Transformation symmetry line symmetry line of symmetry rotational symmetry Vocabulary.
Symmetry™ Trainingamagtraining.leads2learning.com/pluginfile.php/9729/mod...Introduction to...
Transcript of Symmetry™ Trainingamagtraining.leads2learning.com/pluginfile.php/9729/mod...Introduction to...
Symmetry Essentials v8.0.2 Certification
October 2015
Symmetry™ Training
AMAG Technology
Introduction to Symmetry (pg 10-17)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 1
Product Introduction
Introduction to Symmetry (pg 10-17)
Objectives
Identify the key terms used in the Symmetry platform
Explain the key differences between versions of Symmetry Software
Describe the key modules that integrate within the Symmetry Security
Management System
Identify the standard and optional features of the Symmetry Software
Describe the Optional Modules of the Symmetry Software
Introduction to Symmetry (pg 11)
System Components & Key Terms
Symmetry System Server - The PC
that manages the Security Management
System, it handles all communication to
the Symmetry including all processes
and transactions
System Database – Holds all the
information for operating the Security
Management System
Client - The computer providing a
Graphical User Interface (GUI) for
system users.
Client also refers to the Symmetry
Polling Client (Communications Client)
Introduction to Symmetry (pg 12)
System Components & Key Terms
Node - A microprocessor-controller that is
the hardware interface device that controls
card readers/doors functions(up to 16
readers). This includes the database unit
and external controllers
Door Controller (also DC): A remote
board hardwired to a DBU/DBC which
provides door access functions. It has no
local memory and is completely dependent
upon the DBU/DBC to remain functional
Chain: May be a single Node and/or up to
32 like Nodes interconnected (chained)
together electrically
NIC (Network Interface Card): A device
which allows the Node to communicate
with the Polling Client over Ethernet
Node Chain
Introduction to Symmetry (pg 12)
System Components & Key Terms
Reader: A device typically located at an
access point to allow/enable personnel to
present cards or enter codes to gain access
Door: Refers to an access point/location
such as a door, gate, turnstile, etc.
Door Lock: An electrical device such as
door strike or magnetic lock that secures
and releases the door, as directed by the
Node through simple relay logic
Door Unlock Relay: A Node relay for each
reader port, wired to the Door Lock and
activates during valid access transactions
Introduction to Symmetry (pg 12-13)
System Components & Key Terms Door Contact: Typically a Balanced Magnetic
Switch (BMS) located on the door and facing, and wired to the Node indicating the door state, whether open/closed (integral part of a Reader Port)
Exit Request: Commonly called a REX, may be a button or infrared-detector typically located near exit location and wired to Node to allow or invoke an exit/unlock action
Monitor Point: May also be a BMS, infrared-detector or similar device, wired to the Node and provides notification of movement or forced entry into spaces (not to be confused with the Door Contact, not part of Reader Port)
Auxiliary Output: A relay that is pre-programmed to activate/change state on a timed schedule or in reaction to a trigger input (such as Monitor Point in Alarm)
Introduction to Symmetry (pg 13)
Product Overview – What is Symmetry?
Symmetry Security Management System is a powerful integrated solution for
organizations requiring automated security.
Depending on the modules and hardware selected, the system can provide integrated
control and monitoring of all key elements of site security, including:
Access Control
Video Management
Intrusion Management
Visitor Management
Guard Patrolling
Introduction to Symmetry (pg 14)
Symmetry Software Product Types
There are different types (editions) of Symmetry software
AMAG Symmetry Business
A client/server system suitable for use on a customer network
– 3 clients, 64 readers, 16 cameras
» Each Node can recognize up to 2000 cards (uses specific controllers)
– Software can be installed on a single PC.
AMAG Symmetry Professional
A client/server system
– Up to of 9 clients, 512 readers, 256 cameras
Both Business & Professional Editions use SQL Server Express
Introduction to Symmetry (pg 14)
Symmetry Software Product Types
AMAG Symmetry Enterprise
Utilizes the full Microsoft SQL Server relational database management system
Unrestricted expansion for large systems
The use of a separate SQL database server if required
This edition also supports "clustering"
Clustering - Two independent servers are seen as a single server by Symmetry. If one
server in the cluster should fail, the other automatically steps in to continue normal operation.
AMAG’s Professional Services team must be involved in implementing a cluster!
Introduction to Symmetry (pg 14)
Symmetry Software Product Types
Global Edition Systems –
– Built on Enterprise Edition to provide enhanced capabilities for remote
management of multiple systems spread over a number of geographically
separate sites (not yet released for v8)
Symmetry Homeland
A variant of the Symmetry software is available for US Government installations.
Symmetry Homeland includes additional fields when defining card details
– Designed to meet Federal Smartcard standards and meet HS Directive 12
– Professional, Enterprise, and Global Editions (versions prior to v8.0.1)
NOTE: Symmetry Homeland is required if using SR-Series (Symmetry Retrofit) hardware
Introduction to Symmetry (pg 15)
System Architecture
Installation on a Single Computer - Smaller companies use Symmetry Business or
Professional Edition
The standalone Server/Client system can be expanded by just adding another client
to the system
Introduction to Symmetry (pg 15)
System Architecture
Separate Symmetry Server - Used with any edition of Symmetry
Often used with Professional or Enterprise Edition in medium-to-large-sized
organizations
Introduction to Symmetry (pg 16)
System Architecture
Using Separate Symmetry and Database Servers - Enterprise Edition provides the
option of installing the Symmetry database on a separate database server
This architecture is often used in large organizations that prefer to use a dedicated
computer to run databases, often for security reasons
NOTE: A Domain-based network must be used due to the
security requirements needed for such an architecture.
Introduction to Symmetry (pg 16-17)
System Architecture
Symmetry - Standard Features Complete control of access rights
Easy card administration (bulk amendments)
Dynamic alarms management
Graphics interface
Badge designing and printing
Database partitioning
Login permissions control user access
Extensive reporting options
Visitor management
Antipassback management
Emailing of Alarms
Identity Verification (enhanced with Symmetry v8.0.1)
Symmetry - Optional Features Integration with digital video systems
Integration with intrusion systems
Integration with SALTO™ online/offline
readers (Disconnected Door)
Magnetic Stripe and Smart Card Encoding
XML Developer's Kit
Intercom Control Integration
Card Data Import and Card Data Export
(Standard with Enterprise)
Workflow
Threat Level
Safety Roll Call (Muster)
Introduction to Symmetry
QUESTIONS?
Hardware Fundamentals (pg 18-32)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 2
Hardware Fundamentals
Hardware Fundamentals (pg 18-32)
Objectives
Perform a review of the On Demand Hardware Course
Describe Node and External Controller Configuration
Demonstrate Network interface device programming
Hardware Fundamentals (pg 19-20)
Symmetry Learning Center Hardware Certification Course
Designed for installers who do not normally configure Symmetry software
Provides detailed information on the full range of Symmetry hardware
The course can be found at:
http://amagtraining.leads2learning.com/course/view.php?id=8
NOTE: Your Instructor may require you to complete this On Demand course (if you have not already done so) prior
to completing the Essentials training and achieving your certification.
Hardware Fundamentals (pg 19-20)
Hardware Course Design
The Hardware Certification course is divided into a series modules
The modules contain a variety of activities and other resources
The course ends with a Final Quiz.
Hardware Fundamentals (pg 21)
Symmetry Device Configuration
Each Node and Controller requires a unique address for proper functionality
Nodes will also require configuring COM Port Usage
Two types of Symmetry device addressing
Node
– Node addressing identifies the location of a Node, most notably
when there are several Nodes on the same Chain
Door Controller (DC)
– Each External Controller (xDC, AC 24/4 or OC 4/24) requires a unique
DCU address to identify the readers, monitor points and auxiliary
outputs connected
Hardware Fundamentals (pg 21)
Node Addressing
Each database unit requires a unique address in the range 1 to 32, which is set using
dip switches on the PCB
Refer to the appropriate controller’s Installation Guide for the proper settings)
While the range is from 1 to 32, the first Node on the chain (or if it is the only Node on
the chain) must always use address 1
Hardware Fundamentals (pg 21-22)
Node Addressing
M2150 & SR-DBU
Addressing
Multiple Nodes on a chain
Hardware Fundamentals (pg 23)
Node COM Port Usage
Setting for COM C, D, and E need to be defined
Example displayed for the first (or only) Node with only one NIC4 module:
Hardware Fundamentals (pg 23)
Door Controller Addressing
Each External Controller (xDC, AC 24/4 or OC 4/24) requires a unique
DC address
In the range of 1 to 8 (depending upon the controller model and to
which database unit type it is connected)
− Set using dip switches or links (stake-pin jumpers) on the PCB
− Refer to the appropriate controller’s Installation Guide for the
proper settings
Consider that each DCU consists of one pair of readers.
– For a Node with Integrated Door Control, DCU addresses are
consumed internally
Hardware Fundamentals (pg 23)
Door Controller Addressing – Door Controller Unit Concept
Consider that each DCU consists of one pair of readers. For a Node with
Integrated Door Control, DCU addresses are consumed internally
M2150 2DBC, for example, only one DCU is consumed by the Node’s
two integrated readers. This makes the first possible external controller
address as “2”
M2150 8DBC, four DCU addresses are consumed by the Node,
making “5” the next possible address
The AC 24/4 and OC 4/24 each occupy two addresses, and thus follow
the same rules as the M2150 4DC (consuming two addresses)
− This results in decrease of available readers possible
EN-LDBU connects to Aperio™ serial hubs, not door controllers
− Wiring is same but addressing is different
Hardware Fundamentals (pg 24)
M2150 2DC
Note: Addressing is based upon Database Unit type
Hardware Fundamentals (pg 24)
M2150 4DC
Note: Addressing is based upon Database Unit type
Hardware Fundamentals (pg 24-25)
M2150 AC 24/4 and OC 4/24
Note: Addressing is based upon Database Unit type
Hardware Fundamentals (pg 25)
M2150 8DC
Note: Addressing is based upon Database Unit type
Hardware Fundamentals (pg 25)
M2150 EN-LDBU
Aperio™ hub addressing
Exercise - Node Type and DC Addressing
Server
Node
_____
Node
____
Node
____
Node
____ >>>>
Node
1
Node
8
Node
3
Node
32 >>>>
2DC
____
4DC
____
2DC
____
8DC
____
8DC
____
2DC
____
8DC
____
4DC
____
8DC
____
2DC
____
2DC
____
Chain 1
Chain 2
R
R
R
R R
R R
R
R
R
R
What are the Node types (assuming 16 readers per node), the
DC addresses, and their reader numbers?
Hardware Fundamentals (pg 26)
Network Interface Programming Utilities
Edge Network and SR-Node LAN Interface Addressing
G4FlashNet Utility
M2150 (and earlier) Node LAN Interface Addressing
CoBox Utility
Hardware Fundamentals (pg 26)
Network Interface Programming
Edge Network and SR-Node LAN Interface Addressing
G4FlashNet Utility
– Configures: EN-1DBC, EN-2DBC, SR-DBU, EN-LDBU and EN-DBU
Hardware Fundamentals (pg 26-27)
Edge Network Device Programming
Configuration using the G4FlashNet utility
The utility is a standalone utility
Found in Symmetry DVD\Extras folder
G4FlashNet will automatically locate any nodes on your local network
Hardware Fundamentals (pg 27)
Edge Network Device Programming
Directly connecting to a Node can be done by selecting the Use Direct IP
addressing check-box
Hardware Fundamentals (pg 27)
Edge Network Device Programming
G4FlashNet will automatically locate any nodes on your local network
Simply select the node you wish to configure from the Located Nodes drop down list
to proceed.
Hardware Fundamentals (pg 27-28)
Edge Network Device Programming
Configuration using the G4FlashNet utility
Enter the required device addressing and click Configure
Hardware Fundamentals (pg 29-30)
Network Interface Programming
M2150 (and earlier) Node LAN Interface Addressing
CoBox Utility
– Configures: MSS1-Lite, CoBox, XPort (NIC3), NIC4 and NIC-WI Wireless
modules
Hardware Fundamentals (pg 30)
NIC- 4 Programming
Configuration using the CoBox utility
Found in the Security Management System folder of Program Files once
Symmetry is installed
If Symmetry is not installed, create a shortcut to the “CoBox.exe” file onto your
Desktop from the Symmetry DVD\Symmetry\Disk1\Program Files\Security
Management System folder.
Also copy the “COBOX.ini” (Configuration settings) file from the Symmetry
DVD\Symmetry\Disk1\CommonAppData\Security Management System
folder to the Windows installation folder of your computer.
Hardware Fundamentals (pg 30)
NIC- 4 Programming
Configuration using the COBOX utility
COBOX.ini settings:
For a non-encryption-enabled COBOX or XPort module, if you want to be able to
default the NIC, use the following settings in COBOX.ini
– AllowColdStart=1
– DisplayEncryption=0
– EnableCurrentNIC=0
For an encryption-enabled COBOX or XPort module, if you want to be able to
default the NIC, use the following settings in COBOX.ini:
– AllowColdStart=1
– DisplayEncryption=1
– EnableCurrentNIC=1
Hardware Fundamentals (pg 31-32)
NIC- 4 Programming
The instructor will demonstrate the Programming/Configuration of the NIC Using
the COBOX utility
Follow the steps in the workbook to complete NIC4 programming when directed
In-Class Exercise – NIC Programming
1. Conduct NIC-4 programming as previously demonstrated
2. Use the IP parameters provided by the Instructor
Hardware Fundamentals
QUESTIONS?
Symmetry Specification & Planning (pg 33-43)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 3
Symmetry Specification & Planning
Symmetry Specification & Planning (pg 33-43)
Objectives
Define Installation Options
Describe Pre-install Consideration
Define Windows Groups and Accounts
Identify System Requirements
Symmetry Specification & Planning (pg 34)
Installation Overview
Single Computer Installation
Server, Database, and single client
Symmetry Business and smaller Professional Edition systems
Symmetry Specification & Planning (pg 34-35)
Installation Overview
Multiple Computer Installation – Non-detached Database
Server and Database on same computer
One or more additional Client workstations
Medium to large Professional Edition or typically Enterprise Edition systems
Symmetry Specification & Planning (pg 35-36)
Installation Overview
Multiple Computer Installation - Detached (Separate) Database Server
Symmetry Server and Database on different computers
One or more additional Client workstations
Larger Symmetry Edition systems
– Requires a Domain-based network due to security requirements
– DB Server hardware must meet req’s for Enterprise Edition server
– Low network latency (<2ms)
– SQL shared folder must be created on database server
Symmetry Specification & Planning (pg 37-38)
Installation Considerations
Verify network performance if a Separate Database server is to be used
System performance can be negatively affected if inadequate computer systems
are utilized
A fixed IP address must be used for any type of Symmetry server and for any
Symmetry client that is managing one or more LAN chains.
Computer Names – Do not use the underscore character in computer names!!!
Automatic updates – Turn off if possible
Refer to the latest Microsoft Security Updates document
Symmetry Specification & Planning (pg 37-38)
Installation Considerations
Obtain all necessary Symmetry licenses
Disable Database Optimization Software (if used)
Set Server(s) Power Options
Set “Hibernate” and “Sleep” to Never
Verify Windows Time Service Configuration
Recommendation is to use Network Time Protocol
Download drivers (may be necessary for 3rd party equipment if installing into a
64-bit O/S such as Windows 8.1)
Symmetry Specification & Planning (pg 39)
Installation Considerations
Workgroup or Windows Active Directory
Local Administrator rights to logon locally on a computer for Workgroup software install
– Workgroup installs could be conducted in offsite, if necessary
Domain Administrative rights are required to conduct a Domain installation
– Domain installation MUST be conducted at the customer’s site and usually
requires pre-planning and coordination with corporate IT dept. for Administrative
logins
Symmetry Specification & Planning (pg 40-41)
Windows Groups in Symmetry
The default Symmetry groups are: ACSUsers, ACSAdmin, and ACSGuest
In Workgroup installations these are automatically created
For Domain/Active Directory installations these must be created on the A/D Server
Group Permissions
ACSUsers - This is used to provide the privileges necessary for a user to use the
Symmetry client software.
ACSAdmin - This is used by the Symmetry services on the Symmetry server
– Any user who can also perform database restorals
ACSGuest - This is for third party applications needing read-only access to the Symmetry
database, such as a reporting application
Symmetry Specification & Planning (pg 42)
Hardware and Operating System Requirements
Review the Security Management System Software Installation Manual
Symmetry Specification & Planning (pg 42-43)
Hardware and Operating System Requirements
Review the Symmetry System Requirements
Symmetry Specification & Planning
QUESTIONS?
Software Installation (pg 44-56)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 4
Software Installation
Software Installation (pg 44-56)
Objectives
Describe Installation Details
Perform Software Installation
Identify Software Licensing and Activation
NOTE: The Instructor will demonstrate the software installation process.
Observe the steps and you will later be directed to conduct these same steps
on your system.
Software Installation (pg 45)
Symmetry Software Installation Sequence
Review Module 3 information
Perform Software Installation as described in the Software Installation Manual
Use Chapter 3 for a “Quick Install”
Use Chapter 4 for an “Advanced Installation”
Apply and activate Software Licensing
Perform post-installation tasks as required
Software Installation (pg 45-46)
Symmetry Software Installation Sequence
Considerations for Separate Database Server
– If a separate Symmetry database server is used, this uses inbound connections on
TCP/UDP port 1433 and 1434.
If Default instance was selected during the installation of SQL Server, open TCP
port 1433 in the firewall
If a named instance was selected, add both of the following to the firewall
exceptions: TCP port 1433 for sqlserver.exe and UDP 1434 for SQL Browser
Enable TCP/IP Protocol - Unless the site has other requirements, enable the
TCP/IP protocol for the SQL Server instance using SQL Server Configuration
Manager.
Software Installation (pg 49-50)
Post-Installation Tasks
Anti-Virus Exclusions
When using anti-virus software exclude the following folders*, including all subfolders
(‘on-demand’ and ‘end-point’ scanning must also be configured with the same exceptions)
On the Symmetry Server:
– Program Files\Microsoft SQL Server
On the Symmetry Server and all Clients:
– Windows\System32\msmq
– Program Files\Security Management System
– ProgramData\Security Management System\Import
– ProgramData\Security Management System\Export
– ProgramData\Security Management System\Images
* The above paths are generic, they may be different on your system
Software Installation (pg 50)
Post-Installation Tasks
Loss of Network Communications - If a client loses its network communications to
the server, the client will continually attempt to re-establish communications over a
period of time
– Default time is 600 seconds
Configuring Alarm, Visitor or Workflow Emails
Please refer to the Software Installation Manual, Appendix D, if Symmetry is
required to send emails for alarm messages, visitor sign-ins or workflow events.
Firewall - The Port Numbers that may be used by Symmetry (found in the Software
Installation Manual, Appendix F - Port Usage)
– The port that Symmetry uses for communication to the NIC Module is 3001
Software Installation (pg 51-53)
Post-Installation Tasks
Configuring Windows Users
If users other than who installed Symmetry will be using the software, these must be
added to the ACSUsers group.
If users other than who installed Symmetry will need administrative rights to the database
(e.g. to perform a database restoral), these must be added to the ACSAdmin group.
– To create these users, go to “Computer Management”, then “Local Users &
Groups”, then select “Users” and define as required
If 3rd party applications will need read-only access to the software, these must be added
to the ACSGuest group.
Software Installation (pg 53)
In- Class Exercise – Installing Software
1. Install Symmetry Version 8
2. Use the Serial number provided by the instructor
3. Setup Type – Choose Typical
4. Follow the prompts
5. At the Registration screen, stop and wait until instructed to continue.
Software Installation (pg 54-55)
Licensing the Software
You need to obtain an activation code to activate the Symmetry software. You can
obtain the activation code in one of two ways:
Over the Internet by clicking Register Online. You will be prompted to log in and
register your details. The login username and password are provided on the Software
License Certificate
By phone using one of the numbers displayed in the dialog. If you use this method,
you will need the Serial Number and Registration Key displayed near the top of the
license activation dialog box.
If adding features, repeat the licensing process
Registration details will be automatically uploaded to activation server if online
Software Installation (pg 55)
Verify Software Installation - Service Monitor
By default, the Symmetry Service Monitor is installed during installation
It is typically located in the System Tray (hidden icons)
Software Installation (pg 56)
Software Installation Quiz
1. What is the default location of the Symmetry software? ______________
2. What is the default location of the database? _______________
3. Where can I find the Symmetry Documentation folder after installation?
_______________________
4. What three Windows Groups are created during a Symmetry Professional
installation?
A. ________________________
B. ________________________
C. ________________________
5. Symmetry v8.0.2 Professional uses what database engine?___________________________
Software Installation (pg 56)
Software Installation Quiz
6. Symmetry v8.0.2 standalone installation uses 1 Client license.
True or False
7. What is the default Facility Code installed during installation? _________
8. The default Facility Code cannot be changed after installation.
True or False
9. When installing Enterprise edition, SQL Server is installed before installation
of the Symmetry Software.
True or False
10. Installing Symmetry with a separate database server can be done in a Workgroup.
True or False
Software Installation
QUESTIONS?
Basic System Configuration (pg 57-100)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 5
Basic System Configuration
Basic System Configuration (pg 57-100)
Objectives
Access Control Programming – (Hardware)
Basic Card Access Programming
Basic Communication
Points, Outputs and Command Basics
NOTE: The Instructor will demonstrate the initial software programming
process. Observe the steps and you will later be directed to conduct these
same steps on your system.
Basic System Configuration (pg 58)
Opening the Symmetry Software
Double-click the icon on the Windows desktop:
You are now prompted to log in:
– Enter your assigned user name and
password to gain access to the
screens of the Symmetry software
The service user name is "Installer"
The default password is "install”
Basic System Configuration (pg 59)
Installation Wizard
This wizard prompts for the unique name for the Client PC
This name should represent the function of Client (e.g. Guard's Computer,
Admin Computer, etc)
Basic System Configuration (pg 59)
Installation Wizard
Clients
In all Symmetry Editions (except Global) all clients get access to
all allowed screens of the security management system
(depending on user permissions and the licenses purchased).
Each Client PC requires a unique name that best describes the
purpose of the Client (such as: Visitor Computer, Guard Station,
etc…)
New Client – Select this if defining the Client for the first time
Existing Client – Select this if the client has already be defined
in the database
Check the “Display real-time activity at this client” option if the
Activity and Identification Verification screens will be able to be
used at the client
Basic System Configuration (pg 60)
Installation Wizard
After the Client is correctly named, the wizard can be closed
The wizard can also assist with defining additional clients, nodes, readers,
monitor points and auxiliary outputs
Basic System Configuration (pg 61)
Install Menu Ribbon
Symmetry's top-level menu, as shown in the below example, provides access to
all Categorized Ribbons (and sub-menus) needed to program a system.
Basic System Configuration (pg 61)
Installing the Access Control Hardware within Symmetry
The following steps are required when first configuring the Access Control
Hardware:
Define Client Port(s)
Define Chain(s)
Define Node(s)
Define Reader(s) and additional hardware
Basic System Configuration (pg 62)
Installing the Access Control Hardware within Symmetry
Client Port Options
Network - Used as the supervising client to communicate with nodes on
LAN chain(s) via its network (Ethernet) port.
IPNet - Used as the supervising client to communicate with intrusion
system(s) via its network port.
COMNet - Used as the supervising client to communicate with a Bosch
D6600 intrusion communications receiver via its network port.
IntercomNET- Used as the supervising client to communicate with a
Stentofon Alphacom intercom system via its network port.
USB - Used to define a connection to one of the client's USB ports.
COMxx (RS-232) - Used to define a connection to one of the client's COM
ports.
Up to 16 can be used for connection to hardwired or dial-up chains.
Basic System Configuration (pg 62)
Installing the Access Control Hardware within Symmetry
Client Ports define the type of security management hardware connected to each
of the client's ports
Select the type of Client Port for a LAN Chain – Network
The Network Port identifies the communication path from the Symmetry
Database Server’s polling client to the defined chains
Basic System Configuration (pg 63)
Installing the Access Control Hardware within Symmetry
Chains (LAN Chain) define the name for each LAN Chain
and the communication parameters for the LAN Chain
When selecting LAN for the Chain option the following
parameters need to be set:
LAN Chain Name – Unique Name for LAN Chain
LAN Client Name – The Client that will communicate with the
LAN Chain
LAN Port Name - Network defined in the Client Port settings
LAN Interface – COBOX/XPort - if the LAN Chain uses a
COBOX, XPort, NIC4 or NIC-WI module
IP Address – either DHCP or Static
* If configuring the server offsite, uncheck the Enabled box!
Basic System Configuration (pg 63)
Installing the Access Control Hardware within Symmetry
Chains (LAN Chain) define the name for each LAN Chain
and the communication parameters for the LAN Chain
New Password – Up to 16 alphanumeric characters.
Time Difference - The time difference between the polling client
and remote chain.
Continuous - The client will continuously poll the chain.
If there are two or more continuously-polled chains or other
devices communicating with the same network port on a client,
each is polled in turn.
Periodic - The client contacts the chain only when there is data
to download (such as new card data) and at the times specified
in the Periodic Contact tab.
If the are alarms the chain contacts the client, events are
uploaded when the client initiates contact
Basic System Configuration (pg 64)
Installing the Access Control Hardware within Symmetry
Chains (LAN Chain) define the name for each LAN Chain and the communication
parameters for the LAN Chain
Fallback - Select this option if the LAN chain is to use a modem at the Node for fallback
communications
Secondary - Select this option if the node contains two NIC4 modules
Basic System Configuration (pg 64)
Installing the Access Control Hardware within Symmetry
Chains / Anti-Passback Mode - The purpose of anti-
passback is to prevent people from passing back a card to a
second person to gain entry or exit. The two modes are
Timed and Zonal.
Timed - Once a card has been used at a timed anti-passback
reader, the card causes an anti-passback violation if it is used
again at the same or another timed anti-passback reader within a
predefined period of time.
Zonal - In the case of Zonal anti-passback, the building needs to
be partitioned into zones.
Global Client – Anti-passback status is monitored on nodes tied
to the same polling client
Global System – Anti-passback status is monitored on nodes
reporting to any polling client in the system
Basic System Configuration (pg 65)
Installing the Access Control Hardware within Symmetry
Node Description – The unique name of the Node (e.g. location of
the doors it controls)
Chain Name – The chain to which that Node is connected
Node Type – Model of the Node
M2150 Nodes (2DBC, 4DBC, 8DBC)
M2100/M2150 Node
multiNODE-2
Wiegand Format – Card format used by readers connected to this
Node
Basic System Configuration (pg 66)
Installing the Access Control Hardware within Symmetry
Door & I/O Controllers – Specify any remote door, alarm or output
controllers used by the Node
1DC - One-door remote control unit (M2100 1DCR-P).
2DC - Two-door remote control unit (M2100 2DCR or M2100
2DCR-P, or M2150 2DC).
4DC - Four-door remote control unit (M2100 4DCR-P, or M2150
4DC/4DCN).
8DC - Eight-door remote control unit (M2150 only).
AC24/4 - Alarm controller (M2100 ACR or M2150 AC24/4).
OC4/24 - Output controller (M2150 only).
For SR-Nodes configure all External Controllers as a 2DC, addressed from 1-8, regardless of what cards are installed in the enclosure.
Basic System Configuration (pg 66-67)
Installing the Access Control Hardware within Symmetry
Edge Network Node Definition:
Chain Name - Select <New>
Node Type – Model of the Edge Network Node
EN-1DBC/EN-2DBC
EN-DBU
EN-LDBU
SR-Node (only available in Homeland Edition)
Click Discover and select the desired device
Configure the Communications tab
4
1-2
3
Basic System Configuration (pg 68)
Installing the Access Control Hardware within Symmetry
Reader defines the name and type for the reader interface and the door hardware
or furniture associated with reader ports on the door controllers within this Node
Basic System Configuration (pg 68)
Installing the Access Control Hardware within Symmetry
Reader Screen options:
Reader Description – Unique name of the Reader/Door connected to the
controller
Owned by Company (if multiple companies) – Which company the reader is
used by
Description – Node (database unit) to which that reader is connected
Controller Description - Door controller to which the reader is connected
Basic System Configuration (pg 68)
Installing the Access Control Hardware within Symmetry
Reader Screen options:
Reader Type – This specifies the reader/card format name
– In an SR-Node select the card format for the F/2F cards
– For Wiegand cards select “Display Additional Reader Types”. Use the
same format entered in the Node definition for “Default Wiegand”.
Reader Port – The port on the controller to which the reader is connected
Basic System Configuration (pg 69)
In- Class Exercise – Basic Access Control Configuration
Ask Instructor for assistance if needed
1. Log into the Symmetry Client
2. Define the Client (name the Client)
3. Define the Client Port (Network – LAN Chain)
4. Define the Chain
5. Define the Node (your choice of the name or description)
6. Define the Reader on “Reader Port 1” (your choice of the name or description)
*Use screenshots on pages 76-80 for reference
Inform Instructor when complete
Basic System Configuration (pg 66)
Symmetry Basic Programming
The following section defines the basics for defining:
Facility/Customer Codes
Card Holders
Access Rights
Trigger and Scheduled Commands
Additional details for Card Holder, Access Rights and Commands will be discussed within
the Basic System Administration module
Basic System Configuration (pg 69)
Symmetry Basic Programming
Some card technologies have a Customer Code (otherwise known as a Facility
Code) encoded within the card data, which is used to identify the company that
the card holder is associated with in the Symmetry software
By default, the number of these codes per system is limited to 8, the installer is able
to remove this restriction by modifying a setting in the multiMAX.ini file
Basic System Configuration (pg 69-70)
Symmetry Basic Programming - System Log Report
The System Log can be used to identify the Facility/Customer Code of the
Access Card if the correct code is not already downloaded to the Node
The System Log is located under the Reports/Configuration/Reports menu
Select the Output to “Screen”
The Listing Type to “System Log”
The System Log displays the latest record at the top and can be refreshed by
clicking the “Today” button
The System Log can also assist identifying issues with the installation and
configuration of the hardware. The System Log displays engineering messages
from the Nodes and other debug information
Basic System Configuration (pg 69-70)
Symmetry Basic Programming - System Log Report
The System Log can be used to identify the Facility/Customer Code of the
Access Card if the correct code is not already downloaded to the Node
The Node cannot recognize and decipher card reads or Facility Codes until the correct
“Wiegand Card format” is configured
When a card is presented to the reader:
The System Log report results indicate this:
“TXNALMVWDec. No Name. Card 113 Cust 0….."
If the correct Wiegand Card format is defined, the Facility Code is displayed
between “Card” and “Cust” (113 in this example) in the System Log when
presenting a card to the reader
The Wiegand Format is defined under the Node definition screen for AMAG
readers
It is defined in the Readers definition screen for non-AMAG readers
Basic System Configuration (pg 71)
Card Holder Administration
The Facility/Customer Code screen can be
defined under the “Setup/Configuration”
ribbon
Select the Facility/Customer Code icon
Click the New button on the Selection
screen
Enter the Code in the Facility/Customer
Code field
Select the Company or Companies and
add them to the “List of Companies to
use the Code” field
Basic System Configuration (pg 71)
Card Holder Administration
Double-click the Card Holder’s name or enter text and click “Find”
Wildcards search supported such as “Mic*” would return “Michael” or “Michelle”
Find
Basic System Configuration (pg 72)
Card Holder Administration – Standard Edition Card Holder
Basic System Configuration (pg 72)
Card Holder Administration – Homeland Edition (SR-Node) Card Holder
Basic System Configuration (pg 73)
Card Holder Administration
The Card Holder screen allows the following tasks:
Creating, modifying, finding, copying and deleting Card Holder and their details in
Symmetry
Configurable details such as:
Access Rights
Photograph and signature
Biometric data
Personal data
Additional access control options
Required for Standard Editions:
First name, Last name, Facility Code, Card number
Basic System Configuration (pg 73)
Card Holder Administration
Card Details Tab
Enter Card Number if known (the system can auto-generate a number or this field
can be left blank)
By default the PIN number will be auto-generated
The Facility/Customer Code is required for standard editions of Symmetry
Click the Save button to return to the selection screen
Basic System Configuration (pg 73)
Card Holder Administration
Assigning Access Rights
Select and click the “Open” button or double click
the Card Holder from the selection screen
Click the Access Rights tab
Either right-click the reader/reader group or select
readers click the “Assign” button on the right side of
screen
In the Assign Reader dialog, you choose one or
more readers that the card holder is allowed to
access from the list in the top-left corner
Additive Rights – Advanced Rights can now be
added to Normal Rights instead of replacing them
Basic System Configuration (pg 74)
Card Holder Administration
Creating a Time Code (Access Rights category)
Select “New” under the Select Time Code Area
Create a Time Code Description
Click the dropdown arrow
beside the days of the week
click the OK button
Basic System Configuration (pg 74)
Card Holder Administration
Defining Time Codes within the Access Rights screen:
Select “New” under the Select Time Code Area on the bottom of the Assign
Reader dialog box
Create a Time Code Description such as:
“24/7” or “Master Access Time” to represent 24 hours a day, 7 days a week
“M-F 9am-5pm” to represent access from Monday through Friday at 9:00 am to
5:00 pm
Click the dropdown arrow beside the days of the week and select the appropriate
Hours Definition, according to the Time Code Description that was created
When finished click the "OK" button
Basic System Configuration (pg 75)
Card Holder Administration
Assigning a Card to a Card Holder
Card Number Facility/Customer
Code
Unique Card
Basic System Configuration (pg 75)
Card Holder Administration
Adding the Facility/Customer Code and Card Number to the Card Holder
In the Card Holder screen select the correct Facility/Customer Code from the
dropdown box
Enter the Card Number
Click the Save button
Card Holder Facility /
Customer Code
Access Rights on Reader
connected to the Node
Facility Code Downloaded
to NODE
Downloading Facility Code to Node
Basic System Configuration (pg 75)
In- Class Exercise – Card Holder Administration
Ask Instructor for assistance if needed*
1. Create a Card Holder (Choice of Name)
2. Grant Access to the Reader/Door (Reader port 1)
3. Create a Master Time Code 24/7 (Access Rights)
4. Ensure Access Granted is displayed in Activity Screen
*Use screenshots on pages 81-84 for reference
Inform Instructor when complete
Basic System Configuration (pg 85-86)
Communication Tools - Client Communications
This tool is ocated under the
Maintenance/Communications/Client ribbon and
allows for visual confirmation of chain
communications and verification of two-way data
exchange between the polling client computer and
its associated chains.
TX – Symmetry Polling Client initiates polling with
Transmitted (TX)
RX – Chain Controllers respond with Received (Rx)
Basic System Configuration (pg 86-87)
Communication Tools
The Client Communications option serves as a debugging tool that should be used
by technicians to verify normal communications, downloads and to analyze system
anomalies
Common Card Transaction Examples:
Ca/Cd* = Card Added or Deleted
CT = Card at the Wrong Time: Card has access to the door, but not at this time
CU = Card type is known but the card is not
CV = Card Valid (Granted Access)
CW = Card at the Wrong Door: Card has no access to door (This could be due to no
Access rights or due to Keycard mode)
CX = Unrecognized Card Read: Card type does not match the card format
programmed, or the Facility Code is not in the Node
MRX = Mismatched database
* Note the capital “C”, if lower case it is invalid
Basic System Configuration (pg 88)
Communication Tools - Node Status
Node Status is another useful tool for verifying communications. All system Nodes
and door/alarm controllers may be verified using this screen.
Node Status is selected under Maintenance/Access Control ribbon and allows for
selection of one or multiple Nodes to query
The query to the Nodes and the associated door and alarm controllers provides a status
of verified communications for each
The status includes the device’s firmware version
Basic System Configuration (pg 89)
Communication Tools - Command Center
Provides a real-time status of devices within the system and can be used to:
Send manual commands to perform actions such as unlock a door
To send a command, select the relevant item (for example, Reader) in the tree view,
choose the command in the Available Commands area, and then click Send.
Determine the current status of any item in the tree view.
Basic System Configuration (pg 90)
In- Class Exercise – Verifying Communication and using System Tools Ask Instructor for assistance if needed
Open Client Communication and present each card to Reader 1
1. What Response Code was displayed when reading the cards?________
2. What was displayed in the System Log between “Card & Cust”? ___________
3. Add the new Facility Code to Symmetry and assign it to a new card holder. Present the card
again. What was displayed in the System Log? _______________________
Open Node Status, select and open the Node.
1. What version of firmware is loaded on the controller?_______________
2. How many DCUs have reported their status? ________________
Open the Command Center and expand Readers
1. Select the first reader in the list and expand it, what is the current status? _______________
2. Select from the available commands and perform the following:
1. Grant Access, Unlock Door and Lock Door
Inform Instructor when complete
Basic System Configuration (pg 91-92)
Installing the Access Control Hardware within Symmetry
Monitor Point and Auxiliary Outputs define the name and type of I/O that are
connected to an associated Node
Monitor Points and Auxiliary Outputs can be connected to what type of boards?
Basic System Configuration (pg 91)
Installing the Access Control Hardware within Symmetry
Monitor Points are defined using the Install Ribbon, selecting the Monitor Point icon
Selecting the New button on the selection screen makes the following options available:
Monitor Point Description – The unique name of the Input connected to alarm
controller or M/N-I/O (AC8/4 or OC4/8)
Owned by Company (if multiple companies) –Which company the monitor point is
used by
Node Description – The Node that the alarm controller or M/N-I/O is connected to
Controller Description – The door or alarm controller the input is connected to
Monitor Point Number – The input on the node the monitor point is connected to.
Inputs that are already used are not displayed in the drop-down list.
Basic System Configuration (pg 92)
Installing the Access Control Hardware within Symmetry
Auxiliary Outputs are defined using the Install Ribbon, selecting the Auxiliary
Output icon
Selecting the New button on the selection screen makes the following options
available:
Auxiliary Output Description – The Node that the output is connected to
Controller Description – The door or alarm controller the output is connected to
Auxiliary Output Number - Which output on the node the auxiliary output is
connected to (numbering is the same as the Monitor Point description)
Pulse Time - When the auxiliary output receives a pulse command, it operates
for the specified pulse time, and then reverts automatically to its idle state.
The Maximum Pulse time for the Node type in this class is?
Basic System Configuration (pg 92)
Installing the Access Control Hardware within Symmetry
SR-Series Node Flexible
Symmetry v8.0.2 adds the flexibility to reassign Monitor Points as a REX or Door
Contact
In addition, it allows assignment of any Auxiliary Output for door control
Conversely, it is possible to map the standard Door Inputs to any undefined (not
configured) Monitor Point.
It is also possible to map the standard Door Outputs to any undefined (not configured)
Auxiliary Output
Basic System Configuration (pg 92-93)
Installing the Access Control Hardware within Symmetry
Groups
Devices can be grouped for a variety of reasons, based on what is being grouped
Multiple readers, for example, can be unlocked with one command
Commands for grouped devices are Server-based
Shared devices are shared between multiple companies
Basic System Configuration (pg 92-93)
Installing the Access Control Hardware within Symmetry
Groups
Basic System Configuration (pg 94)
Trigger & Scheduled Command Basics
Trigger Commands (also called Conditional Commands) are “If”/”Then” statements
Scheduled Commands are actions on a time schedule
Basic System Configuration (pg 94)
In- Class Exercise – Basic I/O Configuration
Ask Instructor for assistance if needed*
1. Log into the Symmetry Client (if not already)
2. Define 2 Monitor Points (your choice of the description)
3. Define 2 Auxiliary Outputs (your choice of the description)
4. Create a Trigger Command:
1. If Monitor Point 1 is in alarm, pulse Aux Output 1
5. Create a Scheduled Command:
1. Unlock the door on Reader 1 from 1:30 PM to 1:45 PM today
*Use screenshots on pages 95-100 for reference
Inform Instructor when complete
Basic System Configuration
QUESTIONS?
Basic System Administration (pg 101-158)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 6
Basic System Administration
Basic System Administration (pg 101-158)
Objectives
Define Card Administration
Describe Visitor Management
Describe Badge Design
Configure Time Codes, System Holidays and Access Codes
Configure Commands
Describe Activity and Alarm Management
Describe Video Management
Describe Identity Verification
Basic System Administration (pg 102)
Card Holder Additional Fields
In addition to the Card Number, PIN number and Facility/Customer options, these
are some of additional items are located under the Card Details tab:
The Active Date and Inactive Date is used to specify the period over which the
card can be used to gain access (the doors and times that the card can be used are
defined in the Access Rights tab).
The Approving Official is the name of the person who has authorized you to issue
the person's badge. The names of the approving officials are defined in the
"Setup/Identity/Approving Official" screen.
Badge Expires – After you have selected a Badge Design, this field shows the
card expiry date, assuming an expiry period has been set in the
"Setup/Identity/Badge Designer" screen.
Basic System Administration (pg 102)
Card Holder Additional Fields
In addition to the Card Number, PIN number and Facility/Customer options, these
are some of additional items are located under the Card Details tab:
Set for Batch Printing – Choose this option if you do not yet wish to print the badge. It
serves as a reminder that the badge has not yet been printed.
You can print all badges flagged in this way in one operation by using the
"Home/Identity/Print Badges" screen.
Card Status – This displays and enables you to change the current status of a card
Card Lost – This is useful if the card has been lost or stolen. A "Lost Card" alarm/event
is generated and access is not granted.
Expired status can be set automatically if the card remains unused for a specified period
of time or if Expiry date is defined in Personal Data
Multiple and Temporary cards – This option allows you to define up to ten cards per card
holder. One card may be a “temporary card”. If assigned, the other cards are made
inactive.
Basic System Administration (pg 103)
Card Holder Picture
The option provides two alternative methods to capture the
person's picture, Live and Import:
Live – Click this to capture a live picture of the card holder's from
a camera connected to your PC.
The tool that provides configuration of the camera for capturing
the picture is dxconfig.exe
This tool is located in the root of the Security Management
System folder
Import – Click this to import a stored picture of the card holder
Export – Click this to save a captured picture of the card holder
to the client
Basic System Administration (pg 103)
Additional Card Options - The checkboxes in the Additional Options area to
specify additional privileges for the card holder
Area Occupancy Card - This option is used if the person is going to use readers to gain
entry and exit from an area that has a controlled occupancy count
Card Watch - The card can be used normally, but the reader generates a "Cardwatch"
alarm/event
Command Card Holder - This enables the card holder to generate card command
messages at keypad readers. The messages can be made use of by trigger commands, for
example to arm or disarm intruder alarm systems or to switch lights on or off.
A Card Command is initiated at a keypad reader by pressing the star “*” key (the key
on Javelin readers), keying in the defined command number (between 1 and 99),
followed by a valid card read
Pages 104-107 provide a “Checklist” for
configuring Card Commands
Basic System Administration (pg 107)
Additional Card Options - The checkboxes in the Additional Options area to
specify additional privileges for the card holder
Conditional Card - The card holder can use this card only to activate trigger commands or
as part of a patrol tour transaction; it does not open doors. A Conditional Card can activate
a trigger command by setting the IF part of a trigger command to Valid Card Transaction
Executive Card – An Executive card:
Need not enter a PIN at readers in Card + PIN mode
Is excluded from Auto Set Unused Cards Expiry
Is excluded from Random Search
Is excluded from Anti-Passback rules.
Extended Door Times – This is useful for card holders who are disabled, or for another
reason, may require more time than is normally necessary to open and get through a door.
Basic System Administration (pg 107)
Additional Card Options - The checkboxes in the Additional Options area to
specify additional privileges for the card holder
Keycard Holder - Readers that have been enabled as keycard readers recognize the card
as a keycard
When a reader is in Keycard-Out state, all cards except keycards are denied access,
irrespective of access rights.
When a card reader is in Keycard-In state, normal operation is resumed.
A keycard holder can switch the reader between Keycard-In and Keycard-Out states
(access rights permitting) by presenting his or her card, followed by a four-digit PIN in a
special sequence
To change the state from Keycard-In to Keycard-Out a card holder with a PIN of 1234
would enter 3412
To change the state from Keycard-Out to Keycard-In a card holder with a PIN of 1234
would enter 3412
Visitor Escort - This option allows the card holder to be selected for escorting visitors
Basic System Administration (pg 108-109)
Personal Data – This tab allows you to specify personal data such as Department,
Employee number, contact telephone number, etc.
Symmetry allows up to 50 Personal Data Title fields for card holders or Visitors
Symmetry allows up to 10 Personal Data Title fields for use in Identity Verification
To define the Personal Data Titles
– Select the Setup Menu
– Select the Personal Data dropdown arrow (Setup/Identity Ribbon)
– Select Card Holder Titles
Four types of Data Fields (note the significance of each)
– List Only
– Expiry date
– Edit List
– String
Define the data fields using the Card Holder Data option
Basic System Administration (pg 108-109)
Personal Data – This tab allows you to specify personal data such as Department,
Employee number, contact telephone number, etc.
Mandatory - Information for that title will have to be specified when adding or editing a
card holder/visitor
Category - Determines the required format of the information entered
Custom - Use # to indicate an alphanumeric character, use 0 for a numeric character
Other categories include Email, Date and General
– Mask – Determines the syntax (format) which must be followed
After creating the Card Holder Titles they will appear in the Card Holder Definition Screen,
Personal tab
Personal Data titles can also be included for display in Identity Verification views
Basic System Administration (pg 109)
In- Class Exercise – Personal Data
Ask Instructor for assistance if needed
1. Define three Card Holder Data Titles, one each using these Personal Data field
types:
a. List Only type (named Department)
b. Edit List type (named Manager)
c. String type (named Phone Number)
2. Define Card Holder Data for each of the lists:
a. Department: HR and IT
b. Manager: any person’s name you choose
3. Add Personal Data to the Card Holders
Inform Instructor when complete
Basic System Administration (pg 109-110)
Additional Card Options - The checkboxes in the Additional Options area to
specify additional privileges for the card holder
Locator - This tab lists the last 25 valid transactions for this card and allows resetting the
anti-passback location for this card only
Biometrics - This tab allows you to capture and store the person's signature (to print on a
badge) and to enroll biometric data, e.g. a hand print from a Hand Geometry Unit (HGU) or
a fingerprint from a fingerprint enrollment reader
Basic System Administration (pg 110)
Additional Card Options - The checkboxes in the Additional Options area to
specify additional privileges for the card holder
Vacation - This tab allows you to specify the card holder's vacation times in a calendar.
Vacations are used to specify times when individual card holders are taking a period of
leave or rest from work.
This is to comply with employment law in some countries
– By default, the Installer does not have permission for this tab
Vacation times have a resolution of 1 hour
Basic System Administration (pg 111-112)
Selection Screen Definitions – Common Options
Notes Icon
Notes Button
Move Button (card holder Definition screen only)
Permissions Button
Basic System Administration (pg 113-115)
Visitor Management
The Symmetry Visitor Management features enable:
Improved efficiency of the visitor check-in process
Enhanced site security and management of visitor details more effectively
The Visitors screen is used to create, find, view, modify, copy or delete visitor details,
including Visitor Data Titles, if defined
Basic System Administration (pg 113-115)
Visitor Management
Visitor Details – This tab enables you to specify general details of the visitor, such as
when the visitor is expected to arrive and depart, who he/she is visiting, and the name of
the escort
A major benefit of the Visitor Management module is the ability to sign visitors in and out
from the Visitor Details tab, using the Sign In and Sign Out buttons
The current status of the visitor is displayed in a color-coded box near the bottom-left
corner of the screen, which can instantly show you whether the visitor is still on site.
Visitors can be automatically deactivated following a successful transaction at a specified
reader.
Basic System Administration (pg 113-115)
Visitor Management
Email Notification of Visitor Signing In can be automatically sent to the
card holder when the visitor is signed in. The email address is defined
using a Personal Data Title in the Card Holder's details
Another option is the ability to scan driver licenses and business card
information to diminish data entry and provide further authentication
Other options of the Visitor Detail tab:
Arriving, Arriving Time, Departing and Departing Time - Specify the
dates and times of arrival and departure
Visiting – allow the selection person the visitor is visiting (any Card
Holder)
Visitor Escort – The person who has been nominated to escort the
visitor
Basic System Administration (pg 116-117)
Badge Designer
The Security Management System software provides a comprehensive set of tools
that allow you to design and print ID badges quickly and easily
Graphics toolkit - Provides all the tools needed to create customized badge designs
A library of badge designs can be created, each for a different group of visitors
A photograph, signature, graphics and personal details can be included on a badge design
The photograph and signature can be captured live from a video camera or webcam
The signature can also be captured using a signature pad
Each badge design can be assigned different default access rights
Card encoding (requires the Magnetic Stripe or Smart Card Encoding option)
Basic System Administration (pg 116-117)
Badge Designer
The Badge Design Graphics toolkit can be launched by selecting the Badge
Designer icon from the Setup/Identity menu ribbon
Clicking on the “New” button on the opens the Badge Designer screen and a new tab in the
ribbon bar that provides the options necessary for designing badges.
Basic System Administration (pg 116-117)
Badge Designer
A Rule enables you to set up what determines whether or not the item is displayed
for a card holder or visitor card, depending on personal data.
For example, you may want a logo to be displayed only for card holders who belong to a
specific department.
To create a rule click on the item that can change (hidden or shown) based on the
Cardholder and/or Personal Data fields in the Card Holder definitions.
Basic System Administration (pg 116-117)
In- Class Exercise – Badge Designing
Ask Instructor for assistance if needed
1. Create a Badge Design in Portrait orientation
2. Add an image (using the AMAG logo) to the upper left area, less than ¼ of the
badge, and the card holder’s picture in the upper right area
3. Add two Card holder Data fields, one for First Name and one for Last Name (make
the last name field smaller) in the center of the design
4. Create two Personal Data fields for Department, color coded differently for HR and
IT, one overlaid on the other to be selected by the system (using a rule)
5. Assign the badge design to the Card Holders created earlier
Inform Instructor when complete
Basic System Administration (pg 118)
Hours and Time Codes
The hours definition consists of a series of time intervals within a 24-hour period. There can
be up to 10 intervals in an hour’s definition.
Hours & Time Codes are used in the following definitions:
Access rights
Scheduled commands
Trigger commands
Arm/Disarm warning (used in M2150 Intrusion Detection Systems – “IDS”)
Vacation (Hours)
Basic System Administration (pg 118)
Hours and Time Codes
The Time Code definition screen contains three tabs
Standard Weekly Hours – This tab enables you to choose the default hours to use for
each day of the week
Holiday Hours - This tab is for the access rights or commands that will use the time code
needed to operate differently on defined holidays
Calendar Overview - Overview of how the time code is set up and enables you to override
the Standard Weekly Hours for specific dates
Basic System Administration (pg 119-120)
Hours and Time Codes
Time Code definition screen options:
Time Codes Description - This is the
name of the time code.
Category - This displays the selected
purpose of the time code.
Creating a Time Code
Define the Description of the Time Code
Use the dropdown menu or enter the
hours definition number
Click OK to save the Time Code
Basic System Administration (pg 120-121)
System Holidays
Holidays are defined under the Operations/Times
ribbon
Name the Holiday Types in the boxes near the
bottom of the screen
Types such as:
– National Holidays
– Company Holidays
There can be a total of 9 Holiday Types for
the system
Select the date and either right-click on the
date and select Assign or select the Assign
button and check the box beside the Holiday
type
Basic System Administration (pg 122-123)
Access Codes - A pre-defined set of access rights that allow access to any of the
following:
Reader Groups
Readers
Floor Groups
M2150 Intrusion Areas
Access codes can save time if you need to assign the same complex access rights
to more than one person.
Before defining access codes, make sure that the items necessary to define the required
access codes have previously been defined
Basic System Administration (pg 122-123)
Creating Access Codes
Select the "New" button on the Access Code Selection Screen
Give the Access Code a Unique Name
Assigned Access Rights tree view, select the appropriate branch. For example, Readers.
Select the Assign button or the same option in the right-click menu
Specify the required access rights in the screen displayed
Basic System Administration (pg 124)
In- Class Exercise – Holidays, Time & Access Codes Ask Instructor for assistance if needed
1. Create 2 Holiday Types
a. Federal
b. Company (assign to today’s date)
2. Create the following Hours and Time Codes:
a. Access Rights category: “8am to 5pm M-F With Holidays”
b. Scheduled Command category: “8am to 12pm & 1pm to 5pm M-F” (No hours on Holidays)
c. Scheduled Command category: “After hours” - valid: 5pm to 8 am M-F and 00:00-24:00 on Weekends and Holidays
3. Create 2 Access Codes
a. Master Access with Holidays – 24/7 all Doors or Groups
b. 8-5 M-F (no holiday access) on one reader/door only I
Inform Instructor when complete
Basic System Administration (pg 125)
Commands
• Scheduled, Triggered and Predefined Commands are accessed on the
Operation/Commands ribbon
Scheduled Commands initiate a Start command, then a Stop command to be executed,
typically at a device or group of devices such as readers, monitor points and auxiliary
outputs
Examples:
Switch lights on and off at specific times
Unlock and lock doors at specific times
Basic System Administration (pg 125)
Commands - Scheduled
Configuration Tab
Device - Select the type of item that the scheduled command applies to
Location - Choose the specific device or item that the command applies to. The items in
this menu depends on what you have selected in Device
Start and Stop Commands - When you select a Start command the opposite command
is inserted automatically in the Stop Command box
When - Select the time code to be used from the menu. The Start command is executed
at each start time in the time code, and the Stop command is executed at each end time.
The meaning of all commands can be found in the:
Symmetry software’s online help or in the Software Reference Manual
Basic System Administration (pg 126)
Commands - Scheduled
Override Tab
Select the time code to be used from the menu. The Start command is executed at each
start time in the time code, and the Stop command is executed at each end time.
Use this feature to change the operation of the scheduled command during a scheduled
time code, such as during a site shutdown period
Basic System Administration (pg 126)
Commands - Scheduled
To set up the override:
Choose the required option from the Override menu.
Specify the Start Time, Stop Time or Time Code as applicable
If the time code is defined as follows:
– Start = 09:00, Stop = 12:00, Start = 14:00, Stop = 17:00
Overriding the stop time with a time of 18:00 results in the following:
– Start = 09:00, Start = 14:00, Stop = 18:00
Use the calendar buttons to specify the start date and end date of the override.
Save the changes
NOTE: An override makes the command server-based
Basic System Administration (pg 127)
Commands - Scheduled
Options Tab
Sync Command on Close - If you are setting up a new scheduled command and
you select Sync Command on Close, the Start Command is executed immediately
you select OK and close the Selection screen
Status - This displays one of the following:
The current status of the command, as determined by the Validity Period
settings.
OVERRIDDEN if an override is currently active, as set up in the Override tab.
“Actioned By” means the command is controlled at the Node or by the Server
NOTE: If using a Validity Period “To” date, choose 23:59 as the Stop Time
Basic System Administration (pg 127-129)
Commands - Trigger
Trigger Commands cause a command to be executed at a device (or group of devices)
if an alarm/event message is received from another device within a period of a specified
time code
Examples of use:
– Switch a video camera on when a monitor point is activated at certain times of the
day
– Run a specified executable file from the server when a monitor point activated
There are three parts to a trigger command:
– "If" - Specifies the message that will trigger the trigger command.
– "Then" - Defines the command that will be sent. More than one “Then” can be
triggered by the same “If”
– “When” – Specifies the time code when the trigger command can be generated
Basic System Administration (pg 128-129)
Configuration Tab
Creating a Trigger Command
Select the “New” button under the “Schedule Selection” screen
Description - The unique name of the trigger command.
"If"
– Device - Choose the type of device that should activate the trigger command. If you
choose a group, the trigger command can be activated by any device in the group.
– Location - Select the device or group that is to activate the trigger command
– Message - Select the specific alarm/event message that should activate the trigger
command
A complete list of the Alarm/Event messages can be found where?
Online Help or Software Reference Manual
Basic System Administration (pg 128-129)
Configuration Tab
“Then”
Device - the type of device to send the command to
Location - Select the specific device or group of devices to send the command to
Command - Select the specific command to send to the device or group of devices when
the trigger command is activated
Command No - More than one command to be triggered by the same "If" condition , up
to 99 “Then” commands
“When”
Select the time code to be used by the trigger command. The Then command is
executed only when the If message occurs between any pair of start and end times in the
time code.
Basic System Administration (pg 129)
Options Tab
From/To - The trigger command will be executed on and between the From and To
dates only
Report As - Determines whether the 'Trigger Operation' message generated when the
command is executed should be reported as an alarm, event, or not at all
Basic System Administration (pg 130)
Commands – Predefined
Commands available to only users belonging to a nominated role
Predefined commands are associated with a User Role, not a Company
Commands are assigned for use in various screens, e.g. the Command Center
Basic System Administration (pg 130)
Configuring Predefined Commands
Description - Enter a name for the Predefined Command.
Type - Choose the type of command.
Location - Choose the specific item that relates to the chosen Type.
Command - Choose the command.
User Roles Available for Selection - This shows all user roles that do not yet
have access to issue the selected command.
Assigned User Roles - This shows the User Roles that have access to issue
the selected command
Basic System Administration (pg 131)
Activity and Alarm Management
The Activity Screen displays, on a by-day basis, all alarms and events stored in the log
It can be accessed by selecting the Home/Monitoring ribbon
Activity Screen features includes:
The Current Activity screen displays alarms and events in real-time as they are
received.
Selection of the Date Selector and Filter by pull downs provide for viewing previously
logged items and filtering by alarm categories such as Card Activity, Door Activity and
more.
Selection of the Today button displays all items previously logged for today’s date.
No alarms or events are cleared from the logs in this screen – they are only viewed
Basic System Administration (pg 132)
Activity and Alarm Management
The Activity Screen displays
What - The alarm message. If Show Card Number with Alarm/Event is selected in the
"Maintenance/Users & Preferences/System Preferences" screen, the person's card
number (if known) is displayed in square brackets after the alarm/event message.
Where - The location of the alarm.
Who - The person who caused the alarm, if known.
Time and Date - The time and date the alarm occurred.
In addition to the above fields, supplementary fields can further identify the event
Location, Category and Personal Data Titles can be added to the fields
Basic System Administration (pg 132)
Activity and Alarm Management
Right-click menu allows options such as:
History and Freeze
Data option - to choose the optional columns
to display
Use the Configure option to change the
column order
Basic System Administration (pg 132-133)
Activity and Alarm Management
The Inline Filtering option enables further filtering of Activity list:
Enter part of the column item
Basic System Administration (pg 132-133)
Activity and Alarm Management
The Alarm screen manages alarms routed to your client
Alarm management is the process of viewing, acknowledging and clearing alarms that
are received at this client
Alarms that have been verified or investigated may be cleared to be removed from the
screen
Alarms are displayed and maintained in the list according to Priority (1-999)
– Priority 1 being most critical and 999 being the least.
The display provides for current statistics, which may be turned on/off by client.
Basic System Administration (pg 134)
Activity and Alarm Management
Alarms have three primary colors:
Red is a new alarm that has not yet been acknowledged
Blue indicates that someone has opened/acknowledged the alarm
but that it is still in an alarm state – and thus cannot be cleared
until the device is reset
Green indicates it has been acknowledged, is in its normal state,
and can now be cleared
Basic System Administration (pg 134)
Activity and Alarm Management
The Alarm screen has two view possibilities
Normal - Alarms must be double-clicked to open and acknowledge
Combined – Alarm display and acknowledgement are on the same screen
– Single click selects the alarm
– Statistics and Multiple Alarm Selection are disabled
The option to change the look of the Alarm Management screen to combined
Alarm/Acknowledgement into the same screen can be found under what Menu/Ribbon?
Basic System Administration (pg 134-135)
Activity and Alarm Management
Multiple Client System
If both can manage the same alarms only one should be allowed to do so
Enable “Maintenance/User & Preferences/System Preferences” option Show Alarm
Handling
Basic System Administration (pg 135-136)
Activity and Alarm Management
Masking Alarms – The Mask button (or right-click menu) located on the Alarm screen
allows the alarm to be masked for a specified length of time
Masking an alarm removes it from the All Alarms tab and from any Filter tabs, and moves
it to the Masked Alarms tab.
Masking an alarm example:
– An alarm that cannot be cleared because the device is faulty and cannot be reset to
its normal state
– A Motion Alarm that is too sensitive and needs to be adjusted
Masking an alarm does not affect its status
Masked alarms can be opened, acknowledged and cleared
Masked alarms are not displayed in graphics
Basic System Administration (pg 135-136)
Activity and Alarm Management
Masking Alarms – Select to mask an alarm
from the All Alarms tab or in a Filter tab and
clicking Mask.
Alternatively, click Mask when
acknowledging an alarm that has not
already been masked.
Set the duration of the mask
A second user may be required to confirm the
mask. This option is selected in the System
Preferences.
If switched on, this feature requires both the
logged in user and a second user in any
role to authorize an alarm mask
Basic System Administration (pg 136)
Activity and Alarm Management
Clearing an Alarm Mask
A Clear Mask button is available in the Masked Alarms tab or after opening a masked
alarm.
This button clears the mask and returns the alarm to the All Alarms tab.
Basic System Administration (pg 138)
Activity and Alarm Management
Alarm Instructions:
An Alarm Instruction is a single line of text, such as "Call Duty Supervisor". You can display
up to five of these instructions when using the “Acknowledgement" screen to specify what
to do when acknowledging an alarm
If you have selected an existing alarm instruction from the Selection screen, this displays
that instruction
If an existing instruction is displayed in Current Message, it is replaced by this instruction
when you select OK
Basic System Administration (pg 138)
Activity and Alarm Management
Alarm Comments
An alarm comment is a single line of text, such as "Intruder Apprehended". When
acknowledging an alarm, a user can select one of these comments or type a different
comment using the keyboard
Basic System Administration (pg 138)
Activity and Alarm Management
Alarm Commands
This screen enables a command to be associated with items such as monitor points or
readers. If the item generates an alarm, an associated command can executed by clicking
the Command button when acknowledging the alarm
Basic System Administration (pg 139-140)
Activity and Alarm Management
Alarm Definitions
This screen enables the following alarm or event conditions to be specified:
Type Selected - This shows the type of alarm you selected in the Selection screen.
Alarm Condition - This displays the alarm message you selected in the Selection
screen.
Alarm Attributes – Defines the Priority, Color, Alarm Sound, Custom Routing type, etc
Instructions - You can specify up to five lines of instructions for the alarm
Email - Use this tab if you want details of the alarm to be sent by email to a selected
email recipient
Basic System Administration (pg 140-141)
Activity and Alarm Management
Alarm Routing
Alarm Routing can specify where to send each company's alarms, and the times to send
the alarms. For example, you may choose to send alarms to one Symmetry client during
normal office hours and to another at other times
Basic System Administration (pg 141-142)
Activity and Alarm Management
Alarm Reporting
Use this screen to:
Set up defaults to be used within the "Operation/Alarms/Definitions" screen.
Specify whether messages are to be reported by the server as alarms, events or not at
all and whether they are to be printed in real time.
Alter the standard alarm/event messages displayed to the guard.
Basic System Administration (pg 143)
In- Class Exercise – Alarms
Ask Instructor for assistance if needed
1. Create a Filter for “All Door Alarms” include all readers on the system, using “At Wrong Door”, “Door Forced”, and Door Held Open” messages
2. Mask an alarm from “Monitor Point 1” for 60 Seconds
3. Create a custom Alarm Definition that will display the following alarm type: “Door forced” on all doors:
a. Custom sound and color
b. Priority of 10
c. Alarm Routing type “Custom Alarm”
d. Custom Instruction “Check the door”
4. Define a Standard Comment that states “All is clear” (to be used when ackowledging an alarm)
Inform Instructor when complete
Basic System Administration (pg 144)
Symmetry Video Management
The Digital Video Management option provides integration with a variety of CCTV and
Digital Video systems.
This option enables video images to be viewed, recorded and replayed from easy-to-use
screens within the Symmetry software
The Digital Video Management option provides an open platform that supports a variety of:
IP cameras
Symmetry Network Video Recorders (NVRs)
Digital Video Recorders (DVRs)
Please check with your local sales rep for the latest integration information!!!
Basic System Administration (pg 144-145)
Symmetry Video Management - Licensing
The Maintenance/Licensing/System Licenses ribbon allows the installation and
registration of licenses for optional software modules, or for packages that extend the
capabilities of the Symmetry software.
To add a license perform the following:
Click the Add button
Enter the serial number given to you when the license was purchased
Basic System Administration (pg 144-145)
Symmetry Video Management - Licensing
An activation code can obtained in one of the following ways:
Automatically over the Internet by selecting “Activate your license via
the Internet”
By accessing the registration website and entering the required
information
– (The login username and password are provided on the
Software License Certificate)
By phone using one of the numbers displayed
Click OK.
– Restart the Symmetry software if the required options are
not displayed
The maximum number of cameras is license dependent!
Basic System Administration (pg 146)
Symmetry NVR
The NVR records video from all digital video cameras that are assigned to it.
Typically, the repositories use separate network-attached storage, but it is allowable to
use any local or network-accessible disk.
Basic System Administration (pg 146)
Symmetry NVR
There can be multiple NVRs in the same system.
Each requires a separate PC, which can be a Symmetry server, client or any other suitable
PC on the network.
An NVR can be shared by more than one Symmetry company.
Video stored by an NVR can be replayed using the "Home/Video & Audio/Video
Playback" screen.
Each NVR stores the details of the cameras that are assigned to it. Any changes in
the Symmetry software are automatically downloaded to the NVR.
Installation of a Symmetry NVR is recommended on a physical computer, and not in a
Shared Virtual Machine!
Basic System Administration (pg 147)
Symmetry NVR
Tasks carried out by an NVR
Manages the storage of recordings for all cameras that are assigned to it.
Determines the recording mode. An NVR can be set up to record on demand (as a result of
user actions in the Symmetry software or according to a specified schedule), continuously
or never. The default mode is "on demand".
Retrieves video for playback. For example, for the "Home/Video & Audio/Video Playback"
screen.
Provides a web interface that allows you to configure and monitor the NVR (see below for
further details).
Purges old video automatically, based on purging rules defined in the web interface.
Communicates alarms and events to the Symmetry software.
Basic System Administration (pg 147)
Symmetry NVR Definition
You can define NVRs using the "Install/Video & Audio/Digital Video-NVR" screen.
The screen also allows access to the NVR web interface
Basic System Administration (pg 148)
Symmetry NVR Web Interface
The web interface allows you to manage the recording capabilities of the NVR
If the Installer password is changed in Symmetry it will need to be updated on each NVR
manually!
Basic System Administration (pg 149-150)
Symmetry CompleteView
Symmetry CompleteView is a suite of seven
software applications
Symmetry CompleteView options include:
Symmetry POWERPROTECT NVR - Systems
provide from 1TB to 40TB of storage, with an
88TB expansion option
Symmetry TOUCHVIEW Mobile – Symmetry
TOUCHVIEW Mobile offers mobile apps for the
iPhone®, iPad®, iPod® touch and Android™
smartphones
Basic System Administration (pg 150)
Basic Video Programming
Installing IP cameras from the Install/Digital Video ribbon
The Digital Video Device selection screen can be used to set up devices such as digital
video servers, recorders and cameras
Basic System Administration (pg 151)
Basic Video Programming
Use the Camera settings screen to define the settings for an IP camera
Description - Enter a unique name for the device
Address – Enter the IP Address for the IP cameras
User Name and Password - Enter the username and password of the camera you are
adding. This will allow Symmetry to connect as the camera’s user and enable live video to
be displayed at Symmetry clients
Connect - Use this if you want to display live video from the camera in the Configuration
Settings tab
Click Save, then Close
Basic System Administration (pg 151-152)
Basic Operation – Virtual Matrix
Simultaneously displays multiple live images from
digital video cameras
Up to 72 simultaneous live images per PC, depending
on PC specifications
Includes controls for camera pan, tilt, zoom and focus
Instant record feature
Camera sequencing
Camera tours
Supports display of web pages
Alarm and activity display
Basic System Administration (pg 152)
Basic Operation - Video Playback
Save, print and export images.
Instant replay feature
Allows easy replay of video recordings
Filter options enable recordings to be located quickly from the database
Simultaneous replay of up to 4 recordings per client.
JPEG picture or video clip export
Basic System Administration (pg 152)
Basic Operation - Tagging
Tagged recordings are produced by, for example, a Record Video trigger command or user
recording. They are prevented from being overwritten and enables easy playback.
Also supports tagging by a user-applied "bookmark”
Playback recording from alarms or events via history reports or Home/Monitoring/Alarms
Basic System Administration (pg 153-154)
Video Integration with Access Control
Identity Verification - Operators can compare the live image of a card holder who is using
a reader against their stored image
The Identity Verification menu allows for viewing remotely and cross verification of the
live image of the card user and their stored image
* Identity Verification will be covered next in this training
Basic System Administration (pg 153-154)
Video Integration with Access Control
When there is a transaction from a known card at an associated reader, the
stored image of the card holder or visitor is displayed next to the live image
This enables an operator to compare the live and stored images to verify the
person's identity
Basic System Administration (pg 153-154)
Video Integration with Access Control
Graphics Integration - Live video can be played from a graphic, such as a floor
plan or map of the building
Digital video and CCTV switcher cameras can be added to the graphics
screen.
Adding cameras to a graphic makes it easy for you to locate a camera on the
“Graphics" screen and view live video from that camera
Right-clicking the icon for an IP camera displays the following options:
– Live Video
– Start Recording
– Stop Recording
– Command Center
Basic System Administration (pg 154)
In-Class Exercise – Video Management
Ask Instructor for assistance if needed
1. Open Symmetry software and select Install - Digital Video to add a
Symmetry encoder or AXIS camera.
2. Add a Description, using Training Encoder 1, the IP address (as provided by
your Instructor), and the encoder's Username and Password.
3. Select the Connect button to view the camera’s video.
Inform instructor when finished
Basic System Administration (pg 155)
Identity Verification
This screen enables you to monitor the identity of people at "entry points" to the site
and control access at those entry points.
An entry point is a reader at a door, barrier, turnstile or other device that controls access.
Up to nine entry points can be monitored simultaneously.
Basic System Administration (pg 156)
Identity Verification – Entry Points
Entry points can specify entry points to the site. Entry points are used in views, as
configured in the "Setup/Identity Verification/View" screen.
An entry point can contain up to 3 cameras and up to 3 Predefined commands
Basic System Administration (pg 157)
Identity Verification – Identity Views
Use this screen to specify the entry points to
include in a view and the order of the entry
points in the view. A view can contain up to
nine entry points.
An entry point can be in more than one view
but you cannot have two entry points in the
same view that use the same reader.
Basic System Administration (pg 157-158)
Identity Verification – Data Titles
Use this screen to specify card and personal information to display in the
"Home/Identity/Identity Verification" screen for card holders and visitors.
Basic System Administration (pg 158)
In- Class Exercise (Optional) – Identity Verification
Ask Instructor for assistance if needed
1. Create two entry points, one for each reader. For the purposes of this exercise,
include the IP camera you added earlier to each entry point.
2. Create an Identity View which includes both entry points.
3. Customize the Setup/Identity Verification/Data Titles, using the three Card Holder
Data Titles you created previously, changing them to use the same font but with
unique colors.
Inform Instructor when complete
Basic System Administration
QUESTIONS?
Advanced System Configuration (pg 159-177)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 7
Advanced System Configuration
Advanced System Configuration (pg 159-177)
Objectives
Describe how to configure and create User Roles and Accounts
Configure System and Client Preferences
Install and configure Graphics
Advanced System Configuration (pg 160-161)
User Roles
A User Role defines a set of access permissions to
ribbons, screens and options in the Symmetry software.
Additional options are also available for definition
Advanced System Configuration (pg 160-161)
User Roles
A User Role allows users the following permission levels:
View-only access
Modify access
Delete (full) access
No access at all
Most changes take effect the next time the user in the role logs in
Advanced System Configuration (pg 162-163)
User Accounts
User Account - A person who is allowed to use the Symmetry software
Default User Account information can be found in the Symmetry v8.0.2 Software
Installation Manual, page 35
Includes Visitor Management Users - User accounts created by Allow Visitor
Management Login for this Cardholder in the "Home/Identity/Card Holders" screen are
visible only if this option is selected.
Defines security features such as Password Expiration by account and Secure Logon to
the Symmetry software using a fingerprint or Smartcard reader.
Provides for personalization with selection of a Language Pack for this account that
presents text in that language upon login.
Other features include permitting Enable Clear All Alarms and restricting the duration of
Instant Replay of recorded video
Advanced System Configuration (pg 163)
User Accounts - Setup
Passwords
Enable Password Expiry - Select this option if the password is to expire after
the number of days specified in Duration
Enable (check box) - The option is automatically deselected if a user provides
an incorrect password a specified number of times, as determined by the
Maintenance/User & Preferences/System Preferences setting “Limit Invalid
Logon Attempts”
Advanced System Configuration (pg 164)
User Accounts - Setup
Passwords by default, are 5 characters in length
Strong Passwords criteria:
The minimum length for a strong password is 6 characters
At least one numeric character
One uppercase character
One lowercase character… and…
One punctuation mark
– Allowable are . / , / ! / ; / : / ? / -
A strong password will not be able to contain any full word of the user's name.
Advanced System Configuration (pg 164-165)
User Accounts - Options
Language
This option allows the selection of a different language for the user. When the user logs
in the system will display text, such as in menus and screens, in the selected language
Home Screen – This option allows the selected Home Screen to be displayed
automatically when the user logs in
Lock Position prevents the user from being able to close, adjust the size, or change the
position of the home screen
The Home Screen is configured under the Maintenance/User & Preferences Ribbon
Advanced System Configuration (pg 165)
User Accounts - Options
Task list - This option is relevant to task processing and assignment
All Users - The user is able to view and process any task, irrespective of the user or role it
is assigned to.
Same User Profile - The user is able to view and process any task assigned to the user's
own role, or any user who has that role.
User Only - The user is able to view and process only tasks assigned to the user or to the
user's own role.
Advanced System Configuration (pg 166)
User Accounts - Options
Ignore/Bypass Permission Filters - This option allows the user account to
bypass any permissions set up in the Permissions screen for items such as:
– Card holders
– Cameras
– Readers and reader groups
Enable Permission - This option allows the Permissions button to be available
in screens available to that user
Enable Clear All Alarms - This option will enable the user to use the Clear
option on the Alarm screen
Advanced System Configuration (pg 167)
User Accounts - Options
Status Tool Bar is an IDS function. This provides an additional ribbon for managing the
Intrusion Detection System
Only Show Badge From Alarm - If selected, this option will preview the card holder’s
badge design only when clicking the Card button in the Home/Monitoring/Alarms
Acknowledgement screen.
– If not selected, the card holder’s record opens.
Instant Replay - This option specifies the maximum period of recorded video that can be
reviewed in the Video Replay screen, when accessed by selecting Instant Replay in the
"Home/Video & Audio/Virtual Matrix" screen.
Advanced System Configuration (pg 168-170)
System and Client Preferences
There are two Preferences menus: System
and Client.
The System Preferences menu allows the
selection or observance of many optional
configurations that affect the entire system.
The System Preferences “Settings” tab
provides a broad cross section of options that
range from 7-Day Advance Notification of
Holidays to Strong Password settings to
Default Language Pack.
The Alarm Settings tab contains selections
for managing/recording system alarms.
Examples: Save Alarm Comments, Purge
Daily Logs, and Show Alarm Handling.
Advanced System Configuration (pg 168-170)
System and Client Preferences
There are two Preferences menus: System
and Client.
The System Preferences menu allows the
selection or observance of many optional
configurations that affect the entire system.
The Card Settings tab provides a broad
selection of configuration and automation
with respect to cards administration: From
Auto Set Unused Cards Expired setting to
requiring that Visitor Escort is Mandatory.
The Digital Video tab defines the location
and login credentials of the Symmetry
Database for digital video cameras/encoders
Advanced System Configuration (pg 172-173)
System and Client Preferences
The Client Preferences menu provides
selections that only affect how the Client
you are on operates
The Client Preferences “Settings”
tab provides options Auto Logoff Time
and Background Image selections,
among others.
The Alarm Settings tab contains
selections for managing alarm sounds
and how Alarms and Graphics appear
on this computer. This includes
selecting multiple alarms on the
Home/Alarms ribbon
Advanced System Configuration (pg 173-174)
System and Client Preferences
The Client Preferences menu provides
selections that only affect how the Client
you are on operates
The Account Settings tab provides a
method of setting a Windows account
to automatically logon to this
computer for convenience. This is less
secure.
The Digital Video tab provides for
identifying where the client will look to
find recorded video.
Advanced System Configuration (pg 174)
In- Class Exercise – Preferences
Ask Instructor for assistance if needed
1. Log into the Symmetry Client (if not already)
2. Select under System Preferences:
1. Allow Engineer Access
2. Strong Password
3. Select under Client Preferences:
1. Auto Logoff time 10 minutes
2. Enable Multiple Alarm Selection
Inform Instructor when complete
Advanced System Configuration (pg 175-176)
Graphics
Typically a map or floor plan with icons representing system devices
Allowable file types are:
bmp
jpg
wmf / emf
dxf
Assign devices (or groups), cameras, and/or additional graphics
Define Permissions
User roles who can use this graphic
NOTE: The Instructor will now demonstrate the graphic programming process. Observe
the steps and you will later be directed to conduct these same steps on your system.
Advanced System Configuration (pg 177)
In- Class Exercise – Roles & Graphics
Ask Instructor for assistance if needed
1. Add and Configure a Graphic
1. Add all Doors, Monitor Points and Auxiliary Outputs to the Graphic
2. Have the Graphic display on a Door Forced Alarm
2. Create a new Role and User Account (Limited Guard Permissions)
1. Role should only have Modify permissions for Application/Logoff
2. Role should be allowed to Modify Alarms and View Graphics on Home ribbon
3. Account should have a Home screen of the Alarm Screen that cannot be closed
Inform Instructor when complete
Advanced System Configuration
QUESTIONS?
System Architecture (pg 178-195)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 8
Advanced System Configuration
System Architecture (pg 178-195)
Objectives
Describe Symmetry Database Management
Identify the Symmetry System Services
Demonstrate the Disaster Recovery Process
System Architecture (pg 179)
Database Management
The Database Engine
The core of the software system and is responsible for recording all programmed items
and historical events in the system’s production databases
Microsoft SQL Server is employed in all Security Management System products:
SQL Server 2008 R2 Express is used for Symmetry Business and Professional editions
– SQL Server Express 2008 R2 is free
– Limitation on database size raised from 2 GB to 10 GB
System Architecture (pg 179-180)
Database Management
The Database Engine
Microsoft SQL Server 2008/2012 is used with Symmetry Enterprise and Global editions
Requires a license - all Symmetry Client computers
Must be purchased
Suitable for high-end solutions requiring expanded system capacities and larger
databases
In the installation of SQL Server with the Symmetry Business & Professional editions
the Microsoft SQL Server Management Studio is installed
This tool that may be used to view the system databases and their properties
In can be found under Windows Start/All Programs in Windows 7
System Architecture (pg 180)
Database Management
The Database Engine
When installed it creates a set of SQL system databases that contain specific data about
the installed instance of the SQL engine
This data is used to manage the database engine itself and record information about
other user production databases
Example SQL system databases are:
– Master
– Model
– MSDB
– TempDB
System Architecture (pg 180)
Database Management
The Database Engine
The Symmetry software installs new databases unique to the Security Management
System.
Each has a specific purpose and none are optional in a fully functional system.
The following are examples of the databases, each a variation of the name multiMAX.
– multiMAX Card Holder related data
– multiMAXImport Imported card data from Excel or CSV
– multiMAXTXN Transaction data
– multiMAXTxnOps Non-card holder configuration data
System Architecture (pg 180)
Database Management
The Database Engine
Windows Explorer can be used to view the SQL and Symmetry (multiMAX) physical
database files
The default location of the system databases for Symmetry Business and Professional is:
<Drive>:\Program Files\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data
System Architecture (pg 181-183)
Database Management – Shared Folders
With Symmetry Enterprise, if using a Separate Database server, you will need to have the
Microsoft SQL\Backup folder set for a Network share
Non-separated database servers will need a Network share folder for Backup and Archive
functions
System Architecture (pg 183-186)
Backups and Archiving - Backups
A backup, which can be produced using the "Operation/Data/Backup" screen, is a
copy of the data in the Symmetry databases.
A backup enables your data to be recovered in the event of a computer fault
System Architecture (pg 183-186)
Backups and Archiving - Backups
Prior to performing a backup several steps must be taken.
Enable File Sharing and Network Discovery
Create a Shared Folder
Add the Windows User(s) which will need access to the folder
Enable Read/Write permissions for the user(s)
Highlight the user and click Share
This share must include the ACSUsers group and any other user than that which installed the
Security Management System software
System Architecture (pg 183-186)
Backups and Archiving - Backups
A backup takes the form of a series of SQL "bak" files that include the following:
Configuration settings
Card details
Card transactions
Alarms & Events
Tasks
User activity stored in the Symmetry databases
– The backup also takes a copy of the multimax.ini and crf.ini files from
the Windows installation folder and places them into the network share
folder, with dated copies of the backup
System Architecture (pg 183-186)
Backups and Archiving - Backups
Performing Backups
Select the backup location (must be a network destination)
– Ensure the Symmetry Service account has rights to the location
Use the Immediate option to start the backup process immediately
Use the options in the Timed Backup area to configure the backup to occur at
a specified time on selected days.
– The files copied to the backup location have the current date and time appended to
the filenames
System Architecture (pg 186)
Discussion Points….Backups
1. When should a Backup be performed?
2. Database Backups in relation to the “Purge Daily Logs After” setting?
System Architecture (pg 186-187)
Backups and Archiving - Archives
An archive is a copy of the historical transaction data from the Symmetry database
Transactions
Alarms
Events
User activity
The archive is stored in a *.bak file in a specified location.
When producing a report, such as in the "Reports/History/Activity" screen, you can choose
an archive as the reporting source
System Architecture (pg 186-187)
Backups and Archiving - Archives
Performing an Archive
Archive Location - Choose the folder in which to store the archive. This must be a
network drive.
– If you want to use a folder on the local PC, it must be a shared folder.
– This share must include the ACSUsers group and any other user than that
which installed the Security Management System software
Period to Archive - This specifies the amount of the log that is to be archived
All information in the log that is dated between Earliest Un-Archived Log and Archive
Log End Date (inclusive) will be archived
The file copied to the archive location have the date range included in the archive as
well as the current date and time appended to its filename.
System Architecture (pg 187)
Reports
System Reporting provides for comprehensive reports in these categories:
History
Identity
Configuration
System Architecture (pg 188-189)
Reports
History group provides:
Activity – Produces full details of previous alarms and events.
User Audit – Lists previous user actions within the screens of the Symmetry software.
Onsite Times – Lists the amount of time card holders have spent on site. The report can,
for example, be used to verify contractor invoices.
Cardholders Onsite – Lists the cards that are currently on site. The report could be used
by emergency services.
Patrols – Produces information about previous patrol tours (see the Guard Patrol Manager
Installation & User Guide). The report provides details of when patrol tours were started
and completed and any rule infringements.
System Architecture (pg 188-189)
Reports
History group provides:
System - This report is for Engineer use only, and enables the content of the
system log to be examined. You may be asked by Technical Support to provide
this report.
Video Archive Audit – Examines the date and time of each recording stored in
a video storage folder of a Symmetry NVR, and shows the date and time of the
most recent recording for the selected camera(s).
Predefined Reports – Enables you to run a report that has been previously set
up and customized from the "Reports/Configuration/Predefined Reports" menu.
You can run the report manually or automatically at scheduled intervals.
– Predefined reports enable you to set up a library of your favorite
reports, which saves time if you need to run the same report
frequently.
System Architecture (pg 190)
Reports
Identity group provides:
Cards – Lists the details of how cards have been set up in the
"Home/Identity/Cards" or "Home/Identity/Visitors" screen.
Access – Enables you to produce different types of access-rights listings:
Card holders who can use a specified door.
Cards that are to expire between specified badge or inactive dates.
Cards unused for a specified number of days.
Cards using a specified access code or time code.
Card holders who can use a specified floor/output group or reader group.
Doors that can be accessed by a specified card.
Visitors - Produces a report of current, previous or future visitors. You may, for
example, want to run a report that shows all the visitors expected on a specified
date.
System Architecture (pg 190)
Reports
Identity/Visitors - The system provides extensive visitor reporting capabilities:
“Reports/Identity Reports/Visitors" – You can list details of visitor cards.
"Reports/Identity Reports/Access" – You can list details of the access rights of visitor
cards.
"Reports/History/Activity" – You can view previous alarms and events generated by
visitors.
"Reports/History/Cardholders Onsite" – You can find out which visitors used an
Entrance reader.
"Home/Identity/Locator" – You can find out the current location of selected visitors.
"Home/Identity/Muster" – The muster (roll call) report includes visitors.
System Architecture (pg 190)
Reports/Configuration
System Configuration – Displays a tree view of the software as licensed and configured.
System Architecture (pg 191)
Reports/Configuration
Reports – Enables you to produce a large number of different reports to view how readers,
holidays, time codes, users, commands, etc. have been set up.
System Architecture (pg 191)
Reports/Configuration
Predefined Reports – Allows you to define customized reports to run from
"Reports/History/Predefined Reports".
System Architecture (pg 191)
In- Class Exercise – Backup and Archive
Ask Instructor for assistance if needed
1. Perform an Immediate Backup
2. Perform an Archive from the first day available to yesterday
3. Run an Activity Report and select the Archived data
Inform instructor when finished
System Architecture (pg 192)
Symmetry System Services - Symmetry Service Monitor
Created during the install process
Available from the Windows Taskbar
Provides easy access to all Symmetry services, as well as to the SQL Server service.
Stopping, starting and viewing the status of all services may be conducted from this single
applet
System Architecture (pg 192-193)
Symmetry System Services - Symmetry Service Monitor
Service Monitor Interface
The fields and options in the dialog have the following meanings:
Network Name - The name of the PC on which the services are running
Polling Interval - This determines how often the Service Monitor refreshes the dialog (to
reflect the current status of the services)
Stop - Stops the selected service
Start - Re-starts the selected service
Refresh - Refreshes the dialog box
Show All Services - When selected, all Windows services are listed. When deselected,
only those services relevant to the Security Management System are listed.
Close - Closes the dialog box. This does not stop any of the services, and you will still
be able display the dialog again by double-clicking the icon in the System Tray.
System Architecture (pg 193)
Symmetry System Services - Symmetry Services Functions
The following are some of the responsibilities of the Symmetry Services and Microsoft
Services related to the Security Management System
The MSSQL Server Service manages all system database files and processes all
Transact-SQL statements invoked by client software applications, such as those sent
from the Symmetry Clients.
The SMS Services service is responsible some of the following Symmetry
functions:
– Downloading
– Uploading
– Scheduled commands
– Network messaging
– Import functions
– Tagging DVR transactions
System Architecture (pg 194)
Symmetry System Services - Symmetry Services Functions
The following are some of the responsibilities of the Symmetry Services and Microsoft
Services related to the Security Management System
SMS Transaction Service is a dependency service as well, which means that the SMS
Services must be started before it can start. Among other functions, this service
processes alarms, trigger commands, logging system/node transactions, and processing
and display of current activity.
SMS Client Service: The communications service, which runs on the server and each
client.
NOTE: The services that run on the server are essential for system operation and must be running continuously
System Architecture (pg 194)
Symmetry System Services - Discussion Points….
1. The SMS Services service is a Dependent Service, what does that mean?
2. What happens to SMS Transaction Service if the SMS Services Service stops?
3. If the Symmetry Server shuts down and restarts what is a way to ensure the SMS
Services starts back up?
4. What is a recommended practice when it comes to the service “Log On” account?
NOTE: The services that run on the server are essential for system operation and must be running continuously
System Architecture (pg 195)
Symmetry System Services - Disaster Recovery
System Database Restore
To perform a System Database Restore, complete the steps as described in the
Software Installation Manual, Appendix G
When finished, run the ReAssignPerms.exe file from:
“Installation Media\Symmetry\Disk1\DB\Recovery” (v8.0.x path)
The Windows user (if not who installed Symmetry) must be a member of the
ACSAdmin group to restore a database!
NOTE: Ensure that all clients have been closed and that the backup files are in the default location
Your Instructor will demonstrate the database restoral process,
you will then be asked to repeat the process
System Architecture (pg 195)
In- Class Exercise – System Restore
Ask Instructor for assistance if needed
1. Delete all Cardholders via the Bulk Card Amendments (Home/Identity ribbon)
2. Perform a Restore procedure of the multiMAX database
Inform instructor when finished
System Architecture
QUESTIONS?
Troubleshooting & Best Practices (pg 196-209)
Symmetry Training
Symmetry™ v 8.0.2 Essentials Certification
Module 9
Troubleshooting & Best Practices
Troubleshooting & Best Practices (pg 196-209)
Objectives
Hardware Maintenance and Test Procedures
System Tools
Best Practices
Uninstalling Symmetry
Cold-start the NIC4
Flattening a Node
Troubleshooting & Best Practices (pg 197)
Hardware Installation Considerations
General Design Preparation
System design considerations should include computer(s) specifications, electronic
hardware specifications, the operating environment and the Local Area Network
architecture/limitations
Site schematics detail placement and which node/controller types will be utilized
Review the Site Schematic Check List, located in the M2150 Design Guide, Appendix D
NOTE: The EN-DBU cannot be converted into an EN-LDBU, likewise the EN-LDBU
cannot be converted into an EN-DBU.
Troubleshooting & Best Practices (pg 198)
Hardware Installation Considerations
Primary power and site grounding should be addressed.
All cabinets MUST be grounded for proper operation and provide ample
power/current to operate internal and external components
The M2150 Design Guide pgs 29-31 provides guidance for planning and installation.
Troubleshooting & Best Practices (pg 198)
Hardware Installation Considerations
Wire and Cable Requirements
For 20mA (Card Readers/Nodes) and RS-485 (Remote Controllers)
it is especially critical in data communications to employ supported
wiring types, otherwise communications may be affected or
rendered non-functional.
The M2150 Design Guide pg 32, SR-Node Installation & Migration
Manual pg 74, or the controller’s installation document provides
guidance for wiring types and distances for planning purposes.
Troubleshooting & Best Practices (pg 198)
Hardware Installation Considerations
Noise Suppression
Door releases or other inductive loads (relays) should contain noise suppression
devices.
Some lock devices have internal noise suppression and so no action is typically
needed in those instances
For DC devices a 1N4004 series suppression diode (or an MOV for AC
suppression) is required to protect circuitry from failure and severe damage.
The M2150 Design Guide pgs 27-28 provide guidance for noise suppression
planning and installation.
Troubleshooting & Best Practices (pg 198)
Hardware Installation Considerations
M2150 Nodes/controllers
Dipswitch settings to allow for multiple forms of communication and other add-in
devices.
The Controller Installation Guides provide guidance for DBU/DBC dipswitch
settings for Node Addressing and Port Usage and DC dipswitch settings for
remote controller addressing
Common choices are the COM D settings for a single NIC4 installed in the COM
D socket and for an optional secondary NIC4 in the COM E socket
Troubleshooting & Best Practices (pg 198-199)
Hardware Installation Considerations – SR-Series LED Operation
The LEDs on the SR-Series boards can be useful when testing system operation or
during troubleshooting; these are examples:
SR-PCU
DS1 (RS422 Rx upstream) – Flashes when there is Rx communication activity
on the upstream (towards host) line of J2 (pins 1 and 2).
DS2 (RS422 Tx upstream) – Flashes when there is Tx communication activity
on the upstream (towards host) line of J2 (pins 7 and 8).
SR-DBU
LED1 (ON LINE) – Lit when the SR-DBU has received a message within the
last 30 seconds from the Symmetry client that is managing the LAN, hardwired
or dial-up chain.
LED2 (OK) – Flashes once per second when the SR-DBU is functioning
normally.
LED3 (PWR) – Lit when the power is connected.
Troubleshooting & Best Practices (pg 198-199)
Hardware Installation Considerations – M2150 LED Operation
The LEDs on the M2150 boards can be useful when testing system operation or
during troubleshooting; these are examples:
LEDs on the 2DBC
LED2/1(Readers) - Illuminated when the reader is connected properly
LED3 (DC COMMS) – Illuminated when an external door, alarm or output
controller is connected.
LED9 (OK) - When the panel is functioning correctly, this should flash once per
second
LED12 (12V) – Illuminated when the 12VDC supply is connected
Troubleshooting & Best Practices (pg 198-199)
Hardware Installation Considerations – M2150 LED Operation
The LEDs on the M2150 boards can be useful when testing system operation or
during troubleshooting; these are examples:
LEDs on the 8DBC
LED21 (12V) – Illuminated when the 12Vdc supply is connected.
LED27 (OK) – When the 4DBC is functioning correctly, this should flash once
per second
LED31(CLA) – Flashes to indicate HOST COM A (COM A) port usage.
– 1 flash = port in use
– 5 flashes = port not used (RS232, NIC1 or NIC2 port set to Normal Comm
port usage)
Troubleshooting & Best Practices (pg 199)
Software Programming – Nodes and Readers
When defining Nodes and Readers a common choice to be
made is regarding the Wiegand Format in the Node Definition
and the Reader Type selection in the Reader Definition
Select the Wiegand Format in the Node Definition first for the
type of cards the Node will use
Combination formats are also available (e.g., G4Tec 32-bit &
STD 26-bit HID)
Troubleshooting & Best Practices (pg 200)
System Tools - Multimax Service Status
The MultimaxServiceStatus.exe utility is located under the root folder Program
Files\Security Management System
MultimaxServiceStatus.exe Utility
This utility provides a means of viewing and debugging software-to-video device
communications
Communication to digital video devices utilizes an XML messaging format, and
system devices are constantly being polled through services
The success or failure of these communications is continually being recorded per
device, and may be observed in real-time using this interface.
This utility provides the capability of debugging hardware chains
– If problems exist with software/services
– The IP device is failing to respond
Troubleshooting & Best Practices (pg 201)
System Tools - Video Status
The Maintenance/Video/Video Status option provides a view of the
current status of Symmetry NVRs and any digital video cameras that can
have video recorded by an NVR.
The Video Status tool does not include information about cameras
connected to third-party DVRs being used in the system.
The Analyze button provides a means for ad-hoc analysis (refresh).
The Settings button allows for choosing updating intervals and
warnings of specified conditions
Clicking the Save button also captures the Windows Application log
Troubleshooting & Best Practices (pg 202)
System Tools - System Time Screen Options
Current Time - This displays the current date and time, the computer's time zone and whether the computer is currently running within standard or daylight-savings time.
Send Time To Controllers - Select this option if you want to update the date and time at all nodes in the system (not just those connected or controlled by this computer) when you select OK.
Sync Scheduled Commands Now – May be needed when a system is first commissioned or the server is offline for a long period of time to synchronize the database with the commands stored in the Nodes
Simple Network Time Protocol: The Windows Time Service or Simple Network Time Protocol (SNTP) synchronizes the time between servers, clients and other network devices such as DVRs, encoders and IP cameras.
Time synchronization is critical to optimum system performance and should always be implemented
Troubleshooting & Best Practices (pg 203)
Best Practices / Considerations
Digital Video Motion
DO NOT setup 24/7 motion on a busy area for recording with the NVR
Add intervals (if possible) to record on Motion during non-peak or busy
times
Ensure that Motion is setup in the video device to detect only the motion
event that needs to be recorded (avoid simple light change)
Troubleshooting & Best Practices (pg 203)
Best Practices / Considerations
Software Installation & Upgrades
System Requirements – Ensure the computers (Server NVR’s and Client
workstations) meet the required specifications
Review the System Requirements applicable to the Symmetry version you
are installing, located in the latest version of the Software Installation
Manual or on our Partner Area web site
Troubleshooting & Best Practices (pg 203)
Best Practices / Considerations
Software Installation & Upgrades
When installing an upgrade of the Symmetry software onto an existing server,
ensure that the old software is removed.
Also ensure that the “Security Management System” and the “Microsoft SQL
Server” folders are deleted from Program Files prior to installing the new version.
Ensure you have Administrator Rights or that a System Admin is present when
applying Service Packs
If switching Symmetry from Workgroup to Domain network, follow process defined
in the September 2012 Technical Newsletter
Uncheck the LAN Chain “Enable” box if you are pre-configuring a system to avoid
unnecessary taxing of server resources
NOTE: The Symmetry licensed module that allows integration with the Microsoft Identity
Integration Server (MIIS) is no longer supported.
Troubleshooting & Best Practices (pg 203)
Best Practices / Considerations
Workgroup or Domain Installation
Workgroup
Workgroup requires Local Administrator rights to install the software
– In a stand-alone application (Server\Client – One Machine) ensure the
ACSUsers group privileges are assigned to all who will be accessing
the Symmetry software
– If more than one computer in a Workgroup environment is needed
(Server machine, one or more Client machines) ensure File and Print
sharing are enabled and that there is a common Windows User
account with the correct privileges assigned to all computers accessing
the Symmetry Server
Troubleshooting & Best Practices (pg 203)
Best Practices / Considerations
Workgroup or Domain Installation
Workgroup
Workgroup requires Local Administrator rights to install the software
– The SQL Server database cannot be on a different machine to the
Symmetry Application Server as authentication paths needed between
the two are not available.
– Ensure that, for the accounts assigned to run the SMS Services, that
the passwords do not expire, and that those passwords do not change
– Workgroup installations can be conducted in offsite
Troubleshooting & Best Practices (pg 204)
Best Practices / Considerations
Workgroup or Domain Installation
Domain network
Domain installations MUST be conducted at the customer’s site and requires pre-
planning and coordination with end user’s corporate IT department for
Administrative logins.
For Active Directory information, refer to the Security Management System
Software Installation Manual: Post-Installation Tasks section and the
Directory/LDAP Authentication Module Install and User Guide
Troubleshooting & Best Practices (pg 204)
Best Practices / Considerations
Windows Automatic Updates are known to impact overall performance to
Windows and/or conflicts with applications such as Symmetry.
Refer to the latest Microsoft Security Updates document for a list of what Microsoft
patch has been successfully applied and passed superficial tests with the Symmetry
installation
Check with Technical Support or the Partner Area for the latest Microsoft Security
Updates
Troubleshooting & Best Practices (pg 204)
Best Practices / Considerations
For Clustering Architecture, the system design should place comms/chains on
the server(s) to ensure reliable failover communications
Consultation with the AMAG Professional Service Team if Clustering
Architecture is planned
Troubleshooting & Best Practices (pg 204)
Best Practices / Considerations
Upgrading of Systems
When installing an upgrade of the Symmetry software onto an existing server, ensure that
the old software is removed. Also ensure that the “Security Management System” and the
“Microsoft SQL Server” folders are deleted prior to installing the new version.
When importing an old database into a newer version ensure that the database is
converted.
Ensure when installing a service pack to a new installation that the old database is
converted.
Ensure when restoring a database ensure that the reassignperms.exe is performed.
Troubleshooting & Best Practices (pg 204-205)
Best Practices / Considerations
Network Setup
Computer Names – Do not use the underscore character in computer names.
IP addresses – A static IP address must be used for any type of server, or for a client
that is managing one or more LAN chains.
Printer Setup – If scheduled reports are to be generated (found under
"Reports/Configuration") ensure that:
The printer has been set up in both the user account and in the client services
account on each client where scheduled reports are to be generated.
If more than one printer is used, they are installed in the same order in both
accounts.
The Symmetry software is running at the specified client
If the printer is USB, connect the cable to each port after driver installation
Troubleshooting & Best Practices (pg 205)
Best Practices / Considerations
Network Setup
Loss of Network Communications – If a client loses its network
communications to the server, the client will continually attempt to re-establish
communications over a period of time (default time of 10 minutes, as specified by
the NCCT parameter in the multimax.ini file).
During this period, the client may appear to be 'locked up'. If communications
are not re-established, the client reboots automatically.
This process continues until network communications are restored.
This automatic reboot process should be tested thoroughly during system
commissioning.
Troubleshooting & Best Practices (pg 205)
Best Practices / Considerations
Network Setup
Ports and Firewalls
Refer to Appendix F in the Security Management System Software Installation
Manual: Port Usage for details on ports used by the Symmetry software.
Firewalls should allow traffic across appropriate ports
For Access Control LAN Chain Communication, Symmetry Software uses Port
3001 TCP (NIC module communication to/from controllers)
– If a separate Symmetry database server is used, this uses inbound
connections on TCP/UDP port 1433/1434.
Troubleshooting & Best Practices (pg 205)
Best Practices / Considerations
NIC Programming - May be conducted on any computer (Symmetry server or
client is not required)
It is recommended to program NICs in the field when installed in the
Node/controller using a laptop
Ensure that the NIC is on the same LAN as the programming PC
– If an IP Address comes up RED when finding a NIC on the network with the
CoBox utility, it cannot be programmed
This will eliminate LAN/WAN programming issues or restrictions on existing networks and
provides for a confirmation of the functionality of a Node and NIC prior to connecting to a
LAN
Troubleshooting & Best Practices (pg 205)
Best Practices / Considerations
NIC Programming - May be conducted on any computer (Symmetry server or
client is not required)
Use the latest version of using the provided COBOX.exe utility.
In Windows Network Setup on the programming computer add a static IP
address in the APIPA class/range (e.g. 169.254.x.x).
Upon successful completion of the NIC programming
– Select the Check Node button in the COBOX.exe utility and ensure you
receive “Node Responded OK” to verify both NIC and Node can
communicate to a client.
Note: If you added a temporary APIPA address into your computer be sure to remove
it before proceeding with the Check Node function.
Troubleshooting & Best Practices (pg 206)
Best Practices / Considerations
NIC Programming
Basic communication issues between the NIC and Node, or the Node to
downstream Nodes, can be caused by a simple baud rate mismatch and Node
addressing issues:
Confirm the baud rate is consistent on ALL Nodes in a chain and the baud rate
programmed in the NIC matches that selected on the Node
Confirm that the first Node in a chain is addressed as 1.
If receiving a message in the Maintenance/Communication/Client which
includes MRX, “flatten” (cold reset) the Node in question.
Troubleshooting & Best Practices (pg 206)
Best Practices / Considerations
NIC Programming
Ping Tests
The PING command tests the connection between two network Nodes by sending
packets to a host and then reporting the time it takes to get a response.
Possible causes of receiving host/network unreachable or destination host is
unreachable messages:
– Bad network connection
– The Node sending to could be down or off
– A firewall port blocking issue
– The ping message is being filtered out
– The communications timeout is too short
Troubleshooting & Best Practices (pg 206)
Best Practices / Considerations
Database Software Programming
Authentication Mode - Installation of SQL Server for Symmetry Enterprise is
recommended using Windows-Mode Authentication for database user
permissions
Troubleshooting & Best Practices (pg 206)
Best Practices / Considerations
Database Software Programming
Anti-virus Exclusions - In some cases, the use of anti-virus software can
significantly affect the performance of the Symmetry software, particularly if
Symmetry is required to manage a large transaction rate.
To maintain system performance, real-time scanning (which scans files as they
are opened) should be disabled.
Troubleshooting & Best Practices (pg 206)
Best Practices / Considerations
Database Software Programming
Anti-virus Exclusions - The following folders should be excluded from anti-virus checks:
On the Symmetry Database Server:
– Program Files(or Program Files x86*)\Microsoft SQL
Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data
On the Symmetry and all clients:
– Windows\System32\MSMQ
– Program Files(or Program Files x86*)\ Security Management System
– ProgramData\Security Management System
– ProgramData\Security Management System\Import
– ProgramData\Security Management System\Export
– ProgramData\Security Management System\Images
*Symmetry Edition specific
Troubleshooting & Best Practices (pg 207)
Best Practices / Considerations
Default Settings
This menu allows you to setup default settings for:
Nodes
Readers
Monitor Points
Video Servers
Cameras
Reader Card Formats
Caution:
Create a copy of any Default Settings screen before creating a new record!
Troubleshooting & Best Practices (pg 207-208)
Best Practices / Considerations
Default Settings – Reader Card Formats
This menu allows you to define each reader type used in the Node and
the allowable card formats
Up to 8 card formats are supported per Node
Troubleshooting & Best Practices (pg 209)
Best Practices / Considerations
Software Programming
Time Codes (categories):
Time Codes may be defined in four separate categories: Access Rights, Scheduled
Command, Trigger Command, and General.
The purpose of these categories is to allow for segregation of times for each of these
discrete functions within the Symmetry system.
Defining a Time Code in the General category allows it be commonly used for all three of
the other functions
– This is NOT recommended for most systems since conflicts may arise in scenarios
such as assigning system Holidays where you wish some Time Code functions to be
allowed and others not on the Holiday date.
Troubleshooting & Best Practices (pg 209)
Best Practices / Considerations
Cold Resets
Cold Start NIC4:
If necessary to reset the IP addressing of a NIC4, edit the COBOX Configuration settings
(.ini) file to allow the ColdStart option: AllowColdStart=1
– Once the Cold Start command is sent, and after the NIC4 reboots, it may be
necessary to add an APIPA address to your computer’s network configuration
to once again find the NIC4 when there is no DHCP server available
Cold Reset of a Node:
If necessary to reset the programming in a Node (for example, a Mismatched Database
transaction message is received) press and hold the Reset button at least 5 seconds
Symmetry Essentials v8.0.2 Certification
THANK YOU FOR ATTENDING!
AMAG Technology