DataConduIT PDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 196

DataConduIT User Guide

PERPETUAL INNOVATION
Lenel OnGuard® 2012 DataConduIT User Guide, product version 6.5.
This guide is item number DOC-920, revision 2.010, March 2012
Copyright © 1995-2012 Lenel Systems International, Inc. Information in this document is subject
to change without notice. No part of this document may be reproduced or transmitted in any form
or by any means, electronic or mechanical, for any purpose, without the express written
permission of Lenel Systems International, Inc.
Non-English versions of Lenel documents are offered as a service to our global audiences. We
have attempted to provide an accurate translation of the text, but the official text is the English
text, and any differences in the translation are not binding and have no legal effect.
The software described in this document is furnished under a license agreement and may only be
used in accordance with the terms of that agreement. Lenel and OnGuard are registered
trademarks of Lenel Systems International, Inc.
Microsoft, Windows, Windows Server, and Windows Vista are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries. Integral and
FlashPoint are trademarks of Integral Technologies, Inc. Crystal Reports for Windows is a
trademark of Crystal Computer Services, Inc. Oracle is a registered trademark of Oracle
Corporation. Other product names mentioned in this User Guide may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Portions of this product were created using LEADTOOLS © 1991-2012 LEAD Technologies, Inc.
ALL RIGHTS RESERVED.
OnGuard includes ImageStream® Graphic Filters. Copyright © 1991-2012 Inso Corporation. All
rights reserved. ImageStream Graphic Filters and ImageStream are registered trademarks of Inso
Corporation.
DataConduIT User Guide

Table of Contents

Chapter 1: Introduction .............................................................15

What Is DataConduIT? .................................................................................. 15

Documentation Contents ............................................................................... 16

Documentation Prerequisites ........................................................................ 16

Definitions, Acronyms, Abbreviations ............................................................ 17

References and Applicable Documents ........................................................ 17

Chapter 2: Getting Started ........................................................19

Installing DataConduIT .................................................................................. 19

License for DataConduIT .............................................................................. 19

Setting Permissions to Use DataConduIT ..................................................... 20

Authentication ................................................................................................................. 20

Authorization ................................................................................................................... 20

Receiving Events ............................................................................................................ 21

Using DataConduIT from a Remote Computer ............................................................... 21

Viewing DataConduIT Classes with the Microsoft WMI SDK ........................ 21

Overview of DataConduIT Functions ............................................................ 23

Chapter 3: Using DataConduIT for Data Access ....................27

Connecting to DataConduIT .......................................................................... 27

Searching for Objects .................................................................................... 27

Adding Objects .............................................................................................. 30

Modifying Objects .......................................................................................... 31

Deleting Objects ............................................................................................ 31

revision 2 — 3
Table of Contents

Class-Specific Features and Limitations ....................................................... 32

Cardholders and Visitors ................................................................................................. 32

Badges ............................................................................................................................ 32

Directory Accounts .......................................................................................................... 32

Visits ................................................................................................................................ 32

Multimedia Objects .......................................................................................................... 33

User-Defined List Values ................................................................................................ 33

Chapter 4: Using DataConduIT to Receive Events .................35

Overview ....................................................................................................... 35

Hardware Events ........................................................................................... 36

Registering to Receive Events ........................................................................................ 36

Receiving Events ............................................................................................................ 37

Software Events ............................................................................................ 37

Registering to Receive Events ........................................................................................ 37

Receiving Events ............................................................................................................ 39

Using Permanent Event Consumers with DataConduIT ............................... 39

Chapter 5: Using DataConduIT to Send Alarms to OnGuard 41

Overview ....................................................................................................... 41

Chapter 6: Working with MobileVerify .....................................43

Overview ....................................................................................................... 43

Chapter 7: Troubleshooting and Advanced Options .............45

Receiving Error Information from DataConduIT ............................................ 45

Before Calling Technical Support .................................................................. 46

Error Logging ................................................................................................ 46

4 — revision 2
DataConduIT User Guide

Changing the Database Connection Pool Time ............................................ 47

Tuning Parameters ........................................................................................ 47

Stopping and Restarting the DataConduIT Service ...................................... 48

Chapter 8: Getting Started with DataConduIT Message Queues


..........................................................................................49

Overview of DataConduIT Message Queue Functions ................................. 50

Supported Queue Types ............................................................................... 50

Outgoing Queue Overview .............................................................................................. 51

Schema Overview ......................................................................................... 51

How DataConduIT Message Queue Handles Database Layout Changes ... 52

Updating the Database with Queue Changes ............................................... 52

Error Logging ................................................................................................ 53

Installing DataConduIT Message Queue ...................................................... 53

License for DataConduIT Message Queue ................................................... 54

Setting Permissions to Use DataConduIT ..................................................... 54

System Options ............................................................................................................... 54

User Permissions ............................................................................................................ 55

Configuring DataConduIT Message Queue .................................................. 56

Steps to Configure DataConduIT Message Queue ......................................................... 56

Change the Account the DataConduIT Message Service is Run With ........................... 56

Chapter 9: DataConduIT Message Queues Folder .................59

DataConduIT Message Queues Form Procedures ....................................... 63

Add DataConduIT Message Queue ................................................................................ 63

Modify a DataConduIT Message Queue ......................................................................... 64

revision 2 — 5
Table of Contents

Delete a DataConduIT Message Queue ......................................................................... 65

Chapter 10: DataConduIT Sources Folder ..............................67

DataConduIT Overview ................................................................................. 67

DataConduIT Sources Folder ....................................................................... 67

DataConduIT Source Downstream Devices ................................................. 68

License and User Permissions ...................................................................... 68

Licenses Required .......................................................................................................... 68

User Permissions Required ............................................................................................ 69

DataConduIT Sources Form Procedures ...................................................... 71

Add a DataConduIT Source ............................................................................................ 71

Modify a DataConduIT Source ........................................................................................ 71

Delete a DataConduIT Source ........................................................................................ 72

DataConduIT Devices Form Procedures ...................................................... 73

Add a DataConduIT Device ............................................................................................ 73

Modify a DataConduIT Device ........................................................................................ 73

Delete a DataConduIT Device ........................................................................................ 74

DataConduIT Sub-Devices Form Procedures ............................................... 75

Add a DataConduIT Sub-Device ..................................................................................... 75

Modify a DataConduIT Sub-Device ................................................................................. 75

Delete a DataConduIT Sub-Device ................................................................................. 76

Chapter 11: OPC Connections Folder .....................................77

OPC Client Overview .................................................................................... 77

OPC Client Functions .................................................................................... 77

OPC Connections Form ................................................................................ 78

6 — revision 2
DataConduIT User Guide

Select OPC Server Window .......................................................................... 80

OPC Connections Form Procedures ............................................................. 81

Add an OPC Connection ................................................................................................. 81

Modify an OPC Connection ............................................................................................. 82

Delete an OPC Connection ............................................................................................. 82

Test OPC Connection ..................................................................................................... 82

OPC Sources Form Procedures ................................................................... 84

Modify OPC Source Name .............................................................................................. 84

Delete OPC Source ......................................................................................................... 84

OnGuard OPC Client Scenario ..................................................................... 84

Displaying Data ............................................................................................. 85

Chapter 12: Using SNMP with OnGuard ..................................87

OnGuard as an SNMP Manager ................................................................... 88

OnGuard as an SNMP Agent ........................................................................ 89

Configuring SNMP ........................................................................................ 89

Install the Windows SNMP Components ........................................................................ 91

Install a License with SNMP Support .............................................................................. 93

Configuring OnGuard as an SNMP Manager ................................................ 93

Add an SNMP Manager .................................................................................................. 94

Add Agents ...................................................................................................................... 94

MIB File Overview ........................................................................................................... 95

Load the MIB File(s) ........................................................................................................ 96

Modify an SNMP Management Information Base Variable ............................................. 98

SNMP Reports ................................................................................................................ 98

Configuring OnGuard as an SNMP Agent .................................................... 99

revision 2 — 7
Table of Contents

Add a DataConduIT Message Queue of Type “SNMP Trap Messages” ...................... 100

Load the Lenel.MIB File ................................................................................................ 101

SNMP Manager Copyright Information ....................................................... 101

SNMP Manager Copyright Information ......................................................................... 101

Chapter 13: Reference .............................................................105

Data Classes ............................................................................................... 105

Lnl_AccessGroup .......................................................................................................... 105

Lnl_AccessLevel ........................................................................................................... 105

Lnl_AccessLevelAssignment ........................................................................................ 106

Lnl_AccessLevelReaderAssignment ............................................................................. 106

Lnl_Account .................................................................................................................. 107

Lnl_AlarmDefinition ....................................................................................................... 108

Lnl_Area ........................................................................................................................ 108

Lnl_Badge ..................................................................................................................... 109

Lnl_BadgeLastLocation ................................................................................................. 110

Lnl_BadgeProperties ..................................................................................................... 111

Lnl_BadgeType ............................................................................................................. 112

Lnl_Camera ................................................................................................................... 113

Lnl_CameraGroup ......................................................................................................... 114

Lnl_CameraGroupCameraLink ..................................................................................... 114

Lnl_Cardholder .............................................................................................................. 115

Lnl_DataConduITManager ............................................................................................ 115

Lnl_Directory ................................................................................................................. 116

Lnl_Element .................................................................................................................. 116

Lnl_EventAlarmDefinitionLink ....................................................................................... 117

Lnl_EventParameter ..................................................................................................... 117

8 — revision 2
DataConduIT User Guide

Lnl_EventSubtypeDefinition .......................................................................................... 118

Lnl_EventSubtypeParameterLink .................................................................................. 118

Lnl_EventType .............................................................................................................. 118

Lnl_Holiday ................................................................................................................... 119

Lnl_HolidayType ........................................................................................................... 119

Lnl_HolidayTypeLink ..................................................................................................... 120

Lnl_IncomingEvent ........................................................................................................ 120

Lnl_LoggedEvent .......................................................................................................... 123

Lnl_LogicalSystemAccount ........................................................................................... 125

Lnl_MobileVerify ............................................................................................................ 125

Lnl_MonitoringZone ...................................................................................................... 127

Lnl_MonitoringZoneCameraLink ................................................................................... 127

Lnl_MultimediaObject .................................................................................................... 128

Lnl_Panel ...................................................................................................................... 128

Lnl_Person .................................................................................................................... 129

Lnl_Reader .................................................................................................................... 129

Lnl_Segment ................................................................................................................. 130

Lnl_SegmentGroup ....................................................................................................... 130

Lnl_SegmentUnit ........................................................................................................... 131

Lnl_Timezone ................................................................................................................ 131

Lnl_TimezoneInterval .................................................................................................... 131

Lnl_User ........................................................................................................................ 132

Lnl_UserAccount ........................................................................................................... 133

Lnl_UserPermissionGroup ............................................................................................ 134

Lnl_UserPermissionDeviceGroupLink .......................................................................... 134

Lnl_UserSecondarySegment ........................................................................................ 135

Lnl_Visit ......................................................................................................................... 135

revision 2 — 9
Table of Contents

Lnl_VisitEmailRecipient ................................................................................................. 137

Lnl_Visitor ..................................................................................................................... 137

User-Defined Value Lists (LNL_BadgeStatus, Lnl_Title, …) ......................................... 138

Association Classes .................................................................................... 138

Lnl_AccessLevelGroupAssignment .............................................................................. 138

Lnl_BadgeOwner .......................................................................................................... 138

Lnl_CardholderAccount ................................................................................................. 139

Lnl_CardholderBadge ................................................................................................... 139

Lnl_CardholderMultimediaObject .................................................................................. 139

Lnl_DirectoryAccount .................................................................................................... 140

Lnl_MultimediaObjectOwner ......................................................................................... 140

Lnl_PersonAccount ....................................................................................................... 140

Lnl_ReaderEntersArea .................................................................................................. 141

Lnl_ReaderExitsArea .................................................................................................... 141

Lnl_SegmentGroupMember .......................................................................................... 141

Lnl_VisitorAccount ........................................................................................................ 142

Lnl_VisitorMultimediaObject .......................................................................................... 142

Event Classes ............................................................................................. 142

Lnl_AccessEvent ........................................................................................................... 142

Lnl_Alarm ...................................................................................................................... 143

Lnl_Event ...................................................................................................................... 144

Lnl_FireEvent ................................................................................................................ 144

Lnl_FunctionExecEvent ................................................................................................ 144

Lnl_IntercomEvent ........................................................................................................ 145

Lnl_OtherSecurityEvent ................................................................................................ 145

Lnl_SecurityEvent ......................................................................................................... 145

Lnl_StatusChangeEvent ............................................................................................... 146

10 — revision 2
DataConduIT User Guide

Lnl_TransmitterEvent .................................................................................................... 146

Lnl_VideoEvent ............................................................................................................. 147

Lnl_VisitEvent ............................................................................................................... 147

Command and Control: Classes and Methods ........................................... 148

Lnl_AlarmInput .............................................................................................................. 148

Lnl_AlarmOutput ........................................................................................................... 148

Lnl_AlarmPanel ............................................................................................................. 149

Lnl_Input ....................................................................................................................... 149

Lnl_IntrusionArea .......................................................................................................... 149

Lnl_IntrusionDoor .......................................................................................................... 150

Lnl_IntrusionOutput ....................................................................................................... 150

Lnl_IntrusionZone ......................................................................................................... 151

Lnl_IntrusionZoneOutput ............................................................................................... 151

Lnl_OffBoardRelay ........................................................................................................ 151

Lnl_OnBoardRelay ........................................................................................................ 152

Lnl_Output ..................................................................................................................... 152

Lnl_Panel ...................................................................................................................... 153

Lnl_Reader .................................................................................................................... 154

Lnl_ReaderOutput ......................................................................................................... 156

Lnl_ReaderOutput1 ....................................................................................................... 156

Lnl_ReaderOutput2 ....................................................................................................... 156

Lnl_ReaderInput ............................................................................................................ 157

Lnl_ReaderInput1 .......................................................................................................... 157

Lnl_ReaderInput2 .......................................................................................................... 157

revision 2 — 11
Table of Contents

Appendices ......................................................................159

Appendix A: Property Qualifiers Used In DataConduIT .......161

Appendix B: DataConduIT Tools for Windows XP ...............163

Appendix C: Event Generator .................................................165

Event Generator Main Window ................................................................... 165

Event Generator Menus .............................................................................. 172

Required Event Generator Files .................................................................. 173

Setting Up the Event Generator .................................................................. 173

Registering the LnlEventGeneratoru.dll ........................................................................ 175

Adding an Event to the Event Generator .................................................... 176

Adding an Event Using the Simple User Interface ........................................................ 177

Adding an Event Using the Advanced User Interface ................................................... 177

Generating Events ...................................................................................... 177

Generating a Single Event ............................................................................................ 177

Generating Multiple Events ........................................................................................... 177

Saving an Event List ................................................................................... 178

Loading an Event List .................................................................................. 178

Closing the Event Generator ....................................................................... 178

Appendix D: Common DataConduIT Problems ....................179

Appendix E: Technical Support Pre-Call Checklist ..............181

Appendix F: Visual Basic Demo .............................................183

Installing the Visual Basic Demo ................................................................. 183

12 — revision 2
DataConduIT User Guide

Visual Basic Demo Configuration Prerequisites .......................................... 183

Using the Visual Basic Demo ...................................................................... 184

Logging In ..................................................................................................................... 184

Send Alarms to OnGuard .............................................................................................. 185

Receive Alarms from OnGuard ..................................................................................... 185

Working with Cardholders ............................................................................................. 186

Integrating OnGuard with Active Directory .................................................................... 187

Index ...............................................................................................189

revision 2 — 13
Table of Contents

14 — revision 2
DataConduIT User Guide

Chapter 1: Introduction

What Is DataConduIT?
DataConduIT is a platform for managing OnGuard and for integrating OnGuard
with IT systems. DataConduIT provides access to ID management data, access
control events, and real-time notification when changes are made to cardholders
and their credentials. Administrators use this platform to write scripts and
applications that improve the manageability of the OnGuard system and that
provide new levels of integration between OnGuard and IT systems. These
scripts and applications are written using a standard Microsoft API, Windows
Management Instrumentation (WMI).
The following are some common scenarios where DataConduIT can integrate
OnGuard with IT systems:
• When a cardholder is created, the IT department creates a Windows account
for that person. The Windows account name is derived from the OnGuard
cardholder name. The account is linked to the cardholder in OnGuard.
• A single script creates an LDAP account, an OnGuard cardholder, a badge
for this cardholder (with a badge type, assigning default access levels), and a
link between the account and this cardholder.
• A single script terminates a person’s access to all company resources by
disabling all of the person’s badge(s) and LDAP accounts.
• When a cardholder is granted access to an area, that cardholder is granted
access to use the computers in that area.
• A cardholder enters the building under duress. The cardholder’s LDAP
accounts are disabled to prevent potential unauthorized use.
• A cardholder’s phone number changes in OnGuard. The new phone number
is propagated to the associated Windows account in the company’s Active
Directory.
Administrators can also write scripts and applications that interact only with
OnGuard. Examples include command line tools that automate frequent
administrative tasks and web user interfaces that provide thin-client access to ID
management data. In addition, since DataConduIT is built using WMI
technology, administrators can use WMI-enabled third-party management tools
to manage OnGuard data and events.
All the dates and time fields reported by DataConduIT will be presented in
Coordinated Universal Time (UTC time) which has a GMT offset of 0 minutes.
When setting values of the time fields, GMT offset must be specified or time
values should be in the UTC time as well.

revision 2 — 15
1: Introduction

Documentation Contents
This documentation package contains the following files and folders:

File Description

DataConduIT.pdf This manual

Samples\ASEC Tools for using DataConduIT with the Active Script Event Consumer

Samples\JScript Sample code in the manual (in JScript)

Samples\Solutions Solutions for integrating OnGuard and Active Directory (in JScript)

Samples\VBDemo The Visual Basic Demo application, which can be used to demonstrate some
of the capabilities of DataConduIT. (For more information, refer to
Appendix F: Visual Basic Demo on page 183.)

Samples\VBScript Sample code in the manual (in VBScript)

XP Tools for using DataConduIT from WMIC, the Windows XP WMI


command line tool (For more information, refer to Appendix B:
DataConduIT Tools for Windows XP on page 163.)

Important: All scripts and code (“sample code”) provided with this documentation are
examples of how to use DataConduIT. This sample code is for educational
purposes only and is not supported by Lenel.

Some sample code requires ADsSecurity.dll to be registered on the machine. You


can learn more about this DLL from Microsoft Knowledge Base article
Q251390, which is available at http://support.microsoft.com/
default.aspx?scid=kb;en-us;Q251390.

Documentation Prerequisites
This guide assumes that the reader is familiar with Microsoft scripting languages
such as VBScript and JScript. All sample code given in this guide is written in
JScript, but samples in both JScript and VBScript are included separately with
this documentation. Basic experience with object-oriented programming is also
required.
Experience with Windows Management Instrumentation (WMI) is recommended
but not required.

16 — revision 2
DataConduIT User Guide

Definitions, Acronyms, Abbreviations


Class - “A template for a type of object.”1 For instance, the Lnl_Reader class is a
template for an access control reader.
Client - A script or application that accesses DataConduIT.
Hardware event - An event that is displayed in Alarm Monitoring. These events
generally originate in the security hardware. An example is when a reader grants
access to a cardholder.
Namespace - “A unit for grouping classes and instances to control their scope
and visibility. Namespaces are not physical locations; they are more like logical
databases containing specific classes and instances. Namespaces are represented
by the __Namespace system class or a class derived from it.”2
Object/Instance - “A representation of a real-world entity that belongs to a
particular class. Instances contain actual data.”3
Person - A cardholder or visitor.
SDK - Software Development Kit.
Software event - An event that occurs when an object in OnGuard is added,
modified, or deleted. Examples of such objects include cardholders, visitors, and
badges.
WMI - Windows Management Instrumentation. “WMI is the Microsoft portion of
the Distributed Management Task Force’s (DMTF) Web-Based Enterprise
Management (WBEM) initiative and provides a set of interfaces for access to
components that provide management capabilities across an enterprise.”4

References and Applicable Documents


Microsoft Scripting Technologies documentation, which is located in the MSDN
library at
http://msdn2.microsoft.com/en-us/library/ms950396.aspx.
Microsoft WMI documentation, which is located in the MSDN library at
http://msdn2.microsoft.com/en-us/library/aa394582.aspx.

1.From the WMI documentation, URL below.


2.From the WMI documentation, located at http://msdn2.microsoft.com/en-
us/library/aa394582.aspx.
3.From the WMI documentation, located at http://msdn2.microsoft.com/en-
us/library/aa394582.aspx.
4.From the WMI documentation, located at http://msdn2.microsoft.com/en-
us/library/aa394582.aspx.

revision 2 — 17
1: Introduction

18 — revision 2
DataConduIT User Guide

Chapter 2: Getting Started

Installing DataConduIT
DataConduIT is installed as part of a standard server installation.
Note that DataConduIT must be installed on the same machine as the Linkage
Server if you want to receive events through DataConduIT. DataConduIT may be
run on additional server machines as well, but you will not be able to register to
receive events from DataConduIT on those machines.
DataConduIT runs as a Windows service under the Local System account. It does
not run as an application. Since the Local System account does not have
permissions on the local network, if your database is not on the same machine as
DataConduIT you will need to ensure that your ODBC connection uses TCP/IP,
not named pipes. Otherwise, DataConduIT will not be able to connect to the
database.

License for DataConduIT


DataConduIT is a licensed feature. The DataConduIT license is count-based; you
are licensed to have a certain number of clients. The number of clients you are
licensed to use is displayed in the “Maximum Number of DataConduIT Clients”
setting in the General section of the license, as shown.

revision 2 — 19
2: Getting Started

Setting Permissions to Use DataConduIT

Authentication
When a client makes a call into DataConduIT, whether it is to view some data,
add an instance of a class, register an event query, or simply to get a class
definition, the first thing DataConduIT does is decide whether the client is
permitted to perform the operation. To do this, DataConduIT checks which
Windows account has made the DataConduIT call. This is the account that the
script or application is running from, which is generally the account of the person
logged on to the machine.
Once DataConduIT retrieves this account, it attempts to perform automatic single
sign-on (SSO) using this account. This is the same SSO mechanism used by all
OnGuard applications. If the SSO succeeds, then the client is logged on to the
system as the appropriate OnGuard user. DataConduIT then uses the OnGuard
user information to decide whether the client has permission to perform the
requested operation.
Note that to perform this authentication, the client application doesn’t need to
call any special “Logon” method. The authentication is done implicitly based on
the account running the application.
It is not possible to use OnGuard internal authentication with DataConduIT.
Automatic SSO is the only authentication mechanism. Therefore, to use
DataConduIT, single sign-on must be configured. To configure single sign-on in
OnGuard:

1. Add the directory that you wish to use. (For more information please refer to
“Add a Directory” in the Directories Folder chapter of the System
Administration User Guide.)
2. Link the user account that you want to use automatic single sign-on to a
directory account. (For more information please refer to “Link a User
Account to a Directory Account” in the Users Folder chapter of the System
Administration User Guide.)
Each OnGuard software manual contains the “Log into the Application Using
Single Sign-On” procedure. Refer to this procedure to log into OnGuard after
single sign-on has been configured.

Authorization
For a user to be able to use DataConduIT, the user must have the DataConduIT
service user permission. This permission may be set on the Software Options
sub-tab of the System Permission Groups form in the Users folder in System
Administration.
All functionality available through DataConduIT is controlled by the same
permissions that you are already using to manage data in ID CredentialCenter.
For instance, if you want to add a cardholder through DataConduIT, you must
have the Add Cardholder user permission. If you want to view readers through
DataConduIT, you must have the View Reader user permission.

20 — revision 2
DataConduIT User Guide

Note: DataConduIT caches user credentials for one minute by default. This is done
for performance reasons. (See Tuning Parameters on page 47 for information
on how to change this default timeout.) Therefore, if a user is using
DataConduIT and that user’s permissions or segments change, the user will
continue to have his old permissions until the one-minute timeout is reached.

Receiving Events
If you want to be able to receive events from DataConduIT, the “LS Linkage
Server” service must be running. The Linkage Server sends events of all
supported types to DataConduIT. The Linkage Server host name is set on the
System Options form in System Administration.
In addition, if you would like to receive software events through DataConduIT,
you need to select the Generate software events checkbox on the System
Options form in System Administration.

Using DataConduIT from a Remote Computer


If you want to be able to use DataConduIT from a computer other than the one on
which the DataConduIT service is running, you must first enable the appropriate
WMI namespace permissions. To do this, go to the Computer Management
MMC snap-in, available in the Start\Control Panel\Administrative Tools folder.
Once opened, go to Services and Applications\WMI Control. Open the WMI
control property page, and go to the Security tab. Select the root\onguard
namespace, and click the security button. Once here, make sure that any account
that needs to access DataConduIT remotely has the “Remote Enable” permission.

Note: You should not give the “Remote Enable” permission to users in any other
namespace.

Viewing DataConduIT Classes with the Microsoft WMI


SDK
Microsoft’s WMI Software Development Kit (SDK) is a useful tool for exploring
the capabilities of DataConduIT. The SDK provides a convenient graphical user
interface that allows users to view the WMI classes exposed by DataConduIT, to
perform queries and to add, modify, and delete instances of these classes, and to
register permanent event consumers that receive events from DataConduIT.
The WMI SDK may be downloaded from the MSDN subscriber downloads at
http://msdn.microsoft.com/downloads. See the WMI SDK for instructions on
installation procedures.

revision 2 — 21
2: Getting Started

Note: You do not need the WMI SDK in order to use DataConduIT. The WMI
SDK is a tool that can be helpful to developers who are writing
DataConduIT scripts and applications.

Once you have installed the WMI SDK, open the WMI CIM Studio application.
This application allows you to view and manage data through WMI. When you
start this application, you will first need to select a namespace to which you want
to connect. The namespace used by DataConduIT is called root\onguard. Enter
this into the dialog and click [OK].

The WMI CIM Studio Login dialog will appear. Click [OK].
The main browser window should now display the contents of this namespace.
On the left side of the window are all of the classes in the namespace. These
include system classes, which are prefixed by two underscore characters, and
classes provided by DataConduIT, which are prefixed with ‘Lnl_’. A class’s
subclasses appear below the class in the tree. Expand nodes in the tree to view all
of the classes provided by DataConduIT.

Note: If you do not see the Lnl_Person, Lnl_Cardholder, Lnl_Visitor, Lnl_Visit,


and Lnl_Badge classes, then you have not correctly configured the user’s
permissions to use DataConduIT. Re-read Setting Permissions to Use
DataConduIT on page 20 and try again.

22 — revision 2
DataConduIT User Guide

On the right are all the properties of the currently selected class. System
properties are prefixed by two underscore characters.

Note: Additional classes are available if the system is segmented.

Overview of DataConduIT Functions


DataConduIT provides access to the following objects:

Object(s) Class Properties Operations

Cardholders and visitors Lnl_Person and subclasses System and user-defined All

Badges Lnl_Badge System and user-defined All

Visits Lnl_Visit System and user-defined All

Cardholder directory Lnl_Account System and user-defined All


accounts

Cardholder photos and Lnl_MultimediaObject All All


signatures

Visit E-mail Recipients Lnl_VisitEmailRecipients All View only

revision 2 — 23
2: Getting Started

Object(s) Class Properties Operations

User-defined value types Lnl_Building, Lnl_BadgeStatus, All All


Lnl_Title, Lnl_Department,
Lnl_VisitType, Lnl_Location

Directories Lnl_Directory All View only

Panels Lnl_Panel Essential View only

Readers Lnl_Reader Essential View only

APB Areas Lnl_Area Essential View only

Alarms Lnl_Alarm Essential View only

Access Levels Lnl_AccessLevel Essential All

Access Level Assignments Lnl_AccessLevelAssignments All All

Access Groups Lnl_AccessGroup Essential View only

Badge Types Lnl_BadgeType Essential View only

Segments (in segmented Lnl_Segment and subclasses Essential View only


systems only)

Manager Lnl_DataConduITManager None Custom

Sending Alarms to OnGuard Lnl_IncomingEvent None Custom

Mobile Verify Lnl_MobileVerify None Custom

DataConduIT also provides a number of association classes that relate these


classes. For example, the Lnl_BadgeOwner class relates badges with the
cardholders and visitors that own them. Querying for all instances of
Lnl_BadgeOwner will return a list of associations between each badge and its
owner.
DataConduIT provides access to the following events:

Event(s) Class Properties

Intercom events Lnl_IntercomEvent All

Function execution events Lnl_FunctionExecEvent All

Status changes Lnl_StatusChangeEvent All

Video events Lnl_VidoeEvent All

Fire events Lnl_FireEvent All

Transmitter events Lnl_TransmitterEvent All

Other hardware events Lnl_OtherSecurityEvent All

Access granted and access denied Lnl_AccessEvent All


hardware events

24 — revision 2
DataConduIT User Guide

Event(s) Class Properties

Cardholder and visitor software __InstanceOperationEvent and All properties listed above are in
events subclasses embedded instances. Event data
includes previous and current
Badge software events instances for modification events.

Cardholder directory account


software events

For more details on these classes and their properties please refer to Chapter 13:
Reference on page 105.

revision 2 — 25
2: Getting Started

26 — revision 2
DataConduIT User Guide

Chapter 3: Using DataConduIT for Data Access

Connecting to DataConduIT
In order to access data and events through DataConduIT, you must first connect
to DataConduIT. To connect to the namespace used by DataConduIT,
root\onguard, you can use the GetObject() call from JScript or VBScript. For
example, in JScript:

var wbemServices = GetObject(“winmgmts://./root/onguard”);

Here, wbemServices is a SWbemServices COM component defined in the WMI


Scripting Library. This component will be our main interface for accessing data
and events from DataConduIT.
The ‘.’ in the above code sample means that you are connecting to the namespace
on the local computer. To connect to DataConduIT on a remote machine, swap
the name of the computer for the ‘.’.

Searching for Objects


Now that you are connected to DataConduIT, you can use the SWbemServices
component to list and search for objects in OnGuard. SWbemServices provides
a couple ways to search for objects. The simplest way is to use its InstancesOf()
method. InstancesOf() is passed in a class name, and it returns a list of all the
instances of that class. The client can then scroll through these instances and
access their properties. For example, here is a simple script that prints the first
and last names of all the cardholders in OnGuard:

var wbemServices = GetObject(“winmgmts://./root/onguard”);


var cardholderSet = wbemServices.InstancesOf(“Lnl_Cardholder”);
for ( var e = new Enumerator( cardholderSet ); !e.atEnd(); e.moveNext()
)
{
var cardholder = e.item();
WScript.Echo(cardholder.FirstName + “ “ + cardholder.LastName);
}

Let’s examine the sample above in detail. On the first line, we connect to
DataConduIT as described above. Next, we retrieve a list of all the instances of

revision 2 — 27
3: Using DataConduIT for Data Access

the Lnl_Cardholder class. (This list is an SWbemObjectSet component.) Now


that we have this list, we iterate through it using the JScript Enumerator object.
Each item in the list is a SWbemObject component, which is accessed using the
enumerator’s item() method. Finally, this SWbemObject (stored here in the
cardholder variable) can be used to access all the properties of the particular
instance. These properties are accessed simply by specifying the property name,
as in cardholder.FirstName in the above example. Note that property names are
case insensitive.
Accessing instance properties is straightforward for text and numeric fields. Text
fields are represented as the string property type, and numeric fields are
represented as the sint32 type for integers, and the real64 type for floating point
numbers. Date fields are represented as the datetime type, which is actually a
string containing the date in the DMTF format. This format is described in the
Microsoft WMI documentation.
List fields, such as those configured through the List Builder, are specified as the
database ID of the list value. This ID is mapped to the list value using the Values
and ValueMap property qualifiers. Examples in the supplied sample code show
how to enumerate and find the list values in these qualifiers.
The InstancesOf() allows you to retrieve all instances of a particular class, but
what if you want to perform a more complicated query? This is done using
ExecQuery() method in the SWbemServices component. Queries are specified
in the WMI Query Language (WQL), which is a subset of the Structured Query
Language (SQL) supported by most databases. One main difference between a
SQL query and a WQL query is that the FROM clause in a SQL query contains a
list of table names, whereas in WQL it contains a single class name. To give you
a feel for WQL, here are a few WQL queries that you could use with
DataConduIT:

Find all directories with a hostname of “windows.mydomain.com”:


select * from Lnl_Directory where HostName=”windows.mydomain.com”
Find all people (cardholders and visitors) whose last name is not
“Lake”:
select * from Lnl_Person where LastName!=”Lake”
Find all active badges that are APB exempt:
select * from Lnl_Badge where Status=1 and APBExempt = TRUE
Find all readers:
select * from Lnl_Reader

The second example demonstrates how you can specify a superclass in the query.
In this case, Lnl_Person is the superclass of the Lnl_Cardholder and Lnl_Visitor
classes. When you specify a superclass, all instances of that class and its
subclasses matching the query will be returned.
Note that executing the fourth query is equivalent to calling
InstancesOf(“Lnl_Reader”).
For more examples of valid WQL where clauses please refer to Appendix B:
DataConduIT Tools for Windows XP on page 163.

28 — revision 2
DataConduIT User Guide

Let’s take a look at how we would use a WQL query with the ExecQuery()
method:

var wbemServices = GetObject(“winmgmts://./root/onguard”);


var cardholderSet =
wbemServices.ExecQuery(“select * from Lnl_Visitor where
Zip='14534'”);
for ( var e = new Enumerator( cardholderSet ); !e.atEnd(); e.moveNext()
)
{
// access properties in the same way as above...
}

This sample searches for all visitors who have a zip code of 14534. It then
enumerates these visitors as in the previous example.
WQL supports a subset of the regular SQL syntax. See the Microsoft WMI
documentation for more information.
You can also access a single instance of a class in DataConduIT by using the
Get() method in SWbemServices. The Get() method can be used to get a class
definition or an instance of a class. Here, we’ll focus on using it to get an
instance. The Get() method takes as a parameter an object path, which is
basically the class name plus a list of the class keys and their values. You can
determine which class properties are keys by looking for the “key” property
qualifier. In the WMI SDK, key properties are identified by a key symbol next to
the property name.
For instance, the key property for Lnl_Person is ID. (Note that ID is the internal
database ID, not the person’s social security number or other identification
number - that property is named SSNO.) Here’s an example of how you would
get a cardholder if you know the cardholder’s ID:

var wbemServices = GetObject(“winmgmts://./root/onguard”);


var cardholder = wbemServices.Get(“Lnl_Cardholder.ID=1”);
// access properties in the same way as above...

If the class has multiple key properties, such as Lnl_Reader, those properties
would be separated by commas:

var wbemServices = GetObject(“winmgmts://./root/onguard”);


var reader = wbemServices.Get(“Lnl_Reader.PanelID=1,ReaderID=1”);
// ...

revision 2 — 29
3: Using DataConduIT for Data Access

Adding Objects
Some classes in DataConduIT allow you to add, modify, and delete instances of
those classes. Adding a new instance of a class takes four steps. First, you get the
class for which you want to create an instance. Second, you spawn an instance of
that class. Third, you assign values to properties of that instance. Finally, you tell
DataConduIT to add the instance. Here’s a code sample that adds a new
cardholder:

var wbemServices = GetObject(“winmgmts://./root/onguard”);


var cardholderClass = wbemServices.Get(“Lnl_Cardholder”);
var cardholder = cardholderClass.SpawnInstance_();

cardholder.FirstName = “John”;
cardholder.LastName = “Smith”;
cardholder.City = “Rochester”;
var cardholderPath = cardholder.Put_();

cardholder = wbemServices.Get(cardholderPath);
// use cardholder object...

Earlier, it was mentioned that the Get() method can be used to get a class
definition. Line 2 of this sample shows how this is done. Instead of listing the key
properties in the object path, only the class name is specified. Line 3 uses this
class definition to create an instance of the class.
Lines 4-6 assign values to the properties of this new instance. Properties are used
here to set values just as in Searching for Objects on page 27 where they were
used to get values.
Next, line 7 actually commits the changes. Note that if the Put_() method is not
called, the instance will not be sent to DataConduIT, and therefore the change
will not be made in the OnGuard database. If successful, the Put_() method
returns the object path to the newly created instance. If you plan to use this
instance for further operations, you should re-get the instance using this path.
This is becauseDataConduIT will set default properties for you, and those values
will not be reflected in the instance that you called the Put_() method on. To get
those default values, you need to re-get the instance from DataConduIT.
Note that the above example did not assign a value to the ID key property for the
Lnl_Cardholder instance. This is because DataConduIT auto-generates the value
for you.

30 — revision 2
DataConduIT User Guide

Modifying Objects
The process of modifying objects in DataConduIT is similar to the process of
adding them. First, you search up the object that you want to modify. This can be
done in any of the ways described in Searching for Objects on page 27. Next, you
set new values to the object’s properties. Finally, you call the same Put_() method
that was used for adding objects. Here’s an example:

var wbemServices = GetObject(“winmgmts://./root/onguard”);


var visitor = wbemServices.Get(“Lnl_Visitor.ID=2”);

visitor.Address = “1050 Pittsford-Victor Road”;


var visitorPath = visitor.Put_();

visitor = wbemServices.Get(visitorPath);

As you can see, modifying an object is very similar to adding one. Just as when
we added a new object, we re-get the object after we have committed our
modifications. This makes sure that all fields are refreshed. For instance,
DataConduIT sets the LastChanged property on instances of Lnl_Cardholder,
Lnl_Visitor, and Lnl_Badge when an instance of one of those classes is added or
modified. You must re-get the object in order to view the updated LastChanged
time.

Deleting Objects
There are two ways to delete an object in DataConduIT. The easiest way is to
search up the object you want to delete, and then just call the Delete_() method
on that object. For example:

var wbemServices = GetObject(“winmgmts://./root/onguard”);


var visitor = wbemServices.Get(“Lnl_Visitor.ID=2”);
visitor.Delete_();

You can also delete an instance if you know its object path. The example below is
equivalent to the one above, but it is more efficient because the actual visitor
object is never requested:

var wbemServices = GetObject(“winmgmts://./root/onguard”);


wbemServices.Delete(“Lnl_Visitor.ID=2”);

revision 2 — 31
3: Using DataConduIT for Data Access

Class-Specific Features and Limitations

Cardholders and Visitors


Each cardholder and visitor instance has all of its user-defined fields (UDFs)
exposed through DataConduIT. This includes system fields such as first name
(FIRSTNAME), last name (LASTNAME), social security number (SSNO), and
internal ID (ID). All fields except for the internal ID and last changed timestamp
are available for read/write access, subject to additional UDF validation and
field/page viewing permissions.
If cardholders/visitors are segmented, an additional property named
PrimarySegmentID will be made part of the Lnl_Cardholder/Lnl_Visitor class. If
the client is a member of only one segment, this property will default to that
segment ID. Otherwise, the client must specify the primary segment ID when a
new cardholder/visitor is added.

Badges
Each badge instance has all of its UDFs exposed through DataConduIT. This
includes system fields such as badge ID (ID), badge type (TYPE), badge status
(STATUS), and the internal ID (BADGEKEY). All fields except for the internal
ID, number of badge prints, last changed, and last printed timestamps are
available for read/write access subject to the validation described above.
The PIN code is exposed in a manner similar to the way it is done in ID
CredentialCenter. You can set the badge PIN code by setting the property during
an add or modify operation. However, if you search up a badge and attempt the
read the PIN code, the property will always contain a null value.
A client will be able to assign access levels to a new badge by giving it a badge
type. The new badge will be assigned the default access levels for that badge
type.
In a segmented system, the client cannot change the badge type if it controls a
different set of segments than the previous badge type. This is because changing
the badge type of a badge could possibly remove access levels from that badge
without user confirmation.

Directory Accounts
Adding an instance of Lnl_Account is equivalent to linking a directory account
to a cardholder or visitor in ID CredentialCenter. Similarly, deleting an instance
is equivalent to unlinking the account. When adding an instance of Lnl_Account,
all fields except for the ID are required. The AccountID property refers to the
value of the LDAP attribute provided in the Lnl_Directory.AccountIDAttr
property. For Microsoft Active Directory accounts, this defaults to the account
security identifier, or SID. The SID is used for Microsoft Windows NT 4 Domain
and Microsoft 2000/XP Workstation directory accounts as well. Other LDAP
directories will probably use a different LDAP attribute.

Visits
Each visit instance has all of its UDFs exposed through DataConduIT. This
includes system fields such as host id (CARDHOLDERID), type (TYPE), visitor

32 — revision 2
DataConduIT User Guide

id (VISITORID), and the internal ID (ID). All fields except for the internal ID,
last changed, time in, and time out are available for read/write access subject to
the validation described above.
Once a visit has been signed in, scheduled time in cannot be changed, nor can the
cardholder or visitor of the visit, same thing with signing out a visitor.
E-mail recipients configured through Lnl_Visit cannot be viewed through
Lnl_Visit; Lnl_VisitEmailRecipient must be used for viewing.

Multimedia Objects
Signatures and photos are exposed, however, biometric templates are not. Trying
to add/delete/view biometric templates through DataConduIT will result in an
error.

User-Defined List Values


All user-defined list (populated via List Builder and created via FormsDesigner)
are available for view/add/modify/delete. The only value that cannot be modified
is the Active BadgeStatus (ID = 1).

revision 2 — 33
3: Using DataConduIT for Data Access

34 — revision 2
DataConduIT User Guide

Chapter 4: Using DataConduIT to Receive


Events

Overview
The previous section described how to receive and modify data using
DataConduIT. This section describes how to receive real-time events.
DataConduIT produces two types of events - hardware events and software
events. Hardware events are generally events that originate in the access control
hardware. Software events occur when data in the OnGuard database changes.
There are two ways to receive events from DataConduIT: via temporary event
consumers and via permanent event consumers. A temporary event consumer
registers to receive events when it starts, receives those events while running, and
then ends its registration when it terminates. A permanent event consumer
submits an event registration to WMI and binds that registration to a particular
COM component. Whenever WMI receives an event that matches the
registration, that component is created and passed the event. This occurs until the
event registration is deleted or unbound from the component.
Here is an example of a simple temporary event consumer:

var wbemServices = GetObject(“winmgmts://./root/OnGuard” );


var sink = WScript.CreateObject( “WbemScripting.SWbemSink”, “SINK_” );
wbemServices.ExecNotificationQueryAsync(
sink, “SELECT * FROM Lnl_AccessEvent” );
var wshShell = WScript.CreateObject( “WScript.Shell” );
wshShell.Popup( “Click OK to stop listening for events...” );
sink.Cancel();

function SINK_OnObjectReady( wbemObject, asyncContext ) {


WScript.Echo(“Hardware event received: “ +
wbemObject.Description);
}

This sample demonstrates the three steps necessary for a temporary event
consumer to receive events from DataConduIT. First, the client creates an event
sink object. Second, the client registers an event query describing which events
the client would like to receive. Like data queries, this event query is written in
WQL. Unlike data queries, this query does not return events from WMI
immediately. Instead, it tells WMI which events it wants to receive when WMI
gets them in the future.

revision 2 — 35
4: Using DataConduIT to Receive Events

The ExecNotificationQueryAsync() method also takes in the event sink object.


This ensures that the function SINK_OnObjectReady() is called whenever
WMI receives an event that matches the event query. The first argument to this
function is the event object itself. The properties of the event object can then be
read. (Setting the properties of an event object has no effect.)
The final step is to unregister the event query, which is accomplished by calling
the event sink’s Cancel() method.
The following sections describe particular features of registering for and
receiving hardware and software events, as well as how to use permanent event
consumers with DataConduIT.

Hardware Events

Registering to Receive Events


DataConduIT provides access to all OnGuard events in the system. These events
are accessed using the general WMI class Lnl_SecurityEvent. This class has
several subclasses that can be used to simplify filtering specific types of events.
For example, the Lnl_AccessEvent subclass can be used to receive access
granted and access denied events in the system. The Lnl_IntercomEvent subclass
can be used to only receive intercom related events. Objects retrieved using
Lnl_SecurityEvent must be set to the specific subclass object in order to retrieve
specific properties. You can use the __CLASS property to identify which
subclass object to use in order to retrieve all of the event’s properties.
The sample code in the previous section showed how to receive all access events.
If the system is not segmented, this event query will always succeed for users that
are permitted to use DataConduIT. In a segmented system, users can only receive
events from hardware in segments to which they have access. Due to the
implementation of WMI, when you register an event query, you must be able to
receive all possible instances of that event. Therefore, you need to make sure that
your query explicitly specifies the segments, readers, and/or panels to which you
have access. If you register for events that you don’t have access to, you will

36 — revision 2
DataConduIT User Guide

receive an access denied error when you try to register your event query. Here are
a few sample hardware event queries:

Receive all access events at all readers in the segment with ID 1:


select * from Lnl_AccessEvent where SegmentID=1
Receive all access events at all readers in segments with ID 1 or ID 2:
select * from Lnl_AccessEvent where SegmentID=1 or SegmentID=2
Receive all access events at all readers on the panel with ID 8:
select * from Lnl_AccessEvent where PanelID=8
Receive all access events for the reader with ID 5 on the panel with ID
8:
select * from Lnl_AccessEvent where DeviceID=5 and PanelID=8
Receive all events
select * from Lnl_SecurityEvent
Receive only intercom related events
select * from Lnl_IntercomEvent

DataConduIT will obtain the set of segments specified by the event query, and it
will make sure that the user has permissions to receive events from all of these
segments.

Receiving Events
Once the event query is registered, DataConduIT will begin sending hardware
events to the client. The Lnl_AccessEvent class has a number of properties that
can be accessed by the client. These properties are generally self-explanatory. For
details, see the description qualifier on the Lnl_Event, Lnl_SecurityEvent, and
Lnl_AccessEvent class definitions.

Software Events

Registering to Receive Events


Software events are instances of the standard WMI intrinsic event classes,
namely __InstanceOperationEvent and its subclasses. The
__InstanceOperationEvent class has one property, TargetInstance, which contains
the instance that was added, modified, or deleted. If the instance was modified,
the __InstanceModificationEvent event subclass also contains the previous
version of the instance in its PreviousInstance property. Both the TargetInstance
and PreviousInstance properties are of type object, meaning that they contain the
embedded WMI instances of the affected class.
As was the case with hardware events, you must only register to receive those
software events for which you have permission to receive. In general, you can

revision 2 — 37
4: Using DataConduIT to Receive Events

view a software event for an object if you could view that object normally. For
instance, if you do not have permission to view visitors, then you cannot receive
software events indicating that a visitor was created, modified, or deleted. If you
don’t have access to segment A, then you can’t receive software events for
objects in segment A. Furthermore, if you do not have view permissions for each
property of a class, then you can’t receive software events for instances of that
class. For example, if you can’t view the visitor address field (set through the
field/page permission groups in System Administration), you can’t view visitor
software events.
The following classes are supported by DataConduIT for software event
registration: Lnl_Cardholder, Lnl_Visitor, Lnl_Badge, and Lnl_Account.
Common software event queries that you might use include:

Receive an event whenever a cardholder is added, modified, or deleted:


select * from __InstanceOperationEvent where TargetInstance ISA
“Lnl_Cardholder”
Receive an event whenever a badge is printed:
select * from __InstanceModificationEvent where TargetInstance
ISA “Lnl_Badge” and TargetInstance.Prints > PreviousInstance.Prints
Receive an event whenever a badge changes from active to inactive:
select * from __InstanceModificationEvent where TargetInstance
ISA “Lnl_Badge” and TargetInstance.Status!=1 and
PreviousInstance.Status=1
Receive an event whenever a cardholder, visitor, or badge is created:
select * from __InstanceCreationEvent where TargetInstance ISA
“Lnl_Person” or TargetInstance ISA “Lnl_Badge”

The first example demonstrates how the __InstanceOperationEvent class can be


used to receive events for all add, modify, and delete operations. It is also the first
example of the ISA operator. As you might guess, the ISA operator is used to
query for an object only when its class name equals the specified name. To
successfully register this query, the user must be an All Segments user with the
View Cardholder permission and the view permission to all cardholder fields.
The second and third examples show how properties of the TargetInstance and
PreviousInstance objects can be used as part of an event query. To successfully
register these two queries, the user must be an All Segments user with the View
Badge permission and view permission for the appropriate badge field (prints or
status). The last example demonstrates that the ISA operator can be used with a
superclass (Lnl_Person) to indicate that it and all of its subclasses are included in
the query. It also demonstrates that the ISA operator can be used with the regular
boolean (“and”, “or”) operators. A user registering this query must be an All
Segments user with the View Cardholder, View Visitor, and View Badge
permissions, and must be able to view all properties of those classes.

38 — revision 2
DataConduIT User Guide

Receiving Events
As mentioned above, the TargetInstance and PreviousInstance contain all the data
in the current and previous instances. This data can then be used in the event
handler to perform other actions. For instance, when a cardholder is created, a
script could use the cardholder’s name and department to create an LDAP
account for that cardholder and link it back to the cardholder by creating an
instance of the Lnl_Account class.
Assuming the software event feature is enabled (refer to Receiving Events on
page 21), software events are generated whenever changes are made to particular
tables in the database. This includes changes made by all OnGuard applications,
and even changes made by directly editing data in the database.
There are two situations, however, in which software events will not be
generated. The first is when a truncate table SQL command is issued on a table.
In this case, no cardholder and visitor deletion events will be fired. The second
case is in a full download from an enterprise master to an enterprise region.
Software events will be fired on the region in an incremental download.

Using Permanent Event Consumers with DataConduIT


The Overview on page 35 gave an example of how to use a temporary event
consumer to receive events from DataConduIT. Temporary event consumers only
run when the consumer is running. Therefore, unless this consumer is running in
a service, a user must be physically logged on to a machine and running that
consumer. A permanent event consumer can be setup once, and WMI will invoke
it whenever a matching event is fired. Therefore, no one needs to be logged onto
the machine where DataConduIT is located for a permanent event consumer to
work.
Microsoft provides a permanent event consumer called the Active Script Event
Consumer (ASEC). The ASEC runs a script (JScript or VBScript) when an event
is received. This is exactly the functionality that many customers want. Please
refer to the Microsoft WMI documentation to see how to use the ASEC.
There are a couple things to note when using the ASEC with DataConduIT. First,
the ASEC is not installed by default in the root\onguard namespace. To install it,
find the asec\asec-onguard.mof file provided with this documentation and run
“mofcomp asec-onguard.mof.” This will install the ASEC in the root\onguard
namespace. Also provided with this documentation is a utility, regpermscript.exe,
that will help you install scripts for use with the ASEC. The utility takes as
parameters an event query to register and the script file containing the script to
run when an event is received. Note that the currently logged on user must be
authorized to register this event query according to the rules in Hardware Events
on page 36 and Software Events on page 37 of this user guide.
A second note on ASEC and DataConduIT is that when the ASEC runs your
script, it will be running under the security context of the WMI service. On
Windows XP, the WMI service runs under the LocalSystem account. If your
script tries to connect back to DataConduIT, DataConduIT will try to use single
sign-on to log on, looking for the user that is linked to the LocalSystem account
on the local machine. If it doesn’t find such an account, your call will fail.

revision 2 — 39
4: Using DataConduIT to Receive Events

Unfortunately, WMI does not allow you to connect to it with an alternate


username and password on the local machine. Therefore, the best way to resolve
this situation is to link the LocalSystem account to an OnGuard user. To do this,
you first create a Windows Local Accounts directory for the machine on which
DataConduIT is running. Then, link the LocalSystem account in this directory to
a user. Your script will now execute under the user to which you linked the
account.
Scripts run by the ASEC cannot interact with the desktop, so they cannot write to
the console (e.g. using Echo()) or show UI components (e.g. using MsgBox()). If
an error occurs in the script, the error will not be displayed to the screen. Instead,
it will be written to one of the standard WMI error logs.

40 — revision 2
DataConduIT User Guide

Chapter 5: Using DataConduIT to Send Alarms


to OnGuard

Overview
DataConduIT provides the capability of sending alarms to the Alarm Monitoring
application. These alarms are also logged to the OnGuard database just like other
alarms.
It is necessary to first setup a DataConduIT Source using System Administration
before using this capability of DataConduIT. DataConduIT will use this source as
the device to display alarms for in Alarm Monitoring. For more information,
refer to Add a DataConduIT Source on page 71.
After configuring the DataConduIT Source, you should also add any
DataConduIT Device and DataConduIT Sub-Device downstream devices in
System Administration. Use of devices and sub-devices is optional. OnGuard
uses devices and sub-devices to report alarms for DataConduIT Source child and
sub-child devices in Alarm Monitoring. For more information, refer to Add a
DataConduIT Device on page 73 and Add a DataConduIT Sub-Device on page
75.
Sending alarms to Alarm Monitoring is very simple. Here is an example using
java script:

var wbemServices = GetObject("winmgmts://./root/onguard");


oReg = wbemServices.Get("Lnl_IncomingEvent");
oMethod = oReg.Methods_.Item("SendIncomingEvent");
oInParam = oMethod.InParameters.SpawnInstance_();
oInParam.Source = "DataConduIT Source 6";
oInParam.Description = "Test Event From DataConduIT";
wbemServices.ExecMethod("Lnl_IncomingEvent", "SendIncomingEvent",
oInParam);

The above sample will display and log an alarm with the description “Test Event
From DataConduIT” from controller name “DataConduIT Source 6”. This
sample assumes System Administration was used to create a DataConduIT
Source called “DataConduIT Source 6” and demonstrates the five steps
necessary for sending an alarm to Alarm Monitoring. First, the client gets an
instance of Lnl_IncomingEvent object. Second, the client gets the
“SendIncomingEvent” method referred to by oMethod. Third, the method is used
to retrieve a parameter object oInParam. The fourth step is simply set the Source
and Description properties of the oInParam parameter. The Source refers to the
DataConduIT source setup in System Administration. The Description property
is the actual text of the alarm that will be displayed in Alarm Monitoring and

revision 2 — 41
5: Using DataConduIT to Send Alarms to OnGuard

logged into the OnGuard database. The fifth and final step is simply execute the
method using ExecMethod.
The Lnl_IncomingEvent object has no properties and currently supports the
methods “SendIncomingEvent” and “AcknowledgeAlarm”. For more
information, refer to Lnl_IncomingEvent on page 120.
The DataConduIT SendIncomingEvent method allows the ability to generate
Access Granted and Access Denied events for a DataConduIT Source, Device
and SubDevice. This is made possible via the following additional optional
parameters that may be specified to the SendIncomingEvent method:
IsAccessGrant, IsAccessDeny, and BadgeID. For a compete description of these
parameters, refer to Generating Access Granted and Access Denied Events on
page 122.
If ‘IsAccessGrant’ is set to true, the ‘Granted Access’ event will be reported for
the DataConduIT Source, Device or SubDevice specified in the script. Similarly,
if ‘IsAccessDeny’ is set to true, the ‘Access Denied’ event will be reported. If
both of these are set to true, the method will fail since only of these can be set to
true at a given time (i.e., they are mutually exclusive).
The process is similar if the name of the Source and Device parameters
correspond to the name of an access panel and reader respectively. OnGuard
checks to see if the DataConduIT Source name provided matches a DataConduIT
Source. If not, then a check is made to see if it matches the name of a Lenel
access panel. If so, OnGuard checks the Device parameter and see if it matches
the name of a reader assigned to the access panel. If these conditions are met, the
‘Granted Access’ or ‘Access Denied’ events are reported based on how
‘IsAccessGrant’ and ‘IsAccessDeny’ are set.
The BadgeID parameter can be specified when either ‘IsAccessGrant’ or
‘IsAccessDeny’ are set to true to report an event for a specific OnGuard
cardholder. BadgeID is not required when using ‘IsAccessGrant’ or
‘IsAccessDeny’.

42 — revision 2
DataConduIT User Guide

Chapter 6: Working with MobileVerify

Overview
MobileVerify is a feature that allows the cardholder view in OnGuard to make
grant and deny decisions similar to a reader. DataConduIT has an
Lnl_MobileVerify object that provides the ability to determine the configuration
settings of MobileVerify and also help make grant or deny decisions. Here is an
example using Lnl_MobileVerify:

var wbemServices = GetObject("winmgmts://./root/onguard");

var mvClass = wbemServices.Get( "Lnl_MobileVerify" );


var mv = mvClass.SpawnInstance_();
oMethod = mv.Methods_.Item("RecommendProperties");
oOutParam = oMethod.OutParameters.SpawnInstance_();
var mvResult = wbemServices.ExecMethod("Lnl_MobileVerify",
"RecommendProperties", oOutParam);
WScript.Echo("LogicalName: " + mvResult.LogicalName + "\n" +
"AssociatedDropdown: " +
mvResult.AssociatedDropdown + "\n" +
"DenyText: " + mvResult.DenyText + "\n" +
"DenyColor: " + mvResult.DenyColor + "\n" +
"GrantText: " + mvResult.GrantText + "\n" +
"GrantColor: " + mvResult.GrantColor + "\n"
);

The sample above will retrieve important configuration settings about the
MobileVerify feature and display them. The other supporting methods for the
MobileVerify feature are IsGrant, LogGrant, LogDeny, and SystemSetting.
Programmers can use these methods to simulate the MobileVerify feature in other
applications. For more information about the methods related to MobileVerify,
refer to Chapter 13: Reference on page 105.

revision 2 — 43
6: Working with MobileVerify

44 — revision 2
DataConduIT User Guide

Chapter 7: Troubleshooting and Advanced


Options

Receiving Error Information from DataConduIT


DataConduIT performs authorization and validation checks on all incoming
queries and requests to write data to OnGuard. If these checks do not pass or
some other type of error occurs, an error code and message will be returned to the
client. To retrieve the error message, you need to use the SWbemLastError
object. Here’s an example that demonstrates its use:

try {
// do something that would cause an error...
}
catch (e) {
var extStatus = new
ActiveXObject("WbemScripting.SWbemLastError");
if (extStatus != null && extStatus.Description != null) {
WScript.Echo("Error: " + extStatus.Description);
}
else { throw e; }
}

The code sample above catches an error that occurs in DataConduIT. Next, it
creates an instance of the SWbemLastError object and tries to retrieve a
detailed error message from it, stored in its Description property. (Note that the
extStatus object is actually an instance of the Lnl_Error WMI class, if such an
error was returned by DataConduIT.) If a detailed description exists, it is printed
out. Otherwise, if some other type of error occurred, such as a scripting error, that
error will be printed out to the command line when the error is re-thrown.
DataConduIT reports the correct WMI error codes from all its functions. WMI
error codes and their meanings can be found in the Microsoft WMI
documentation reference.

revision 2 — 45
7: Troubleshooting and Advanced Options

Before Calling Technical Support


DataConduIT relies on several configuration options and environment settings of
both OnGuard and the operating system used. If you are experiencing problems,
please be sure to do the following BEFORE contacting technical support:

1. Consult the list of common DataConduIT problems. For more information,


refer to Appendix D: Common DataConduIT Problems on page 179.
2. If the list of common problems did not provide a solution, perform all steps in the
pre-call checklist. For more information, refer to Appendix E: Technical Support Pre-
Call Checklist on page 181.
This will help technical support more accurately identify the problem and
provide some quick potential solutions to the problem you are experiencing.

Error Logging
DataConduIT maintains an error log in the standard WMI logging directory. This
directory is located at:
• <windows directory>\system32\wbem\logs.
or, if using Windows Server 2008 R2 64 at:
• <windows directory>\SysWOW64\wbem\Logs
The log file is named DataConduIT.log. Any errors that occur in DataConduIT
are logged to this file, along with the data and time that they occurred. This
includes errors that can be retrieved from DataConduIT using the
SWbemLastError object described in the previous section.
OnGuard allows you to configure the filename of the DataConduIT log file as
well as how verbose the logging is. Both of these parameters are configured in
the registry on the machine where DataConduIT is running. Both registry values
are located in the registry at:
• HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard\DataConduIT
or, if using Windows Server 2008 R2 64 at:
• HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenel\OnGuard\Da
taConduIT.
(Note that the DataConduIT key does not exist by default - you will have to
create it.)
The log file filename is stored in the value “DebugFile” in this key. This is the
full path to the log file, such as c:\program files\OnGuard\DataConduIT.log.
The logging level is stored in the value “DebugLevel” in this key. Possible values
are 0 (normal/default), 1 (verbose), 2 (extra verbose). Note that when
DebugLevel is set to 1 or 2, the log file can become large very quickly.
Therefore, the DebugLevel should only be set above 0 when trying to debug an
error. Note that the debug logging level must be a DWORD for the process to
work correctly.

46 — revision 2
DataConduIT User Guide

If you need to call tech support regarding a DataConduIT issue, you should first
reproduce your particular error while the DebugLevel is set to 2. Next, create a
ZIP archive containing the contents of the WMI log folder, the DataConduIT log
file, and the Lenel error log. This will be very helpful to tech support as they help
you with your issue.

Changing the Database Connection Pool Time


DataConduIT uses a database connection pool. A connection in the pool is closed
after a certain period of inactivity. This period of time is specified in the value
“DATABASETIMEOUT” in the
HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard\DataConduIT registry
key. (Note that the DataConduIT key does not exist by default - you will have to
create it.)
By default, the DATABASETIMEOUT value is not specified in the registry, and
the timeout value is 5 minutes. If the DATABASETIMEOUT value is specified
in the registry, the time specified (in seconds) will be used for the timeout value.

Tuning Parameters
DataConduIT allows administrators to tune some parameters that it uses for
general operation and for communication with other servers. All of these
parameters are stored in the database in the LNLCONFIG table. These
parameters are described the table below. ID refers to the value in the
LNLCONFIG.LNLCONFIGID column. The default value is the value assigned
to the parameter if the LNLCONFIG table does not contain a record with this ID.

ID Default Description Used By


Value

33 60 Number of seconds for which DataConduIT caches user logon credentials. DataConduIT
After this time, the cached credentials are refreshed from the database.

34 60 Number of seconds for which DataConduIT caches its panel/segment ID DataConduIT


map.

35 15 Number of seconds in polling interval for software events by the Linkage Linkage Server
Server.

36 3 Number of seconds between which changes to tables for the same object are Linkage Server
considered part of the same software event.

37 10 Number of seconds between attempts by DataConduIT to contact the DataConduIT


Linkage Server to notify it of WMI event registrations.

38 30 Number of seconds after startup that the Linkage Server waits to receive Linkage Server
event registrations from DataConduIT servers.

revision 2 — 47
7: Troubleshooting and Advanced Options

ID Default Description Used By


Value

39 3600 Number of seconds for which DataConduIT caches class definitions for Linkage Server
dynamically generated classes.

Important: These configuration parameters should only be set by system administrators


when trying to correct a problem.

Setting or changing any of these tuning parameters requires a restart of the


appropriate server to take effect.

Stopping and Restarting the DataConduIT Service


Stopping and restarting the DataConduIT service is generally unnecessary. During
normal operation, the server should be left running at all times. Although
DataConduIT is installed as a manually-run service, WMI will start it
automatically whenever it has a request to make. This includes a request for data
as well as event query registrations.
In a few limited circumstances, however, you will need to stop and restart
DataConduIT to allow it to retrieve new configuration information. DataConduIT
needs to be stopped and restarted after any of the following changes are made:
• You change the data source DSN in your ACS.INI file.
• You modify a cardholder, visitor, or badge layout in FormsDesigner.
• You change any of the tuning parameters (discussed above) that DataConduIT
uses.
• You install a new license.

Note: If you have any event consumers running and you stop DataConduIT, WMI
will automatically restart DataConduIT after a couple seconds.

48 — revision 2
DataConduIT User Guide

Chapter 8: Getting Started with DataConduIT


Message Queues

DataConduIT can be used alone, or it can be used in combination with message


queues. Message queues are used to store DataConduIT software events. When
message queues are used, the LS DataConduIT Message Queue Server service is
used to package DataConduIT events into XML and send them across the queue.
The service also receives XML and packages it up into DataConduIT requests.
The LS DataConduIT Message Queue Server service uses Windows Management
Instrumentation or WMI for short to talk to DataConduIT. WMI is a Windows
service that allows providers to expose application data and events to consumers.
Microsoft uses WMI to expose information about the local machine’s installed
hardware and software, performance statistics, registry entries, Active Directory
data, and much more. WMI ships with Windows, and it may be installed on
Windows as a separate software package. Data exposed through WMI can be
accessed by any COM-capable language, such as C++, Visual Basic, and VB
Script.
Since the DataConduIT service is implemented as a WMI provider, it allows
access to OnGuard cardholders, badges, photos, and linked accounts, through a
queue. OnGuard hardware events are also exposed.
The picture below gives a high-level overview of how the DataConduIT and
DataConduIT Message Queue Server services are related to the other major parts
of an OnGuard system.

DataConduIT Linkage Server


Service
Workstation (WMI Provider)

Third-Party
IT Queue
Scripts
DataConduIT Message
Queue Server Communication
Service Servers

Lenel
DB

Hardware

DataConduIT Message Queue runs as a Windows service on a machine. The


service registers with DataConduIT who in turn registers with the Linkage Server
to receive events. The Linkage Server receives hardware events by contacting all
the communication servers in its region. The Linkage Server receives software
events directly from the OnGuard database.
Note that while the Linkage Server, the DataConduIT Service, the DataConduIT
Message Queue Service and the client workstation are pictured as residing on
different machines, the setup has all four running on the same computer. Also,
note that DataConduIT Message Queue requires/depends on a third party queue
system running on the machine that is to receive XML packages from the

revision 2 — 49
8: Getting Started with DataConduIT Message Queues

DataConduIT Message Queue service. The workstation and the third party queue
system are shown separately but actually reside on the same machine.

Overview of DataConduIT Message Queue Functions


The DataConduIT Message Queue service includes most of the capabilities of
DataConduIT, including:
• Send/receive Cardholder data
• Send/receive Visitor data
• Send Cardholder/Visitor Photos
• Send/receive Badge data
• Send/receive Linked Account data
• Send hardware events
Data will be sent/received when any of the above are created, modified, or
deleted. However, the following DataConduIT capabilities are not supported:
• View directory definitions
• View information about readers, anti-passback areas, and the relationships
between them
• View information about segments and segment groups
All photos are sent with the cardholder/visitor data, and are sent with base-64
encoding. Photos are not sent when a cardholder is deleted, because when a
cardholder is deleted, the photo is also deleted.
Each message sent across the queue contains either a hardware event or all
information for one cardholder. So, if a badge is modified, the message contains
the cardholder, the badge, the pictures (if configured to do so), and the linked
accounts along with what has changed.
Directories, readers and segments cannot be viewed via the queue. However,
these are available as enumerations inside the XML Schema just like the user-
defined field dropdowns are, and the XML message contains the ID of the
referencing object.

Supported Queue Types


OnGuard supports IBM WebSphere® MQ, formerly known as MQSeries. You
must purchase the IBM WebSphere MQ software to setup DataConduIT Message
Queue. IBM WebSphere MQ supports two types of message queues: incoming
and outgoing. A queue must be designated as incoming or outgoing; it cannot be
both.
Incoming queues allow you to send a request to the OnGuard software. Incoming
queues are used to receive cardholder data, visitor data, cardholder/visitor
photos, badge data, and linked account data from the user.

50 — revision 2
DataConduIT User Guide

Outgoing queues allow OnGuard to send messages to you. Outgoing queues are
used to send cardholder data, visitor data, cardholder/visitor photos, badge data,
linked account data, and hardware events to the user.

Outgoing Queue Overview


DataConduIT Message Queue takes DataConduIT events, packages them up in
XML, and sends them out. If a cardholder is added, DataConduIT will take the add
cardholder object and send it out to whomever wants to know about it. You might
tell DataConduIT to give you all the cardholder adds. If you’re just using
DataConduIT, you must install scripts that say what you want to register for, what
you want to know about, and you’re sent limited information. For example, if
you’re sent a badge add, you’re sent only badge properties. You wouldn’t know
what the cardholder properties are. You then have to know that the EMP ID,
which is something that is only used by OnGuard, is paired to this cardholder.
This puts the responsibility on you to look up the EMP ID and then ask
DataConduIT to give you the cardholder object. Basically, you have to talk back
and forth to DataConduIT.
DataConduIT Message Queue is designed to take away that layer. You do not need
to talk to DataConduIT, and you do not need to run scripts; everything is
automated through the user interface. When you tell the user interface what kind
of information you want, it will automatically set you up to get that information,
and all the information will be put on these queues, instead of just being sent
across to you. You can let them build up for days if you want, they’ll just be
sitting in the queue.
Because OnGuard does not allow you to talk back and forth to these queues, the
queues are designed to be one-way. When they receive events, there’s a one-way
traffic. When a cardholder’s properties, badges, or accounts are changed,
DataConduIT Queue will look up all cardholder information and send it across the
queue as XML. Photos are optional because they are large. All of this
information is sent as XML. This way you can store the data you want without
having to look up anything extra. Any data in the XML packet can be ignored if
you wish.

Schema Overview
The schema shows the structure of the OnGuard events going across the queue
and the format for making requests to the OnGuard software. The schema is
available through the OnGuard user interface by clicking the [Generate Schema]
button on the DataConduIT Message Queues form. This will detect all UDF drop-
down values as well as custom cardholder forms. The schema is saved as a
separate file with a .XSD extension. The schema is not sent across the queue and
there is no way to request it other than to generate it in System Administration. If
FormsDesigner changes are made, DataConduIT and DataConduIT Message Queue
must be restarted to pick up the new layout, and the schema must be regenerated.
In order to have the schema dynamically generated via System Administration,
you must be logged in using single sign-on. This is required for WMI, which is
needed to build the schema.

revision 2 — 51
8: Getting Started with DataConduIT Message Queues

When you’re generating the schema, you have to make sure you’re generating
the schema on a machine that DataConduIT is running on. This is because to
generate the schema, OnGuard needs to communicate with DataConduIT to get
database information. If it’s not, an error will be generated that tells you to check
the log.
When the DataConduIT Message Queue service starts up, it will also generate its
own copy of the schema. If you receive a message with a format or value that is
not in the schema, you must generate a new one to use. If the DataConduIT
Message Queue service cannot validate the DataConduIT request that it was sent
with the XML schema that it has, an error will occur. You may need to restart
both services so that a new schema is generated.

How DataConduIT Message Queue Handles Database


Layout Changes
It is strongly recommended that all necessary changes to FormsDesigner be made
before using DataConduIT or DataConduIT Message Queue. After using
FormsDesigner to make changes to the database, you must restart the LS
DataConduIT Service, LS Linkage Server, and LS DataConduIT Message Queue
Server services in order to pick up the new database layouts. You must also
regenerate the schema.

Updating the Database with Queue Changes


Consider the scenario where you have five queues configured and the
DataConduIT Message Queue service is running. If you decide that you don’t
want badge events or notifications on one queue, you can modify the queue and
tell it not to send badge events. DataConduIT Message Queue will check and see if
anything has changed about these queues, and will pickup the change. How often
does DataConduIT Message Queue check the queues?
DataConduIT Message Queue periodically looks at the database to see if anything
has changed. This period of time is specified in the value
“DATABASEUPDATE” in
HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard\DataConduITQueu
e registry key.

Note: The DataConduITQueue key does not exist by default - you will have to
create it.

By default, the DATABASEUPDATE value is not specified in the registry, and


the update value is one minute. If the DATABASEUPDATE value is specified in
the registry, the time specified (in seconds) will be used for the update value.

52 — revision 2
DataConduIT User Guide

Error Logging
DataConduIT Message Queue errors are written to the DataConduITQueue.log
file in the OnGuard logs directory (located in C:\Program Files\OnGuard\logs
by default). Here are a few of the most common situations where an error
message would be written to the DataConduITQueue.log file.

• If connection to the queue/queue manager is lost. Constant connection to


the queue/queue manager is critical. If at any time the connection is lost, the
LS DataConduIT Message Queue Server service will try to reconnect.
Incoming queues try to reconnect every 15 seconds and outgoing queues will
try to reconnect every time a message is about to be sent.
The service will not write errors to the log if it is shut down. An error will be
written only when the queue manager or queue is unreachable or if the queue
was not configured correctly in System Administration.

• Can’t log in.

• Can’t connect to DataConduIT.

• Can’t send request to DataConduIT for validation reasons.

• A request that does not match the schema. If a message with an invalid
schema is received, an error will be written to the DataConduITQueue.log
file.
If the DataConduITQueue.log does not provide enough information or if you
are directed to do so, refer to the DataConduIT.log file. For more information,
refer to Error Logging on page 46.

Installing DataConduIT Message Queue


DataConduIT Message Queue is installed as part of a standard server installation.
Note that DataConduIT must be on the same machine that the Linkage Server is
running on if you want to receive events. Therefore, DataConduIT Message Queue
is required to be on the same machine as the Linkage Server and DataConduIT is
configured to run on; it cannot be run on a separate machine.
DataConduIT Message Queue runs as a Windows service under the same account
that single sign-on is enabled for. DataConduIT Message Queue is installed with
the login as LocalSystem, as all the other OnGuard services are, but it will not
work under the LocalSystem account. You must change the account that
DataConduIT Message Queue runs under by following Change the Account the
DataConduIT Message Service is Run With on page 56.
The Linkage Server does not need to be running if you are using incoming
queues. The Linkage Server is only used to receive events. Since you can only set
up one instance of the Linkage Server per system, you can only setup one
instance of DataConduIT Message Queue per system. If you set up DataConduIT
Message Queue on machine A and you want to get events on machine B, all you
have to do is setup your queue software to have client tools to B. You can still

revision 2 — 53
8: Getting Started with DataConduIT Message Queues

receive events at any machine that you want; it’s where your queues reside that is
key. Your queue doesn’t have to physically reside on the machine you’re setting
up, but you must have the IBM WebSphere client tools on the machine you’re
setting up the queue on.

License for DataConduIT Message Queue


DataConduIT and DataConduIT Message Queue are separately licensed features.
You can have a license for only DataConduIT, or a license for DataConduIT and
DataConduIT Message Queue.
The DataConduIT Message Queue license is count-based; you are licensed to use a
certain number of queues. Every time you click [Add] on the DataConduIT
Message Queues form in System Administration, this counts as another queue.
The number of queues you are licensed to use is displayed in the “Maximum
Number of Message Queues”setting in the General section of the license, as
shown.

Setting Permissions to Use DataConduIT

System Options
The Generate software events checkbox on the General System Options form in
the System Options folder must be selected so that events will be generated for
DataConduIT Message Queue to package up into XML and send over the queue.
Before this checkbox can be selected, the Linkage Server must be running, and
the Linkage Server Host must be specified on the General System Options form
in the System Options folder.

54 — revision 2
DataConduIT User Guide

The following screenshot shows the DataConduIT-specific event permissions that


must be set to use DataConduIT Message Queue.

User Permissions
For a user to be able to use DataConduIT Message Queue, the user must have the
DataConduIT message queues and DataConduIT Service user permissions:
• Configure the DataConduIT message queues permission in System
Administration by opening the Users folder and expanding the Software
options group on the System Permission Groups form. The user must have
View/Access permissions. The user can also have Add, Modify, and/or
Delete permission for message queues.
• Configure the DataConduIT Service permission by expanding Software
Options - Applications, under which DataConduIT Service is listed.
All functionality available through DataConduIT is controlled by the same
permissions that you already use to manage data in ID CredentialCenter. For
example, if you want to add a cardholder through DataConduIT, you must have the
Add Cardholder user permission. If you want to view readers through
DataConduIT, you must have the View Reader user permission.
Existing permissions also control who can receive hardware and software events.
For hardware events, the client should only be able to receive events on its
segment. For software events, the client should only be able to receive events for
objects that the client can view on its segment. This means that the object must be
in one of the client’s segments, and the client must have permission to view the
object and all of its properties (for objects with view/access permissions).

revision 2 — 55
8: Getting Started with DataConduIT Message Queues

Configuring DataConduIT Message Queue

Steps to Configure DataConduIT Message Queue


1. Install IBM WebSphere MQ software.
2. In IBM WebSphere MQ, configure the queues that you want for use with the
OnGuard software.
3. Set up DataConduIT as you normally would. This includes:
a. Set up the Linkage Server.
b. Check the software events.
c. Select the Generate software events checkbox on the General System
Options form in the System Options folder.
d. Set up single sign-on for DataConduIT.
4. Change the account the DataConduIT Message Queue Server service is run
with.

Change the Account the DataConduIT Message Service


is Run With
DataConduIT Message Queue Server is installed with the login as LocalSystem,
as all the other services do. However, it will not work under the LocalSystem
account. You must change the LS DataConduIT Message Queue Server service to
logon under the account that single sign-on is enabled for. To do this:

1. Click the Windows Start button, then select Settings > Control Panel.
2. Double-click “Administrative Tools”.
3. Double-click “Services”.
4. Select the “LS DataConduIT Message Queue Server” service, as shown.

5. Right-click on the “LS DataConduIT Message Queue Server” service and


select Properties from the right-click menu.
6. Click the Log On tab.
a. Select the This account radio button.
b. Click [Browse...].

56 — revision 2
DataConduIT User Guide

c. In the Select User window, select the user account that single sign-on is
enabled for, then click [OK].

d. In the Password field, type the Windows password for the user account
that you selected.
e. In the Confirm Password field, retype the password.
f. Click [OK]. A confirmation message similar to the following will be
displayed:

g. Click [OK].
h. In the Services window, the user account you selected will be displayed
in the Log On As column, as shown.

revision 2 — 57
8: Getting Started with DataConduIT Message Queues

58 — revision 2
System Administration User Guide

Chapter 9: DataConduIT Message Queues Folder

The DataConduIT Message Queues folder contains forms with which you can:
• Add, modify, or delete DataConduIT message queues.
• Generate a schema for the user to reference.
• Configure whether photo and signature information is included in messages.
• Configure when messages are sent.
• Add, modify, or delete a custom object event WMI query, custom access and
security event WMI query.

The DataConduIT Message Queues folder contains one form: the DataConduIT
Message Queues form. The DataConduIT Message Queues form contains three
sub-tabs: General, Settings, and Advanced.

This folder is displayed by selecting DataConduIT Message Queues from the


Administration menu.

For more information about DataConduIT Message Queues, refer to the


DataConduIT User Guide.

revision 2 — 59
9: DataConduIT Message Queues Folder

DataConduIT Message Queues Form (General Sub-tab)

DataConduIT Message Queues Form (Settings Sub-tab)

Note: This sub-tab is only displayed for outgoing queues.

60 — revision 2
System Administration User Guide

DataConduIT Message Queues Form (Advanced Sub-tab)

Note: This sub-tab is only displayed for outgoing queues.

DataConduIT Message Queues Form - DataConduIT Message Queues Form


Form Element Comment

Listing window Lists currently defined DataConduIT message queues. Each entry contains the queue’s name
and type.

Generate Schema Generates a schema for you to reference. If clicked, the Save As window is displayed, and you
must select where to save the schema.

After any changes to the database have been made using FormsDesigner, you must regenerate
the schema so that the updated database is reflected in the schema file.

Note: DataConduIT uses the Windows account of the person who is logged on to the
machine at the time of schema creation. Because of this, it is probably more
preferable for a system administrator to handle all schema generation.

Add Click this button to add a DataConduIT message queue.

Modify Click this button to change a selected DataConduIT message queue.

Delete Click this button to delete a selected DataConduIT message queue.

Help Displays online help for this form.

Close Closes the DataConduIT Message Queues folder.

General Sub-tab

Queue name Enter the queue’s name. This field is case-sensitive.

revision 2 — 61
9: DataConduIT Message Queues Folder

DataConduIT Message Queues Form - DataConduIT Message Queues Form


Form Element Comment

Queue/SNMP This field does not pertain to Microsoft Message Queues. If adding an IBM WebSphere MQ
manager queue, enter the queue manager’s name. This field is case-sensitive. If adding an SNMP Trap
Messages queue, enter the SNMP manager’s IP address. Depending on the network
configuration, a fully qualified NetBios name may be required.

Queue type OnGuard supports the following types of queues: IBM WebSphere MQ, Microsoft Message
Queue, and SNMP Trap Messages. The queue type is selected when a queue is added, and it
cannot be modified after the queue has been added.

Operation The IBM WebSphere MQ queue type supports two operations: incoming and outgoing. A
queue is designated as either incoming or outgoing when it is added. The SNMP Trap
Messages queue type only supports outgoing queues. The operation cannot be modified after a
queue has been added.

Online Shows whether the queue is online or offline. While checked the queue is online and will
function normally. Unchecked makes the queue become offline. Being offline means no events
are sent or received from the queue.

Settings Sub-tab

Include photos and Specifies whether photos, signatures, and fingerprints are included in messages. If this option
signature in is selected, the size of the messages sent is much larger.
messages

Include access Check this box to include access level assignments in the outgoing messages.
level assignments
in messages

Cardholder If selected, a message will be sent whenever a cardholder record is added, modified, or
deleted.

Badge If selected, a message will be sent whenever a badge record is added, modified, or deleted.

Visitor If selected, a message will be sent whenever a visitor record is added, modified, or deleted.

Linked Account If selected, a message will be sent whenever a linked account record is added, modified, or
deleted.

Send a message If selected, a message will be sent every time an access event occurs. Two examples of access
when access events are access granted and access denied events.
events occur

Send a message If selected, a message will be sent every time a security event occurs. Two examples of
when security security events are door forced open and alarm restored events.
events occur

Guarantee Check this box to guarantee delivery of hardware events. This works by first sending the
Delivery events to a table where the DataConduITQueue will then retrieve them. The guarantee is
assured because the table is used as a preliminary queue and the events are not deleted until
picked up by the DataConduITQueue. The DataConduITQueue will not mark the event as
processed until it is written on the designated message queue.

Note: There is a mathematically small possibility that you could receive a duplicate event,
but the chances are negligible.

Advanced Sub-tab

Object event WMI You can type an object event WMI query in directly. Objects include cardholders, linked
query accounts, badges, and visitors.

62 — revision 2
System Administration User Guide

DataConduIT Message Queues Form - DataConduIT Message Queues Form


Form Element Comment

Access and You can type an access and security event WMI query in directly. Access events are events
security event such as access granted and access denied. Security events are events such as door forced open
WMI query and alarm restored.

DataConduIT Message Queues Form Procedures

Add DataConduIT Message Queue


1. From the Administration menu, select DataConduIT Message Queues.
2. On the DataConduIT Message Queues form, click the [Add] button.
3. The Add DataConduIT Message Queue window opens.
a. Select the queue Type.
b. Select the queue Operation. The operation cannot be modified after a
queue has been added.
• The Microsoft Message Queue and IBM WebSphere MQ queue
types support two operations: incoming and outgoing.
• The SNMP Trap Messages queue type supports only the outgoing
operation.

c. Click [OK].
4. On the General sub-tab:
a. In the Queue name field, type the name of the queue. The name is case-
sensitive. For IBM WebSphere MQ queues, this name must be exactly
the same name that you used when setting up the queue in the IBM
WebSphere MQ software.
b. In the Queue manager or SNMP manager field, enter the manager’s
name. If adding an IBM WebSphere MQ queue, enter the queue
manager’s name. If adding an SNMP Trap Messages queue, enter the
SNMP manager’s IP address. Depending on the network configuration,

revision 2 — 63
9: DataConduIT Message Queues Folder

a fully qualified NetBios name may be required. If adding a Microsoft


Message Queue this field is not present.
c. Note that the Queue type and Operation that you selected are
displayed, but cannot be modified.
5. If you added an incoming queue, click [OK] and the queue will be added. If
you added an outgoing queue, continue on to step 6.
6. On the Settings sub-tab:
a. If you wish to have photo, signature, and fingerprint information sent in
messages, select the Include photos and signature in messages check
box.

Note: Including photo information in the messages makes the size of the message
sent much larger.

b. Select whether a message will be sent when cardholder, badge, visitor,


and linked accounts are added, modified, or deleted.
c. If you wish to have a message sent when an access event occurs, select
the Send a message when access events occur check box.
d. If you wish to have a message sent when a security event occurs, select
the Send a message when security events occur check box.
7. Using the Advanced sub-tab is optional and for advanced users. On the
Advanced sub-tab you may:
a. Type an object event WMI query directly into the Object event WMI
query textbox.
b. Type an access and security event WMI query directly into the Access
and security event WMI query textbox.
8. Click the [OK] button.

Note: If you configured an SNMP Trap Messages queue, load the lenel.mib file
into the SNMP Manager so that it knows how to handle and display the
variables it receives. The Lenel MIB file is located in the Support Center/
SNMP folder on the Supplemental Materials disc.

Modify a DataConduIT Message Queue


1. From the Administration menu, select DataConduIT Message Queues.
2. In the listing window of the DataConduIT Message Queues form, select the
queue record you wish to modify.
3. Click the [Modify] button.
4. Make the changes you want to the fields. Changes can be made on any sub-
tab.
5. Click the [OK] button to save the changes, or the [Cancel] button to revert to
the previously saved values.

64 — revision 2
System Administration User Guide

Delete a DataConduIT Message Queue


1. From the Administration menu, select DataConduIT Message Queues.
2. In the listing window of the DataConduIT Message Queues form, select the
queue record you wish to delete.
3. Click the [Delete] button.
4. Click the [OK] button.
5. Click the [Yes] button to confirm the deletion.

revision 2 — 65
9: DataConduIT Message Queues Folder

66 — revision 2
System Administration User Guide

Chapter 10: DataConduIT Sources Folder

DataConduIT Overview
DataConduIT is an advanced application integration service that allows real time,
bidirectional integration between OnGuard and third party IT sources.
DataConduIT allows System Administrators to develop scripts and/or
applications that allow events in one domain (security or IT) to cause appropriate
actions in the other.

For more information, refer to the DataConduIT User Guide available through

DataConduIT Sources Folder


The DataConduIT Sources folder allows System Administrators to add, modify
and delete third-party DataConduIT Sources, Devices, and Sub-Devices. After
third-party sources are added, users can send the incoming events to OnGuard via
DataConduIT and view third party events in Alarm Monitoring.

To send an event to OnGuard via DataConduIT, System Administrators must:


• Define the incoming source in the DataConduIT Sources folder
• Use the Lnl_IncomingEvent::SendIncomingEvent method

Note: The DataConduIT method has four parameters: the source, description,
device (optional), and subdevice (optional). The source of the DataConduIT
method must match the source name on the DataConduIT Sources form. If
the optional parameters are used, the device of the DataConduIT method
must match the device name on the DataConduIT Devices form, and the
subdevice must match the sub-device name on the DataConduIT Sub-
Devices form.

• Have at least one panel (non-system DataConduIT Source) configured and


marked online so that the Communications Server will work properly with
DataConduIT Sources. The panel does not need to exist or actually be online
in Alarm Monitoring, it simply needs to exist and show up in the System
Status view. Once this is set up, events can be successfully received by
Alarm Monitoring from DataConduIT Sources.

Toolbar Shortcut This folder is displayed by selecting DataConduIT Sources from the
Additional Hardware menu, or by selecting the DataConduIT Sources toolbar
button.

revision 2 — 67
10: DataConduIT Sources Folder

DataConduIT Source Downstream Devices


A DataConduIT Source may have DataConduIT Device or DataConduIT Sub-
Device downstream devices. A DataConduIT Device is a child of a DataConduIT
Source, similar to how an alarm panel is a child of an access panel. A
DataConduIT Sub-Device is a sub-child device of a DataConduIT Device,
similar to how an alarm input is a sub-child of an alarm panel. The diagram that
follows illustrates this hierarchy.

DataConduIT Devices and DataConduIT Sub-Devices also display in Alarm


Monitoring in the System Status Tree. For example, a DataConduIT Device
named “Tivoli” with a DataConduIT Device named “Tivoli device” and a
DataConduIT Sub-Device named “Tivoli sub-device” would display in Alarm
Monitoring in the following manner:

License and User Permissions

Licenses Required
No additional license is required to use the DataConduIT Sources folder other
than the “Maximum Number of DataConduIT Clients” license to use
DataConduIT in general.

68 — revision 2
System Administration User Guide

User Permissions Required


DataConduIT Service Permission

The permission required to use DataConduIT in general is the DataConduIT


service user permission. This permission is located in Administration > Users >
System Permission Groups tab > Software Options sub-tab in System
Administration or ID CredentialCenter.

Add, Modify, and Delete DataConduIT Sources, Devices,


and Sub-Devices

The add, modify, and/or delete DataConduIT Sources permissions determine


what functions a user can perform on DataConduIT Sources, DataConduIT
Devices, and DataConduIT Sub-Devices in the DataConduIT Sources folder.
These permissions are located in Administration > Users > System Permission
Groups tab > Additional Data Sources sub-tab in System Administration or ID
CredentialCenter.

Trace DataConduIT Sources, Devices, and Sub-Devices

In addition, user permissions are required to trace DataConduIT Sources,


DataConduIT Devices, and DataConduIT Sub-devices in Alarm Monitoring.
These permissions are located in Administration > Users > Monitor Permission
Groups tab > Monitor sub-tab in System Administration or ID CredentialCenter.

DataConduIT Sources Form

DataConduIT Sources Folder - DataConduIT Sources Form


Form Element Comment

Listing window Lists DataConduIT Source names.

revision 2 — 69
10: DataConduIT Sources Folder

DataConduIT Sources Folder - DataConduIT Sources Form (Continued)


Form Element Comment

Name Identifies the name of the DataConduIT Source. This is a “friendly” name assigned to each
DataConduIT Source to make it easy to identify.

Online If selected, the DataConduIT Source is online and ready for use. To suspend the DataConduIT
Source deselect this box.

World time zone Select the world time zone for the selected access panel’s geographical location. The
selections in the drop-down list are listed sequentially, and each includes:

• The world time zone’s clock time relative to Greenwich Mean Time. For example,
(GMT+05:00) indicates that the clock time in the selected world time zone is 5 hours
ahead of the clock time in Greenwich, England.
• The name of one or more countries or cities that are located in that world time zone.

Daylight savings Select this check box if Daylight Savings Time is enforced in the selected access panel’s
geographical location.

Add Click this button to add a DataConduIT Source.

Modify Click this button to modify a DataConduIT Source.

Delete Click this button to delete a DataConduIT Source.

Help Click this button to display online help for this form.

Multiple Selection If selected, more than one entry in the listing window can be selected simultaneously. The
changes made on this form will apply to all selected DataConduIT Sources.

Close Click this button to close the DataConduIT Sources folder.

70 — revision 2
System Administration User Guide

DataConduIT Sources Form Procedures

Add a DataConduIT Source


1. From the Additional Hardware menu, select DataConduIT Sources. The
DataConduIT Sources folder opens.
2. On the DataConduIT Sources tab, click [Add].
3. If segmentation is not enabled, skip this step. If segmentation is enabled:
a. The Segment Membership window opens. Select the segment that this
DataConduIT Source will be assigned to.
b. Click [OK].
4. In the Name field, type a name for the DataConduIT Source.
5. Select whether the DataConduIT Source will be online.
6. Select the world time zone and daylight savings options as you see fit.
7. Click [OK].

Important: In addition to having a DataConduIT Source configured, there must be at


least one panel (non-system DataConduIT Source) configured and marked
online so that the Communications Server will work properly with
DataConduIT Sources. The panel does not need to exist or actually be online
in Alarm Monitoring, it simply needs to exist and show up in the System
Status view. Once this is set up, events can be successfully received by
Alarm Monitoring from DataConduIT Sources.

Modify a DataConduIT Source


1. From the Additional Hardware menu, select DataConduIT Sources.
2. On the DataConduIT Sources tab, select the entry you want to modify from
the listing window.
3. Click [Modify].
4. Make any changes.
5. Click [OK].
6. A prompt to confirm that you want to make the modification displays. Click
[OK].

revision 2 — 71
10: DataConduIT Sources Folder

Delete a DataConduIT Source


To suspend a DataConduIT Source without deleting it, take it offline.

1. From the Additional Hardware menu, select DataConduIT Sources.


2. On the DataConduIT Sources tab, select the entry you want to delete from
the listing window.
3. Click [Delete].
4. Click [OK].
5. A prompt to confirm that you want to make the deletion will be displayed.
Click [OK].

DataConduIT Devices Form

DataConduIT Sources Folder - DataConduIT Devices Form


Form Element Comment

Listing window Lists DataConduIT Device names.

Name Identifies the name of the DataConduIT Device. This is a “friendly” name assigned to each
DataConduIT Device to make it easy to identify.

DataConduIT Select the DataConduIT Source that is the parent of the child device being configured.
Source DataConduIT Sources are configured on the DataConduIT Sources tab (Additional
Hardware > DataConduIT Sources > DataConduIT Sources tab).

Add Click this button to add a DataConduIT Device.

Modify Click this button to modify a DataConduIT Device.

Delete Click this button to delete a DataConduIT Device.

Help Click this button to display online help for this form.

72 — revision 2
System Administration User Guide

DataConduIT Sources Folder - DataConduIT Devices Form (Continued)


Form Element Comment

Multiple Selection If selected, more than one entry in the listing window can be selected simultaneously. The
changes made on this form will apply to all selected DataConduIT Devices.

Close Click this button to close the DataConduIT Sources folder.

DataConduIT Devices Form Procedures

Add a DataConduIT Device


Prerequisite: Before a DataConduIT Device can be configured, its parent
DataConduIT Source must first be configured.

Note: If segmentation is enabled, the segment of the DataConduIT Source will be


used as the segment for the DataConduIT Device.

1. From the Additional Hardware menu, select DataConduIT Sources. The


DataConduIT Sources folder opens.
2. Click the DataConduIT Devices tab.
3. Click [Add].
4. In the Name field, type a name for the DataConduIT Device.
5. Select the DataConduIT Source that is the parent of the DataConduIT
Device.

Note: The DataConduIT Source must be configured on the DataConduIT Sources


tab.

6. Click [OK].

Modify a DataConduIT Device


1. From the Additional Hardware menu, select DataConduIT Sources.
2. Click the DataConduIT Devices tab.
3. Select the entry you want to modify from the listing window.
4. Click [Modify].
5. Make any changes.
6. Click [OK].
7. A prompt to confirm that you want to make the modification displays. Click
[OK].

revision 2 — 73
10: DataConduIT Sources Folder

Delete a DataConduIT Device


1. From the Additional Hardware menu, select DataConduIT Sources.
2. Click the DataConduIT Devices tab.
3. Select the entry you want to delete from the listing window.
4. Click [Delete].
5. Click [OK].
6. A prompt to confirm that you want to make the deletion will be displayed.
Click [OK].

DataConduIT Sub-Devices Form

DataConduIT Sources Folder - DataConduIT Sub-Devices Form


Form Element Comment

Listing window Lists DataConduIT Sub-Device names, along with the parent DataConduIT Device and
DataConduIT Source.

Name Identifies the name of the DataConduIT Sub-Device. This is a “friendly” name assigned to
each DataConduIT Sub-Device to make it easy to identify.

DataConduIT Select the DataConduIT Device that is the parent of the child Sub-Device being configured.
Device DataConduIT Devices are configured on the DataConduIT Devices tab (Additional
Hardware > DataConduIT Sources > DataConduIT Devices tab).

Add Click this button to add a DataConduIT Sub-Device.

Modify Click this button to modify a DataConduIT Sub-Device.

Delete Click this button to delete a DataConduIT Sub-Device.

Help Click this button to display online help for this form.

74 — revision 2
System Administration User Guide

DataConduIT Sources Folder - DataConduIT Sub-Devices Form (Continued)


Form Element Comment

Multiple Selection If selected, more than one entry in the listing window can be selected simultaneously. The
changes made on this form will apply to all selected DataConduIT Sub-Devices.

Close Click this button to close the DataConduIT Sources folder.

DataConduIT Sub-Devices Form Procedures

Add a DataConduIT Sub-Device


Prerequisite: Before a DataConduIT Sub-Device can be configured, its parent
DataConduIT Source and DataConduIT Device must be configured.

Note: If segmentation is enabled, the segment of the DataConduIT Source will be


used as the segment for the DataConduIT Sub-Device.

1. From the Additional Hardware menu, select DataConduIT Sources. The


DataConduIT Sources folder opens.
2. Click the DataConduIT Sub-Devices tab.
3. Click [Add].
4. In the Name field, type a name for the DataConduIT Sub-Device.
5. Select the DataConduIT Device that is the parent of the DataConduIT Sub-
Device.

Note: The DataConduIT Device must be configured on the DataConduIT Devices


tab.

6. Click [OK].

Modify a DataConduIT Sub-Device


1. From the Additional Hardware menu, select DataConduIT Sources.
2. Click the DataConduIT Sub-Devices tab.
3. Select the entry you want to modify from the listing window.
4. Click [Modify].
5. Make any changes.
6. Click [OK].
7. A prompt to confirm that you want to make the modification displays. Click
[OK].

revision 2 — 75
10: DataConduIT Sources Folder

Delete a DataConduIT Sub-Device


1. From the Additional Hardware menu, select DataConduIT Sources.
2. Click the DataConduIT Sub-Devices tab.
3. Select the entry you want to delete from the listing window.
4. Click [Delete].
5. Click [OK].
6. A prompt to confirm that you want to make the deletion will be displayed.
Click [OK].

76 — revision 2
System Administration User Guide

Chapter 11: OPC Connections Folder

OPC Client Overview


The OnGuard OPC Client is a solution for integrating OnGuard with existing
third party OPC Servers. The OnGuard OPC Client is an OPC-Alarms and
Events client that can connect to any OPC Alarms and Events server. The
purpose of the OnGuard OPC Client is to allow OPC Servers to send event and
alarm notifications to OnGuard using the OLE for Process Control (OPC)
industry standard format.

The OnGuard OPC Client consists of an user interface component to configure


OPC Connections and a service component that subscribes to specified OPC
Servers to receive event and alarm notifications.

OPC Client Functions


The purpose of the OnGuard OPC Client is to:
• Provide real time communication with any compatible OPC source
• Monitor events and alarms shared by the OnGuard OPC Client and
compatible OPC sources

Note: Events and alarms sent by an OPC Server can be viewed, logged and even
used to trigger specific actions.

revision 2 — 77
11: OPC Connections Folder

OPC Connections Folder


The OPC Connections folder contains the OPC Connections form and the OPC
Sources form from which you can:
• Add, modify or delete OPC Connections
• Test OPC Connections
• Modify the OPC Source name

Toolbar Shortcut This folder is displayed by selecting OPC Connections from the Additional
Hardware menu, or by selecting the OPC Connections toolbar button.

Note: To use this folder an OPC Client support license is required and you must
have the correct permissions.

OPC Connections Form


In order to obtain data from an OPC Server, the OnGuard OPC Client must first
establish a connection to the OPC Server using standard COM object installation
routines. Clients set up two-way communication using connection point
interfaces. This communication can be suspended by clients at any time.

The OPC Server can either be local or it can be accessed via DCOM on a remote
machine. DCOM (Distributed Component Object Model) is a set of Microsoft
concepts and program interfaces in which client program objects can request
services from server program objects on other computers in a network.

78 — revision 2
System Administration User Guide

Note: In order to view, add, modify or delete the OPC connection users must have
the correct permissions. For more information, refer to System Permission
Groups Form Procedures on page 462.

OPC Connections Folder - OPC Connections Form


Form Element Comment

Listing window Displays the names of OPC connections.

Name Identifies the name of the OPC connections. This is a “friendly” name assigned to each
connection to make it easy to identify. After the OPC Client is added, users can overwrite the
default name.

Online If selected, the OPC connection will be online. To suspend the OPC connection, deselect this
box.

Note: Select this check box to place the OPC Client online with the OPC Server. This does
NOT necessarily mean the OPC Client is online with the actual hardware panel.

Workstation This is the workstation running the Communication Server.

Note: The OnGuard OPC Client is implemented as a device translator. Therefore it is


active when the Communication Server is running.

Browse Browse for the workstation the OnGuard OPC Client is on.

World time zone Select the world time zone for the selected access panel’s geographical location. The
selections in the drop-down list are listed sequentially, and each includes:

• The world time zone’s clock time relative to Greenwich Mean Time. For example,
(GMT+05:00) indicates that the clock time in the selected world time zone is 5 hours
ahead of the clock time in Greenwich, England.
• The name of one or more countries or cities that are located in that world time zone.

Daylight savings Select this check box if Daylight Savings Time is enforced in the selected access panel’s
geographical location.

revision 2 — 79
11: OPC Connections Folder

OPC Connections Folder - OPC Connections Form (Continued)


Form Element Comment

OPC Server Includes the Host Name and ProgID fields and the [Select OPC Server] and [Test OPC
Parameters Connection] push buttons.

Host Name The computer the OPC Server is on. To populate the Host Name and ProgID fields, click the
[Select OPC Server] button.

ProgID The OPC Server’s global unique identifier. To populate the Host Name and ProgID fields,
click the [Select OPC Server] button.

Select OPC Server Displays the Select OPC Server window which enables you to select the OPC Server by
searching for it or manually entering it.

Test OPC Tests a specified OPC Connection. When the OPC connection is successful the OPC Server
Connection Properties window displays the current OPC Server status.

Note: The client to server connection is tested. The client to alarm panel connection is
NOT tested.

Add Adds an OPC connection.

Modify Modifies or suspends an OPC connection.

Delete Deletes an OPC connection.

Help Displays online help for this form.

Close Closes the OPC Connections folder.

Select OPC Server Window

Form Element Comment

Computer Name Enter the name of the computer the OPC Server is on.

Browse Browse all available computers on the network.

Search Searches the specified computer for OPC Servers that are on it.

80 — revision 2
System Administration User Guide

Form Element Comment

OPC Servers Listing Displays the OPC Servers on the specified computer.
Window

OK Adds the OPC Server parameters to the OPC Connections form.

Cancel Cancels the current selection and closes the Select OPC Server window.

OPC Connections Form Procedures

Add an OPC Connection


1. From the Additional Hardware menu, select OPC Connections. The OPC
Connections folder opens.
2. On the OPC Connections tab, click [Add].
3. If segmentation is not enabled, skip this step. If segmentation is enabled:
a. The Segment Membership window opens. Select the segment that this
OPC connection will be assigned to.
b. Click [OK].
4. In the Name field, type a name for the OPC connection.
5. Select whether the OPC connection will be online.

Important: When the OPC connection shows up as online, that means it is online with
the OPC Server and NOT necessarily online with the actual hardware panel.

6. Select or enter the workstation the Communication Server is running on.


7. Click [Select OPC Server]. The Select OPC Server window displays.
a. Enter or browse the name of the computer the OPC Server is on.
b. Click [Search]. The OPC Servers on the specified computer display.
c. Select (place a checkmark beside) the correct OPC Server and click
[OK].
8. Select the world time zone and daylight savings options as you see fit.
9. The Host Name and Program ID fields automatically populate on the OPC
Connections form.
10. Click [Test OPC Connection] to verify the OPC connection is successful and
to view the current OPC Server status.
11. Click [OK].

revision 2 — 81
11: OPC Connections Folder

Modify an OPC Connection


1. From the Additional Hardware menu, select OPC Connections.
2. On the OPC Connections tab, select the entry you want to modify from the
listing window.
3. Click [Modify] and make the appropriate modifications. To suspend an OPC
Connection take it offline.
4. Click [OK].
5. A prompt to confirm that you want to make the modification will be
displayed. Click [OK].

Delete an OPC Connection


To suspend an OPC Connection without deleting it, take it offline.

1. From the Additional Hardware menu, select OPC Connections.


2. On the OPC Connections tab, select the entry you want to delete from the
listing window.
3. Click [Delete].
4. Click [OK].
5. A prompt to confirm that you want to make the deletion will be displayed.
Click [OK].

Test OPC Connection


1. From the Additional Hardware menu, select OPC Connections.
2. Open the OPC Connections tab and select the OPC Client.
3. Click [Modify].
4. Click [Test OPC Connection].
5. If the test is successful the OPC Server Properties window displays and
contains real time data about the OPC Server.

82 — revision 2
System Administration User Guide

OPC Sources Form


While the OnGuard OPC Client is connected to a particular OPC Server, it can
receive event notifications from that server and send event information to
monitoring stations. When the OnGuard OPC Client receives an event from the
OPC Server the source is automatically added to the OPC Sources form listing
window.

System Administrators cannot manually add OPC Sources to the OPC Sources
form listing window. The [Add] button will always be grayed out. System
Administrators can however, modify the OPC Source name. This is also the
name that displays in Alarm Monitoring under the Device column of the alarm
view as well as in the system status tree.

OPC Connections Folder - OPC Sources Form


Form Element Comment

Listing window Lists the active OPC connections.

Name The name for the selected OPC source. Users can modify this name which also displays in
Alarm Monitoring.

Description The original name of the OPC source. The description is read only.

OPC Connection Identifies the OPC Server the client is connected to. This is a read only field.

Add Does not apply. For more information, refer to OPC Client Overview on page 77.

Modify Click this button to modify the OPC source name

Delete Click this button to delete the OPC source.

Help Click this button to display online help for this form.

Close Click this button to close the OPC Connections folder.

revision 2 — 83
11: OPC Connections Folder

OPC Sources Form Procedures

Modify OPC Source Name


1. From the Additional Hardware menu, select OPC Connections.
2. Open the OPC Sources tab.
3. Select an OPC Source.
4. Click [Modify].
5. Edit the OPC Source Name.
6. Click [OK].

Delete OPC Source


1. From the Additional Hardware menu, select OPC Connections.
2. Click the OPC Sources form/tab.
3. Select an OPC Source.
4. Click [Delete] to temporarily discontinue the OPC connection.

OnGuard OPC Client Scenario


Let’s look at a hypothetical customer in the airline industry. This customer has an
existing central control room with several OPC compliant servers monitoring
every flight and traveler information.

New high security access control card readers, cameras and motion detectors
have been installed and the customer wants to integrate this with their existing
systems and monitor access control alarms and events from the same control
room.

84 — revision 2
System Administration User Guide

How does the customer monitor the access control alarms and events using the
existing OPC Servers?

Customer’s Monitoring Station Customer’s Monitoring Station


with OnGuard Alarm Monitoring with OnGuard Alarm Monitoring
Installed. Receives access Installed. Receives access
control alarms as well as alarms control alarms as well as alarms
from other hardware from other hardware

PC1 with PC2 with


OnGuard
Communication Communication
database
Server 1 running Server 2 running

OnGuard

Customer’s Existing
System

Vendor 1 Vendor 2 Vendor N


OPC Server OPC Server OPC Server N

Access Other Other Other


control events events events
events occur for occur for occur for
occur Vendor 1 Vendor 2 Vendor N

By making OnGuard an OPC Client, the customer can use OnGuard to


communicate directly with their existing OPC Servers. To make OnGuard an
OPC Client the OPC support license must be purchased.

The OnGuard OPC Client, receives and translates alarms and events from the
OPC Server and outputs them in the Alarm Monitoring application along with
the alarm and events received from the newly installed access control system.

Displaying Data
The OnGuard OPC Client supports every event attribute required by OPC
specifications. The following table indefinites how OPC event attributes are

revision 2 — 85
11: OPC Connections Folder

mapped to OnGuard events. Note that the source name attribute can be modified
to a user-friendly name.

OPC event Description OnGuard event attribute in


attribute Alarm Monitoring alarm view

OPC Connection Identifies the OPC Server that the OnGuard OPC “Controller” field in alarm view
Description Client is communication with.Text description of the
OPC connection configured in System
Administration. This is also the name of the
controller when configuring monitor zones.

Source The object which generated the event. “Device” field in alarm view

Message Text which describes the event. “Event description” field in alarm
view

Event Category The vendor-specific category which this event Part of the “Associated Text” field in
belongs. alarm view

Severity The urgency of the event. Alarm priority

Condition Name The name of the OPC condition/alarm related to the Part of the “Associated Text” field in
event notification. alarm view

Quality The current quality of the data. Part of the “Associated Text” field in
alarm view

86 — revision 2
Advanced Installation Topics

Chapter 12: Using SNMP with OnGuard

SNMP (Simple Network Management Protocol) is used primarily for


managing and monitoring devices on a network. This is achieved through
the use of get and set requests which access and modify variables on a
given device, as well as SNMP traps which are used to notify Managers of
changes as they occur. The device which is being managed or monitored
is called the Agent. The application that is doing the managing or
monitoring is called the Manager. You can think of a Manager as the
coach of a team, and Agents as all the players on the team. The following
diagram illustrates how OnGuard can be used as an SNMP Manager:

OnGuard as an SNMP Manager

OnGuard
Database

SNMP
Agent
T raps
SNM P

SNMP
SNMP Traps
Agent

SNM P
T raps
SNMP
Alarm Monitoring Workstation Agent

Communication Server with


SNMP Manager running on it

Agents generate trap messages, which are sent to a Manager to indicate


that something has changed. Trap messages generally contain the system
uptime, the trap type, and the enterprise number. OnGuard uses Enterprise
specific trap messages to send alarms to SNMP Managers. OnGuard
generates trap messages, but does not listen for messages from SNMP
Managers. The following diagram illustrates how OnGuard can be used as
an SNMP Agent:

OnGuard as an SNMP Agent

SNMP
Agent
r ap s
SNMP T

SNMP
SNMP Traps
Agent

SNMP
Traps
SNMP Manager OnGuard
system

revision 2 — 87
12: Using SNMP with OnGuard

Configuring OnGuard as an SNMP Agent requires the use of


DataConduIT and the DataConduIT Queue Server, as shown in the
diagram that follows.

OnGuard as an SNMP Agent


(Internal Architecture)

OnGuard system

Internal
architecture OnGuard
of OnGuard Database
system

Linkage Server

DataConduIT

DataConduIT Queue Server

SNMP

SNMP SNMP
Agent Agent

Third-party
SNMP Manager

Why use SNMP with OnGuard? This depends on whether you are using
OnGuard as an SNMP Manager or as an SNMP Agent.

OnGuard as an SNMP Manager


When OnGuard is used as an SNMP Manager:
• You can monitor hardware or software applications in OnGuard that you
couldn’t monitor before without a specific integration.

88 — revision 2
Advanced Installation Topics

• If you already have OnGuard installed and are using a third-party application
to monitor SNMP traps, you can now move that functionality over to
OnGuard and monitor everything in a central location.
• By loading into OnGuard the MIB file for the SNMP Agents you are
monitoring, you can customize how the information from the SNMP Agent
is displayed in Alarm Monitoring
• Based on the information received and displayed in OnGuard, you can create
custom alarm and Global I/O linkages for the trap, as well as take advantage
of other existing OnGuard functionality.
To set up OnGuard to function as an SNMP Manager, you must configure
an SNMP Manager on a workstation. This is done through System
Administration. In addition to configuring the SNMP Manager, you can
also load up third party MIB files into OnGuard, which will allow you to
customize how SNMP Traps are handled and displayed in OnGuard. For
more information, refer to the SNMP Managers Folder chapter in the
System Administration User Guide.

OnGuard as an SNMP Agent


OnGuard hardware and software events can be reported as SNMP traps to
third-party applications with SNMP trap support.
To configure OnGuard as an SNMP Agent, you must configure an SNMP
Trap Message queue within the DataConduIT Message Queue
configuration in System Administration. You can specify what events you
want sent out through this queue (as SNMP Traps) and where you want
them sent. For more information, refer to the DataConduIT Message
Queues Folder chapter in the System Administration User Guide.
After setting this up, you must load the Lenel MIB file (located in the
SNMP folder on the OnGuard Supplemental Materials disc) into your
SNMP Manager application. For more information, refer to the SNMP
Managers Folder chapter in the System Administration User Guide.

Configuring SNMP
The following steps must be completed before you configure OnGuard as
either an SNMP Manager or an SNMP Agent:

1. Install the Windows SNMP components. You will need your Windows CD
to complete this procedure. For more information, refer to Install the
Windows SNMP Components on page 91.
2. Install a license with SNMP support.
To configure OnGuard as an SNMP Manager, please refer to Configuring
OnGuard as an SNMP Manager on page 93.

revision 2 — 89
12: Using SNMP with OnGuard

To configure OnGuard as an SNMP Agent, please refer to Configuring


OnGuard as an SNMP Agent on page 99.

90 — revision 2
Advanced Installation Topics

Install the Windows SNMP Components


Before configuring an SNMP Manager to run on a Communication
Server, the Windows SNMP components must be installed on the
Communication Server machine.

Important: You will need your Windows CD to complete this procedure.

1. Click the Windows Start button and navigate to the Control Panel.
2. Double-click “Add or Remove Programs”.
3. The Add or Remove Programs window opens. Click “Add/Remove
Windows Components”.
4. The Windows Components Wizard window opens. Select the Management
and Monitoring Tools check box.

5. Click [Details].
6. The Management and Monitoring Tools window opens. Verify that the
Simple Network Management Protocol check box is selected, and then click
[OK].

revision 2 — 91
12: Using SNMP with OnGuard

7. Click [Next].
8. The Configuring Components window opens. The status bar is updated as
the installation proceeds.

9. When prompted, insert the Windows CD-ROM.


a. If the Windows autorun screen opens, close it.
b. If your CD-ROM is the D drive, click [OK].
c. If your CD-ROM is not the D drive by default, navigate to the correct
drive letter of your CD-ROM. Select the I386 folder, and then click
[OK].

92 — revision 2
Advanced Installation Topics

10. A message indicating that you have successfully completed the Windows
Components Wizard is displayed. Click [Finish].

Install a License with SNMP Support


The following SNMP features in OnGuard are licensed:
• Support for SNMP Managers. If you are licensed to use this feature,
“SNMP Managers Support” in the Access Control Options section is set to
“true”.
• Number of SNMP trap message queues. The number of queues you are
licensed to use is displayed in the “Maximum Number of SNMP Trap
Message Queues” setting in the General section of the license.

Configuring OnGuard as an SNMP Manager


Prerequisites:

1. Install the Windows SNMP components. You will need your Windows CD
to complete this procedure. For more information, refer to Install the
Windows SNMP Components on page 91.
2. Install a license with SNMP support.
To configure OnGuard as an SNMP Manager:

1. Add an SNMP Manager using System Administration. For more


information, refer to Add an SNMP Manager on page 94.
2. Add Agents using System Administration. For more information, refer to
Add Agents on page 94.
3. Load the MIB file(s). For more information, refer to Load the MIB File(s) on
page 96.

revision 2 — 93
12: Using SNMP with OnGuard

Add an SNMP Manager


1. In System Administration, select SNMP Managers from the Additional
Hardware menu. The SNMP Managers folder opens.
2. On the SNMP Managers tab, click [Add].
3. If segmentation is not enabled, skip this step. If segmentation is enabled:
a. The Segment Membership window opens. Select the segment that this
SNMP Manager will be assigned to.
b. Click [OK].
4. In the Name field, type a name for the SNMP Manager.
5. Select whether the SNMP Manager will be online.
a. Allow the Online check box to remain selected if you want the SNMP
Manager to be ready for use. When an SNMP Manager is online, the
Communication Server listens for trap messages from SNMP Agents.
b. Deselect the Online check box if the SNMP Manager is not ready for
use. When an SNMP Manager is not online, the Communication Server
does not listen for trap messages from SNMP Agents.
6. On the Location sub-tab, select the Workstation (or server) that the SNMP
Manager is or will be running on in order to receive events. The
Communication Server must be present on the specified workstation. You
can either type the name in the field, or use the [Browse] button to view a list
of available workstations.

Notes: You are required to enter the workstation’s NetBIOS name. (The NetBIOS
name is specified when Windows networking is installed/configured.)
Only one SNMP Manager is allowed to run on each Communication Server.
You can have several Communication Servers running with an SNMP
Manager on each one and have all Agents in that part of the network
configured to report to the local Manager. This would help localize network
traffic.

7. Click [OK].

Add Agents
If OnGuard receives an event from an Agent that has not been defined, it
will automatically add an Agent for it and have the default name set to the
IP address of the Agent. You can then go in and modify the Name to
whatever you want. On a segmented system, Agents are added to the
Manager’s segment by default, but they can also be assigned to different
segments as well.

94 — revision 2
Advanced Installation Topics

To add an Agent manually:

1. In System Administration, select SNMP Managers from the Additional


Hardware menu. The SNMP Managers folder opens.
2. Click the SNMP Agents tab.
3. Click [Add].
4. In the Name field, type a name for the SNMP Agent.
5. In the IP address field, enter the IP address of the SNMP Agent.
6. (Optional) In the Location field, enter the location of the SNMP Agent.
7. (Optional) In the Description field, enter a description of the SNMP Agent.
8. Click [OK].
9. Repeat steps 1-8 for all Agents you wish to add.

MIB File Overview


SNMP reports its information through the use of variables with name/
value combinations. Many of the SNMP variables are designed for
network applications or hardware. MIB (Management Information Base)
files describe an enterprise’s variable structure and allow a user to report
hardware-specific information. Inside a MIB file, an enterprise number is
specified. Nearly every company that has an application (hardware or
software) that reports events has an enterprise number. (Lenel’s is 15714).
This allows them to control and define all variables under this number.
The enterprise number is used as part of the Object Identifier (OID). A
company’s enterprise OID is 1.3.6.1.4.1 followed by their enterprise
number (1.3.6.1.4.1.15714 for Lenel). MIB files allow labels to be applied
to the numbers in an OID. Using the standard MIB files for SNMP, the
enterprise OID would be iso.org.dod.internet.private.enterprises followed
by the label for the company’s enterprise number provided by their MIB
file. In this MIB file, you define all other variables that you will be using.
These variables are identified by OIDs. The SNMP Trap Messages
DataConduIT Message Queue type allows OnGuard to report events
through SNMP trap messages. OnGuard uses the lenel.mib file to specify
the variables to use. For example, one variable in the lenel.mib file is
1.3.6.1.4.1.15714.1.1.2.1, which translates to:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).lenel(15714).on
Guard
(1).event(1).hardwareEvent(2).description(1)

revision 2 — 95
12: Using SNMP with OnGuard

If the lenel.mib file is loaded, the variable in the previous example is


shown on the SNMP Management Information Base form.

Load the MIB File(s)


The Management Information Base (MIB) file is used to describe an
enterprise’s variable structure. The Lenel MIB file is located in the SNMP
folder on the OnGuard Supplemental Materials disc. To load a MIB file
into OnGuard:

1. Save the MIB file you wish to load to the computer. Remember the location
where you save it.
2. If necessary, save any files that contain modules required by the MIB files in
the SNMP-IMPORT-MIBS folder in the OnGuard installation directory. By
default, this is C:\Program Files\OnGuard\SNMP-IMPORT-MIBS. The
following eight (8) files are installed to that location by default:
– RFC1155-SMI.txt
– RFC1213-MIB.txt
– RFC-1215.txt
– SNMPv2-CONF.txt
– SNMPv2-MIB.txt
– SNMPv2-SMI.txt
– SNMPv2-TC.txt
– SNMPv2-TM.txt

96 — revision 2
Advanced Installation Topics

Notes: This location can be changed in the ACS.INI file by adding the following
setting:
[SNMPManager]
MIBDir=“drive:\absolute\path\to\MIB\directory”
To make changes in the ACS.INI file on a Windows 7 computer, you must
right-click on the ACS.INI file and run it as an Administrator.

This directory is processed when a MIB file is loaded in order to load


modules that may be imported into the MIB file being loaded. Only files
containing imported modules should be saved in this directory. In most
cases, the default files in this directory are sufficient. If additional files are
required, determine which additional files define the modules imported by
the MIB file and place them in this directory.
If a MIB file for an imported module is not present in this directory and the
processor encounters an undefined identifier in the MIB file it’s parsing, it
will log an error to MIBProcessor.log in the OnGuard logs directory.
3. In System Administration, select SNMP Managers from the Additional
Hardware menu. The SNMP Managers folder opens.
4. Click the SNMP Management Information Base tab.
5. Click [Add].
6. The Open window is displayed. Navigate to the MIB file you wish to load,
and then click [Open]. In this example, the lenel.mib file is being loaded.

7. The MIB file will be processed.


• If the MIB file is successfully parsed, the results will be displayed in the
Enterprise variables listing window. You can expand the items in the
tree and look at the defined variables.
• If the MIB file cannot be parsed, an error will be generated, which is
written to the MIBProcessor.log file. An error is most likely due to a
malformed MIB file or a lack of certain MIB files that are imported by
the MIB file you are trying to parse.

revision 2 — 97
12: Using SNMP with OnGuard

Note: After a MIB file has been loaded into OnGuard, the actual file is no longer
needed.

Modify an SNMP Management Information Base Variable


1. In System Administration, select SNMP Managers from the Additional
Hardware menu. The SNMP Managers folder opens.
2. Click the SNMP Management Information Base tab.
3. Expand the items in the Enterprise variables listing window.
4. Click on the variable you wish to modify, then click [Modify].
5. Change the Label if you wish.
6. Enter a Description for the variable if you wish.
7. Select the Use in alarm description check box if the node’s information
will be used in the alarm description column of Alarm Monitoring. You can
have this option set on multiple nodes and for each one that appears in the
trap message as a variable, it will be included in the alarm description. The
variable name will be discarded.
8. Select the Include label with value check box if you selected the Use in
alarm description check box and if you want to see the variable name with
the value.
9. Select the Use leaf node only check box if you want the SNMP Manager to
ignore anything “higher” than this node in the OID.
10. Click [OK].

SNMP Reports
Reports are run from System Administration or ID CredentialCenter. For
more information, please refer to the Reports Folder chapter in the System
Administration or ID CredentialCenter User Guide. There are two SNMP-
related reports that can be run:
• SNMP Agents - lists all SNMP Agents sorted by segment and name
• SNMP Management Information Base Configuration - lists all MIB data
grouped by enterprise
The SNMP Management Information Base Configuration report lists each
node’s label and OID (Object ID) description. If configured, the following
additional options will also be listed:
• Use in alarm description
• Include label with value
• Use leaf node only for label

98 — revision 2
Advanced Installation Topics

Configuring OnGuard as an SNMP Agent


Prerequisites:

1. Install the Windows SNMP components. You will need your Windows CD
to complete this procedure. For more information, refer to Install the
Windows SNMP Components on page 91.
2. Install a license with SNMP support.
To configure OnGuard as an SNMP Agent:

1. Add a new DataConduIT Message Queue of the type “SNMP Trap


Messages” in System Administration. For more information, refer to Add a
DataConduIT Message Queue of Type “SNMP Trap Messages” on page
100.
2. Load the Lenel.MIB file. For more information, refer to Load the Lenel.MIB
File on page 101.

Note: For more information, please refer to the DataConduIT Message Queues
Folder in the System Administration User Guide.

revision 2 — 99
12: Using SNMP with OnGuard

Add a DataConduIT Message Queue of Type “SNMP Trap


Messages”
1. From the Administration menu, select DataConduIT Message Queues.
2. On the DataConduIT Message Queues form, click [Add].
3. The Add DataConduIT Message Queue window opens.
a. Select the “SNMP Trap Messages” Queue type.

b. Click [OK].
4. On the General sub-tab:
a. In the Queue name field, type the name of the queue. The name is case-
sensitive.
b. In the SNMP manager field, type the name of the queue manager.
c. Note that the Queue type and Operation that you selected are displayed,
but cannot be modified.
5. On the Settings sub-tab:
a. If you wish to have photo, signature, and fingerprint information sent in
messages, select the Include photos and signature in messages check
box.

100 — revision 2
Advanced Installation Topics

Note: Including photo information in the messages makes the size of the message
sent much larger.

b. Select whether a message will be sent when cardholder, badge, visitor,


and linked accounts are added, modified, or deleted.
c. If you wish to have a message sent when an access event occurs, select
the Send a message when access events occur check box.
d. If you wish to have a message sent when a security event occurs, select
the Send a message when security events occur check box.
6. Using the Advanced sub-tab is optional and for advanced users. On the
Advanced sub-tab you may:
a. Type an object event WMI query directly into the Object event WMI
query textbox.
b. Type an access and security event WMI query directly into the Access
and security event WMI query textbox.
7. Click [OK].

Load the Lenel.MIB File


After configuring the SNMP Trap Messages queue, load the lenel.mib
file into the SNMP Manager so that it knows how to handle and display
the variables it receives. The Lenel MIB file is located in the Support
Center\SNMP folder on the OnGuard Supplemental Materials disc.
If you are using OnGuard as an SNMP agent please refer to the
documentation for the third-party SNMP Manager you are using to
monitor OnGuard.

SNMP Manager Copyright Information

SNMP Manager Copyright Information


---- Part 1: CMU/UCD copyright notice: (BSD like) -----
Copyright 1989, 1991, 1992 by Carnegie Mellon University
Derivative Work - 1996, 1998-2000
Copyright 1996, 1998-2000 The Regents of the University of California
All Rights Reserved
Permission to use, copy, modify and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appears in all copies and that
both that copyright notice and this permission notice appear in supporting
documentation, and that the name of CMU and The Regents of the
University of California not be used in advertising or publicity pertaining
to distribution of the software without specific written permission.

revision 2 — 101
12: Using SNMP with OnGuard

CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA


DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL CMU
OR THE REGENTS OF THE UNIVERSITY OF CALIFORNIA BE
LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE
OR PERFORMANCE OF THIS SOFTWARE.
---- Part 2: Networks Associates Technology, Inc copyright notice (BSD) -
----
Copyright (c) 2001-2002, Networks Associates Technology, Inc
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
• Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation and/
or other materials provided with the distribution.
• Neither the name of the Networks Associates Technology, Inc nor the names
of its contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS
AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
---- Part 3: Cambridge Broadband Ltd. copyright notice (BSD) -----
Portions of this code are copyright (c) 2001-2002, Cambridge Broadband
Ltd.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:

102 — revision 2
Advanced Installation Topics

• Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation and/
or other materials provided with the distribution.
• The name of Cambridge Broadband Ltd. may not be used to endorse or
promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER
“AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.

revision 2 — 103
12: Using SNMP with OnGuard

104 — revision 2
DataConduIT User Guide

Chapter 13: Reference

Data Classes

Note: All class and property access is subject to OnGuard user permissions.

Lnl_AccessGroup
Description: An access group defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 SEGMENTID Lnl_Segment.ID - ID of View


the segment the access
level belongs to

string NAME Display name View

Methods:
void AssignGroup([in]sint32 badgeKey);
Assigns all the access levels in the group to a specific badge.
Parameters:
badgeKey - Internal ID of the badge to assign the access levels to

Lnl_AccessLevel
Description: An access level defined in the security system.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Element
Platforms: OnGuard

revision 2 — 105
13: Reference

Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 SegmentID Lnl_Segment.ID - ID of View/Edit


the segment the access
level belongs to

string Name Display name View/Edit

boolean HasCommandAuthority Command authority is View


enabled for the access
level

boolean DownloadToIntelligentReaders Level is download to View


Intelligent Readers

boolean FirstCardUnlock First Card Unlocks the View


reader

Lnl_AccessLevelAssignment
Description: An access level assignment defined in the security system.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ACCESSLEVELID Lnl_AccessLevel.ID - ID View/Edit


of the access level. Key
field.

sint32 BADGEKEY Lnl_Badge.BADGEKEY View/Edit


- BadgeKey of the badge.
Key field.

datetime ACTIVATE Date when this assignment View/Edit


will become active.

datetime DEACTIVATE Date when this assignment View/Edit


will become inactive.

Lnl_AccessLevelReaderAssignment
Description: An access level reader assignment defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element

106 — revision 2
DataConduIT User Guide

Platforms: OnGuard
Properties:

Type Name Description Access

sint32 AccessLevelID Access level that the link View


belongs to

sint32 PanelID Lnl_Panel which is linked View


to this level

sint32 ReaderID Lnl_Reader ID which is View


linked to this level

sint32 TimezoneID Lnl_Timezone in which View


this level is active

Lnl_Account
Description: A directory account belonging to a person in the security system.
Abstract: No
Access: View/Add /Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string ACCOUNTID ID of the entry in the View/Edit


external directory. The ID
is the value of the attribute
specified in the
Lnl_Directory.DirectoryI
DAttr property. For
example, for Microsoft
directories, this property
would contain the
account’s security
identifier (SID)

sint32 DIRECTORYID Internal ID of the View/Edit


directory to which this
account belongs. See
Lnl_Directory.ID.

sint32 PERSONID Internal ID of the person View/Edit


who owns this account.
See Lnl_Person.ID.

revision 2 — 107
13: Reference

Lnl_AlarmDefinition
Description: Defines how the alarm that is received from the panel is displayed.
Lnl_AlarmDefinition instances are queried by an end user in order to establish
configuration details. This contrasts Lnl_Alarm instances, which come in with all
security events that come through the Communication Server.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 Priority Alarm priority (0-255) View

string Description Parameter description View

sint32 SegmentID Segment ID View

string TextInstructionName Text instruction name View

string TextInstructionData Text instruction View

Lnl_Area
Description: An APB area defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 AREATYPE Type of APB area. View


Possible values:
0: Other
1: Unknown
2: Local Area
3: Global Area
4: Hazardous Location
5: Safe Location

string NAME Display name. View

Methods:

108 — revision 2
DataConduIT User Guide

void MoveBadge();
Moves a badge from one area into another.
sint32 MoveBadge([in] sint32 areaID, [in] sint64 badgeID, [in] sint32 panelID,
[in] sint32 readerID, [in] sint32 segmentID, [in] datetime UTCTime);
Parameters:
• areaID - This is ID of the area to move the badge to.
• badgeID - This is the badge ID of the badge you want to move.
• panelID - This is the ID of the panel of the reader responsible for moving the
badge to the new area.
• readerID - This is the ID of the reader responsible for moving the badge.
• segmentID - This is the segment associated with the panelID, readerID.
• UTCTime - The time when the badge was moved to the area.

Lnl_Badge
Description: A badge in the security system.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 BADGEKEY Internal database ID. Key View


field.

datetime ACTIVATE Badge activate date View/Edit

boolean APBEXEMPT Whether the badge is APB View/Edit


exempt

datetime DEACTIVATE Badge deactivate date View/Edit

sint32 EMBOSSED Embossed View/Edit

boolean EXTEND_STRIKE_HEL Use extended strike/held View/Edit


D times

sint32 ID Badge ID View/Edit

sint32 ISSUECODE Issue code View/Edit

datetime LASTCHANGED Badge last changed View

datetime LASTPRINT Badge last printed View

sint32 PERSONID Internal ID of the person View/Edit


who owns this badge. See
Lnl_Person.ID.

string PIN PIN code View/Edit

revision 2 — 109
13: Reference

Type Name Description Access

sint32 PRINTS Number of times badge View


has been printed

sint32 STATUS Badge status. “Active” is View/Edit


1. Other values are user-
defined

sint32 TYPE Badge type ID View/Edit

sint32 USELIMIT Use limit View/Edit

Methods:
• void AddBadge([in] object BadgeIn, [out] object BadgeOut);

Adds badge to the system.

Parameters:
– BadgeIn - The badge to be added to the system.
– BadgeOut - The badge that was just added to the system with the new
badge ID.
• void AssignAccessLevel([in] Uint32[] LevelIn);

Assigns the access level(s) of a badge.

Parameters:
– LevelIn - Array that includes all the access level IDs the badge needs to
be assigned with.

Lnl_BadgeLastLocation
Description: Defines at what reader the badge was presented last.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint64 BadgeID Badge ID View

sint32 AccessFlag Shows whether the access View


was granted

110 — revision 2
DataConduIT User Guide

Type Name Description Access

sint32 PanelID Panel ID where access View


event occurred

sint32 ReaderID Reader ID at which access View


occurred

datetime EventTime Time at which access View


occurred

sint32 EventID ID of the event associated View


with the access.

sint32 EventType Type of the event View


associate with access

sint32 PersonID Lnl_Person for which View


access occurred

sint32 IsFromReplication Shows whether badge last View


location came over for
other region in the system.

sint32 DatabaseID Database ID in an View


Enterprise system that
identifies the reader to
which the badge was
presented.

Lnl_BadgeProperties
Description: Additional properties for the badge.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 BADGEKEY Internal database ID of the View/Edit


associated Badge record.

sint32 CardInterface Defines the contact or View/Edit


contactless interface of the
badge.

0 = contact interface

1 = contactless interface

revision 2 — 111
13: Reference

Type Name Description Access

sint32 CardTechnology Defines the technology of View/Edit


the card.

0 = contact

1 = iCLASS

2 = MiFare

3 = DESFire

4 = Proximity

string SerialNumber The serial number of the View/Edit


card. This may be
different for each card
interface.

string DeviceType The device type of the View/Edit


badge specific to the
ActivIdentity CMS 3.8
integration.

string ATR The Answer to Reset of View/Edit


the badge specific to the
ActivIdentity CMS
integration.

boolean IsRegisteredWithActivIde Determines whether or not View/Edit


ntity this badge is registered for
logical access with
ActivIdentity CMS. A
badge is registered if it has
been bound or issued to a
user.

sint32 IssuingCmsID If the badge is registered View/Edit


with CMS, then this
specifies the ID of the
Card Management System
that issued the badge. This
ID can be found in the
ActivIdentity CMS server
configuration screen in
System Administration.

Lnl_BadgeType
Description: A badge type in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard

112 — revision 2
DataConduIT User Guide

Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string NAME Name of the badgetype View

sint32 BADGECLASS Class of the badgetype View

Possible values:

1: Standard

2: Temporary

3: Visitor

4: Guest

Lnl_Camera

Important: The CameraType property for Lnl_Camera should not be used. Instead use
the CameraTypeName property.

Description: A camera defined in the system.


Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Methods:
void GetHardwareStatus([out] uint32 Status): retrieves the camera status (0-
offline, 1-online)

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 PanelID LNVR ID. See View


Lnl_Panel.ID.

string Name Camera Name View

sint32 CameraType Camera Type View

string CameraTypeName Camera Type Name View

revision 2 — 113
13: Reference

Type Name Description Access

sint32 Channel LNVR Channel View

string VideoStandard Video Standard (Ex.: View


NTSC)

sint32 IPAddress IP address of the camera View

sint32 Port Port of the camera View

sint32 HorizontalResolution Horizontal resolution View

sint32 VerticalResolution Vertical Resolution View

sint32 MotionBitRate Motion Bit Rate View

sint32 NonMotionBitRate Non-motion Bit Rate View

sint32 FrameRate Frame rate View

string Workstation Workstation of the host View


LNVR

Lnl_CameraGroup
Description: Camera group definition.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string Name Group name View

sint32 SegmentID Segment ID View

Lnl_CameraGroupCameraLink
Description: An association between a camera and camera group.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

114 — revision 2
DataConduIT User Guide

Type Name Description Access

sint32 CameraGroupID Camera group for this View


link.
Lnl_CameraGroup.ID.
Key field.

sint32 PanelID Panel ID for the camera. View


See Lnl_Camera.PanelID.
Key field.

sint32 CameraID Camera ID. Key field. See View


Lnl_Camera.ID.

Lnl_Cardholder
Description: A cardholder in the security system.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Person
Platforms: OnGuard
Properties: The class has all the properties of the Lnl_Person class, plus any
custom fields defined by the end user. In addition, the class has the following
properties:

Type Name Description Access

boolean ALLOWEDVISITORS Whether this cardholder is View/Edit


allowed to have visitors

Lnl_DataConduITManager
Description: Used for non-object related methods.
Abstract: No
Access: View only
Superclass: None
Platforms: OnGuard
Properties: None
Methods:
[static]void RefreshCache();
Refreshes all of the objects, reading in the UDF layout and list values.
[static]string GetCurrentUser();
Returns the user currently logged into DataConduIT using the format: LastName,
FirstName (UserID).

revision 2 — 115
13: Reference

Lnl_Directory
Description: A directory defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string ACCOUNTCATEGORY Account category View

string ACCOUNTCLASS Account class View

string ACCOUNTDISPLAYNA Account display name View


MEATTR attribute

string ACCOUNTIDATTR Account ID attribute View

string HOSTNAME Host name or domain View

string NAME Display name View

sint32 PORT Port View

string STARTNODE Start node View

sint32 TYPE Directory type. Possible View


values:
0: LDAP
1: Microsoft Active
Directory
2: Microsoft Windows NT
4 Domain
3: Microsoft Local
Accounts

boolean USESSL Use SSL. View

See the ID CredentialCenter User Guide for more information about directory
properties.

Lnl_Element
Description: The base class for many data classes.
Abstract: Yes
Access: View only
Superclass: None
Platforms: OnGuard
Properties: None

116 — revision 2
DataConduIT User Guide

Lnl_EventAlarmDefinitionLink
Description: The link between the event type and alarm for a particular device.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 PanelID Panel ID (ex.: ISC). Key View


field.

sint32 DeviceID Device ID (ex.: Alarm View


panel, Reader). Key field.

sint32 SecondaryDeviceID Secondary device ID (ex.: View


Input, Output). Key field.

sint32 EventTypeID Event Type. Key field. See View


Lnl_EventType.ID.

sint32 EventSubtypeDefinitionI Event Subtype. Key field. View


D See
Lnl_EventSubtypeDefiniti
on.ID.

sint32 AlarmDefinitionID Alarm Definition. See View


Lnl_AlarmDefinition
SubtypeID.

sint32 EventParameterID Event parameter ID. Key View


field. See
Lnl_EventParameter.ID.

Lnl_EventParameter
Description: An event parameter.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string Description Parameter description View

revision 2 — 117
13: Reference

Type Name Description Access

sint32 Value Parameter value View

Lnl_EventSubtypeDefinition
Description: An event subtype defined in the system.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 TypeID Event Type ID, see View


Lnl_EventType.ID.

sint32 SubtypeID ID within the subtype. View

string Description Sub type description View

sint32 SupportParameters Supporting Parameter ID View

sint32 Category Event subtype category View

Lnl_EventSubtypeParameterLink
Description: An association between an event subtype and event parameter.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 EventSubtypeDefinitionI Key field. See View


D Lnl_EventSubtypeDefiniti
on.ID.

sint32 EventParameterID Key field. See View


Lnl_EventParameter.ID.

Lnl_EventType
Description: An event type defined in the system.
Abstract: No

118 — revision 2
DataConduIT User Guide

Access: View
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string Description Event type description View

Lnl_Holiday
Description: A holiday that is defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 SegmentID Segment to which the View


holiday belongs to.

sint32 ExtentDays How many days the View


holiday lasts

datetime StartDate Date the holiday starts View

string Name Holiday name View

Lnl_HolidayType
Description: A holiday that is defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

revision 2 — 119
13: Reference

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 SegmentID Segment to which the View


holiday belongs to.

string Name Holiday name View

Lnl_HolidayTypeLink
Description: Defines what holiday type that is associated with a given holiday
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 HolidayID Holiday View

sint32 HolidayTypeID Holiday type View

Lnl_IncomingEvent
Description: An event that supports sending incoming events via DataConduIT.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties: None
Methods:
• sint32 SendIncomingEvent([in] string Source, [in] string Description,
[datetime] Time, [in] string Device, [in] string SubDevice);

Parameters:
– Source - text representation of the object/device that generated the event
Variable-length Unicode string with a maximum length of 80 Unicode
characters. This parameter is required. The source must be defined in
the DataConduIT Sources folder (in the System Administration
application) prior to using the Lnl_IncomingEvent::SendIncomingEvent
method. For more information, refer to Add a DataConduIT Source on
page 71.

120 — revision 2
DataConduIT User Guide

– Description - text that describes the event


Variable-length Unicode string with a maximum length of 80 Unicode
characters.
– Time - The time when this event occurred. If this is empty, the current
time will be used.
– Device (Optional; available only in OnGuard 2006 and newer) - text
representation of a device associated with a DataConduIT Source that
generated the event
Variable-length Unicode string with a maximum length of 80 Unicode
characters. This parameter is optional. The device must be defined in the
DataConduIT Sources folder > DataConduIT Devices tab (in System
Administration) prior to using the
Lnl_IncomingEvent::SendIncomingEvent method.
– SubDevice (Optional; available only in OnGuard 2006 and newer) - text
representation of a sub device associated with a DataConduIT Device
that generated the event.
Variable-length Unicode string with a maximum length of 80 Unicode
characters. This parameter is optional. The device must be defined in the
DataConduIT Sources folder > DataConduIT Sub-Devices tab (in
System Administration) prior to using the
Lnl_IncomingEvent::SendIncomingEvent method.
– IsAccessGrant, IsAccessDeny, BadgeID - For information on these
parameters, refer to Generating Access Granted and Access Denied
Events on page 122.
• sint32 AcknowledgeAlarm([in] sint32 CurrentAckStatus, [in] sint32
SerialNumber, [in] string CommServerHostName, [in] sint32 PanelID, [in]
sint32 AlarmID, [in] datetime AlarmTime, [in] sint32 AckStatus, [in] string
AckNotes, [out] sint32 SimultaneousAckStatus);

Description:
Allows acknowledgment of alarms received from the system. Most of the
parameters can be extracted from the Lnl_SecurityEvent.

Return:
0 - If acknowledgment fails. Examine the SimultaneousAckStatus value to
see if the conflict occurred when processing the request.
1 - If acknowledgment succeeds.

Parameters:
– CurrentAckStatus - current acknowledgment status of the alarm to
ensure that simultaneous acknowledgment by other means does not
interfere with user’s intent. Possible values are:
0 - No. Initial status for an unacknowledged event.
1 - Yes. Acknowledge.
2 - Note. Acknowledge with note.
3 - In-Progress. Mark event as “in-progress”

revision 2 — 121
13: Reference

– SerialNumber - serial number of the event to acknowledge


– CommServerHostName - host name of the Communication server
through which the event arrived
– PanelID - Panel ID associated with the event to ensure the integrity of
the acknowledgment request
– AlarmID - Event type ID associated with the event to ensure the
integrity of the acknowledgment request
– AlarmTime - Time the event occurred to ensure the integrity of the
acknowledgment request
– AckStatus - Acknowledgment status to set. See the CurrentAckStatus
parameter description for possible values.
– AckNotes - Acknowledgment notes to set. AckStatus must be 2.
– SimultaneousAckStatus - Value greater than 0 if alarm had been
acknowledged by other means. Contains the new acknowledgment
status if that was the case. See the CurrentAckStatus parameter
description for possible values.

Note: Return value of 4 indicates that no simultaneous acknowledgment occurred.

Using Device and SubDevice in Scripts


A script that invokes the Lnl_IncomingEvent::SendIncomingEvent method may
optionally include the Device and SubDevice name. These parameters are
reported (to Alarm Monitoring) in the following manner:
• If the Device name is empty, the event will only be reported for the
DataConduIT Source
• If the Device name exists and is found in the OnGuard database, the event
will be reported for the DataConduIT Device (i.e., Controller and Device
columns respectively show the DataConduIT Source and DataConduIT
Device that generated the alarm).
• If the SubDevice name exists and is found in the OnGuard database, the
event will be reported for the DataConduIT Sub-Device (i.e., Controller,
Device, and Input/Output columns respectively show the DataConduIT
Source, DataConduIT Device, and DataConduIT Sub-Device that generated
the alarm).

Note: The DataConduIT Source, Device, and SubDevice names must all match
what has been configured in the OnGuard database in order for the event to
be reported in Alarm Monitoring.

Generating Access Granted and Access Denied Events


The IsAccessGrant, IsAccessDeny, and Badge ID parameters can be used to
generate access granted and access denied events in the following manner:
• IsAccessGrant - boolean value that specifies whether the event reported for
the DataConduIT Source, Device or Sub-Device will be the ‘Granted
Access’ event. This parameter is optional. The DataConduIT Source, Device
or Sub-Device must be defined in the DataConduIT Sources folder >

122 — revision 2
DataConduIT User Guide

DataConduIT Devices tab (in the System Administration application) prior


to using the Lnl_IncomingEvent::SendIncomingEvent method with the
IsAccessGrant parameter set to true.
• IsAccessDeny - boolean value that specifies whether the event reported for
the DataConduIT Source, Device or Sub-Device will be the ‘Access Denied’
event. This parameter is optional. The DataConduIT Source, Device or
SubDevice must be defined in the DataConduIT Sources folder >
DataConduIT Devices tab (in the System Administration application) prior
to using the Lnl_IncomingEvent::SendIncomingEvent method with the
IsAccessDeny parameter set to true.

Notes: IsAccessGrant and IsAccessDeny are mutually exclusive (i.e., either one or
the other can be set to true but not both).
If IsAccessGrant or IsAccessDeny is set to true, any text that may be
specified for the Description parameter will be ignored.

• BadgeID - Numeric identifier that refers to a Badge in the OnGuard database


that generated the ‘Granted Access’ or ‘Access Denied’ event. This
parameter is optional and is only used in association with the IsAccessGrant
or IsAccessDeny parameters.

Notes: When a user writes a script that invokes the


Lnl_IncomingEvent::SendIncomingEvent method, he or she may optionally
specify the IsAccessGrant or IsAccessDeny parameters to generate ‘Granted
Access’ or ‘Access Denied’ events respectively.
The above functionality will work similarly if the name of the Source and
Device parameters correspond to an Access panel and Reader configured in
the system. If these conditions are met then the ‘Granted Access’ or ‘Access
Denied’ events will be reported for the specified Access Panel and Reader
based on how ‘IsAccessGrant’ and ‘IsAccessDeny’ are set.

Lnl_LoggedEvent
Description: Represents an event that has been logged to the database.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 SerialNumber Serial number of the View


event. Key field.

revision 2 — 123
13: Reference

Type Name Description Access

sint32 PanelID Panel at which the event View


occurred. Key field.

datetime Time Time when event had View


occurred

string Description Description of the event View

sint32 DeviceID Device ID at which event View


occurred (Lnl_Reader,
Lnl_AlarmPanel, etc.)

sint32 SecondaryDeviceID Secondary device ID at View


which event occurred (ex.
Lnl_Input)

sint32 SegmentID Segment where event View


occurred

sint32 Type Event type i.e., “duress”, View


“system”, etc.
Corresponds to
Lnl_EventSubtypeDefiniti
on.TypeID and
Lnl_EventType.ID.

sint32 SubType Event sub-type i.e., View


“granted”, “door forced
open”, etc. Corresponds to
Lnl_EventSubtypeDefiniti
on.SubTypeID.

string EventText Text associated with event View

sint64 CardNumber Card (where available) View


which caused the event

sint32 IssueCode Issue code of the card View

sint32 AssetID Asset (where available) View


which caused the event

sint32 AccessResult The level of access that View


was granted that resulted
from reading the card.

Possible values:

0: Other

1: Unknown

2: Granted

3: Denied

4: Not Applicable

boolean CardholderEntered Whether entry was made View


by the cardholder

124 — revision 2
DataConduIT User Guide

Type Name Description Access

boolean Duress Indicates whether this card View


access indicates an under
duress/emergency state

sint32 PersonID Internal ID of the person View


who is assigned the badge
at the time of the access
event. See Lnl_Person.ID.

Lnl_LogicalSystemAccount
Description: An account in a logical system that is associated with a given
person.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 PersonID Reference to the View/Edit


associated Lnl_Person

sint32 LogicalSystemType Identifies the Card or View/Edit


Identity Management
System.

1 = ActivIdentity CMS

sint32 LogicalSystemID The identifier for the Card View/Edit


or Identity Management
System. ActivIdentity
CMS logical system ID's
are identified by their ID
as seen in the CMS server
configuration in System
Administration.

Lnl_MobileVerify
Description: Specifically designed for OnGuard MobileVerify software
application. The class currently contains two static methods that allow to log an
access grant or deny transaction based on input parameters.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties: None

revision 2 — 125
13: Reference

Methods:
• [static] void RecommendProperties( [out] string LogicalName, [out] string
AssociatedDropdown, [out] string DenyText, [out] sint32 DenyColor, [out]
boolean DenyOverride, [out] string GrantText, [out] sint32 GrantColor,
[out] boolean GrantOverride, [out] boolean OverridePrompt, [out] boolean
NotifyUserOfOperation);

Retrieves configuration information of how the MobileVerify feature is


setup.

Note: This should be called prior to using all other methods of this object. Use the
value returned in the AssociatedDropdown parameter as the name of the
property in Lnl_Cardholder to retrieve the enumerated values.

Parameters:
– CurrentLevel - This is the ID of the value of the cardholder’s force
protection level.
– SystemLevel - This is the ID of the value of the current system’s force
protection level.
– CardholderName - name of cardholder
– SSNo - social security of cardholder
– ReaderName - Name of reader being opened (can be null)
– GateName - Name of gate or building associated with this reader or
mobile unit
• [static] void LogGrantTransaction( [in] sint32 CurrentLevel, [in] sint32
SystemLevel, [in] string CardholderName, [in] string SSNo, [in] string
ReaderName, [in] string GateName );

Logs an access grant transaction based on the input parameters. This method
is used to specify that the operator has granted the user access.

Note: This should be called when the operator clicks a grant button. It should not
reflect whether or not the cardholder’s force protection level was actually
grant or deny. This routine will appropriately log the correct transaction. For
example, if the operator clicks Grant on a cardholder whose force protection
level is LESS than the system setting (deny access), this routine will log a
grant-override transaction.

Parameters:
– CurrentLevel - This is the index of the combo box from the cardholder’s
force protection level.
– SystemLevel - This is the index of the combo box from the current
system’s force protection level.
– CardholderName - name of cardholder
– SSNo - social security of cardholder
– ReaderName - Name of reader being opened (can be null)
– GateName - Name of gate or building associated with this reader or
mobile unit

126 — revision 2
DataConduIT User Guide

• [static] void LogDenyTransaction( [in] sint32 CurrentLevel, [in] sint32


SystemLevel, [in] string CardholderName, [in] string SSNo, [in] string
ReaderName, [in] string GateName );

Logs an access deny transaction based on the input parameters.


Parameters:
– CurrentLevel - This is the index of the combo box from the cardholder’s
force protection level.
– SystemLevel - This is the index of the combo box from the current
system’s force protection level.
– CardholderName - name of cardholder
– SSNo - social security of cardholder
– ReaderName - Name of reader being opened (can be null)
– GateName - Name of gate or building associated with this reader or
mobile unit
Access: In order to use the class users need to have a Mobile Sentry license.

Lnl_MonitoringZone
Description: A Monitoring zone defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string Name Monitoring zone name View

sint32 SegmentID Monitoring zone’s View


Segment ID

Lnl_MonitoringZoneCameraLink
Description: Defines what cameras are associated with a given monitoring zone.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard

Type Name Description Access

sint32 MonitoringZoneID Monitoring Zone ID. Key View


field. See
Lnl_MonitoringZone.ID.

revision 2 — 127
13: Reference

Type Name Description Access

sint32 PanelID Panel ID for the camera. View


Key field. See
Lnl_Camera.PanelID.

sint32 CameraID Camera ID. Key field. See View


Lnl_Camera.ID.

Lnl_MultimediaObject
Description: An image belonging to a person in the security system.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 DATATYPE Data type. Key field. View/Edit


Possible values:
0: Normal Image
1: Normal Image with
Chromakey Mask
2: Thumbnail Image

sint32 OBJECTTYPE Object type. Key field. View/Edit


Possible values:
1: Photo
8: Signature
10: Hand Geometry

sint32 PERSONID Internal ID of the person View/Edit


who owns this object. See
Lnl_Person.ID.

uint8[] DATA Array of image data. View/Edit

datetime LASTCHANGED Image last changed View

Lnl_Panel
Description: A panel defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard

128 — revision 2
DataConduIT User Guide

Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string NAME Display name View

string PANELTYPE Panel type name View

sint32 SEGMENTID Lnl_Segment.ID - ID of View


the segment

string WORKSTATION Panel workstation name View

Lnl_Person
Description: A cardholder or visitor in the security system.
Abstract: Yes
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string FIRSTNAME First name View/Edit

datetime LASTCHANGED Person last changed View

string LASTNAME Last name View/Edit

string MIDNAME Middle name View/Edit

string SSNO Person’s identification View/Edit


number

Lnl_Reader
Description: A reader defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard

revision 2 — 129
13: Reference

Properties:

Type Name Description Access

sint32 PANELID ID of the panel to which View


this reader belongs. Key
field.

sint32 READERID Internal database ID. Key View


field.

string NAME Display name. View

sint32 TimeAttendanceType The time and attendance View


reader configuration.

not used = 0 (or <empty>)

Entrance Reader = 1

Exit Reader = 2

Lnl_Segment
Description: A segment or segment group defined in the security system. Present
in segmented systems only.
Abstract: Yes
Access: View only
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string NAME Display name View

Lnl_SegmentGroup
Description: A segment group in the security system. Present in segmented
systems only.
Abstract: No
Access: View only
Superclass: Lnl_Segment
Platforms: OnGuard
Properties: Same properties as in Lnl_Segment.

130 — revision 2
DataConduIT User Guide

Lnl_SegmentUnit
Description: A segment in the security system. Present in segmented systems
only.
Abstract: No
Access: View only
Superclass: Lnl_Segment
Platforms: OnGuard
Properties: Same properties as in Lnl_Segment.

Lnl_Timezone
Description: A time zone defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 SegmentID Segment ID to which the View


time zone belongs.

string Name Name of the timezone View

Lnl_TimezoneInterval
Description: A time zone defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

sint32 TimezoneID Lnl_Timezone of which View


this interval is a part of.

revision 2 — 131
13: Reference

Type Name Description Access

datetime StartTime Time of day when interval View


becomes active

datetime EndTime Time of day when interval View


stops being active

boolean Monday - Sunday Day of the week when View


interval is active

boolean HolidayType1 - Holiday type during which View


HolidayType8 the interval is active

Lnl_User
Description: A user defined in the system.
Abstract: No
Access: View/Add /Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard

Type Name Description Access

sint32 ID Internal database ID. Key field. View

string LogonID Internal Account User name View/Edit

string Password Internal Account Password Edit

string FirstName First Name View/Edit

string LastName Last Name View/Edit

boolean AllowManualLogon Allow user to manually log-in View/Edit

boolean AllowUnifiedLogon Allow single-sign-on View/Edit

boolean Enabled Determines whether user is enabled View/Edit

sint32 SystemPermissionGroupID System User Permission Group. See View/Edit


Lnl_UserPermissionGroup.ID.

sint32 MonitoringPermissionGroupID Monitor User Permission Group. View/Edit


See Lnl_UserPermissionGroup.ID.

sint32 CardPermissionGroupID Cardholder User Permission Group. View/Edit


See Lnl_UserPermissionGroup.ID.

sint32 FieldPermissionID Field/Page Access Group. See View/Edit


Lnl_UserFieldPermissionGroup.ID.

sint32 PrimarySegmentID User’s Primary Segment ID View/Edit

sint32 MonitoringZoneID Monitoring Zone ID. See View/Edit


Lnl_MonitoringZone.ID.

datetime Created Date user was created View

datetime LastChanged Date user was modified View

132 — revision 2
DataConduIT User Guide

Type Name Description Access

string Notes Notes associated with the user View

boolean AutomaticallyCreated An automatic user is one that has View


been created in “bulk” using the
Bulk User Tool. This property is set
to false for all users except those
created using the Bulk User Tool. It
is included in the application
programming interface (API) for
filtering only.

sint32 DatabaseID Stores the replication setting for the View/Edit


User; applies to Enterprise systems
only. The value has a default value
of ‘Local System Only’ which
matches the default through the
OnGuard software.

Lnl_UserAccount
Description: An association between a user and its directory account.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: None
Platforms: OnGuard

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string AccountID ID of the entry in the View/Edit


external directory. The ID
is the value of the attribute
specified in the
Lnl_Directory.DirectoryI
DAttr property. For
example, for Microsoft
directories, this property
would contain the
account’s security
identifier (SID).

sin32 DirectoryID Internal ID of the View/Edit


directory to which this
account belongs. See
Lnl_Directory.ID.

sint32 UserID Internal ID of the user View/Edit


who owns this account.
See Lnl_User.ID.

revision 2 — 133
13: Reference

Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string Name Permission Group name View

sint32 Type Permission Group Type: View


System = 0
Cardholder = 1
Monitor = 2
Field/Page = 3

sint32 SegmentID Group’s Segment ID View

sint32 PTZPriority PTZ Priority for the users View


belonging to this group

boolean CanLoginToDataConduIT Shows if the user in this View


group can login to
DataConduIT

boolean CanViewLiveVideo Shows if the user in this View


group can view live video

boolean CanViewRecordedVideo Shows if the user in this View


group can view recorded
video

boolean CanSearchVideo Shows if the user in this View


group can search video

boolean DevicesExcluded Shows if the devices in the View


associated group are
excluded

Lnl_UserPermissionDeviceGroupLink
Description: Describes a link between a device group and a permission.
Abstract: No
Access: View
Superclass: Lnl_Element

134 — revision 2
DataConduIT User Guide

Platforms: OnGuard

Type Name Description Access

sint32 UserPermissionGroupID User permission group. View


See
Lnl_UserPermissionGrou
p.ID.

sint32 DeviceGroupID Device Group ID. See View


Lnl_CameraGroup.ID.

Lnl_UserSecondarySegment
Description: An association between a user and its assigned secondary
segments.
Abstract: No
Superclass: Lnl_Element
Platforms: OnGuard

Type Name Description Access

sint32 UserID Internal ID of the user View/Edit

Lnl_User.ID.

sint32 SegmentID User’s Segment ID View/Edit

Lnl_Visit
Description: A visit in the security system.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Element
Platforms: OnGuard

Type Name Description Access

sint32 CARDHOLDERID LNL_CARDHOLDER.ID View/Edit


- the host

boolean EMAIL_INCLUDE_DEF_ Whether the default Edit


RECIPIENTS recipients are notified

boolean EMAIL_INCLUDE_HOST Whether the host is Edit


notified

boolean EMAIL_INCLUDE_ Whether the visitor is Edit


VISITOR notified

revision 2 — 135
13: Reference

Type Name Description Access

string EMAIL_LIST A list of semi-colon Edit


separated e-mail recipients
(other than the visitor, host
or defaults) Ex:
abc@123.com;xyz@123.c
om

sint32 ID Internal database ID. Key View


field.

datetime LASTCHANGED Visit last changed View

string PURPOSE Visit purpose View/Edit

datetime SCHEDULED_TIMEIN Scheduled start time View/Edit

datetime SCHEDULED_TIMEOUT Scheduled end time View/Edit

datetime TIMEIN Actual start time View

datetime TIMEOUT Actual end time View

sint32 TYPE Visit type, values are user- View/Edit


defined

sint32 VISITORID Lnl_Visitor.ID - the visitor View/Edit

Methods:
void SignVisitOut();
Signs a visit out, modifying the visit and setting TIMEOUT to current date/time.
Any associated badge with the visitor is deactivated and set to the status as
configured in the OnGuard software.
void SignVisitIn([in]sint32 BadgeTypeID, [in]string PrinterName, [in]sint32
AssignedBadgeID);
Signs a visit in, modifying the visit and setting TIMEIN to current date/time. If
AssignedBadgeID is set to a valid ID, the badge is automatically assigned to the
visitor and made active.
Parameters:
• badgeTypeID - This is the badge type you want to assign the visitor.
• AssignedBadgeID - This is the badge ID you want to assign the visitor, a
badge already in the system.
• printerName - The name of the printer you want to use to print out the
disposable badge

Note: If badgeTypeID is provided so must the printerName (unless there is a


default printer set up for the badgeTypeID specified) and AssignedBadgeID
will be ignored. If AssignedBadgeID is specified, badgeTypeID and
printerName are ignored. See the Visitor Management User Guide for more
detailed documentation on visits and signing them in.

136 — revision 2
DataConduIT User Guide

Lnl_VisitEmailRecipient
Description: A visit e-mail recipient in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

string ACCOUNTID ID of the entry in the View


external directory. The ID
is the value of the attribute
specified in the
Lnl_Directory.DirectoryI
DAttr property. For
example, for Microsoft
directories, this property
would contain the
account’s security
identifier (SID)

sint32 DIRECTORYID Internal ID of the View


directory to which this
account belongs. See
Lnl_Directory.ID.

string EMAILADDRESS Recipient e-mail address View

boolean INCLUDEDEFAULTRE Whether the default View


CIPIENTS recipients are notified

boolean INCLUDEHOST Whether the visit host is View


notified

boolean INCLUDEVISITOR Whether the visitor is View


notified

sint32 PERSONID Lnl_Person.ID - ID of the View


person receiving the e-
mail

sint32 RECIPIENTNUMBER Internal database ID. Key View


field.

sint32 SEGMENTID Segment for default View


recipients

sint32 VISITID Lnl_Visit.ID - ID of the View


visit. Key field.

Lnl_Visitor
Description: A visitor in the security system.
Abstract: No

revision 2 — 137
13: Reference

Access: Full (View/Add/Modify/Delete)


Superclass: Lnl_Person
Platforms: OnGuard
Properties: The class has all the properties of the Lnl_Person class, plus any
custom fields defined by the end user.

User-Defined Value Lists (LNL_BadgeStatus, Lnl_Title,


…)
Description: Any user-defined list in the system, populated via List Builder.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Element
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID Internal database ID. Key View


field.

string NAME Name of the list value View/Edit

sint32 SEGMENTID Segment the list belongs View/Edit


to

Association Classes

Lnl_AccessLevelGroupAssignment
Description: An association between an access level and the group in which it
belongs.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_AccessLevel ACCESSLEVEL Reference to the access level

ref:Lnl_AccessGroup ACCESSGROUP Reference to the access group

Lnl_BadgeOwner
Description: An association between a badge and the person who owns it.

138 — revision 2
DataConduIT User Guide

Abstract: Yes
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_Badge BADGE Reference to the badge

ref:Lnl_Person PERSON Reference to the person

Lnl_CardholderAccount
Description: An association between an account and the cardholder with which
it is associated.
Abstract: No
Superclass: Lnl_PersonAccount
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_Account ACCOUNT Reference to the account

ref:Lnl_Cardholder PERSON Reference to the cardholder.

Lnl_CardholderBadge
Description: An association between a badge and the cardholder who owns it.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_Badge BADGE Reference to the badge

ref:Lnl_Visitor PERSON Reference to the visitor

Lnl_CardholderMultimediaObject
Description: An association between a multimedia object and the cardholder
who owns it.
Abstract: No
Superclass: None
Platforms: OnGuard

revision 2 — 139
13: Reference

Properties:

Type Name Description

ref:Lnl_MultimediaObject MULTIMEDIAOBJECT Reference to the multimedia object

ref:Lnl_Cardholder PERSON Reference to the cardholder

Lnl_DirectoryAccount
Description: An association between an account and the directory in which it is
stored.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_Account ACCOUNT Reference to the account

ref:Lnl_Directory DIRECTORY Reference to the directory

Lnl_MultimediaObjectOwner
Description: An association between a multimedia object and the person who
owns it.
Abstract: Yes
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_MultimediaObject MULTIMEDIAOBJECT Reference to the multimedia object

ref:Lnl_Person PERSON Reference to the person

Lnl_PersonAccount
Description: An association between an account and the person with which it is
associated.
Abstract: Yes
Superclass: None
Platforms: OnGuard

140 — revision 2
DataConduIT User Guide

Properties:

Type Name Description

ref:Lnl_Account ACCOUNT Reference to the account

ref:Lnl_Person PERSON Reference to the person

Lnl_ReaderEntersArea
Description: An association between a reader and the APB area to which it
allows entry.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_Area AREA Reference to the APB area

ref:Lnl_Reader READER Reference to the reader

Lnl_ReaderExitsArea
Description: An association between a reader and the APB area to which it
allows departure from.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_Area AREA Reference to the APB area

ref:Lnl_Reader READER Reference to the reader

Lnl_SegmentGroupMember
Description: An association between a segment unit and the segment group of
which the unit is a member. Present in segmented systems only.
Abstract: No
Superclass: None
Platforms: OnGuard

revision 2 — 141
13: Reference

Properties:

Type Name Description

ref:Lnl_SegmentGroup GROUP Reference to the segment group

ref:Lnl_SegmentUnit MEMBER Reference to the segment unit

Lnl_VisitorAccount
Description: An association between an account and the visitor with which it is
associated.
Abstract: No
Superclass: Lnl_PersonAccount
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_Account ACCOUNT Reference to the account

ref:Lnl_Visitor PERSON Reference to the visitor

Lnl_VisitorMultimediaObject
Description: An association between a multimedia object and the visitor who
owns it.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:

Type Name Description

ref:Lnl_MultimediaObject MULTIMEDIAOBJECT Reference to the multimedia object

ref:Lnl_Visitor PERSON Reference to the visitor

Event Classes
All event classes are view only and are not abstract.

Lnl_AccessEvent
Description: An event occurring due to the presentation of credentials at a
reader. Credentials here are represented as being stored on a card, but the “card”
could be any form factor. Similarly, the “reader” represents any system that can
read the credentials on the card. This class includes information read from the

142 — revision 2
DataConduIT User Guide

card (card number, biometric information) in addition to what access was granted
(granted/denied and under duress).
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:

Type Name Description

sint32 ACCESSRESULT The level of access that was granted


that resulted from reading the card.
Possible values:
0: Other
1: Unknown
2: Granted
3: Denied
4: Not Applicable

sint32 AREAENTEREDID The ID of the area that was entered,


if any

sint32 AREAEXITEDID The ID of the area that was exited, if


any

string ASSETID The ID of the asset related to this


event, if any

boolean CARDHOLDERENTERED Whether entry was made by the


cardholder

sint32 CARDNUMBER The badge ID for the card that was


read, if available

boolean DURESS Indicates whether this card access


indicates an under duress/emergency
state

sint32 ELEVATORFLOOR The elevator floor on which the


access event was generated, if any

sint32 FACILITYCODE The facility code for the card that


was read, if available

boolean ISREADABLECARD Whether the card could be read. If it


could not be read (due to an invalid
card format or damage to the card),
the other properties of this class
relating to card information will be
null.

sint32 ISSUECODE The issue code for the card that was
read, if available

Lnl_Alarm
Description: An alarm in the system. The Lnl_Alarm class is embedded directly
into the Lnl_SecurityEvent class, because an alarm cannot happen without an
event and an event can be mapped to one and only one alarm definition. Since
this is an embedded object, you cannot query for it.

revision 2 — 143
13: Reference

Abstract: No
Access: View only
Superclass: None
Platforms: OnGuard
Properties: These priorities are based off the Alarm Configuration folder in
System Administration.:

Type Name Description

string DESCRIPTION A human readable of the event


parameter

string EVENTPARAMDESCRIPTION A human readable brief description


of the event parameter

boolean ISACTIVE Whether the alarm is active

boolean MUSTACKNOWLEDGE Whether the alarm has to be


acknowledged

sint32 PRIORITY The alarm’s priority

Lnl_Event
Description: An event occurring in the OnGuard system.
Superclass: __ExtrinsicEvent
Platforms: OnGuard
Properties:

Type Name Description

string DESCRIPTION A human readable, brief description


of this event.

datetime TIME The time when this event occurred.

Lnl_FireEvent
Description: An event that relates to a fire hazard and/or fire hardware.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:

Type Name Description

sint32 TroubleCode A trouble code associated with the


fire event.

Lnl_FunctionExecEvent
Description: An event that consists of a function that is executed when a given
event occurs. Input arguments may also be included.

144 — revision 2
DataConduIT User Guide

Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:

Type Name Description

sint32 FunctionID The ID of the function that was


executed.

sint32 InitiatingEventID The ID of the event that caused the


function to be executed.

sint32 FunctionInputArguments Any input arguments to the function


that was executed.

Lnl_IntercomEvent
Description: An event occurring on intercom hardware such as an intercom
exchange or an intercom station.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:

Type Name Description

sint32 IntercomData Additional data for the intercom


event that occurred.

sint32 LineNumber The line number involved in the


intercom event.

Lnl_OtherSecurityEvent
Description: An event that is not card related and not access-related, such as
door forced open and alarm restored. The Lnl_OtherSecurity event class supports
all event types that were not included in the other event sub-classes. A
combination of all of the above classes yields all security events and alarms
available in the system.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties: All properties belong to the superclass.

Lnl_SecurityEvent
Description: An event occurring in the physical security system.
Superclass: Lnl_Event
Platforms: OnGuard

revision 2 — 145
13: Reference

Properties:

Type Name Description Access

sint32 DEVICEID The ID of the device where this event originated

sint32 ID The ID that uniquely identifies the type of this event

sint32 PANELID The ID of the panel where this event originated

sint32 SECONDAR The ID of the secondary device where this event


YDEVICEID originated

sint32 SEGMENTID The ID of the segment that the panel is in

sint32 SERIALNUM A number that uniquely identifies the instance of the


BER event for a particular panel

object:Lnl_A ALARM The alarm associated with the event, if there is one
larm

sint32 Type Event type i.e., “duress”, “system”, etc. View


Corresponds to
Lnl_EventSubtypeDefinition.TypeID and
Lnl_EventType.ID.

sint32 SubType Event sub-type i.e., “granted”, “door forced open”, View
etc. Corresponds to
Lnl_EventSubtypeDefinition.SubTypeID.

Lnl_StatusChangeEvent
Description: An event that indicates a change of status for the device specified.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:

Type Name Description

sint32 CommunicationStatus The status for the communication


link with the device specified in the
event.

sint8 NewStatus The new status of the device


specified in the event.

sint8 OldStatus The old status for the device


specified in the event.

Lnl_TransmitterEvent
Description: A personal safety event involving a transmitter.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard

146 — revision 2
DataConduIT User Guide

Properties:

Type Name Description

sint32 TransmitterBaseID The base ID of the transmitter


associated with the event.

sint32 TransmitterID The ID of the transmitter associated


with the event.

sint32 TransmitterInputID The ID of the input on the


transmitter associated with the
event.

boolean VerifiedAlarm Boolean value indicating whether


the transmitter message is known to
be verified.

Lnl_VideoEvent
Description: An event associated with video equipment such as video recorders
and cameras.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:

Type Name Description

datetime StartTime The time the video event started.

datetime EndTime The time the video event ended.

sint32 Channel The physical channel the camera is


connected to that is creating this
event.

Lnl_VisitEvent
Description: An event associated with a visit.
Superclass: __InstanceOperationEvent
Platforms: OnGuard
Properties:

Type Name Description Access

sint32 ID The internal database ID View

string Name The user-friendly name of this View


object.

sint32 CardholderID The host of the visit event. View

sint32 DelegateID The person who schedules or View


maintains the event instead of the
host.

revision 2 — 147
13: Reference

Type Name Description Access

sint32 DatabaseID The database identifier in an View


Enterprise system that identifies the
system that owns the event.

datetime Scheduled_TimeIn The time the visit event is scheduled View


to start.

datetime Scheduled_TimeOut The time the visit event is scheduled View


to complete.

datetime LastChanged The last time the properties of the View


visit event changed.

sint32 SignInLocationID The ID of the visitor sign in View


location.

Command and Control: Classes and Methods

Lnl_AlarmInput
Description: Inherits from Lnl_Input. Implements the input control methods and
represents an alarm input found on an input control module.
Methods:
void Mask()
Inherited from Lnl_Input.
void Unmask()
Inherited from Lnl_Input.
Properties:

Lnl_AlarmOutput
Description: Inherits from Lnl_Output. Implements the relay control methods
and represents an alarm relay found on an input or output control module.
Methods:
void Activate()
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
void Pulse();
Inherited from Lnl_Output.
Properties:

148 — revision 2
DataConduIT User Guide

Lnl_AlarmPanel
Description: This class represents the Alarm input or output control module.
Methods:
void GetHardwareStatus([out] uint32 Status
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the parent ISC

uint32 Status – device status:


uint32 Status Description Device status

ONLINE_STATUS Online 0x01

OPTIONS_MISMATCH_STATUS Options Mismatch 0x02

CABINET_TAMPER Cabinet Tamper 0x04

POWER_FAIL Power Failure 0x8

Lnl_Input
Description: Abstract class that represents any kind of alarm input. It declares
methods for controlling such output.
Methods:
void Mask();
Sends a command to mask a specific alarm input.
void Unmask();
Sends a command to unmask a specific alarm input.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the ISC.

uint32 Status – device status:

ALRM_STATUS_SECURE 0x00

ALRM_STATUS_ACTIVE 0x01

ALRM_STATUS_GND_FLT 0x02

ALRM_STATUS_SHRT_FLT 0x03

ALRM_STATUS_OPEN_FLT 0x04

ALRM_STATUS_GEN_FLT 0x05

Lnl_IntrusionArea
Description: Implements the control methods for the Intrusion Area.
Methods:
void Disarm()
Sends a command to disarm the area.

revision 2 — 149
13: Reference

void MasterDelayArm ()
Sends a command to perform a delayed master arm.
void MasterInstantArm ()
Sends a command to perform an instant master arm.
void PerimeterDelayArm ()
Sends a command to perform a delayed perimeter arm.
void PerimeterInstantArm ()
Sends a command to perform an instant perimeter arm.
void SilenceAlarms ()
Sends a command to silence area alarms.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the parent ISC.

uint32 Status – device status:

OFFLINE_STATUS 0x00

ONLINE_STATUS 0x01

Properties:

Lnl_IntrusionDoor
Description: Implements the control methods for the Intrusion Door.
Methods:
void Open()
Sends a command to open the intrusion door.
void SetMode([in] sint32 Mode);
Sends a command to change the door mode.

Mode – door mode:

DoorLock 0x0

DoorUnlock 0x1

SetDoorSecure 0x2

Properties:

Lnl_IntrusionOutput
Description: Abstract class that inherits from Lnl_Output. Declares the relay
control methods and represents an output device of the Intrusion Panel.
Methods:
void Activate()
Inherited from Lnl_Output.

150 — revision 2
DataConduIT User Guide

void Deactivate();
Inherited from Lnl_Output.
Properties:

Lnl_IntrusionZone
Description: Implements the control methods for the Intrusion Zone.
Methods:
void Bypass()
Sends a command to open by pass the alarm zone.
void UnBypass();
Sends a command to un bypass the alarm zone.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the parent ISC.

uint32 Status – device status:

OFFLINE_STATUS 0x00

ONLINE_STATUS 0x01

Properties:

Lnl_IntrusionZoneOutput
Description: Inherits from Lnl_Output. Implements the relay control methods
and represents an Output Zone defined on the Intrusion Panel.
Methods:
void Activate()
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
Properties:

Lnl_OffBoardRelay
Description: Inherits from Lnl_Output. Implements the relay control methods
and represents an Off-Board relay connected to the Intrusion Panel.
Methods:
void Activate()
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
void Toggle();
Toggles the state of the specific alarm relay.
Properties:

revision 2 — 151
13: Reference

Lnl_OnBoardRelay
Description: Inherits from Lnl_Output. Implements the relay control methods
and represents an On-Board relay of the Intrusion Panel.
Methods:
void Activate()
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
Properties:

Lnl_Output
Description: Abstract class that represents any kind relay output. It declares
methods for controlling such output.
Methods:
void Activate()
Sends a command to activate a specific alarm relay.
void Deactivate()
Sends a command to deactivate a specific alarm relay.
void Pulse()
Sends a momentary pulse command to a specific alarm relay.
Example (VB Script):

Set wbemServices = GetObject(“winmgmts://./root/onguard”)


‘ run the query. this call returns a SWbemObjectSet that contains a
‘ list of all outputs in the system.
Set outputSet = wbemServices.ExecQuery(“select * from Lnl Output”)
Dim Counter
Counter = 0
‘ for each output - pulse three times
While Counter < 3 ‘ Test value of Counter.
for each output in outputSet
‘ Pulse the output
output.Pulse()
WScript.Sleep 1000
next
Counter = Counter + 1 ‘ Increment Counter.
Wend

152 — revision 2
DataConduIT User Guide

void GetHardwareStatus([out] uint32 Status)


Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the parent ISC.

uint32 Status – device status:


uint32 Status Description Device status

ALRM_STATUS_SECURE Output Secure 0

ALRM_STATUS_ACTIVE Output Active 1

Lnl_Panel
Description: This class represents the Intelligent System Controller.
Methods:
void DownloadFirmware()
Sends a download firmware command to the ISC.
void DownloadDatabase()
Sends a command to the ISC to download the cardholder database.
void ResetUseLimit()
Sends a command to reset the use limit of all cardholders within the ISC.
void UpdateHardwareStatus()
Sends a command to retrieve the status of the Intelligent System controller and
all downstream hardware connected to the specific system controller.
void Connect()
Used for dial-up only. This command instructs the host to connect to the ISC via
dial-up.
void Disconnect()
Used for dial-up only. This command instructs the host to send a disconnect
command to the ISC.
void SetClock()
Sends the current time down to the ISC.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the ISC.

uint32 Status – device status:


uint32 Status Description Device status

ONLINE_STATUS Online 0x01

OPTIONS_MISMATCH_STATUS Options Mismatch 0x02

CABINET_TAMPER Cabinet Tamper 0x04

POWER_FAIL Power Failure 0x8

DOWNLOADING_FIRMWARE Downloading Firmware 0x10

revision 2 — 153
13: Reference

Lnl_Reader
Description:
Methods:
void OpenDoor()
Sends a command to open the door for a specific reader.
void SetMode([in] sint32 Mode)
Sends a command to set the current operating mode of a reader.
void GetMode ([out] sint32 Mode)
Retrieves current mode of the reader. Mode is only retrieved from the hardware
when the UpdateHardwareStatus is called on the parent ISC.
Parameters:

sint32 Mode: Reader mode to be set. Allowed values are:

MODE_LOCKED 0x0

MODE_CARDONLY 0x1

MODE_PIN_OR_CARD 0x2

MODE_PIN_AND_CARD 0x3

MODE_UNLOCKED 0x4

MODE_FACCODE_ONLY 0x5

MODE_CYPHERLOCK 0x6

MODE_AUTOMATIC 0x7

void SetBiometricVerifyMode([in] boolean Value)


Sends a command to enable / disable the biometric mode of verification for a
reader.
Parameters:
boolean Value: True – enable biometric mode of verification. False – disable
biometric mode of verification.
void SetFirstCardUnlockMode([in] boolean Value)
Sends a command to enable/disable first card unlock mode for the reader.
Parameters:
boolean Value: True – enable first card unlock mode. False – first card unlock
mode.
void DownloadFirmware()
Sends a download firmware command to the reader interface module.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the parent ISC.

154 — revision 2
DataConduIT User Guide

uint32 Status – device status:


uint32 Status Description Device status

RDRSTATUS_ONLINE Online 0x1

RDRSTATUS_OPTION_MISMATCH Options Mismatch 0x2

RDRSTATUS_CNTTAMPER Cabinet Tamper 0x4

RDRSTATUS_PWR_FAIL Power Failure 0x8

RDRSTATUS_TAMPER Reader Tamper 0x10

RDRSTATUS_FORCED Door Forced Open 0x20

RDRSTATUS_HELD Door Held Open 0x40

RDRSTATUS_AUX Auxiliary Input 1 0x80

RDRSTATUS_AUX2 Auxiliary Input 2 0x100

RDRSTATUS_AUX3 Auxiliary Input 3 0x400

RDRSTATUS_BIO_VERIFY Bio Verify 0x800

RDRSTATUS_DC_GND_FLT DC Ground Fault 0x1000

RDRSTATUS_DC_SHRT_FLT DC Short Fault 0x2000

RDRSTATUS_DC_OPEN_FLT DC Open Fault 0x4000

RDRSTATUS_DC_GEN_FLT DC Generic Fault 0x8000

RDRSTATUS_RX_GND_FLT RX Ground Fault 0x10000

RDRSTATUS_RX_SHRT_FLT RX Short Fault 0x20000

RDRSTATUS_RX_OPEN_FLT RX Open Fault 0x40000

RDRSTATUS_RX_GEN_FLT RX Generic Fault 0x80000

RDRSTATUS_FIRST_CARD_UNLOCK First Card Unlock Mode 0x100000

RDRSTATUS_EXTENDED_HELD_MODE Extended Held Mode 0x200000

RDRSTATUS_CIPHER_MODE Cipher Mode 0x400000

RDRSTATUS_LOW_BATTERY Low Battery 0x800000

RDRSTATUS_MOTOR_STALLED Motor Stalled 0x1000000

RDRSTATUS_READHEAD_OFFLINE Read Head Offline 0x2000000

revision 2 — 155
13: Reference

uint32 Status – device status:


uint32 Status Description Device status

RDRSTATUS_MRDT_OFFLINE MRDT Offline 0x4000000

RDRSTATUS_DOOR_CONTACT_OFFLINE Door Contact Offline 0x8000000

Lnl_ReaderOutput
Description: Abstract class, inherits from Lnl_Output. Declares the relay control
methods and represents an auxiliary relay found on a reader interface module.
Methods:
void Activate();
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
void Pulse();
Inherited from Lnl_Output.
Properties:

Lnl_ReaderOutput1
Description: Inherits from Lnl_ReaderOutput. Implements the relay control
methods and represents the first auxiliary relay found on a reader interface
module.
Methods:
void Activate();
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
void Pulse();
Inherited from Lnl_Output.
Properties:

Lnl_ReaderOutput2
Description: Inherits from Lnl_ReaderOutput. Implements the relay control
methods and represents the second auxiliary relay found on a reader interface
module.
Methods:
void Activate();
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.

156 — revision 2
DataConduIT User Guide

void Pulse();
Inherited from Lnl_Output.
Properties:

Lnl_ReaderInput
Description: Abstract class, inherits from Lnl_Input. Declares the input control
methods and represents an auxiliary input found on a reader interface module.
Methods:
void Mask()
Inherited from Lnl_Input.
void Unmask()
Inherited from Lnl_Input.
Properties:

Lnl_ReaderInput1
Description: Inherits from Lnl_ReaderInput. Declares the input control methods
and represents the first auxiliary input found on a reader interface module.
Methods:
void Mask()
Inherited from Lnl_Input.
void Unmask()
Inherited from Lnl_Input.
Properties:

Lnl_ReaderInput2
Description: Inherits from Lnl_ReaderInput. Declares the input control methods
and represents the second auxiliary input found on a reader interface module.
Methods:
void Mask()
Inherited from Lnl_Input.
void Unmask()
Inherited from Lnl_Input.
Properties:

revision 2 — 157
13: Reference

158 — revision 2
Appendices
DataConduIT User Guide

Appendix A: Property Qualifiers Used In DataConduIT

The following property qualifiers are used for user-defined fields (UDFs) with
the following settings. Some of these qualifiers are standard among WMI
applications; others are DataConduIT specific.

UDF Setting Property Qualifier Name Property Qualifier Value

Required not_null true

Read-only read true


noedit true

Can’t view noview true

Maximum Length maxlen [maximum length value]

Display Name DisplayName [display name value]

Database Key key true

Database Foreign Key propagated [Foreign Class Name].[Foreign


Property Name]

Default, Not Required Optional true

Default DefaultValue [field default value]

Unique Unique true

revision 2 — 161
A: Property Qualifiers Used In DataConduIT

162 — revision 2
DataConduIT User Guide

Appendix B: DataConduIT Tools for Windows XP

Windows XP introduces a new tool for managing data from WMI. That tool is
called the WMI command-line, or WMIC. WMIC provides a convenient,
flexible, and extensible way to view and modify WMI classes and instances.
Generally, WMIC users will invoke aliases that are a kind of shorthand for
interacting with WMI. Aliases define WQL queries for receiving data from
WMI, including output properties and formats and default properties to query.
Windows XP ships with a number of pre-defined aliases. For instance, typing
service list brief in WMIC lists the services installed on the machine, along with
some important properties such as whether the services are running.

The DataConduIT documentation comes with a number of aliases that you can
use to access data in OnGuard through WMIC. These aliases are located in the
XP folder of the documentation. Before these aliases can be used on a machine,
they must be installed. To install them, simply run the install.bat file located in
the XP folder. This batch file installs the aliases into WMI and copies the
necessary formatting files used by these aliases.

To start WMIC, open up a command shell and type WMIC. The first time it is
run, the tool will perform the necessary self-installation. To view a list of all
available aliases, type alias list brief. To view all aliases pertaining to
DataConduIT, type lnlalias “root\\onguard” list brief. The
column FriendlyName gives the name of each alias. Using any one of these
aliases, type [aliasname] /? to learn more about the capabilities of the
alias.

revision 2 — 163
B: DataConduIT Tools for Windows XP

Here are a few examples of what you can do in WMIC using these aliases:

List the names of people whose last name starts with the letter ‘L’:

person where “lastname like 'L%'” list names

List all cardholders who have changed since January 1, 2002:

cardholder where “lastchanged>'20020101000000.0000000000'” get /


ALL

Output all cardholders and visitors as XML with an XSD schema:

person get /FORMAT:exportxml

Create a visitor named John Public:

visitor create first=John,last=Public

Delete all visitors named John Public:

visitor where “firstname='John' and lastname='Public'” delete

Enable the badge with ID 1 and issue code 0:

badge where “id=1 and issuecode=0” set status=1

List all badges belonging to the cardholder with cardholder ID


123456789:

personssno 123456789 call badges

For more information about WMIC, search for WMIC in Windows XP Help and
Support.

164 — revision 2
DataConduIT User Guide

Appendix C: Event Generator

The Event Generator is a utility that is only available on the OnGuard Software
Development Kit (SDK) installation disc. It is used to generate events without
having “live” or online hardware connected to a system; it enables customers
who wish to generate events without purchasing hardware to do so.

Event Generator Main Window


The Event Generator Main Window displays automatically when the
Communication Server is run as an application after the Event Generator is set
up. To correctly set up the Event Generator, refer to Required Event Generator
Files on page 173.

revision 2 — 165
C: Event Generator

Event Generator Main Window Field Table


Form Element Type Comment
Number of times numeric Number of times each event in the listing window will be generated

End delay numeric Amount of time that will elapse after the last event is sent

Random end time check box If selected, the End delay value specified will be ignored, and instead a
random time will be used

In between delay numeric Amount of time that will elapse between events that are sent

Random in check box If selected, the In between delay value specified will be ignored, and instead
between time a random time will be used

Random badge IDs check box If selected, badge ID numbers will be randomly generated. This check box
must be selected for Badge ID min, Badge ID max, and [Auto-populate
with min and max badge IDs] to be enabled and available for selection.

Badge ID min numeric The lowest badge ID that is allowed to be randomly selected. Badge IDs will
be randomly determined, but will fall in the range between the specified
badge ID min and max.

Badge ID max numeric The highest badge ID that is allowed to be randomly selected. Badge IDs
will be randomly determined, but will fall in the range between the specified
badge ID min and max.

Auto-populate push button Automatically populates the Badge ID min and Badge ID max fields with
with min and max values appropriate for your particular database
badge IDs

Listing window display/ Lists events that have been added, along with the event type, event ID,
selection device ID, input ID, message type, data type, badge ID, and text associated
with each.

166 — revision 2
DataConduIT User Guide

Edit Event (Simple) Window


The Edit Event (Simple) window is used to add new events or modify existing
events using the minimum number of required parameters.

Only non-receiver/intrusion events in the OnGuard system are available in the


Edit Event (Simple) window. For receiver/intrusion events, use the Edit Event
(Advanced) window.

The Edit Event (Simple) window opens when you select either:
• Edit > Create Event > Create Event (Simple), or
• Edit > Modify Event > Modify Event (Simple) when an event is selected

revision 2 — 167
C: Event Generator

Edit Event (Simple) Window Field Table


Form Element Comment
Event type Lists all non-receiver/intrusion events in the OnGuard system. For receiver/intrusion events,
use the Advanced user interface.

Event sub-type Lists sub-categories of the selected event type

Panel Lists all available panels for the selected event type. The event will be generated for the
selected panel.

Device Lists all available readers for the selected event type (if applicable). The event will be
generated for the selected reader.

Input or output Lists all available inputs and outputs for the selected event type (if applicable). The event will
be generated for the selected input or output.

Badge ID to use The entered badge ID will be used in generating the event (if applicable)
for event

OK If adding a new event, the event will be added. If modifying an event, the modifications will
be saved.

Cancel Closes the Edit Event (Simple) window without adding or modifying any events

168 — revision 2
DataConduIT User Guide

Edit Event (Advanced) Window


The Edit Event (Advanced) window is used to add new events or modify existing
events using advanced parameters.

In the Edit Event (Advanced) window, both non-receiver/intrusion and receiver/


intrusion events are available. In the Edit Event (Simple) window, only non-
receiver/intrusion events are available.

The Edit Event (Advanced) window opens when you select either:
• Edit > Create Event > Create Event (Advanced), or
• Edit > Modify Event > Modify Event (Advanced) when an event is
selected

The fields available on this window for the data type change depending on which
data type is selected. For example, if the EVENT_DATA_TYPE_STATUS data
type is selected, the New status, Old status, and Comm status fields are
displayed and active.

There are five different custom data fields: data1, data2, data3, data4, and data5.
If a data type uses custom fields, then the actual field names will be displayed
instead of data1, data2, data3, etc. When a data type contains less than five
custom data fields, the extra fields are disabled. In this example, New status is
data1, Old status is data2, Comm status is data3; data4 and data5 are not used,
so they are disabled.

revision 2 — 169
C: Event Generator

Edit Event (Advanced) Window Field Table


Form Element Comment
Event type Lists all categories of events in the OnGuard system. This field is used in combination with the
Event category drop-down to filter what events are listed in the Events drop-down.

Event category Allows the events in the Events drop-down listbox to be filtered based on the category. Non-
receiver/intrusion events and receiver/intrusion events are available in this drop-down; in the
Simple user interface only non-receiver/intrusion events are available.

Events Lists all events for the selected event type and event category

Message type Indicates the message type of the event. The available choices are: Event, Status, Video. Most
messages will be of the Event type. Status messages are for messages which pass back status
information and will not display in Alarm Monitoring. Video events are special events used by
video.

Data type Indicates the type of additional data to be used with the message. For example, some messages
can have a badge ID and a specific data type will be used for these so this information can be
passed back.

There are five different custom data fields: data1, data2, data3, data4, and data5. If a data type
uses custom fields, then the actual field names will be displayed instead of data1, data2, data3,
etc. When a data type contains less than five custom data fields, the extra fields are disabled.

For example, for the EVENT_DATA_TYPE_STATUS data type, the New status, Old status,
and Comm status fields are displayed and active. New status is data1, Old status is data2,
Comm status is data3; data4 and data5 are not used, so they are disabled. If your event really
does not have additional data you can use the EVENT_DATA_TYPE_STATUS.

For more information, refer to Custom Data Fields Displayed for Each Data Type Setting on
page 171.

Associated event If selected, the text field will become enabled. Indicates if the message is to have associated
text text with it.

Text Enter text to be associated with the event

Device ID This is a downstream device ID that can be used to represent the event is from a downstream
device instead of just from a panel. OnGuard uses a three tiered device ID in the format P-D-I;
this is the second value.

Input ID This is a downstream input ID that can be used to represent that the event is from a
downstream device instead of just for a panel or its downstream device. OnGuard uses a three
tiered device ID in the format P-D-I; this is the third value.

Override Event This checkbox can be used to override the event generator’s panel ID so that you can generate
Generator’s panel an event that is from a different panel.
ID

Panel ID If the Override Event Generator’s panel ID option is being used, you will need to specify the
panel ID that will be used for the event in replacement for the event generator’s panel ID.

OK If adding a new event, the event will be added. If modifying an event, the modifications will
be saved.

Cancel Closes the Edit Event (Advanced) window without adding or modifying any events

170 — revision 2
DataConduIT User Guide

Custom Data Fields Displayed for Each Data Type Setting


Data type Custom data fields and descriptions

EVENT_DATA_ASSET Badge ID. Card number associated with the asset event.

EVENT_DATA_TYPE_AREAAPB Area APB ID. Area anti-passback ID.

EVENT_DATA_TYPE_CA Badge ID. Card number associated with the card event.
(Card Access) Issue code. Issue code associated with the card.
Bio score. Biometric score for biometric card events.

EVENT_DATA_TYPE_CNA Badge ID. Card number associated with the event.


(Card No Access)

EVENT_DATA_TYPE_FC (Facility Code) Facility code. Facility code associated with the event.
Issue code. Issue code.

EVENT_DATA_TYPE_INTERCOM Intercom data. Special intercom data associated with the event.
Line number. Line number used by special intercom events.

EVENT_DATA_TYPE_INTRUSION Area ID. Area ID for the intrusion event.


User ID. User ID associated with the intrusion event.

EVENT_DATA_TYPE_RECEIVER Receiver ID. ID of the receiver.


Line number. Line number on the receiver.
Area ID. Area ID for the event.
User ID. User ID associated with the event.

EVENT_DATA_TYPE_STATUS New status. New status, which is dependent on the type of


message.
Old status. Old status, which is dependent on type of message.
Comm status. Communication status, which is dependent on the
type of message.

If your event really does not have additional data, you can use the
EVENT_DATA_TYPE_STATUS.

EVENT_DATA_TYPE_STATUSREQUEST Status type. Type of status request. OnGuard has a number of pre-
defined types.
Status. Status associated with the status type. These values depend
on the type of status.

EVENT_DATA_TYPE_TRANSMITTER Transmitter ID. Transmitter ID associated with the transmitter


event

EVENT_DATA_TYPE_VIDEO Channel. Channel number associated with the video event

revision 2 — 171
C: Event Generator

Event Generator Menus


File Menu
Menu option Function

Save Events Saves the event list as a file with an EVT extension. This is generally done after the event
configuration has been completed.

Load Events Enables you to load a previously saved event configuration.

Edit Menu
Menu option Function

Create Event Contains a sub-menu of options that are used to create events.

Modify Event Contains a sub-menu of options that are used to modify events.

Delete Event Used to delete a selected event. A confirmation message is displayed before the actual deletion
occurs.

Clear Events Clears all events listed in the main window. Make sure to save the events before executing this
command if you wish to use the events in the future; otherwise, you will need to recreate them.

Send Events Generates a single selected event, which is then sent to Alarm Monitoring.

Generate Events Generates multiple events according to the configured frequency settings, and sends them to
Alarm Monitoring.

Edit Menu - Create Event Sub-menu


Menu option Function

Create Event Enables you to create an event using additional advanced parameters that are not available in
(Advanced) the simple mode.

Create Event Enables you to create an event using the least number of parameters possible.
(Simple)

Edit Menu - Modify Event Sub-menu


Menu option Function

Modify Event For a selected event, displays the basic parameters and enables you to change them.
(Advanced)

Modify Event For a selected event, displays advanced parameters and enables you to change them.
(Simple)

172 — revision 2
DataConduIT User Guide

Required Event Generator Files


To use the Event Generator, you will need the following files:
• EventGeneratorSetupTool.exe
• LnlEventGeneratoru.dll
• (Optional) EventGenerator.chm

These files are copied to the <Windows Configured Program Files


Location>\OnGuard Software Development Kit directory when the SDK
software is installed. Typically, this directory is C:\Program Files\OnGuard
Software Development Kit\EventGenerator.

You will need to manually copy the files listed above to the OnGuard installation
directory, which is typically C:\Program Files\OnGuard. Although the
EventGenerator.chm file is not required for the Event Generator to run, we
recommend that you copy this as well, since this contains the online help for the
Event Generator application. All of these files are also located on the OnGuard
SDK disc in the program files\OnGuard Software Development Kit\Event
Generator directory.

You must also manually register the LnlEventGeneratoru.dll. For more


information, refer to Registering the LnlEventGeneratoru.dll on page 175.

Setting Up the Event Generator


1. Install the OnGuard SDK software.
2. Copy the EventGeneratorSetupTool.exe, LnlEventGeneratoru.dll,
EventGenerator.chm files from the C:\Program Files\OnGuard Software
Development Kit\EventGenerator directory to the C:\Program
files\OnGuard directory on your hard drive.

Note: If you receive an information message stating that the


LnlEventGeneratoru.dll already exists in the C:\Program Files\OnGuard
directory, replace the file.

3. Register the LnlEventGeneratoru.dll. For more information, refer to


Registering the LnlEventGeneratoru.dll on page 175.
4. In the OnGuard software, add hardware such as access panels, readers, etc.
Keep in mind this hardware does not have to be “online”; it might even be
hardware that doesn’t really exist.
5. Run the Event Generator Setup Tool. To do this, navigate to the
EventGeneratorSetupTool.exe file in your OnGuard installation directory
(C:\Program Files\OnGuard by default) and double-click it.

revision 2 — 173
C: Event Generator

Note: If you receive an error saying that the LnlFCDBu.dll file could not be found
in the specified path, register the LnlEventGeneratoru.dll. For more
information, refer to Registering the LnlEventGeneratoru.dll on page 175.

6. Click [Add Necessary Information].

7. The [Add Necessary Information] button will then become grayed out. At
this point, you can close the Event Generator Setup Tool.

8. Run the Communication Server as an application. To do this:


a. Click Start > Programs > OnGuard 2012 > 6HUYLFHDQG6XSSRUW!

Communication Server.

b. Right-click on the icon in the system tray, and then select Open
Communication Server. The Communication Server will open in one
window, and the Event Generator will open in another window.

174 — revision 2
DataConduIT User Guide

Registering the LnlEventGeneratoru.dll


One way to register the LnlEventGeneratoru.dll file is the following:

1. Navigate to the LnlEventGeneratoru.dll file in the OnGuard installation


directory.
2. Right-click on the file, select Open With > Choose Program.
3. A warning message displays, indicating the potential danger of opening dll
files. Click [OK].

4. Click [Open With...].


5. Select the Select the program from list radio button, then click [OK].

6. The Open With window opens. Click [Browse...], navigate to


C:\Windows\system32, and then double-click on the regsvr32.exe file.
7. In the Open With window, Microsoft Register Server will now be
highlighted. Click [OK].

revision 2 — 175
C: Event Generator

The following message is displayed, indicating that the file was successfully
registered:

8. The LnlEventGeneratoru.dll file is now registered. If you were setting up


Event Generator, return to Setting Up the Event Generator on page 173.

Adding an Event to the Event Generator


A Simple user interface and an Advanced user interface are available for adding
events to the Event Generator. Only non-receiver/intrusion events are available in
the Simple user interface; both non-receiver/intrusion events and receiver/
intrusion events are available in the Advanced user interface.

176 — revision 2
DataConduIT User Guide

Adding an Event Using the Simple User Interface


To add a new event to be generated using the Simple user interface:

1. From the Edit menu in the Event Generator main window, select Create
Event > Create Event (Simple).
2. When the Edit Event (Simple) window appears, select the desired Event
type. Depending on your selection, the other drop-down lists will be
enabled/disabled accordingly.
3. Once you’ve filled in all necessary items, click [OK].
4. Repeat these steps for all the events you wish to create.

Adding an Event Using the Advanced User Interface


To add a new event to be generated using the Advanced user interface:

1. From the Edit menu in the Event Generator main window, select Create
Event > Create Event (Advanced).
2. When the Edit Event (Simple) window appears, select the desired Event
type. Depending on your selection, the other drop-down lists will be
enabled/disabled accordingly.
3. Once you’ve filled in all necessary items, click [OK].
4. Repeat these steps for all the events you wish to create.

Generating Events
Events are generated differently depending on whether you are generating a
single event or multiple events.

Generating a Single Event


Select the event you wish to generate from the list of events and then select Edit
> Send Event. You should see that event in Alarm Monitoring.

Generating Multiple Events


1. In the Event Generator main window, enter a value in the Number of times
field. This will be the number of times each event in the list is generated.
2. Either fill in the End delay and In between delay fields with new values,
stay with defaults, or select to use a random time for one or both using the
check boxes.
3. You can also select to use random cardholders along with these events, by
clicking the Random badge IDs check box. To save time you can click

revision 2 — 177
C: Event Generator

[Auto-populate with min and max badge IDs], and then the fields will be
automatically filled with the proper numbers from your database.
4. Click Edit > Generate Events.

Saving an Event List


After you have completed your event configuration, you can save the event list
by doing the following:

1. From the File menu, select Save Events…


2. Navigate to the location where you wish to save the event list, enter a file
name, and then click [Save]. The event list will be saved in a file with the
extension EVT.

Loading an Event List


To load a previously saved list:

1. From the File menu, select Load Events…


2. Navigate to the event list that you wish to load, select the EVT file, and then
click [Open].

Closing the Event Generator


To close the Event Generator, simply exit the Communication Server. After a
short delay, the Event Generator window will close as well. You cannot close the
Event Generator manually while the Communication Server is running; if you
attempt to do so, the following error message will be displayed:

178 — revision 2
DataConduIT User Guide

Appendix D: Common DataConduIT Problems

The following are common problems that you may encounter:

Common DataConduIT Problems


Problem Check

Can’t receive If you can’t receive cardholder events, be sure the Linkage Server is running and that
cardholder events. the System Options form has the correct setting for where LS Linkage Server is to be
running. The Generate software events check box must also be selected.

Selecting the Try executing the query new_sw_event.sql in the SoftwareEventsAlternate


Generate directory. This can be found in the TroubleShooting directory of the DataConduIT
software events documentation file structure.
check box on the
System Options
form and saving
causes an
unexpected
error.

Permanent Permanent consumer only works with machines on a domain; it does not work with
consumer. workgroup machines.

Multiple threads Since DataConduIT uses database connection pooling, the same database
require multiple connections will be used across multiple threads and will cause unexpected behavior
user login and likely hang or crash at different times of execution. If DataConduIT is being
accounts. used by separate applications or multiple threads, each application or thread must
have its own OnGuard single sign-on account. Use impersonation if necessary to
accomplish this.
Not receiving Check and make sure the DataConduIT Message Queue service is not set to a local
events or messages system account and that it has a valid NT account that is linked to OnGuard for
in a queue when single sign-on with the necessary permissions. We recommend testing with an
using administrator’s NT account that is linked to the OnGuard SA account for testing.
DataConduIT
Message Queue.

Not receiving Make sure your Microsoft Message Queue is NOT configured to use transactional
messages in a mode.
Microsoft Message
Queue when using
DataConduIT
Message Queue

revision 2 — 179
D: Common DataConduIT Problems

Common DataConduIT Problems


Problem Check

Receiving events Use domain.exe located in the TroubleShooting directory of the DataConduIT
may not work documentation file structure to determine if this may be the problem. If the
with Active NT4Domain is different from the W2KDomain, then you will need to update the
directory. LNL_DIRECTORY.DIR_HOSTNAME to match the NT4Domain. In case this is
Oracle, please use all upper case. A sample SQL query to do this is below; it assumes
the NT4Domain name is “Lenel” from domain.exe and that the directory to be
updated is LNL_DIRECTORYID = 1.

update lnl_directory set dir_hostname = 'LENEL' where


lnl_directoryid=1

180 — revision 2
DataConduIT User Guide

Appendix E: Technical Support Pre-Call Checklist

Before calling technical support for anything related to DataConduIT, please


complete the following steps.

Important: These steps must occur on the server running the DataConduIT and Linkage
Server services!

1. Confirm that single sign-on is working. To do this, log into System


Administration and confirm you are able to automatically log in.
2. Set the DEBUGLEVEL key. For more information, refer to Error Logging
on page 46.
3. Stop the LS DataConduIT service if it is currently running.
4. Delete or rename the LenelError.log in the OnGuard directory.
5. Delete or rename the DataConduIT.log which is located in the
C:\WINDOWS\system32\wbem\Logs directory by default.
6. Confirm that the Linkage Server is successfully running. You can do this by
running it as an application - NOT A SERVICE. The application window
should look something like this:

7. Start the LS DataConduIT service.


8. Start WMI CIM Studio and go to the root\OnGuard directory. WMI CIM
studio can be found at http://www.microsoft.com/downloads/

revision 2 — 181
E: Technical Support Pre-Call Checklist

details.aspx?familyid=6430f853-1120-48db-8cc5-
f2abdc3ed314&displaylang=en.
9. Connect to the OnGuard namespace “root\OnGuard” using WMI CIM
Studio.

Note: Be sure to use the “Login as current user” option so the currently logged in
user is the one being verified and used for single sign-on.

10. Expand the Lnl_Element class and confirm that the Lnl_Panel class exists.
11. Check the DataConduIT.log; it should look something like the
SampleDataConduIT.log file. This file can be found in the
TroubleShooting directory of the DataConduIT documentation file
structure.
12. Confirm the Lnl_Person and Lnl_Badge classes are also under the
Lnl_Element class. If you do not see them, DataConduIT cannot
successfully connect to the OnGuard software. Please verify once again that
single sign-on is working.

182 — revision 2
DataConduIT User Guide

Appendix F: Visual Basic Demo

In the Samples\VBDemo directory of the DataConduIT documentation, there is


a file named SampleDataConduIT.exe. This file is an application written in
Visual Basic 6.0 that can be used to demonstrate some of the capabilities of
DataConduIT. The source to this application is also included, but is not heavily
commented and is not intended to be used for any kind of development training
or sample.

This demo application, including its source code, is provided as is and is in no


way supported by Lenel Systems International.

Installing the Visual Basic Demo


The three files necessary for the demo application to run are located in the
Samples\VBDemo directory in the DataConduIT documentation and are called:
• SampleDataConduIT.exe - Visual Basic 6.0 demo program
• Msflxgrd.ocx - Visual Basic grid component used by demo program
• Msvbvm60.dll - Visual Basic 6.0 runtime dll (may not be necessary if
already installed)

There is no installation or setup program. You will have to manually copy these
files to a directory and run the SampleDataConduIT.exe file either by using
Windows Explorer and clicking on the file, or by using the Run command from
the Start menu.

Visual Basic Demo Configuration Prerequisites


You must have DataConduIT running and properly configured before using the
demo application. This means that the DataConduIT service is running and single
sign-on is configured and working with the NT account that will be used while
running the demo.

Parts of the demo, such as receiving cardholder events, will require OnGuard to
be configured to use the Linkage Server and to also enable “Generate software
events” on the General System Options form in the System Options folder in the
System Administration application.

You will also need to configure at least one DataConduIT Source from within
System Administration. For more information, refer to Add a DataConduIT
Source on page 71.

revision 2 — 183
F: Visual Basic Demo

Using the Visual Basic Demo


After you log into the Visual Basic demo, you can see demonstrations of the
following:
• Sending alarms to OnGuard. For more information, refer to Send Alarms to
OnGuard on page 185.
• Receiving alarms from OnGuard. For more information, refer to Receive
Alarms from OnGuard on page 185.
• Working with cardholders, including searching for cardholders and detecting
changes made to cardholder records. For more information, refer to Working
with Cardholders on page 186.
• Controlling the Active Directory status with OnGuard. For more
information, refer to Integrating OnGuard with Active Directory on page
187.

Logging In
To use the Visual Basic demo program you must first log in to it. To do this:

1. Double-click the SampleDataConduIT.exe file.


2. From the File menu, select Login. The Login dialog below appears.

a. Enter the computer that DataConduIT is running on. This is typically


the same machine that the Visual Basic demo program is running on, so
the default is the current computer name.
b. The Use current account to login checkbox determines what NT
account to use to communicate with DataConduIT. The NT account
specified must have an OnGuard user account and be configured for
single sign-on. It must also have user permissions to access
DataConduIT.
– If the checkbox is selected, the current NT account logged in will
be used.
– If the checkbox is deselected, then the User name and Password
fields will be used.

184 — revision 2
DataConduIT User Guide

Note: Be sure that the remote enabled permission in WMI Security is enabled for
the NT account if you are using this Visual Basic demo from a computer that
is not running the DataConduIT service. For more information, refer to
Using DataConduIT from a Remote Computer on page 21.

3. Once you have configured what login account to use to access DataConduIT,
click [OK] to login.

Send Alarms to OnGuard


The Visual Basic demo program has a “Send Alarms” feature that demonstrates
how you can send an alarm from a third party application and have it displayed in
Alarm Monitoring. This feature is incredibly powerful because now third party
applications can take advantage of all the functionality that OnGuard provides
with an alarm, such as executing Global I/O, sending an e-mail, or bringing up
video, etc.

To use this part of the demo:

1. Configure at least one DataConduIT Source from within System


Administration. For more information, refer to Add a DataConduIT Source
on page 71.
2. Log into the sample DataConduIT application. For more information, refer
to Logging In on page 184.
3. From the File menu, select Send Alarms. The Send Alarms window opens,
as shown.

4. Verify that the Source field matches the DataConduIT Source in System
Administration.
5. Click [Send]. The text specified in the Alarm Description field should
appear as an alarm in Alarm Monitoring.

Receive Alarms from OnGuard


The Visual Basic demo program has a “Receive Alarms” feature that
demonstrates how a third party application can receive alarms that are displayed
in the Alarm Monitoring application in real time. This allows customers and third

revision 2 — 185
F: Visual Basic Demo

party developers to use alarms/events that occur in OnGuard in their own


applications. Developers can use this capability to customize OnGuard even
further and add their own custom business rules to the system.

1. Log into the Visual Basic demo application. For more information, refer to
Logging In on page 184.
2. From the File menu, select Receive Alarms. The Receive Alarms window
opens, as shown. When alarms come into Alarm Monitoring, the same alarm
should appear in this window.

Note: The [Clear] button clears the events in the list.

Working with Cardholders


The Visual Basic demo program has a “Cardholders” feature that demonstrates
two capabilities: searching cardholders, and receiving changes from OnGuard
when changes happen to a cardholder. This capability is very important to third
party developers for integrating cardholder information across multiple systems
such as Active Directory or Human Resources Departments. Keep in mind that
although the capability is not demonstrated, DataConduIT has the ability to
change access levels and modify badges. This capability can be used to develop
business rules to have an employee’s physical access controlled from another
application such as Active Directory. This way you can combine physical and
logical access as well as other types of information like vending, membership,
library privileges, from other systems. Terminating an employee in one system
can revoke all their privileges across several systems.

To work with cardholders:

1. From the Administration menu in System Administration, select System


Options. Make sure that the following settings have been set:
• In the Linkage Server host drop-down listbox, the workstation where
the Linkage Server is running must be specified. The name specified
must be the workstation’s NetBIOS name. (The NetBIOS name is
configured when Windows networking is installed/configured.)
• The Generate software events checkbox must be selected.

186 — revision 2
DataConduIT User Guide

Note: If you change these settings, it is recommended that you restart the Linkage
Server and the DataConduIT Server services. You will also then have to log
back into the Visual Basic demo application.

2. Log into the Visual Basic demo application. For more information, refer to
Logging In on page 184.
3. From the File menu, select Cardholders. The Cardholders window opens,
as shown.

Searching for Cardholders

Use the search criteria data at the bottom to do some adhoc searches by Last
Name. Clicking [Search] will find all cardholders whose last name begin with the
letters typed into the LastName field. These cardholders’ last name, first name
and address (if any) will be displayed in the Cardholders - address listing
window. Selecting a cardholder from the list will automatically find the
cardholder’s badges and display their badge ID, activate date, and deactivate date
in the Badges listing window.

Modifying Cardholders

If you go into OnGuard and modify a cardholder’s first name or address, these
changes will be reflected automatically in the Cardholder - address listing
window within a few seconds. Remember, this feature is only available if you
have specified a Linkage Server and selected the Generate software events
checkbox on the General System Options form in the System Options folder in
System Administration.

Integrating OnGuard with Active Directory


A typical use of DataConduIT is integrating physical access to logical access by
combining OnGuard access control with an IT department’s Active Directory.
This part of the demo program shows this integration by adding, automatically
creating, or modifying an account for any cardholder that is created or modified
in OnGuard. This demonstration is strictly a one way integration and shows
OnGuard controlling the Active Directory status. Customers who want Active
Directory to control OnGuard can use DataConduIT to make the changes to
OnGuard data.

revision 2 — 187
F: Visual Basic Demo

To see a demonstration of OnGuard controlling the Active directory status:

1. Log into the Visual Basic demo application. For more information, refer to
Logging In on page 184.
2. From the File menu, select Active Directory Integration. The Active
Directory Integration window opens, as shown.

3. Before continuing, verify that the account you used to log into the Visual
Basic demo program has rights and privileges for adding directory/NT
accounts.
4. In the Directory Name field, enter the name of the active directory or the
NT based computer that you intend on adding accounts to.
5. The Operations History listing window will display a read-only information
list of each operation made through this window. Before using OnGuard
cardholders, we recommend that you test the ability to add/modify user
accounts to the directory. To do this:
a. Type in a last name and a first name in the respective fields.
b. Be sure the Account Disabled checkbox is NOT selected.
c. Click [Create/Update User Account].
d. Confirm an NT account with the username of Lastname combined with
Firstname was indeed added to the system. Once this has indeed been
confirmed, you should now be able to go to the Cardholders form in
OnGuard and add cardholders to the system.
6. As cardholders are added in OnGuard, the demo program will detect a
change in OnGuard, populate the Lastname and Firstname fields, and
automatically execute the [Create/Update User Account] operation. The
Account Disabled checkbox will be automatically set based on the
operation performed in OnGuard. Deactivating an active badge, or deleting
an active badge will disable the account. Adding an active badge will
activate an account.

Note: There is no option to delete an NT account in this Visual Basic demo, so you
will have to manually remove the accounts using Active Directory Users and
Computers or using Computer Management depending on the type of system
being controlled.

188 — revision 2
DataConduIT User Guide

Index

A Client definition .................................................. 17


Abbreviations...................................................... 17 Closing the Event Generator............................. 178
Acronyms............................................................ 17 Command and control classes and methods
ACS.INI file........................................................ 48 Lnl_AlarmInput ......................................... 148
Active Script Event Consumer ........................... 39 Lnl_AlarmOutput ...................................... 148
Add Lnl_AlarmPanel......................................... 149
DataConduIT Device ................................... 73 Lnl_Input ................................................... 149
DataConduIT message queue ...................... 63 Lnl_IntrusionArea ..................................... 149
DataConduIT Source ................................... 71 Lnl_IntrusionDoor ..................................... 150
DataConduIT Sub-Device ........................... 75 Lnl_IntrusionOutput .................................. 150
Event to the Event Generator..................... 176 Lnl_IntrusionZone ..................................... 151
OPC connection ........................................... 81 Lnl_IntrusionZoneOutput .......................... 151
Adding objects .................................................... 30 Lnl_OffBoardRelay ................................... 151
ADsSecurity.dll................................................... 16 Lnl_OnBoardRelay.................................... 152
Alarms Lnl_Output................................................. 152
Test Event From DataConduIT ................... 41 Lnl_Panel................................................... 153
using DataConduIT to send ......................... 41 Lnl_Reader ................................................ 154
ASEC .................................................................. 39 Lnl_ReaderInput ........................................ 157
Association classes ........................................... 138 Lnl_ReaderInput1 ...................................... 157
Lnl_AccessLevelGroupAssignment .......... 138 Lnl_ReaderInput2 ...................................... 157
Lnl_BadgeOwner....................................... 138 Lnl_ReaderOutput ..................................... 156
Lnl_CardholderAccount ............................ 139 Lnl_ReaderOutput1 ................................... 156
Lnl_CardholderBadge................................ 139 Lnl_ReaderOutput2 ................................... 156
Lnl_CardholderMultimediaObject ............ 139 Common problems............................................ 179
Lnl_DirectoryAccount............................... 140 Connecting to DataConduIT ............................... 27
Lnl_MultimediaObjectOwner.................... 140
Lnl_PersonAccount ................................... 140 D
Lnl_ReaderEntersArea .............................. 141 Data classes....................................................... 105
Lnl_ReaderExitsArea ................................ 141 Lnl_AccessGroup ...................................... 105
Lnl_SegmentGroupMember ...................... 141 Lnl_AccessLevel ....................................... 105
Lnl_VisitorAccount ................................... 142 Lnl_AccessLevelAssignment .................... 106
Lnl_VisitorMultimediaObject ................... 142 Lnl_AccessLevelReaderAssignment......... 106
Authentication..................................................... 20 Lnl_Account .............................................. 107
Authorization ...................................................... 20 Lnl_AlarmDefinition ................................. 108
Lnl_Area .................................................... 108
B Lnl_Badge ................................................. 109
Badges................................................................. 32 Lnl_BadgeLastLocation ............................ 110
Lnl_BadgeProperties ................................. 111
C Lnl_BadgeType ......................................... 112
Lnl_Camera ............................................... 113
Caching user credentials ..................................... 21 Lnl_CameraGroup ..................................... 114
Cancel() method.................................................. 36 Lnl_CameraGroupCameraLink ................. 114
Cardholders ......................................................... 32 Lnl_Cardholder.......................................... 115
Changing the database connection pool time ..... 47 Lnl_DataConduITManager ....................... 115
Class definition ................................................... 17 Lnl_Directory ............................................ 116
Classes Lnl_Element .............................................. 116
association.................................................. 138 Lnl_EventAlarmDefinitionLink ................ 117
data............................................................. 105 Lnl_EventParameter .................................. 117
event........................................................... 142 Lnl_EventSubtypeDefinition..................... 118
Class-specific features and limitations ............... 32 Lnl_EventSubtypeParameterLink ............. 118

revision 2 — 189
Index

Lnl_EventType .......................................... 118 Advanced sub-tab ........................................ 61


Lnl_Holiday............................................... 119 field table ..................................................... 61
Lnl_HolidayType....................................... 119 General sub-tab............................................ 60
Lnl_HolidayTypeLink ............................... 120 procedures.................................................... 63
Lnl_IncomingEvent ................................... 120 Settings sub-tab............................................ 60
Lnl_LoggedEvent ...................................... 123 DataConduIT Sources
Lnl_LogicalSystemAccount ...................... 125 licenses required .......................................... 68
Lnl_MobileVerify...................................... 125 user permissions required ............................ 69
Lnl_MonitoringZone ................................. 127 DataConduIT Sources form ................................ 69
Lnl_MonitoringZoneCameraLink ............. 127 field table ..................................................... 71
Lnl_MultimediaObject .............................. 128 procedures.................................................... 71
Lnl_Panel................................................... 128 DataConduIT Sub-Devices form
Lnl_Person................................................. 129 field table ..................................................... 75
Lnl_Reader ................................................ 129 procedures.................................................... 75
Lnl_Segment.............................................. 130 DataConduIT.log file .......................................... 46
Lnl_SegmentGroup.................................... 130 DebugFile registry setting................................... 46
Lnl_SegmentUnit....................................... 131 DebugLevel registry setting................................ 46
Lnl_Timezone............................................ 131 Definitions .......................................................... 17
Lnl_TimezoneInterval ............................... 131 Delete
Lnl_User .................................................... 132 DataConduIT Device ................................... 74
Lnl_UserAccount....................................... 133 DataConduIT message queue ...................... 65
Lnl_UserPermissionDeviceGroupLink ..... 134 DataConduIT Source ................................... 72
Lnl_UserPermissionGroup ........................ 134 DataConduIT Sub-Device ........................... 76
Lnl_UserSecondarySegment ..................... 135 OPC connection ........................................... 82
Lnl_Visit .................................................... 135 Deleting objects .................................................. 31
Lnl_VisitEmailRecipient ........................... 137 Directory ............................................................. 20
Lnl_Visitor................................................. 137 Directory accounts .............................................. 32
user-defined value lists .............................. 138 Documentation
DATABASETIMEOUT registry setting ............ 47 contents ........................................................ 16
DataConduIT Microsoft Scripting Technologies ............... 17
connecting to................................................ 27 Microsoft WMI............................................ 17
description.................................................... 15 prerequisites................................................. 16
error log ....................................................... 46 JScript ................................................... 16
installing ...................................................... 19 VBScript ............................................... 16
integration scenarios .................................... 15 Windows Management Instrumentation
overview of functions .................................. 23 ................................................ 16
Remote Enable permission .......................... 21
running on Linkage Server .......................... 19 E
samples ........................................................ 16 Error logging....................................................... 46
setting permissions to use ............................ 20 Errors ................................................................ 179
stopping and restarting the DataConduIT Event classes ..................................................... 142
service................................................... 48 Lnl_AccessEvent ....................................... 142
tools for Windows XP ............................... 163 Lnl_Alarm ................................................. 143
user credential caching ................................ 21 Lnl_Event .................................................. 144
using for data access .................................... 27 Lnl_FireEvent ............................................ 144
using from a remote computer..................... 21 Lnl_FunctionExecEvent ............................ 144
using permanent event consumers with....... 39 Lnl_IntercomEvent .................................... 145
using to receiving events ............................. 35 Lnl_OtherSecurityEvent ............................ 145
viewing DataConduIT classes with the Lnl_SecurityEvent ..................................... 145
Microsoft WMI SDK............................ 21 Lnl_StatusChangeEvent ............................ 146
DataConduIT Devices form Lnl_TransmitterEvent................................ 146
field table ..................................................... 73 Lnl_VideoEvent......................................... 147
procedures.................................................... 73 Event Generator
DataConduIT Message Queues form

190 — revision 2
DataConduIT User Guide

add an event to the Event Generator.......... 176 Lnl_AccessEvent .............................................. 142


closing........................................................ 178 Lnl_AccessGroup ............................................. 105
generating a single event ........................... 177 Lnl_AccessLevel .............................................. 105
generating events ....................................... 177 Lnl_AccessLevelAssignment ........................... 106
generating multiple events......................... 177 Lnl_AccessLevelGroupAssignment ................. 138
main window ............................................. 165 Lnl_AccessLevelReaderAssignment ................ 106
menus......................................................... 172 Lnl_Account ..................................................... 107
saving an event list..................................... 178 Lnl_Alarm......................................................... 143
setting up.................................................... 173 Lnl_AlarmDefinition ........................................ 108
Events Lnl_AlarmInput ................................................ 148
add an event to the Event Generator.......... 176 Lnl_AlarmOutput.............................................. 148
event classes............................................... 142 Lnl_AlarmPanel................................................ 149
Generate software events checkbox............. 21 Lnl_Area ........................................................... 108
generating .................................................. 177 Lnl_Badge......................................................... 109
generating multiple .................................... 177 Lnl_BadgeLastLocation.................................... 110
generating single........................................ 177 Lnl_BadgeOwner.............................................. 138
hardware ............................................... 35, 36 Lnl_BadgeProperties ........................................ 111
loading an event list ................................... 178 Lnl_BadgeType ................................................ 112
receiving ........................................ 21, 37, 39 Lnl_Camera ...................................................... 113
receiving software events ............................ 21 Lnl_CameraGroup ............................................ 114
registering to receive............................. 36, 37 Lnl_CameraGroupCameraLink ........................ 114
saving an event list..................................... 178 Lnl_Cardholder................................................. 115
software................................................. 35, 37 Lnl_CardholderAccount ................................... 139
using DataConduIT to receive ..................... 35 Lnl_CardholderBadge....................................... 139
using permanent event consumers with Lnl_CardholderMultimediaObject.................... 139
DataConduIT ........................................ 39 Lnl_DataConduITManager............................... 115
ExecNotificationQueryAsync() method ............. 36 Lnl_Directory.................................................... 116
Lnl_DirectoryAccount ...................................... 140
G Lnl_Element...................................................... 116
Generate software events checkbox.................... 21 Lnl_Event.......................................................... 144
Generating a single event.................................. 177 Lnl_EventAlarmDefinitionLink ....................... 117
Generating events ............................................. 177 Lnl_EventParameter ......................................... 117
Generating multiple events ............................... 177 Lnl_EventSubtypeDefinition ............................ 118
Getting started..................................................... 19 Lnl_EventSubtypeParameterLink..................... 118
Lnl_EventType ................................................. 118
H Lnl_FireEvent ................................................... 144
Lnl_FunctionExecEvent ................................... 144
Hardware event definition .................................. 17 Lnl_Holiday ...................................................... 119
Hardware events .......................................... 35, 36 Lnl_HolidayType.............................................. 119
Lnl_HolidayTypeLink ...................................... 120
I Lnl_IncomingEvent ..................... 24, 41, 42, 120
Installing Lnl_Input .......................................................... 149
DataConduIT ............................................... 19 Lnl_IntercomEvent ........................................... 145
Visual Basic Demo .................................... 183 Lnl_IntrusionArea............................................. 149
Integrating OnGuard with Active Directory ..... 187 Lnl_IntrusionDoor ............................................ 150
Introduction......................................................... 15 Lnl_IntrusionOutput ......................................... 150
Lnl_IntrusionZone ............................................ 151
J Lnl_IntrusionZoneOutput ................................. 151
JScript ................................................................. 16 Lnl_LoggedEvent ............................................. 123
Lnl_LogicalSystemAccount ............................. 125
L Lnl_MobileVerify...................................... 43, 125
Lnl_MonitoringZone ........................................ 127
Linkage Server .................................................... 19 Lnl_MonitoringZoneCameraLink .................... 127
Lists................................................................... 138 Lnl_MultimediaObject...................................... 128

revision 2 — 191
Index

Lnl_MultimediaObjectOwner........................... 140 DataConduIT message queue ...................... 64


Lnl_OffBoardRelay .......................................... 151 DataConduIT Source ................................... 71
Lnl_OnBoardRelay ........................................... 152 DataConduIT Sub-Device ........................... 75
Lnl_OtherSecurityEvent ................................... 145 objects.......................................................... 31
Lnl_Output........................................................ 152 Multimedia objects ............................................. 33
Lnl_Panel ................................................. 128, 153
Lnl_Person ........................................................ 129 N
Lnl_PersonAccount .......................................... 140 Namespace definition ......................................... 17
Lnl_Reader............................................... 129, 154
Lnl_ReaderEntersArea...................................... 141 O
Lnl_ReaderExitsArea........................................ 141
Lnl_ReaderInput ............................................... 157 Object/instance definition ................................... 17
Lnl_ReaderInput1 ............................................. 157 Objects
Lnl_ReaderInput2 ............................................. 157 adding .......................................................... 30
Lnl_ReaderOutput ............................................ 156 deleting ........................................................ 31
Lnl_ReaderOutput1 .......................................... 156 modifying..................................................... 31
Lnl_ReaderOutput2 .......................................... 156 searching for ................................................ 27
Lnl_SecurityEvent ............................................ 145 OPC Connections
Lnl_Segment ..................................................... 130 folder............................................................ 77
Lnl_SegmentGroup........................................... 130 procedures.................................................... 81
Lnl_SegmentGroupMember ............................. 141 OPC Sources
Lnl_SegmentUnit.............................................. 131 form ............................................................. 83
Lnl_StatusChangeEvent.................................... 146 procedures.................................................... 84
Lnl_Timezone ................................................... 131 OPC Sources form
Lnl_TimezoneInterval ...................................... 131 field table ..................................................... 83
Lnl_TransmitterEvent ....................................... 146 Overview
Lnl_User ........................................................... 132 DataConduIT functions ............................... 23
Lnl_UserAccount.............................................. 133 using DataConduIT to receive events.......... 35
Lnl_UserPermissionDeviceGroupLink ............ 134
Lnl_UserPermissionGroup ............................... 134 P
Lnl_UserSecondarySegment ............................ 135 Permissions - Remote Enable ............................. 21
Lnl_VideoEvent................................................ 147 Person definition ................................................. 17
Lnl_Visit ........................................................... 135 PIN code ............................................................. 32
Lnl_VisitEmailRecipient .................................. 137 Pre-call checklist............................................... 181
Lnl_Visitor........................................................ 137 PreviousInstance ................................................. 39
Lnl_VisitorAccount .......................................... 142 Problems ........................................................... 179
Lnl_VisitorMultimediaObject .......................... 142 Procedures
LnlEventGeneratoru.dll adding objects .............................................. 30
location ...................................................... 173 changing the database connection pool time 47
registering .................................................. 173 deleting objects ............................................ 31
Loading an event list......................................... 178 installing DataConduIT ............................... 19
Log for errors ...................................................... 46 modifying objects ........................................ 31
Logging in......................................................... 184 receiving error information from DataConduIT
LS Linkage Server .............................................. 21 ..................................................................... 45
receiving events ............................. 21, 37, 39
M registering to receive events ................. 36, 37
Menus for Event Generator............................... 172 searching for objects .................................... 27
MobileVerify setting permissions to use DataConduIT ..... 20
overview ...................................................... 43 start WMIC ................................................ 163
working with................................................ 43 stopping and restarting the DataConduIT
Modify service................................................... 48
cardholders................................................. 187 using DataConduIT from a remote computer
DataConduIT Device ................................... 73 .............................................................. 21
using DataConduIT to receive events.......... 35

192 — revision 2
DataConduIT User Guide

using permanent event consumers with Saving an event list ........................................... 178
DataConduIT ........................................ 39 SDK definition.................................................... 17
view list of all available aliases ................. 163 Searching for
viewing DataConduIT classes with the cardholders................................................. 187
Microsoft WMI SDK............................ 21 objects.......................................................... 27
Property qualifiers used in DataConduIT ......... 161 Security identifier ............................................... 32
Send alarms to OnGuard................................... 185
R SendIncomingEvent............................................ 41
Receiving Setting permissions to use DataConduIT............ 20
alarms from OnGuard ................................ 185 Setting up the Event Generator......................... 173
error information from DataConduIT.......... 45 SID ...................................................................... 32
events ............................................. 21, 37, 39 Single sign-on ..................................................... 20
Reference .......................................................... 105 SINK_OnObjectReady() function ...................... 36
References and applicable documents ................ 17 Software event definition.................................... 17
Registering the LnlEventGeneratoru.dll ........... 173 Software events............................................ 35, 37
Registering to receive events ....................... 36, 37 SSO ..................................................................... 20
Registry settings Start WMIC....................................................... 163
DATABASETIMEOUT .............................. 47 Stopping and restarting the DataConduIT service
DebugFile .................................................... 46 ..................................................................... 48
DebugLevel.................................................. 46 SWbemLastError object ..................................... 45
Remote Enable permission ................................. 21 SWbemServices .................................................. 27
Required
Visual Basic Demo files ............................ 183 T
TargetInstance..................................................... 39
S Technical support pre-call checklist ................. 181
Sample code Test Event From DataConduIT alarm ................ 41
add a cardholder........................................... 30 Timeout value for the database connection pool 47
aliases (WMIC).......................................... 164 Troubleshooting ................................................ 179
common software event queries .................. 38 Troubleshooting and advanced options .............. 45
connect to the namespace used by Tuning parameters .............................................. 47
DataConduIT (JScript) ......................... 27
delete an object ............................................ 31 U
delete an object in DataConduIT ................. 31 UDF .................................................................. 161
example of a simple temporary event consumer User account ....................................................... 20
.............................................................. 35 User-defined fields............................................ 161
find all active badges that are APB exempt User-defined list values ...................................... 33
(WQL query) ........................................ 28 User-defined value lists .................................... 138
find all directories with a specified hostname Using
(WQL query) ........................................ 28 permanent event consumers with DataConduIT
find all people whose last name is not "Lake" .............................................................. 39
(WQL Query) ....................................... 28 Visual Basic Demo .................................... 184
find all readers (WQL query) ...................... 28 Using DataConduIT
get a cardholder if you know the cardholder’s for data access.............................................. 27
ID.......................................................... 29 from a remote computer .............................. 21
hardware event queries ................................ 37 to receive events .......................................... 35
modifying objects ........................................ 31 to send alarms to OnGuard .......................... 41
multiple key properties in the class ............. 29
print first and last names of all cardholders in V
OnGuard ............................................... 27 VBScript ............................................................. 16
retrieve error information ..................... 41, 45 Viewing DataConduIT classes with the Microsoft
use a WQL query with the ExecQuery() method WMI SDK.................................................... 21
.............................................................. 29 Visitors................................................................ 32
Samples ............................................................... 16 Visits ................................................................... 32

revision 2 — 193
Index

Visual Basic Demo


configuration prereqisites .......................... 183
installing .................................................... 183
integrating OnGuard with Active Directory
............................................................ 187
logging in ................................................... 184
modify cardholders .................................... 187
receive alarms from OnGuard ................... 185
required files .............................................. 183
search for cardholders................................ 187
send alarms to OnGuard ............................ 185
using........................................................... 184
work with cardholders ............................... 186
Visual Basic Demo configuration prerequisites 183

W
What is DataConduIT? ....................................... 15
Windows Management Instrumentation definition
..................................................................... 17
WMI
command-line ............................................ 163
definition...................................................... 17
WMIC ............................................................... 163
starting ....................................................... 163
view list of all available aliases ................. 163
Working with
cardholders................................................. 186
MobileVerify ............................................... 43

194 — revision 2
DataConduIT User Guide

revision 2 — 195
Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, New York 14534 USA
Tel 585.248.9720 Fax 585.248.9185
www.lenel.com
docfeedback@lenel.com

You might also like