DataConduIT PDF
DataConduIT PDF
DataConduIT PDF
PERPETUAL INNOVATION
Lenel OnGuard® 2012 DataConduIT User Guide, product version 6.5.
This guide is item number DOC-920, revision 2.010, March 2012
Copyright © 1995-2012 Lenel Systems International, Inc. Information in this document is subject
to change without notice. No part of this document may be reproduced or transmitted in any form
or by any means, electronic or mechanical, for any purpose, without the express written
permission of Lenel Systems International, Inc.
Non-English versions of Lenel documents are offered as a service to our global audiences. We
have attempted to provide an accurate translation of the text, but the official text is the English
text, and any differences in the translation are not binding and have no legal effect.
The software described in this document is furnished under a license agreement and may only be
used in accordance with the terms of that agreement. Lenel and OnGuard are registered
trademarks of Lenel Systems International, Inc.
Microsoft, Windows, Windows Server, and Windows Vista are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries. Integral and
FlashPoint are trademarks of Integral Technologies, Inc. Crystal Reports for Windows is a
trademark of Crystal Computer Services, Inc. Oracle is a registered trademark of Oracle
Corporation. Other product names mentioned in this User Guide may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Portions of this product were created using LEADTOOLS © 1991-2012 LEAD Technologies, Inc.
ALL RIGHTS RESERVED.
OnGuard includes ImageStream® Graphic Filters. Copyright © 1991-2012 Inso Corporation. All
rights reserved. ImageStream Graphic Filters and ImageStream are registered trademarks of Inso
Corporation.
DataConduIT User Guide
Table of Contents
Authentication ................................................................................................................. 20
Authorization ................................................................................................................... 20
revision 2 — 3
Table of Contents
Badges ............................................................................................................................ 32
Visits ................................................................................................................................ 32
Overview ....................................................................................................... 35
Overview ....................................................................................................... 41
Overview ....................................................................................................... 43
4 — revision 2
DataConduIT User Guide
Change the Account the DataConduIT Message Service is Run With ........................... 56
revision 2 — 5
Table of Contents
6 — revision 2
DataConduIT User Guide
revision 2 — 7
Table of Contents
Add a DataConduIT Message Queue of Type “SNMP Trap Messages” ...................... 100
8 — revision 2
DataConduIT User Guide
revision 2 — 9
Table of Contents
10 — revision 2
DataConduIT User Guide
revision 2 — 11
Table of Contents
Appendices ......................................................................159
12 — revision 2
DataConduIT User Guide
Index ...............................................................................................189
revision 2 — 13
Table of Contents
14 — revision 2
DataConduIT User Guide
Chapter 1: Introduction
What Is DataConduIT?
DataConduIT is a platform for managing OnGuard and for integrating OnGuard
with IT systems. DataConduIT provides access to ID management data, access
control events, and real-time notification when changes are made to cardholders
and their credentials. Administrators use this platform to write scripts and
applications that improve the manageability of the OnGuard system and that
provide new levels of integration between OnGuard and IT systems. These
scripts and applications are written using a standard Microsoft API, Windows
Management Instrumentation (WMI).
The following are some common scenarios where DataConduIT can integrate
OnGuard with IT systems:
• When a cardholder is created, the IT department creates a Windows account
for that person. The Windows account name is derived from the OnGuard
cardholder name. The account is linked to the cardholder in OnGuard.
• A single script creates an LDAP account, an OnGuard cardholder, a badge
for this cardholder (with a badge type, assigning default access levels), and a
link between the account and this cardholder.
• A single script terminates a person’s access to all company resources by
disabling all of the person’s badge(s) and LDAP accounts.
• When a cardholder is granted access to an area, that cardholder is granted
access to use the computers in that area.
• A cardholder enters the building under duress. The cardholder’s LDAP
accounts are disabled to prevent potential unauthorized use.
• A cardholder’s phone number changes in OnGuard. The new phone number
is propagated to the associated Windows account in the company’s Active
Directory.
Administrators can also write scripts and applications that interact only with
OnGuard. Examples include command line tools that automate frequent
administrative tasks and web user interfaces that provide thin-client access to ID
management data. In addition, since DataConduIT is built using WMI
technology, administrators can use WMI-enabled third-party management tools
to manage OnGuard data and events.
All the dates and time fields reported by DataConduIT will be presented in
Coordinated Universal Time (UTC time) which has a GMT offset of 0 minutes.
When setting values of the time fields, GMT offset must be specified or time
values should be in the UTC time as well.
revision 2 — 15
1: Introduction
Documentation Contents
This documentation package contains the following files and folders:
File Description
Samples\ASEC Tools for using DataConduIT with the Active Script Event Consumer
Samples\Solutions Solutions for integrating OnGuard and Active Directory (in JScript)
Samples\VBDemo The Visual Basic Demo application, which can be used to demonstrate some
of the capabilities of DataConduIT. (For more information, refer to
Appendix F: Visual Basic Demo on page 183.)
Important: All scripts and code (“sample code”) provided with this documentation are
examples of how to use DataConduIT. This sample code is for educational
purposes only and is not supported by Lenel.
Documentation Prerequisites
This guide assumes that the reader is familiar with Microsoft scripting languages
such as VBScript and JScript. All sample code given in this guide is written in
JScript, but samples in both JScript and VBScript are included separately with
this documentation. Basic experience with object-oriented programming is also
required.
Experience with Windows Management Instrumentation (WMI) is recommended
but not required.
16 — revision 2
DataConduIT User Guide
revision 2 — 17
1: Introduction
18 — revision 2
DataConduIT User Guide
Installing DataConduIT
DataConduIT is installed as part of a standard server installation.
Note that DataConduIT must be installed on the same machine as the Linkage
Server if you want to receive events through DataConduIT. DataConduIT may be
run on additional server machines as well, but you will not be able to register to
receive events from DataConduIT on those machines.
DataConduIT runs as a Windows service under the Local System account. It does
not run as an application. Since the Local System account does not have
permissions on the local network, if your database is not on the same machine as
DataConduIT you will need to ensure that your ODBC connection uses TCP/IP,
not named pipes. Otherwise, DataConduIT will not be able to connect to the
database.
revision 2 — 19
2: Getting Started
Authentication
When a client makes a call into DataConduIT, whether it is to view some data,
add an instance of a class, register an event query, or simply to get a class
definition, the first thing DataConduIT does is decide whether the client is
permitted to perform the operation. To do this, DataConduIT checks which
Windows account has made the DataConduIT call. This is the account that the
script or application is running from, which is generally the account of the person
logged on to the machine.
Once DataConduIT retrieves this account, it attempts to perform automatic single
sign-on (SSO) using this account. This is the same SSO mechanism used by all
OnGuard applications. If the SSO succeeds, then the client is logged on to the
system as the appropriate OnGuard user. DataConduIT then uses the OnGuard
user information to decide whether the client has permission to perform the
requested operation.
Note that to perform this authentication, the client application doesn’t need to
call any special “Logon” method. The authentication is done implicitly based on
the account running the application.
It is not possible to use OnGuard internal authentication with DataConduIT.
Automatic SSO is the only authentication mechanism. Therefore, to use
DataConduIT, single sign-on must be configured. To configure single sign-on in
OnGuard:
1. Add the directory that you wish to use. (For more information please refer to
“Add a Directory” in the Directories Folder chapter of the System
Administration User Guide.)
2. Link the user account that you want to use automatic single sign-on to a
directory account. (For more information please refer to “Link a User
Account to a Directory Account” in the Users Folder chapter of the System
Administration User Guide.)
Each OnGuard software manual contains the “Log into the Application Using
Single Sign-On” procedure. Refer to this procedure to log into OnGuard after
single sign-on has been configured.
Authorization
For a user to be able to use DataConduIT, the user must have the DataConduIT
service user permission. This permission may be set on the Software Options
sub-tab of the System Permission Groups form in the Users folder in System
Administration.
All functionality available through DataConduIT is controlled by the same
permissions that you are already using to manage data in ID CredentialCenter.
For instance, if you want to add a cardholder through DataConduIT, you must
have the Add Cardholder user permission. If you want to view readers through
DataConduIT, you must have the View Reader user permission.
20 — revision 2
DataConduIT User Guide
Note: DataConduIT caches user credentials for one minute by default. This is done
for performance reasons. (See Tuning Parameters on page 47 for information
on how to change this default timeout.) Therefore, if a user is using
DataConduIT and that user’s permissions or segments change, the user will
continue to have his old permissions until the one-minute timeout is reached.
Receiving Events
If you want to be able to receive events from DataConduIT, the “LS Linkage
Server” service must be running. The Linkage Server sends events of all
supported types to DataConduIT. The Linkage Server host name is set on the
System Options form in System Administration.
In addition, if you would like to receive software events through DataConduIT,
you need to select the Generate software events checkbox on the System
Options form in System Administration.
Note: You should not give the “Remote Enable” permission to users in any other
namespace.
revision 2 — 21
2: Getting Started
Note: You do not need the WMI SDK in order to use DataConduIT. The WMI
SDK is a tool that can be helpful to developers who are writing
DataConduIT scripts and applications.
Once you have installed the WMI SDK, open the WMI CIM Studio application.
This application allows you to view and manage data through WMI. When you
start this application, you will first need to select a namespace to which you want
to connect. The namespace used by DataConduIT is called root\onguard. Enter
this into the dialog and click [OK].
The WMI CIM Studio Login dialog will appear. Click [OK].
The main browser window should now display the contents of this namespace.
On the left side of the window are all of the classes in the namespace. These
include system classes, which are prefixed by two underscore characters, and
classes provided by DataConduIT, which are prefixed with ‘Lnl_’. A class’s
subclasses appear below the class in the tree. Expand nodes in the tree to view all
of the classes provided by DataConduIT.
22 — revision 2
DataConduIT User Guide
On the right are all the properties of the currently selected class. System
properties are prefixed by two underscore characters.
Cardholders and visitors Lnl_Person and subclasses System and user-defined All
revision 2 — 23
2: Getting Started
24 — revision 2
DataConduIT User Guide
Cardholder and visitor software __InstanceOperationEvent and All properties listed above are in
events subclasses embedded instances. Event data
includes previous and current
Badge software events instances for modification events.
For more details on these classes and their properties please refer to Chapter 13:
Reference on page 105.
revision 2 — 25
2: Getting Started
26 — revision 2
DataConduIT User Guide
Connecting to DataConduIT
In order to access data and events through DataConduIT, you must first connect
to DataConduIT. To connect to the namespace used by DataConduIT,
root\onguard, you can use the GetObject() call from JScript or VBScript. For
example, in JScript:
Let’s examine the sample above in detail. On the first line, we connect to
DataConduIT as described above. Next, we retrieve a list of all the instances of
revision 2 — 27
3: Using DataConduIT for Data Access
The second example demonstrates how you can specify a superclass in the query.
In this case, Lnl_Person is the superclass of the Lnl_Cardholder and Lnl_Visitor
classes. When you specify a superclass, all instances of that class and its
subclasses matching the query will be returned.
Note that executing the fourth query is equivalent to calling
InstancesOf(“Lnl_Reader”).
For more examples of valid WQL where clauses please refer to Appendix B:
DataConduIT Tools for Windows XP on page 163.
28 — revision 2
DataConduIT User Guide
Let’s take a look at how we would use a WQL query with the ExecQuery()
method:
This sample searches for all visitors who have a zip code of 14534. It then
enumerates these visitors as in the previous example.
WQL supports a subset of the regular SQL syntax. See the Microsoft WMI
documentation for more information.
You can also access a single instance of a class in DataConduIT by using the
Get() method in SWbemServices. The Get() method can be used to get a class
definition or an instance of a class. Here, we’ll focus on using it to get an
instance. The Get() method takes as a parameter an object path, which is
basically the class name plus a list of the class keys and their values. You can
determine which class properties are keys by looking for the “key” property
qualifier. In the WMI SDK, key properties are identified by a key symbol next to
the property name.
For instance, the key property for Lnl_Person is ID. (Note that ID is the internal
database ID, not the person’s social security number or other identification
number - that property is named SSNO.) Here’s an example of how you would
get a cardholder if you know the cardholder’s ID:
If the class has multiple key properties, such as Lnl_Reader, those properties
would be separated by commas:
revision 2 — 29
3: Using DataConduIT for Data Access
Adding Objects
Some classes in DataConduIT allow you to add, modify, and delete instances of
those classes. Adding a new instance of a class takes four steps. First, you get the
class for which you want to create an instance. Second, you spawn an instance of
that class. Third, you assign values to properties of that instance. Finally, you tell
DataConduIT to add the instance. Here’s a code sample that adds a new
cardholder:
cardholder.FirstName = “John”;
cardholder.LastName = “Smith”;
cardholder.City = “Rochester”;
var cardholderPath = cardholder.Put_();
cardholder = wbemServices.Get(cardholderPath);
// use cardholder object...
Earlier, it was mentioned that the Get() method can be used to get a class
definition. Line 2 of this sample shows how this is done. Instead of listing the key
properties in the object path, only the class name is specified. Line 3 uses this
class definition to create an instance of the class.
Lines 4-6 assign values to the properties of this new instance. Properties are used
here to set values just as in Searching for Objects on page 27 where they were
used to get values.
Next, line 7 actually commits the changes. Note that if the Put_() method is not
called, the instance will not be sent to DataConduIT, and therefore the change
will not be made in the OnGuard database. If successful, the Put_() method
returns the object path to the newly created instance. If you plan to use this
instance for further operations, you should re-get the instance using this path.
This is becauseDataConduIT will set default properties for you, and those values
will not be reflected in the instance that you called the Put_() method on. To get
those default values, you need to re-get the instance from DataConduIT.
Note that the above example did not assign a value to the ID key property for the
Lnl_Cardholder instance. This is because DataConduIT auto-generates the value
for you.
30 — revision 2
DataConduIT User Guide
Modifying Objects
The process of modifying objects in DataConduIT is similar to the process of
adding them. First, you search up the object that you want to modify. This can be
done in any of the ways described in Searching for Objects on page 27. Next, you
set new values to the object’s properties. Finally, you call the same Put_() method
that was used for adding objects. Here’s an example:
visitor = wbemServices.Get(visitorPath);
As you can see, modifying an object is very similar to adding one. Just as when
we added a new object, we re-get the object after we have committed our
modifications. This makes sure that all fields are refreshed. For instance,
DataConduIT sets the LastChanged property on instances of Lnl_Cardholder,
Lnl_Visitor, and Lnl_Badge when an instance of one of those classes is added or
modified. You must re-get the object in order to view the updated LastChanged
time.
Deleting Objects
There are two ways to delete an object in DataConduIT. The easiest way is to
search up the object you want to delete, and then just call the Delete_() method
on that object. For example:
You can also delete an instance if you know its object path. The example below is
equivalent to the one above, but it is more efficient because the actual visitor
object is never requested:
revision 2 — 31
3: Using DataConduIT for Data Access
Badges
Each badge instance has all of its UDFs exposed through DataConduIT. This
includes system fields such as badge ID (ID), badge type (TYPE), badge status
(STATUS), and the internal ID (BADGEKEY). All fields except for the internal
ID, number of badge prints, last changed, and last printed timestamps are
available for read/write access subject to the validation described above.
The PIN code is exposed in a manner similar to the way it is done in ID
CredentialCenter. You can set the badge PIN code by setting the property during
an add or modify operation. However, if you search up a badge and attempt the
read the PIN code, the property will always contain a null value.
A client will be able to assign access levels to a new badge by giving it a badge
type. The new badge will be assigned the default access levels for that badge
type.
In a segmented system, the client cannot change the badge type if it controls a
different set of segments than the previous badge type. This is because changing
the badge type of a badge could possibly remove access levels from that badge
without user confirmation.
Directory Accounts
Adding an instance of Lnl_Account is equivalent to linking a directory account
to a cardholder or visitor in ID CredentialCenter. Similarly, deleting an instance
is equivalent to unlinking the account. When adding an instance of Lnl_Account,
all fields except for the ID are required. The AccountID property refers to the
value of the LDAP attribute provided in the Lnl_Directory.AccountIDAttr
property. For Microsoft Active Directory accounts, this defaults to the account
security identifier, or SID. The SID is used for Microsoft Windows NT 4 Domain
and Microsoft 2000/XP Workstation directory accounts as well. Other LDAP
directories will probably use a different LDAP attribute.
Visits
Each visit instance has all of its UDFs exposed through DataConduIT. This
includes system fields such as host id (CARDHOLDERID), type (TYPE), visitor
32 — revision 2
DataConduIT User Guide
id (VISITORID), and the internal ID (ID). All fields except for the internal ID,
last changed, time in, and time out are available for read/write access subject to
the validation described above.
Once a visit has been signed in, scheduled time in cannot be changed, nor can the
cardholder or visitor of the visit, same thing with signing out a visitor.
E-mail recipients configured through Lnl_Visit cannot be viewed through
Lnl_Visit; Lnl_VisitEmailRecipient must be used for viewing.
Multimedia Objects
Signatures and photos are exposed, however, biometric templates are not. Trying
to add/delete/view biometric templates through DataConduIT will result in an
error.
revision 2 — 33
3: Using DataConduIT for Data Access
34 — revision 2
DataConduIT User Guide
Overview
The previous section described how to receive and modify data using
DataConduIT. This section describes how to receive real-time events.
DataConduIT produces two types of events - hardware events and software
events. Hardware events are generally events that originate in the access control
hardware. Software events occur when data in the OnGuard database changes.
There are two ways to receive events from DataConduIT: via temporary event
consumers and via permanent event consumers. A temporary event consumer
registers to receive events when it starts, receives those events while running, and
then ends its registration when it terminates. A permanent event consumer
submits an event registration to WMI and binds that registration to a particular
COM component. Whenever WMI receives an event that matches the
registration, that component is created and passed the event. This occurs until the
event registration is deleted or unbound from the component.
Here is an example of a simple temporary event consumer:
This sample demonstrates the three steps necessary for a temporary event
consumer to receive events from DataConduIT. First, the client creates an event
sink object. Second, the client registers an event query describing which events
the client would like to receive. Like data queries, this event query is written in
WQL. Unlike data queries, this query does not return events from WMI
immediately. Instead, it tells WMI which events it wants to receive when WMI
gets them in the future.
revision 2 — 35
4: Using DataConduIT to Receive Events
Hardware Events
36 — revision 2
DataConduIT User Guide
receive an access denied error when you try to register your event query. Here are
a few sample hardware event queries:
DataConduIT will obtain the set of segments specified by the event query, and it
will make sure that the user has permissions to receive events from all of these
segments.
Receiving Events
Once the event query is registered, DataConduIT will begin sending hardware
events to the client. The Lnl_AccessEvent class has a number of properties that
can be accessed by the client. These properties are generally self-explanatory. For
details, see the description qualifier on the Lnl_Event, Lnl_SecurityEvent, and
Lnl_AccessEvent class definitions.
Software Events
revision 2 — 37
4: Using DataConduIT to Receive Events
view a software event for an object if you could view that object normally. For
instance, if you do not have permission to view visitors, then you cannot receive
software events indicating that a visitor was created, modified, or deleted. If you
don’t have access to segment A, then you can’t receive software events for
objects in segment A. Furthermore, if you do not have view permissions for each
property of a class, then you can’t receive software events for instances of that
class. For example, if you can’t view the visitor address field (set through the
field/page permission groups in System Administration), you can’t view visitor
software events.
The following classes are supported by DataConduIT for software event
registration: Lnl_Cardholder, Lnl_Visitor, Lnl_Badge, and Lnl_Account.
Common software event queries that you might use include:
38 — revision 2
DataConduIT User Guide
Receiving Events
As mentioned above, the TargetInstance and PreviousInstance contain all the data
in the current and previous instances. This data can then be used in the event
handler to perform other actions. For instance, when a cardholder is created, a
script could use the cardholder’s name and department to create an LDAP
account for that cardholder and link it back to the cardholder by creating an
instance of the Lnl_Account class.
Assuming the software event feature is enabled (refer to Receiving Events on
page 21), software events are generated whenever changes are made to particular
tables in the database. This includes changes made by all OnGuard applications,
and even changes made by directly editing data in the database.
There are two situations, however, in which software events will not be
generated. The first is when a truncate table SQL command is issued on a table.
In this case, no cardholder and visitor deletion events will be fired. The second
case is in a full download from an enterprise master to an enterprise region.
Software events will be fired on the region in an incremental download.
revision 2 — 39
4: Using DataConduIT to Receive Events
40 — revision 2
DataConduIT User Guide
Overview
DataConduIT provides the capability of sending alarms to the Alarm Monitoring
application. These alarms are also logged to the OnGuard database just like other
alarms.
It is necessary to first setup a DataConduIT Source using System Administration
before using this capability of DataConduIT. DataConduIT will use this source as
the device to display alarms for in Alarm Monitoring. For more information,
refer to Add a DataConduIT Source on page 71.
After configuring the DataConduIT Source, you should also add any
DataConduIT Device and DataConduIT Sub-Device downstream devices in
System Administration. Use of devices and sub-devices is optional. OnGuard
uses devices and sub-devices to report alarms for DataConduIT Source child and
sub-child devices in Alarm Monitoring. For more information, refer to Add a
DataConduIT Device on page 73 and Add a DataConduIT Sub-Device on page
75.
Sending alarms to Alarm Monitoring is very simple. Here is an example using
java script:
The above sample will display and log an alarm with the description “Test Event
From DataConduIT” from controller name “DataConduIT Source 6”. This
sample assumes System Administration was used to create a DataConduIT
Source called “DataConduIT Source 6” and demonstrates the five steps
necessary for sending an alarm to Alarm Monitoring. First, the client gets an
instance of Lnl_IncomingEvent object. Second, the client gets the
“SendIncomingEvent” method referred to by oMethod. Third, the method is used
to retrieve a parameter object oInParam. The fourth step is simply set the Source
and Description properties of the oInParam parameter. The Source refers to the
DataConduIT source setup in System Administration. The Description property
is the actual text of the alarm that will be displayed in Alarm Monitoring and
revision 2 — 41
5: Using DataConduIT to Send Alarms to OnGuard
logged into the OnGuard database. The fifth and final step is simply execute the
method using ExecMethod.
The Lnl_IncomingEvent object has no properties and currently supports the
methods “SendIncomingEvent” and “AcknowledgeAlarm”. For more
information, refer to Lnl_IncomingEvent on page 120.
The DataConduIT SendIncomingEvent method allows the ability to generate
Access Granted and Access Denied events for a DataConduIT Source, Device
and SubDevice. This is made possible via the following additional optional
parameters that may be specified to the SendIncomingEvent method:
IsAccessGrant, IsAccessDeny, and BadgeID. For a compete description of these
parameters, refer to Generating Access Granted and Access Denied Events on
page 122.
If ‘IsAccessGrant’ is set to true, the ‘Granted Access’ event will be reported for
the DataConduIT Source, Device or SubDevice specified in the script. Similarly,
if ‘IsAccessDeny’ is set to true, the ‘Access Denied’ event will be reported. If
both of these are set to true, the method will fail since only of these can be set to
true at a given time (i.e., they are mutually exclusive).
The process is similar if the name of the Source and Device parameters
correspond to the name of an access panel and reader respectively. OnGuard
checks to see if the DataConduIT Source name provided matches a DataConduIT
Source. If not, then a check is made to see if it matches the name of a Lenel
access panel. If so, OnGuard checks the Device parameter and see if it matches
the name of a reader assigned to the access panel. If these conditions are met, the
‘Granted Access’ or ‘Access Denied’ events are reported based on how
‘IsAccessGrant’ and ‘IsAccessDeny’ are set.
The BadgeID parameter can be specified when either ‘IsAccessGrant’ or
‘IsAccessDeny’ are set to true to report an event for a specific OnGuard
cardholder. BadgeID is not required when using ‘IsAccessGrant’ or
‘IsAccessDeny’.
42 — revision 2
DataConduIT User Guide
Overview
MobileVerify is a feature that allows the cardholder view in OnGuard to make
grant and deny decisions similar to a reader. DataConduIT has an
Lnl_MobileVerify object that provides the ability to determine the configuration
settings of MobileVerify and also help make grant or deny decisions. Here is an
example using Lnl_MobileVerify:
The sample above will retrieve important configuration settings about the
MobileVerify feature and display them. The other supporting methods for the
MobileVerify feature are IsGrant, LogGrant, LogDeny, and SystemSetting.
Programmers can use these methods to simulate the MobileVerify feature in other
applications. For more information about the methods related to MobileVerify,
refer to Chapter 13: Reference on page 105.
revision 2 — 43
6: Working with MobileVerify
44 — revision 2
DataConduIT User Guide
try {
// do something that would cause an error...
}
catch (e) {
var extStatus = new
ActiveXObject("WbemScripting.SWbemLastError");
if (extStatus != null && extStatus.Description != null) {
WScript.Echo("Error: " + extStatus.Description);
}
else { throw e; }
}
The code sample above catches an error that occurs in DataConduIT. Next, it
creates an instance of the SWbemLastError object and tries to retrieve a
detailed error message from it, stored in its Description property. (Note that the
extStatus object is actually an instance of the Lnl_Error WMI class, if such an
error was returned by DataConduIT.) If a detailed description exists, it is printed
out. Otherwise, if some other type of error occurred, such as a scripting error, that
error will be printed out to the command line when the error is re-thrown.
DataConduIT reports the correct WMI error codes from all its functions. WMI
error codes and their meanings can be found in the Microsoft WMI
documentation reference.
revision 2 — 45
7: Troubleshooting and Advanced Options
Error Logging
DataConduIT maintains an error log in the standard WMI logging directory. This
directory is located at:
• <windows directory>\system32\wbem\logs.
or, if using Windows Server 2008 R2 64 at:
• <windows directory>\SysWOW64\wbem\Logs
The log file is named DataConduIT.log. Any errors that occur in DataConduIT
are logged to this file, along with the data and time that they occurred. This
includes errors that can be retrieved from DataConduIT using the
SWbemLastError object described in the previous section.
OnGuard allows you to configure the filename of the DataConduIT log file as
well as how verbose the logging is. Both of these parameters are configured in
the registry on the machine where DataConduIT is running. Both registry values
are located in the registry at:
• HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard\DataConduIT
or, if using Windows Server 2008 R2 64 at:
• HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lenel\OnGuard\Da
taConduIT.
(Note that the DataConduIT key does not exist by default - you will have to
create it.)
The log file filename is stored in the value “DebugFile” in this key. This is the
full path to the log file, such as c:\program files\OnGuard\DataConduIT.log.
The logging level is stored in the value “DebugLevel” in this key. Possible values
are 0 (normal/default), 1 (verbose), 2 (extra verbose). Note that when
DebugLevel is set to 1 or 2, the log file can become large very quickly.
Therefore, the DebugLevel should only be set above 0 when trying to debug an
error. Note that the debug logging level must be a DWORD for the process to
work correctly.
46 — revision 2
DataConduIT User Guide
If you need to call tech support regarding a DataConduIT issue, you should first
reproduce your particular error while the DebugLevel is set to 2. Next, create a
ZIP archive containing the contents of the WMI log folder, the DataConduIT log
file, and the Lenel error log. This will be very helpful to tech support as they help
you with your issue.
Tuning Parameters
DataConduIT allows administrators to tune some parameters that it uses for
general operation and for communication with other servers. All of these
parameters are stored in the database in the LNLCONFIG table. These
parameters are described the table below. ID refers to the value in the
LNLCONFIG.LNLCONFIGID column. The default value is the value assigned
to the parameter if the LNLCONFIG table does not contain a record with this ID.
33 60 Number of seconds for which DataConduIT caches user logon credentials. DataConduIT
After this time, the cached credentials are refreshed from the database.
35 15 Number of seconds in polling interval for software events by the Linkage Linkage Server
Server.
36 3 Number of seconds between which changes to tables for the same object are Linkage Server
considered part of the same software event.
38 30 Number of seconds after startup that the Linkage Server waits to receive Linkage Server
event registrations from DataConduIT servers.
revision 2 — 47
7: Troubleshooting and Advanced Options
39 3600 Number of seconds for which DataConduIT caches class definitions for Linkage Server
dynamically generated classes.
Note: If you have any event consumers running and you stop DataConduIT, WMI
will automatically restart DataConduIT after a couple seconds.
48 — revision 2
DataConduIT User Guide
Third-Party
IT Queue
Scripts
DataConduIT Message
Queue Server Communication
Service Servers
Lenel
DB
Hardware
revision 2 — 49
8: Getting Started with DataConduIT Message Queues
DataConduIT Message Queue service. The workstation and the third party queue
system are shown separately but actually reside on the same machine.
50 — revision 2
DataConduIT User Guide
Outgoing queues allow OnGuard to send messages to you. Outgoing queues are
used to send cardholder data, visitor data, cardholder/visitor photos, badge data,
linked account data, and hardware events to the user.
Schema Overview
The schema shows the structure of the OnGuard events going across the queue
and the format for making requests to the OnGuard software. The schema is
available through the OnGuard user interface by clicking the [Generate Schema]
button on the DataConduIT Message Queues form. This will detect all UDF drop-
down values as well as custom cardholder forms. The schema is saved as a
separate file with a .XSD extension. The schema is not sent across the queue and
there is no way to request it other than to generate it in System Administration. If
FormsDesigner changes are made, DataConduIT and DataConduIT Message Queue
must be restarted to pick up the new layout, and the schema must be regenerated.
In order to have the schema dynamically generated via System Administration,
you must be logged in using single sign-on. This is required for WMI, which is
needed to build the schema.
revision 2 — 51
8: Getting Started with DataConduIT Message Queues
When you’re generating the schema, you have to make sure you’re generating
the schema on a machine that DataConduIT is running on. This is because to
generate the schema, OnGuard needs to communicate with DataConduIT to get
database information. If it’s not, an error will be generated that tells you to check
the log.
When the DataConduIT Message Queue service starts up, it will also generate its
own copy of the schema. If you receive a message with a format or value that is
not in the schema, you must generate a new one to use. If the DataConduIT
Message Queue service cannot validate the DataConduIT request that it was sent
with the XML schema that it has, an error will occur. You may need to restart
both services so that a new schema is generated.
Note: The DataConduITQueue key does not exist by default - you will have to
create it.
52 — revision 2
DataConduIT User Guide
Error Logging
DataConduIT Message Queue errors are written to the DataConduITQueue.log
file in the OnGuard logs directory (located in C:\Program Files\OnGuard\logs
by default). Here are a few of the most common situations where an error
message would be written to the DataConduITQueue.log file.
• A request that does not match the schema. If a message with an invalid
schema is received, an error will be written to the DataConduITQueue.log
file.
If the DataConduITQueue.log does not provide enough information or if you
are directed to do so, refer to the DataConduIT.log file. For more information,
refer to Error Logging on page 46.
revision 2 — 53
8: Getting Started with DataConduIT Message Queues
receive events at any machine that you want; it’s where your queues reside that is
key. Your queue doesn’t have to physically reside on the machine you’re setting
up, but you must have the IBM WebSphere client tools on the machine you’re
setting up the queue on.
System Options
The Generate software events checkbox on the General System Options form in
the System Options folder must be selected so that events will be generated for
DataConduIT Message Queue to package up into XML and send over the queue.
Before this checkbox can be selected, the Linkage Server must be running, and
the Linkage Server Host must be specified on the General System Options form
in the System Options folder.
54 — revision 2
DataConduIT User Guide
User Permissions
For a user to be able to use DataConduIT Message Queue, the user must have the
DataConduIT message queues and DataConduIT Service user permissions:
• Configure the DataConduIT message queues permission in System
Administration by opening the Users folder and expanding the Software
options group on the System Permission Groups form. The user must have
View/Access permissions. The user can also have Add, Modify, and/or
Delete permission for message queues.
• Configure the DataConduIT Service permission by expanding Software
Options - Applications, under which DataConduIT Service is listed.
All functionality available through DataConduIT is controlled by the same
permissions that you already use to manage data in ID CredentialCenter. For
example, if you want to add a cardholder through DataConduIT, you must have the
Add Cardholder user permission. If you want to view readers through
DataConduIT, you must have the View Reader user permission.
Existing permissions also control who can receive hardware and software events.
For hardware events, the client should only be able to receive events on its
segment. For software events, the client should only be able to receive events for
objects that the client can view on its segment. This means that the object must be
in one of the client’s segments, and the client must have permission to view the
object and all of its properties (for objects with view/access permissions).
revision 2 — 55
8: Getting Started with DataConduIT Message Queues
1. Click the Windows Start button, then select Settings > Control Panel.
2. Double-click “Administrative Tools”.
3. Double-click “Services”.
4. Select the “LS DataConduIT Message Queue Server” service, as shown.
56 — revision 2
DataConduIT User Guide
c. In the Select User window, select the user account that single sign-on is
enabled for, then click [OK].
d. In the Password field, type the Windows password for the user account
that you selected.
e. In the Confirm Password field, retype the password.
f. Click [OK]. A confirmation message similar to the following will be
displayed:
g. Click [OK].
h. In the Services window, the user account you selected will be displayed
in the Log On As column, as shown.
revision 2 — 57
8: Getting Started with DataConduIT Message Queues
58 — revision 2
System Administration User Guide
The DataConduIT Message Queues folder contains forms with which you can:
• Add, modify, or delete DataConduIT message queues.
• Generate a schema for the user to reference.
• Configure whether photo and signature information is included in messages.
• Configure when messages are sent.
• Add, modify, or delete a custom object event WMI query, custom access and
security event WMI query.
The DataConduIT Message Queues folder contains one form: the DataConduIT
Message Queues form. The DataConduIT Message Queues form contains three
sub-tabs: General, Settings, and Advanced.
revision 2 — 59
9: DataConduIT Message Queues Folder
60 — revision 2
System Administration User Guide
Listing window Lists currently defined DataConduIT message queues. Each entry contains the queue’s name
and type.
Generate Schema Generates a schema for you to reference. If clicked, the Save As window is displayed, and you
must select where to save the schema.
After any changes to the database have been made using FormsDesigner, you must regenerate
the schema so that the updated database is reflected in the schema file.
Note: DataConduIT uses the Windows account of the person who is logged on to the
machine at the time of schema creation. Because of this, it is probably more
preferable for a system administrator to handle all schema generation.
General Sub-tab
revision 2 — 61
9: DataConduIT Message Queues Folder
Queue/SNMP This field does not pertain to Microsoft Message Queues. If adding an IBM WebSphere MQ
manager queue, enter the queue manager’s name. This field is case-sensitive. If adding an SNMP Trap
Messages queue, enter the SNMP manager’s IP address. Depending on the network
configuration, a fully qualified NetBios name may be required.
Queue type OnGuard supports the following types of queues: IBM WebSphere MQ, Microsoft Message
Queue, and SNMP Trap Messages. The queue type is selected when a queue is added, and it
cannot be modified after the queue has been added.
Operation The IBM WebSphere MQ queue type supports two operations: incoming and outgoing. A
queue is designated as either incoming or outgoing when it is added. The SNMP Trap
Messages queue type only supports outgoing queues. The operation cannot be modified after a
queue has been added.
Online Shows whether the queue is online or offline. While checked the queue is online and will
function normally. Unchecked makes the queue become offline. Being offline means no events
are sent or received from the queue.
Settings Sub-tab
Include photos and Specifies whether photos, signatures, and fingerprints are included in messages. If this option
signature in is selected, the size of the messages sent is much larger.
messages
Include access Check this box to include access level assignments in the outgoing messages.
level assignments
in messages
Cardholder If selected, a message will be sent whenever a cardholder record is added, modified, or
deleted.
Badge If selected, a message will be sent whenever a badge record is added, modified, or deleted.
Visitor If selected, a message will be sent whenever a visitor record is added, modified, or deleted.
Linked Account If selected, a message will be sent whenever a linked account record is added, modified, or
deleted.
Send a message If selected, a message will be sent every time an access event occurs. Two examples of access
when access events are access granted and access denied events.
events occur
Send a message If selected, a message will be sent every time a security event occurs. Two examples of
when security security events are door forced open and alarm restored events.
events occur
Guarantee Check this box to guarantee delivery of hardware events. This works by first sending the
Delivery events to a table where the DataConduITQueue will then retrieve them. The guarantee is
assured because the table is used as a preliminary queue and the events are not deleted until
picked up by the DataConduITQueue. The DataConduITQueue will not mark the event as
processed until it is written on the designated message queue.
Note: There is a mathematically small possibility that you could receive a duplicate event,
but the chances are negligible.
Advanced Sub-tab
Object event WMI You can type an object event WMI query in directly. Objects include cardholders, linked
query accounts, badges, and visitors.
62 — revision 2
System Administration User Guide
Access and You can type an access and security event WMI query in directly. Access events are events
security event such as access granted and access denied. Security events are events such as door forced open
WMI query and alarm restored.
c. Click [OK].
4. On the General sub-tab:
a. In the Queue name field, type the name of the queue. The name is case-
sensitive. For IBM WebSphere MQ queues, this name must be exactly
the same name that you used when setting up the queue in the IBM
WebSphere MQ software.
b. In the Queue manager or SNMP manager field, enter the manager’s
name. If adding an IBM WebSphere MQ queue, enter the queue
manager’s name. If adding an SNMP Trap Messages queue, enter the
SNMP manager’s IP address. Depending on the network configuration,
revision 2 — 63
9: DataConduIT Message Queues Folder
Note: Including photo information in the messages makes the size of the message
sent much larger.
Note: If you configured an SNMP Trap Messages queue, load the lenel.mib file
into the SNMP Manager so that it knows how to handle and display the
variables it receives. The Lenel MIB file is located in the Support Center/
SNMP folder on the Supplemental Materials disc.
64 — revision 2
System Administration User Guide
revision 2 — 65
9: DataConduIT Message Queues Folder
66 — revision 2
System Administration User Guide
DataConduIT Overview
DataConduIT is an advanced application integration service that allows real time,
bidirectional integration between OnGuard and third party IT sources.
DataConduIT allows System Administrators to develop scripts and/or
applications that allow events in one domain (security or IT) to cause appropriate
actions in the other.
For more information, refer to the DataConduIT User Guide available through
Note: The DataConduIT method has four parameters: the source, description,
device (optional), and subdevice (optional). The source of the DataConduIT
method must match the source name on the DataConduIT Sources form. If
the optional parameters are used, the device of the DataConduIT method
must match the device name on the DataConduIT Devices form, and the
subdevice must match the sub-device name on the DataConduIT Sub-
Devices form.
Toolbar Shortcut This folder is displayed by selecting DataConduIT Sources from the
Additional Hardware menu, or by selecting the DataConduIT Sources toolbar
button.
revision 2 — 67
10: DataConduIT Sources Folder
Licenses Required
No additional license is required to use the DataConduIT Sources folder other
than the “Maximum Number of DataConduIT Clients” license to use
DataConduIT in general.
68 — revision 2
System Administration User Guide
revision 2 — 69
10: DataConduIT Sources Folder
Name Identifies the name of the DataConduIT Source. This is a “friendly” name assigned to each
DataConduIT Source to make it easy to identify.
Online If selected, the DataConduIT Source is online and ready for use. To suspend the DataConduIT
Source deselect this box.
World time zone Select the world time zone for the selected access panel’s geographical location. The
selections in the drop-down list are listed sequentially, and each includes:
• The world time zone’s clock time relative to Greenwich Mean Time. For example,
(GMT+05:00) indicates that the clock time in the selected world time zone is 5 hours
ahead of the clock time in Greenwich, England.
• The name of one or more countries or cities that are located in that world time zone.
Daylight savings Select this check box if Daylight Savings Time is enforced in the selected access panel’s
geographical location.
Help Click this button to display online help for this form.
Multiple Selection If selected, more than one entry in the listing window can be selected simultaneously. The
changes made on this form will apply to all selected DataConduIT Sources.
70 — revision 2
System Administration User Guide
revision 2 — 71
10: DataConduIT Sources Folder
Name Identifies the name of the DataConduIT Device. This is a “friendly” name assigned to each
DataConduIT Device to make it easy to identify.
DataConduIT Select the DataConduIT Source that is the parent of the child device being configured.
Source DataConduIT Sources are configured on the DataConduIT Sources tab (Additional
Hardware > DataConduIT Sources > DataConduIT Sources tab).
Help Click this button to display online help for this form.
72 — revision 2
System Administration User Guide
Multiple Selection If selected, more than one entry in the listing window can be selected simultaneously. The
changes made on this form will apply to all selected DataConduIT Devices.
6. Click [OK].
revision 2 — 73
10: DataConduIT Sources Folder
Listing window Lists DataConduIT Sub-Device names, along with the parent DataConduIT Device and
DataConduIT Source.
Name Identifies the name of the DataConduIT Sub-Device. This is a “friendly” name assigned to
each DataConduIT Sub-Device to make it easy to identify.
DataConduIT Select the DataConduIT Device that is the parent of the child Sub-Device being configured.
Device DataConduIT Devices are configured on the DataConduIT Devices tab (Additional
Hardware > DataConduIT Sources > DataConduIT Devices tab).
Help Click this button to display online help for this form.
74 — revision 2
System Administration User Guide
Multiple Selection If selected, more than one entry in the listing window can be selected simultaneously. The
changes made on this form will apply to all selected DataConduIT Sub-Devices.
6. Click [OK].
revision 2 — 75
10: DataConduIT Sources Folder
76 — revision 2
System Administration User Guide
Note: Events and alarms sent by an OPC Server can be viewed, logged and even
used to trigger specific actions.
revision 2 — 77
11: OPC Connections Folder
Toolbar Shortcut This folder is displayed by selecting OPC Connections from the Additional
Hardware menu, or by selecting the OPC Connections toolbar button.
Note: To use this folder an OPC Client support license is required and you must
have the correct permissions.
The OPC Server can either be local or it can be accessed via DCOM on a remote
machine. DCOM (Distributed Component Object Model) is a set of Microsoft
concepts and program interfaces in which client program objects can request
services from server program objects on other computers in a network.
78 — revision 2
System Administration User Guide
Note: In order to view, add, modify or delete the OPC connection users must have
the correct permissions. For more information, refer to System Permission
Groups Form Procedures on page 462.
Name Identifies the name of the OPC connections. This is a “friendly” name assigned to each
connection to make it easy to identify. After the OPC Client is added, users can overwrite the
default name.
Online If selected, the OPC connection will be online. To suspend the OPC connection, deselect this
box.
Note: Select this check box to place the OPC Client online with the OPC Server. This does
NOT necessarily mean the OPC Client is online with the actual hardware panel.
Browse Browse for the workstation the OnGuard OPC Client is on.
World time zone Select the world time zone for the selected access panel’s geographical location. The
selections in the drop-down list are listed sequentially, and each includes:
• The world time zone’s clock time relative to Greenwich Mean Time. For example,
(GMT+05:00) indicates that the clock time in the selected world time zone is 5 hours
ahead of the clock time in Greenwich, England.
• The name of one or more countries or cities that are located in that world time zone.
Daylight savings Select this check box if Daylight Savings Time is enforced in the selected access panel’s
geographical location.
revision 2 — 79
11: OPC Connections Folder
OPC Server Includes the Host Name and ProgID fields and the [Select OPC Server] and [Test OPC
Parameters Connection] push buttons.
Host Name The computer the OPC Server is on. To populate the Host Name and ProgID fields, click the
[Select OPC Server] button.
ProgID The OPC Server’s global unique identifier. To populate the Host Name and ProgID fields,
click the [Select OPC Server] button.
Select OPC Server Displays the Select OPC Server window which enables you to select the OPC Server by
searching for it or manually entering it.
Test OPC Tests a specified OPC Connection. When the OPC connection is successful the OPC Server
Connection Properties window displays the current OPC Server status.
Note: The client to server connection is tested. The client to alarm panel connection is
NOT tested.
Computer Name Enter the name of the computer the OPC Server is on.
Search Searches the specified computer for OPC Servers that are on it.
80 — revision 2
System Administration User Guide
OPC Servers Listing Displays the OPC Servers on the specified computer.
Window
Cancel Cancels the current selection and closes the Select OPC Server window.
Important: When the OPC connection shows up as online, that means it is online with
the OPC Server and NOT necessarily online with the actual hardware panel.
revision 2 — 81
11: OPC Connections Folder
82 — revision 2
System Administration User Guide
System Administrators cannot manually add OPC Sources to the OPC Sources
form listing window. The [Add] button will always be grayed out. System
Administrators can however, modify the OPC Source name. This is also the
name that displays in Alarm Monitoring under the Device column of the alarm
view as well as in the system status tree.
Name The name for the selected OPC source. Users can modify this name which also displays in
Alarm Monitoring.
Description The original name of the OPC source. The description is read only.
OPC Connection Identifies the OPC Server the client is connected to. This is a read only field.
Add Does not apply. For more information, refer to OPC Client Overview on page 77.
Help Click this button to display online help for this form.
revision 2 — 83
11: OPC Connections Folder
New high security access control card readers, cameras and motion detectors
have been installed and the customer wants to integrate this with their existing
systems and monitor access control alarms and events from the same control
room.
84 — revision 2
System Administration User Guide
How does the customer monitor the access control alarms and events using the
existing OPC Servers?
OnGuard
Customer’s Existing
System
The OnGuard OPC Client, receives and translates alarms and events from the
OPC Server and outputs them in the Alarm Monitoring application along with
the alarm and events received from the newly installed access control system.
Displaying Data
The OnGuard OPC Client supports every event attribute required by OPC
specifications. The following table indefinites how OPC event attributes are
revision 2 — 85
11: OPC Connections Folder
mapped to OnGuard events. Note that the source name attribute can be modified
to a user-friendly name.
OPC Connection Identifies the OPC Server that the OnGuard OPC “Controller” field in alarm view
Description Client is communication with.Text description of the
OPC connection configured in System
Administration. This is also the name of the
controller when configuring monitor zones.
Source The object which generated the event. “Device” field in alarm view
Message Text which describes the event. “Event description” field in alarm
view
Event Category The vendor-specific category which this event Part of the “Associated Text” field in
belongs. alarm view
Condition Name The name of the OPC condition/alarm related to the Part of the “Associated Text” field in
event notification. alarm view
Quality The current quality of the data. Part of the “Associated Text” field in
alarm view
86 — revision 2
Advanced Installation Topics
OnGuard
Database
SNMP
Agent
T raps
SNM P
SNMP
SNMP Traps
Agent
SNM P
T raps
SNMP
Alarm Monitoring Workstation Agent
SNMP
Agent
r ap s
SNMP T
SNMP
SNMP Traps
Agent
SNMP
Traps
SNMP Manager OnGuard
system
revision 2 — 87
12: Using SNMP with OnGuard
OnGuard system
Internal
architecture OnGuard
of OnGuard Database
system
Linkage Server
DataConduIT
SNMP
SNMP SNMP
Agent Agent
Third-party
SNMP Manager
Why use SNMP with OnGuard? This depends on whether you are using
OnGuard as an SNMP Manager or as an SNMP Agent.
88 — revision 2
Advanced Installation Topics
• If you already have OnGuard installed and are using a third-party application
to monitor SNMP traps, you can now move that functionality over to
OnGuard and monitor everything in a central location.
• By loading into OnGuard the MIB file for the SNMP Agents you are
monitoring, you can customize how the information from the SNMP Agent
is displayed in Alarm Monitoring
• Based on the information received and displayed in OnGuard, you can create
custom alarm and Global I/O linkages for the trap, as well as take advantage
of other existing OnGuard functionality.
To set up OnGuard to function as an SNMP Manager, you must configure
an SNMP Manager on a workstation. This is done through System
Administration. In addition to configuring the SNMP Manager, you can
also load up third party MIB files into OnGuard, which will allow you to
customize how SNMP Traps are handled and displayed in OnGuard. For
more information, refer to the SNMP Managers Folder chapter in the
System Administration User Guide.
Configuring SNMP
The following steps must be completed before you configure OnGuard as
either an SNMP Manager or an SNMP Agent:
1. Install the Windows SNMP components. You will need your Windows CD
to complete this procedure. For more information, refer to Install the
Windows SNMP Components on page 91.
2. Install a license with SNMP support.
To configure OnGuard as an SNMP Manager, please refer to Configuring
OnGuard as an SNMP Manager on page 93.
revision 2 — 89
12: Using SNMP with OnGuard
90 — revision 2
Advanced Installation Topics
1. Click the Windows Start button and navigate to the Control Panel.
2. Double-click “Add or Remove Programs”.
3. The Add or Remove Programs window opens. Click “Add/Remove
Windows Components”.
4. The Windows Components Wizard window opens. Select the Management
and Monitoring Tools check box.
5. Click [Details].
6. The Management and Monitoring Tools window opens. Verify that the
Simple Network Management Protocol check box is selected, and then click
[OK].
revision 2 — 91
12: Using SNMP with OnGuard
7. Click [Next].
8. The Configuring Components window opens. The status bar is updated as
the installation proceeds.
92 — revision 2
Advanced Installation Topics
10. A message indicating that you have successfully completed the Windows
Components Wizard is displayed. Click [Finish].
1. Install the Windows SNMP components. You will need your Windows CD
to complete this procedure. For more information, refer to Install the
Windows SNMP Components on page 91.
2. Install a license with SNMP support.
To configure OnGuard as an SNMP Manager:
revision 2 — 93
12: Using SNMP with OnGuard
Notes: You are required to enter the workstation’s NetBIOS name. (The NetBIOS
name is specified when Windows networking is installed/configured.)
Only one SNMP Manager is allowed to run on each Communication Server.
You can have several Communication Servers running with an SNMP
Manager on each one and have all Agents in that part of the network
configured to report to the local Manager. This would help localize network
traffic.
7. Click [OK].
Add Agents
If OnGuard receives an event from an Agent that has not been defined, it
will automatically add an Agent for it and have the default name set to the
IP address of the Agent. You can then go in and modify the Name to
whatever you want. On a segmented system, Agents are added to the
Manager’s segment by default, but they can also be assigned to different
segments as well.
94 — revision 2
Advanced Installation Topics
revision 2 — 95
12: Using SNMP with OnGuard
1. Save the MIB file you wish to load to the computer. Remember the location
where you save it.
2. If necessary, save any files that contain modules required by the MIB files in
the SNMP-IMPORT-MIBS folder in the OnGuard installation directory. By
default, this is C:\Program Files\OnGuard\SNMP-IMPORT-MIBS. The
following eight (8) files are installed to that location by default:
– RFC1155-SMI.txt
– RFC1213-MIB.txt
– RFC-1215.txt
– SNMPv2-CONF.txt
– SNMPv2-MIB.txt
– SNMPv2-SMI.txt
– SNMPv2-TC.txt
– SNMPv2-TM.txt
96 — revision 2
Advanced Installation Topics
Notes: This location can be changed in the ACS.INI file by adding the following
setting:
[SNMPManager]
MIBDir=“drive:\absolute\path\to\MIB\directory”
To make changes in the ACS.INI file on a Windows 7 computer, you must
right-click on the ACS.INI file and run it as an Administrator.
revision 2 — 97
12: Using SNMP with OnGuard
Note: After a MIB file has been loaded into OnGuard, the actual file is no longer
needed.
SNMP Reports
Reports are run from System Administration or ID CredentialCenter. For
more information, please refer to the Reports Folder chapter in the System
Administration or ID CredentialCenter User Guide. There are two SNMP-
related reports that can be run:
• SNMP Agents - lists all SNMP Agents sorted by segment and name
• SNMP Management Information Base Configuration - lists all MIB data
grouped by enterprise
The SNMP Management Information Base Configuration report lists each
node’s label and OID (Object ID) description. If configured, the following
additional options will also be listed:
• Use in alarm description
• Include label with value
• Use leaf node only for label
98 — revision 2
Advanced Installation Topics
1. Install the Windows SNMP components. You will need your Windows CD
to complete this procedure. For more information, refer to Install the
Windows SNMP Components on page 91.
2. Install a license with SNMP support.
To configure OnGuard as an SNMP Agent:
Note: For more information, please refer to the DataConduIT Message Queues
Folder in the System Administration User Guide.
revision 2 — 99
12: Using SNMP with OnGuard
b. Click [OK].
4. On the General sub-tab:
a. In the Queue name field, type the name of the queue. The name is case-
sensitive.
b. In the SNMP manager field, type the name of the queue manager.
c. Note that the Queue type and Operation that you selected are displayed,
but cannot be modified.
5. On the Settings sub-tab:
a. If you wish to have photo, signature, and fingerprint information sent in
messages, select the Include photos and signature in messages check
box.
100 — revision 2
Advanced Installation Topics
Note: Including photo information in the messages makes the size of the message
sent much larger.
revision 2 — 101
12: Using SNMP with OnGuard
102 — revision 2
Advanced Installation Topics
• Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation and/
or other materials provided with the distribution.
• The name of Cambridge Broadband Ltd. may not be used to endorse or
promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER
“AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
revision 2 — 103
12: Using SNMP with OnGuard
104 — revision 2
DataConduIT User Guide
Data Classes
Note: All class and property access is subject to OnGuard user permissions.
Lnl_AccessGroup
Description: An access group defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Methods:
void AssignGroup([in]sint32 badgeKey);
Assigns all the access levels in the group to a specific badge.
Parameters:
badgeKey - Internal ID of the badge to assign the access levels to
Lnl_AccessLevel
Description: An access level defined in the security system.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Element
Platforms: OnGuard
revision 2 — 105
13: Reference
Properties:
Lnl_AccessLevelAssignment
Description: An access level assignment defined in the security system.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Lnl_AccessLevelReaderAssignment
Description: An access level reader assignment defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
106 — revision 2
DataConduIT User Guide
Platforms: OnGuard
Properties:
Lnl_Account
Description: A directory account belonging to a person in the security system.
Abstract: No
Access: View/Add /Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
revision 2 — 107
13: Reference
Lnl_AlarmDefinition
Description: Defines how the alarm that is received from the panel is displayed.
Lnl_AlarmDefinition instances are queried by an end user in order to establish
configuration details. This contrasts Lnl_Alarm instances, which come in with all
security events that come through the Communication Server.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:
Lnl_Area
Description: An APB area defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Methods:
108 — revision 2
DataConduIT User Guide
void MoveBadge();
Moves a badge from one area into another.
sint32 MoveBadge([in] sint32 areaID, [in] sint64 badgeID, [in] sint32 panelID,
[in] sint32 readerID, [in] sint32 segmentID, [in] datetime UTCTime);
Parameters:
• areaID - This is ID of the area to move the badge to.
• badgeID - This is the badge ID of the badge you want to move.
• panelID - This is the ID of the panel of the reader responsible for moving the
badge to the new area.
• readerID - This is the ID of the reader responsible for moving the badge.
• segmentID - This is the segment associated with the panelID, readerID.
• UTCTime - The time when the badge was moved to the area.
Lnl_Badge
Description: A badge in the security system.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
revision 2 — 109
13: Reference
Methods:
• void AddBadge([in] object BadgeIn, [out] object BadgeOut);
Parameters:
– BadgeIn - The badge to be added to the system.
– BadgeOut - The badge that was just added to the system with the new
badge ID.
• void AssignAccessLevel([in] Uint32[] LevelIn);
Parameters:
– LevelIn - Array that includes all the access level IDs the badge needs to
be assigned with.
Lnl_BadgeLastLocation
Description: Defines at what reader the badge was presented last.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
110 — revision 2
DataConduIT User Guide
Lnl_BadgeProperties
Description: Additional properties for the badge.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
0 = contact interface
1 = contactless interface
revision 2 — 111
13: Reference
0 = contact
1 = iCLASS
2 = MiFare
3 = DESFire
4 = Proximity
Lnl_BadgeType
Description: A badge type in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
112 — revision 2
DataConduIT User Guide
Properties:
Possible values:
1: Standard
2: Temporary
3: Visitor
4: Guest
Lnl_Camera
Important: The CameraType property for Lnl_Camera should not be used. Instead use
the CameraTypeName property.
revision 2 — 113
13: Reference
Lnl_CameraGroup
Description: Camera group definition.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Lnl_CameraGroupCameraLink
Description: An association between a camera and camera group.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
114 — revision 2
DataConduIT User Guide
Lnl_Cardholder
Description: A cardholder in the security system.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Person
Platforms: OnGuard
Properties: The class has all the properties of the Lnl_Person class, plus any
custom fields defined by the end user. In addition, the class has the following
properties:
Lnl_DataConduITManager
Description: Used for non-object related methods.
Abstract: No
Access: View only
Superclass: None
Platforms: OnGuard
Properties: None
Methods:
[static]void RefreshCache();
Refreshes all of the objects, reading in the UDF layout and list values.
[static]string GetCurrentUser();
Returns the user currently logged into DataConduIT using the format: LastName,
FirstName (UserID).
revision 2 — 115
13: Reference
Lnl_Directory
Description: A directory defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
See the ID CredentialCenter User Guide for more information about directory
properties.
Lnl_Element
Description: The base class for many data classes.
Abstract: Yes
Access: View only
Superclass: None
Platforms: OnGuard
Properties: None
116 — revision 2
DataConduIT User Guide
Lnl_EventAlarmDefinitionLink
Description: The link between the event type and alarm for a particular device.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:
Lnl_EventParameter
Description: An event parameter.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:
revision 2 — 117
13: Reference
Lnl_EventSubtypeDefinition
Description: An event subtype defined in the system.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:
Lnl_EventSubtypeParameterLink
Description: An association between an event subtype and event parameter.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:
Lnl_EventType
Description: An event type defined in the system.
Abstract: No
118 — revision 2
DataConduIT User Guide
Access: View
Superclass: None
Platforms: OnGuard
Properties:
Lnl_Holiday
Description: A holiday that is defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Lnl_HolidayType
Description: A holiday that is defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
revision 2 — 119
13: Reference
Lnl_HolidayTypeLink
Description: Defines what holiday type that is associated with a given holiday
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Lnl_IncomingEvent
Description: An event that supports sending incoming events via DataConduIT.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties: None
Methods:
• sint32 SendIncomingEvent([in] string Source, [in] string Description,
[datetime] Time, [in] string Device, [in] string SubDevice);
Parameters:
– Source - text representation of the object/device that generated the event
Variable-length Unicode string with a maximum length of 80 Unicode
characters. This parameter is required. The source must be defined in
the DataConduIT Sources folder (in the System Administration
application) prior to using the Lnl_IncomingEvent::SendIncomingEvent
method. For more information, refer to Add a DataConduIT Source on
page 71.
120 — revision 2
DataConduIT User Guide
Description:
Allows acknowledgment of alarms received from the system. Most of the
parameters can be extracted from the Lnl_SecurityEvent.
Return:
0 - If acknowledgment fails. Examine the SimultaneousAckStatus value to
see if the conflict occurred when processing the request.
1 - If acknowledgment succeeds.
Parameters:
– CurrentAckStatus - current acknowledgment status of the alarm to
ensure that simultaneous acknowledgment by other means does not
interfere with user’s intent. Possible values are:
0 - No. Initial status for an unacknowledged event.
1 - Yes. Acknowledge.
2 - Note. Acknowledge with note.
3 - In-Progress. Mark event as “in-progress”
revision 2 — 121
13: Reference
Note: The DataConduIT Source, Device, and SubDevice names must all match
what has been configured in the OnGuard database in order for the event to
be reported in Alarm Monitoring.
122 — revision 2
DataConduIT User Guide
Notes: IsAccessGrant and IsAccessDeny are mutually exclusive (i.e., either one or
the other can be set to true but not both).
If IsAccessGrant or IsAccessDeny is set to true, any text that may be
specified for the Description parameter will be ignored.
Lnl_LoggedEvent
Description: Represents an event that has been logged to the database.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Properties:
revision 2 — 123
13: Reference
Possible values:
0: Other
1: Unknown
2: Granted
3: Denied
4: Not Applicable
124 — revision 2
DataConduIT User Guide
Lnl_LogicalSystemAccount
Description: An account in a logical system that is associated with a given
person.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
1 = ActivIdentity CMS
Lnl_MobileVerify
Description: Specifically designed for OnGuard MobileVerify software
application. The class currently contains two static methods that allow to log an
access grant or deny transaction based on input parameters.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties: None
revision 2 — 125
13: Reference
Methods:
• [static] void RecommendProperties( [out] string LogicalName, [out] string
AssociatedDropdown, [out] string DenyText, [out] sint32 DenyColor, [out]
boolean DenyOverride, [out] string GrantText, [out] sint32 GrantColor,
[out] boolean GrantOverride, [out] boolean OverridePrompt, [out] boolean
NotifyUserOfOperation);
Note: This should be called prior to using all other methods of this object. Use the
value returned in the AssociatedDropdown parameter as the name of the
property in Lnl_Cardholder to retrieve the enumerated values.
Parameters:
– CurrentLevel - This is the ID of the value of the cardholder’s force
protection level.
– SystemLevel - This is the ID of the value of the current system’s force
protection level.
– CardholderName - name of cardholder
– SSNo - social security of cardholder
– ReaderName - Name of reader being opened (can be null)
– GateName - Name of gate or building associated with this reader or
mobile unit
• [static] void LogGrantTransaction( [in] sint32 CurrentLevel, [in] sint32
SystemLevel, [in] string CardholderName, [in] string SSNo, [in] string
ReaderName, [in] string GateName );
Logs an access grant transaction based on the input parameters. This method
is used to specify that the operator has granted the user access.
Note: This should be called when the operator clicks a grant button. It should not
reflect whether or not the cardholder’s force protection level was actually
grant or deny. This routine will appropriately log the correct transaction. For
example, if the operator clicks Grant on a cardholder whose force protection
level is LESS than the system setting (deny access), this routine will log a
grant-override transaction.
Parameters:
– CurrentLevel - This is the index of the combo box from the cardholder’s
force protection level.
– SystemLevel - This is the index of the combo box from the current
system’s force protection level.
– CardholderName - name of cardholder
– SSNo - social security of cardholder
– ReaderName - Name of reader being opened (can be null)
– GateName - Name of gate or building associated with this reader or
mobile unit
126 — revision 2
DataConduIT User Guide
Lnl_MonitoringZone
Description: A Monitoring zone defined in the system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Lnl_MonitoringZoneCameraLink
Description: Defines what cameras are associated with a given monitoring zone.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
revision 2 — 127
13: Reference
Lnl_MultimediaObject
Description: An image belonging to a person in the security system.
Abstract: No
Access: View/Add/Delete
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Lnl_Panel
Description: A panel defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
128 — revision 2
DataConduIT User Guide
Properties:
Lnl_Person
Description: A cardholder or visitor in the security system.
Abstract: Yes
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Lnl_Reader
Description: A reader defined in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
revision 2 — 129
13: Reference
Properties:
Entrance Reader = 1
Exit Reader = 2
Lnl_Segment
Description: A segment or segment group defined in the security system. Present
in segmented systems only.
Abstract: Yes
Access: View only
Superclass: None
Platforms: OnGuard
Properties:
Lnl_SegmentGroup
Description: A segment group in the security system. Present in segmented
systems only.
Abstract: No
Access: View only
Superclass: Lnl_Segment
Platforms: OnGuard
Properties: Same properties as in Lnl_Segment.
130 — revision 2
DataConduIT User Guide
Lnl_SegmentUnit
Description: A segment in the security system. Present in segmented systems
only.
Abstract: No
Access: View only
Superclass: Lnl_Segment
Platforms: OnGuard
Properties: Same properties as in Lnl_Segment.
Lnl_Timezone
Description: A time zone defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Lnl_TimezoneInterval
Description: A time zone defined in the security system.
Abstract: No
Access: View
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
revision 2 — 131
13: Reference
Lnl_User
Description: A user defined in the system.
Abstract: No
Access: View/Add /Modify/Delete
Superclass: Lnl_Element
Platforms: OnGuard
132 — revision 2
DataConduIT User Guide
Lnl_UserAccount
Description: An association between a user and its directory account.
Abstract: No
Access: View/Add/Modify/Delete
Superclass: None
Platforms: OnGuard
revision 2 — 133
13: Reference
Lnl_UserPermissionGroup
Description: A permission group defined in the system.
Abstract: No
Access: View
Superclass: None
Platforms: OnGuard
Lnl_UserPermissionDeviceGroupLink
Description: Describes a link between a device group and a permission.
Abstract: No
Access: View
Superclass: Lnl_Element
134 — revision 2
DataConduIT User Guide
Platforms: OnGuard
Lnl_UserSecondarySegment
Description: An association between a user and its assigned secondary
segments.
Abstract: No
Superclass: Lnl_Element
Platforms: OnGuard
Lnl_User.ID.
Lnl_Visit
Description: A visit in the security system.
Abstract: No
Access: Full (View/Add/Modify/Delete)
Superclass: Lnl_Element
Platforms: OnGuard
revision 2 — 135
13: Reference
Methods:
void SignVisitOut();
Signs a visit out, modifying the visit and setting TIMEOUT to current date/time.
Any associated badge with the visitor is deactivated and set to the status as
configured in the OnGuard software.
void SignVisitIn([in]sint32 BadgeTypeID, [in]string PrinterName, [in]sint32
AssignedBadgeID);
Signs a visit in, modifying the visit and setting TIMEIN to current date/time. If
AssignedBadgeID is set to a valid ID, the badge is automatically assigned to the
visitor and made active.
Parameters:
• badgeTypeID - This is the badge type you want to assign the visitor.
• AssignedBadgeID - This is the badge ID you want to assign the visitor, a
badge already in the system.
• printerName - The name of the printer you want to use to print out the
disposable badge
136 — revision 2
DataConduIT User Guide
Lnl_VisitEmailRecipient
Description: A visit e-mail recipient in the security system.
Abstract: No
Access: View only
Superclass: Lnl_Element
Platforms: OnGuard
Properties:
Lnl_Visitor
Description: A visitor in the security system.
Abstract: No
revision 2 — 137
13: Reference
Association Classes
Lnl_AccessLevelGroupAssignment
Description: An association between an access level and the group in which it
belongs.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:
Lnl_BadgeOwner
Description: An association between a badge and the person who owns it.
138 — revision 2
DataConduIT User Guide
Abstract: Yes
Superclass: None
Platforms: OnGuard
Properties:
Lnl_CardholderAccount
Description: An association between an account and the cardholder with which
it is associated.
Abstract: No
Superclass: Lnl_PersonAccount
Platforms: OnGuard
Properties:
Lnl_CardholderBadge
Description: An association between a badge and the cardholder who owns it.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:
Lnl_CardholderMultimediaObject
Description: An association between a multimedia object and the cardholder
who owns it.
Abstract: No
Superclass: None
Platforms: OnGuard
revision 2 — 139
13: Reference
Properties:
Lnl_DirectoryAccount
Description: An association between an account and the directory in which it is
stored.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:
Lnl_MultimediaObjectOwner
Description: An association between a multimedia object and the person who
owns it.
Abstract: Yes
Superclass: None
Platforms: OnGuard
Properties:
Lnl_PersonAccount
Description: An association between an account and the person with which it is
associated.
Abstract: Yes
Superclass: None
Platforms: OnGuard
140 — revision 2
DataConduIT User Guide
Properties:
Lnl_ReaderEntersArea
Description: An association between a reader and the APB area to which it
allows entry.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:
Lnl_ReaderExitsArea
Description: An association between a reader and the APB area to which it
allows departure from.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:
Lnl_SegmentGroupMember
Description: An association between a segment unit and the segment group of
which the unit is a member. Present in segmented systems only.
Abstract: No
Superclass: None
Platforms: OnGuard
revision 2 — 141
13: Reference
Properties:
Lnl_VisitorAccount
Description: An association between an account and the visitor with which it is
associated.
Abstract: No
Superclass: Lnl_PersonAccount
Platforms: OnGuard
Properties:
Lnl_VisitorMultimediaObject
Description: An association between a multimedia object and the visitor who
owns it.
Abstract: No
Superclass: None
Platforms: OnGuard
Properties:
Event Classes
All event classes are view only and are not abstract.
Lnl_AccessEvent
Description: An event occurring due to the presentation of credentials at a
reader. Credentials here are represented as being stored on a card, but the “card”
could be any form factor. Similarly, the “reader” represents any system that can
read the credentials on the card. This class includes information read from the
142 — revision 2
DataConduIT User Guide
card (card number, biometric information) in addition to what access was granted
(granted/denied and under duress).
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
sint32 ISSUECODE The issue code for the card that was
read, if available
Lnl_Alarm
Description: An alarm in the system. The Lnl_Alarm class is embedded directly
into the Lnl_SecurityEvent class, because an alarm cannot happen without an
event and an event can be mapped to one and only one alarm definition. Since
this is an embedded object, you cannot query for it.
revision 2 — 143
13: Reference
Abstract: No
Access: View only
Superclass: None
Platforms: OnGuard
Properties: These priorities are based off the Alarm Configuration folder in
System Administration.:
Lnl_Event
Description: An event occurring in the OnGuard system.
Superclass: __ExtrinsicEvent
Platforms: OnGuard
Properties:
Lnl_FireEvent
Description: An event that relates to a fire hazard and/or fire hardware.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Lnl_FunctionExecEvent
Description: An event that consists of a function that is executed when a given
event occurs. Input arguments may also be included.
144 — revision 2
DataConduIT User Guide
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Lnl_IntercomEvent
Description: An event occurring on intercom hardware such as an intercom
exchange or an intercom station.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Lnl_OtherSecurityEvent
Description: An event that is not card related and not access-related, such as
door forced open and alarm restored. The Lnl_OtherSecurity event class supports
all event types that were not included in the other event sub-classes. A
combination of all of the above classes yields all security events and alarms
available in the system.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties: All properties belong to the superclass.
Lnl_SecurityEvent
Description: An event occurring in the physical security system.
Superclass: Lnl_Event
Platforms: OnGuard
revision 2 — 145
13: Reference
Properties:
object:Lnl_A ALARM The alarm associated with the event, if there is one
larm
sint32 SubType Event sub-type i.e., “granted”, “door forced open”, View
etc. Corresponds to
Lnl_EventSubtypeDefinition.SubTypeID.
Lnl_StatusChangeEvent
Description: An event that indicates a change of status for the device specified.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Lnl_TransmitterEvent
Description: A personal safety event involving a transmitter.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
146 — revision 2
DataConduIT User Guide
Properties:
Lnl_VideoEvent
Description: An event associated with video equipment such as video recorders
and cameras.
Superclass: Lnl_SecurityEvent
Platforms: OnGuard
Properties:
Lnl_VisitEvent
Description: An event associated with a visit.
Superclass: __InstanceOperationEvent
Platforms: OnGuard
Properties:
revision 2 — 147
13: Reference
Lnl_AlarmInput
Description: Inherits from Lnl_Input. Implements the input control methods and
represents an alarm input found on an input control module.
Methods:
void Mask()
Inherited from Lnl_Input.
void Unmask()
Inherited from Lnl_Input.
Properties:
Lnl_AlarmOutput
Description: Inherits from Lnl_Output. Implements the relay control methods
and represents an alarm relay found on an input or output control module.
Methods:
void Activate()
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
void Pulse();
Inherited from Lnl_Output.
Properties:
148 — revision 2
DataConduIT User Guide
Lnl_AlarmPanel
Description: This class represents the Alarm input or output control module.
Methods:
void GetHardwareStatus([out] uint32 Status
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the parent ISC
Lnl_Input
Description: Abstract class that represents any kind of alarm input. It declares
methods for controlling such output.
Methods:
void Mask();
Sends a command to mask a specific alarm input.
void Unmask();
Sends a command to unmask a specific alarm input.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the ISC.
ALRM_STATUS_SECURE 0x00
ALRM_STATUS_ACTIVE 0x01
ALRM_STATUS_GND_FLT 0x02
ALRM_STATUS_SHRT_FLT 0x03
ALRM_STATUS_OPEN_FLT 0x04
ALRM_STATUS_GEN_FLT 0x05
Lnl_IntrusionArea
Description: Implements the control methods for the Intrusion Area.
Methods:
void Disarm()
Sends a command to disarm the area.
revision 2 — 149
13: Reference
void MasterDelayArm ()
Sends a command to perform a delayed master arm.
void MasterInstantArm ()
Sends a command to perform an instant master arm.
void PerimeterDelayArm ()
Sends a command to perform a delayed perimeter arm.
void PerimeterInstantArm ()
Sends a command to perform an instant perimeter arm.
void SilenceAlarms ()
Sends a command to silence area alarms.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the parent ISC.
OFFLINE_STATUS 0x00
ONLINE_STATUS 0x01
Properties:
Lnl_IntrusionDoor
Description: Implements the control methods for the Intrusion Door.
Methods:
void Open()
Sends a command to open the intrusion door.
void SetMode([in] sint32 Mode);
Sends a command to change the door mode.
DoorLock 0x0
DoorUnlock 0x1
SetDoorSecure 0x2
Properties:
Lnl_IntrusionOutput
Description: Abstract class that inherits from Lnl_Output. Declares the relay
control methods and represents an output device of the Intrusion Panel.
Methods:
void Activate()
Inherited from Lnl_Output.
150 — revision 2
DataConduIT User Guide
void Deactivate();
Inherited from Lnl_Output.
Properties:
Lnl_IntrusionZone
Description: Implements the control methods for the Intrusion Zone.
Methods:
void Bypass()
Sends a command to open by pass the alarm zone.
void UnBypass();
Sends a command to un bypass the alarm zone.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the parent ISC.
OFFLINE_STATUS 0x00
ONLINE_STATUS 0x01
Properties:
Lnl_IntrusionZoneOutput
Description: Inherits from Lnl_Output. Implements the relay control methods
and represents an Output Zone defined on the Intrusion Panel.
Methods:
void Activate()
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
Properties:
Lnl_OffBoardRelay
Description: Inherits from Lnl_Output. Implements the relay control methods
and represents an Off-Board relay connected to the Intrusion Panel.
Methods:
void Activate()
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
void Toggle();
Toggles the state of the specific alarm relay.
Properties:
revision 2 — 151
13: Reference
Lnl_OnBoardRelay
Description: Inherits from Lnl_Output. Implements the relay control methods
and represents an On-Board relay of the Intrusion Panel.
Methods:
void Activate()
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
Properties:
Lnl_Output
Description: Abstract class that represents any kind relay output. It declares
methods for controlling such output.
Methods:
void Activate()
Sends a command to activate a specific alarm relay.
void Deactivate()
Sends a command to deactivate a specific alarm relay.
void Pulse()
Sends a momentary pulse command to a specific alarm relay.
Example (VB Script):
152 — revision 2
DataConduIT User Guide
Lnl_Panel
Description: This class represents the Intelligent System Controller.
Methods:
void DownloadFirmware()
Sends a download firmware command to the ISC.
void DownloadDatabase()
Sends a command to the ISC to download the cardholder database.
void ResetUseLimit()
Sends a command to reset the use limit of all cardholders within the ISC.
void UpdateHardwareStatus()
Sends a command to retrieve the status of the Intelligent System controller and
all downstream hardware connected to the specific system controller.
void Connect()
Used for dial-up only. This command instructs the host to connect to the ISC via
dial-up.
void Disconnect()
Used for dial-up only. This command instructs the host to send a disconnect
command to the ISC.
void SetClock()
Sends the current time down to the ISC.
void GetHardwareStatus([out] uint32 Status)
Retrieves the hardware status for the device. Status is only retrieved from the
hardware when the UpdateHardwareStatus is called on the ISC.
revision 2 — 153
13: Reference
Lnl_Reader
Description:
Methods:
void OpenDoor()
Sends a command to open the door for a specific reader.
void SetMode([in] sint32 Mode)
Sends a command to set the current operating mode of a reader.
void GetMode ([out] sint32 Mode)
Retrieves current mode of the reader. Mode is only retrieved from the hardware
when the UpdateHardwareStatus is called on the parent ISC.
Parameters:
MODE_LOCKED 0x0
MODE_CARDONLY 0x1
MODE_PIN_OR_CARD 0x2
MODE_PIN_AND_CARD 0x3
MODE_UNLOCKED 0x4
MODE_FACCODE_ONLY 0x5
MODE_CYPHERLOCK 0x6
MODE_AUTOMATIC 0x7
154 — revision 2
DataConduIT User Guide
revision 2 — 155
13: Reference
Lnl_ReaderOutput
Description: Abstract class, inherits from Lnl_Output. Declares the relay control
methods and represents an auxiliary relay found on a reader interface module.
Methods:
void Activate();
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
void Pulse();
Inherited from Lnl_Output.
Properties:
Lnl_ReaderOutput1
Description: Inherits from Lnl_ReaderOutput. Implements the relay control
methods and represents the first auxiliary relay found on a reader interface
module.
Methods:
void Activate();
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
void Pulse();
Inherited from Lnl_Output.
Properties:
Lnl_ReaderOutput2
Description: Inherits from Lnl_ReaderOutput. Implements the relay control
methods and represents the second auxiliary relay found on a reader interface
module.
Methods:
void Activate();
Inherited from Lnl_Output.
void Deactivate();
Inherited from Lnl_Output.
156 — revision 2
DataConduIT User Guide
void Pulse();
Inherited from Lnl_Output.
Properties:
Lnl_ReaderInput
Description: Abstract class, inherits from Lnl_Input. Declares the input control
methods and represents an auxiliary input found on a reader interface module.
Methods:
void Mask()
Inherited from Lnl_Input.
void Unmask()
Inherited from Lnl_Input.
Properties:
Lnl_ReaderInput1
Description: Inherits from Lnl_ReaderInput. Declares the input control methods
and represents the first auxiliary input found on a reader interface module.
Methods:
void Mask()
Inherited from Lnl_Input.
void Unmask()
Inherited from Lnl_Input.
Properties:
Lnl_ReaderInput2
Description: Inherits from Lnl_ReaderInput. Declares the input control methods
and represents the second auxiliary input found on a reader interface module.
Methods:
void Mask()
Inherited from Lnl_Input.
void Unmask()
Inherited from Lnl_Input.
Properties:
revision 2 — 157
13: Reference
158 — revision 2
Appendices
DataConduIT User Guide
The following property qualifiers are used for user-defined fields (UDFs) with
the following settings. Some of these qualifiers are standard among WMI
applications; others are DataConduIT specific.
revision 2 — 161
A: Property Qualifiers Used In DataConduIT
162 — revision 2
DataConduIT User Guide
Windows XP introduces a new tool for managing data from WMI. That tool is
called the WMI command-line, or WMIC. WMIC provides a convenient,
flexible, and extensible way to view and modify WMI classes and instances.
Generally, WMIC users will invoke aliases that are a kind of shorthand for
interacting with WMI. Aliases define WQL queries for receiving data from
WMI, including output properties and formats and default properties to query.
Windows XP ships with a number of pre-defined aliases. For instance, typing
service list brief in WMIC lists the services installed on the machine, along with
some important properties such as whether the services are running.
The DataConduIT documentation comes with a number of aliases that you can
use to access data in OnGuard through WMIC. These aliases are located in the
XP folder of the documentation. Before these aliases can be used on a machine,
they must be installed. To install them, simply run the install.bat file located in
the XP folder. This batch file installs the aliases into WMI and copies the
necessary formatting files used by these aliases.
To start WMIC, open up a command shell and type WMIC. The first time it is
run, the tool will perform the necessary self-installation. To view a list of all
available aliases, type alias list brief. To view all aliases pertaining to
DataConduIT, type lnlalias “root\\onguard” list brief. The
column FriendlyName gives the name of each alias. Using any one of these
aliases, type [aliasname] /? to learn more about the capabilities of the
alias.
revision 2 — 163
B: DataConduIT Tools for Windows XP
Here are a few examples of what you can do in WMIC using these aliases:
List the names of people whose last name starts with the letter ‘L’:
For more information about WMIC, search for WMIC in Windows XP Help and
Support.
164 — revision 2
DataConduIT User Guide
The Event Generator is a utility that is only available on the OnGuard Software
Development Kit (SDK) installation disc. It is used to generate events without
having “live” or online hardware connected to a system; it enables customers
who wish to generate events without purchasing hardware to do so.
revision 2 — 165
C: Event Generator
End delay numeric Amount of time that will elapse after the last event is sent
Random end time check box If selected, the End delay value specified will be ignored, and instead a
random time will be used
In between delay numeric Amount of time that will elapse between events that are sent
Random in check box If selected, the In between delay value specified will be ignored, and instead
between time a random time will be used
Random badge IDs check box If selected, badge ID numbers will be randomly generated. This check box
must be selected for Badge ID min, Badge ID max, and [Auto-populate
with min and max badge IDs] to be enabled and available for selection.
Badge ID min numeric The lowest badge ID that is allowed to be randomly selected. Badge IDs will
be randomly determined, but will fall in the range between the specified
badge ID min and max.
Badge ID max numeric The highest badge ID that is allowed to be randomly selected. Badge IDs
will be randomly determined, but will fall in the range between the specified
badge ID min and max.
Auto-populate push button Automatically populates the Badge ID min and Badge ID max fields with
with min and max values appropriate for your particular database
badge IDs
Listing window display/ Lists events that have been added, along with the event type, event ID,
selection device ID, input ID, message type, data type, badge ID, and text associated
with each.
166 — revision 2
DataConduIT User Guide
The Edit Event (Simple) window opens when you select either:
• Edit > Create Event > Create Event (Simple), or
• Edit > Modify Event > Modify Event (Simple) when an event is selected
revision 2 — 167
C: Event Generator
Panel Lists all available panels for the selected event type. The event will be generated for the
selected panel.
Device Lists all available readers for the selected event type (if applicable). The event will be
generated for the selected reader.
Input or output Lists all available inputs and outputs for the selected event type (if applicable). The event will
be generated for the selected input or output.
Badge ID to use The entered badge ID will be used in generating the event (if applicable)
for event
OK If adding a new event, the event will be added. If modifying an event, the modifications will
be saved.
Cancel Closes the Edit Event (Simple) window without adding or modifying any events
168 — revision 2
DataConduIT User Guide
The Edit Event (Advanced) window opens when you select either:
• Edit > Create Event > Create Event (Advanced), or
• Edit > Modify Event > Modify Event (Advanced) when an event is
selected
The fields available on this window for the data type change depending on which
data type is selected. For example, if the EVENT_DATA_TYPE_STATUS data
type is selected, the New status, Old status, and Comm status fields are
displayed and active.
There are five different custom data fields: data1, data2, data3, data4, and data5.
If a data type uses custom fields, then the actual field names will be displayed
instead of data1, data2, data3, etc. When a data type contains less than five
custom data fields, the extra fields are disabled. In this example, New status is
data1, Old status is data2, Comm status is data3; data4 and data5 are not used,
so they are disabled.
revision 2 — 169
C: Event Generator
Event category Allows the events in the Events drop-down listbox to be filtered based on the category. Non-
receiver/intrusion events and receiver/intrusion events are available in this drop-down; in the
Simple user interface only non-receiver/intrusion events are available.
Events Lists all events for the selected event type and event category
Message type Indicates the message type of the event. The available choices are: Event, Status, Video. Most
messages will be of the Event type. Status messages are for messages which pass back status
information and will not display in Alarm Monitoring. Video events are special events used by
video.
Data type Indicates the type of additional data to be used with the message. For example, some messages
can have a badge ID and a specific data type will be used for these so this information can be
passed back.
There are five different custom data fields: data1, data2, data3, data4, and data5. If a data type
uses custom fields, then the actual field names will be displayed instead of data1, data2, data3,
etc. When a data type contains less than five custom data fields, the extra fields are disabled.
For example, for the EVENT_DATA_TYPE_STATUS data type, the New status, Old status,
and Comm status fields are displayed and active. New status is data1, Old status is data2,
Comm status is data3; data4 and data5 are not used, so they are disabled. If your event really
does not have additional data you can use the EVENT_DATA_TYPE_STATUS.
For more information, refer to Custom Data Fields Displayed for Each Data Type Setting on
page 171.
Associated event If selected, the text field will become enabled. Indicates if the message is to have associated
text text with it.
Device ID This is a downstream device ID that can be used to represent the event is from a downstream
device instead of just from a panel. OnGuard uses a three tiered device ID in the format P-D-I;
this is the second value.
Input ID This is a downstream input ID that can be used to represent that the event is from a
downstream device instead of just for a panel or its downstream device. OnGuard uses a three
tiered device ID in the format P-D-I; this is the third value.
Override Event This checkbox can be used to override the event generator’s panel ID so that you can generate
Generator’s panel an event that is from a different panel.
ID
Panel ID If the Override Event Generator’s panel ID option is being used, you will need to specify the
panel ID that will be used for the event in replacement for the event generator’s panel ID.
OK If adding a new event, the event will be added. If modifying an event, the modifications will
be saved.
Cancel Closes the Edit Event (Advanced) window without adding or modifying any events
170 — revision 2
DataConduIT User Guide
EVENT_DATA_ASSET Badge ID. Card number associated with the asset event.
EVENT_DATA_TYPE_CA Badge ID. Card number associated with the card event.
(Card Access) Issue code. Issue code associated with the card.
Bio score. Biometric score for biometric card events.
EVENT_DATA_TYPE_FC (Facility Code) Facility code. Facility code associated with the event.
Issue code. Issue code.
EVENT_DATA_TYPE_INTERCOM Intercom data. Special intercom data associated with the event.
Line number. Line number used by special intercom events.
If your event really does not have additional data, you can use the
EVENT_DATA_TYPE_STATUS.
EVENT_DATA_TYPE_STATUSREQUEST Status type. Type of status request. OnGuard has a number of pre-
defined types.
Status. Status associated with the status type. These values depend
on the type of status.
revision 2 — 171
C: Event Generator
Save Events Saves the event list as a file with an EVT extension. This is generally done after the event
configuration has been completed.
Edit Menu
Menu option Function
Create Event Contains a sub-menu of options that are used to create events.
Modify Event Contains a sub-menu of options that are used to modify events.
Delete Event Used to delete a selected event. A confirmation message is displayed before the actual deletion
occurs.
Clear Events Clears all events listed in the main window. Make sure to save the events before executing this
command if you wish to use the events in the future; otherwise, you will need to recreate them.
Send Events Generates a single selected event, which is then sent to Alarm Monitoring.
Generate Events Generates multiple events according to the configured frequency settings, and sends them to
Alarm Monitoring.
Create Event Enables you to create an event using additional advanced parameters that are not available in
(Advanced) the simple mode.
Create Event Enables you to create an event using the least number of parameters possible.
(Simple)
Modify Event For a selected event, displays the basic parameters and enables you to change them.
(Advanced)
Modify Event For a selected event, displays advanced parameters and enables you to change them.
(Simple)
172 — revision 2
DataConduIT User Guide
You will need to manually copy the files listed above to the OnGuard installation
directory, which is typically C:\Program Files\OnGuard. Although the
EventGenerator.chm file is not required for the Event Generator to run, we
recommend that you copy this as well, since this contains the online help for the
Event Generator application. All of these files are also located on the OnGuard
SDK disc in the program files\OnGuard Software Development Kit\Event
Generator directory.
revision 2 — 173
C: Event Generator
Note: If you receive an error saying that the LnlFCDBu.dll file could not be found
in the specified path, register the LnlEventGeneratoru.dll. For more
information, refer to Registering the LnlEventGeneratoru.dll on page 175.
7. The [Add Necessary Information] button will then become grayed out. At
this point, you can close the Event Generator Setup Tool.
Communication Server.
b. Right-click on the icon in the system tray, and then select Open
Communication Server. The Communication Server will open in one
window, and the Event Generator will open in another window.
174 — revision 2
DataConduIT User Guide
revision 2 — 175
C: Event Generator
The following message is displayed, indicating that the file was successfully
registered:
176 — revision 2
DataConduIT User Guide
1. From the Edit menu in the Event Generator main window, select Create
Event > Create Event (Simple).
2. When the Edit Event (Simple) window appears, select the desired Event
type. Depending on your selection, the other drop-down lists will be
enabled/disabled accordingly.
3. Once you’ve filled in all necessary items, click [OK].
4. Repeat these steps for all the events you wish to create.
1. From the Edit menu in the Event Generator main window, select Create
Event > Create Event (Advanced).
2. When the Edit Event (Simple) window appears, select the desired Event
type. Depending on your selection, the other drop-down lists will be
enabled/disabled accordingly.
3. Once you’ve filled in all necessary items, click [OK].
4. Repeat these steps for all the events you wish to create.
Generating Events
Events are generated differently depending on whether you are generating a
single event or multiple events.
revision 2 — 177
C: Event Generator
[Auto-populate with min and max badge IDs], and then the fields will be
automatically filled with the proper numbers from your database.
4. Click Edit > Generate Events.
178 — revision 2
DataConduIT User Guide
Can’t receive If you can’t receive cardholder events, be sure the Linkage Server is running and that
cardholder events. the System Options form has the correct setting for where LS Linkage Server is to be
running. The Generate software events check box must also be selected.
Permanent Permanent consumer only works with machines on a domain; it does not work with
consumer. workgroup machines.
Multiple threads Since DataConduIT uses database connection pooling, the same database
require multiple connections will be used across multiple threads and will cause unexpected behavior
user login and likely hang or crash at different times of execution. If DataConduIT is being
accounts. used by separate applications or multiple threads, each application or thread must
have its own OnGuard single sign-on account. Use impersonation if necessary to
accomplish this.
Not receiving Check and make sure the DataConduIT Message Queue service is not set to a local
events or messages system account and that it has a valid NT account that is linked to OnGuard for
in a queue when single sign-on with the necessary permissions. We recommend testing with an
using administrator’s NT account that is linked to the OnGuard SA account for testing.
DataConduIT
Message Queue.
Not receiving Make sure your Microsoft Message Queue is NOT configured to use transactional
messages in a mode.
Microsoft Message
Queue when using
DataConduIT
Message Queue
revision 2 — 179
D: Common DataConduIT Problems
Receiving events Use domain.exe located in the TroubleShooting directory of the DataConduIT
may not work documentation file structure to determine if this may be the problem. If the
with Active NT4Domain is different from the W2KDomain, then you will need to update the
directory. LNL_DIRECTORY.DIR_HOSTNAME to match the NT4Domain. In case this is
Oracle, please use all upper case. A sample SQL query to do this is below; it assumes
the NT4Domain name is “Lenel” from domain.exe and that the directory to be
updated is LNL_DIRECTORYID = 1.
180 — revision 2
DataConduIT User Guide
Important: These steps must occur on the server running the DataConduIT and Linkage
Server services!
revision 2 — 181
E: Technical Support Pre-Call Checklist
details.aspx?familyid=6430f853-1120-48db-8cc5-
f2abdc3ed314&displaylang=en.
9. Connect to the OnGuard namespace “root\OnGuard” using WMI CIM
Studio.
Note: Be sure to use the “Login as current user” option so the currently logged in
user is the one being verified and used for single sign-on.
10. Expand the Lnl_Element class and confirm that the Lnl_Panel class exists.
11. Check the DataConduIT.log; it should look something like the
SampleDataConduIT.log file. This file can be found in the
TroubleShooting directory of the DataConduIT documentation file
structure.
12. Confirm the Lnl_Person and Lnl_Badge classes are also under the
Lnl_Element class. If you do not see them, DataConduIT cannot
successfully connect to the OnGuard software. Please verify once again that
single sign-on is working.
182 — revision 2
DataConduIT User Guide
There is no installation or setup program. You will have to manually copy these
files to a directory and run the SampleDataConduIT.exe file either by using
Windows Explorer and clicking on the file, or by using the Run command from
the Start menu.
Parts of the demo, such as receiving cardholder events, will require OnGuard to
be configured to use the Linkage Server and to also enable “Generate software
events” on the General System Options form in the System Options folder in the
System Administration application.
You will also need to configure at least one DataConduIT Source from within
System Administration. For more information, refer to Add a DataConduIT
Source on page 71.
revision 2 — 183
F: Visual Basic Demo
Logging In
To use the Visual Basic demo program you must first log in to it. To do this:
184 — revision 2
DataConduIT User Guide
Note: Be sure that the remote enabled permission in WMI Security is enabled for
the NT account if you are using this Visual Basic demo from a computer that
is not running the DataConduIT service. For more information, refer to
Using DataConduIT from a Remote Computer on page 21.
3. Once you have configured what login account to use to access DataConduIT,
click [OK] to login.
4. Verify that the Source field matches the DataConduIT Source in System
Administration.
5. Click [Send]. The text specified in the Alarm Description field should
appear as an alarm in Alarm Monitoring.
revision 2 — 185
F: Visual Basic Demo
1. Log into the Visual Basic demo application. For more information, refer to
Logging In on page 184.
2. From the File menu, select Receive Alarms. The Receive Alarms window
opens, as shown. When alarms come into Alarm Monitoring, the same alarm
should appear in this window.
186 — revision 2
DataConduIT User Guide
Note: If you change these settings, it is recommended that you restart the Linkage
Server and the DataConduIT Server services. You will also then have to log
back into the Visual Basic demo application.
2. Log into the Visual Basic demo application. For more information, refer to
Logging In on page 184.
3. From the File menu, select Cardholders. The Cardholders window opens,
as shown.
Use the search criteria data at the bottom to do some adhoc searches by Last
Name. Clicking [Search] will find all cardholders whose last name begin with the
letters typed into the LastName field. These cardholders’ last name, first name
and address (if any) will be displayed in the Cardholders - address listing
window. Selecting a cardholder from the list will automatically find the
cardholder’s badges and display their badge ID, activate date, and deactivate date
in the Badges listing window.
Modifying Cardholders
If you go into OnGuard and modify a cardholder’s first name or address, these
changes will be reflected automatically in the Cardholder - address listing
window within a few seconds. Remember, this feature is only available if you
have specified a Linkage Server and selected the Generate software events
checkbox on the General System Options form in the System Options folder in
System Administration.
revision 2 — 187
F: Visual Basic Demo
1. Log into the Visual Basic demo application. For more information, refer to
Logging In on page 184.
2. From the File menu, select Active Directory Integration. The Active
Directory Integration window opens, as shown.
3. Before continuing, verify that the account you used to log into the Visual
Basic demo program has rights and privileges for adding directory/NT
accounts.
4. In the Directory Name field, enter the name of the active directory or the
NT based computer that you intend on adding accounts to.
5. The Operations History listing window will display a read-only information
list of each operation made through this window. Before using OnGuard
cardholders, we recommend that you test the ability to add/modify user
accounts to the directory. To do this:
a. Type in a last name and a first name in the respective fields.
b. Be sure the Account Disabled checkbox is NOT selected.
c. Click [Create/Update User Account].
d. Confirm an NT account with the username of Lastname combined with
Firstname was indeed added to the system. Once this has indeed been
confirmed, you should now be able to go to the Cardholders form in
OnGuard and add cardholders to the system.
6. As cardholders are added in OnGuard, the demo program will detect a
change in OnGuard, populate the Lastname and Firstname fields, and
automatically execute the [Create/Update User Account] operation. The
Account Disabled checkbox will be automatically set based on the
operation performed in OnGuard. Deactivating an active badge, or deleting
an active badge will disable the account. Adding an active badge will
activate an account.
Note: There is no option to delete an NT account in this Visual Basic demo, so you
will have to manually remove the accounts using Active Directory Users and
Computers or using Computer Management depending on the type of system
being controlled.
188 — revision 2
DataConduIT User Guide
Index
revision 2 — 189
Index
190 — revision 2
DataConduIT User Guide
revision 2 — 191
Index
192 — revision 2
DataConduIT User Guide
using permanent event consumers with Saving an event list ........................................... 178
DataConduIT ........................................ 39 SDK definition.................................................... 17
view list of all available aliases ................. 163 Searching for
viewing DataConduIT classes with the cardholders................................................. 187
Microsoft WMI SDK............................ 21 objects.......................................................... 27
Property qualifiers used in DataConduIT ......... 161 Security identifier ............................................... 32
Send alarms to OnGuard................................... 185
R SendIncomingEvent............................................ 41
Receiving Setting permissions to use DataConduIT............ 20
alarms from OnGuard ................................ 185 Setting up the Event Generator......................... 173
error information from DataConduIT.......... 45 SID ...................................................................... 32
events ............................................. 21, 37, 39 Single sign-on ..................................................... 20
Reference .......................................................... 105 SINK_OnObjectReady() function ...................... 36
References and applicable documents ................ 17 Software event definition.................................... 17
Registering the LnlEventGeneratoru.dll ........... 173 Software events............................................ 35, 37
Registering to receive events ....................... 36, 37 SSO ..................................................................... 20
Registry settings Start WMIC....................................................... 163
DATABASETIMEOUT .............................. 47 Stopping and restarting the DataConduIT service
DebugFile .................................................... 46 ..................................................................... 48
DebugLevel.................................................. 46 SWbemLastError object ..................................... 45
Remote Enable permission ................................. 21 SWbemServices .................................................. 27
Required
Visual Basic Demo files ............................ 183 T
TargetInstance..................................................... 39
S Technical support pre-call checklist ................. 181
Sample code Test Event From DataConduIT alarm ................ 41
add a cardholder........................................... 30 Timeout value for the database connection pool 47
aliases (WMIC).......................................... 164 Troubleshooting ................................................ 179
common software event queries .................. 38 Troubleshooting and advanced options .............. 45
connect to the namespace used by Tuning parameters .............................................. 47
DataConduIT (JScript) ......................... 27
delete an object ............................................ 31 U
delete an object in DataConduIT ................. 31 UDF .................................................................. 161
example of a simple temporary event consumer User account ....................................................... 20
.............................................................. 35 User-defined fields............................................ 161
find all active badges that are APB exempt User-defined list values ...................................... 33
(WQL query) ........................................ 28 User-defined value lists .................................... 138
find all directories with a specified hostname Using
(WQL query) ........................................ 28 permanent event consumers with DataConduIT
find all people whose last name is not "Lake" .............................................................. 39
(WQL Query) ....................................... 28 Visual Basic Demo .................................... 184
find all readers (WQL query) ...................... 28 Using DataConduIT
get a cardholder if you know the cardholder’s for data access.............................................. 27
ID.......................................................... 29 from a remote computer .............................. 21
hardware event queries ................................ 37 to receive events .......................................... 35
modifying objects ........................................ 31 to send alarms to OnGuard .......................... 41
multiple key properties in the class ............. 29
print first and last names of all cardholders in V
OnGuard ............................................... 27 VBScript ............................................................. 16
retrieve error information ..................... 41, 45 Viewing DataConduIT classes with the Microsoft
use a WQL query with the ExecQuery() method WMI SDK.................................................... 21
.............................................................. 29 Visitors................................................................ 32
Samples ............................................................... 16 Visits ................................................................... 32
revision 2 — 193
Index
W
What is DataConduIT? ....................................... 15
Windows Management Instrumentation definition
..................................................................... 17
WMI
command-line ............................................ 163
definition...................................................... 17
WMIC ............................................................... 163
starting ....................................................... 163
view list of all available aliases ................. 163
Working with
cardholders................................................. 186
MobileVerify ............................................... 43
194 — revision 2
DataConduIT User Guide
revision 2 — 195
Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, New York 14534 USA
Tel 585.248.9720 Fax 585.248.9185
www.lenel.com
docfeedback@lenel.com