Download   Report
  1. technology and computing
  2. software
  3. databases

Document 268151

Enterprise Deployment Plan
Sample Corp
1
Table of Contents
1.
Project Overview ....................................................................................................................... 8
2.
Enterprise Overview .................................................................................................................. 9
3.
4.
5.
6.
7.
2.1.
What is the Lenel OnGuard Enterprise Solution?.................................................................. 9
2.2.
Basic OnGuard Architecture............................................................................................... 10
2.3.
Basic Enterprise Architecture ............................................................................................. 11
2.4.
OnGuard Enterprise Architecture ....................................................................................... 12
Master Server ........................................................................................................................... 13
3.1.
Overview .......................................................................................................................... 13
3.2.
Considerations/Recommendations .................................................................................... 14
Regional Server ........................................................................................................................ 16
4.1.
Overview .......................................................................................................................... 16
4.2.
Considerations/Recommendations .................................................................................... 17
4.3.
Server Decisions ................................................................................................................ 18
Enterprise Network Bandwidth ................................................................................................. 19
5.1.
Overview .......................................................................................................................... 19
5.2.
Cardholder Record Formula ............................................................................................... 19
5.3.
Photo Record Formula ....................................................................................................... 20
5.4.
Event Record Formula ....................................................................................................... 21
5.5.
Enterprise Wide Formula ................................................................................................... 21
5.6.
OnGuard Ports .................................................................................................................. 22
Encryption ................................................................................................................................ 23
6.1.
Transparent Data Encryption ............................................................................................. 23
6.2.
Hardware Encryption ......................................................................................................... 23
Segmentation........................................................................................................................... 25
7.1.
Overview .......................................................................................................................... 25
7.2.
Alarm Monitoring Segmentation Example.......................................................................... 27
7.3.
System Administration Segmentation Example.................................................................. 28
7.4.
Advanced Segmentation Options ......................................................................................29
7.5.
Considerations/Recommendations .................................................................................... 31
2
7.6.
8.
Dynamic Segments & Login Options .................................................................................. 31
Replicator ................................................................................................................................. 32
8.1.
Overview .......................................................................................................................... 32
8.2.
Replicator running as an Application .................................................................................. 33
8.3.
Replicator Scheduling ........................................................................................................ 34
8.4.
Hardware Replication ........................................................................................................ 35
8.5.
Custom Alarm Replication ................................................................................................. 36
8.6.
Additional Replication ....................................................................................................... 36
8.7.
Considerations/Recommendation ...................................................................................... 37
9.
Replication Administration ........................................................................................................ 38
9.1.
Overview .......................................................................................................................... 38
9.2.
System Diagnostic Tool Overview ...................................................................................... 38
9.3.
Enterprise Server Configuration ......................................................................................... 40
9.4.
Replicator Schedule........................................................................................................... 41
9.5.
Replicator Status ............................................................................................................... 42
9.6.
Enterprise Transactions ..................................................................................................... 43
9.7.
Allocated IDs .....................................................................................................................44
9.8.
System Alert Configuration Form Overview........................................................................ 45
9.9.
System-Wide Cardholder Search........................................................................................ 45
9.10.
10.
Considerations/Recommendations ................................................................................. 45
Naming Conventions .............................................................................................................46
10.1.
Overview ..........................................................................................................................46
10.2.
Considerations/Recommendation ..................................................................................46
11.
FormsDesigner ..................................................................................................................... 47
11.1.
Overview .......................................................................................................................... 47
11.2.
Considerations/Recommendations ....................................................................................48
12.
OnGuard Enterprise Management ......................................................................................... 51
12.1.
Overview .......................................................................................................................... 51
12.2.
Master Server Maintenance ........................................................................................... 51
12.2.1.
12.3.
Daily & Monthly tasks ............................................................................................ 51
Regional Server Maintenance ............................................................................................ 52
12.3.1.
Daily & Monthly Tasks ............................................................................................ 52
3
13.
Archiving .............................................................................................................................. 54
13.1.
Overview .......................................................................................................................... 54
13.2.
Considerations/Recommendation ...................................................................................... 55
14.
Logon Privileges and User Permissions .................................................................................. 56
14.1.
Overview .......................................................................................................................... 56
14.2.
Considerations/Recommendation .................................................................................. 57
15.
Lenel Services ....................................................................................................................... 58
15.1.
Overview .......................................................................................................................... 58
15.2.
LS Communication Server................................................................................................. 59
15.3.
LS ID Allocation Server Service .......................................................................................... 59
15.4.
LS License Server .............................................................................................................. 59
15.5.
LS Login Driver ................................................................................................................60
15.6.
LS Linkage Server..............................................................................................................60
15.7.
LS Global Output Server...................................................................................................60
15.8.
LS Replicator ................................................................................................................... 61
15.9.
LS DataExchange Server.................................................................................................... 61
15.10.
LS Video Archive Server ................................................................................................. 61
15.11.
LS DataConduIT Service................................................................................................. 61
15.12.
LS Configuration Download Service................................................................................62
15.13.
LS Application Server Service .........................................................................................62
15.14.
LS PTZ Tour Service.......................................................................................................62
15.15.
LS Client Update Server .................................................................................................62
15.16.
Proposed Services Setup ................................................................................................ 63
16.
List Builder ...........................................................................................................................64
16.1.
Overview ..........................................................................................................................64
16.2.
System Lists Edited only at the Master ...........................................................................64
16.3.
Non-System Lists Editable from any Region ....................................................................... 65
16.4.
List Builder Segmentation .............................................................................................. 65
17.
Citrix / Terminal Services .......................................................................................................66
17.1.
Overview ..........................................................................................................................66
17.2.
Considerations/Recommendations ....................................................................................66
18.
Reports................................................................................................................................. 67
4
18.1.
Overview .......................................................................................................................... 67
18.2.
Reports Screen .............................................................................................................. 67
19.
Fault Tolerance & Disaster Recovery ......................................................................................68
19.1.
Overview ..........................................................................................................................68
19.2.
What is Clustering? ........................................................................................................68
19.2.1.
NEC Hardware Redundant Servers ..........................................................................69
19.2.2.
MS Clustering.........................................................................................................69
19.2.3.
NEC ExpressCluster LAN/WAN ............................................................................... 70
19.3.
Comparison of Clustering Options...................................................................................... 72
19.3.1.
Fault Tolerance vs. Disaster Recovery...................................................................... 72
19.3.2.
MS Clustering vs. NEC ExpressCluster ..................................................................... 72
20.
DataExchange ...................................................................................................................... 73
21.
DataConduIT ........................................................................................................................ 74
22.
Foreign Language Packs ........................................................................................................ 75
22.1.
Overview ....................................................................................................................... 75
22.2.
Details ........................................................................................................................... 75
23.
Virtualization ........................................................................................................................ 77
Lenel supports multiple Virtualization platforms: ........................................................................... 77
23.1.
VMWare Overview ............................................................................................................ 77
23.2.
Benefits of VMware ....................................................................................................... 77
23.3.
OnGuard Support for VMware Server ................................................................................. 77
23.4.
Hyper-V......................................................................................................................... 78
24.
Test Environment and Server ................................................................................................ 78
24.1.
Overview ....................................................................................................................... 78
24.2.
Considerations/Recommendations ................................................................................. 78
25.
Security and Best Practices.................................................................................................... 79
25.1.
Overview .......................................................................................................................... 79
25.2.
Users and Permissions ................................................................................................... 79
25.3.
Database Security / Authentication .................................................................................... 79
25.4.
OnGuard Operation ....................................................................................................... 79
26.
Web Applications .................................................................................................................. 80
26.1.
Overview ....................................................................................................................... 80
5
26.2.
Considerations/Recommendations ................................................................................. 80
26.3.
Area Access Manager (Browser-Based) ........................................................................... 81
26.4.
Video Viewer (Browser-Based) ....................................................................................... 82
26.5.
Visitor Management (Browser-Based) ............................................................................ 83
27.
Database Migration / Existing System Options ....................................................................... 85
27.1.
Overview .......................................................................................................................... 85
27.2.
Enterprise Migration Awareness ........................................................................................86
27.2.1.
Segmentation & Segmentation Options ..................................................................86
27.2.2.
Cardholder Screen Layouts & Field Sizes .................................................................86
27.2.3.
Duplicate Cardholders ............................................................................................ 87
27.2.4.
Duplicate Badge ID’s............................................................................................... 87
27.2.5.
Events & User Transactions..................................................................................... 87
27.2.6.
Badge Types .......................................................................................................... 87
27.2.7.
OnGuard Object Naming Convention ...................................................................... 88
27.2.8.
Items Which May Not be Migrated: ......................................................................... 88
27.2.9.
Down Time ............................................................................................................89
28.
Professional Engineering Services (PES).................................................................................90
28.1.
Portfolio of Services Overview........................................................................................90
28.1.1.
Factory Acceptance Test.........................................................................................90
28.1.2.
On-site Install and Deployment Services .................................................................90
28.1.3.
On-site or Remote Software Upgrade Service..........................................................90
28.1.4.
System Assessment Services ..................................................................................90
28.1.5.
One-Time Import from a Database..........................................................................90
28.1.6.
OnGuard Migration ................................................................................................ 91
28.1.7.
NEC ExpressCluster X Deployment Services ............................................................ 91
28.1.8.
PES Premium Support Services ............................................................................... 91
29.
Lenel Remote Managed Services ...........................................................................................92
29.1.
Overview .......................................................................................................................92
29.2.
Progress Meeting...........................................................................................................92
29.3.
Remote Managed Services .............................................................................................92
30.
30.1.
Custom Solutions .................................................................................................................. 93
Overview .......................................................................................................................... 93
6
30.2.
31.
Services ......................................................................................................................... 93
Embedded Services ...............................................................................................................94
31.1.
32.
Overview ..........................................................................................................................94
Training ................................................................................................................................ 95
32.1.
Overview .......................................................................................................................... 95
32.2.
OnGuard User Factory Training ...................................................................................... 95
32.3.
Considerations/Recommendations .................................................................................... 95
33.
32.3.1.
Enterprise Administrators .......................................................................................96
32.3.2.
Regional Administrators .........................................................................................96
32.3.3.
Operators ..............................................................................................................96
32.3.4.
OnGuard User Programs .........................................................................................96
Direct Customer Technical Support ....................................................................................... 97
7
1. Project Overview
Lenel OnGuard Enterprise Edition allows the access control and cardholder management
system to be spread across multiple databases for increased performance, capacity, and fault
tolerance. Each database (Region) is a fully operational, autonomous system not reliant on
other regions to function normally. An additional database (Master) stores a copy of the
information from each region providing global reporting, administration, and system
maintenance.
System Architecture
Sample Corp consist of many offices around the world with their headquarters based out of
Cleveland, Ohio. Due to the vast distance between these sites Sample Corp has been driven
towards a multi-server Enterprise model. The Enterprise model offers them local region
server/client performance while still maintaining a global cardholder population. The proposed
Enterprise deployment will be originating with the Master Server in Kentucky. The initial
deployment will consist of the Master and two Regional Servers as follows:
8
2. Enterprise Overview
2.1. What is the Lenel OnGuard Enterprise Solution?
•
Designed for anyone who is looking for:
o A single cardholder database distributed throughout multiple regions that can
be across the country or across the globe.
o A central Master database used for:
Enterprise Wide Alarm Monitoring
Enterprise Wide Reporting
HR Feeds & Interfaces
Administration
Maintaining common business policies across your global access control
system.
o Local Control of Regional Sites that can be Independent of the Enterprise
Master Server
o Faster Client / Server performance from Regional server placement.
9
2.2. Basic OnGuard Architecture
Intelligent System Controller (ISC)
Onboard Memory & NIC
Contains Cardholder Population
Makes Access Decisions
Fully independent if host connection is lost (stores events in memory)
Optional AES Encryption
Reader Interface Module (RIM)
Provides interface to readers via rs485 to the ISC
Eight (8) simultaneous card formats supported
Dedicated Inputs for door contacts, REXs
Can grant access based on Facility code if connectivity to ISC is lost.
Optional AES Encryption
10
2.3. Basic Enterprise Architecture
•
In its simplest form, an Enterprise system consists of a Master server, with one or
more regions
•
The Regional servers use our Replicator Application to communicate changes to the
Access Control system from Region to Master and visa versa.
•
Changes in cardholder data, events and transactions, as well as hardware
configurations are replicated throughout the system
•
Regional Servers do not communicate with one another directly.
11
2.4. OnGuard Enterprise Architecture
Historically, the Enterprise architecture was limited to two levels: (1) The Enterprise
Master Server and (2) Regional Servers. All Regional Servers connected to the Master
Server, so although the system was scalable, it offered the ability to expand “across”
the Enterprise, but not “Down”. Multi-level Enterprise allows you to create regions
underneath regions. However, this design does not apply to all customers. Most find
that expanding ‘across’ the enterprise is best.
Users and Permission groups are replicated throughout the entire Enterprise.
12
3. Master Server
3.1.
Overview
The Master Server is a central repository for all cardholder and hardware related data.
Updates to cardholder, visitor, asset, users and hardware data made at a Regional
Server(s) are replicated to the Master Server using the Replicator application.
Only the Child Region(s) of the Master Server directly replicate. The server must be a
SQL Server or a Oracle database. The Master Server maintains all the system wide
business rules governing the regions below it.
The Master server can have hardware programmed directly. Workstations to directly
interact with the Master database and server hardware. This helps to reduce cost of
operating a additional regional server. However, the number of devices connected to
theMaster server with hardware needs to be considered because the Master server has
additional Regions replicating with it.
13
If you organization plans on connecting more than 125 devices to the first Region,
we recommend using the standalone Master model as shown below to help reduce
database load on the Master server.
3.2. Considerations/Recommendations
•
When using the standalone Master Server architecture the Master Server should be
centrally located with good network connectivity to all Regions.
•
The Master Server is the location of the ID Allocation service. It supplies IDs to all
regions regardless of level. Each region must be able to communicate with the
Master Server. This is done through a RPC call and not through a DSN.
•
•
Default communication port is TCP:4065 – Configured in ACS.INI [Services]
“IDAllocationRpcPort”
The following programming elements can only be configured on the Master Server:
Cardholder Form, System & Cardholder Configurations, Badge Types, Badge
Designs, Directories, Certificate Authorities, Advanced Segment Options and Card
Formats. Procedures need to be in place to accommodate Regional requests for
these elements to be added or modified.
14
•
Field Hardware can be configured and controlled from the Master Server. (E.G, ISC
Controllers, DVR/LNR, 3rd Party Hardware Interfaces, etc.). If the Master server is
going to be used for communicate with field hardware, a comprehensive disaster
recovery plan should also be put in place.
Master Database
Supported Database Types for Enterprise Masters and Regions
•
•
•
•
•
•
•
•
•
StandardSQL / Oracle Database located on Master Server
o Stores transactions replicated from all regions
Will need to be large enough to store:
o Transactions from all regions
Required for online reporting
Size based on:
o Total number of regions
o Quantity of transactions (Hardware, User, and events)
OnGuard utilizes the (SQL Server Native Client 10.0) &
(Oracle for ODBC) drivers only.
Enabling Strong Encryption within the ODBC connection is also supported.
All DSNs should follow a standard naming convention
[SERVER-NAME]Lenel
Example: LAB2SERVERLenel
DSN [LENEL] cannot be used.
15
4. Regional Server
4.1. Overview
An independent Lenel OnGuard Access Control server that communicates via a
network with an Enterprise Master or a Parent Region server for the purpose of
replicating data to the parent and sharing cardholder updates.
Each server must be an SQL Server or Oracle database. Regional servers do not have to
be of the same database type as the Master. While not recommended, you can have
both Microsoft SQL and Oracle databases in one Enterprise system.
16
4.2. Considerations/Recommendations
•
Regional Servers should be given a logical name indicating their location. You can
also create a display name within OnGuard for easy identification.
•
Regional Servers communicate with field hardware and client monitoring
workstations and should have a comprehensive disaster recovery plan in place.
•
Users and User Permissions replicate throughout the Enterprise. Users will replicate
upward in a direct line to the Master. Users will replicate downward as needed.
User Permission Groups are assigned to a segment(s) when created. Linking
OnGuard accounts to Active Directory accounts is highly recommended, to
minimize administrative tasks.
•
All DSNs must follow standard naming convention. Two System DSN connections
must exist on the Regional server. One will got to the Enterprise Master, one to the
Region.
o [SERVER-NAME ]Lenel
o Example: LAB2SERVERLenel
o DSN [LENEL] cannot be used.
•
While the Regional Server is independent of the Master Server, it does rely on the
Master Server for Cardholder Forms, ID allocation and various system options.
17
4.3. Server Decisions
Enterprise Master Server
Location
Baltimore, MD
Server Name
SampleMas
Display name
SampleCorpMaster
IP Address
111.111.111.5
Database Type
SQL 2008 R2
Database Name
LenelMasterAC
DSN Name
LenelMasterAC
Administrator
Mary Brown
Local Hardware
No
Region 1
Region 2
Sacramento, CA
Phoenix, AZ
Server Name
SampleReg1
SampleReg2
Display name
SampleCorpReg1
SampleCorpReg2
IP Address
192.168.122.2
10.133.255.3
Database Type
SQL 2008 R2
SQL 2008 R2
Database Name
LenelSacramentoAC
LenelPhoenixAC
DSN Name
LenelSacramentoAC
LenelPhoenixAC
John Smith
Chris Palmer
Location
Administrator
18
5. Enterprise Network Bandwidth
5.1. Overview
•
The barebones minimum network bandwidth for Master <-> Region communication
is 256kb/sec. THIS IS NOT A RECOMMENDATION!
•
The minimum latency for Master <-> Region communication is <200ms
•
The bandwidth is going to depend on the activity level at a customer’s location. A
site that modifies 100 cardholders a day will consume much less bandwidth than a
site that modifies 10,000 a day.
•
The following formulas use out of the box sizes for some commonly replicated
items in a OnGuard environment. The photo (mmobjs) size was based on a 250kb
image.
5.2. Cardholder Record Formula
•
To determine the bandwidth generated by cardholder additions and modifications,
multiply the size of the table by the number of transactions.
•
For a basic cardholder record (no photo), the formula is:
(size of EMP + size of UDFEMP + size of BADGE) x (number of transactions)
Example: For a site that plans to add or modify 1000 cardholders per day, that’s
(240 bytes + 992 bytes + 226 bytes) x 1000 cardholders/day =1,232,000 bytes/day (1.4
Mb/day)
NOTE: The size of each transaction will increase if the customer adds fields to the
standard cardholder form.
19
5.3. Photo Record Formula
•
When capturing photos for Cardholder records in OnGuard, be mindful of the size of
image your are storing. The photo record is usually the largest object being
replicated in an Enterprise Environment.
•
For photos that will also be added (estimated @ 250kb), the formula is:
(size of mmobjs) x (number of transactions)
Therefore, for 1000 photos: 250,000 bytes x 1000 transactions/day=250,000,000
bytes/day (250 MB/day)
20
5.4. Event Record Formula
•
Although cardholder transactions must be considered, an overlooked source of
bandwidth generation is events. One incorrectly configured camera or
malfunctioning device can generate over a million transactions a day. Although
each event is only 4,124 bytes, replicating a million a day will take a significant toll
on both the network and the database.
•
Formula: (size of events table) x (number of transactions)
•
Example of 10,000 per day:
4124 bytes x 10,000 transactions/day=41,240,000 bytes/day (50 mb per Day)
•
Example of 500,000 per day:
4124 bytes x 500,000 transactions/day=2062000000 bytes/day (1.92 gb per Day)
5.5. Enterprise Wide Formula
•
The above formulas show bandwidth used between a Master and a region. To
estimate the bandwidth requirements enterprise-wide, you’ll need to include the
number of regions in your calculation.
•
Formula: Assuming all cardholders are replicating everywhere:
[(size of table) x (number of transactions)] x (number of regions).
•
Cardholder Records (1.4mb) + Photo Records (250mb) + Event Records (50mb) x
(Number of Regions)
•
Example of (302MB) combined Regional Table Size x (5) Regions = (1.5GB per Day)
21
Lenel OnGuard

Lenel OnGuard

What is Collaboration? • In object-oriented systems:

What is Collaboration? • In object-oriented systems:

Document 27980

Document 27980

MC–005 To keep other people from seeing what you entered on

MC–005 To keep other people from seeing what you entered on

.

.

Document 185114

Document 185114

Document 264868

Document 264868

RBC Royal Bank Visa CreditLine for small business

RBC Royal Bank Visa CreditLine for small business

2014 GROUP TICKET ORDER FORM    How  Ticket Type 

2014 GROUP TICKET ORDER FORM    How  Ticket Type 

FIS Dispute Resolution Center  Dispute/Fraud Cover Sheet 

FIS Dispute Resolution Center  Dispute/Fraud Cover Sheet 

How to make Your worDs Have HigH impaCt professional skills

How to make Your worDs Have HigH impaCt professional skills

Massachusetts College of Art and Design Procurement Card Procedures Manual September 2014

Massachusetts College of Art and Design Procurement Card Procedures Manual September 2014

Corporate Card Manual April 2014

Corporate Card Manual April 2014

Thermo Scientific Dionex OnGuard II Sample Pretreatment Cartridges and Workstation

Thermo Scientific Dionex OnGuard II Sample Pretreatment Cartridges and Workstation

Northern Kentucky University Procurement Card Program Cardholder Manual

Northern Kentucky University Procurement Card Program Cardholder Manual

ClearPass 6.4.2 Release Notes

ClearPass 6.4.2 Release Notes

ClearPass 6.4.5 Release Notes

ClearPass 6.4.5 Release Notes

ClearPass 6.5.0 Release Notes

ClearPass 6.5.0 Release Notes

abcdocz.com

© Copyright 2024