-
User GuideAvigilon Access Control Manager™ System
Version 5.12.0
-
© 2009 2018, Avigilon Corporation. All rights reserved. AVIGILON, the AVIGILON logo, AVIGILON CONTROLCENTER, ACC, ACCESS CONTROL MANAGER, ACM and ACM VERIFY are trademarks of Avigilon Corporation.HID, HID GLOBAL, APERIO, VERTX and VERTX EVO are trademarks or registered trademarks of HID Global,ASSA ABLOY AB, or its affiliate(s) in the US and other countries. Other names or logos mentioned herein may bethe trademarks of their respective owners. The absence of the symbols ™ and ® in proximity to each trademark inthis document or at all is not a disclaimer of ownership of the related trademark. Avigilon Corporation protects itsinnovations with patents issued in the United States of America and other jurisdictions worldwide (seeavigilon.com/patents). Unless stated explicitly and in writing, no license is granted with respect to any copyright,industrial design, trademark, patent or other intellectual property rights of Avigilon Corporation or its licensors.
This document has been compiled and published using product descriptions and specifications available at thetime of publication. The contents of this document and the specifications of the products discussed herein aresubject to change without notice. Avigilon Corporation reserves the right to make any such changes withoutnotice. Neither Avigilon Corporation nor any of its affiliated companies: (1) guarantees the completeness oraccuracy of the information contained in this document; or (2) is responsible for your use of, or reliance on, theinformation. Avigilon Corporation shall not be responsible for any losses or damages (including consequentialdamages) caused by reliance on the information presented herein.
Avigilon Corporationavigilon.com
PDF-ACM-USG-5.12.0-A
Revision: 1 - EN
20180625
ii
http://www.avigilon.com/patents
-
Table of Contents
Avigilon Access Control Manager System Fundamentals 1
The Avigilon Access Control Manager System 1
Logging into the Avigilon Access Control Manager Application 2
Navigating the Application 3
Logging Out of the Avigilon Access Control Manager Application 5
Help in the Avigilon Access Control Manager System 5
Using a Pop-Up Calendar 5
Setting Personal Preferences 6
Changing the Password in My Account 6
My Account screen - Profile page 7
My Account screen - Batch Jobs 8
My Account screen - Job Specification 9
Scheduling Batch Jobs 9
Generating a Batch Report 9
Applying an Identity Profile to a Group Using a Job Specification 11
Applying a Door Template to a Group Using a Job Specification 13
Scheduling a Global Action 14
Setting Batch Door Modes 16
Contacting Your Support Representative 17
For More Information 17
Technical Support 17
Upgrades 17
Feedback 17
Initial Setup 17
Accepting the End User License Agreement 17
Changing the Administrator Password 18
Creating a Super Admin Identity 18
Managing Appliances 20
Appliances - Changes 20
Adding Extra Appliances 20
Editing Appliances 20
Deleting an Appliance 21
Configuring Replication and Failover 21
Failover/Redundancy Feature 22
Automatic failover 22
Manual failover and failback 23
iii
-
Recommended System Architecture 23
System Architecture for Replication 23
System Architecture for Redundancy 24
Replication and Failover Requirements 26
1. Preparing Appliances for Replication and Failover 27
Setting Up the Primary Appliance 27
Setting Up Additional Appliances 28
2. Setting Up Replication Between Appliances 30
Enabling Replication on the Primary Appliance 30
Enabling Replication on the Second Peer or Standby Appliance 31
3. Adding a Replication Subscription 33
Testing Replication 36
Checking the Appliance Replication Status 36
Testing Two-Way Replication 38
4. Setting Up Failover 39
Configuring Email Notifications for Replication Events 41
Removing Replication and Failover 42
Failing Over and Failing Back 43
Automatic Failover 43
Manual Failover 43
Failback 44
Monitoring Transactional Replication to Hot Standby 45
Configuring Network Connections 45
Configuring Ethernet Ports 45
Appliances - Virtual Port Add page 46
Adding Ethernet Routes 46
Enabling Serial Ports 47
Appliances - Serial Port Edit page 47
Backups 48
Backing Up System Data 48
Manually Backing Up Data 48
Restoring Backups 48
Logs 49
Accessing Appliance Logs 49
Software Updates 49
Updating the Appliance Software 49
Viewing the ACM™ SSL Certificate 50
Appliances - About 51
iv
-
Applying License Upgrades 51
Viewing the End User License Agreement 51
Accepting the End User License Agreement 51
Reviewing the Appliance Status 52
Appliances - Listing page 52
Appliances - Add page 53
Appliances: Edit screen 55
Appliances - Access page 58
Appliances - Port Listing page 59
Appliances - Ethernet Ports page 59
Appliances - Ethernet Virtual Listing page 60
Appliances - Virtual Port Edit page 60
Appliances - Routes Listing page 61
Appliances - Route Add page 61
Appliances - Route Edit page 62
Appliances - Serial Port Edit page 62
Appliances - Replication page 63
Replication page 63
Appliances - Backups Listing page 65
Appliances - Backups Add page 66
Appliances - Backups Edit page 67
Appliances - Backup File List 69
Appliances - Logs Listing page 69
Appliances - Logs page 70
Appliances - Software Updates page 70
Appliances - Software Update Add page 70
Appliances - About page 71
Physical Access - Main page 73
Outputs 73
Output Modes 74
Operating Mode 74
Inputs 74
Outputs 75
Configuring Doors 75
Searching for Doors 76
Doors - Advanced Filtering 76
Controlling Doors 77
Adding Doors 78
v
-
Adding Simple Macros 78
Editing Doors 79
Doors - Editing HID® Doors 80
Doors - Editing Mercury Security Doors 80
Deleting Doors 81
Door Modes 81
Access Types 82
ACM Verify™ 82
Adding an ACM Verify Door 82
Doors - Avigilon New Parameters page 83
Paired Devices 84
Prerequisites for Pairing Devices 84
Precautions for Paired ACM Verify Stations 85
Pair a Device 85
Using ACM Verify 86
Anti-Passback 87
Anti-Passback Modes 87
Setting Up Anti-Passback 88
Granting a Free Pass 89
Global Anti-Passback 89
Global Anti-Passback Modes 90
Interlocks 91
Accessing Interlocks through Doors 91
Accessing Interlocks from Subpanel Inputs 92
Accessing Interlocks from Subpanel Outputs 92
Adding Interlocks 92
Editing Interlocks 93
Doors - Listing page 93
Doors - Add page 94
Doors - HID® New Parameters page 98
Doors - Mercury Security New Parameters page 100
Doors - Edit Screen 103
Doors - Mercury Security Edit screen 103
Doors - Mercury Security Parameters page 103
Mercury Security Operations page 106
Doors - Mercury Security Hardware page 109Doors - Mercury Subpanel Reader Edit page 111Doors - Subpanel Input Edit page 113Doors - Subpanel Output Edit page 113
vi
-
Doors - Mercury Security Elev page 114
Doors - Mercury Security Cameras page 114Live Video Window 116
Doors - Mercury Security Interlocks page 117Interlocks - Add page 117Interlocks - Door Edit page 118
Doors - Mercury Security Events page 119Doors - Creating Local Events for Mercury Security Doors 120
Doors - Mercury Security Access page 121
Doors - Mercury Security Transactions page 122
Doors - HID VertX® Edit screen 122
Doors - HID® Parameters page 122
Doors - HID® Operations page 124
Doors - HID® Hardware page 127Doors - HID® Subpanel Reader Edit page 128Doors - HID® Subpanel Input Edit page 128Doors - HID® Subpanel Output Edit page 129
Doors - HID® Cameras page 130
Doors - HID® Events page 131Doors - Creating Local Events for HID® Doors 132
Doors - HID® Access page 133
Doors - HID® Transactions page 134
Doors - Access page 134
Configuring Locks 134
Configuring Assa Abloy Aperio® Wireless Lock Technology 134
Configuring Allegion Schlage AD400 Series Locks 135
Configuring Allegion Schlage LE Series Locks 136
Configuring Allegion Schlage NDE Series Locks 138
Configuring SimonsVoss Wireless Locks 139
Door Templates 142
Door Templates - Batch Update 143
Door Templates - Listing page 143
Door Templates - Add page 144
Configuring Panels 146
Searching for Panels 146
Adding Panels 146
Adding HID VertX® Panels 146
Adding Mercury Security Panels 147
Configuring the Mercury Security MS Bridge Solution 147
Editing Panels 148
vii
-
Editing HID VertX® Panels 148
Editing Mercury Security Panels 148
Resetting Anti-Passback from the Panel 148
Downloading Parameters 149
Downloading Tokens 149
Lenel Panel Support 149
Resetting Doors/Subpanels 150
Updating Firmware 150
Updating Panel Time 150
Deleting Panels 151
Subpanels 151
Adding Subpanels 152
Editing Subpanels 152
Deleting Subpanels 152
Macros 153
Adding Macros 153
Editing Macros 154
Deleting Macros 154
Assigning Macros 154
Assigning a Macro to a Trigger 154
Assigning a Macro to a Macro 154
Assigning a Macro to a Door 155
Sorting Macros 155
Triggers 155
Adding Triggers 155
Editing Triggers 155
Deleting Triggers 156
Panels - Listing page 156
Panels - Panel Add page 157
HID® 157
Mercury Security 157
Panels - Batch Add HID® Subpanels page 158
Panels - Batch Add Mercury Security Subpanels page 159
HID VertX® Panel pages 159
Panels - HID VertX® Status page 159Subpanels - HID VertX® Status Listing page 160Panels - HID® Firmware Listing page 161Panels - HID® Firmware Upload page 161
Panels - HID VertX® Configure page 162
viii
-
Panels - HID VertX® Host page 162
Panels - HID VertX® Subpanels page 163Subpanels - HID® Subpanel Add page 164Subpanels - HID® Subpanel Edit page 164Subpanels - HID® Input Listing page 165Subpanels - HID® Input Edit page 165Subpanels - HID® Outputs Listing page 166Subpanels - HID® Outputs Edit page 167Subpanels - HID® Readers Listing page 167Subpanels - HID® Reader Edit page 168
Panels - HID VertX® Events page 168Panels - Create Local Events for HID® Panels 170Subpanels - HID VertX® Events page 171Subpanels - Create Local Events for HID® Subpanels 173Inputs - HID VertX® Events page 175Inputs - Create Local Events for HID® Inputs 176Outputs - HID VertX® Events page 178Outputs - Create Local Events for HID® Outputs 179
Mercury Security Panel pages 181
Panels - Mercury Security Status page 181Subpanels - Mercury Security Status Listing page 182Panels - Mercury Security Firmware Listing page 183Panels - Mercury Security Firmware Upload page 183
Panels - Mercury Security Configure page 184
Panels - Mercury Security Host page 184
Panels - Mercury Security Subpanels page 185Subpanels - Mercury Security Subpanel Add page 186Subpanels - Mercury Security Subpanel Edit page 187Subpanels - Mercury Security Input Listing page 188Subpanels - Mercury Security Input Edit page 188Interlocks - Input Listing page 190
Interlocks - Input Add page 191
Interlocks - Input Edit page 192Subpanels - Mercury Security Outputs Listing page 193Subpanels - Mercury Security Outputs Edit page 193Interlocks - Output Listing page 194Interlocks - Output Add page 194Interlocks - Output Edit page 195Subpanels - Mercury Security Readers Listing page 196Subpanels - Mercury Security Readers Edit page 197
Panels - Mercury Security Macros 199Macros - Macro Command Listing page 199Macros - Macro Command Add page 200Macros - Macro Command Edit page 200
Triggers - Listing page 201Triggers - Add page 201
ix
-
Triggers - Edit page 202
Panels - Mercury Security Access Levels page 203
Panels - Mercury Security Events page 204Panels - Create Local Events for Mercury Security Panels 206Subpanels - Mercury Security Events page 207Subpanels - Create Local Events for Mercury Security Subpanels 209Inputs - Mercury Security Events page 211Inputs - Create Local Events for Mercury Security Inputs 212Outputs - Mercury Security Events page 214Outputs - Create Local Events for Mercury Security Outputs 215
Panels - Schedules tab 217
Areas 218
Areas - Adding 219
Areas - Editing 219
Areas - Deleting 220
Areas - Listing page 220
Areas - Add page 220
Areas - Edit page 221
EOL Resistance 222
Adding EOL Resistance for Mercury Input Points 222
Adding EOL Resistance to HID® Input Points 222
Editing EOL Resistance for Mercury Input Points 222
Editing EOL Resistance for HID® Input Points 223
EOL Resistance - HID® Listing page 223
EOL Resistance - Add page 223
EOL Resistance - Edit page 224
EOL Resistance - Mercury Security Listing page 224
EOL Resistance - Add Normal page 224
EOL Resistance - Add Advanced page 225
EOL Resistance - Edit page 226
Normal Edit page 226
Advanced Edit page 226
Mercury Security LED Modes - Listing page 227
Editing Mercury Security LED Modes 228
Mercury Security LED Mode Table screen 228
LED Modes for Mercury Security 229
Card Formats 231
Adding Card Formats 231
Editing Card Formats 231
Deleting Card Formats 231
x
-
Card Formats - Listing page 231
Card Formats - Add page 232
Card Formats - Edit page 233
Events - Introduction 234
Events - Searching 235
Events - Editing 235
Events - Assigning Priority Colors 235
Events - Listing page 237
Events - Edit page 237
Events - Colors Listing page 239
Events - Color Add page 239
Events - Color Edit page 240
Global Actions 240
Global Actions - Adding 240
Global Actions - Editing 241
Global Actions - Action Types 241
Global Actions - Deleting 241
Global Actions - Intrusion Linkages and Actions 241
Intrusion panel alarm due to an event in the ACM System 242
Disable/enable doors from keypad 242
Disarm Alarm on Access Grant with restricted authorities 242
Global Actions Listing page 242
Global Actions - Add page 243
Global Actions - Edit page 248
Global Linkages - Introduction 252
Global Linkages - Adding 253
Global Linkages - Editing 253
Global Linkages - Listing page 253
Global Linkages - Add page 254
Global Linkages - Edit screen 254
Global Linkages - Linkage page 255
Global Linkages - Devices page 256
Global Linkages - Events page 257
Global Linkages - Tokens page 258
Global Linkages - Actions page 259
Mustering - Introduction 260
Mustering - Requirements 261
Mustering - Creating a Dashboard 261
xi
-
Mustering - Using the Dashboard 262
Mustering - Manually Moving Identities 264
Setup & Settings - Main page 265
Schedules and Holidays - Introduction 265
Schedules 265
Holidays 266
Adding Schedules 266
Editing Schedules 267
Deleting Schedules 267
Holidays - Adding 267
Holidays - Editing 268
Holidays - Deleting 268
Holidays and Schedules - Examples 268
Example 1: Part-Day Holiday 268
Example 2: Additional Access Time 269
Schedules - Listing page 269
Schedules - Add New page 270
Schedules - Edit page 271
Holidays - Listing page 272
Holidays - Add New page 272
Holidays - Edit page 273
Event Types - Introduction 274
Adding Event Types 276
Editing Event Types 276
Deleting Event Types 276
Event Types - Listing page 277
Event Types - Add New page 278
Event Types - Edit page 278
User Defined Fields - Introduction 279
User Defined Fields - Adding a Field 279
User Defined Fields - Adding User Defined Tabs 280
User Defined Fields - Editing User Defined Tabs 281
User Defined Fields - Deleting Fields 281
User Defined Tabs - Deleting 281
User Defined Fields - Listing page 281
User Defined Fields - Add New page 282
User Defined Tabs - Listing page 282
User Defined Tabs - Add page 283
xii
-
User Defined Tabs - Edit page 283
User Lists - Introduction 283
User Lists - Adding Items to a List 284
User Lists - Editing Items 284
User Lists - Deleting Items 284
User Lists - User-Defined Lists 284
User Lists - User List Edit screen 285
System Settings 285
System Settings - General page 285
Remote Authentication from External Domains 288
About Certificate Pinning 289
System Settings - Configuring Remote Authentication Using SSL Certificates 289
Using Pinned Certificates 289
Using Trusted Certificates 290
System Settings - Remote Authentication 291
System Settings - External Domains Listing page 292
System Settings - External Domains Add page 293
System Settings - External Domains Edit page 293
System Settings - Certificates Listing page 294
Certificate Upload page 294
Badge Templates and the Badge Designer 295
Using the Badge Designer 295
Badge Templates - listing page 300
External Systems - Introduction 301
Supported External Systems 301
External Systems - Avigilon Server Listing page 301
External Systems - Avigilon Server: Add page 301
External Systems - Avigilon Server: Edit page 302
External Systems - Dedicated Micros Listing page 303
External Systems - Dedicated Micros Add page 303
External Systems - Dedicated Micros Edit page 304
External Systems - Exacq Servers Listing page 305
External Systems - Exacq Server Add page 305
External Systems - Exacq Server Edit page 306
External Systems - Motion Smoothing 307
External Systems - IP-Based Camera Listing page 307
External Systems - IP-Based Camera Add page 307
External Systems - IP-Based Camera Edit page 308
xiii
-
External Systems- Enabling RTSP 309
External Systems - LifeSafety Power Listing page 309
External Systems - LifeSafety Power Add page 309
External Systems - LifeSafety Power Supply Edit page 310
External Systems - Milestone Servers Listing page 310
External Systems - Milestone Server Add page 311
External Systems - Milestone Server Edit page 311
External Systems - Salient Servers Listing page 312
External Systems - Salient Server Add page 312
External Systems - Salient Server Edit page 313
External Systems - Bosch Intrusions page 314
External Systems - Bosch Intrusions Areas page 315
External Systems - Bosch Intrusions Outputs page 315
External Systems - Bosch Intrusions Points page 315
External Systems - Bosch Intrusions Users page 316
External Systems - ViRDI 316
External Systems - ViRDI System Settings 316
External Systems - Adding 317
External Systems - Editing 318
External Systems - Deleting 318
External Systems - Integrating an ACM Appliance into an ACC™ Site 318
External Systems - Defining the Badge Camera for the System 320
Bosch Intrusion Panels 321
Integrating the ACM System with Bosch Intrusion Panels 321
Adding a Bosch Intrusion Panel 323
Editing a Bosch Intrusion Panel 323
Synchronizing Bosch Intrusion Panels 324
Deleting a Bosch Intrusion Panel 324
Viewing Bosch Intrusion Panel Areas 325
Viewing Bosch Intrusion Panel Points 325
Viewing Bosch Intrusion Panel Outputs 325
Viewing Bosch Intrusion Panel Users 326
Assigning Bosch Intrusion Panel Users to Identities 326
Supported Bosch Intrusion Panels 327
Maps - Introduction 329
Maps - Creating and Editing a Map 329
Maps - Linking Maps 330
Using a Map 331
xiv
-
Map Templates (Settings) - Listing page 335
Map Template: Add New page 336
Maps - Edit page 336
Map Properties 337
Map Details 337
Identities 339
Identities Overview 339
Adding an Identity 339
Searching for an Identity 340
Editing an Identity 341
Identities - Assigning Roles 342
Identities - Assigning Tokens 343
Identities - Assigning Groups 343
Capturing and Uploading Photos of an Identity 344
Identities - Creating Badges 348
Creating an Identity Report 349
To generate an identity report: 349
To generate an event report: 350
Deleting an Identity 350
Destroy Batch feature 350
Timed Access 350
Adding Timed Access to an Identity 350
Editing Timed Access 351
Deleting Timed Access 351
Identities - Identity Search page 352
Identities - Add page 352
Identities - Identity page 354
Identities - Roles page 356
Identities - Tokens Listing page 357
Identities - Token: Add New page 357
Identities - Token Edit page 359
Identities - Groups page 361
Identities - Photos page 362
Identities - Badge page 363
Identities - Timed Access page 363
Identities - Access page 365
Identities - Transactions page 365
Identities - Audit page 365
xv
-
Identity Profiles 366
Adding an Identity Profile 366
Editing an Identity Profile 367
Identity Profiles - Assigning Roles 367
Identity Profiles - Defining Token Settings 368
Identity Profiles - Assigning Groups 368
Identity Profiles - Batch Update 369
Deleting an Identity Profile 369
Identity Profiles - Listing page 369
Identity Profiles - Add page 370
Identity Profiles - Identity page 371
Identity Profiles - Roles page 373
Identity Profiles - Token Profile: Edit page 374
Identity Profiles - Token Profile: Add New page 375
Identity Profiles - Groups page 376
Identity Profiles - Access page 376
Collaboration - Introduction 377
Collaborations - Adding 377
Collaborations - Adding Events XML Collaboration 378
Collaborations - Events XML Definitions 379
Collaborations - Events XML Example 382
Collaboration - Editing 383
Collaboration - Types 383
Collaboration - Running 384
Collaboration - Deleting 384
Collaboration - Assigning Events to a Collaboration 385
Collaboration - Listing page 385
Collaboration - Add page 386
Collaboration - Edit Screen 389
Collaboration - ArcSight CEF Edit Screen 389
Collaboration - CSV One-time Edit screen 390
Short Format 390
Long Format 390
Collaboration - Preparing CSV files 391Avoiding Duplicate Identities and Errors 391
Collaboration - Fields 391Mandatory Identity Fields 391Optional Identity Fields 391Token Fields 393
xvi
-
Collaboration - CSV Upload 394
Collaboration - CSV Upload Template 394CSV One Time Short Format Collaboration 394CSV One Time Long Format Collaboration 395CSV Recurring Collaborations 396
Collaboration - LDAP Pull Edit Screen 398
Collaboration - Milestone Edit Screen 398
Collaboration - Oracle RDBMS Pull Edit Screen 398
Collaboration - SQL Server Pull Edit Screen 399
Collaboration - Syslog Edit Screen 399
Collaboration - XML Edit Screen 399
Collaboration - Identity CSV Export Edit Screen 400
Collaboration - Identity CSV Recurring Edit Screen 401
Collaboration - Source page 404
Collaboration - Schedule page 404
Collaboration - Identity CSV Export Schedule page 405
Collaboration - Identity CSV Recurring Schedule page 406
Collaboration - Identities page 406
Collaboration - Tokens page 407
Collaboration - Blob page 408
Collaboration - User Defined page 408
Collaboration - Roles page 409
Collaboration - Events page 409
Roles - Main screen 411
Configuring Roles 411
Adding a Role 411
Editing a Role 412
Assigning an Access Group to a Role 413
Roles - Assigning Delegations 413
Roles - Assigning Routing Groups 413
Roles - Assign Roles 414
Deleting a Role 414
Roles - Role Search page 415
Roles - Role: Add page 416
Roles - Role: Edit page 417
Roles - Access Groups page 418
Roles - Delegate page 418
Roles - Routing page 419
xvii
-
Roles - Assign Roles page 419
Roles - Access page 419
Roles - Audit page 420
Managing Policies 420
Adding a Policy 420
Editing a Policy 421
Deleting a Policy 421
Policies - Listing page 421
Policies - Policy Add page 422
Policies - Policy page 422
Policies - Mercury Security page 423
Policies - Input page 426
Policies - Output page 427
Policies - Audit page 427
Configuring Groups 427
Adding a Group 428
Editing a Group 428
Assigning Policies to Groups 428
Assigning Components to Groups 429
Creating a Hardware Group for Routing 430
Using Policies to Override Hardware Settings 430
Performing an Identity or Template Batch Update 431
Scheduling an Identity or Door Batch Update 431
Deleting a Group 432
Groups - Listing page 432
Groups - Group Add page 432
Groups - Group Edit page 433
Groups - Policies page 433
Groups - Members page 433
Groups - Audit page 434
Managing Door Access 434
Adding an Access Group 434
Editing an Access Group 435
Deleting an Access Group 435
Access Groups - Example 436
Assigning an Access Group to a Role 436
Access Groups - Listing page 437
Access Groups - Access Group Add page 437
xviii
-
Access Groups - Edit page 438
Access Groups - Access page 439
Access Groups - Audit page 439
Managing Access in the Application 440
Adding a Delegation 440
Editing a Delegation 440
Adding a Delegation to a Role 441
Deleting a Delegation 441
Delegations Listing page 441
Delegations - New page 442
Delegations - Edit page 442
Partitioning the System 443
Adding a Partition 443
Editing a Partition 444
Configuring Partitions 444
Deleting a Partition 445
Partitions - Listing page 445
Partitions - Partition Edit page 445
Routing Events to the Monitor Screen 446
Adding a Routing Group 446
Editing a Routing Group 447
Assigning a Routing Group to a Role 448
Deleting a Routing Group 448
Routing Groups - Listing page 448
Routing Groups - Add page 449
Routing Groups - Schedule page 449
Routing Groups - Event Types page 450
Routing Groups - Groups page 450
Managing Elevator Access 451
Adding an Elevator Access Level 451
Editing an Elevator Access Level 451
Assigning an Elevator Access Level to an Access Group 451
Deleting an Elevator Access Level 452
Elevator Access Levels - Listing page 452
Elevator Access Levels - Add page 452
Elevator Access Levels - Edit page 453
Priority Situations 454
Planning Priority Door Policies 454
xix
-
Priority Door Policies, Global Actions, and Modes 455
Priority Door Policies and Emergencies 455
Configuring a Secure High-Priority Emergency Response 456
Testing a Secure Priority Emergency Response in the ACM System 459
Activating the High-Priority Emergency Response 460
During a High-Priority Situation 461
Deactivating a Priority Door Policy 462
Limitations of Priority Global Actions 462
Priority Hierarchy 463
Monitor - Introduction 465
Monitoring Events 465
Pause/Resume Events 466
Clear Events 466
View Live Video 466
View Recorded Video 467
Create Event Notes 467
View Event Notes 468
View Event Instructions 468
View Event Identity Details 468
View Event History 469
Change Events List Settings 469
Reconnect to Events List 469
Searching for Events and Alarms 470
View Camera (Search) 471
View Recorded Video (Search) 471
Create Event Notes (Search) 472
View Event Notes (Search) 472
View Event Instructions (Search) 473
View Event Identity Details (Search) 473
View Event History (Search) 473
Change Transactions List Settings 474
Monitor Alarms 474
Acknowledge Alarms 475
View Live Video (Alarms) 475
View Recorded Video (Alarms) 476
Create Event Notes (Alarms) 476
View Event Notes (Alarms) 477
View Event Instructions (Alarms) 477
xx
-
View Event Identity Details (Alarms) 478
View Event History (Alarms) 478
Change Alarms List Settings 478
Monitor - Verification screen 479
Verifying Cardholders at Doors 479
Verification Events List 480
Monitor - Hardware Status Page 481
System Status 481
Door Actions 482
Door Mode 482
Forced 483
Held 483
Door Status 483
Panel Status 484
Subpanel Details 485
Input / Output Details 485
LifeSafety Panels 486
Controlling System Hardware 486
Status Colors 487
Monitor Screen - Map Templates page 488
Using a Map 488
Add Map 492
Monitor Intrusion Panels 493
Monitor Intrusion Panel Status 493
Monitor Intrusion Panel Areas 493
Monitor Intrusion Panel Points 495
Monitor Intrusion Panel Outputs 496
Monitor Events page 496
Monitor screen - Live Video Window 497
Monitor screen - Recorded Video Window 498
Monitor screen - Notes Window 499
Monitor screen - Instructions Window 500
Monitor screen - Identity Window 500
Monitor screen - History Window 500
Monitor screen - Viewing Camera Video 501
Monitor screen - Search 501
Wildcard Characters 503
Monitor screen - Alarms 503
xxi
-
Map Template: Add New page 504
Monitor Intrusion Status - Panels screen/tab 504
Monitor Intrusion Status - Areas screen/tab 505
Monitor Intrusion Status - Points screen/tab 507
Monitor Intrusion Status - Outputs screen/tab 508
Generating Reports 510
Reports - Generating Reports 510
Reports - Report Preview 510
Reports - Editing 511
Reports - Editing Audit Log and Transaction Reports 512
Reports - Listing page 513
Reports - Access Grant via Operator 513
Reports - Access Groups 514
Reports - Action Audit 515
Reports - Alarm 516
Reports - Appliance 517
Reports - Area Identity 518
Reports - Area 518
Reports - Audit Log 519
Reports - Cameras 520
Reports - Collaboration 521
Reports - Delegation Comparison 521
Reports - Delegation 522
Reports - Door Configuration 523
Reports - Door/Identities with Access 523
Reports - Event 524
Reports - Event Type 525
Reports - Group 526
Reports - Holiday 526
Reports - Identity Photo Gallery 527
Reports - Identity Summary 527
Reports - Identity/Doors with Access 529
Reports - Panel 529
Reports - Policy 530
Reports - Role 531
Reports - Schedule 531
Reports - Token 532
Reports - Tokens Pending Expiration Date 533
xxii
-
Reports - Transaction 534
Reports - Creating Custom Reports 536
Reports - Creating Custom Audit Log and Transaction Reports 536
Reports - Custom Reports Listing page 537
Reports - Custom Report Preview 537
xxiii
-
Avigilon Access Control Manager SystemFundamentals
The Avigilon Access Control Manager software gives you the ability to configure and control your local accesscontrol security system through a web browser. Once all of your access control components are connected tothe Avigilon Access Control Manager appliance, you can configure your system with ease.
NOTE: Due to known issues with Chrome on the Linux operating system, the Access Control Manager softwaredoes not currently support the Chrome browser on Linux operating systems.
The Avigilon Access Control Manager software allows you to:
l Configure your access control system hardware and software
l Design and assign badges
l Monitor events
l Generate access control reports
l Perform required administrative tasks
The Avigilon Access Control Manager System
The Avigilon Access Control Manager system can be organized like this:
Avigilon Access Control Manager System Fundamentals 1
-
Logging into the Avigilon Access Control Manager Application
You can log in to the Access Control Manager system from any web browser that has access to the samenetwork.
1. Open your preferred browser.
2. In the address bar, enter the IP address of your Access Control Manager appliance.
3. Enter your username in the Login field.
If this is the your first time logging into the Avigilon Access Control Manager application, the defaultusername is admin.
Logging into the Avigilon Access Control Manager Application 2
-
4. Enter your password in the Password field.
If this is your first time logging in to the application, the default password is admin.
5. Click the Sign in button.
The application's Home page is displayed.
Navigating the Application
After you log in to the Avigilon™ Access Control Manager, the Home page is displayed.
The Home page may look different depending on your system preferences and the permissions you have. Thekey features of the application window are:
1 2 34
5
6
Figure 1: Typical features of the Access Control Manager application window.
Feature Description
1. Help
Help Click this link to view context-sensitive help for the current feature.
2. Setup and Settings
ApplianceClick this link to define the Access Control Manager system devices that mediate network trafficbetween the application and its connected security system.
Collaboration Click this link to configure the Access Control Manager system to share information with
Navigating the Application 3
-
Feature Description
supported database and directory structure protocols, such as Oracle RDBMS, SQL Server orLDAP directory structures.
SchedulesClick this link to define periods of time that can be used to control such things as when a door isaccessible, when a card is valid, or when a device is activated.
HolidaysClick this link to define specific days during which normal rules are suspended for one or moreschedules.
Event TypesClick this link to define additional event types and provide instructions on how to handle anevent generated in the Access Control Manager system.
User FieldsClick this link to create fields, in addition to the factory default fields, that are used for enrollingIdentities.
User ListsClick this link to define additional options for those fields on the Identity page with drop downoption lists.
SystemSettings
Click this link to define basic values within the system, like system settings language, tokenexpiration time, and required password strength.
BadgeDesigner
Click this link to create and customize a badge layout (a badge template) for use by badgeholders.
PairedDevices
Click this link to generate a one-time key to connect a browser-enabled device such as asmartphone to a door configured as an ACM Verify station so that it can function as a VirtualStation.
ExternalSystems
Click this link to define and configure a camera or other image capture device for use by thisapplication.
Maps Click this link to create maps and populate them with input, output, and alarm points.
3. Admin
My Account Click on this link to view your account page.
SupportClick this link to display information on how to obtain support for your Access Control Managersystem.
Log Out Click this button to log out of the application.
4. Task bar
MonitorThe application's oversight feature that enable the qualified operator to track events, alarms,and other system functions either by table or map.
IdentitiesUsers are defined as operators or cardholders of this system. This includes badges and relatedaccess groups that allow access to the Access Control Manager monitored facility.
Reports Generate and customize status reports of the Access Control Manager system.
PhysicalAccess
Define the access control field hardware, including doors, that are connected to the AccessControl Manager appliance. You can also configure anti-passback areas, card formats, eventsand EOL resistance values.
RolesRoles limit or regulate the number of tasks that a specific user can perform within the AccessControl Manager system.
5. Sub-options task bar
When you select one of the icon task bar options, the available sub-options for that task appear.
Navigating the Application 4
-
Feature Description
This section changes depending on the icon task bar option that is selected.
6. Feature pages and fields
When you select a link or an option from a Task Bar, the feature is opened in this area. This is theworkspace where you will be performing most of the tasks available in the Access ControlManager system.
Logging Out of the Avigilon Access Control Manager Application
From top-right, select > Log Out.
The Sign In screen is displayed.
Help in the Avigilon Access Control Manager System
To use this help, click from any page in the Avigilon Access Control Manager application.
This online help appears.
Use the navigation tools in your browser to go from topic to topic, just as you would with any browser. You canalso use the options, links, and navigation tools built into the application itself.
Using a Pop-Up Calendar
When you click a Date field, a calendar will pop up:
Date and time calendars have additional fields:
Logging Out of the Avigilon Access Control Manager Application 5
-
To use the calendar:
1. Click or to find the month/year.
2. Click the date.
3. If you are using a date and time calendar, adjust the Hour and Minute bars until the correct time appearsin the Time field.
If you want to select the current time, click Now.
4. When you're finished, click Done.
The date and time appears in the Date field.
Setting Personal Preferences
To set up your personal preferences, select > My Account from the top-right. Navigate through the tabbedpages and edit the details as required. The tabbed pages include:
l Profile: use this page to edit your account details and preferences.
l Batch Jobs: use this page to view the batch jobs that have been run from your account.
l Job Specification: use this page to add, edit, activate/ deactivate, or delete batch jobs.
Changing the Password in My Account
While you are logged into the system, you can choose to change your password any time from the My Accountpage.
Setting Personal Preferences 6
-
1. In the top-right, select > My Account.
2. On the following Profile page, enter your current password in the Old Password field.
3. In the Password field, enter your new password.
As you enter your new password, the status bar underneath will tell you the strength of your password.Red is weak, while green is very strong. Use a combination of numbers, letters, and symbols to increasethe password strength. The password must be at least four characters long.
4. Click to save your new password.
A system message tells you that you will be logged out.
5. When the login screen appears, log in with your new password.
My Account screen - Profile page
This is the first page you see after you select > My Account.
Feature Description
Name Displays your name as it is configured in the system.
Login Displays your login name.
OldPassword If you need to change your password, you must first enter your current password in this field.
Password
If you need to change your current password, first enter your old password in the Old Passwordfield, then enter the new password you want to use to access your account information.
The strength of the password you use is important. The more combinations of numbers, letters,and characters you use the more difficult it is for unauthorized individuals to break into the system.To enforce more stringent passwords, select Password Strength Enforced in the General tab ofthe System Settings screen.
The password must be at least four characters long.
ConfirmIf you need to change your current password, enter the new password again to confirm yourchoice.
Defaults:
Items/PageEnter the maximum number of items to be listed in standard tables.
NOTE: This does not apply to non-standard tables (e.g. the Monitor Events page).
Monitordflt rows Select the initial number of rows you can see on the Monitor screen.
BadgeCamera
Select the camera you want to use to capture images for this system from the drop-down list:
l Local Camera — Any camera connected directly to your computer or built into yourcomputer or monitor.
NOTE: Images cannot be captured with a local camera from an ACM client running in theInternet Explorer or Safari web browsers, or running on a mobile device.
l IP-based camera — Any IP-based camera previously connected to your network and addedto your ACM system.
My Account screen - Profile page 7
-
Feature Description
NOTE: You may be prompted to allow your web browser to access the local camera when youcapture an image for the first time. You must allow access the camera any time you are promptedby the web browser to allow access. This is expected behavior.
NOTE: An IP-based camera is available from any ACM client to any user with permission to accessthe camera.
Photo SizeEnter the format size you want for photos captured with the camera specified above. This size is inpixels with the length and width separated by a comma (no spaces required).
Locale
Select your preferred system language. This setting overrides the default system languagesetting.
NOTE: If you are using the Easy Lobby Integration plug-in, this requires the locale to be set asEnglish (United States).
HomePage
From the drop down pick list, select the page you would like to appear when you first open thisapplication. The available options are:
l Alarms
l Doors
l HW Status
l Identities
l Monitor
l Panels
l Reports
DefaultBadgeTemplate
Select the default badge template to use from the drop down list.
ShowTimezoneOffset?
Check this box to enable local time fields in Reports and Monitoring to report time with the timezone offset from the UTC time.
Do NotLog RESTCommand
Check this box to exclude internal system details from the transaction logs.
ClearCustomLayouts
Click this button to clear any previously configured custom layouts and return to the factory defaultsettings.
Click this button to save your changes.
My Account screen - Batch Jobs
When you click the Batch Jobs tab from the My Account screen, a list of all the batch jobs that have been runfrom this user account is displayed.
Batch jobs are created on the Job Specification page.
Feature Description
Click this button with one or more of the batch jobs highlighted and the selected batch job(s) willbe deleted.
My Account screen - Batch Jobs 8
-
Feature Description
Name The name of this batch job.
Status The current status of this batch job (completed, in progress, or halted).
Type The type of this batch job.
Results The results of this job indicated by an icon.
Started At Date and time when the job was begun.
CompletedAt Date and time when the job was completed.
In addition to these read-only columns, there are a group of navigation fields and buttons at the bottom of thisscreen. These enable you to scroll through the batch jobs list, specify a particular page of the list, go to thebeginning or end of the list, and refresh the list.
My Account screen - Job Specification
When you click the Job Specification tab, a list of all the batch jobs that have been defined for this system isdisplayed.
You can add, delete, edit, or immediately activate an existing batch by selecting the batch from the list and clickthe corresponding button.
Feature Description
Add Click this button to schedule a new batch job.
Click this button to delete a highlighted batch job.
Click this button to edit a highlighted batch job. The batch job wizard appears.
Click this button to toggle between activating or deactivating a highlighted batch job.
Name The name of the batch job.
Author The person who defined the batch job.
Type The type of batch job being run.
Script Any script that was created for this batch job.
Schedule When this job is scheduled to be performed.
Activated On The date/time when this job was first activated.
Scheduling Batch Jobs
Batch jobs are processes, such as generating reports, that are performed automatically, according to aschedule.
From the Job Specification page, you can create the following batch jobs:
Generating a Batch Report
Batch reports are custom reports generated on a schedule and which can contain more data than reportsgenerated from the Reports Listing page, the Report Edit page or from the Report Preview page.
My Account screen - Job Specification 9
-
There are no length limits on any batch reports generated in the CSV spreadsheet format. In PDF format, theAudit Log report is limited to 13,000 records, the Identity Summary Report is limited to 100,000 records, and theTransaction Report is limited to 50,000 records.
WARNING — Risk of system becoming unusable. Scheduling large reports on separate but overlappingschedules, may cause memory problems that can result in the ACM system being unusable. To avoid this risk,schedule the start times for large reports, such as audit logs in any format, to allow for each report to finishbefore the next starts.
Perform this procedure to generate a custom report on a schedule.
1. Select >My Account and click the Job Specification tab.
The Job Specification page is displayed.
2. Click the Add button.
The Job Specification - General dialog box is displayed.
3. In the Appliance drop down list, select the appliance on which this job will run.
Only those appliances previously defined for this system appear in this option list.
If only one appliance is used for this system (the default), this field is automatically populated.
4. In the Name field, enter a name for this batch job.
5. From the Type drop down list, select Report.
After you select the job type, additional options are displayed.
l From the Report drop down list, select the report you want to batch.
Only custom reports appear in this list.
l From the Output Format drop down list, select the format in which you want this job generated.
6. Click Next.
The following screen shows the select report definition. Click Back to select a different report.
7. Click Next to continue.
8. On the following page, select how often the batch report is generated. From the Repeat drop down list,select one of the following options:
l Once —- The report will be generated once. Click the On field to display the calendar and select aspecific date and time.
l Hourly — The report will be generated at the same minute of every hour. Enter the minute whenthe report is generated at each hour. For example, if you want the report generated at 1:30, 2:30,etc. then you would enter 30.
l Daily — The report will be generated every day at the same time. Enter the specific time when thereport is generated in 24 hour time format.
l Weekly — The report will be generated each week on the same day and time. Select the checkbox for each day the report will be generated, and enter the specific time in 24 hour format.
Generating a Batch Report 10
-
l Monthly — The report will be generated each month on the same day and time. Select the dayswhen the report is generated and enter the specific time in 24 hour format. Shift + click to selecta series of days, or Ctrl + click to select separate days.
9. Click Next.
A summary is displayed.
Select the Send Email check box if you want to receive an email copy of the report after it has beengenerated. In the following field, enter your email address.
10. Click Submit to create this job.
11. To activate or deactivate this job, select the job and click Activate/Deactivate
Applying an Identity Profile to a Group Using a Job Specification
Create and schedule an Identity Updatebatch job to apply a new, updated or temporary identity profile to all ofthe identities in a predefined group.
After you make changes to an identity profile, the identities previously created from the identity profile are notautomatically updated. Using a job specification and scheduling the job is one of the ways that these changescan be applied.
Scenarios to apply an identity profile to a group of identities include:
l To apply a set of standard settings. When you have many identities defined with non-standard settings,create a group containing these users and a new profile containing the standard settings. Then apply thenew profile to the group of identities.
l To apply modified settings in a commonly used identity profile. After you make changes to an identityprofile, the identities created from the identity profile are not automatically updated. You need to createa batch job to apply these changes. Create a group of all the users that were created using this profile,and then apply the modified profile to that group. If the profile is frequently modified, you can create arepeating schedule.
l To apply a profile temporarily to a group. When you have identities that require a different profile for ashort time that cannot be cannot be satisfied using a policy, you can use an Identity Update batch job to"turn on" a temporary profile for a specified duration, and then "turn off" that profile by replacing it with apermanent profile. If the temporary profile is used repeatedly in a predictable manner, you can create arepeating schedule.
NOTE: A group containing all of the identities previously created from the identity profile must be createdbefore the changes can be applied to the group. If the required groups have not been created, contact yourSystem Administrator.
When you choose to create an Identity Update job, you have the option to apply a new, updated or temporaryidentity profile to the group.
A temporary door template is one that is applied for a specific period of time (either once or repeating) You canapply a temporary door template to a group by using the Off Identity Profile option. Once the new identityprofile expires, the original identity profile is applied.
To create an Identity Update job specification:
Applying an Identity Profile to a Group Using a Job Specification 11
-
1. Select > My Account and click the Job Specification tab.
The Job Specification page is displayed.
2. Click the Add button.
The Job Specification dialog box is displayed.
3. In the Appliance drop down list, select the appliance on which this job will run.
Only those appliances previously defined for this system appear in this option list.
If only one appliance is used for this system (the default), this field is automatically populated.
4. In the Name field, enter a name for this batch job.
5. From the Type drop down list, select Identity Update.
After you select the job type, more options are displayed.
l From the Group drop down list, select the group of identities that you want to change.
l From the Identity Profile drop down list, select the identity profile that you want to apply to thegroup. If you are applying a temporary profile, this is the "on" profile.
l From the Off Identity Profile drop down list, select the identity profile to be applied if you want anidentity profile applied temporarily (that is, you want the identity profile to expire).
l From the Output Format drop down list, select the format for the report that is generated whenthe job is complete.
6. Click Next to continue.
The Job Specification - Schedule dialog box is displayed.
7. From the Repeat drop down list, select how often this batch job is run. Then specify the time you want theprofile to be applied. If you selected an Off Identity Profile, you also specify when the Off profile isapplied.
l Once —- The batch job is run once. Click the On and Off fields to display the calendar and select aspecific date and time.
l Hourly — The batch job is run at the same minute of every hour. Enter the minute when the batchjob is run at each hour. For example, if you want the job to run at 1:30, 2:30, etc. then you wouldenter 30.
l Daily — The batch job is run every day at the same time. Enter the specific time when the job is runin 24 hour time format.
l Weekly — The batch job is run each week on the same day and time. Select the check box foreach day the job will run, and enter the specific time in 24 hour format.
l Monthly — The batch job is run each month on the same day and time. Select the days when thejob will run and enter the specific time in 24 hour format. Shift + click to select a series of days, orCtrl + click to select separate days.
8. Click Next.
A summary is displayed.
9. Click Submit to create this job.
Applying an Identity Profile to a Group Using a Job Specification 12
-
10. To activate or deactivate this job, select the job and click Activate/Deactivate.
Applying a Door Template to a Group Using a Job Specification
Create and schedule a Door Update batch job to apply a new, updated or temporary door template to all of thedoors in a predefined group.
After you make changes to a door template, the doors previously created from the door template are notautomatically updated. Using a job specification and scheduling the job is one of the ways that these changescan be applied.
Scenarios to apply a door template to a group of doors include:
l To apply a set of standard settings. When you have many doors defined with non-standard settings,create a group containing doors and a new template containing the standard settings. Then apply thenew template to the group of doors.
l To apply modified settings in a commonly used door template. After you make changes to a doortemplate, the identities created from the door template are not automatically updated. You need tocreate a batch job to apply these changes. Create a group of all the doors that were created using thistemplate, and then apply the modified template to that group. If the template is frequently modified, youcan create a repeating schedule.
l To apply a template temporarily to a group. When you have doors that require a different template for ashort time that cannot be cannot be satisfied using a policy, you can use an Identity Update batch job to"turn on" a temporary template for a specified duration, and then "turn off" that template by replacing itwith a permanent template. If the temporary template is used repeatedly in a predictable manner, youcan create a repeating schedule.
NOTE: A group containing all of the doors previously created from the door template must be created beforethe changes can be applied to the group. If the required groups have not been created, contact your SystemAdministrator.
When you choose to create a Door Update job, you have the option to apply a new, updated or temporary doortemplate to the group.
A temporary door template is one that is applied for a specific period of time (either once or repeating). You canapply a temporary door template to a group by using the Off Door Template option. Once the new doortemplate expires, the original door template is applied.
To create a Door Update job specification:
1. Select > My Account and click the Job Specification tab.
The Job Specification page is displayed.
2. Click the Add button.
The Job Specification - General dialog box is displayed. All options marked with * are required.
3. In the Appliance drop down list, select the appliance on which this job will run.
Only those appliances previously defined for this system appear in this option list.
If only one appliance is used for this system (the default), this field is automatically populated.
Applying a Door Template to a Group Using a Job Specification 13
-
4. In the Name field, enter a name for this batch job.
5. From the Type drop down list, select Door Update.
After you select the job type, additional options are displayed.
l From the Group drop down list, select the group of doors that you want to change.
l From the Door Template drop down list, select the door template that you want to apply to thegroup.
l From the Off Door Template drop down list, you have the option to select to an alternative doortemplate when the first door template expires.
l From the Output Format drop down list, select the format for the report that is generated whenthe job is complete.
6. Click Next to continue.
The Job Specification - Schedule dialog box is displayed.
7. Select how often this batch job is run. From the Repeat drop down list, select one of the followingoptions:
If you selected an Off Door Template, you will have the option to enter when the Off template is applied.Otherwise, only the On field is displayed.
l Once —- The batch job is run once. Click the On field to display the calendar and select a specificdate and time.
l Hourly — The batch job is run at the same minute of every hour. Enter the minute when the batchjob is run at each hour. For example, if you want the job to run at 1:30, 2:30, etc. then you wouldenter 30.
l Daily — The batch job is run every day at the same time. Enter the specific time when the job is runin 24 hour time format.
l Weekly — The batch job is run each week on the same day and time. Select the check box foreach day the job will run, and enter the specific time in 24 hour format.
l Monthly — The batch job is run each month on the same day and time. Select the days when thejob will run and enter the specific time in 24 hour format. Shift + click to select a series of days, orCtrl + click to select separate days.
8. Click Next.
A summary is displayed.
9. Click Submit to create this job.
10. To activate or deactivate this job, select the job from the list in the Batch Job Specifications window and
click Activate/Deactivate.
Scheduling a Global Action
Perform this procedure to schedule global actions.
NOTE: The global actions must be created before they can be scheduled. If the required global actions havenot been created, contact your System Administrator.
Scheduling a Global Action 14
-
1. Select >My Account and click the Job Specification tab.
The Job Specification page appears.
2. Click the Add button.
The Job Specification dialog box is displayed.
3. In the Appliance drop down list, select the appliance on which this job will run.
Only those appliances previously defined for this system appear in this option list.
If only one appliance is used for this system (the default), this field is automatically populated.
4. In the Name field, enter a name for this batch job.
5. From the Type drop down list, select Global Action.
After you select the job type, additional options are displayed.
l From the Global Action drop down list, select global action to perform. Only configured globalactions will appear on the list.
l From the Off Global Action drop down list, you have the option to select to a global action that isperformed after the first global action expires.
l From the Output Format drop down list, select the format for the report that is generated whenthe job is complete.
6. Click Next to continue.
7. On the following page, select how often this batch job is run. From the Repeat drop down list, select oneof the following options:
l Once —- The batch job is run once. Click the On field to display the calendar and select a specificdate and time.
l Hourly — The batch job is run at the same minute of every hour. Enter the minute when the batchjob is run at each hour. For example, if you want the job to run at 1:30, 2:30, etc. then you wouldenter 30.
l Daily — The batch job is run every day at the same time. Enter the specific time when the job is runin 24 hour time format.
l Weekly — The batch job is run each week on the same day and time. Select the check box foreach day the job will run, and enter the specific time in 24 hour format.
l Monthly — The batch job is run each month on the same day and time. Select the days when thejob will run and enter the specific time in 24 hour format. Shift + click to select a series of days, orCtrl + click to select separate days.
NOTE: If you selected an Off Global Action, you will have the option to enter when the Off action occurs.Otherwise, only the On field is displayed.
8. Click Next.
A summary is displayed.
9. Click Submit to create this job.
Scheduling a Global Action 15
-
10. To activate or deactivate this job, select the job and click Activate/Deactivate.
Setting Batch Door Modes
Perform this procedure to change the door mode for a set of doors.
1. Select >My Account and click the Job Specification tab.
The Job Specification page appears.
2. Click the Add button.
The Job Specification dialog box is displayed.
3. In the Appliance drop down list, select the appliance on which this job will run.
Only those appliances previously defined for this system appear in this option list.
If only one appliance is used for this system (the default), this field is automatically populated.
4. In the Name field, enter a name for this batch job.
5. From the Type drop down list, select Door Mode.
After you select the job type, additional options are displayed.
l From the Available list, select the required doors then click to add it to the Members list.
l From the On Door mode drop down list, select the door mode that you want to apply to theselected doors.
l From the Off Door mode drop down list, select the door mode that you want to apply to the doorswhen the On action is complete.
l From the Output Format drop down list, select the format for the report that is generated whenthe job is complete.
l Select the Activate check box to make the door modes active.
6. Click Next to continue.
7. On the following page, select how often this batch job is run. From the Repeat drop down list, select oneof the following options:
l Once —- The batch job is run once. Click the On field to display the calendar and select a specificdate and time.
l Hourly — The batch job is run at the same minute of every hour. Enter the minute when the batchjob is run at each hour. For example, if you want the job to run at 1:30, 2:30, etc. then you wouldenter 30.
l Daily — The batch job is run every day at the same time. Enter the specific time when the job is runin 24 hour time format.
l Weekly — The batch job is run each week on the same day and time. Select the check box foreach day the job will run, and enter the specific time in 24 hour format.
l Monthly — The batch job is run each month on the same day and time. Select the days when thejob will run and enter the specific time in 24 hour format. Shift + click to select a series of days, orCtrl + click to select separate days.
Setting Batch Door Modes 16
-
NOTE: If you selected an Off Door Mode, you will have the option to enter when the Off action occurs.Otherwise, only the On field is displayed.
8. Click Next.
A summary is displayed.
9. Click Submit to create this job.
Contacting Your Support Representative
When you select > Support from the top-right, the Support page displays information on how to contact yourAvigilon support representative. The system displays the following message by default:
Support
Thank you for choosing Avigilon.
For quickest support please contact your account representative xxxxx at xxxxx.
To customize this message, see System Support on page 287.
For More Information
Visit Avigilon at avigilon.com for additional product documentation.
Technical Support
To contact Avigilon Technical Support, go to avigilon.com/contact-us.
Upgrades
Software and firmware upgrades will be made available for download as they become available. Check foravailable upgrades at: avigilon.com/support-and-downloads.
Feedback
We value your feedback. Please send any comments on our products and services to [email protected].
Initial Setup
After installing your Access Control Manager appliance, complete the following recommended set upprocedures:
Accepting the End User License Agreement
Before you can use the Access Control Manager system, you must accept the End User License Agreement.
You may have noticed this error message that is displayed on each page:
Contacting Your Support Representative 17
http://www.avigilon.com/http://avigilon.com/contact-us/http://avigilon.com/support-and-downloads/mailto:[email protected]
-
END USER LICENSE NOT YET ACCEPTED, SYSTEM WILL NOT RUN PROPERLY! PLEASE ACCEPT EULA TOSTAY IN COMPLIANCE!
1. To access the End User License Agreement, click the link under the error message or select Appliance >About > View End User License Agreement Terms and Conditions.
2. On the End User License Agreement page, review the license agreement.
3. After reviewing the license agreement, select the check box next to the message I accept the terms ofthe License Agreement.
4. Click Submit.
The error message is removed and you can begin to configure the Access Control Manager system.
Changing the Administrator Password
After you login for the first time, it is recommended that you change the default "admin" identity password.
1. Click Identities.
The Identities Listing page is displayed.
2. On the Identities Listing page, click A.
3. Select the Administrator, System identity.
4. In the Account Information area, enter a new password in the Password and Confirm field.
5. Click .
If you are currently logged in with the "admin" identity, you will automatically be logged out. Log in again withthe new password, or use a different Super Admin identity.
Creating a Super Admin Identity
After you login to the Access Control Manager system for the first time, it is recommended that you create aSuper Admin identity for configuring the system. By creating a new Super Admin identity, you can better protectthe security of the system by not using the default "admin" identity, and having a backup identity in case thedefault admin password is lost.
1. Click Identities.
2. On the following page, click Add New Identity.
3. Select an Identity Profile in the Identity Profile dialog box and click OK.
4. In the Identity Information area, enter a Last Name and First Name.
5. In the Account Information area, enter a Login name for accessing the system.
6. In the Password and Confirm field, enter a password for the new identity. The password must be at leastfour characters long.
7. Click and the Roles tab is automatically displayed.
8. In the Roles tab, select Super Admin from the Available list and click to assign the new identity tothe Super Admin role.
9. Click .
Changing the Administrator Password 18
-
These are the only settings required to create a Super Admin identity. You can add and configure more detailsfor the account. For more information about the available Identity settings, see Identities on page 339.
Creating a Super Admin Identity 19
-
Managing Appliances
When you log in to the Access Control Manager application, you are accessing an appliance that is set up in yournetwork. The appliance configures and directs communication between all the elements in the access controlsystem.
After you have connected your appliance to the network, you can further customize and set up your applianceto meet your system requirements.
Appliances - Changes
Changes to appliances, including additions and deletions may be required after the original installation.
Adding Extra Appliances
NOTE: You can only add appliances if the system license supports multiple appliances.
Adding appliances increases the number of panels the system can support, and provides more storage for userdata. Additional appliances are a requirement for replication and failover.
After you connect the new appliance to the network, complete the following steps to add the new appliance tothe system:
1. In the top-right, select > Appliance.
The Appliance Listing page is displayed. For more information, see Appliances - Listing page onpage 52.
2. Click the Add Appliance button.
The Appliance Add page is displayed. For more information, see Appliances - Add page on page 53.
3. Enter a new hostname for the appliance.
By default, the hostname for all appliances is the ACM system. You will need to set a new hostname forthe appliance if an existing appliance already uses this hostname on the network.
4. Click .
The new appliance automatically restarts. When you next log in to the system, you will see the new appliance inthe Appliance Listing page.
Editing Appliances
After the appliance has been set up according to the Getting Started Guide included with the appliance, theAccess Control Manager system is ready for use. But if you want to customize your appliance further, you canedit the system's default settings and set up the appliances backup and redundancy features.
Managing Appliances 20
-
1. In the top-right, select > Appliance.
If there is only one appliance in this system, the Appliance Edit page is displayed.
If there is more than one appliance in this system, the Appliance Listing page is displayed. Select theappliance you want to edit.
2. Navigate through the tabbed pages to configure this appliance. The tabbed pages include:
l Appliance: Use this page to edit the appliance properties, as well as shutdown or restart theappliance remotely. For more information, see Appliances - Listing page on page 52.
l Access: Use this page to specify and enable the controller panel types. For more information, seeAppliances - Access page on page 58.
l Ports: Use this page to specify how the appliance Ethernet ports are used to communicate withaccess control devices. For more information, see Appliances - Port Listing page on page 59.
l Replication: Use this page to set up system replication and redundancy. For more information, seeAppliances - Replication page on page 63.
l Backups: Use this page to set up scheduled backups for this appliance. For more information, seeAppliances - Backups Listing page on page 65.
l Logs: Use this page to access the system logs. For more information, see Appliances - LogsListing page on page 69.
l Software Updates: Use this page to update the appliance software. For more information, seeAppliances - Software Updates page on page 70.
l About: Use this page to see the current licenses, version numbers, and status of this appliance. Formore information, see Appliances - About page on page 71.
3. Click to save your changes.
Deleting an Appliance
Appliances may need to be deleted in certain cases. If you want to disconnect an appliance that is no longerneeded, delete it from the system before physically removing it. If you want to take an appliance that is beingused for replication or redundancy and use it as a primary appliance, the appliance must be deleted first.
NOTE: You can only delete an appliance if your system has more than one appliance.
1. In the top-right, select > Appliance.
2. From the Appliance Listing page, click beside the appliance that you want to delete.
3. When the confirmation message is displayed, click OK.
The selected appliance is removed from the list.
Configuring Replication and Failover
NOTE: Only the default Admin identity can edit the appliance Replication settings.
Deleting an Appliance 21
-
The Replication tab on the Appliance: Edit page allows configuration and monitoring of LDAP data replicationand optionally redundancy/failover of the ACM application so that monitoring and hardware control is not losteven if an appliance fails.
Tip: It is recommended that replication be set up on all appliances before adding panels, other hardware or userdetails to the system. Once replication is configured, it is possible to configure system hardware and identityinformation from one of the replicated appliances on the network rather than having to connect directly to eachindividual appliance to make changes to its installed hardware. However, it may be necessary to perform adownload of the hardware configuration from the appliance where the hardware is installed in order to updatethe hardware with the latest configuration data changes made from another appliance.
The replication feature allows two or more appliances to be set up to share a single set of LDAP1 configurationdata, where the appliances would be able to share identities and other system details. Any change made toconfiguration data on one appliance would automatically be copied (“replicated”) to the other appliances. Thisreplication configuration is referred to as a “Peer to Peer” configuration. In this configuration, each appliance“owns” the hardware installed on it, and events and status information sent from that hardware can only beviewed on the hardware owner appliance. All panel hardware added in a replicated environment must beassigned upon creation to one of the available Peer to Peer appliances. A panel and its subpanels cannot besplit across multiple appliances, but will be installed on one of the Peer appliances.
Failover/Redundancy Feature
The failover, or redundancy, feature of replication allows a “Hot Standby” appliance to be set up to take overcontrol and event monitoring when the Primary appliance used in daily operations fails. This configuration isreferred to as Primary/Hot Standby. To use the failover feature, both appliances are originally configured withPeer to Peer replication so that each appliance will share a common LDAP configuration database. The HotStandby appliance is then configured as such, and then will not have its own hardware or collaborations, and willnot appear in the list of replicated appliances available for assignment when these items are created.
Each Primary appliance can only be assigned one Standby appliance, but the same Standby appliance can beassigned to more than one Primary appliance. However, if two or more Primary appliances fail at the same time,the Standby appliance will replace the first appliance that it knows is offline (if configured for automatic failover),and will not be available for failover of the other Primary appliances while it is standing in.
The following types of failover and failback are supported:
l Automatic failover
l Manual failover
l Manual failback
Automatic failover
Automatic failover is controlled by the Standby appliance by monitoring the health of the Primary appliance. If aPrimary appliance is found to be unresponsive by the Standby appliance within a set period of time, the Standbyappliance will automatically initiate failover of the Primary appliance and will begin to control the hardwareinstalled on that Primary appliance, and will begin to receive events and status from this hardware.
1Lightweight Directory Access Protocol is an open, industry standard application protocol for accessing andmaintaining distributed directory information services over a network. An LDAP database in the Access ControlManager system typically includes user details, connected hardware details, events, alarms and other systemconfiguration details.
Failover/Redundancy Feature 22
-
There are two settings that control automatic failover - Heartbeat count and Heartbeat time. The Heartbeatcount is the number of health checks the inactive hot standby appliance makes to see if the active primaryappliance is alive. If this number of failures occurs in a row, the hot standby will do an automatic failover. TheHeartbeat time is the time between health checks (regardless of if the previous check was successful or failed).
It is not necessarily possible to calculate specifically how long it would take to failover. It is not simply a matter ofmultiplying the Heartbeat count by the Heartbeat time (for example Heartbeat count of two and Heartbeat timeof 30 seconds does not necessarily mean failover in about one minute of the primary going down, however oneminute would be the best/shortest case). This is because the time it takes each check to fail may depend on anetwork time-out in the case of the hot stand by machine no longer having network connectivity to the primarymachine. Typically, a worst case network time-out is approximately two minutes - however this may possiblyvary. A health check may also fail immediately depending on network considerations/status.
It is recommended to set the Heartbeat count to at least a value of two so that a short network glitch does notcause a premature failover. A Heartbeat count of two and a Heartbeat time of 30 seconds should typicallyensure that a failover is initiated within one to about five minutes of the primary going down.
Manual failover and failback
A manual failover can be initiated through from the Replication tab on the Appliance: Edit page on the Standbyappliance. This is usually done to test functionality or if a Primary appliance is going to be down for scheduledmaintenance.
Once the Primary appliance is back online and fully functional, you can then manually initiate failback of theStandby appliance over to the Primary appliance, which restores hardware control and event and statusreporting to the Primary appliance.
Read through all of the following procedures before configuring replication and redundancy. If any detail isunclear, contact Avigilon Technical Support for more information before you begin.
Recommended System Architecture
System Architecture for Replication
Replication works by automatically copying the LDAP1 configuration databases from one appliance to another.Changes made in one appliance’s database are automatically replicated to the all of the other appliances.Replication can occur between two or more Peer to Peer appliances, or it can occur between a Primaryappliance and its Standby appliance, and a mix of both configurations is possible.
If you only have one appliance in your system, replication is not possible. In this situation, performing periodicbackups is the recommended method of ensuring appliance recovery after a failure.
When two appliances exist, they can start replicating information.
1Lightweight Directory Access Protocol is an open, industry standard application protocol for accessing andmaintaining distributed directory information services over a network. An LDAP database in the Access ControlManager system typically includes user details, connected hardware details, events, alarms and other systemconfiguration details.
Manual failover and failback 23
-
Once replication is set up, any identity or other system configuration data that is added to or edited on oneappliance is automatically copied to the other appliances. Be aware that each appliance will be responsible fortheir connected panels, subpanels, and other hardware. Configuration and viewing of all system hardware ispossible from any replicated Peer appliance, but you will not be able to see the hardware status or events fromany appliance other than the one the hardware is installed on.
When more than two replicated Peer appliances exist, it is recommended that Peer to Peer replication be set upin a mesh formation, where every Peer appliance has links (“subscriptions”) to all of the other Peer appliances.This allows system configuration to be performed from one Peer appliance and have the details automaticallyreplicated to all the other Peer appliances, while providing multiple paths for this data to replicate among theparticipating appliances. The exception to this is a Standby appliance, which only needs to have replicationsubscriptions with its Primary appliance.
NOTE: Up to 99 appliances can be connected together for Peer-to-Peer replication, and this limit includes anyHot Standby appliances in the environment.
System Architecture for Redundancy
Redundancy works by having a configured Hot Standby appliance automatically or manually replace a failedPrimary appliance. Redundancy requires Peer to Peer replication between the Primary and the Standbyappliances to be configured and tested first to function properly. Once this is in place, the Standby appliance isthen designated as such and the software configures it for that role.
When configured and in standby mode, the Standby appliance is essentially a blank appliance that only hasbasic system settings. The Standby appliance has its own configuration for appliance related attributes such ashost name, ports, time zone (etc.), but it does not have any hardware configuration of its own. It only has thathardware data which is replicated from the Primary appliance that owns it. When a Standby appliances takesover for a Primary appliance, the operating system settings on the Standby appliance (such as host name and IPaddress) do not change to match the Primary appliance’s settings. Instead, the applications running on theStandby appliance begin to service the records (including doors, panels, video servers, collaborations and soon) previously controlled by the Primary appliance. Note that this requires a different URL for clients to be ableto access the Hot Standby appliance – this is not handled automatically by the ACM system.
If one Primary appliance (1) exists for everyday operations and one Hot Standby appliance (*) is available, set upthe Standby appliance to subscribe to and receive replicated configuration data and transactional data from thePrimary appliance. If the Primary appliance fails, the Standby can automatically step-in and maintain dailyoperations.
System Architecture for Redundancy 24
-
If more than one Primary appliance exists for a Hot Standby appliance, the Hot Standby appliance still remainsseparate from daily operations but must receive replicated configuration and transaction data from all Primaryappliances it is configured to failover for. Be aware that the Standby appliance can only stand-in for one failedPrimary appliance at a time.
If the replicated environment with multiple appliances is configured in a mesh formation for replication wherepossible, but due to some physical limitation such as a Wide Area Network (WAN) being involved one or more ofthe appliances is a single point of failure for propagation of replicated data, it is recommended that each ofthese appliances have its own Hot Standby appliance. In the event of a failure of one of these critical Primaryappliances, the environment is guaranteed to have a Hot Standby appliance available to ensure that allreplicated Peer appliances are able to continue to synchronize configuration data amongst themselves.
System Architecture for Redundancy 25
-
Replication and Failover Requirements
WARNING — Make sure your system meets all the following requirements before you set up replication andfailover or the system may lose configured system data.
l License requirements:
l The application license agreement must be entered on all appliances. The license key is tied to aspecific machine. When using redundancy, a license and key must be separately installed on boththe Primary and Standby appliances. The license features on a Standby appliance needs toinclude all the features used by the Primary appliances it may replace.
l Network infrastructure:
l DNS registered host names for each appliance in the enterprise. Each appliance must be able toconnect to the other appliance by host name. There must be static or reserved IP addresses,proper netmask, and network gateway for each appliance.
l Name server IP address for host name resolution. All appliances must be able to resolve all of theother appliances by host name. Each appliance must either have a named server configured forthis purpose, or a host file can be used for name resolution on each appliance if a DNS server is notavailable.
l Time Server IP address or host name. All appliances must be synchronized for time and date. Thisis crucial for proper replication processing. Each must utilize a time server for this purpose. TheOpen LDAP multi-master replication used by the ACM software synchronizes a LDAP directorytree across multiple appliances. Each appliance supports read/write operations across anenterprise system. Conflicts are handled using a timestamp to determine the most recent record.All appliances must use a common clock base to synchronize their clocks to ensure the conflictresolution works correctly.
NOTE: Time is based on UTC (Coordinated Universal Time) to ensure consistency across the ACMsystem. UTC time is transferred from the client to the server when the date/time is set.
l Defined and open TCP ports:
l Web Server Port / Replication Subscriptions Web Port (default 443). Certain replication optionsrequire each appliance to contact each other through the web service port.
l LDAP Connect Port / Replication Subscription LDAP Port (should be a unique, open TCP port thatnothing else uses). This is a TCP port used for Open LDAP replication between appliances.
l Event Replication Port (default 6052). Once a Primary/Standby appliance relationship isestablished, the Primary appliance will automatically transfer event transactions to the Standbyappliance so event data will be available when a failover occurs. Connectivity is required for bothPrimary and Standby appliances using the Event Replication Port (this is a TCP port used for openSSL socket communication).
l Replication Failover Port for heartbeat (default is NONE but should be a unique, open T