hardware: SR Series LED Operation
 The LEDs on the SR Series boards can be useful when testing system
operation or during troubleshooting. Refer to the SR-Node Installation manual
for a complete listing. Examples are shown here:
 SR-PCU
 DS1 (RS422 Rx upstream) – Flashes when there is Rx communication
activity on the upstream (towards host) line of J2 (pins 1 and 2).
 DS2 (RS422 Tx upstream) – Flashes when there is Tx communication
activity on the upstream (towards host) line of J2 (pins 7 and 8).
 SR-DBU
 LED1 (ON LINE) – Lit when the SR-DBU has received a message within the
last 30 seconds from the Symmetry client that is managing the LAN,
hardwired or dial-up chain.
 LED2 (OK) – Flashes once per second when the SR-DBU is functioning
normally.
 LED3 (PWR) – Lit when the power is connected.
Hardware M2150 LED Operation
 The LEDs on the M2150 boards can be useful when testing system
operation or during troubleshooting; these are examples:
 LEDs on the 2DBC
 LED2/1(Readers) - Illuminated when the reader is connected properly
 LED3 (DC COMMS) – Illuminated when an external door, alarm or
output controller is connected.
 LED9 (OK) - When the panel is functioning correctly, this should flash
once per second
 LED12 (12V) – Illuminated when the 12VDC supply is connected
operation or during trouble shooting ; these are examples:
 LED1 (12V) – Illuminated when the 12Vdc supply is connected.
 LED4 (OK) – When the 4DBC is functioning correctly, this
should flash once per second
 LED 6 (CLA) – Flashes to indicate HOST COM A (COM A) port
usage.
– 1 flash = port in use
– 5 flashes = port not used (RS232, NIC1 or NIC2 port set to
Normal Comm port usage)
operation or during trouble shooting ; these are examples:
 LED21 (12V) – Illuminated when the 12Vdc supply is connected.
 LED27 (OK) – When the 4DBC is functioning correctly, this
should flash once per second
 LED31(CLA) – Flashes to indicate HOST COM A (COM A) port
usage.
– 1 flash = port in use
– 5 flashes = port not used (RS232, NIC1 or NIC2 port set to
Normal Comm port usage)
Software Programming
 Nodes and Readers
 When defining Nodes and Readers a common choice to be made
is regarding the Wiegand Format in the Node Definition and the
Reader Type selection in the Reader Definition
 Select the Wiegand Format in the Node Definition first for the
type of cards the Node will use
 Combination formats are also available (e.g., G4Tec 32-bit &
STD 26-bit HID)
Software Programming
 Nodes and Readers
 Select the Reader Type in the Reader Definition for the reader used
 AMAG proximity readers are typically selected as Series 600/700/800
using Default Wiegand
 To select non-AMAG readers (such as HID and other manufacturers)
select the check box “Display Additional Reader Types”, then select the
same Wiegand format as was selected in the Node Definition (e.g.
G4Tec 32-bit and & STD 26-bit HID)
 Select SR-Series 4001 or 4002 as the Reader type in an SR-Node.
 On SR-Nodes mixing of Reader boards, or reader types on a single
board, are not allowed.
System Tools
 Multimax Service Status
 The MultimaxServiceStatus.exe utility is located under the root folder
Program Files\Security Management System
 MultimaxServiceStatus.exe Utility
 This utility provides a means of viewing and debugging software-to-video
device communications
 Communication to digital video devices utilizes an XML messaging format,
and system devices are constantly being polled through services
 The success or failure of these communications is continually being
recorded per device, and may be observed in real-time using this interface.
 This utility provides the capability of debugging hardware chains
– If problems exist with software/services
– The IP device is failing to respond
System Tools
 Video Status
 The View/Digital Video/Video Status menu provides a view of the
current status of Symmetry NVRs and any digital video cameras that
can have video recorded by an NVR.
 The Video System Status does not include information about cameras
connected to third-party DVRs being used in the system.
 The Analyze button provides a means for ad-hoc analysis (refresh).
 The Settings button allows for choosing updating intervals and
warnings of specified conditions
 Clicking the Save button also captures the Windows Application log
System Time
 System Time Screen Options
 Send Time To Controllers - Select this option if you want to update the
date and time at all nodes in the system (not just those connected or
controlled by this computer) when you select OK.
 Sync Scheduled Commands Now – May be needed when a system is
first commissioned or the server is offline for a long period of time to
synchronize the database with the commands stored in the Nodes
 Simple Network Time Protocol: The Windows Time Service or Simple
Network Time Protocol (SNTP) synchronizes the time between servers,
clients and other network devices such as DVRs, encoders and IP
cameras.
Time synchronization is critical to optimum system performance and should
always be implemented
Best Practices: Considerations
 Digital Video Motion
 DO NOT setup 24/7 motion on a busy area for recording with the NVR
 Add intervals (if possible) to record on Motion during non-peak or busy
times
 Ensure that Motion is setup in the video device to detect only the motion
event that needs to be recorded (avoid simple light change)
 Software Installation & Upgrades
 System Requirements – Ensure the computers (Server NVR’s and Client
workstations) meet the required specifications
 Review the System Requirements applicable to the Symmetry version you
are installing, located in the latest version of the Software Installation
Manual or on our Partner Area web site
 Software Installation & Upgrades
 When installing an upgrade of the Symmetry software onto an existing server,
ensure that the old software is removed.
 Also ensure that the “Security Management System” and the “Microsoft SQL
Server” folders are deleted from Program Files prior to installing the new
version.
 Ensure you have Administrator Rights or that a System Admin is present when
applying Service Packs
 If switching Symmetry from Workgroup to Domain network, follow process
defined in the September 2012 Technical Newsletter
 Uncheck the LAN Chain “Enable” box if you are pre-configuring a system to
avoid unnecessary taxing of server resources
NOTE: The Symmetry licensed module that allows integration with the Microsoft
Identity Integration Server (MIIS) is no longer supported.
 Workgroup or Domain Installation
 Workgroup
 Workgroup requires Local Administrator rights to install the
software
– In a stand-alone application (Server\Client – One Machine) ensure
the ACSUsers group privileges are assigned to all who will be
accessing the Symmetry software
– If more than one computer in a Workgroup environment is needed
(Server machine, one or more Client machines) ensure File and
Print sharing are enabled and that there is a common Windows
User account with the correct privileges assigned to all computers
accessing the Symmetry Server
 Workgroup
 Workgroup requires Local Administrator rights to install the software
– The SQL Server database cannot be on a different machine to the
Symmetry Application Server as authentication paths needed between the
two are not available.
– Ensure that, for the accounts assigned to run the SMS Services, that the
passwords do not expire, and that those passwords do not change
– Workgroup installations can be conducted in offsite
 Domain network
 Domain installations MUST be conducted at the customer’s site and
requires pre-planning and coordination with end user’s corporate IT
department for Administrative logins.
 For Active Directory information, refer to the Security Management System
Software Installation Manual: Post-Installation Tasks section and the
Directory/LDAP Authentication Module Install and User Guide
 Windows Automatic Updates are known to impact overall performance to
Windows and/or conflicts with applications such as Symmetry.
 Refer to the latest Microsoft Security Updates document for a list of what
Microsoft patch has been successfully applied and passed superficial tests
with the Symmetry installation
 Check with Technical Support or the Partner Area for the latest Microsoft
Security Updates
 For Clustering Architecture, the system design should place
comms/chains on the server(s) to ensure reliable failover communications
 Consultation with the AMAG Professional Service Team if Clustering
Architecture is planned
 Upgrading of Systems
 When installing an upgrade of the Symmetry software onto an existing
server, ensure that the old software is removed. Also ensure that the
“Security Management System” and the “Microsoft SQL Server” folders are
deleted prior to installing the new version.
 When importing an old database into a newer version ensure that the
database is converted.
 Ensure when installing a service pack to a new installation that the old
database is converted.
 Ensure when restoring a database ensure that the reassignperms.exe is
performed.
Troubleshooting & Best Practices(pg 201-202)
 Network Setup
 Computer Names – Do not use the underscore character in computer
names.
 IP addresses – A static IP address must be used for any type of server, or
for a client that is managing one or more LAN chains.
 Printer Setup – If scheduled reports are to be generated (found under
"Reports/Configuration") ensure that:
 The printer has been set up in both the user account and in the client services
account on each client where scheduled reports are to be generated.
 If more than one printer is used, they are installed in the same order in both
accounts.
 The Symmetry software is running at the specified client
 If the printer is USB, connect the cable to each port after driver installation
 Network Setup
 Loss of Network Communications – If a client loses its network
communications to the server, the client will continually attempt to reestablish communications over a period of time (default time of 10
minutes, as specified by the NCCT parameter in the multimax.ini file).
 During this period, the client may appear to be 'locked up'. If
communications are not re-established, the client reboots automatically.
 This process continues until network communications are restored.
 This automatic reboot process should be tested thoroughly during
system commissioning.
 Networks
 Ports and Firewalls
 Refer to Appendix F in the Security Management System Software
Installation Manual: Port Usage for details on ports used by the Symmetry
software.
 Firewalls should allow traffic across appropriate ports
 For Access Control LAN Chain Communication, Symmetry Software uses
Port 3001 TCP (NIC module communication to/from controllers)
– If a separate Symmetry database server is used, this uses
inbound connections on UDP port 1433.
Best Practices
 NIC Programming - May be conducted on any computer (Symmetry server
or client is not required)
 It is recommended to program NICs in the field when installed in the
Node/controller using a laptop
 Ensure that the NIC is on the same LAN as the programming PC
– If an IP Address comes up RED when finding a NIC on the network with
the CoBox utility, it cannot be programmed
 This will eliminate LAN/WAN programming issues or restrictions on existing
networks and provides for a confirmation of the functionality of a Node and NIC
prior to connecting to a LAN
Best Practices
 NIC Programming
 Use the latest version of using the provided COBOX.exe utility.
 In Windows Network Setup on the programming computer add a static IP
address in the APIPA class/range (e.g. 169.254.x.x).
 Upon successful completion of the NIC programming
– Select the Check Node button in the COBOX.exe utility and ensure you
receive “Node Responded OK” to verify both NIC and Node can
communicate to a client.
Note: If you plan to use the COBOX after Symmetry is installed, it is recommended
to stop the Symmetry Services service before opening the COBOX utility.
Note: If you added a temporary APIPA address into your computer be sure to
remove it before proceeding with the Check Node function.
Best Practices
 NIC Programming
 Basic communication issues between the NIC and Node, or the
Node to downstream Nodes, can be caused by a simple baud rate
mismatch and Node addressing issues:
 Confirm the baud rate is consistent on ALL Nodes in a chain and
the baud rate programmed in the NIC matches that selected on
the Node
 Confirm that the first Node in a chain is addressed as 1.
 If receiving a message in the Maintenance/Communication/Client
which includes MRX, “flatten” (cold reset) the Node in question.
Best Practices
 NIC Programming
 Ping Tests
 The PING command tests the connection between two
network Nodes by sending packets to a host and then
reporting the time it takes to get a response.
 Possible causes of receiving host/network unreachable or
destination host is unreachable messages:
– Bad network connection
– The Node sending to could be down or off
– A firewall port blocking issue
– The ping message is being filtered out
– The communications timeout is too short
Best Practices
 Database Software Programming
 Authentication Mode - Installation of Symmetry Enterprise is
recommended using Windows-Mode Authentication for database user
permissions
Best Practices
 Software Programming
 Anti-virus Exclusions - In some cases, the use of anti-virus software can
significantly affect the performance of the Symmetry software, particularly
if Symmetry is required to manage a large transaction rate.
 To maintain system performance, real-time scanning (which scans files
as they are opened) should be disabled.
Best Practices
 Anti-virus Exclusions - The following folders should be excluded from
anti-virus checks:
 On the Symmetry Database Server:
– Program Files(or Program Files x86*)\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data
 On the Symmetry and all clients:
– Windows\System32\MSMQ
– Program Files\Security Management System
– Program Files\Security Management System\Import
– Program Files\Security Management System\Export
– Program Files\Security Management System\Images
*Symmetry Edition specific
 Default Settings
 This menu allows you to setup default settings for:






Nodes
Readers
Monitor Points
Video Servers
Cameras
Reader Card Formats
Caution:
Create a copy of any Default Settings screen before creating a new record!
 Default Settings – Reader Card Formats
 This menu allows you to define each reader type used in the Node
and the allowable card formats
 Up to 8 card formats are supported per Node
Best Practices
 Time Codes (categories):
 Time Codes may be defined in four separate categories: Access Rights,
Scheduled Command, Trigger Command, and General.
 The purpose of these categories is to allow for segregation of times for each of
these discrete functions within the Symmetry system.
 Defining a Time Code in the General category allows it be commonly used for all
three of the other functions
– This is NOT recommended for most systems since conflicts may arise in
scenarios such as assigning system Holidays where you wish some Time
Code functions to be allowed and others not on the Holiday date.
Best Practices
 Cold Resets
 Cold Start NIC4:
 If necessary to reset the IP addressing of a NIC4, edit the COBOX Configuration
settings (.ini) file to allow the ColdStart option: AllowColdStart=1
– Once the Cold Start command is sent, and after the NIC4 reboots, it
may be necessary to add an APIPA address to your computer’s
network configuration to once again find the NIC4 when there is no
DHCP server available
 Cold Start Node:
 If necessary to reset the programming in a Node (for example, a Mismatched
Database transaction message is received) press an hold the Reset button until
the OK LED flashes normally at least three times
THANK YOU
ANY QUESTIONS?

Essentials Presentation File

Transcription

Similar documents

SYMMETRY™ PROFESSIONAL v8

symmetry™ product overview

Animal Diversity 1

digital realty trust symmetry™ manages access, video and building

eye setting - Revolution Taxidermy Supply

Atlantis Energy Systems Inc.

Nucsafe - Southern Scientific

Check Out Andtech`s 2009 Newsletter

Dry Night Trainer