Advanced Installation Topics

OnGuard®
Advanced Installation Topics

LenelS2 OnGuard® 8.2 Update 1 Advanced Installation Topics
This guide is item number DOC-100, revision 14.002 January 2024.
©2023 Carrier. All Rights Reserved. All trademarks are the property of their respective owners.
LenelS2 is a part of Carrier.
Information in this document is subject to change without notice. No part of this document may be reproduced
or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the prior
express written permission of Carrier Fire & Security Americas Corporation (“LenelS2”), which such
permission may have been granted in a separate agreement (i.e., end user license agreement or software
license agreement for the particular application).
Non-English versions of LenelS2 documents are offered as a service to our global audiences. We have
attempted to provide an accurate translation of the text, but the official text is the English text, and any
differences in the translation are not binding and have no legal effect.
The software described in this document is furnished under a separate license agreement and may only be used
in accordance with the terms of that agreement.
SAP® Crystal Reports® is the registered trademark of SAP SE or its affiliates in Germany and in several
other countries.
Integral and FlashPoint are trademarks of Integral Technologies, Inc.
Portions of this product were created using LEADTOOLS ©1991-2011, LEAD Technologies, Inc. ALL
RIGHTS RESERVED.
Active Directory, Microsoft, SQL Server, Windows, and Windows Server are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries.
Oracle is a registered trademark of Oracle International Corporation.
Amazon Web Services and the "Powered by AWS" logo are trademarks of Amazon.com, Inc. or its affiliates
in the United States and/or other countries.
Other product names mentioned in this document may be trademarks or registered trademarks of their
respective owners and are hereby acknowledged.
Product Disclaimers and Warnings
THESE PRODUCTS ARE INTENDED FOR SALE TO, AND INSTALLATION BY, AN EXPERIENCED
SECURITY PROFESSIONAL. LENELS2 CANNOT PROVIDE ANY ASSURANCE THAT ANY PERSON
OR ENTITY BUYING ITS PRODUCTS, INCLUDING ANY "AUTHORIZED DEALER", IS PROPERLY
TRAINED OR EXPERIENCED TO CORRECTLY INSTALL SECURITY RELATED PRODUCTS.
LENELS2 DOES NOT REPRESENT THAT SOFTWARE, HARDWARE OR RELATED SERVICES MAY
NOT BE HACKED, COMPROMISED AND/OR CIRCUMVENTED. LENELS2 DOES NOT WARRANT
THAT SOFTWARE, HARDWARE OR RELATED SERVICES WILL WORK PROPERLY IN ALL
ENVIRONMENTS AND APPLICATIONS AND DOES NOT WARRANT ANY SOFTWARE,
HARDWARE OR RELATED SERVICES AGAINST HARMFUL ELECTROMAGNETIC
INTERFERENCE INDUCTION OR RADIATION (EMI, RFI, ETC.) EMITTED FROM EXTERNAL
SOURCES. THE ABILITY OF SOFTWARE, HARDWARE AND RELATED SERVICES TO WORK
PROPERLY DEPENDS ON A NUMBER OF PRODUCTS AND SERVICES MADE AVAILABLE BY
THIRD PARTIES OVER WHICH LENELS2 HAS NO CONTROL INCLUDING, BUT NOT LIMITED TO,
INTERNET, CELLULAR AND LANDLINE CONNECTIVITY; MOBILE DEVICE AND RELATED
OPERATING SYSTEM COMPATABILITY; OR PROPER INSTALLATION, CONFIGURATION AND
MAINTENANCE OF AUTHORIZED HARDWARE AND OTHER SOFTWARE.
LENELS2 MAY MAKE CERTAIN BIOMETRIC CAPABILITIES (E.G., FINGERPRINT, VOICE PRINT,
FACIAL RECOGNITION, ETC.), DATA RECORDING CAPABILITIES (E.G., VOICE RECORDING),
AND/OR DATA/INFORMATION RECOGNITION AND TRANSLATION CAPABILITIES AVAILABLE
IN PRODUCTS LENELS2 MANUFACTURES AND/OR RESELLS. LENELS2 DOES NOT CONTROL
THE CONDITIONS AND METHODS OF USE OF PRODUCTS IT MANUFACTURES AND/OR
RESELLS. THE END-USER AND/OR INSTALLER AND/OR RESELLER/DISTRIBUTOR ACT AS
CONTROLLER OF THE DATA RESULTING FROM USE OF THESE PRODUCTS, INCLUDING ANY
RESULTING PERSONALLY IDENTIFIABLE INFORMATION OR PRIVATE DATA, AND ARE SOLELY
RESPONSIBLE TO ENSURE THAT ANY PARTICULAR INSTALLATION AND USE OF PRODUCTS
COMPLY WITH ALL APPLICABLE PRIVACY AND OTHER LAWS, INCLUDING ANY
REQUIREMENT TO OBTAIN CONSENT. THE CAPABILITY OR USE OF ANY PRODUCTS
MANUFACTURED OR SOLD BY LENELS2 TO RECORD CONSENT SHALL NOT BE SUBSTITUTED
FOR THE CONTROLLER'S OBLIGATION TO INDEPENDENTLY DETERMINE WHETHER CONSENT
IS REQUIRED, NOR SHALL SUCH CAPABILITY OR USE SHIFT ANY OBLIGATION TO OBTAIN
ANY REQUIRED CONSENT TO LENELS2.
For more information on warranty disclaimers and product safety information, please check https://
firesecurityproducts.com/en/policy/product-warning or scan the following code:
Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
CHAPTER 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
The Installation Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Minimum Privileges Required by Windows Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Database Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
CHAPTER 2 Install and Configure Oracle 19c Software . . . . . . . . . . . . . . . . . . . . 17

Oracle 19c Software Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Install the Oracle 19c Database Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Create a Listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Create the Oracle 19c Live Database for OnGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Create the User Account for the Live Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Create the Oracle 19c Archival Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Install the Oracle 32-bit Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Configure Naming Methods and Local Net Service Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Configure the Oracle 32-bit Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Install OnGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Update Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Install Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Install SQL Developer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Advanced Installation Topics 5

Table of Contents
CHAPTER 3 Install and Configure Oracle 12c R2 Software . . . . . . . . . . . . . . . . . 29

Oracle 12c R2 Server Software Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Oracle 12c R2 Server Software Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Step 1: Pre-Installation Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Step 2: Install Oracle Database 12c R2 Server Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Step 3: Configure the Live Database Home Net Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Step 4: Create the Live Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Step 5: Run the Oracle Net Configuration Assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Step 6: Create the Live Database Oracle Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Step 7: Create the Archival Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Step 8: Install and Configure the Planned Oracle Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Step 9: Install OnGuard 8.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Oracle 12c Client Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Step 1: Install Oracle 12c Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Step 2: Prevent Firewall Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Step 3: Add Local Net Services Name(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Advanced Installation Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
CHAPTER 4 Transparent Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Enabling TDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Backing up a TDE Protected Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Moving a TDE Protected Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Attach the Database to Another SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Restore the Database on Another SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
CHAPTER 5 Unattended Installation of OnGuard . . . . . . . . . . . . . . . . . . . . . . . . 45

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
PowerShell Wrapper Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Advanced Unattended Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Fresh OnGuard Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Additional Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Installing Third-Party Software Using “No UI” Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Running Setup Assistant in Unattended Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Unattended Mode Error Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
CHAPTER 6 VMware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
VMware Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
6 Advanced Installation Topics

Table of Contents
Virtual Machine Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Creating a New Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Recommended Hardware Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
CHAPTER 7 Using SNMP with OnGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

OnGuard as an SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
OnGuard as an SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Install the Windows SNMP Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Install a License with SNMP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Configuring OnGuard as an SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Add an SNMP Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Add Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
MIB File Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Load the MIB File(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Modify an SNMP Management Information Base Variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
SNMP Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuring OnGuard as an SNMP Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
Add a DataConduIT Message Queue of Type “SNMP Trap Messages” . . . . . . . . . . . . . . . . . . . . . . . . . 74
Load the lenel.mib File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
SNMP Manager Copyright Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
CHAPTER 8 Integrating OnGuard with Citrix Virtual Apps . . . . . . . . . . . . . . . . . 79

Citrix Virtual Apps Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Installing Citrix Virtual Apps 7 on Windows Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Step 1: Perform the Pre-Installation Set-up Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Step 2: Install Citrix Virtual Apps 7 on the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Step 3: Configure the License Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Step 4: Create a Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Step 5: Create the Master Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Step 6: Publish an Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Step 7: Access the Applications from the Citrix Receiver Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
CHAPTER 9 Ports Used by OnGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Digital Video Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
CHAPTER 10 OnGuard Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Notes about the LS Mon Manager Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Table of Contents
Appendices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
APPENDIX A Database Installation Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Database Installation Utility Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Database Installation Utility Window Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Database Installation Utility Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Attach an SQL Server Express Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
APPENDIX B Change the Database Owner in SQL Server Express . . . . . . . . . . . 109
APPENDIX C Manually Creating an ODBC Connection for SQL . . . . . . . . . . . . 111

Creating an ODBC Connection for SQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Updating the DSN in the OnGuard Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Preparing a Client’s ODBC 32 DSN Entry to be Used with an Alternate OnGuard
System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
APPENDIX D Setting Up & Configuring a Capture Station . . . . . . . . . . . . . . . . . 115

Environmental Considerations Affecting Flash & Camera Capture Quality . . . . . . . . . . . . . . . . 115
Setting Up the OnGuard Capture Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Capture Station Setup Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Basic Camera Setup (CAM-CCP-500K) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
CCP-500 (Back View) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Basic Camera Setup (CAM-24Z704-USB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Installation of CAM-24Z704-USB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Configuration of CAM-24Z704-USB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Using CAM-24Z704-USB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Lighting Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Professional Continuous Lighting Setup (EHK-K42U-A) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Advanced Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Environmental Considerations and Factors Leading to Poor Lighting . . . . . . . . . . . . . . . . . . . . . . . . 123
Index ................................................................................................................ 125

Introduction
CHAPTER 1 Introduction
The Advanced Installation Topics Guide focuses on those aspects of the OnGuard installation that are
not part of normal procedures. Topics covered include:
• Installing Oracle and SQL Server databases
• How to perform a remote installation
• How to use SNMP with OnGuard
• Ports used by OnGuard
• OnGuard Services
The Installation Guides

Advanced Topic Installation User Guide. DOC-100. A guide that encompasses a variety of
advanced topics including Oracle installation and configuration.
Installation Guide. DOC-110. A comprehensive guide that includes instructions for installing the
OnGuard software. This guide also includes information on the current SQL Server version and the
browser-based client applications
Upgrade Guide. DOC-120. A short and sequential guide on upgrading and configuring an access
control system that utilizes SQL or SQL Server Express system.
Enterprise Setup & Configuration User Guide. DOC-500. A guide that includes instructions for
installing database software, the access control system Enterprise software, and how to setup complex
Enterprise systems.

Introduction
Minimum Privileges Required by Windows Users

A standard Windows user can perform all OnGuard operations, with the exception of the following
tasks that require additional privileges.
Component or
Program Task Required Privileges Notes
System Administration Text-based archiving Standard user

requires Write
permission on the
Archive folder.
Setup Assistant Run Setup Assistant Standard user

requires administrator
privileges.
Configuration Editor View the configuration Standard user

of the database and requires administrator
License Server privileges.
Database Setup Use Database Setup Standard user must Map the
have a login to SQL AccessControl
Server, and must run database to the user
Database Setup with with the roles:
administrator • db_datareader
privileges. This • db_datawriter
restriction does not
• db_ddladmin
apply if the
application.config file
is configured to use
the OnGuard
database user.
Form Translator Allows the use of Standard user

OnGuard web requires administrator
applications privileges.
Universal Time Convert data to UTC Standard user must Map the
Conversion utility time have a login to SQL AccessControl
Server, and must log database to the user
into Windows as an with the roles:
administrator. This • db_datareader
restriction does not • db_datawriter
apply if the
application.config file
is configured to use
the OnGuard
database user.
Security Utility Run Security Utility Standard user

requires administrator
privileges.

Minimum Privileges Required by Windows Users (Continued)
Component or
Replication Convert a standard Add Modify

Administration OnGuard Server to an permission for the
Enterprise Global or standard user to the
Regional Server ACS.ini file.
LS Message Broker LS Message Broker

service service is started with
the Local System as
the logon account.
LS Site Publication LS Site Publication

Server service Server service has the
domain administrator
user as the logon
account, or Local
System if using
OnGuard Database
authentication in the
application.config file.
LS Event Context LS Event Context

Provider service Provider service has
the domain
administrator user or
Local System as the
logon account if using
OnGuard Database
authentication.
LS Reporting Service Standard user must The user must have

have a login to SQL full rights to
Server. This restriction C:\Program
does not apply if the Files\JReport\Server
application.config
file is configured to
use the LenelS2
database user.
System Management Start and stop User launch the

Console services System Management
Console as
administrator.
License Server Run as an application To run License Server

as an application, you
must run it as an
administrator.
Login Driver Run as an application To run Login Driver as

an application, you
must run it as an
administrator.

Introduction
Minimum Privileges Required by Windows Users (Continued)
Component or
OpenAccess Run as an application. To run OpenAccess

as an application, you
must run it as an
administrator.

Database Installation and
Configuration
CHAPTER 2 Install and Configure Oracle 19c
Software
The following overview and instructions are for the following Oracle 19c installations:
• Single instance database(s) (no Real Application Cluster [RAC]/grid control)
• Enterprise Edition
• Oracle Database 19c Server
• Enterprise Manager Database Express
IMPORTANT: Instructions for installing and configuring Oracle assume that you have some
expertise in performing these activities. The procedures described in this
chapter have been validated internally at LenelS2, however, the exact process
may differ depending on your requirements and environment. Knowledge of
your environment is also assumed, and should be considered when performing
these steps. If your configuration includes any customizations, or a different
version of Oracle or Windows, then your procedures will differ from those
provided in this chapter. Make adjustments accordingly.
An Oracle Database 19c compatible Oracle 32-bit client must be installed on each OnGuard system,
regardless of whether it will be an OnGuard Server or client, and independent of whether it is also the
database server. Oracle 64-bit clients will not work with the OnGuard software.
If you are using Windows 11 64-bit, you might need to run Oracle applications, such as the Net
Configuration Assistant, as an Administrator for configuration changes to persist.
If installing on a server with the IP address set to DHCP, then you must first configure a loop-back
adapter.
When installing and configuring Oracle Database 19c, do not close any Oracle windows while a
program is running. Doing so can result in configuration errors and loss of data. Instead, utilize the
Oracle close or cancel buttons.
Oracle 19c Software Installation and Configuration

The following installation and configuration steps are for Oracle 19c. Steps will vary for other
versions of Oracle.

Install and Configure Oracle 19c Software
These are instructions for installing Oracle 19c on Windows 11 for use with OnGuard 8.1 or later. It is
assumed that OnGuard is installed on your system and you have access to its application.config and
acs.ini configuration files. If this is the first time you are installing Oracle on your workstation,
follow these instructions in exactly the following order.
Note: This process will take approximately 1.5 hours to complete.
Requirements
You will need the following files available from https://www.oracle.com/downloads/. These .zip files
contain the correct version of the Oracle 32-bit client software that is compatible with the
Oracle.DataAccess.DLL included with OnGuard 8.1 or later, as well as the appropriate Oracle 32-bit
ODBC driver.
• Oracle 19c 64-bit zip file (WINDOWS.X64_193000_db_home.zip)
• Oracle 32-bit Client zip file (NT_193000_client_home.zip)
• SQL Developer for Windows (sqldeveloper-21.2.0.187.1842-x64.zip)
Install the Oracle 19c Database Software

1. Extract WINDOWS.X64_193000_db_home.zip to C:\db_home.
2. Use File Manager to launch C:\db_home\setup.exe.
3. The Select Configuration Option page opens.
a. Select Set Up Software Only.
b. Click [Next].
4. The Select Database Installation Option page opens.
a. Select Single instance database installation.
b. Click [Next].
5. The Select Database Edition page opens.
a. Select Enterprise Edition.
b. Click [Next].
6. The Specify Oracle Home User page opens.
a. Select Use Windows Built-in Account.
b. Click [Next].
c. Click [Yes] at the warning dialog.
7. The Specify Installation Location page opens.
a. Oracle base: C:\app\administrator.
b. Click [Next].
8. The Summary page opens.
a. Verify that the information is correct.
b. Click [Install].
c. The Install Product page opens with a progress bar. Wait for it to finish (approximately 2
minutes).
9. The Finish page opens.
a. Verify the message shows Registration of Oracle Database was successful.
b. Click [Close].
Oracle 19c software is now installed.

Create a Listener
1. From the Windows Start menu, select Oracle > OraDB19Home1 > Net Configuration
Assistant (this may take a minute or so to load).
2. The Oracle Net Configuration Assistant: Welcome window opens.
a. Select Listener configuration.
b. Click [Next].
3. The Oracle Net Configuration Assistant: Listener Configuration, Listener window opens.
a. Select Add.
b. Click [Next].
4. The Oracle Net Configuration Assistant: Listener Configuration, Listener Name window opens.
a. Listener name: LISTENER
b. Click [Next].
5. The Oracle Net Configuration Assistant: Listener Configuration, Select Protocols window opens.
a. If necessary, click the < and > buttons to move TCP to Selected Protocols.
b. Click [Next].
6. The Oracle Net Configuration Assistant: Listener Configuration, TCP/IP Protocol window
opens.
a. Select Use the standard port number of 1521.
b. Click [Next].
7. The Oracle Net Configuration Assistant: Listener Configuration, More Listeners? window opens.
a. Select No.
b. Click [Next].
8. The Oracle Net Configuration Assistant: Listener Configuration Done window opens.
a. Verify that the message is Listener configuration complete!
b. Click [Next].
a. Click [Finish].
The listener has been configured. Check Windows Services to verify that the
OracleOraDB19Home1TNSListener service is running.
Create the Oracle 19c Live Database for OnGuard

1. From the Windows Start menu, select Oracle > OraDB19Home1 > Database Configuration
Assistant.
2. The Select Database Operation page opens.
a. Select Create a database.
b. Click [Next].
3. The Select Database Creation Mode page opens.
a. Select Advanced configuration.
b. Click [Next].
4. The Select Database Deployment Type page opens.
a. Database Type: Oracle Single Instance database
b. Template Name: Custom Database
c. Click [Next].

5. The Specify Database Identification Details page opens.

a. Global database name: LENEL
b. SID: LENEL
c. De-select Create as Container database.
d. Click [Next].
6. The Select Database Storage Option page opens.
a. Select Use template file for database storage attributes.
b. Click [Next].
7. The Select Fast Recovery Option page opens.
a. De-select Specify Fast Recovery Area.
b. De-select Enable archiving.
c. Click [Next].
8. The Specify Network Configuration Details page opens (this may take a few moments).
a. Ensure LISTENER is selected (Port: 1521, Oracle home: c:\db_home, Status: up). If the
LISTENER does not appear, start the Windows service
OracleOraDB19Home1TNSListener from Windows Services and try again).
b. De-select Create a new listener.
c. Click [Next].
9. The Select Database Options page opens.
a. De-select all options.
b. Click [Next].
10. The Specify Configuration Options page > Memory tab opens.
a. Select Use Automatic Shared Memory Management.
b. SGA size: 4914 MB
c. PGA Size: 1638 MB
d. Click [Next].
11. The Specify Management Options page opens.
a. Check Configure Enterprise Manager (EM) database express.
b. EM database express port: 5500 (live database) or 5501 (archival database)
c. De-select Register with Enterprise manager (EM) cloud control.
d. Click [Next].
12. The Specify Database User Credentials page opens.
a. Select Use the same administrative password for all accounts.
b. Password: (for example) Oracle19c
c. Confirm password: Oracle19c
d. Click [Next].
13. The Select Database Creation Option page opens.
a. Select Create database.
b. De-select Save as a database template.
c. De-select Generation database creation scripts.
d. Click Customize Storage Locations. The Customize Storage dialog opens.
1) Select TEMP on the left, rename it to Name: LENEL_TEMP in the General tab on
the right.

2) Click [Apply].
3) Select USERS on the left, rename it to Name: LENEL_DATA in the General tab on
the right.
4) Click [Apply].
5) Click [OK].
e. Click [Next].
a. Verify the summary information.
b. Click [Finish].
15. The Progress page opens.
a. Wait for the database creation process to finish (this may take several minutes).
a. Verify that the database was created correctly.
b. Write down the EM Database Express URL.
c. Click [Close].
The Oracle 19c Database has been created.
Create the User Account for the Live Database

You must now create the user with a password and appropriate privileges. This is the account with
which OnGuard will log into the Oracle database.
Enter the following commands from a Windows command prompt (cmd.exe):
c:\><b>sqlplus<br></b>
SQL*Plus: Release 19.0.0.0.0 - Production on Wed Sep 8 16:18:11
2021
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
Enter user-name: system
Enter password: Oracle19c
Last Successful login time: Wed Sep 08 2021 15:23:53 -04:00
Connected to:
Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 -
Production
Version 19.3.0.0.0
SQL> create user <userid> identified by "<Secur1ty#>";
user created.
SQL> grant connect to <userid>;

Grant succeeded.
SQL> grant dba to <userid>;

Grant succeeded.
SQL> grant resource to <userid>;
Grant succeeded.
SQL> grant unlimited tablespace to <userid>;
Grant succeeded.
grant create synonym to <userid>;
Grant succeeded.
grant create view to <userid>;
Grant succeeded.
grant create table to <userid>;
Grant succeeded.
SQL> exit
Disconnected from Oracle Database 19c Enterprise Edition Release
19.0.0.0.0 - Production
Version 19.3.0.0.0
C:\>
The user account has been created.
Create the Oracle 19c Archival Database

Perform the following procedure:
1. Repeat the steps shown in Create the Oracle 19c Live Database for OnGuard on page 19 to create
the archival database, with the following changes:
i. In the Global Database Name field, change the database name to LnlArch.<fully
qualified domain> or simply LnlArch, depending on whether your database server is in
a domain or part of a workgroup.
ii. Use the same listener created for the Live database.
2. Configure the sqlplus utility to point to the archival database:
i. Using the command prompt, enter the command:
<drive with utility> sqlplus /nolog.
ii. Then enter the command:
SQL> conn <user/password> @<localhost>/LnlArch
3. Repeat the steps shown in Create the User Account for the Live Database on page 21 to create
the user account that supports the archival database.
4. Repeat steps 5 through 17 in Configure Naming Methods and Local Net Service Name on
page 23 to create the LNLARCH service name for Archival database.
5. The Archival database is now ready for use.
For detailed information about the Live and Archival databases, refer to the “Archives Folder”
chapter in the System Administration User Guide.

Install the Oracle 32-bit Client
Note: The Oracle Database Client requires the Microsoft Visual Studio 2017 Redistributable,
which is not part of the Basic package. For more information, refer to the Oracle Instant
Client Downloads page.
1. Extract NT_193000_client_home.zip to C:\client32_home.
2. Use File Manager to launch C:\client32_home\setup.exe.
3. The Specify Oracle Home User page opens.
a. Select Use Windows Built-in Account.
b. Click [Next].
4. The Specify Installation Location page opens.
a. Oracle base: c:\app\administrator
b. Click [Next].
c. Click [Yes] at the warning prompt The selected Oracle home is outside of Oracle base.
5. The Perform Prerequisite Checks page opens.
a. Wait a few moments for it to finish
a. Verify that the information is correct.
b. Click [Install].
7. The Install Product page opens.
a. Wait a few moments for it to finish.
a. Verify the message is The installation of Oracle Client was successful.
b. Click [Close].
The Oracle 32-bit client has been installed.
Configure Naming Methods and Local Net Service Name

1. From the Windows Start menu, select Oracle > OraClient19Home1 > Net Configuration
Assistant.
Note: Make sure you select Net Configuration Assistant from OraClient19Home1, not
from oraDB19Home1.
2. The Oracle Net Configuration Assistant: Welcome page opens.
a. Verify that Listener configuration is disabled. If it isn’t, you might be running the Net
Configuration Assistant from DB instead of from Client.
b. Select Naming Methods configuration.
c. Click [Next].
3. The Oracle Net Configuration Assistant: Naming Methods Configuration, Select Naming
Methods page opens.
a. Click the < and > buttons to add Local Naming and Easy Connect Naming to Selected
Naming Methods.
b. Click [Next].
4. The Oracle Net Configuration Assistant: Naming Methods Configuration Done page opens.
a. Click [Next].


a. Select Local Net Service Name configuration.
b. Click [Next].
6. The Oracle Net Configuration Assistant: Net Service Name Configuration page opens.
a. Select Add.
b. Click [Next].
7. The Oracle Net Configuration Assistant: Net Service Name Configuration, Service Name page
opens.
a. Service Name: <Transparent Network Substrate (TNS) name for
database>
Notes: In the same way that a hostname is an alias for an IP address, a TNS name is an alias for
an OCI (Oracle Call Interface) connection string. This string identifies the database
server and the database instance to which you are connecting.
TNS is created and named after the global database name, while adding the database in
Oracle (for example, while creating the database, if you set the global database name as
LNLQA8 and the database SID as LENEL, the TNS will be LNLQA8:
LNLQA8 =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = TNCHOR1VM2)
(PORT = 1521)
)
)
(CONNECT_DATA =
(SERVICE_NAME = LENEL)
)
)
b. Click [Next].
8. The Oracle Net Configuration Assistant: Net Service name Configuration, Select Protocols page
opens.
a. Select TCP.
b. Click [Next].
9. The Oracle Net Configuration Assistant: Net Service Name Configuration, TCP/IP Protocol page
opens.
a. Host name: localhost (or Oracle server hostname, if live database is on a different server)
b. Select Use the standard port number of 1521.
c. Click [Next].
10. The Oracle Net Configuration Assistant: Net Service Name Configuration, Test page opens.
a. Select Yes, perform a test.

b. Click [Next].
11. The Oracle Net Configuration Assistant: Net Service Name Configuration, Connecting page
opens.
a. Click Change Login.
12. The Change Login dialog opens.
a. Username: <userid>
b. Password: <password>
c. Click [OK].
13. The Oracle Net Configuration Assistant: Net Service Name Configuration, Connecting page
opens.
a. Verify the details message is Connecting...Test successful.
b. Click [Next].
14. The Oracle Net Configuration Assistant: Net Service Name Configuration, Net Service Name
page opens.
a. Net Service Name: <TNS name for database>
b. Click [Next].
15. The Oracle Net Configuration Assistant: Net Service Name Configuration, Another Net Service
Name? page opens.
a. Select No.
b. Click [Next].
16. The Oracle Net Configuration Assistant: Net Service Name Configuration Done page opens.
a. Verify the message is Net service name configuration complete!
b. Click [Next].
a. Click [Finish].
Oracle Naming Methods and Net Service name have been configured.
Configure the Oracle 32-bit Driver

The Oracle 32-bit client includes the proper 32-bit ODBC driver to configure. To configure the data
source:
1. From the Windows Start menu, select ODBC Data Sources (32-bit).
Note: You want the 32-bit version of ODBC Data Source Administrator, not the 64-bit
version. You will find it in C:\Windows\SysWOW64\odbcad32.exe.
2. The ODBC Data Source Administrator (32-bit) dialog opens.
a. Select the System DSN tab.
b. Click [Add].
c. Select Oracle in OraClient19Home1.
d. Click [Finish].
3. The Oracle ODBC Driver Configuration dialog opens.
a. Data Source Name: ONGUARD_DBSourceOracle
b. Description: Oracle 19c Data Source for OnGuard

c. TNS Service name: LENEL

d. User ID: <userid>
e. Click [Test Connection].
4. The Oracle ODBC Driver Connect dialog opens.
a. Service Name: LENEL
b. User Name: <userid>
c. Password: <password>
d. Click [OK].
5. The Testing Connection dialog opens.
a. Verify that the message is Connection successful.
b. Click [OK].
6. Click [OK].
7. Click [OK].
The Oracle 32-bit data source has been created.
Install OnGuard
If you haven’t already installed OnGuard, do that before continuing the procedure for configuring
Oracle 19c.
Update Configuration Files

Some OnGuard components depend on the Oracle service provider Oracle.DataAccess.DLL to
access the Oracle database. This requires an entry in the file machine.config which is located in
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config.
Change the entry:
<system.data>
<DbProviderFactories />
</system.data>
to:
<system.data>
<DbProviderFactories>
<add name="Oracle Data Access Data Provider"
invariant="Oracle.DataAccess.Client"
description=".Net Framework Data Provider for Oracle Data
Access"
type="Oracle.DataAccess.Client.OracleClientFactory,
Oracle.DataAccess, Version=4.122.19.1, Culture=neutral,
PublicKeyToken=89b483f429c47342" />
</DbProviderFactories>
</system.data>

Also change:
<runtime/>
to:
<runtime>
<loadFromRemoteSources enabled="true"/>
</runtime>
Install Reports
Note: If you don’t need reports in a development environment, then this step is optional. You
might see a reports-related error at the end of DatabaseSetup, but you can ignore it.
Install Reports so that you can run report-based operations.
You are now prepared to run DatabaseSetup to populate an initial Oracle OnGuard database.
Install SQL Developer

SQL Developer is a GUI DBMS tool you can use to query and administer the Oracle OnGuard
database.
1. Download the Java 17 Development Kit from the Oracle website, then install the development
kit.
2. Extract sqldeveloper-21.2.0.187.1842-x64.zip to C:\SQLDeveloper.
3. Use Windows File Manager to launch C:\SQLDeveloper\sqldeveloper.exe.
a. The Oracle SQL Developer: Welcome Page opens.
b. Right-click on Oracle Connections (in the upper left hand corner) and choose New
Connection....
4. The New/Select Database Connection dialog opens.
a. Name: ONGUARD_ORACLE_DATABASE
b. Authentication type: Default
c. Username: <userid>
d. Password: <password>
e. Connection Type: Basic
f. Port: 1521
g. SID: LENEL
h. Click [Connect].
5. ONGUARD_ORACLE_DATABASE appears in the list of connections.
You can now use SQL Developer to view tables, columns, issue queries, and so on.


CHAPTER 3 Install and Configure Oracle 12c R2
Software
Oracle 12c R2 Server Software Configuration Overview

The following overview and instructions are for the following Oracle 12c R2 Server installations:
• Single instance database(s) (no Real Application Cluster [RAC]/grid control)
• Enterprise Edition
• Oracle Database 12c R2 Server
• Enterprise Manager Database Express
IMPORTANT: Instructions for installing and configuring Oracle assume that you have some
expertise in performing these activities. The procedures described in this
chapter have been validated internally at LenelS2, however, the exact process
may differ depending on your requirements and environment. Knowledge of
your environment is also assumed, and should be considered when performing
these steps. If your configuration includes any customizations, or a different
version of Oracle or Windows, then your procedures will differ from those
provided in this chapter. Make adjustments accordingly.
An Oracle 12c R2 compatible Oracle 32-bit client must be installed on each OnGuard system,
regardless of whether it will be an OnGuard Server or client, and independent of whether it is also the
Database Server. Oracle 64-bit clients will not work with the OnGuard software.
If you are using Windows 11 64-bit, you might need to run Oracle applications, such as the Net
Configuration Assistant, as an Administrator for configuration changes to persist.
If installing on a server with the IP address set to DHCP, then you must first configure a loop-back
adapter.
When installing and configuring Oracle 12c R2, do not close any Oracle windows while a program is
running. Doing so can result in configuration errors and loss of data. Instead, utilize the Oracle close
or cancel buttons.
The following steps are necessary to install and configure Oracle Server for use with OnGuard:
1. Perform pre-installation planning. For more information, refer to Step 1: Pre-Installation
Planning on page 30.

Install and Configure Oracle 12c R2 Software
2. Install Oracle Database 12c R2. For more information, refer to Step 2: Install Oracle Database
12c R2 Server Software on page 31.
3. Configure the Database Server’s Listener and Naming Methods by running the Net
Configuration Assistant from the database’s Oracle Home. For more information, refer to Step 3:
Configure the Live Database Home Net Configuration on page 32.
4. Create the Live database. For more information, refer to Step 4: Create the Live Database on
page 33.
5. If the Windows Firewall will be enabled on any Oracle client or server, then take the necessary
steps to avoid firewall issues. For more information, refer to Step 5: Run the Oracle Net
Configuration Assistant on page 34.
6. Create the Live Database Oracle users. For more information, refer to Step 6: Create the Live
Database Oracle Users on page 35.
7. Create the Archival database. For more information, refer to Step 7: Create the Archival
Database on page 36.
8. Install and configure the planned Oracle client. For more information, refer to Step 8: Install and
Configure the Planned Oracle Client on page 36.
9. Install OnGuard 8.2. For more information, refer to Step 9: Install OnGuard 8.2 on page 36.
Note: Setup Assistant runs automatically after the OnGuard installation completes.
Oracle 12c R2 Server Software Installation and Configuration

The following installation and configuration steps are for Oracle 12c R2. Steps will vary for other
versions of Oracle.
Step 1: Pre-Installation Planning

1. Review the Oracle Database Installation Guide 12c R2 for Microsoft Windows plan and pre-
installation sections. Be sure to note:
• Minimum physical RAM, hard drive space, and software requirements
• Virtual memory (swap) recommendations
• IP address requirements (such as that DHCP requires a loopback adapter)
2. Use the Pre-Installation Planning Worksheet on page 31 to specify the planned configuration,
including whether the system will archive to text files or to a separate database.
In addition to creating the required Live database, OnGuard provides two options for archiving
Events, Events Video Location, Alarm Acknowledgments, User Transactions, Visits Records, and
specific event types from the Live database tables. This helps keep the database from growing so
large over time that system performance is adversely affected. The archiving options are:
• Archive to text files
• Archive to an Archival database
Note: By default, OnGuard replicates all data that can be archived to the Global Server. For
this reason, you might wish to Archive to database on the Global Server only.
When deciding which Oracle Client to use, consider the recommendations and restrictions described
at https://partner.lenel.com/downloads/onguard/software. Once there, select Compatibility Charts
from the Choose type of download menu, and select the Databases chart.

Note: When accessing the Downloads section at https://partner.lenel.com, make sure to select
the version of OnGuard that is currently installed.
Also review Oracle’s Client/Server/Interoperability Support Matrix for Different Oracle Versions
(Doc ID 207303.1).
Pre-Installation Planning Worksheet
Sample OnGuard
Database OnGuard Live Archival
Configuration Database Database Oracle Client
SHost.sample
.com
Host Name
C:\app\Ouser
Oracle Base
C:\app\Ouser\
product\12.1.0\
Oracle Home dbhome_1
Sample\Ouser
Oracle Home
User
LnlLive.sample
Global .com
Database Name
LnlLive
Local Net
Service Name
(SID)
LnlLive.sample
.com
Service Name
1521
Port
Sample\
Authentication AuthUser
User*
* The specified user must be the same for the Live and Archival database, if present.
Step 2: Install Oracle Database 12c R2 Server Software

1. Launch the Oracle Universal Installer from the Oracle Database 12c R2 Server disc or folder by
running setup.exe.
Notes: Patch Sets are now released as part of Oracle full installation packages. To ensure you
have an approved version, go to https://partner.lenel.com/downloads/onguard/software.

Once there, select Compatibility Charts from the Choose type of download menu,
and then select the Databases chart.
When accessing the Downloads section at https://partner.lenel.com, make sure to select
2. The Configure Security Updates window opens. Complete the Email and Password fields, and
then click [Next]. You might need to provide Proxy server and port information.
3. The Download Software Updates window opens. If you wish to update the software, select the
preferred option, and then click [Next]. Or you can select Skip software updates, and then click
[Next].
Notes: Updates must be for an approved version of Oracle Database 19c or 12c R2 Server. The
list of approved versions can be found at: https://partner.lenel.com/downloads/onguard/
software. Once there, select Compatibility Charts from the Choose type of download
menu.
4. If you chose to update the software, the Apply Software Updates window opens. Select the
appropriate option for applying all updates, and then click [Next].
5. The Select Installation Option window opens. Select Install database software only, and then
click [Next].
6. The Grid Installation Options window opens. Select Single instance database installation, and
then click [Next].
7. The Select Product Languages window opens. Use the arrow buttons to move the desired
languages to the right pane, and then click [Next].
8. The Select Database Edition window opens. Select Enterprise Edition, and then click [Next].
9. In the Specify Oracle Home User window, select the windows account to run the Oracle services.
Oracle recommends using a non-Administrator Windows user. Click [Next].
10. The Specify Installation Location window opens. Modify the Oracle Base to match the Oracle
Base specified for the Live database in Step 1: Pre-Installation Planning on page 30, and then
click [Next].
11. The Prerequisite Checks window opens, followed by the Summary window.
a. Verify that the requirements are met, as shown in the Summary window.
b. Click [Install]. The installation progress is shown in the Install Product window.
Note: The installation process might take several minutes or more, depending on your system
resources.
12. The Finish window opens. Click [Close].
Step 3: Configure the Live Database Home Net Configuration

1. Start the Net Configuration Assistant from the database Oracle Home.
For more information, refer to “Using OnGuard on Supported Operating Systems” in the
Installation Guide.
2. The Net Configuration Assistant Welcome window opens.
a. Confirm that the Listener configuration radio button is selected.
b. Click [Next].

3. The Listener window opens.

a. Select the Add radio button.
b. Click [Next].
4. The Listener Name window opens.
a. Confirm that the Listener name is LISTENER.
b. If using a non-Windows Built-in user, then enter the Oracle Home User password.
c. Click [Next].
5. The Select Protocols window opens.
a. Confirm that TCP is a selected protocol.
b. Click [Next].
6. The TCP/IP Protocol window opens.
a. Select the Use the standard port number of 1521 radio option.
b. Click [Next].
7. The More Listeners window opens.
a. Confirm that the No radio button is selected.
b. Click [Next].
8. The Listener Configuration Done window opens. Click [Next].
a. Select the Naming Methods configuration radio button.
b. Click [Next].
10. The Select Naming Methods window opens.
a. In the Available Naming Methods list, select Easy Connect Naming.
b. Click the right arrow button.
c. Repeat steps a and b for Local Naming.
d. Click [Next].
11. The Naming Methods Configuration Done window opens. Click [Next].
12. Click [Finish].
Step 4: Create the Live Database

1. Start the Database Configuration Assistant from the database Oracle Home.
Installation Guide.
2. The Select Database Operation window opens.
a. Verify the Create a database radio button is selected.
b. Click [Next].
Note: The Configure an existing database, Manage Pluggable databases, and Delete
database options are enabled only if you have an existing database.
3. The Select Database Creation Mode window opens.
a. Select the Advanced configuration radio button.
b. Click [Next].
4. The Select Database Deployment Type window opens.
a. Select the Custom Database radio button.

b. Click [Next].
Note: Selecting a template that does not include datafiles gives you full control to specify and
change additional database parameters.
5. In the Specify Database Identification Details window:
a. Select the Create as Container database checkbox.
b. Select the Use Local Undo tablespace for PDBs checkbox.
c. Select Create a Container database with one or more PDBs.
d. Set Number of PDBs to 1.
e. Enter orclpdb in the PDB name field.
f. Click [Next].
6. The Select Database Storage Option window opens. Select Use template file for database
storage attributes, then click [Next].
7. De-select all options in the Select Fast Recovery Option window, then click [Next].
8. In the Specify Network Configuration Details window, select the Listener configured previously
and then click [Next].
9. The Select Database Options window opens.
a. Deselect all database components.
b. Click [Next].
10. The Specify Configuration Options window opens.
a. On the Memory sub-tab, select Use Automatic Shared Memory Management.
b. Adjust the slider so that approximately 75% of the memory is assigned to the SGA size field
and 25% of the memory is assigned to the PGA size field.
c. Click [Next].
11. In the Specify Management Options window:
a. Select the Configure Enterprise Manager (EM) database express checkbox.
b. In the EM database express port field, enter 5501.
c. Click [Next].
12. In the Specify Database User Credentials window, select Use the same administrative
password for all accounts, provide that password twice, and then click [Next].
13. The Select Database Creation Option window opens. Ensure the Create Database check box is
selected, then click [Next].
14. The Pre Requisite Checks window opens. If the checks pass, then it automatically transitions to
the Summary window. Confirm the configuration, and then click [Finish].
15. The Progress Page is shown. This might take over 5 minutes depending on system resources.
16. Upon completion, the Database Configuration Assistant window opens and shows key
information. Write down the EM Database Express URL, and then click [Exit].
17. From the Progress Page, click [Close] as long as all steps have a Finished status. Otherwise
investigate and resolve the issue.
Step 5: Run the Oracle Net Configuration Assistant

1. Start the Oracle Net Configuration Assistant.
2. The Welcome screen opens. Select Local Net Service Name configuration, then click [Next].
3. The Net Service Name Configuration screen opens. Select Add, then click [Next].

4. The Net Service Name Configuration, Service Name screen opens. Enter PDB1 in the Service
Name field, then click [Next].
5. The Net Service Name Configuration, Select Protocols screen opens. Select TCP, then click
[Next].
6. The Net Service Name Configuration, TCP/IP Protocol screen opens. Enter the host name in the
Host name field, select Use the standard port number of 1521, then click [Next].
7. The Net Service Name Configuration, Test screen opens. Select Yes, perform a test, then click
[Next].
8. The Net Service Name Configuration, Connecting screen opens. Click [Change Login], provide a
new username and password, click [OK], then click [Next].
9. Close the assistant.
Step 6: Create the Live Database Oracle Users

1. Open a Command Console window.
Installation Guide.
2. Change directory to the local folder with the modified scripts.
3. Start SQLPlus connecting as the Oracle System user to the Live database’s Local Net Service
Name.
For example, sqlplus system/<password>@<Local Net Service Name>.
4. Verify that Oracle connects properly. You should see “Connected to” in the console.
5. To create the Pluggable Database, from the SQLPlus SQL prompt, run the following: set
ORACLE_SID=LnlLive.
6. To connect to SQLPlus, run the following: sqlplus / as sysdba.
7. Run the following commands:
show pdbs
alter session set container=pdb1
Note: “pdb1” is the name of the pluggable database.

alter pluggable database open
8. From the SQLPlus SQL prompt, run the following: @@local folder
path\LenelUser.ora.
9. Verify there were no errors. You should see output similar to the following:
"User created."
"Role created." (IF Lenel user restricted)
"Grant succeeded." (Approximately 23 of these IF Lenel user
restricted)
"Commit complete." (IF Lenel user restricted)
"Grant succeeded."
"Commit complete."
10. If not configuring Windows Authentication, then skip to Step 7: Create the Archival Database on
page 36.
11. At the SQL prompt, run the following: @@WindowsUser_Authentication.ora.
12. Verify there were no errors. You should see output similar to the following:
"User created."

"Grant succeeded."
"Commit complete."
13. Exit SQL.
Step 7: Create the Archival Database
Notes: The following steps are only required if you plan to Archive to a database.
By default, OnGuard replicates all data that can be archived to the Global Server. For
this reason, you might wish to Archive to database on the Global Server only.
If you plan to archive to an Archival database, then create the Archival database by performing the
following steps after creating the Live database. References to the Live database or its settings should
be replaced with the Archival database or its settings.
1. Repeat Step 4: Create the Live Database on page 33 to create the Archival database, but:
a. Change the Database name to LnlArch.<fully qualified domain> or just LnlArch (depending
on whether your Database Server is in a domain or part of a workgroup) in the Global
Database Name field, or whatever you specified in the table entry for the OnGuard Archival
Database’s Global Database Name in Step 1: Pre-Installation Planning on page 30.
b. Use the same listener created for the Live database.
2. Repeat Step 6: Create the Live Database Oracle Users on page 35.
Note: Utilize the same local folder and scripts that were modified for the Live database.
3. The Archival database is now ready for use.
For detailed information about the Live and Archival databases, refer to the Archives Folder chapter
in the System Administration User Guide.
Step 8: Install and Configure the Planned Oracle Client

Oracle client software is required on every planned OnGuard Server and OnGuard client that will
connect to the Live and, if present, Archival database.
Install and configure the planned Oracle client. For detailed information about installing Oracle
Client 12c, refer to Oracle 12c Client Installation and Configuration on page 37.
Step 9: Install OnGuard 8.2

Install the OnGuard 8.2 software.
For detailed information about installing OnGuard, refer to the “Installing OnGuard 8.2” chapter in
the OnGuard 8.2 Installation Guide.
Note: If Windows single sign-on is used for database authentication, log in as the Windows
(domain or local) user specified during the Oracle user creation.

Oracle 12c Client Installation and Configuration
Step 1: Install Oracle 12c Client
IMPORTANT: If installing the 64-bit version of Oracle Database, you must also install the 32-
bit version of the client tools or OnGuard will not work properly.
Note: The Oracle Database Client requires the Microsoft Visual Studio 2013 Redistributable,
which is not part of the Basic package. For more information, refer to the Oracle Instant
Client Downloads page.
1. Launch Oracle Universal Installer from the Oracle Client 12c disc or folder by running
setup.exe.
Notes: Patch Sets are now released as part of Oracle full installation packages. To ensure you
have an approved version, go to https://partner.lenel.com/downloads/onguard/software.
Once there, select Compatibility Charts from the Choose type of download menu,
and then select the Databases chart.
2. The Select Installation Type window opens.

a. Select the Administrator radio button.
b. Click [Next].
3. If the Download Software Updates window opens, and if you wish to update the software, select
the preferred option, and then click [Next]. Or you can select Skip software updates, and then
click [Next].
Notes: Updates must be for an approved version of Oracle Client 12c. The list of approved
versions can be found at: https://partner.lenel.com/downloads/onguard/software. Once
there, select Compatibility Charts from the Choose type of download menu
4. If you chose to update the software, the Apply Software Updates window opens. Select the
appropriate option for applying all updates, and then click [Next].
5. The Select Product Languages window opens. Move the desired languages to the right pane
using the arrow buttons, and then click [Next].
6. The Specify Oracle Home User window opens. Select the windows account to run the Oracle
services. Oracle recommends using a non-Administrator Windows user. Use the same Oracle
Home User as the Live database you will be connecting to. Click [Next].
7. The Specify Installation Location window opens. Modify the Oracle base to match the Oracle
Base specified for the Live database if this Oracle client host is also the Oracle Live Database
host. Otherwise accept the defaults, and then click [Next].
Note: This recommendation should be acceptable even if the Oracle client and Oracle
database are different versions because the Software location should reflect a
differentiating version sub-directory as well as a unique home name.
8. The Summary window opens.

a. Verify that the settings meet the desired configuration.

b. Click [Install].
9. The Install Product window opens, showing the progress of the installation. The installation
process might take several minutes or more depending on your system resources.
Note: The Oracle Client cannot be installed on a Windows 11 64-bit workstation without the
Oracle Server.
10. The Finish window opens. Click [Close].
Step 2: Prevent Firewall Issues
Note: The following sub-steps are only required if your Oracle Server or Client firewalls are
enabled.
1. Open the Oracle LISTENER TCP port (typically port 1521) for Inbound and Outbound traffic.
Installation Guide.
2. To resolve port redirection issues, see Oracle Metalink Note 361284.1 and implement one of the
options presented.
Step 3: Add Local Net Services Name(s)

1. Start the Net Configuration Assistant from the client Oracle Home.
Installation Guide.
2. The Net Configuration Assistant Welcome window opens.
a. Confirm the Local Net Service Name configuration radio button is selected.
b. Click [Next].
3. The Net Service Name Configuration window opens.
a. Select the Add radio button.
b. Click [Next].
4. The Service Name window opens.
a. Enter the Live database’s Global Database Name.
b. Click [Next].
c. Verify TCP is selected and then click [Next].
d. Enter the Live database’s Host Name, accept the default standard port of 1521, and then
click [Next].
e. Select the Yes, perform a test radio button, and then click [Next].
f. Select the Change Login radio button.
g. Enter the Live database’s System User and Password.
h. Observe the details, which should indicate that the test was successful.
i. Click [Next].
j. Accept the default Net Service Name, which should match the Live database’s Local Net
Service Name (SID), and then click [Next].
k. Select the No radio button, and then click [Next].
5. The Net Service Name Configuration window opens. Click [Next].

6. If an Archival Database is utilized, then repeat steps 2 through 5, replacing the Live Database
settings and references with the Archival Database settings. Otherwise, continue to step 7.
7. Select the Naming Methods configuration radio button.
a. Click [Next].
8. The Select Naming Methods window opens.
Note: If the client host is also a database host, then these setting might already be present.
a. In the Available Naming Methods list, select Easy Connect Naming.
b. Click the right arrow button.
c. Repeat steps 8a and 8b for Local Naming.
d. Click [Next].
9. The Naming Methods Configuration Done window opens. Click [Next].
10. Click [Finish].


Advanced Installation
Topics
CHAPTER 4 Transparent Data Encryption
Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the database
and database log files. (Standard OnGuard log files are not encrypted.)
The encryption uses a database encryption key (DEK), which is stored in the database boot record for
availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the
Global database of the server or an asymmetric key protected by an EKM module. TDE protects data
“at rest,” meaning the data and log files. It provides the ability to comply with many laws,
regulations, and guidelines established in various industries.
For detailed information, refer to “Understanding Transparent Data Encryption” http://
msdn.microsoft.com/en-us/library/bb934049.aspx.
IMPORTANT: TDE does not provide encryption across communication channels. For more
information about how to encrypt data across communication channels, refer to
“Encrypting Connections to SQL Server” http://msdn.microsoft.com/en-us/
library/ms189067.aspx.
Enabling TDE
To utilize TDE for the OnGuard database, the system should have SQL Server 2016 or later installed.
To enable TDE, refer to the section, “Using Transparent Database Encryption” in the article,
“Understanding Transparent Data Encryption” http://msdn.microsoft.com/en-us/library/
bb934049.aspx.
Note: Encryption is CPU intensive. Therefore, servers with high CPU usage will suffer
performance loss.

Transparent Data Encryption
Backing up a TDE Protected Database

To back up a TDE protected database, refer to step 2 of the section, “To create a database protected by
transparent data encryption” in the article, “Move a TDE Protected Database to Another SQL Server”
http://msdn.microsoft.com/en-us/library/ff773063.aspx
When enabling TDE, you should immediately back up the certificate and the private key associated
with the certificate. If the certificate ever becomes unavailable or if you must restore or attach the
database on another server, you must have backups of both the certificate and the private key or you
will not be able to open the database.
Moving a TDE Protected Database

For information on moving a TDE protected database to another SQL Server, refer to http://
msdn.microsoft.com/en-us/library/ff773063.aspx.
If you need to move the database, the database can be attached or restored on another SQL Server.
Attach the Database to Another SQL Server

1. Detach the TDE protected database by using Management Studio. In Object Explorer, right-click
the database, point to tasks, and then select Detach.
2. Move or copy the detached database files from the source server to the same location on the
destination server.
3. Move or copy the backup of the server certificate and the private key file from the source server
to the same location on the destination server.
4. Create a database master key on the destination instance of SQL Server.
5. Recreate the server certificate by using the original server certificate backup file. The password
must be the same as the password that was used when the backup was created.
6. Attach the database that is being moved by using Management Studio. In Object Explorer, right-
click the database, and then select Attach.
Restore the Database on Another SQL Server

1. Back up the TDE protected database by using Management Studio. In Object Explorer, right-
click the database, point to tasks, and then select Backup.
2. Move or copy the backup database file from the source server to the same location on the
destination server.
3. Move or copy the backup of the server certificate and the private key file from the source server
to the same location on the destination server.
4. Create a database master key on the destination instance of SQL Server.
5. Recreate the server certificate by using the original server certificate backup file. The password
must be the same as the password that was used when the backup was created.
6. Restore the database that is being moved by using Management Studio. In Object Explorer, right-
click the database, and then select Restore.

CHAPTER 5 Unattended Installation of OnGuard
Overview
The unattended installation of OnGuard is supported by allowing you to access unattended setup
modes through the command line. Unattended setup mode is an installation that runs without an end-
user interface. OnGuard supports both client and server feature installations in unattended modes
without a user interface. The use of generic unattended mode installation allows broad support for
deployment automation and remote installation approaches.
Note: By performing unattended installations of OnGuard, you automatically accept the End
User License Agreement terms.
When OnGuard is installed in a user-attended mode, it includes several required prerequisites that are
delivered in the background during the OnGuard setup. In an unattended installation, each
prerequisite must be installed using its own unattended mode parameters. This results in the
unattended installation of OnGuard being a series of individual installation packages that are
deployed one at a time to deliver the entire product. Each of the individual installations also has its
own unique command line parameters. A single PowerShell script is provided to facilitate the entire
unattended installation process. For more information, refer to PowerShell Wrapper Script on
page 45.
For more information about advanced customizations, refer to Advanced Unattended Installation
Options on page 48. For information on how to directly call each installation in its unattended mode
without using the PowerShell wrapper, refer to the Running Setup Assistant in Unattended Mode on
page 54, as this option is for users wanting to port the series of individual unattended package calls
into a different installation management system.
PowerShell Wrapper Script

Note: OGCLIENT.iso was introduced in OnGuard 8.2 Update 1 for client installations.
Continue to use OG.iso is for Server installations.
The PowerShell script wrapper is provided in the root directory of the OnGuard installation image
(alongside setup.exe), and the solution consists of two files:

Unattended Installation of OnGuard
1. .\DeploymentSampleScripts\SilentServerInstall.ps1 for Server installations from the OG.iso

or .\DeploymentSampleScripts\SilentClientInstall.ps1 for client installations from the
OGCLIENT.iso.
2. SetupAssistantConfig.txt
To silently install OnGuard Servers, clients, or custom installations using the PowerShell wrapper,
you must determine the required parameters to pass into
.\DeploymentSampleScripts\SilentServerInstall.ps1 or
.\DeploymentSampleScripts\SilentClientInstall.ps1.
You must also maintain properties in the SetupAssistantConfig.txt file, which gets placed onto the
target system and used by the Setup Assistant tool when it runs at the end of the installation. This
section outlines how to determine and update these values to use the PowerShell wrapper to install
OnGuard.
Prerequisites
• The Application Server feature is not installed with OnGuard by default, but is available for
selection in custom server installations. If you plan to install this feature, you must also have
Microsoft IIS Services installed and enabled on the host system before deploying the Application
Server using the PowerShell wrapper.
• Copy SetupAssistantConfig.txt from the OnGuard installation source image to each of the
target system’s %userprofile% folder so it can be used from this default location by the
PowerShell wrapper and Setup Assistant. If the SetupAssistantConfig.txt file is copied and
hosted from a location other than %userprofile% then you must edit the
.\DeploymentSampleScripts\SilentServerInstall.ps1 script or
.\DeploymentSampleScripts\SilentClientInstall.ps1 script and update the
$SetupAssistantConfigFile property with your custom path. For more information,
refer to Running Setup Assistant in Unattended Mode on page 54.
• You must run PowerShell in Administrator mode.
• OnGuard Servers running Microsoft Windows 10 Professional or Windows 11 run the
PowerShell script in Restricted Mode by default. You must set the execution policy for this script
to Unrestricted Mode.
Syntax
PowerShell
When running a silent Server installation:
.\DeploymentSampleScripts\SilentServerInstall.ps1
– LicenseServer <string>
– DatabaseServer <string>
– Features <string>
When running a silent client installation:
.\DeploymentSampleScripts\SilentClientInstall.ps1
– LicenseServer <string>
– DatabaseServer <string>
– Features <string>

PowerShell Wrapper Script
Parameters
LicenseServer "<LicenseServerName>"
The LicenseServer parameter is passed as a quote-wrapped string containing the server name
of the OnGuard license server for this system.
DatabaseServer "<DatabaseServerName>"
The DatabaseServer parameter is passed a quote-wrapped string containing the server name
of the OnGuard database server for this system.
Features "<Client|Server|CommunicationServer>"
Note: With OnGuard 8.2 and later, the Silent Install wrapper will accept a single
“CommunicationServer” option in the feature parameters. Use this option to perform a
Communication Server-only installation.
The Features parameter contains a single quote-wrapped string that you can use to pass in
three different values:
– "Client" = all standard client features to be deployed with the installation
– "Server" = all standard server features to be deployed with the installation
– "CommunicationServer" = only the Communication Server feature (and supporting
core components) to be deployed with the installation
Examples
PowerShell
When running a silent Server installation:
.\DeploymentSampleScripts\SilentServerInstall.ps1 -LicenseServer
"OG-LICENSE1" -DatabaseServer "BND-M10" -Features "Server"
"localhost" -DatabaseServer "localhost" -Features "Server"
"OG-LICENSE1" -DatabaseServer "BND-M10" -Features
"CommunicationServer"
When running a silent client installation:

.\DeploymentSampleScripts\SilentClientInstall.ps1 -LicenseServer
"OG-LICENSE1" -DatabaseServer "BND-M10" -Features "Server"
.\DeploymentSampleScripts\SilentClientInstall -LicenseServer
"localhost" -DatabaseServer "localhost" -Features "Server"
"OG-LICENSE1" -DatabaseServer "BND-M10" -Features
"CommunicationServer"
Procedure
Perform the following steps to configure an unattended installation of OnGuard:
1. Mount the OnGuard Server installation OG.iso or the client installation CLIENTOG.iso file.

2. Copy SetupAssistantConfig.txt from the OG.iso or CLIENTOG.iso file to the target system’s
%userprofile%.
3. Launch PowerShell with Administrative privileges (you can run the script in either Windows
PowerShell 5.x or PowerShell Core 7.x).
PowerShell 5.x:
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe"
PowerShell Core 7.x:
"%ProgramFilesFolder%\PowerShell\7\pwsh.exe"
4. In PowerShell, run the unattended install wrapper from the mounted location of the image for
either a silent System or client installation:
.\DeploymentSampleScripts\SilentSystemInstall.ps1 -LicenseServer
"<License Server Name>" -DatabaseServer "<Database Server>" -
Features <Client|Server|CommunicationServer>"
or
"<License Server Name>" -DatabaseServer "<Database Server>" -
Features <Client|Server|CommunicationServer>"
Note: If the workstation is rebooted during any prerequisite installation, repeat the above steps
to relaunch and complete the installation.
The script performs these functions:
• The script detects upgrade installations automatically.
• The script executes from the folder where setup.exe exists.
• The script produces an OnGuardInstall_Silent.log file in the UsersProfile folder to help you
understand the progress of the installation or upgrade.
• The script is responsible for completing the installation along with prerequisites.
• Warning and informational prompts are suppressed during an unattended installation.
Advanced Unattended Installation Options

This section contains advanced installation information for users who cannot use the PowerShell
wrapper or need to author a more custom solution. This section shows many of the decisions and
command line parameters for individual calls that are constructed within the PowerShell wrapper.
You can also view the commands contained within the
.\DeploymentSampleScripts\SilentSystemInstall.ps1 script or
.\DeploymentSampleScripts\SilentClientInstall.ps1 script as a supplement to the information in
this section.
Fresh OnGuard Installations
Unattended Server Install

"<OnGuardDiskLocation>\setup.exe" /s /v"/qn /L*V
"<LOCATIONWHEREYOUWANT TO CREATE>" SYSTEMTYPE="S"
LICENSESERVER="<LICENSE-SERVER-HOSTNAME>" DSN="<DB-
SERVERHOSTNAME>"

DATABASETYPE="SQL" REBOOT=Suppress <FEATURELIST>"

– <OnGuardDiskLocation>: Location where the OnGuard installation media is available
– <LOCATIONWHEREYOUWANTTO CREATE>: Path where you want to create log file to
see the installation progress
– [LICENSE-SERVER-HOSTNAME]: The License Server host name
– [DB-SERVER-HOSTNAME]: The Database Server host name
– [FEATURELIST]: List of features to be installed as part of unattended server installation.
For more information, refer to Custom Installation on page 49.
Upgrade an Existing Installation of OnGuard Server

1. Export the registry key:
HKLM\SOFTWARE\WOW6432Node\Lenel\OnGuard
2. Get the product code key value from the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Lenel\OnGuard
3. Execute the command line:
msiexec.exe /x {ProductCode} /qn
Example: msiexec.exe /x {356DC8C4-4655-4046-9093-2616DA3A74DF} /qn
4. Import the registry key that you exported:
HKLM\SOFTWARE\WOW6432Node\Lenel\OnGuard
5. For OnGuard Server:
"<LOCATIONWHEREYOUWANTTO CREATE>\OnGuardSetup_Silent.log"
PREV101102="101" LICENSESERVER="<LICENSE-SERVER-HOSTNAME>"
DSN="<DB-SERVER-HOSTNAME>" DATABASETYPE="SQL" REBOOT=Suppress
Default Settings
• Fresh unattended server installation installs the OnGuard default features.
• OnGuard gets installed on the same drive where the operating system is installed.
• OnGuard Server is installed in Enterprise mode.
• Database Type is SQL, which means the database must be created by the user.
• Database user is Lenel.
• Upgrade unattended server installs DataConduIT Service, Documentation, and Help.
Note: There is no support for changing the DSN during unattended upgrade installations.
Instead, the previous DSN is picked automatically. If you must change the DSN, then
make the change after the upgrade installation has completed.
Additional Installation Options
Custom Installation
The following optional command line parameters allow you to select which features to include in the
installation. By default, all standard client features are included in the installation and are deployed
unless removed by an optional command line parameter. Only use the optional command line
parameter when you need to specify which features to include or exclude. If you do not specify
whether to include or exclude a feature, that feature is deployed based on its default feature level.

Note: Unless you have a specific intent to use the features not delivered by default in a
standard client, it is recommended that you do not include them in your custom
deployment.
["AlarmMonitoring","AreaAccessManager","BadgeDesigner","FormsDesi
gner","IDCredentialCenter","MapDesigner","SystemAdministration","
VideoViewer","VisitorManagement","ApplicationServer","Communicati
onServer","DataConduITService","DataExchangeServer","EnterpriseAd
ministration","GlobalOutputServer","IDAllocationService","Import"
,"LicenseSystemServer","LoginDriver","OpenAccess","Replicator","R
eportsDashboard","SetupDB","UniversalTimeConversionUtility","Vide
oArchiveServer","Event_Context_provider","LenelS2_Documentation",
"Help","CumulusConnector","ARA_Server","ARA_Standard","CHS_Server
","CHS_Standard","CHT_Server","CHT_Standard","CSY_Server","CSY_St
andard","DEU_Server","DEU_Standard","ESP_Server","ESP_Standard","
FIN_Server","FIN_Standard","FRA_Server","FRA_Standard","HEB_Serve
r","HEB_Standard","HRV_Server","HRV_Standard","HUN_Server","HUN_S
tandard","ITA_Server","ITA_Standard","JPN_Server","JPN_Standard",
"KOR_Server","KOR_Standard","LTH_Server","LTH_Standard","NLD_Serv
er","NLD_Standard","PLK_Server","PLK_Standard","PTB_Server","PTB_
Standard","ROM_Server","ROM_Standard","RUS_Server","RUS_Standard"
,"SKY_Server","SKY_Standard","SVE_Server","SVE_Standard","TRK_Ser
ver","TRK_Standard"]
Use the ADDLOCAL and REMOVE properties to include or exclude the features:
– ADDLOCAL: Property used to pass the list of features to install.
– REMOVE: Property used to exclude the list of features to install.
If a custom installation is required, then either the
.\DeploymentSampleScripts\SilentSystemInstall.ps1 script or
.\DeploymentSampleScripts\SilentClientInstall.psi script must be modified as follows:
Features that are required are added to ADDLOCAL, and features that are not required are added
to REMOVE.
For example:
$langpack =
"ARA_Server,ARA_Standard,CHS_Server,CHS_Standard,CHT_Server,CHT_
Standard,CSY_Server,CSY_Standard,DEU_Server,DEU_Standard,ESP_Ser
ver,ESP_Standard,FIN_Server,FIN_Standard,FRA_Server,FRA_Standard
,HEB_Server,HEB_Standard,HRV_Server,HRV_Standard,HUN_Server,HUN_
Standard,ITA_Server,ITA_Standard,JPN_Server,JPN_Standard,KOR_Ser
ver,KOR_Standard,LTH_Server,LTH_Standard,NLD_Server,NLD_Standard
,PLK_Server,PLK_Standard,PTB_Server,PTB_Standard,ROM_Server,ROM_
Standard,RUS_Server,RUS_Standard,SKY_Server,SKY_Standard,SVE_Ser
ver,SVE_Standard,TRK_Server,TRK_Standard"
$featureParam =
"ADDLOCAL=""AlarmMonitoring,AreaAccessManager,BadgeDesigner,
FormsDesigner,IDCredentialCenter,MapDesigner,
SystemAdministration,VideoViewer,VisitorManagement,
LenelS2_Documentation,Help,
$langpack"
"REMOVE=""ApplicationServer,CommunicationServer,
DataConduITService,DataExchangeServer,
EnterpriseAdministration,GlobalOutputServer,

IDAllocationService,Import,LicenseSystemServer,LoginDriver,
OpenAccess,Event_Context_provider,Replicator,
ReportsDashboard,SetupDB,UniversalTimeConversionUtility,
VideoArchiveServer,CumulusConnector"""
Note: If you want to install all OnGuard features, then set $featureParam to:
$featureParam = "ADDLOCAL=""ALL"""
Installing OnGuard In Another Directory

By default, OnGuard installs into the C:\Program Files (x86)\OnGuard directory. You can change
the default directory to any location you prefer. Simply pass an extra property INSTALLDIR=
"<Path to install OnGuard>" in the command line parameters as shown below:
"<LOCATIONWHEREYOUWANTTO CREATE>"
SYSTEMTYPE="S" LICENSESERVER="<LICENSE-SERVER-HOSTNAME>"
DSN="<DB-SERVER-HOSTNAME>" DATABASETYPE="SQL"
INSTALLDIR="C:\MyFolder\" REBOOT=Suppress <FEATURELIST>"
Installation Type
By default, OnGuard Server is installed in Enterprise mode. If installing OnGuard Server in Standard
Mode, the parameter ENTERPRISE=0 must be passed. For example:
cmd /c "<OnGuardDiskLocation>\setup.exe" /s /v"/qn /L*V
"<LOCATIONWHEREYOUWANTTO CREATE>" SYSTEMTYPE="S" LICENSESERVER
LICENSESERVER="<LICENSE-SERVER-HOSTNAME>" DSN= DSN="<DB-
SERVERHOSTNAME>" DATABASETYPE="SQL" ENTERPRISE=0 REBOOT=Suppress
<FEATURELIST>"
Database Types
By default, DatabaseType is SQL, which means the database must be installed and configured by the
user.
For SQL Server databases:
• SQL Server and database to be installed and configured separately by the user:
DATABASETYPE="SQL"
• SQL Server already installed (database will be configured by this installation):
DATABASETYPE="MSDE"
For Oracle databases:

• Oracle and database to be installed and configured separately by the user:
DATABASETYPE="Oracle"
For demo database:

• SQL Server already installed (a demo database will be configured by this installation):
DATABASETYPE="DEMO"
Server example:


DSN="<DB-SERVER-HOSTNAME>" DATABASETYPE="DEMO"
REBOOT=Suppress <FEATURELIST>"
Database User
The default database username is LENEL. You can change the default database username by
specifying an extra property DBLU ="<DB Username>" in the command line parameters as shown
below:
Server example:
DSN="<DB-SERVER-HOSTNAME>" DATABASETYPE="SQL" DBLU="DB USERNAME"
REBOOT=Suppress <FEATURELIST>"
Note: Ensure that the server is also configured using the same username.
Other Configurations
By default, the upgrade unattended server installs DataConduIT, Documentation, and Help. If these
are not required, they must be set to FALSE:
$doc="SEARCHALLUSERGUIDESFOUND=""FALSE"""
$help="SEARCHHELPDOC=""FALSE"""
$dataconduit="DATACONDUIT=""FALSE"""
Installing Third-Party Software Using “No UI” Mode

You must install the following third-party software using the following Command Prompt
commands:
DXManaged Installation
"msiexec.exe /i
"<OnGuardDiskLocation>\Windows\Temp\DXManaged\mdxredist.msi" /qn
CSSN SDK Installation

Copy-Item "$($currentpath)\Windows\Temp\CSSN_SDK\setup.iss"
$TempAcuant -Force
cmd /c "$($currentpath)\Windows\Temp\CSSN_SDK\sdk_setup_is.exe" /
s /a /s /f1"$($TempAcuant)\setup.iss" /f2$TempAcuant_log
Crystal Reports Installation

"msiexec.exe /i
"<OnGuardDiskLocation>\Windows\Temp\Crystal\CRRuntime_32bit_13_0_
16.msi" /qn UPGRADE=1

WMEncoder Installation
"msiexec.exe /i
"<OnGuardDiskLocation>\Windows\Temp\WMEncoder\WMEncoder.msi" /qn
VC++ Redistributable Installation

$VCPath= dir -Path $currentPath -Filter VC_redist.x86.exe -
Recurse | %{$_.FullName}
Write-Host $VCPath
cmd /c $VCPath /q /norestart
$VCPath1= dir -Path $currentPath -Filter VC_redist.x64.exe -
Write-Host $VCPath1
cmd /c $VCPath1 /Q /norestart
SQLSysClrTypes Installation
cmd /c msiexec.exe /i
"$($currentpath)\Temp\SQLServerManagementObjects\x64\SQLSysClrTyp
es.msi" /qn
Shared Management Objects Installation

cmd /c msiexec.exe /i
"$($currentpath)\Temp\SQLServerManagementObjects\x64\SharedManage
mentObjects.msi" /qn
Erlang and Rabbit Installation

This must be installed only if performing a Server Installation:
$ErlangPath = dir -Path $currentPath -Filter otp_win64*.exe -
Write-Host $ErlangPath
cmd /c call $ErlangPath /S
cmd /c setx /m RABBITMQ_BASE "${Env:ProgramData}\Lnl\RabbitMQ" |
Out-Null
cmd /c set RABBITMQ_BASE="${Env:ProgramData}\Lnl\RabbitMQ" | Out-
Null
$RabbitPath = dir -Path $currentPath -Filter Rabbit*.exe -Recurse

| %{$_.FullName}
Write-Host $RabbitPath
cmd /c $RabbitPath /S
cmd /c set ERLANG_HOME= "${Env:ProgramFiles}\erl10.4" | Out-Null

cmd /c setx /m ERLANG_HOME "${Env:ProgramFiles}\erl10.4" | Out-
Null
cmd /c set HOMEDRIVE=%SystemDrive%
cmd /c set HOMEPATH=\Windows\System32\config\systemprofile\

Running Setup Assistant in Unattended Mode

You can run Setup Assistant in Unattended Mode. Setup Assistant runs in Unattended Mode
automatically if using the .\DeploymentSampleScripts\SilentSystemInstall.ps1 or
.\DeploymentSampleScripts\SilentClientInstall.ps1script file. In this mode, Setup Assistant can be
started from a command line with provided input parameters so that it executes without requiring user
interaction. You provide the parameters by including the string "/QUIETMODE:" followed by a list
of parameter name/value pairs, in the format <parametername>=<parametervalue>, as
shown in the example:
StpAssistant.exe /
QUIETMODE:DsnName=OdbcLocal;DatabaseType=SqlServer;
The following table shows the supported parameter names, along with their meanings and default
values:
Unattended Mode Parameters for Setup Assistant
Setup
Assistant
Step Parameter Default Description Notes
Configuration DsnName Setting in ACS.ini The OnGuard ODBC

Editor DSN name.
DatabaseType Setting in ACS.ini The OnGuard

database type. The
possible values are
"SqlServer" and
"Oracle".
DatabaseServerName Setting in ACS.ini The OnGuard

Database Server
name.
DatabaseName Setting in ACS.ini The OnGuard

database name.
DatabaseUserName Setting in The user name to log

application.config into the OnGuard
database if it is not
using Windows
Authentication.
IsWindowsAuthentication Setting in Indicates if the

application.config OnGuard database is
using Windows
Authentication.
DatabasePassword Setting in The user password to

application.config log into OnGuard
database if it is not
using Windows
Authentication.
LicenseServerName Setting in ACS.ini The License Server

host name.
LicenseServerPort Setting in ACS.ini The License Server

port.

Unattended Mode Parameters for Setup Assistant (Continued)
Setup
Assistant
System SystemLicenseUserName Empty The user name for The user name or
License logging into the password is only
License Server. used to change
license
SystemLicensePassword Empty The password for Maintenance
logging into the Mode to Normal
License Server. Mode. If the
License Server is
running in
Maintenance
Mode, you must
provide the
SystemLicense-
UserName and
SystemLicense-
Password to
change it to
Normal Mode.
SystemLicenseOperationType null Possible values are:

• Activate: Setup
Assistant
activates the
license.
• Return: Setup
Assistant returns
the license.
SystemLicenseFile Empty The license file full LenelS2 only

name. supports
activating and
SystemLicenseSubscriptionFile Empty The subscription returning a
license file full name. FlexNet license
when Setup
Assistant runs in
Unattended
Mode.

Setup
Assistant
Database DatabaseInstallationPassword "Secur1ty#", The password of

Installation "Expre$$", and database user "SA".
blank Setup Assistant
attaches the SQL
Server MDF file with
user "SA".
DatabaseInstallationSourcePath OnGuard Setup Assistant

Installation Path creates the database
+ "\DBSetup\" + by attaching the SQL
Default database Server MDF file. This
file name such as is the MDF source file.
"C:\Program Files
(x86)\OnGuard\
DBSetup\
AccessControl_
Data.mdf"
DatabaseInstallationDemoSourcePath OnGuard If a Demo database

Installation Path installation, Setup
+ "\DBSetup\" + Assistant creates the
Default Demo database by attaching
database file the demo MDF file.
name such as This is the demo MDF
"C:\Program Files source file.
(x86)\OnGuard\
DBSetup\
AccessControl
Demo_Data.mdf"
DatabaseInstallationTargetPath SQL Server data The database

directory such as installation target path.
"C:\Program
Files\Microsoft
SQL
Server\MSSQL14
.MSSQLSERVER
\MSSQL\DATA"

Setup
Assistant
Database EncryptionGenerateRandomKey TRUE True to generate a

Setup random key. Otherwise
generates a key from a
passphrase, or allows
you to import the key
from a file.
EncryptionPassphrase Empty string The passphrase used Available if

to generate a key. Encryption-
Generate-
RandomKey is
FALSE and
Import-
EncryptionKey-
File is empty. The
maximum length
is 36. The
minimum length is
10.
EncryptionRecoverable True True allows LenelS2 to

help you recover the
encryption key if there
is a system failure.
False disables key
recovery.
ImportEncryptionKeyFile Empty string Path to the *.og file Can be used only
that contains the if Encryption-
encryption key used to Generate-
encrypt database. RandomKey is
FALSE and
Encryption-
Passphrase is
empty.
EncryptionKeyFile Empty string The file that will store Required if

the encryption key. Encryption-
Generate-
RandomKey is
TRUE.
OnGuardUserName Empty string The SA or SA delegate This parameter is

user name. required if
performing an
upgrade
installation.
OnGuardUserPassword Empty string The password of the This parameter is

SA or SA delegate required if
user. performing an
upgrade
installation.

Setup
Assistant
Database LiveDatabaseBackupSetName Live database The SQL Server Setup Assistant

Backup name + "Backup" backup set name cannot backup an
such as when backing up the Oracle database.
"AccessControl Live database. This step is
Backup" skipped for Oracle
databases
LiveDatabaseBackupSetDescription Setup Assistant- The SQL Server automatically.
generated backup set description
backup when backing up the
Live database.
LiveDatabaseBackupPath SQL Server The Live database

backup directory backup file path.
+ Live Database
Name + ".bak"
such as
"C:\Program
Files\Microsoft
SQL
Server\MSSQL14
.MSSQLSERVER
\MSSQL\Backup\
AccessControl
.bak"
LiveDatabaseBackupSkip FALSE If true, do not backup

the Live database.
Otherwise, back up the
Live database.
ArchivalDatabaseBackupSetName Archival The SQL Server

database name + backup set name
"Backup" such as when backing up the
"AccessControl_ Archival database.
Archival Backup"
ArchivalDatabaseBackupSetDescription Setup Assistant- The SQL Server

generated backup set description
backup when backing up the
Archival database.
ArchivalDatabaseBackupPath SQL Server The Archival database

backup directory backup file path.
+ Archival
Database Name
+ ".bak" such as
"C:\Program
Files\Microsoft
SQL
Server\MSSQL14
.MSSQLSERVER
\MSSQL\Backup\
AccessControl_
Archival.bak"
ArchivalDatabaseBackupSkip FALSE If true, do not back up

the Archival database.
Otherwise, backup the
archival database.

Setup
Assistant
Service Log ServiceLogOnUserName Empty The user name of the

On account for the service
to log on.
ServiceLogOnPassword Empty The password of the

account for the service
to log on.
ServiceLogOnServiceNames All services The list of service

names for which the
log on account needs
to be changed. Below
is the default list:
LS Application Server,
LS Site Publication
Server, LS Event
Context Provider, LS
Web Event Bridge,
JRService
LS Message MessageBrokerHostName Setting in The name of the host

Broker database, or running the LS
Service Cluster name, or Message Broker
local machine's Service.
Fully Qualified
Domain Name if it
is not configured
in the database.
OverwriteExistingCertificate False The Setup Assistant

can issue a new SSL
certificate on upgrade,
or if the common name
in the SSL certificate
does not match the LS
Message Broker host
name. This new
certificate would
overwrite the existing
certificate file located
in the default location.
Set this parameter to
True to allow Setup
Assistant to overwrite
the existing certificate.
UseHostNameInCertificate False The common name in

the SSL certificate
might not match the LS
Message Broker host
name. If this property
is set to True, use the
common name in the
SSL certificate as the
host name of LS
Message Broker
Service.
OnGuard ReportDatabaseUserName Setting in The database user

Report & application.config name used to create
Dashboards the OnGuard report
Database database.
ReportDatabaseUserPassword Setting in The database user

application.config password used to
create the OnGuard
report database.

Setup
Assistant
Not ConfigFile Empty The file name If a valid file is

applicable (including path) of a provided, all other
text file containing a Unattended Mode
list of input parameters parameters are
to be used when ignored, since
running they will be read
SetupAssistant in from the file
Unattended Mode. instead.
Each parameter
should appear on a
separate line in the file,
in the format
parameter=value.
Unattended Mode Error Reporting

Setup Assistant returns codes to the calling script to indicate success or error information. If 0 is
returned, Setup Assistant executed successfully.
The following list describes all of the codes, which you can use to troubleshoot errors:
0 Success
1 Failed to save database or license configuration
2 Can not connect to database
3 Can not connect to archival database
4 Incorrect database or license setting
5 Database or license setting is not synched
6 DNS name not exist
7 Unexpected error in configuration editor step
8 Failed to setup report database
9 Unexpected error in JReport step
10 Unexpected error in reports database step
11 Failed to set service to automatic delayed start
12 Failed to set service delay start flag
13 Unexpected error in service start step
14 Can not upgrade database
15 Live database does not exist
16 Archival database does not exist
17 Unexpected error in database setup step
18 Failed to attach database
19 Failed to copy databasefile
20 Failed to make database file writable
21 Failed to add lenel user to database

22 Failed to add current windows user to database

23 Invalid database source file
24 Can not connect to database in installation step
25 Can not install database in remote server
26 Database files are marked as readonly
27 Unexpected error in database installation step
28 Failed to backup database
29 Unexpected error in database backup step
30 Failed to restart message broker service
31 Failed to update message broker host name
32 Failed to save message broker setting in database
33 Invalid message broker host name
34 Invalid message broker advanced config file
35 Invalid RabbitMQ config file
36 Can not connect to message broker
37 Can not overwrite existing certificate
38 File "lnl_app_root_certificate_installer.exe" does not exist
39 File "lnl_app_root_certificate_installer_legacy.exe" does not exist
40 File "lnl_app_server_certificate_installer.exe" does not exist
41 RabbitMQ advanced config file "advanced.config" does not exist
42 RabbitMQ tool file "rabbitmqctl.bat" does not exist
43 RabbitMQ file "rabbitmq-service.bat" does not exist
44 OnGuard certificate file "ca.cer" does not exist
45 Message Broker host name not configured
46 Message Broker port not synched
47 Message Broker certificate error
48 Message Broker certificate name mismatch
49 Unexpected error in message broker step
50 Unable to enable fire wall exceptions
51 Unable to update security utility system settings
52 Not all security utility actions applied
53 Unexpected error in security utility step
54 Failed to verify service logon user
55 Failed to change service logon user
56 Service logon user name or password is empty

57 Unexpected error in service logon step

58 Failed to change license user name and password
59 Failed to start flexnet service
60 Failed to encrypt license user name and password
61 Failed to activate license
62 Failed to return license
63 Invalid license
64 Invalid license server name
65 Invalid system license file
66 Invalid system license subscription file
67 Can not connect to license server
68 Can not install license in remote server
69 File "installanchorservice.exe" does not exist
70 License server admin page not available
71 License service run in maintenance mode
72 No valid license to activate
73 Failed to login setup assistant
74 Dispatcher unhandled exception
75 Unexpected error
76 Failed to check login driver connection

CHAPTER 6 VMware
VMware provides a way to create a virtual machine. OnGuard Server software and the
Communication Server are certified to run on VMware ESXi.
VMware Installation
Installation of VMware ESXi should be performed according to the manufacturer documentation. Be
sure the physical server (host) and storage array are listed on the hardware compatibility list for ESXi
to meet the minimum requirements.
Also, take into consideration the minimum requirements of the applications that will be installed on
the virtual machine (guest).
Virtual Machine Setup

Once installation of ESXi is complete, start the vSphere Client. Using the vSphere Client, connect to
the ESXi Server and create a new virtual machine.
Creating a New Virtual Machine

1. From the vSphere Client, click File > New > New Virtual Machine. Doing so launches the
Create New Virtual Machine wizard.
2. Select the configuration for the virtual machine by defining the operating system, machine name,
disk capacity, etc. If needed, some of these settings (for example, memory) may be modified
after the virtual machine has been created.
3. Install the operating system.
4. Install VMware Tools.
Note: For more detailed information, refer to the VMware documentation.

VMware
5. Once the virtual machine has been created, install OnGuard according to the instructions in the
Installation Guide.
Recommended Hardware Configurations

The following are general recommendations for a virtual instance and may change depending on the
size and usage of the overall system.
OnGuard VMware configurations
Configuration RAM Available Disc Space CPU Cores
32ES and ADV 16 GB 200 GB with thick 4

provisioning
PRO, ENTREG, and 16 GB 200 GB with thick 4

ENTMAS provisioning
Client PC 16 GB 200 GB with thick 2

provisioning
Video Client Not supported

CHAPTER 7 Using SNMP with OnGuard
Note: OnGuard only supports SNMPv1 Traps, whether they are sent when OnGuard is
configured as an Agent, or if they are received when OnGuard is configured as an
SNMP Trap Manager.
SNMP (Simple Network Management Protocol) is used primarily for managing and monitoring
devices on a network. This is achieved through the use of get and set requests which access and
modify variables on a given device, as well as SNMP traps which are used to notify Managers of
changes as they occur. The device which is being managed or monitored is called the Agent. The
application that is doing the managing or monitoring is called the Manager. You can think of a
Manager as the coach of a team, and Agents as all the players on the team. The following diagram
illustrates how OnGuard can be used as an SNMP Manager:
OnGuard as an SNMP Manager
OnGuard
Database
SNMP
s Agent
T rap
SNM P
SNMP
SNMP Traps
Agent
SNM P
T raps
SNMP
Alarm Monitoring Workstation Agent
Communication Server with

SNMP Manager running on it
Agents generate trap messages, which are sent to a Manager to indicate that something has changed.
Trap messages generally contain the system uptime, the trap type, and the enterprise number.
OnGuard uses Enterprise specific trap messages to send alarms to SNMP Managers. OnGuard
generates trap messages, but does not listen for messages from SNMP Managers. The following
diagram illustrates how OnGuard can be used as an SNMP Agent:

Using SNMP with OnGuard
OnGuard as an SNMP Agent
SNMP
Agent
r a ps
SNMP T
SNMP
SNMP Traps
Agent
SNMP
Traps
SNMP Manager OnGuard
system
Configuring OnGuard as an SNMP Agent requires the use of DataConduIT and the DataConduIT
Queue Server, as shown in the diagram that follows.

(Internal Architecture)
OnGuard system
Internal
architecture OnGuard
of OnGuard Database
system
Linkage Server
DataConduIT
DataConduIT Queue Server
SNMP
SNMP SNMP
Agent Agent
Third-party
SNMP Manager

Why use SNMP with OnGuard? This depends on whether you are using OnGuard as an SNMP
Manager or as an SNMP Agent.

When OnGuard is used as an SNMP Manager:
• You can monitor hardware or software applications in OnGuard that you couldn’t monitor before
without a specific integration.
• If you already have OnGuard installed and are using a third-party application to monitor SNMP
traps, you can now move that functionality over to OnGuard and monitor everything in a central
location.
• By loading into OnGuard the MIB file for the SNMP Agents you are monitoring, you can
customize how the information from the SNMP Agent is displayed in Alarm Monitoring
• Based on the information received and displayed in OnGuard, you can create custom alarm and
Global I/O linkages for the trap, as well as take advantage of other existing OnGuard
functionality.
To set up OnGuard to function as an SNMP Manager, you must configure an SNMP Manager on a
workstation. This is done through System Administration. In addition to configuring the SNMP
Manager, you can also load up third party MIB files into OnGuard, which will allow you to customize
how SNMP Traps are handled and displayed in the OnGuard software. For more information, refer to
the SNMP Managers Folder chapter in the System Administration User Guide.

OnGuard hardware and software events can be reported as SNMP traps to third-party applications
with SNMP trap support.
To configure OnGuard as an SNMP Agent, you must configure an SNMP Trap Message queue within
the DataConduIT Message Queue configuration in System Administration. You can specify what
events you want sent out through this queue (as SNMP Traps) and where you want them sent. For
more information, refer to the DataConduIT Message Queues Folder chapter in the System
Administration User Guide.
After setting this up, you must load the lenel.mib file (located in the SNMP folder on the OnGuard
Supplemental Materials media) into your SNMP Manager application. For more information, refer to
the SNMP Managers Folder chapter in the System Administration User Guide.
Configuring SNMP
The following steps must be completed before you configure OnGuard as either an SNMP Manager
or an SNMP Agent:
1. Install the Windows SNMP components. You will need your Windows CD to complete this
procedure. For more information, refer to Install the Windows SNMP Components on page 68.
2. Install a license with SNMP support.

To configure OnGuard as an SNMP Manager, refer to Configuring OnGuard as an SNMP Manager

on page 70.
Install the Windows SNMP Components

Before configuring an SNMP Manager to run on a Communication Server, the Windows SNMP
components must be installed on the Communication Server machine.
IMPORTANT: You will need your Windows CD to complete this procedure.
1. In Windows, open the Control Panel. For more information, refer to “Using OnGuard in the
Supported Operating Systems” in the Installation Guide.
2. Double-click “Add or Remove Programs”.
3. The Add or Remove Programs window opens. Click “Add/Remove Windows Components”.
4. The Windows Components Wizard window opens. Select the Management and Monitoring
Tools check box.
5. Click [Details].
6. The Management and Monitoring Tools window opens. Verify that the Simple Network
Management Protocol check box is selected, and then click [OK].
7. Click [Next].

Configuring SNMP
8. The Configuring Components window opens. The status bar is updated as the installation
proceeds.
9. When prompted, insert the Windows CD-ROM.

a. If the Windows autorun screen opens, close it.
b. If your CD-ROM is the D drive, click [OK].
c. If your CD-ROM is not the D drive by default, navigate to the correct drive letter of your
CD-ROM. Select the I386 folder, and then click [OK].
10. A message indicating that you have successfully completed the Windows Components Wizard is
displayed. Click [Finish].

Install a License with SNMP Support

The following SNMP features in OnGuard are licensed:
• Support for SNMP Managers. If you are licensed to use this feature, “SNMP Managers Support”
in the Access Control Options section is set to “true”.
• Number of SNMP trap message queues. The number of queues you are licensed to use is
displayed in the “Maximum Number of SNMP Trap Message Queues” setting in the General
section of the license.
Configuring OnGuard as an SNMP Manager

Prerequisites:
To configure OnGuard as an SNMP Manager:
1. Add an SNMP Manager using System Administration. For more information, refer to Add an
SNMP Manager on page 70.
2. Add Agents using System Administration. For more information, refer to Add Agents on
page 71.
3. Load the MIB file(s). For more information, refer to Load the MIB File(s) on page 72.
Add an SNMP Manager

1. In System Administration, select SNMP Managers from the Additional Hardware menu. The
SNMP Managers folder opens.
2. On the SNMP Managers tab, click [Add].
3. If segmentation is not enabled, skip this step. If segmentation is enabled:
a. The Segment Membership window opens. Select the segment that this SNMP Manager will
be assigned to.
b. Click [OK].
4. In the Name field, type a name for the SNMP Manager.
5. Select whether the SNMP Manager will be online.
a. Allow the Online check box to remain selected if you want the SNMP Manager to be ready
for use. When an SNMP Manager is online, the Communication Server listens for trap
messages from SNMP Agents.
b. Deselect the Online check box if the SNMP Manager is not ready for use. When an SNMP
Manager is not online, the Communication Server does not listen for trap messages from
SNMP Agents.
6. On the Location sub-tab, select the Workstation (or server) that the SNMP Manager is or will be
running on in order to receive events. The Communication Server must be present on the
specified workstation. You can either type the name in the field, or use the [Browse] button to
view a list of available workstations.

Notes: You are required to enter the workstation’s NetBIOS name. (The NetBIOS name is
specified when Windows networking is installed/configured.)
Only one SNMP Manager is allowed to run on each Communication Server. You can
have several Communication Servers running with an SNMP Manager on each one and
have all Agents in that part of the network configured to report to the local Manager.
This would help localize network traffic.
7. Click [OK].
Add Agents
If OnGuard receives an event from an Agent that has not been defined, it will automatically add an
Agent for it and have the default name set to the IP address of the Agent. You can then go in and
modify the Name to whatever you want. On a segmented system, Agents are added to the Manager’s
segment by default, but they can also be assigned to different segments as well.
To add an Agent manually:
2. Click the SNMP Agents tab.
3. Click [Add].
4. In the Name field, type a name for the SNMP Agent.
5. In the IP address field, enter the IP address of the SNMP Agent.
6. (Optional) In the Location field, enter the location of the SNMP Agent.
7. (Optional) In the Description field, enter a description of the SNMP Agent.
8. Click [OK].
9. Repeat steps 1-8 for all Agents you wish to add.
MIB File Overview

SNMP reports its information through the use of variables with name/value combinations. Many of
the SNMP variables are designed for network applications or hardware. MIB (Management
Information Base) files describe an enterprise’s variable structure and allow a user to report
hardware-specific information. Inside a MIB file, an enterprise number is specified. Nearly every
company that has an application (hardware or software) that reports events has an enterprise number.
This allows them to control and define all variables under this number.
The enterprise number is used as part of the Object Identifier (OID). A company’s enterprise OID is
1.3.6.1.4.1 followed by their enterprise number. MIB files allow labels to be applied to the numbers in
an OID. Using the standard MIB files for SNMP, the enterprise OID would be
iso.org.dod.internet.private.enterprises followed by the label for the company’s enterprise number
provided by their MIB file. In this MIB file, you define all other variables that you will be using.
These variables are identified by OIDs. The SNMP Trap Messages DataConduIT Message Queue
type allows OnGuard to report events through SNMP trap messages. OnGuard uses the lenel.mib file
to specify the variables to use. For example, one variable in the lenel.mib file is
1.3.6.1.4.1.15714.1.1.2.1, which translates to:
iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).lenel(15714).onGuard
(1).event(1).hardwareEvent(2).description(1)
If the lenel.mib file is loaded, the variable in the previous example is shown on the SNMP
Management Information Base form.

Load the MIB File(s)

The Management Information Base (MIB) file is used to describe an enterprise’s variable structure.
The lenel.mib file is located in the SNMP folder on the OnGuard Supplemental Materials media. To
load a MIB file into the OnGuard software:
1. Save the MIB file you wish to load to the computer. Remember the location where you save it.
2. If necessary, save any files that contain modules required by the MIB files in the SNMP-
IMPORT-MIBS folder in the OnGuard installation directory. By default, this is C:\Program
Files (x86)\OnGuard\SNMP-IMPORT-MIBS. The following eight (8) files are installed to that
location by default:
• RFC1155-SMI.txt
• RFC1213-MIB.txt
• RFC-1215.txt
• SNMPv2-CONF.txt
• SNMPv2-MIB.txt
• SNMPv2-SMI.txt
• SNMPv2-TC.txt
• SNMPv2-TM.txt
Notes: This location can be changed in the ACS.INI file by adding the following setting:
[SNMPManager]
MIBDir=“drive:\absolute\path\to\MIB\directory”
Administrator permission may be required to make changes to the ACS.ini file and save
it in the windows directory.
This directory is processed when a MIB file is loaded in order to load modules that may be
imported into the MIB file being loaded. Only files containing imported modules should be
saved in this directory. In most cases, the default files in this directory are sufficient. If additional
files are required, determine which additional files define the modules imported by the MIB file
and place them in this directory.

If a MIB file for an imported module is not present in this directory and the processor encounters
an undefined identifier in the MIB file it’s parsing, it will log an error to MIBProcessor.log in the
C:\ProgramData\Lnl\logs directory.
4. Click the SNMP Management Information Base tab.
5. Click [Add].
6. The Open window is displayed. Navigate to the MIB file you wish to load, and then click [Open].
In this example, the lenel.mib file is being loaded.
7. The MIB file will be processed.

• If the MIB file is successfully parsed, the results will be displayed in the Enterprise variables
listing window. You can expand the items in the tree and look at the defined variables.
• If the MIB file cannot be parsed, an error will be generated, which is written to the
MIBProcessor.log file. An error is most likely due to a malformed MIB file or a lack of
certain MIB files that are imported by the MIB file you are trying to parse.
Note: After a MIB file has been loaded into OnGuard, the actual file is no longer needed.
Modify an SNMP Management Information Base Variable

2. Click the SNMP Management Information Base tab.
3. Expand the items in the Enterprise variables listing window.
4. Click on the variable you wish to modify, then click [Modify].
5. Change the Label if you wish.
6. Enter a Description for the variable if you wish.
7. Select the Use in alarm description check box if the node’s information will be used in the
alarm description column of Alarm Monitoring. You can have this option set on multiple nodes
and for each one that appears in the trap message as a variable, it will be included in the alarm
description. The variable name will be discarded.
8. Select the Include label with value check box if you selected the Use in alarm description
check box and if you want to see the variable name with the value.
9. Select the Use leaf node only check box if you want the SNMP Manager to ignore anything
“higher” than this node in the OID.
10. Click [OK].

SNMP Reports
Reports are run from System Administration or ID CredentialCenter. For more information, please
refer to the Reports Folder chapter in the System Administration or ID CredentialCenter User Guide.
There are two SNMP-related reports that can be run:
• SNMP Agents - lists all SNMP Agents sorted by segment and name
• SNMP Management Information Base Configuration - lists all MIB data grouped by enterprise
The SNMP Management Information Base Configuration report lists each node’s label and OID
(Object ID) description. If configured, the following additional options will also be listed:
• Use in alarm description
• Include label with value
• Use leaf node only for label
Configuring OnGuard as an SNMP Agent

Prerequisites:
To configure OnGuard as an SNMP Agent:
1. Add a new DataConduIT Message Queue of the type “SNMP Trap Messages” in System
Administration. For more information, refer to Add a DataConduIT Message Queue of Type
“SNMP Trap Messages” on page 74.
2. Load the lenel.mib file. For more information, refer to Load the lenel.mib File on page 75.
Note: For more information, refer to the DataConduIT Message Queues Folder in the System
Administration User Guide.
Add a DataConduIT Message Queue of Type “SNMP Trap Messages”

1. From the Administration menu, select DataConduIT Message Queues.
2. On the DataConduIT Message Queues form, click [Add].
3. The Add DataConduIT Message Queue window opens.
a. Select the “SNMP Trap Messages” Queue type.

SNMP Manager Copyright Information
b. Click [OK].
4. On the General sub-tab:
a. In the Queue name field, type the name of the queue. The name is case-sensitive.
b. In the SNMP manager field, type the name of the queue manager.
c. Note that the Queue type and Operation that you selected are displayed, but cannot be
modified.
5. On the Settings sub-tab:
a. If you wish to have photo, signature, and fingerprint information sent in messages, select the
Include photos and signature in messages check box.
Note: Including photo information in the messages makes the size of the message sent much
larger.
b. Select whether a message will be sent when cardholder, badge, visitor, and linked accounts
are added, modified, or deleted.
c. If you wish to have a message sent when an access event occurs, select the Send a message
when access events occur check box.
d. If you wish to have a message sent when a security event occurs, select the Send a message
when security events occur check box.
6. Using the Advanced sub-tab is optional and for advanced users. On the Advanced sub-tab you
may:
a. Type an object event WMI query directly into the Object event WMI query textbox.
b. Type an access and security event WMI query directly into the Access and security event
WMI query textbox.
7. Click [OK].
Load the lenel.mib File

After configuring the SNMP Trap Messages queue, load the lenel.mib file into the SNMP Manager
so that it knows how to handle and display the variables it receives. The lenel.mib file is located in
the Support Center\SNMP folder on the OnGuard Supplemental Materials media.
If you are using OnGuard as an SNMP agent please refer to the documentation for the third-party
SNMP Manager you are using to monitor the OnGuard software.

---- Part 1: CMU/UCD copyright notice: (BSD like) -----
Copyright 1989, 1991, 1992 by Carnegie Mellon University
Derivative Work - 1996, 1998-2000
Copyright 1996, 1998-2000 The Regents of the University of California
All Rights Reserved
Permission to use, copy, modify and distribute this software and its documentation for any purpose
and without fee is hereby granted, provided that the above copyright notice appears in all copies and
that both that copyright notice and this permission notice appear in supporting documentation, and

that the name of CMU and The Regents of the University of California not be used in advertising or
publicity pertaining to distribution of the software without specific written permission.
CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA DISCLAIM ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL CMU OR
THE REGENTS OF THE UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL,
INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
RESULTING FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
---- Part 2: Networks Associates Technology, Inc copyright notice (BSD) -----
Copyright (c) 2001-2002, Networks Associates Technology, Inc
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
• Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
• Neither the name of the Networks Associates Technology, Inc nor the names of its contributors
may be used to endorse or promote products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
“AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
---- Part 3: Cambridge Broadband Ltd. copyright notice (BSD) -----
Portions of this code are copyright (c) 2001-2002, Cambridge Broadband Ltd.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted
provided that the following conditions are met:
• Redistributions of source code must retain the above copyright notice, this list of conditions and
the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of conditions
and the following disclaimer in the documentation and/or other materials provided with the
distribution.
• The name of Cambridge Broadband Ltd. may not be used to endorse or promote products derived
from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER “AS IS” AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.


CHAPTER 8 Integrating OnGuard with Citrix Virtual
Apps
IMPORTANT: To use OnGuard over the Internet, you must have purchased the optional
Citrix Virtual Apps.
Citrix Virtual Apps Overview

Citrix Virtual Apps provide support in conjunction with Windows Terminal Server for complete
access to configure and operate your OnGuard system through a simple Web browser interface.
OnGuard allows for the installation of Web Server software and, once the server is configured,
unlimited clients (based on licensing connections) can attach to the server and run any of the
OnGuard applications over the Internet. Virtually any desktop operating system that supports a Web
browser can run OnGuard over the Internet. This includes Windows, Macintosh, Unix, Solaris and
Linux.
Notes: By default, License Administration loads configuration data from C:\Windows\acs.ini,

and Configuration Editor saves changes to this file in this location. When using
OnGuard in a Citrix environment, License Administration creates a second acs.ini file
in C:\Users\<USERNAME>\Windows. However, Configuration Editor continues to
update the acs.ini file located in C:\Windows. If changes are made to the acs.ini file in
C:\Windows, License Administration will not load these changes because it loads from
the acs.ini file in C:\Users\<USERNAME>\Windows. If changes to the acs.ini file are
related to the License Server (for example the License Server machine), make sure the
changes are made to the acs.ini files in both locations.
Installing Citrix Virtual Apps 7 on Windows Server

The basic procedure for installing Citrix Virtual Apps 7 on a Windows Server is:
Note: Instructions may differ depending on the currently supported version of the Windows
Server system.

Integrating OnGuard with Citrix Virtual Apps
1. Perform the pre-installation procedures. For more information, refer to Step 1: Perform the Pre-
Installation Set-up Procedures on page 80.
2. Install Citrix Virtual Apps 7. For more information, refer to Step 2: Install Citrix Virtual Apps 7
on the Server on page 80.
3. Configure the License Server. For more information, refer to Step 3: Configure the License
Server on page 81.
4. Create a site. For more information, refer to Step 4: Create a Site on page 81.
5. Create the master image. For more information, refer to Step 5: Create the Master Image on
page 82.
6. Publish an application. For more information, refer to Step 6: Publish an Application on page 82.
7. Access the applications from the Citrix Receiver Web. For more information, refer to Step 7:
Access the Applications from the Citrix Receiver Web on page 83.
Step 1: Perform the Pre-Installation Set-up Procedures
Note: Confirm that the operating system has the latest updates.
1. Add the operating system in domain.
2. Use a clean installation of Microsoft SQL Server as your starting point.
3. Start the Server Manager.
For more information, refer to “Using OnGuard in the Supported Operating Systems” in the
Installation Guide.
4. From the Server Manager, add the following roles and features:
• IIS:
• Web Server > Health and Diagnostics > Logging Tools
• Web Server > Health and Diagnostics > Tracing
• Management Tools > IIS 6 Management Compatibility > select all sub items
• Application Server:
• Keep the features that are selected by default
• Remote Desktop Services:
• Remote Desktop Session Host
• Remote Desktop Licensing
• Remote Desktop Web Access
Step 2: Install Citrix Virtual Apps 7 on the Server
Notes: When installing Citrix Virtual Apps 7, you may need an ISO mounting application.
Ensure that your license for Remote Desktop services is current.
Ensure that your license for Citrix Virtual Apps 7 is current. When you obtain this
license, ensure that the server name is exactly as specified. The server name is case-
sensitive.
1. Run the Citrix installer.

2. On the Citrix menu screen, click [Start] next to Virtual Apps Deliver applications.
3. On the Virtual Apps 7 screen, click the Delivery Controller link below the Get Started heading.

4. On the License Agreement screen, accept the license and then click [Next].
5. On the Core Components screen, keep the default settings as they are and click [Next].
6. On the Features screen, keep the default settings as they are and click [Next].
7. On the Firewall screen, keep the default settings as they are and click [Next].
8. On the Summary screen, click [Install].
9. On the Smart Tools screen, select “I do not want to connect to Smart Tools or Call Home”, and
then click [Next].
10. When the installation is complete, click [Finish].
Step 3: Configure the License Server

1. Use the web browser to open the Citrix License Administration Console.
Installation Guide.
2. On the top-right area of the window, click [Administration].
3. Log in with the domain user name and password, and then click [Submit].
4. In the left tab, click [Vendor Daemon Configuration].
5. Click [Import License], select the Citrix License File, and then click [Import License].
When the import is complete, a success message appears. Click [OK].
6. Restart the Citrix license:
a. Open the Citrix Licensing Service.
Installation Guide.
b. Right-click Citrix Licensing and then click [Restart].
7. Go back to the Citrix License Administration Console. In the top-right area of the console, next
to Administration, click [Dashboard].
If everything is correct, you will see your Citrix license along with a Citrix startup license. It
should look similar to this:
– Citrix Start-up License | Server
– Citrix Virtual Apps Advanced | Concurrent
– Citrix Virtual Apps Enterprise | Concurrent
– Citrix Virtual Apps Platinum | Concurrent
Step 4: Create a Site

1. Launch the Citrix Studio.
2. On the Welcome screen, select Deliver application and desktops to your users.
3. On the Introduction screen, select A fully configured, product-ready Site, enter the Site name,
4. On the Database screen:
a. Enter the Database server location.
b. Click [Next].
5. On the Licensing screen:
a. Enter the License Server address.

b. Select the licenses that already exist. For example, CitrixVirtualApps Enterprise.
c. Click [Next].
6. On the Connection screen, select a Connection type.
If machine management is not used (such as when using physical hardware), select No machine
management, click [Next], and then go to step 9.
7. If the Network screen appears:
a. In the Name for these resources field, enter the desired name.
b. Select the network to use.
c. Click [Next].
8. If the Storage screen appears, select the storage device to use and click [Next].
9. On the Additional Features screen, uncheck the App-V publishing check box and click [Next].
10. On the Summary screen, click [Finish].
The setup takes several minutes to complete.
Step 5: Create the Master Image

1. Launch the Citrix Virtual Apps 7 installer.
2. On the Get Started screen, select Prepare Machines and Images.
3. On the Environment screen, select Create a master MCS image and click [Next].
4. On the Core Components screen, click [Next].
5. On the Additional Components for Master MCS Image screen, keep all default options selected,
6. On the Delivery Controller screen:
a. Select the Do it manually option.
b. Enter the controller address.
c. Click [Test connection] and ensure that there are no errors.
If an error occurs, resolve the error and retest the connection.
d. Click [Add].
e. Click [Next].
7. On the Features screen, select all of the features and click [Next].
8. On the Firewall screen, keep the default settings and click [Next].
9. On the Summary screen, click [Install].
10. On the Smart Tools screen, select “I do not want to participate in Call Home”, and then click
[Next].
11. On the Finish Installation screen, click [Finish].
12. After the installation is completed, restart the server.
Step 6: Publish an Application
Note: Before installing OnGuard, try publishing Notepad or Calculator to confirm that
publishing works correctly.
Create One Machine Catalogs

1. In the Citrix Studio, expand the system tree.

2. Select the Machine Catalogs node, then click the Create Machine Catalog link on the right-top
window. The Machine Catalog Setup wizard opens.
3. On the Introduction screen, click [Next].
4. On the Operating System screen, select Server OS and click [Next].
5. On the Machine Management screen:
a. Select the Machines that are not power managed radio button.
b. Select the Another service or technology radio button.
c. Click [Next].
6. On the Machines screen, click [Add computers] to add local to the list and then click [Next].
7. On the Summary screen, enter the Machine Catalog name and click [Finish].
Create Delivery Groups

1. In the Citrix Studio, expand the system tree (if not already expanded).
2. Select the Delivery Groups node, then click the Create Delivery Group link on the right-top
window. The Create Delivery Group wizard opens.
3. On the Introduction screen, click [Next].
4. On the Machines screen:
a. Select the desired Machine Catalog.
b. In the Choose the number of machines for this Delivery Group field, enter the
appropriate value.
c. Click [Next].
5. On the Users screen:
a. Click [Allow any authenticated users to use this Delivery Group].
b. Click [Next].
6. On the Applications screen:
a. Click [Add].
b. From the Add options, select From start menu...
c. In the Add Applications from Start Menu screen, select the desired OnGuard application.
d. Click [OK].
e. Click [Next].
Note: The applications in the operating system are automatically displayed on this screen. If
you already installed OnGuard, the OnGuard applications are automatically displayed.
If the application under test is not displayed, add the application by clicking [Add] and
then selecting Manually...
7. On the Summary screen, enter the Deliver Group name and click [Finish].
Step 7: Access the Applications from the Citrix Receiver Web

1. On the CitrixStoreFront, expand the system tree and select the Receiver for Web node.
2. Open Internet Explorer and enter the URL displayed in the Store Web Receiver section.
Notes: Log in as the domain user and domain user password and view the published
applications.


Reference
CHAPTER 9 Ports Used by OnGuard
IMPORTANT: Administrator permission may be required to make changes to the ACS.ini file
and save it in the windows directory.
Note: Most of the following ports use the Transport Control Protocol (TCP). Ports 45303,
45307, and 46308 use the User Datagram Protocol (UDP). Port 9111 uses the Hypertext
Transfer Protocol (HTTP) protocol.
OnGuard
Port Function From (Client) To (Server) version Notes/Where port can be changed
80 Web Server (IIS) Web browser OnGuard Only used with Used for Web Applications to
Server OnGuard 5.12 communicate with the Web service.
and later Check IIS configuration for the correct
port configuration.4
135 DCOM initial Any DCOM LenelS2 NVR; All OnGuard Cannot be changed.
connections application OnGuard versions
161 SNMPv1 DataConduIT Client See Windows SNMP configuration

messaging Message applications
Queue and services
162 SNMPv1 traps Client Communication See Windows SNMP configuration

applications Server
and services
443 Web Server (IIS) Web browser IIS on OnGuard Only used with Used when SSL is utilized for the Web
SSL Server OnGuard 5.12 Applications. Port 443 is used for
and later secure web browser communication.4
1433 Default port for All client Database All OnGuard Check SQL Server configuration.
SQL Server applications Server versions
and services
1434 SQL Server All client Database All OnGuard

browser service applications Server versions
and services
1521 Default port for All client Database All OnGuard Check Oracle configuration/
Oracle applications Server Versions documentation; this can be changed in
and services Oracle configuration.

Ports Used by OnGuard
OnGuard
3001 Connected Communication Connected OnGuard 5.0 The default port the Communications
LenelS2 Server controllers and later Server uses to communicate with
controllers controllers. Configurable within System
Administration.
3001 Connected Primary Communication OnGuard 8.1 Configurable within System

(primary LenelS2 controller Server and later Administration.
controller controllers
as IP
client)
3700 OnGuard NGINX OnGuard

Cardholder Self Cardholder Self
Service Service
4001 Communication System Communication All OnGuard Can be changed in ACS.INI [Service]
Server RPC Administration; Server versions section DriverRpcPort1
Alarm
Monitoring;
Area Access
Manager; Data
Conduit; Data
Exchange;
Replicator;
Configuration
Download
service;
Linkage Server
4002 Global Output Linkage Server Global Output OnGuard 5.0 Can be changed in ACS.INI [Service]
Server RPC Server and later section GosRpcPort1
4004 Communication Alarm Communication All OnGuard Can be changed in ACS.INI [Service]
Server socket Monitoring; Server versions section DriverSocketPort1
(event reporting) Linkage Server
4005 Linkage Server System Linkage Server All OnGuard Can be changed in ACS.INI [Service]
RPC Administration versions section LinkageServerRpcPort1
4006 Video Server System Archive Server All OnGuard Can be changed in ACS.INI [Service]
RPC Administration; versions section VideoServerRpcPort1
Linkage Server
4009 - Alarm Communication Alarm OnGuard 5.9 Used for the Guard Tour, Grant-Deny
4057 Monitoring RPC Server Monitoring and later Popup and Failure to Acknowledge/
Forward Alarm features only. One port
used per Monitoring instance on a
given machine (typically 4009). Can be
changed in ACS.INI [Service] section
AcsmntrRpcMinPort,
AcsmntrRpcMaxPort2,3
4059 Replicator data Replication Replicator OnGuard 5.9 Can be changed in ACS.INI [Service]
Administration; service and later section ReplicatorSocketPort1
LS Replicator
service
4060 Replicator RPC Replication Replicator OnGuard 5.9 Can be changed in ACS.INI [Service]
Administration; service and later section ReplicatorRpcPort1
LS Replicator
service
4061 DataExchange Linkage Server Data Exchange OnGuard 5.9 Can be changed in ACS.INI [Service]
data and later section DESocketPort1

OnGuard
4062 DataExchange Linkage Server Data Exchange OnGuard 5.9 Can be changed in ACS.INI [Service]
RPC and later section DERpcPort1
4065 Replicator Replication ID Allocation OnGuard 6.3 Port used by Replicator and/or
Administration, service and later Replication Administration to
Replicator communicate with the ID Allocation
service service to allocate additional IDs for
pre-allocated objects
4369 Erlang Port Command Line Message OnGuard 8.2 A peer discovery service used by
Mapping Interface (CLI) Broker and later Message Broker (RabbitMQ) nodes
Daemon tools and Command Line Interface (CLI)
tools. Used only in clustered
environments.
5657 Used by the LS All client Message OnGuard 7.0 This is for SSL traffic
Message Broker applications Broker and later5
service and services
(RabbitMQ) to
transfer
incremental
credential data,
deliver message
delivery, for data
queuing, and
event logging.
5672 Used by the LS All client Message OnGuard 7.0- This is for non-secure communication.
Message Broker applications Broker 8.1 NOTE: This port is no longer used and
service and services should be closed after running the
(RabbitMQ) to Security Utility.
transfer
incremental
credential data,
deliver message
delivery, for data
queuing, and
event logging.
7702 Bosch controller Communication Bosch OnGuard 7.5 System Administration

Server controller Update 1 and
later
8032 Used by the LS Site Publication Site Publication OnGuard 7.0 Security Utility
Site Publication Server Server and later
Server
(Enterprise or
Replicator).
This is for binary
transaction
transfer.
8048 Used by the OpenAccess NGINX OnGuard 7.1 Used for communication between the
OpenAccess REST Proxy and later NGINX Web Server and OpenAccess
REST Proxy REST Proxy
8049 LS Web Event Web Event Event OnGuard 7.2 Used for receiving events using
Bridge service Bridge service Subscriber and later WebSocket through the LS
clients OpenAccess and LS Event Context
Provider services

OnGuard
8080 Used by the All client NGINX OnGuard 7.1 Security Utility
Web Server applications and later
(NGINX) for
OpenAccess
8189 License Server All client License Server OnGuard 5.7 To change the License Server port:
applications and later 1. Use the Configuration Editor to
change the port number. Refer to
the Configuration Editor appendix
in the Installation Guide.
2. To change the port manually, you
must update two locations:
LicenseServerConfig\
Server.properties file (file
content is case-sensitive):
Port=XXXX where “XXXX” is the

desired port number. You can
create this line/file manually if not
already present).
Window\acs.ini file:
[LicenseServer]
Host=AI256186
Port=8189
8888 FLEXnet License Server Public License OnGuard 6.1 Port used for online activation and
Licensing at customer site Admin site and later deactivation of software based
licensing. This port must be open to
activate a software-based (FLEXnet)
license.
OnGuard NGINX Web OnGuard OnGuard 8.0 NGINX configuration and OnGuard
Reports and Server Reports and and later Reports and Dashboards configuration
Dashboards Dashboards
9000 WATCH API NGINX WATCH API

service service
9111 Application Web hosted Application OnGuard 5.12 Used for communication with the
Server (as a applications Server and later Application Server service.
Windows Lnl.OG.ApplicationServer.Service.exe.
service) config contains the Application Server
port configuration. The Web service
web.confg file indicates to the Web
service how to connect to the
Application Server (including which
port). Uses the HTTP protocol.

OnGuard
9999 License Web browser License Server OnGuard 5.7 To change the License Administration
Administration and later port, add the following to the
LicenseServerConfig\Server.
properties file (file content is case
sensitive):
AdminPort=9999 where “9999” is
replaced by the desired port number.
(This line/file is not present by default,
but can be manually added.)
Note: If the License
Administration port is
changed, the License
Administration shortcut
installed by OnGuard can
no longer be used.
10001 Galaxy Ethernet Communication Galaxy panels OnGuard 5.11 Cannot be changed
Module Server and later
15672 Message Broker The plugin Message OnGuard 8.2 A utility which can be enabled and
Management Broker and later used for monitoring and diagnosing the
Plugin Message Broker (RabbitMQ). Disabled
by default.
25657 Message Broker Message Message OnGuard 8.2 Used only in clustered environments,
inter-node Broker node Broker node and later for inter-node communication between
communications Message Broker (RabbitMQ) services.
25672 Message Broker Message Message OnGuard 8.2 Used only in clustered environments,
inter-node Broker node Broker node and later for inter-node communication between
communications Message Broker (RabbitMQ) services.
45303 Elevator Communication Otis elevator OnGuard 5.12 ACS.INI [Otis] section
Terminal Online Server dispatching and later SSOnlineStatusPort. If changed, must
Status port system be done on workstation running
Communication Server. Uses UDP.
45307 Elevator Otis elevator Communication OnGuard 5.12 ACS.INI [Otis] section
Dispatching dispatching Server and later SSHeartbeatPort. If changed, must be
Heartbeat port system done on workstation running
46308 Elevator Communication Otis elevator OnGuard 5.12 ACS.INI [Otis] section
Terminal Server dispatching and later SSDECCommandPort. If changed,
Command port system must be done on workstation running
1
To change these ports, the ACS.INI settings must be changed on all machines (server and clients).
2 To
change these ports for a given monitoring station, the ACS.INI settings only need to be changed
on that machine.
3 Each
port in this range is used for the same purpose, and most of these ports are usually unused. This
port range is reserved so that multiple instances of Alarm Monitoring can run on one PC in a terminal
services environment. Because each instance of Alarm Monitoring running on one PC requires a
unique port, the next available port in this range is used.
4 These
ports are used by the LNL-2220 and LNL-3300 when connected to the network.

Digital Video Ports

Access to live and recorded digital video is done through a combination of DCOM and network
socket connections.
Abbreviations:
• LenelS2 NVR - LenelS2 Network Video Recorder
• LSVS - LenelS2 Streaming Video Server
• RM - Remote Monitor
• VV(web) - VideoViewer browser-based client
Port Function From (Client) To (Server) Protocol
<User>a Live video LenelS2 NVR, OnGuard, UDP/IP or

RM VV(web) multicastb
<User>c Live video OnGuard, LenelS2 TCP/IP

VV(web), RM NVR
DCOM Setting configuration, OnGuard, LenelS2 DCOM

querying status, playback VV(web), RM NVR
control, and recorded video
<User>d Streamed RTP live video LSVS Any RTP UDP/IP or

client multicast
DCOM LSVS configuratione LSVS config LSVS DCOM

tool
6000f Control commands OnGuard RM UDP/IP
6001-7000g Control command response RM OnGuard UDP/IP

notifications
80h Live video retrieval and LenelS2 NVR IP Cameras TCP/IP

camera control
a. If live video is transmitted in UDP/IP mode, the OnGuard client determines which port should be used.
The range of ports can be limited by launching LnrNI utility on the OnGuard client machine and
specifying the port range to use under the Use UDP/IP check box. If live video is transmitted in multicast
mode, the LenelS2 NVR will choose which port should be used by each channel. The range of ports can be
specified by launching the LnrNI utility on the LenelS2 NVR machine, selecting the “Recorder Network
Settings” tab and entering the first multicast port. The actual port number for each channel is defined by
adding the first multicast port and the channel number. For example, if the first multicast port is 2000, then
channel 1 will use port 2001, channel 2 will be 2002, etc.
b. When LenelS2 NVR starts for the first time, it will randomly choose a multicast address for use with live
video and stores this address in the LNR.XML file. If a different address is desired, this value can be
changed by editing the LNR/Recorder/Settings/MulticastIP element in the LNR.XML file.
This multicast address becomes the base number and similarly to the multicast port actual address for a
channel is determined by adding the channel number to this base value. It is important to remember that if
multicast video is used in the system, all channels on all LenelS2 NVR systems should be assigned unique
multicast port and address values.
c. This port number can be specified by launching the LnrNI utility on the LenelS2 NVR machine, selecting
the “Recorder Network Settings” tab and entering a value for Recorder TCP/IP Port.
d. The port and multicast address for each channel is chosen by the user through the configuration utility
when channels are added to the LSVS.

Digital Video Ports
e. This setting is only required if the user wishes to configure the LSVS from a remote machine. This step is
not necessary if the configuration application is launched from the host where the streaming server is
installed.
f. This port number must be the same on all remote monitoring and OnGuard client machines in the system.
If the user wishes to use a different value, all machines must be updated at the same time. On the OnGuard
client, this can be changed by editing the “MonitorUDPPort” registry value under
HKEY_LOCAL_MACHINE\Software\Lenel\OnGuard. On RM machines, the same value must be
updated in the registry under HKEY_LOCAL_MACHINE\Software\Lenel\RemoteMonitor.
g. This port range can be changed by launching the LnrNI utility on the OnGuard client machine, selecting
the “Remote Monitor Network Settings” tab and entering a different port range.
h. Cameras have built-in web servers. Typically they use HTTP port 80, but the user can configure it to use
any arbitrary port number. The camera tab in the digital video folder in System Administration allows you
to specify which port LenelS2 NVR will connect to. For more information, refer to the Digital Video
Folder chapter in the System Administration User Guide for more information.
DCOM uses TCP port 135 to establish new connections. TCP port 135 must be open on the server.
Once a client connects to that port, the Windows DCOM/RPC subsystem determines the type of the
actual communications. This type can be either TCP/IP or UDP/IP based on the machine settings.
These settings can be changed with the following steps:
1. Run dcomcnfg from the command line.
2. Expand to Console Root > Component Services > Computers > My Computer.
3. Right-click on My Computer and select Properties.
4. Select the Default Protocols tab.
5. Select UDP/IP or TCP/IP or both. For each option, the port range can also be limited. If the port
range is not limited, DCOM will use any random port between 1024 and 65000. It is
recommended to limit the port range for systems using firewalls.
For additional information about DCOM, refer to the Microsoft Windows documentation.
The LnrNI utility is used to configure the ports that should be used for each type of communication.
When launched on a client, the LnrNI utility defines the mode that will be used to receive live video
from the LenelS2 NVR. It attempts each type of connection in the order they are listed on the Client
Network Settings tab. If the connection is unsuccessful after 3 seconds it will move to the next
connection type until all three have been tried: multicast, UDP/IP, and TCP/IP. TCP/IP is the fallback
mechanism and cannot be disabled.
The LnrNI utility also determines which network card should be used by the video software if the
machine is multihomed, meaning it has different IP addresses due to multiple active network
adapters.


CHAPTER 10 OnGuard Services
The following is a table of OnGuard services and those services that run on OnGuard installations.
Notes: Configure these services to start automatically if you require the function provided by
the service, and if the service does not default to starting automatically.
OnGuard modules, OAAP partners, and Custom Solutions applications can require
additional services to be installed and running in your OnGuard environment. Review
the documentation for any of these additional products that you may have installed.
OnGuard Services
Number per
OnGuard
Name Definition system Notes
Application Server Used to provide the One per server, if Only installed when a custom
Application Server system will installation is performed and the
for the web-based support web- Application Server component is
applications. based selected.
applications.
Communication The OnGuard You can have Many communication services

Server Communication multiple may be running throughout a
Server acts as the Communication region. One Communication
communication Servers. Server can communicate to
“gateway” for many field hardware devices, but
information flow a hardware device can only
between the communicate to one
OnGuard software Communication Server. It is
and hardware. typically configured to run
automatically on the Regional
Server though any Regional
client can run the
Communication Server.

OnGuard Services
OnGuard Services (Continued)
Number per
OnGuard
Cumulus The Cumulus One per system. Typically runs on the Database
Connector Service Connector service Server. Also needs network
enables the access to connect to external
integration of system (Cumulus platform) via
OnGuard with the https.
Cumulus platform. When OnGuard is first installed,
the LS Cumulus Connector
Service is configured for Manual
start. If you want to use Cumulus
with OnGuard, you should:
1. Configure the LS Cumulus
Connector Service for
Automatic start on the
workstation that will connect
to Cumulus.
2. Start the LS Cumulus
Connector service.
DataConduIT The DataConduIT One per server. Typically installed on the

Message Queue Message Queue Database Server.
Server Server is an adapter
that works with the
DataConduIT
Service. It provides
an easy way to use/
delegate
DataConduIT
notifications using
queues.
DataConduIT The DataConduIT One per server. DataConduIT must be installed

Service Service is a on the same machine as the
platform for Linkage Server if you want to
integrating with IT receive events through
systems, providing DataConduIT.
access to ID
management data,
access control
events, and real-
time notification
when changes are
made to
cardholders and
their credentials.
DataExchange The DataExchange One per server. Only one DataExchange Server
Server Server is used to may be running on each
exchange database Regional database and/or Global
information with database. It only needs to be
third party running when scheduling to run a
applications. DataExchange script.

Number per
OnGuard
Device Discovery The Device One per server. You must perform a custom
Service Discovery Service installation and select “Device
is used as a proxy Discovery Service” in the
service for running Standard Applications section.
remotely (systems
in other subnets) all
services that the
Device Discovery
Console cannot
otherwise access.
Event Context The Communication One per server. Events are provided to any event
Provider Server publishes subscriber listening for those
events that are events.
picked up by the
Event Context
Provider service,
which provides
additional event
details.
Global Output The OnGuard As many as As many instance of Global

Server Global Output needed. Output Server (GOS) can be
Server (GOS) is running on each Regional and/or
used to send output Global database.
to any supported
output system
(including electronic
mail and paging)
connected to the
computer on which
the GOS is
installed.
For email, the GOS
communicates to
the SMTP Server
and for paging it
outputs the file to a
specified location.
ID Allocation Used to manage One. Must be run

pre-allocated IDs only on the
across an Enterprise Global
enterprise or Distributed ID
installation. Global Server.
License Server The License Server One per server. The OnGuard License Server is
controls which typically run on OnGuard Servers
features the but can be configured on a
computer is separate machine.
licensed to use.

OnGuard Services
Number per
OnGuard
Linkage Server The Linkage Server One per server. Typically runs on the Database
is responsible for Server.
the central
processing of
various tasks within
the Access Control
system.
Login Driver The login driver One per server. The Login Driver service
allows OnGuard to manages the database password
log in and access (not user passwords) for clients.
the database.
LnrCapSvc Records video from One per LenelS2 Must be running in order for the
CCTV devices. NVR. LenelS2 NVR to connect to video
sources and to store information
to the disk. It also services live
video retrieval requests.
LnrRetrSvc Retrieves recorded One per LenelS2 Manages stored video and
video requested by NVR. stored video retrieval requests. If
client. your storage fills up this service
finds which files should be
deleted so the capture service
has space for new video.
LnrRTPServer Streams video to One per LenelS2 This services is a translation

RTP clients. NVR. layer between the proprietary
LenelS2 NVR video retrieval
interfaces and the standard way
of transmitting streaming media
data.
LpsSearchSvc Performs video One per Must be installed in order to

analytics OnGuard client + perform any video searches.
processing. one per LenelS2 Should be run on all machines,
NVR. servers and clients, that will need
to perform video searches.
Message Broker Provides message One per Requires that Secure Socket
delivery and Enterprise Global Layer (SSL) is running on all
queuing services. Server, Enterprise workstations.
Distributed ID This service requires the support
Global Server, of the RabbitMQ messaging
Enterprise broker service.
Regional Server,
or Mobile Station.

Number per
OnGuard
Mon Manager Security tool that One per server. For more information, refer to
Service augments existing Notes about the LS Mon
security tools such Manager Service on page 101.
as antivirus,
malware defense,
and endpoint
protection software.
Targets tools used
for process memory
inspection, and
attempts to detect
and terminate their
processes before
they can extract
data such as the
protected system
state and
credentials.
OpenAccess A platform for One per server. Typically installed on the

integrating with IT OnGuard Server.
systems, providing
access to ID
management data,
logged events, and
hardware
configuration
information. Allows
the creation of a
client against a
REST API to
OnGuard through
NGINX as the web
service that
abstracts the AMQP
language.
PTZ Tour Server PTZ Tour Server. One per

OnGuard client +
one on the
OnGuard Server.
Replicator Used to distribute One per Can be run as a program

and synchronize Enterprise (Manual start up type) or
hardware Regional or Automatic.
transactions across Mobile Station. If using as an automatic startup
all systems in an type, you will use OnGuard
Enterprise or scheduler when replicating. If
Distributed ID manual, you will replicate
configuration. whenever convenient (This is
typical for those using Mobile ID.)

OnGuard Services
Number per
OnGuard
Reporting Service Service for One per reporting This service is responsible for
OnGuard Reporting host/region. browser-based report execution
and Dashboards and scheduling.
reporting engine. It should be run on the same
machine that the OnGuard Web
Service is installed on.
For more information, refer to
“Appendix F: OnGuard Reporting
and Dashboards” in the OnGuard
Installation Guide (DOC-110).
Site Publication This service is used One per This service is responsible for
Server to distribute and Enterprise Global synchronizing cardholder
synchronize Server, changes automatically, without a
incremental Distributed ID schedule, using the Message
credential data Global Server, Bus.
across all systems Enterprise It should run on the same
in an Enterprise or Regional Server, machine as the Replicator or ID
Distributed ID or Mobile Station. Allocation service, and will only
configuration. start on the specified machine.
Video Archive The Video Archive Depending on A digital video recorder device
Server Server is a system the number of can only communicate to one
service that is recorders and Video Archive Server.
responsible for physical archive
purging or archiving servers you
video data from have.
multiple Video
Servers onto one or
more designated
storage devices.
Web Event Bridge Allows event One per server. By default, the Web Event Bridge
subscribers to service is configured to locate
receive events the REST proxy, which is part of
using WebSocket. the OpenAccess service, on the
same server. If you installed the
Web Event Bridge service on a
different server than the
OpenAccess service, open the
Lnl.OG.WebEventBridgeService.
exe.config file and edit the proxy
from localhost to the correct
server name.
Web Service The service hosting One per server Typically installed on the
NGINX. OnGuard Server.

Notes about the LS Mon Manager Service
You must add the LS Mon Manager Service to any allowlists of OnGuard software being used by
antivirus, malware defense, or endpoint protection if these tools alert on or attempt to disable
OnGuard subsystems.
If the LS Mon Manager Service identifies some component of customer antivirus, malware defense,
or endpoint protection software as malware itself, add the executable name of the customer software
to the LS Mon Manager Service allowlist of processes to ignore. Make this configuration change in
the monmon.ini file located in the same folder as the service executable, either by adding the process
name (example.exe) to the comma-delimited allowlist, or by specifying a registry key within the
monmon.ini file from which the service pulls its comma-delimited allowlist. By default, this allowlist
key is set in the .ini file specified in the
HKLM\SOFTWARE\WOW6432Node\Lenel\OnGuard\MonMonAllowlist registry key.
Changes made to the allowlist using a registry key are only applied after the service is restarted,
whereas changes made to the .ini file are applied within a few seconds.
If the IT department needs to investigate the actions of the LS Mon Manager service, information
about blocked processes can be found in the monmon.log file located with the other OnGuard logs.
You can modify the LS Mon Manager service log location from within the monmon.ini file.

OnGuard Services

Appendices
APPENDIX A Database Installation Utility
The Database Installation Utility is used to attach an SQL Server Express/SQL Server database for
use with the OnGuard software. The Database Installation Utility copies the existing database data
files (MDF and LDF), attaches the database, and updates the Lenel Data Source Name (DSN) to point
to the correct database. It does not create the tables in a new database - Database Setup must be run.
The Database Installation Utility is run automatically at the end of the OnGuard installation when
either a new SQL Server Express database or a demo database has been selected. It is also installed on
the local machine in the OnGuard installation directory so that it can be run manually after the
installation has completed.
Database Installation Utility Window
Database Installation Utility Window Fields
Path to database files

The source data file (MDF) name. When the Database Installation Utility is run automatically
during the OnGuard installation, the Path to database files and the Database name are
determined based on the choice of the SQL Server Express or Demo database.

Database Installation Utility
The default empty SQL Server Express database is AccessControl_Data.mdf. The OnGuard
demo database is AccessControlDemo_Data.mdf.
Browse
Click to select the Path to database files.
Database name
The name of the database that will be used with the OnGuard software. When the Database
Installation Utility is run automatically during the OnGuard installation, the Database name and
the Path to database files are determined based on the choice of the SQL Server Express or
Demo database.
Path to copy database files to

The destination directory. The destination directory will always default to the SQL Server
Express/SQL Server default data directory, as configured in SQL Server Express/SQL Server and
stored in the registry.
Browse
Click to select the Path to copy database files to.
Connect
When the Database Installation Utility opens, it attempts to connect to the database for the DSN
that is currently specified in the Database section of the Configuration Editor. For more
information, refer to the Configuration Editor appendix in the Installation Guide.
OK
Created or attaches the specified database.
Close
Closes the Database Installation Utility without performing any function.
Database Installation Utility Procedures
Attach an SQL Server Express Database

Run the Database Installation Utility by doing the following:
IMPORTANT: Administrator permission may be required to make changes to the ACS.ini file
and save it in the windows directory.
1. In Windows Explorer, navigate to the OnGuard installation directory (C:\Program Files
(x86)\OnGuard by default), and then double-click on the DatabaseInstallationUtility.exe file
to run it.
2. The Database Installation Utility window is displayed. When the Database Installation Utility
opens, it attempts to connect to the database for the DSN that is currently specified in the
Database section of the Configuration Editor.
• If the database connection succeeds, the [Connect] button is grayed out. Proceed to step 3.
• If the database connection fails, an error message that says, “The DSN selected in your
ACS.INI is invalid. Please check your ODBC configuration.” is displayed and the [Connect]
button is enabled. If this message is displayed, use the Configuration Editor application to

Database Installation Utility Procedures
specify the correct DSN, and then click the [Connect] button. If the connection is successful,
the [Connect] button becomes grayed out. Proceed to step 3.
3. Click [Browse...] to choose the path to the database files.
4. The Open window is displayed. Navigate to the DBSetup folder in the OnGuard installation
directory, select the MDF file that you wish to attach, and then click [Open]. MDF files you may
wish to attach include:
• The default empty SQL Server Express database AccessControl_Data.mdf.
• The OnGuard demo database AccessControlDemo_Data.mdf.
5. In the Database name field, type AccessControl or any other name you wish to use, as
shown.
6. The recommended path is the default path specified in the Path to copy database files to field.
This default path is where the files would be stored if you were using the SQL Server user
interface (which does not come with SQL Server Express) to create a database.
• If you do not change the default setting in the Path to copy database files to field and a
database with the name you specified already exists, the database will be overwritten.
• If you do change the default setting, a new database will be created in that location.
7. Click [OK].
8. If you did not change the default setting, the following message is displayed. Click [Yes].
9. The DSN is updated to point to the database, and a message is displayed that indicates that the
database was successfully installed. Click [OK].

Database Installation Utility
10. On the Database Installation Utility window, click [Close].
IMPORTANT: After attaching a database, you must run Database Setup to create the tables in
the database.

APPENDIX B Change the Database Owner in SQL
Server Express
Since SQL Server Express doesn’t provide an interface for accessing the database engine, use the
following procedure to log into the database directly using the ODBC connection created for
OnGuard:
1. Open the Run dialog.
Installation Guide.
Click [Browse…]. Browse to the OnGuard folder and select the ‘ACCESSDB.exe’ application.
Click [Open] and then [OK] to run this application.
2. From the Management menu, select Datasource > Connect.
a. On the Machine DataSource tab, select “Lenel”. Click [OK].
b. You will be prompted for the database “sa” login ID and password. Enter the credentials and
click [OK].
c. The screen will return to the main window.
d. From the SQL menu, select Statement. Enter the following statement in the text box:
sp_changedbowner lenel
Click [OK] when you are ready to execute the statement.
e. If the command returns highlighted, then it completed without error.
3. Log into any OnGuard application and verify that the change was successful.

Change the Database Owner in SQL Server Express

APPENDIX C Manually Creating an ODBC Connection
for SQL
The following appendix will detail the manual creation of an ODBC connection for SQL. These
instructions are primarily for reference purposes because the OnGuard installation automatically
creates the necessary ODBC connection to the database.
If using Windows 11 with UAC turned on, you might receive an error when creating an ODBC with
OnGuard applications. This error occurs when you are not running the application as an
Administrator. To work around this issue, run the application as Administrator or create the ODBC
manually as described in this appendix.
IMPORTANT: When manually creating an ODBC connection you must use the ODBC Driver
for SQL Server.
Creating an ODBC Connection for SQL

1. Open the ODBC Data Source Administrator window. To do this, navigate to
C:\windows\SysWOW64 and run the odbcad32.exe file.
2. The ODBC Data Source Administrator window is displayed. Select the System DSN tab.
3. Click [Add].
4. The Create New Data Source dialog is displayed.
a. Select ODBC Driver for SQL Server from the list view.
b. Click [Finish].
5. The Create a New Data Source to SQL Server dialog is displayed.
a. Enter a descriptive Name for the data source.
b. Enter the name of the machine or virtual machine hosting the database in the Server field.
c. Click [Next].
6. Select SQL Server authentication and enter the Login ID and Password.
Note: If you select Windows NT authentication it may impact your ability to store credentials
in a file as a means of authentication. Selecting SQL Server authentication does not
impact your ability to use Windows authentication with the Web applications. Refer to

Manually Creating an ODBC Connection for SQL
the Installation Guide for more information about database authentication with the Web
applications.
7. Click [Next].
8. Select the Change the default database to check box and choose the OnGuard database from
the drop-down list.
9. Click [Next].
10. Click [Finish].
11. The ODBC Microsoft SQL Server Setup dialog is displayed.
a. Click [Test Data Source]. A success message should be displayed.
b. Click [OK] to exit each of the dialogs.
12. Open Configuration Editor.
13. Select the DSN Name pointing to the newly created DSN Name, then click [Save Changes].
14. Run Setup Assistant.
Updating the DSN in the OnGuard Configuration Files

The ODBC connection information that OnGuard uses to connect to the database is stored in two
configuration files. Use the Configuration Editor to ensure that the ODBC connection is configured
correctly in these files. For more information, refer to the Configuration Editor appendix in the
OnGuard Installation Guide.
Preparing a Client’s ODBC 32 DSN Entry to be Used with an

Alternate OnGuard System
Perform the following optional procedure to allow a client’s OnGuard thick-client applications to
switch their connection between two different OnGuard systems.
Note: This process only applies to OnGuard thick-client applications. OnGuard services will
only connect to the system specified in the ACS.ini file
Prerequisites
• Have an OnGuard System A (your existing system)
• Have an OnGuard System B (the system to which you’re configuring a connection)
Procedure
1. Install your client, connecting to System A.
2. Create an ODBC 32 DSN connection for System B in System Data Sources.
3. Use Configuration Editor to configure your system with the DSN associated with System B.
4. Save the changes.
5. Run Setup Assistant and confirm that it completes without errors. You have now connected a
System B DSN correctly.

Troubleshooting
6. When making this configuration on an OnGuard Server, configure System A again for OnGuard
services to use the correct DSN in Configuration Editor.
You can now run System Administration (or any other installed thick-client applications) and switch
between System A and System B.
Note: When connecting to an alternate database in this way, only the installed thick-client
applications will be connected. OnGuard services will always use the connection
specified in the ACS.ini file.
Troubleshooting
If you experience problems connecting to the OnGuard database, check the ODBC connection to be
sure that it is configured correctly.
1. From Administrative Tools in Windows, open Data Sources (ODBC).
2. The ODBC Data Source Administrator window is displayed. Select the System DSN tab.
3. Select the DSN used to connect to the OnGuard database from the list view.
4. Verify in the System Data Sources listing window that the DSN driver is ODBC Driver for SQL
Server.
Note: If the DSN driver is not ODBC Driver for SQL Server, delete the System DSN and
create a new ODBC connection using the ODBC Driver for SQL Server. For more
information, refer to Creating an ODBC Connection for SQL on page 111.
5. Click [Configure].
6. Verify that the name of the Server is correct in the drop-down.
7. Click [Next].
8. Check that the correct method of authentication is selected and verify the credentials if using
SQL Server authentication.
Note: If you select Windows NT authentication it may impact your ability to store credentials
in a file as a means of authentication. Selecting SQL Server authentication does not
impact your ability to use Windows authentication with the Web applications. Refer to
the Installation Guide for more information about database authentication with the Web
applications.
9. Click [Next].
10. Verify that Change the default database to check box is selected and that the OnGuard database
is selected in the drop-down.
11. Click [Next].
12. Click [Finish].
13. The ODBC Microsoft SQL Server Setup dialog is displayed.
a. Click [Test Data Source]. A success message should be displayed.
b. Click [OK] to exit each of the dialogs.

Manually Creating an ODBC Connection for SQL

APPENDIX D Setting Up & Configuring a Capture
Station
The following appendix will show you how to set up and configure a capture station.
Environmental Considerations Affecting Flash & Camera Capture

Quality
There are several factors to consider when selecting your capture station environment. Lighting is the
most important factor and the most difficult to provide setup instructions for, because every site’s
capture environment is unique. OnGuard ships with the optimal hardware setting defaults already set.
The important items to consider when setting up the capture environment are the flash and camera
settings based on environmental considerations.
Setting Up the OnGuard Capture Dialog

You will initially need to set up the OnGuard capture dialog with factory default settings that are
appropriate for your capture hardware. Once that is done, you can make minor adjustments to
accommodate your specific capture devices and capture environments.
1. Launch the application you’ll be using to capture photos/signatures/badge layout graphics.
2. Launch the capture dialog from within that application by selecting the [Capture] button on a
form that accesses the Multimedia Capture module.
3. Repeat the following procedure for each outer capture form:
a. If configuring cardholder photo capture, select the Photo tab. If configuring cardholder
signature capture, select the Signature tab. If you are using the BadgeDesigner application,
you only have the Graphic tab.
b. Configuring the capture dialog with settings that are appropriate for your capture hardware is
easily done via the factory defaults profile procedure. Use the following procedure to
configure capture from sources other than the File Import capture source:
i. Click [Load Factory Defaults]. The “Load Factory Defaults” dialog will open.

Setting Up & Configuring a Capture Station
ii. Select the factory defaults profile that most closely matched your capture device. The
default capture source (configured on the General Settings form) will be automatically
set to the capture source associated with that device. The crop window (configured on
the General Settings form) will be automatically set to a size appropriate for the profile
you select.
iii. Click [OK].
c. If you want to capture images with the “File Import” capture source:
i. From the capture source drop-down list, select File Import.
ii. Click on the File I/O Settings tab.
iii. Set the file import directory to the directory where you store all of your photo files.
iv. Click [Save User Defaults].
d. If you want to capture images with a USB camera or any WDM or TWAIN compliant
camera, configure the multimedia capture module for the following settings instead of
loading the default settings. If you are using the CAM-24Z704-USB camera skip these steps
and refer to Basic Camera Setup (CAM-24Z704-USB) on page 120.
1) From the capture source drop-down list, select WDM Video.
2) Click the WDM Video Settings Device tab.
3) Select USB Video Bus II, Video from the Device drop-down box.
4) Click [Video Input].
5) The Video Input Properties window displays.
6) Select 1:VideoSVideo In from the Input drop-down menu.
Capture Station Setup Specifications

For every capture station the equipment should be setup as close as possible to the following
specifications:
The backdrop should be approximately 1.5 feet behind the subject. The camera and flash apparatus
should be at least 4.5 feet in front of the subject at an average height (the height should be adjustable
for obvious reasons). The capture area requires approximately 10 to 12 feet of floor space with
appropriate width.

Capture Station Setup Specifications
Recommended Badging Room Layout

Entrance
Bounce Back Umbrella

Badge
Printer
Backdrop
4.5 ft. 1.5 ft.

Camera
10
ft.
Subject
Badging
Workstation Bounce Back Umbrella
Exit
12
ft.

Final Adjustments for Fixed Diffused Lighting
BACKDROP
FIXED DIFFUSED LIGHT
CAMERA
TRIPOD
4.5 FEET
Distance Variable
TABLE
(1.5 feet recommended)
Final Adjustments for Continuous Lighting
BACKDROP
BOUNCE BACK UMBRELLA
LIGHT
Distance Variable CAMERA
(1.5 feet recommended)

TRIPOD
TABLE
4.5 FEET
STAND

Basic Camera Setup (CAM-CCP-500K)
Basic Camera Setup (CAM-CCP-500K)

For complete installation setup, see the instruction manual that came with the CAM-CCP-500K.
CCP-500 (Back View)
1. Tele Button – (Telephoto) Press this button to zoom in.

2. Wide Button – (Wide Angle) Press this button to zoom out.
3. BLC – (Back Light Compensation) If you press this button while viewing a backlight subject, the
camera will adjust itself to the high contrast lighting.
• BLC mode is switched between ON and OFF by pressing this button.
• If you hold the button down for more than 2 seconds and then release, the BLC will change
to AUTO BLC mode.
4. Menu – Press to display OSD
• If you hold the button for more than 2 seconds and then release, OSD will shut off.
5. Power In and Control – Insert the DC power cable here to connect the camera to the DC power
source (DC 12V). You can control the Zoom and Focus Lens to use Controller.
6. Video Out terminal - Connect this terminal to the video input terminal or an external input, such
as a monitor, TV or VCR.
7. S-Video Out terminal – This is an output terminal for separate Y/C video signals.
The CAM-CCP-500K camera zooms to X32, but the recommended zoom area should be less than
X16. This is because the zoom past X16 is digital and the picture captured becomes rough (pixilated).
The subject should be within X1 to X12 zoom for optimal results. The subject should nominally fill
the pre-sized crop window if adjusted properly. Always leave on “Maintain Aspect Ratio”

To adjust the zoom, set the selector switch to zoom (all the way to the right). Adjust the camera
apparatus for the center of the subject. With the arrows located to the bottom left of the rear of the
camera, zoom in all the way and then zoom back to determine the approximate center point of the
zoom (remember: you do not want to zoom past X12, the halfway point). Then, zoom into the subject
until the desired capture frame is attained. The arrows located at the bottom of the camera can be use
in one of two manors. If you push and hold the arrow, it will zoom all the way in or out. If you push
the arrow button momentarily, it will move in and out incrementally.
Note: Optimally the subject should fill the pre-sized crop window, so no additional cropping
adjustments need be made.
Why manual white balance? With light or gray colors the Auto White Balance adjusts incorrectly.
That is why the CAM-CCP-500K should be setup for Manual White Balance. It is necessary to White
balance the camera to obtain a default white balance setting and is maintained for consistent picture
quality.
Basic Camera Setup (CAM-24Z704-USB)

IMPORTANT: The following cameras are meant for client machines and not servers.
Installation of CAM-24Z704-USB
To install the USB camera simply plug it in, connect the USB cord to the workstation, and install the
drivers that come with the camera. For more information refer to the Badging Image Capture Camera
User Guide that came with the camera.
Note: Though there is a connection for S-video Out it is strongly recommended that you use
the USB connection.
Configuration of CAM-24Z704-USB
1. Start the application you will be using to capture photos/signatures/badge layout graphics.
2. Launch the capture dialog from within that application by selecting the [Capture] button on a
form that accesses the Multimedia Capture module.
3. On the Photo sub-tab of the Multimedia Capture module, select Digital Camera from the
Capture Source dropdown box.
4. On the Digital Camera Settings sub-tab, select AF Imaging Grabber 1 from the Twain Source
dropdown box.

Basic Camera Setup (CAM-24Z704-USB)
IMPORTANT: Make sure that the Show User Interface check box IS selected.
Using CAM-24Z704-USB
1. To use, click Get Photo on the Multimedia Capture module. The AF Image Grabber 1 control
box opens.
2. Click Take Picture to take the picture. The AF Image Grabber 1 control box closes and you see
the picture on the Multimedia Capture Module screen.
3. Click [OK] and the picture is added to the Cardholder screen.
AF Image Grabber 1
TELE
Zooms in. The camera has a 16:1 optical zoom range along with an 8x digital zoom.
WIDE
Zooms out.
Take Picture
Takes a picture for use in the Multimedia Capture module. When selected the camera image
freezes, the LED illuminator turns on, and the image is captured.

Calibrate Camera
Automatically adjusts the camera settings to provide the best quality image under certain lighting
conditions. For more information refer to the Badging Image Capture Camera User Guide that
came with the camera.
Show Control Panel

Activates the on screen control panel for making adjustments to the captured video image.
Lighting Setup
Professional Continuous Lighting Setup (EHK-K42U-A)

The EHK-K42U-A kit is designed to help eliminate shadows that may appear behind the subject that
you are capturing, or under the subject’s chin (known as bearding). Most capture environments have
adequate light to capture a subject with the CAM-CCP-500K capture kit, but to enhance the colors
(more real life), and to eliminate shadows, the capture kit is necessary.
Advanced Setup
After the capture station has been setup, some testing must be performed to determine the optimal
illumination settings for image capture. You may have to adjust the lights, drapes, or other elements
in the capture environment.
With a test subject, view the live image on the screen with all the room lights on. Set the selector
switch on the back of the camera to iris (all the way to the left). With the arrows on back of the
camera adjust the iris all the way down, the live image on the screen should become dark if not black.
The arrows located at the bottom of the camera can be use in one of two manners. If you push and
hold the arrow, it will zoom all the way in or out. If you push the arrow button momentarily, it will
move in and out incrementally. While viewing the screen, increase the iris until the subject is visible.
Increase the iris a little more, until the screen image is about the same brightness as the real view of
the subject. Take a test picture. Label this “test 1, all lights”. From here we will adjust the room
environments lighting and make minor adjustments to the iris if needed while continuing to save the
sample captures at (test 2, test 3 etc.).
Steps to improving capture quality:
1. Turn on all the lights in the room.
2. Open the Capture dialog and center on a test subject with the camera.
3. Adjust the iris all the way down, and then adjust it until the screen image is about the same
brightness as the real viewable image.
4. Set the White Balance. (Set the selector switch on the back of the camera to WB. Hold a white
piece of paper in front of the camera so there is only white showing on the screen. Using the
arrows on the back of the camera adjust the white balance until the image in the capture window
is white.)
5. Take a test picture. Save this as a cardholder labeled “Test1: all lights”.
6. Turn off all the lights.
7. Take another picture. Save this as a cardholder labeled “Test2: no lights”.
8. Continue testing until a desired lighting quality is captured on the screen. Be sure to label each
test with a number and a description of what you did. Adjust your environments based on the

Lighting Setup
environmental considerations below. Continue to take pictures, save them, and use them as
references until the best conditions are determined.
Environmental Considerations and Factors Leading to Poor Lighting

Environmental factors to consider when setting up a capture station include:
• Is there a different amount of sunlight entering the area through out the day?
• Is the station next to a window or under a skylight?
• Are the wall colors dark or light or bright colors? If they are light they will reflect more light or
change your white balance setup.
• Is the ceiling low or cathedral like? The lower the ceiling the more light will reflect.
• What types of lights are used in the room? Incandescent or florescent (cool white or colored) or
direct spots?
• Is there any direct lighting of the subject? Is the room evenly illuminated? Direct lighting will
over expose the subject.
• What is the color of reflective shields around the lights? For example, gold reflective surface
shields illuminate the subject in yellow highlights.
This is just a partial list of possible factors leading to poor image lighting quality. There may be other
features of your site that will affect the image capture that may need to be considered.


Index
A D
AccessControl_Data.mdf file ........................ 107 Database Installation Utility
AccessControlDemo_Data.mdf file ............. 107 field table ................................................. 105
ACS.INI file overview .................................................. 105
updating the DSN ................................... 112 procedures ............................................... 106
Attach window .................................................... 105
SQL Server Express database .............. 106 Database owner
change in SQL Server Express ............ 109
B Demo database ................................................. 107
Badging room layout....................................... 117 Diffused lighting .............................................. 118
Basic camera setup (CAM-CCP-500K)....... 119
E
C Environmental considerations affecting
CAM-21Z704-USBP flash & camera capture quality ............... 115
using ......................................................... 121 Environmental considerations and factors
CAM-24Z704-USB leading to poor lighting ............................ 123
configuration ........................................... 120
CAM-CCP-500K image capture kit ............. 119 F
Camera Final adjustments for continuous
capture quality ........................................ 115 lighting ........................................................ 118
setting up a CAM-CCP-500K .............. 119 Final adjustments for fixed diffused
Capture dialog .................................................. 115 lighting ........................................................ 118
Capture station Flash capture quality ....................................... 115
configure .................................................. 115
set up ........................................................ 115 H
setup specifications ................................ 116 Hardware recommendations ............................ 64
CCP-500 (back view)...................................... 119
Citrix I
installing Citrix Virtual Apps ................. 79
Install
overview .................................................... 79
Citrix Virtual Apps................................... 79
Configure
capture station ......................................... 115
Continuous lighting diagram ......................... 118 L
Layout of room recommended for
badging ....................................................... 117

Index
Lighting S
environmental considerations .............. 123 Services ............................................................... 95
final adjustments for continuous Setting up
lighting............................................... 118 capture dialog ......................................... 115
final adjustments for fixed capture station......................................... 115
diffused lighting ............................... 118 SQL Server Express
LS Mon Manager service ......................... 99, 101 change database owner ......................... 109
M V
Mon Manager service ............................... 99, 101 VMware .............................................................. 63
O W
ODBC connection Windows Terminal Services/Citrix
manual DSN creation ............................ 111 overview ....................................................... 79
troubleshooting ....................................... 113
Oracle 12c client
install .......................................................... 37
Oracle 12c R2 server ......................................... 29
configuration ............................................. 29
Oracle 19c ........................................................... 17
configuration ............................................. 17
Oracle server
configure live database home net
configuration ...................................... 32
create archival database .......................... 36
create live database .................................. 33
create live database Oracle users ........... 35
install and configure Oracle client ........ 36
install database server software ............. 31
install OnGuard ........................................ 36
Oracle Net Configuration Assistant ...... 34
pre-installation planning ......................... 30
P
Poor lighting ..................................................... 123
Ports ..................................................................... 87
R
Recommended badging room layout............ 117
Room layout recommended for
badging ........................................................ 117

Index

1212 Pittsford-Victor Road
Pittsford, New York 14534 USA
Tel 866.788.5095 Fax 585.248.9185
www.LenelS2.com

Advanced Installation Topics

Uploaded by

Copyright:

Available Formats

Advanced Installation Topics

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Advanced Installation Topics

Uploaded by

Copyright:

Available Formats

OnGuard®

Advanced Installation Topics

Database Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

CHAPTER 2 Install and Configure Oracle 19c Software . . . . . . . . . . . . . . . . . . . . 17

Advanced Installation Topics 5

CHAPTER 3 Install and Configure Oracle 12c R2 Software . . . . . . . . . . . . . . . . . 29

Advanced Installation Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

CHAPTER 4 Transparent Data Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

CHAPTER 5 Unattended Installation of OnGuard . . . . . . . . . . . . . . . . . . . . . . . . 45

6 Advanced Installation Topics

Virtual Machine Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

CHAPTER 7 Using SNMP with OnGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

CHAPTER 8 Integrating OnGuard with Citrix Virtual Apps . . . . . . . . . . . . . . . . . 79

CHAPTER 9 Ports Used by OnGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

CHAPTER 10 OnGuard Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Advanced Installation Topics 7

APPENDIX A Database Installation Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

APPENDIX B Change the Database Owner in SQL Server Express . . . . . . . . . . . 109

APPENDIX C Manually Creating an ODBC Connection for SQL . . . . . . . . . . . . 111

APPENDIX D Setting Up & Configuring a Capture Station . . . . . . . . . . . . . . . . . 115

Index ................................................................................................................ 125

8 Advanced Installation Topics

The Installation Guides

Advanced Installation Topics 11

Minimum Privileges Required by Windows Users

Minimum Privileges Required by Windows Users

System Administration Text-based archiving Standard user

Setup Assistant Run Setup Assistant Standard user

Configuration Editor View the configuration Standard user

Form Translator Allows the use of Standard user

Security Utility Run Security Utility Standard user

12 Advanced Installation Topics

Minimum Privileges Required by Windows Users (Continued)

Replication Convert a standard Add Modify

LS Message Broker LS Message Broker

LS Site Publication LS Site Publication

LS Event Context LS Event Context

LS Reporting Service Standard user must The user must have

System Management Start and stop User launch the

License Server Run as an application To run License Server

Login Driver Run as an application To run Login Driver as

Advanced Installation Topics 13

Minimum Privileges Required by Windows Users (Continued)

OpenAccess Run as an application. To run OpenAccess

14 Advanced Installation Topics

Oracle 19c Software Installation and Configuration

Advanced Installation Topics 17

Note: This process will take approximately 1.5 hours to complete.

Install the Oracle 19c Database Software

18 Advanced Installation Topics

Create the Oracle 19c Live Database for OnGuard

Advanced Installation Topics 19

5. The Specify Database Identification Details page opens.

20 Advanced Installation Topics

Create the User Account for the Live Database

SQL> grant connect to <userid>;

Advanced Installation Topics 21

Create the Oracle 19c Archival Database

22 Advanced Installation Topics

Install the Oracle 32-bit Client