Stanley PAC IT Manager`s Guide

STANLEY MANUFACTURED ACCESS CONTROL
ITT MANAGERR’S GUIDE
UIDE
RELEASE 4.2
Table of Contents
1. Frequently Asked Questions..................................................................................................1
1.1 Stanley PAC Access Control Administration Software.........................................................1
1.2 SQL Database for Stanley PAC...........................................................................................2
2. Installation................................................................................................................................4
2.1 System Requirements.........................................................................................................4
2.1.1 Server.........................................................................................................................4
2.1.2 Client..........................................................................................................................4
2.1.3 Operating Systems.....................................................................................................4
2.1.4 Databases..................................................................................................................5
2.2 When to Upgrade the Database Server..............................................................................5
2.3 Servers and Clients.............................................................................................................6
2.4 Stanley PAC Server.............................................................................................................6
2.4.1 Prerequisites..............................................................................................................6
2.4.2 Installation Directories................................................................................................6
2.4.3 Databases..................................................................................................................6
2.4.4 Microsoft Windows PowerShell..................................................................................6
2.4.5 User Accounts and Start-up Tasks.............................................................................7
2.4.5.1 Notes on SQL Server 2005 Express / SQL Server 2008 R2 Express
Databases......................................................................................................................7
2.4.5.2 Notes on SQL Server Databases.......................................................................7
2.4.5.3 No Manual Editing..............................................................................................7
2.5 Stanley PAC Clients.............................................................................................................8
2.5.1 Prerequisites..............................................................................................................8
2.5.2 Installation Directories................................................................................................8
2.6 Connectivity.........................................................................................................................8
2.7 Regional Options and Time Zone........................................................................................8
3. Uninstallation...........................................................................................................................9
4. Hardware................................................................................................................................10
4.1 The PAC 500 Access and Alarm Server............................................................................10
4.1.1 Download and Update Times...................................................................................10
4.1.2 Suppression of Asynchronous Events......................................................................11
4.1.3 Authenticated Communications................................................................................11
4.1.4 TCP/IP Port Requirements.......................................................................................11
4.2 The PAC 512 IP Door Controller........................................................................................12
4.3 The PAC 2000 Series Door Controller using IP Connectivity............................................12
5. Networking and Performance...............................................................................................13
5.1 Network Security...............................................................................................................13
5.1.1 DCOM / Multiple Clients...........................................................................................13
5.1.1.1 DCOM and Firewall Address Translation..........................................................13
5.1.1.2 Restricting the Range of TCP Ports.................................................................14
5.1.1.3 Configuring Your Firewall..................................................................................14
5.2 OEM Interface TCP Port 8658...........................................................................................14
5.3 Bandwidth Data.................................................................................................................15
5.3.1 Download Data.........................................................................................................15
5.3.2 Event Throughput.....................................................................................................15
5.3.3 Minimum Client Bandwidth.......................................................................................15
5.4 Backup File Sizes..............................................................................................................16
3
P
6. Tips..........................................................................................................................................17
6.1
6.2
6.3
6.4
6.5
Screen Resolution.............................................................................................................17
Multiple Monitors...............................................................................................................17
Database Backups............................................................................................................17
Reports..............................................................................................................................17
PC Name Changes...........................................................................................................17
6.5.1 Finding the Previous PC Name................................................................................18
6.6 Virtualisation......................................................................................................................18
6.7 Stanley PAC COM+ Applications on a Domain PC...........................................................18
6.8 Using Stanley PAC on Windows Server 2003...................................................................22
6.9 Using Stanley PAC on Windows Server 2008...................................................................24
6.10 Image Capture Utility in Windows Server 2008 R2.........................................................30
6.11 Accessing Stanley PAC via Remote Desktop..................................................................30
6.12 Windows Updates and Hotfixes.......................................................................................30
6.13 Sending E-mail from Stanley PAC...................................................................................30
6.14 USB Admin Kit with Windows Vista Business.................................................................30
7. Access Control Schematics.................................................................................................32
7.1 Example 1.........................................................................................................................32
7.2 Example 2.........................................................................................................................33
7.3 Example 3.........................................................................................................................34
Issue Record
Version
Date
Author
Details
V1.8
08/12/2006
JF
Stanley PAC 3.1.
V1.11
31/07/2008
JF
Stanley PAC 3.2.
V1.12
23/09/2008
SD
Virtual server info added.
V1.13
03/07/2009
SD
Stanley PAC 3.3. Updated system requirements; updated bandwidth usage; added info on Windows
Server 2008, SMTP, and USB Admin Kit with Windows
Vista; updated database information.
V2.0
03/12/2010
JC
Added frequently asked questions for Stanley PAC
and SQL, hardware connectivity details; re-edited
document to present a more logical structure.
V2.1
16/03/2011
SD
Stanley PAC 3.4. Updated system requirements.
V2.2
27/07/2011
SD
Added information on Image Capture and installing
Windows PowerShell; updated references to database
server requirements.
V2.3
18/10/2012
SP
Stanley PAC 4.0. Updated system requirements; updated PC name changes and virtualisation.
V2.4
25/04/2013
SD
Stanley PAC 4.2. Updated system requirements.
Applicability
Product Code
Name
Detail
Version
Stanley PAC
4.2
4
P
1. Frequently Asked Questions
The section provides an overview of the system requirements for Stanley PAC and the SQL
database, addressing some frequently asked questions. More detailed information can be found
in the following chapters.
1.1 Stanley PAC Access Control Administration Software
Q: Are there any particular requirements for the PC / server?
A: Software installation and user administration requires full local administrator rights when
logged onto the PC / Server. There should be no Group Policy Objects (GPOs) applied
during software installation.
Q: How is the software deployed?
A: May be installed from the CD provided by PAC, or from a network shared drive.
Q: What is the format of the installer?
A: A Setup.exe file is provided; launches a Microsoft Windows Installer.
Q: Will Stanley PAC run in a locked-down environment?
A: Yes, if installed with local rights.
Q: Can the Stanley PAC software be hosted in a Virtual Machine environment?
A: Yes.
Q: Where are the installation files written to?
A: Installation copies files to the Windows System32 folder, and writes to the Windows
Registry.
Q: What services or processes will run on the PC / Server?
A: Executables: the Stanley PAC administration software (PACUI.exe) and the PAC Service
Manager.
Services: The PAC Communications Engine, PAC Client Manager, PAC Event Manager,
PACDatabase Manager and PAC Remote Client Configuration. The PAC OEM Interface
Service may also be required if Stanley PAC is to be integrated with a Stanley Astrow
Time and Attendance software database or a third party application.
Q: What is the database format?
A: SQL Server — see Section 1.2: SQL Database for Stanley PAC.
Q: Does Stanley PAC require e-mail configuration?
A: Stanley PAC can send e-mail messages in response to a system event. The SMTP server
is configured within the application. It may be necessary to configure the SMTP server /
firewall — see Section 6.13: Sending Email from Stanley PAC.
5
Application
Location
Protocol /
Direction
Source Port
Destination
Port
PAC Client Manager
Stanley PAC Server
TCP / Out
Dynamically
assigned
8085 (configurable)
PAC Event Manager
Stanley PAC Server
TCP / Out
Dynamically
assigned
8086 (configurable)
PAC Database Manager Stanley PAC Server
TCP / Out
Dynamically
assigned
8087 (configurable)
COM+ / DLLHost.exe
N/A
UDP / Out
N/A
8086–8096
COM+ / DLLHost.exe
(DCOM)
Stanley PAC Server
TCP /
In-Out
DCOM assigned
5020–5040
1.2 SQL Database for Stanley PAC
Q: What is the database format?
A: All data is stored in the SQL database on the host machine. This may be SQL 2008 R2
Express, which is included on the Stanley PAC installation CD.
Alternatively, Stanley PAC can use SQL Express 2005, SQL Server 2005 SP3 Workgroup
(Standard or Enterprise), or SQL Server 2008 SP 2. SQL Server 2000 is not supported.
Q: Can Stanley PAC be installed on a separate machine from the database server?
A: No. Stanley PAC must be installed on the same machine as the database server.
Q: Does Stanley PAC require a specific SQL instance?
A: No. The Stanley PAC database can be hosted on a SQL Server with other databases,
however, it must use the default instance.
Q: What Compatibility Mode is the database hosted in?
A: 80.
Q: Can the database be hosted in a Virtual Machine environment?
A: Yes.
Q: Which collation does your SQL database use?
A: Latin1_General_CI_AS.
Q: Does the Stanley PAC / SQL connection employ Optimistic Locking and Connection
Pooling to minimise connection times, and close connections between calls?
A: Yes. SQL / Stanley PAC can be configured for Optimistic Locking and Connection
Pooling, with minimum connection time.
Q: What is the size of the database at initial installation?
A: Approximately 15 Mb.
Q: Does Stanley PAC have any effect on the tempdb database?
A: No.
Q: What additional SQL Server jobs does the Stanley PAC database create?
A: Backup.
6
P
Q: Does Stanley PAC database require any of the following: Analysis Services, Reporting
Services, Full Text Catalogues, SSIS packages?
A: No.
Q: Does Stanley PAC database use Extended Stored Procedures?
A: Yes — Xp-dirtree and xp-fixeddrives.
Q: Do Stanley PAC users require sysadmin access or sa login?
A: No.
Q: Do Stanley PAC users require direct access to SQL Server?
A: No.
Q: Can the system operate with Windows Authentication only?
A: No. An account is created during Stanley PAC installation.
Q: Does Stanley PAC require permissions to be granted / denied to the Public Database
role?
A: No.
Q: Does Stanley PAC need to be able to create temporary databases?
A: Yes.
Q: Do Stanley PAC users or external support persons require Fixed Server Roles?
A: No.
Q: Does Stanley PAC store any data outside of the SQL database?
A: No.
7
P
2. Installation
2.1 System Requirements
You must have administrator privilege to install Stanley PAC. It is recommended that you use the
local Administrator account or any account with administrator privilege that will not subsequently
be deleted from the PC.
We recommend that the Stanley PAC machine requirements, listed below, for memory and
processor speed, are exceeded whenever possible.
2.1.1 Server
•
IBM Compatible PC, 1.6 GHz dual core processor — 2 GHz dual core recommended.
•
1 GB RAM — 2 GB recommended if using Windows Vista or later. For increased
performance, more memory is recommended.
•
Minimum 2 GB of free disk space — 10 GB recommended and more may be required
for large enterprise systems.
•
Celeron or Atom processors not recommended.
2.1.2 Client
•
IBM Compatible PC, 1.6 GHz processor — 2 GHz recommended.
•
1 GB RAM — 2 GB recommended if using Windows Vista or later.
•
Minimum 2 GB of free disk space.
•
SuperVGA 800×600 graphics — XGA 1024×768 recommended, 1280×1024 for alarm
workstations.
•
Celeron or Atom processors not recommended.
2.1.3 Operating Systems
The following operating systems are supported:
•
Windows Server 2012 Standard edition — referred to as Windows 2012.
•
Windows 8 Pro or Enterprise edition, 32 or 64-bit — referred to as Windows 8.
•
Windows Server 2008, 32 or 64-bit; or Windows Server 2008 Release 2, 64-bit —
referred to as Windows 2008.
•
Windows 7 Professional, Enterprise or Ultimate edition, 32 or 64-bit; or Windows 7
Professional, Enterprise or Ultimate edition with Service Pack 1, 32 or 64-bit — referred
to as Windows 7.
•
Windows Vista Ultimate, Business or Enterprise edition, 32 or 64-bit, Service Pack 2
required — referred to as Windows Vista.
•
Windows Server 2003, 32 or 64-bit, Service Pack 2 required; or Windows Server 2003
Release 2, 32 or 64 bit, Service Pack 2 required — referred to as Windows 2003.
•
Windows XP Professional 32 or 64-bit, Service Pack 3 required — referred to as
Windows XP.
8
P
9
You should also consider upgrading to SQL Server 2008 R2 Workgroup, Standard or Enterprise
for increased performance if the Stanley PAC Server has more than one CPU.
2.3 Servers and Clients
For optimum performance we recommend using Stanley PAC clients for specific functions. For
example, using one client as an Alarm Viewer, one as an Enrolment Station, one as an Event
Viewer, etc.
Server
We recommend the use of a dedicated PC for operation as the Stanley PAC server.
Clients
The Stanley PAC client can be easily operated alongside other applications: there is no need for
a client to run on a dedicated PC.
2.4 Stanley PAC Server
2.4.1 Prerequisites
Windows Message Queuing
This is a component of Microsoft Windows, and is installed as part of the Stanley PAC installation
process.
Microsoft .NET Framework Version 1.1
This software is required and can coexist with any other version of the .NET Framework — there
is no need to uninstall the existing version.
Microsoft .NET Framework Version 2.0 is installed as part of the Stanley PAC installation process.
2.4.2 Installation Directories
The software is by default installed into the %ProgramFiles%\Stanley PAC folder. The installation
procedure also creates folders for storing database backups and event archives. You may change
the folders from the defaults during the installation process.
2.4.3 Databases
If you are installing a Stanley PAC Server and no existing Microsoft SQL Server database instance
is found, the setup program requires you to install SQL Server 2008 Express, which is provided.
If you have an existing SQL Server database, you may still install SQL Server 2008 Express when
you want to run Stanley PAC in a separate database instance.
See Section 2.1.4: Databases for a list of supported database servers.
2.4.4 Microsoft Windows PowerShell
Before you install Stanley PAC 3.4 using the default SQL Express 2008 R2 database server on
Microsoft Windows XP 64-bit, Microsoft Windows Vista 64-bit, Microsoft Windows Server 2003
64-bit Standard or Enterprise Edition, or Microsoft Windows Server 2008 64-bit Standard or
Enterprise Edition, you must make sure that Microsoft Windows PowerShell is installed on your
operating system.
To install Windows PowerShell:
1. On the Stanley PAC installation disk, locate the PowerShell folder, then locate the installer
that is specific to your operating system.
2. Double-click on the Windows PowerShell installer to run it and follow the instructions on
screen.
3. When Windows PowerShell is installed, start the installation of Stanley PAC.
P
10
Note
By default Microsoft Windows PowerShell is already installed on Microsoft Windows Server
2003 R2 Standard and Enterprise Editions and Microsoft Windows Server 2008 R2
Standard and Enterprise Editions. Yo
ou should not need to install Windows PowerShell if
you are using one of these operating systems.
2.4.5 User Accounts and Start-up Tasks
The following account is added to your system. You should not modify or delete it, or Stanley PA
PAC
will fail to work:
•
PAC_EKA_computerr, where computerr is the name of the computer on which Stanley
PAC is installed. This is a user account that is used to access the database. The
password for this account is generated randomly and must not be changed.
The following local group is added to your system:
•
PAC_DBA. This group allows you to make a user a database administrator for the
database without giving him/her any other privilege. A user does not need to be an
operator to be a member of this group.
The following scheduled tasks are added to your system:
•
PACClockSync. By default, this task runs at boot time and ever y day thereafter at
23:00 to synchronise all access controllers with the system clock.
•
PACEventArchive. By default, this task runs at 18:00 every da
ay
y to archive events in
the event log, providing there are enough old events to archive.
•
PACStartup. This task runs at boot time to star t the services (e.g. Engine) if they are
set to be autostar ted — via the Ser vice Manager.
•
PACWeeklyBackup. By default, this task runs at 15:30 every Tuesday to back up
the Stanley P
PA
AC database according to the path set in Windows Registry. To change
the backup director y location, in the Windows Registry, na
avigate
vigate to
HKEY_LOCAL_MACHINE\SOFTWARE\P
PAC INTERNA
ATIONAL\EKA
TIONAL\EKA, and edit the
DBBackupDir key.
2.4.5.1 Notes on SQL Server 2005 Express / SQL Server 2008 R2 Express Databases
•
Integrated Security is used to access the database.
•
Access is granted to the PAC_EKA_computerr account, which is created during
installation. PAC_EKA_computerr has rights to read and write the data in the Stanley
PAC tables and perform backups of these tables.
•
DBA access to the SQL Ser ver 2005 Express / SQL Server 2008 R2 Express instance
is granted to any Windows user allocated the PAC_DBA user group created during
installation. Placing a non-administrative user into the PAC_DBA group will allow
them to restore database backups.
•
By default, any user allocated a standard Administrator account in Microsoft Windows
will also have full DBA access to the SQL Server 2005 Express / SQL Server 2008
R2 Express instance.
2.4.5.2 Notes on SQL Server Databases
The guest account should not be removed from the MSDB database, as this could cause backups
to appear to fail when the backup details are written to the MSDB database.
2.4.5.3 No Manual Editing
You must not manually edit any access or MSSQL tables, as this bypasses the front end and does
not update the door controllers.
11
2.5 Stanley PAC Clients
2.5.1 Prerequisites
Microsoft .NET Framework Version 1.1
This software, required by Stanley PAC, can coexist with any other version of the .NET Framework
— there is no need to uninstall the existing version.
Microsoft .NET Framework Version 2.0 is installed as part of the Stanley PAC installation process.
2.5.2 Installation Directories
The Stanley PAC software is by default installed into the %ProgramFiles%\Stanley PAC folder.
You may change the folders from the defaults during the installation process.
2.6 Connectivity
The client PC must be in the same workgroup or domain as the Stanley PAC Server to which it is
connected.
The name of the Stanley PAC Server to which the client is connecting can be specified in either
the installation process or on the client login screen.
2.7 Regional Options and Time Zone
Ensure that the correct regional options and time zone for the country or region is specified on the
server and client.
You can set the regional options by choosing Start › Settings › Control Panel and selecting
Regional Options, or by choosing Start › Control Panel and selecting Regional and Language
Options, depending on the version of your operating system.
Once the Server / Client has been set, check that the correct time zone is set in Stanley PAC by
starting the application and choosing the Tools › Options menu. Look for the Timezone setting.
12
3. Uninstallation
Stanley PAC can be removed from your system using the Add or Remove Programs item in the
Control Panel, or running the Setup program from the installation disk. The prerequisite software,
i.e. the .NET framework, service packs, SQL Server 2008 R2 Express, etc., are not uninstalled
by this process, but can be uninstalled separately if required.
After uninstallation, the following files are (intentionally) left on your system:
•
The database. If you are using SQL Server 2005 Express or SQL Server 2008 R2
Express, these files are in %ProgramFiles%\Microsoft SQL Server\MSSQL.1 and
its subfolders. These files can be reused if you reinstall Stanley PAC.
•
Any contents of the database backups directory.
•
Any contents of the event archives directory.
If you no longer need these files, you can manually delete them.
13
P
4. Hardware
4.1 The P
PA
AC 500 Access and Alarm Server
The PAC 500 Access and Alarm Server uses the Windows CE embedded operating system.
This device is required where enhanced Stanley P
PA
AC features are required and, therefore, is not
employed on all Stanley P
PA
AC systems.
When power is applied, the P
PA
AC 500 will attempt to retrieve its IP address automatically. If a DHCP
server is available it will use it. If not, it will tr y to select an IP address not used by any other host
on subnet 169.254.0.0, subnet mask 255.255.0.0. This is equivalent to the algorithm used by a
Windows PC when the network interface is set to Obtain IP address automatically.
If static addressing is used on your network, you can use the Configure Device IP Address
program to find P
PA
AC 500s on the local Ethernet segment and set their IP addresses manually —
you can find a link to this program in Start › Programs › Stanley P
PA
AC Tools or Start › All
Programs › Stanley PA
PAC Tools, depending on your operating system.
To
T
o ensure reliable, error free operation we strongly recommend the use of static IP addressing.
A PA
PAC 500 attempts to set its NetBIOS node name to PAC500_n, where n is the serial number
of the unit, which can be found on its barcode label.
For fur ther information relating to the P
PA
AC 500 network connectivity, refer to Technical Bulletin
TB198: Setting up a 500 ser ver over a WAN.
4.1.1 Download and Update Times
Note
The download times are approximate, and are reliant upon the network speed at the time
of the download.
Keyholder
Page load
Download Time / Keyholder
Size
page update
25,000 Keyholders
3 secs
5 mins / 40kb
8 secs
50,000 Keyholders
11 secs
12 mins / 40kb
14 secs
14
4.1.2 Suppression of Asynchronou
us Events
The user interface has a setting that enabless suppression of asynchronous events. This is intended
for use when the PA
PAC 500 ser ver is using a dialup IP connection (via a PSTN modem).
This setting must not be enabled when com
mmunicating with the P
PA
AC 500 using the Ethernet
connection.
To suppress asynchronous events:
1. In the Hardware module, select the
eP
PA
AC 500 server.
2. In the proper ty sheet, select the PAC 500 tab, then select Suppress async events.
4.1.3 Authenticated Communicatio
ons
Byy default, the P
PA
AC 500 uses authenticated communications. This can be turned off in
n the user
interface, although this is not normally recommended.
To turn authenticated communications on or off:
1. In the Hardware module, select the PA
PAC 500 server.
2. In the proper ty sheet, select the PAC 500 tab, then select or deselect Use unencrypted
communications as required.
Note
Refer to the documents that accompany your installation of Stanley P
PA
AC for more
information on the P
PA
AC 500.
4.1.4 TCP/IP Port Requirements
It is necessary to permit incoming traffic to the following TCP por ts:
•
15081 when operating P
PA
AC 500s using authenticated comms.
•
7076 when operating P
PA
AC 500s using non-authenticated comms.
Stanley PA
PAC Alarm Viewer Clients
Permit incoming traffic to the following TCP por ts (and if necessary UDP por ts): 135, 3000–3020,
and 8085–8086.
15
Stanley PAC Intivid VIP DVR
This is only required if the Intivid VIP DVR is being used for CCTV.
Permit incoming traffic to the following TCP ports (and if necessary UDP ports): 5300–5301,
5150–5151 and 5400.
4.2 The PAC 512 IP Door Controller
The PAC 512 IP door controller employs an on-board Lantronix Xport ethernet to serial converter
to connect the controller to the network. By default, this device is configured for dynamic IP
addressing and, in the absence of a DHCP server, will auto configure an IP address on subnet
169.254.0.0, subnet mask 255.255.0.0.
Static IP addressing is strongly advised. This is performed in the same manner as outlined in
Section 4.1.
The Xport device is pre-configured to communicate on Port 8003.
For further information relating to the PAC 512 IP controller network connectivity, refer to the
following Technical Bulletins: TB205: Setting up a PAC 512 IP over a LAN and TB200: Setting up
a PAC 512 IP over a WAN.
4.3 The PAC 2000 Series Door Controller using IP Connectivity
The PAC 2000 Series door controllers employ the Lantronix UDS1100 ethernet to serial converter
to connect the controller to the network. By default, this device is configured for dynamic IP
addressing and, in the absence of a DHCP server, will auto configure an IP address on subnet
169.254.0.0, subnet mask 255.255.0.0.
Static IP addressing is strongly advised. This is performed in the same manner as outlined in
Section 4.1.
The UDS1100 device must be configured to communicate on Port 14001.
For full details relating to the UDS1100 configuration, refer to Technical Bulletin UDS1100 Unit 2:
Using with PAC 2000 Series Door Controllers — Configuration, or the e-Learning tutorial of the
same name.
16
P
5. Networking and Performance
5.1 Network Security
This section describes how to:
•
Configure DCOM for multiple Stanley PAC clients support across a firewall. This is to
allow the Stanley PAC Server and Clients, which use DCOM, to communicate with
each other.
•
Configure firewalls on a WAN. This is required to allow the Stanley PAC Server to
communicate with PAC IP controllers.
5.1.1 DCOM / Multiple Clients
To ensure maximum security on your network when using Stanley PAC clients over a firewall the
range of TCP ports used by DCOM on the clients must be restricted. Section 5.1.1.2: Restricting
the Range of TCP Ports describes how to do this.
5.1.1.1 DCOM and Firewall Address Translation
You cannot use DCOM through firewalls that perform address translation (NAT) — i.e. where a
client connects to a virtual address, such as 198.252.145.1, and the firewall maps it transparently
to the server’s actual address, such as 192.100.81.101.
17
P
5.1.1.2 Restricting the Range of TCP Ports
There are several registr y settings that control the DCOM por t restriction functionality. All of the
named values listed below are located under the
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Internet registry key, which you must create.
Remember that you only need to do this on the ser ver machine. Clients will automatically pick up
the right por t numbers when they connect to the SCM on the server machine.
Note
You must use regedt32.exe to configure these settings; regedit.exe does not currently
suppor t the REG_MUL
LTI_SZ type required by the Ports named value entry. Also, you
must reboot your machine any time you make changes to any of the following registry
settings in order for them to take effect.
Name
Type
Value
Description
Ports
REG_MUL
LTI_SZ Specify one por t
range per line.
Example:
3000–3020
5141
One or more por t ranges. The
options below determine the
meaning of this named value.
PortsInternetAvailable
REG_SZ
Y
Always set this to Y.
UseInternetPorts
REG_SZ
Y or N
If this value is set to Y, then the
Ports named value indicates
which por ts should be used for
DCOM applications. If this value
is set to N, then the Ports named
value indicates which por ts
should not be used for DCOM
applications.
5.1.1.3 Configuring Your Firewall
The firewall between your ser ver and the Internet should be configured as follows:
•
Deny all incoming traffic from the Internet to your ser ver.
•
Permit incoming traffic from all clients to TCP por t 135 (and UDP port 135, if necessary)
on your server. (135 is the Microsoft Exchange por t that Microsoft Outlook uses.)
•
Permit incoming traffic from all clients to the TCP por ts (and UDP por ts, if necessary)
on your server in the Ports range(s) specified above.
5.2 OEM Interface TCP Port 8658
There is a potential conflict between the OEM Interface, OEM client software, e.g. Astrow, and
any third-par ty software which communicates using TCP por t 8658.
Issue
•
OEM client software, e.g. Astrow, communicates with the OEM Interface using TCP
por t 8658. If this por t is also used by other software on the system, a conflict can occur
which prevents the OEM Interface from communicating over the network.
•
Installers need to be aware of any other software installed on the system which
communicates using this por t.
18
Workaround
•
It is possible to configure the OEM Interface to listen on a different TCP port; however
it may not be possible to configure the OEM client software, e.g. Astrow, to use the
new port.Therefore, if a port conflict were to occur, it would be necessary to reconfigure
the third-party software to use a port other than 8658.
•
Check the third-party software provider’s documentation and website for instructions
on how to change the TCP ports that the third-party software uses.
5.3 Bandwidth Data
The bandwidth data below was measured using 50 PAC 500s running at 20 events per second.
Event throughput stops when a download begins.
The bandwidth usage of a PAC 512 IP is considerably less than that of a PAC 500. The
Serial-to-Ethernet port of a PAC 512 IP is constricted to 57.6 kb/s.
5.3.1 Download Data
Stanley PAC Server to PAC 500 Access and Alarm Server
The download begins with an initial burst of approximately 1,100 kb/s, which is followed by
bandwidth usage within the range 300–780 kb/s.
PAC 500 Access and Alarm Server to Stanley PAC Server
The download begins with an initial burst of approximately 980 kb/s, which is followed by bandwidth
usage within the range 20–380 kb/s.
5.3.2 Event Throughput
Stanley PAC Server to PAC 500 Access and Alarm Server
Max bandwidth: 480 kb/s (approx)
PAC 500 Access and Alarm Server to Stanley PAC Server
Max bandwidth: 680 kb/s (approx)
5.3.3 Minimum Client Bandwidth
A Stanley PAC client requires a minimum of 512 kb/s (full duplex) connection to its associated
server.
19
P
5.4 Backup File Sizes
This section describes the size of files created using the backup utilities which accompany Stanley
PAC.
Database Backup File Sizes
The following table lists the size of the Stanley PAC backup files with the following database
settings:
•
100 Areas
•
20 Access Groups
•
20 Time Profiles
Number of Keyholders
Approx DB File Size (KB)
25,000
16,000
50,000
29,000
75,000
42,000
Events Backup File Sizes
The following table shows the approximate size of the Stanley PAC events backup file for varying
numbers of events.
Number of Events
Approx DB File Size (KB)
250,000
40,600
500,000
81,200
1,000,000
162,400
Archive File Sizes
The following table shows the approximate size of the Stanley PAC archive file for varying numbers
of events. Event archiving is a feature of Stanley PAC v2.2 and higher.
Number of Events
Approx DB File Size (KB)
250,000
24,900
500,000
50,000
1,000,000
99,700
6. Tips
6.1 Screen Resolution
A screen resolution of at least 1024 × 768 pixels is recommended when using Stanley PAC.
If you are using the Stanley PAC Alarm Viewer we recommend a screen resolution of 1280 × 1024.
6.2 Multiple Monitors
If you are using Stanley PAC on one PC for multiple functions we recommend the use of two
monitors, e.g. using the Event Viewer in its undocked form on one monitor, whilst using the Alarm
Viewer in the other monitor.
6.3 Database Backups
We recommend making backups of the database on a regular basis using the backup tools provided
with Stanley PAC.
6.4 Reports
When running reports, we recommend using queries whenever possible to limit the size of returned
data.
If you are using Stanley PAC Clients and Servers, we recommend that you do not run reports on
the Server.
6.5 PC Name Changes
Changing the PC name will cause the installation of Stanley PAC on that PC to stop working. This
section describes a workaround for this problem.
Workaround
1. Ensure that all Stanley PAC clients are shut down.
2. Change the PC name back to its original value — in Control Panel, open the System item
and use the Computer Name tab.
3. Backup the Stanley PAC database.
4. In Control Panel, use Add or Remove Programs to remove the following programs:
•
The Stanley PAC installation.
•
The SQL Server 2008 R2 Express installation, called Microsoft SQL Server
2008.
5. Change the PC name to its new value — in Control Panel, open the System item and
use the Computer Name tab.
6. Reinstall Stanley PAC and SQL Server 2008 R2 Express, but do not select the Preserve
existing database option during installation.
7. After reinstalling Stanley PAC, choose the Start › Programs › Stanley PAC Tools ›
Restore Database command to restore the last database backup.
8. Download the database to the connected door controllers. This may cause disruption to
door access. Make sure all users are aware before performing a download.
9. Ensure that the Server name property of any clients that connect to the server is changed
to the new name. This property can be found on the logon screen of the Client.
21
P
Notes
For more information refer to Microssoft Knowledge Base Ar ticle 281642, which is located
at http://suppor t.microsoft.com/defa
ault.aspx?scid=kb;en-us;281642.
Ensure that all workstations are shu
utdown before continuing.
6.5.1 Finding the Previous PC Nam
me
To determine the name used by the PC prio
or to the name change:
1. Choose the Start › Run command a
and type eventvwr.
This will display the Event Viewer, pictured below.
2. Click the System item in the left hand pane to display the system event log.
In the event log, the computer name
e is displayed in the column Computer.
3. To locate the previous computer name, scroll down the event log to a date prior to the
name change.
6.6 Virtualisation
Stanley P
PA
AC can be run on a vir tualisation en
nvironment such as Microsoft Vir tual Serve
er, Microsoft
Hyper-V or VMware. The system resources allocated to the vir tual machine must be equal to or
better than the minimum system requiremen
nts — see Section 2.1: System Requireme
ents.
6.7 Stanley P
PA
AC COM+ Applic
cations on a Domain PC
Introduction
Stanley PA
PAC Server PCs use Microsoft COM+ to provide application services. If you are running
in a Microsoft domain, it is possible for the domain polices to stop the application running.
On domain PCs, the Stanley P
PA
AC Services (e.g. Engine) will fail to run and you will not be able
to log into the application. The following error messages will be seen in the Windows event log:
EVENT ID: 10004 Source: DCOM
Login failure unknown user name or password
This problem should not occur on workgroup PCs.
22
Cause
This problem occurs because the Log on as a batch job privilege has not been set for the identity
of the COM+ package. When you set a user as the COM+ identity, COM+ adds this privilege for
you.
However, if the user is a domain account and does not have the Log on as a batch job privilege
set in a Group Policy Object (GPO), when the Active Directory performs an update, the identity of
the COM+ package is reset and the permission is removed.
If you retype the password, COM+ will add the Log on as a batch job privilege again for the local
computer.
Resolution
To resolve this problem, give the domain account the Log on as a batch job privilege in the Group
Policy Object in the Domain Controller.
Procedure
1. Ensure that Administration Tools is installed on the local computer from the i386 folder
on the Server disc.
2. Choose Start › Programs › Administrative Tools › Active Directory Users and
Computers.
3. In the Console tree, right-click on the domain for which you want to set Group Policy.
23
P
4. Choose Properties and select the Group Policy tab.
5. Select Edit to navigate to the Group Policy Object you want to edit.
6. Choose Computer Configuration › Window Settings › Local Policies › User Rights
Assignment.
24
7. Double click on Log on as batch job in the right pane.
8. Select the Add User to Group button and specify the Administrator group.
25
P
6.8 Using Stanley PAC on Windows Server 2003
By default, a Windows 2003 server disables COM+, thus stopping a client PC from connecting to
the server and generating the following error message:
The component or application containing the component has been disabled
To solve the problem, the network COM+ access and network DTC access must be enabled.
Procedure
1. Choose Start › Control Panel, or Start › Settings › Control Panel, depending on the
version of your operating system.
26
2. Select Add or Remove Programs.
3. Select Add/Remove Windows Components.
4. Select Application Server and choose the Details button.
5. Select the Enable network COM+ access and the Enable network DTC access
checkboxes and choose the OK button.
6. Choose the Next button to complete the wizard.
7. Choose Finish to close the wizard.
27
P
6.9 Using Stanley PAC on Windows Server 2008
By default, Windows Server 2008 will not let Stanley PAC clients connect. This is due to two
reasons: first, by default Windows Server 2008 is not set up with the role of an Applications Server;
second, by default the Windows Server 2008 firewall blocks the ports required by Stanley PAC
clients to communicate.
The procedure below explains how to set up Windows Server 2008 as an application server. To
find which ports to unblock on the firewall, see Section 4.1.4: TCP/IP Port Requirements. If you
are using the OEM Interface, see also Section 5.2: OEM Interface TCP Port 8658.
Procedure
1. On the Windows 2008 Server, choose Start › Administrative Tools › Server Manager
to start the Server Manager.
The Server Manager starts.
28
2. Right-click on Roles and then left-clic
c k on Add Roles.
The first dialog box in the Add Roles wizard (Before You
u Begin) appears.
3. Click Next.
The second dialog box in the Add Roles wizard (Select Server Roles) appea
ars.
29
4. Left-click in the box next to Applications Server so that it contains a tick.
5. Click Next.
An Add Roles Wizard dialog box appears, informing you that in order to install the
Applications server role there are features that require installing.
30
6. Click the Add Required Features button.
The third dialog box in the Add Roles wizard (Application Server) appears.
7. Read the information, then click Next.
The fourth dialog box in the Add Roles wizard (Select Role Services) appears.
31
8. Make sure that Application Server Foundation and COM+ Network Access are ticked,
then click Next.
The fifth dialog box in the Add Roles wizard (Confirm Installation Selections) appears.
32
9. Review the selections you have made, and then click Install.
The installation will now proceed.
When the installation is complete, the last dialog box in the Add Roles wizard (Installation
Results) appears. For each feature you should see the message Installation succeeded
displayed as below.
10. Click Close and then exit the Server Manager.
33
P
6.10 Image Capture Utility in Windows Server 2008 R2
Using Stanley PAC under Windows Server 2008 R2, the Image Capture utility may fail to start.
The error message An error occurred in image capture is shown.
To resolve this issue, go to the Server Manager and enable Desktop Experience in the Features
section. When this feature is installed, restart the PC.
6.11 Accessing Stanley PAC via Remote Desktop
You may experience problems when using several Remote Desktop sessions to access Stanley
PAC on a Windows Server 2003 / Windows Server 2008 server. For example, the user of one
Remote Desktop session may only be able to see the log-in screen for another session.
Therefore we recommend that, at any one time, you should have no more than one Remote
Desktop session open to access Stanley PAC on a Windows Server 2003 / 2008 server.
6.12 Windows Updates and Hotfixes
We recommend that you keep any PCs that run Stanley PAC up to date with all updates available
from the Windows Update website (http://v4.windowsupdate.microsoft.com), to maintain the security
of your system.
Refer to PAC for update recommendations before applying any updates.
6.13 Sending E-mail from Stanley PAC
Stanley PAC connects to the SMTP server using port 25. Depending on the configuration of your
network, port 25 may be blocked by anti-virus software, a corporate firewall, or your ISP. If Stanley
PAC is not sending e-mail messages, reconfigure your anti-virus software or firewall to unblock
port 25 or ask your ISP to resolve the issue. See also Section 5.1: Network Security and Section
5.2: OEM Interface TCP Port 8658.
If Stanley PAC is not able to resolve the name of the SMTP server to an IP address, it will not be
able to send any e-mail. If Stanley PAC is not sending e-mail messages, try configuring Stanley
PAC with the IP address of the SMTP server, rather than the SMTP server name.
6.14 USB Admin Kit with Windows Vista Business
Issue
This section describes an issue that can occur under Microsoft Windows Vista Business when
you create a direct channel, assign a COM port to that channel and attach a USB Admin Kit to the
port. If you disconnect the USB Admin Kit and restart Stanley PAC, an alarm is displayed warning
you that the COM port has not been found. The direct channel is still fully configured, but the COM
port has been removed.
34
Innovation in Access Control
Technical Support
1-800-414-3038