SC-ETC-001 5.7 Exercises

SC-ETC-001 5.
7
TRAINING GUIDE
GENETEC INC.
Innovative Solutions
genetec.com | Security Center 5 2
Table of Contents
Module 1 – Multi site architectures 5
Install expansion server(s) 5
Post installation settings 8
Configure the Network view task 11
Assign a role to the expansion server 13
Advanced streaming & redirection 14
Adding redirectors 20
Load balancing redirectors 22
Adding and configuring routes 24
Public server (Public/Private IP’s) 30
Module 3 - High Availability 31
Basic role failover 31
Media Router failover 34
Role with database failover 35
Archiver failover 41
Redundant archiving 43
Directory failover 44
Failover disaster recovery server 53
Module 5 – Federation and GCM 55
Federating Security Center 55
Global Cardholder Synchronization (as a group) 58
Module 6 - Expansion & Customization 66
Threat Level Management 66
External systems’ integration – Plugins 67
Security Center Mobile 69
Web client 73
Plan Manager 75
Sipelia 90

Module 1 – Multi site architectures
Install expansion server(s)
 Login to the additional server(s) as a Windows administrative user

 Run the installer to install the Genetec software one or more additional servers
 Select Server installation (Optional: install Config Tool if desired)

 When prompted for the Installation Type, select Expansion Server
 When prompted for a database server, select install a new database server.
 Accept the default username and password for the Service Logon Parameters

 Accept the default Server port (5500) and Web server port (80)
 Leave the (Main) Server address field blank but set the password training for the expansion server you
are currently installing
 Select: Allow Genetec Security Center 5.x to create necessary firewall rules for its applications. Click
Next
 Accept the Recommended Security Settings. Click Next
 (If prompted) Select: Install WinPcap. Proceed through the WinPcap installer.
 Click Install and allow the software installer to run.
 Allow the Server Admin to be launched and click Finish

Post installation settings
Expansion to Main server connection

 Launch Server admin
 Enter password: training
 Notice the state of the Main server connection at the top of the page
 Click the menu button at the top left corner of the page and select your local expansion server
 Enter the Main server’s name or IP (port 5500) and click Save
 Allow the Genetec Server service to be restarted

Finalizing post installation Server Admin settings
 From a separate workstation, open a browser and go to your expansion server’s Server Admin
https://(YourExpServer)/Genetec
 Accept your browser’s security warnings to proceed to the login screen
 While the page is still loading, immediately click Stay on this expansion server
 Login to the Server Admin

 What is the state of the expansion server’s connection to the main server? _____________________________
 How many servers are listed under the Servers column on the left? ________________________
 Click your server’s name from the column on the left
 Change the HTTP port to 88

 Change the Network card to one specific network interface. Click Save. Allow it to restart the service.
 Logoff and close your browser

Complete the post-installation settings
 Open a browser again and go to your expansion server’s Server Admin
https://(YourExpServer)/Genetec
 If your browser prompts you with a security certificate warning, click Proceed to this website
 This time, do not click Stay on this expansion server

 Log in to the Server Admin
 Note the URL in your browser’s address bar. Are you connected to the same server as before? _____________
 Which server do you think you are connected to? ____________________________
 Once connected, click the Menu button in the upper left hand corner. Do you see your local Expansion server in
the list of servers connected to the larger system?
 Log out of the Server Admin. Close the browser.

Configure the Network view task
 Open your Config Tool  Network view task.
 Examine the Properties page of each of the network entities
 Notice the difference between the configurable properties available for the top level Default network compared
to the lower level network(s)
 Rename the top level Default network to Internet. Click Apply
 Rename the lower level network(s) to Head office, Branch office, Warehouse, Sales office, etc. Click Apply
 Ensure that the top level network’ Capabilities is set to Unicast TCP
 Expand all the branches by clicking the little triangles on the left side of the tree structure
 Where are the main server ( ) and expansion server(s) ( ) found?

 If necessary, drag and drop them to ensure that they appear in the correct network(s)
 If local network’s switches & routers support multicast (IGMP), set your lower level network’s Capabilities to
Multicast. Otherwise leave it at the default Unicast UDP. Click Apply if you made any changes.

Assign a role to the expansion server
 Open your Config Tool  System task  Roles

 Currently, all of your Security Center server roles should be running on your main server. Create a new server
role on your new expansion server. Click Add an entity ( ) at the bottom of the page. Select a new Intrusion
Manager or Zone Manager role
 The new role should appear in the list of roles but will initially be offline (red) until it has connected to its SQL
server and successfully created a new Intrusion Manager database.
 Once the role has been created, successfully started, connected to SQL and created a new database, it should
appear online in the list just like all the other server roles.

Advanced streaming & redirection
Network properties
(Testing streaming and redirection)
 Open your Config Tool  System task  Network view task

 Select the lower level network that contains your main server / archiver
 Set the Capabilities to Unicast UDP. Click Apply
 Open your Config Tool  System task  Video task
 Double click a camera ( ) to preview its live video stream, note the Source IP and Network transport. Where is
your workstation receiving video packets from (camera or server)?
 Click the Show video stream diagnosis link
 Click Show video stream status

 You should find that the video packets must travel across 3 “hops” to get from the camera to your workstation.
Click the triangles (  ) to expand each of the hops/branches

•Camera transmits to
Archiver
•Archiver receives
The first “hop” represents the archiver’s reception of the video stream Archiver from camera
from the camera
•Archiver transmits
to redirector
The second “hop” represents the redirector’s reception of the video •Redirector receives
Redirector from archiver
stream from the archiver
•Redirector transmits
The third “hop” represents the workstation’s reception of the video to client
•Client receives from
stream from the redirector Client redirector
In this example:
Camera’s IP: 10.0.30.155
Server’s IP: 10.0.30.140
Client’s IP: 10.0.30.98
1. The archiver receives video from the

camera (and records it if necessary)
2. The archiver then hands the video
packets off to the redirector (inside the
same server)
3. The redirector send the video
packets to the client workstation.
This is called Unicast UDP video redirection.

 Close the diagnostics page and the live preview window.
 Return to your Config Tool  System task  Network view task
 Modify the Capabilities to Unicast TCP. Click Apply
 Double click a camera ( ) to preview its live video stream, note the Network transport. Has the network
transport changed from Unicast UDP to Unicast TCP?
 One last time, return to your Config Tool  System task  Network view task
 Modify the Capabilities to Multicast. Click Apply
 Double click a camera ( ) to preview its live video stream, note the source IP and network transport.
Where is your workstation receiving video packets from now (camera or server)?
In this example:
Camera’s IP: 10.0.30.155
Server’s IP: 10.0.30.140
Client’s IP: 10.0.30.79
The archiver (server) and Media Player

(workstation) are both receiving their
video packets from the same source; a
multicast transmission originating in the
camera itself.
No video redirection is being done by
the server. There is only 1 “hop”.
NOTE: Some cameras do not support multicast transmissions. When the Security Center network has been configured
for multicast, and the camera doesn’t support multicast, it will send its stream to the archiver in Unicast UDP, the
archiver will hand those packets to the redirector, and the redirector will generate the multicast transmission to all the
client workstations

Challenge:
 Configure the system with one higher level default network and 3 lower level sub-networks.
The higher-level network will be the Internet. Unicast TCP will be the preferred transport (reducing firewall issues)
The three lower-level networks will represent our company’s offices each supporting a different network transport:
Configure this!
NOTE:
These configurations are typically used:
• To configure the streaming options for different branch offices connected across the Internet
• To configure streaming options and video redirection across different VLANs within a larger corporate network

Test your configurations by “teleporting” yourself to each of the different networks and validating how the
video will stream when a workstation is within a given network
 Click the Config Tool’s Home tab ( )
 Click Options
 Select General options
 Under the Network options change the network selection from Auto-detect to Specific and place yourself
within any given network
 Save the change and display live video from a camera.

 Depending on the network you selected, and its configuration, you should see different results for the network
transport used for live video. Furthermore, you may notice that some networks will use video redirection and
some will not.
My workstation is (physically) in the Head office network which supports multicast. But because I used the application
options to “teleport” myself to a workstation out there on the Internet, I am receiving a redirected Unicast TCP
transmission instead of multicast.

Adding redirectors
So far, we have installed a main server and installed an expansion server. It should be considered as additional
computing resources for the Security Center system.
While the expansion server is connected to the main server, it has very little work to do. We have created a simple role
on it but the expansion server is doing little other work. Let’s make the expansion server into a video redirector.
Rule of thumb: Every archiver includes a redirector by default. Any other Genetec server can be made into a
redirector by explicitly naming it as such.
 Open your Config Tool  System task  System task  Roles

 Select the Media router role. Click its Properties tab
 Click Add ( ) below the list of available Redirectors
 Select your expansion server from the available Genetec servers
 Click Save. Click Apply

Your expansion server should now appear in the list of available video redirectors.

 (Optional) If you are curious, click the Advanced settings ( ) buttons to apply video redirector bandwidth
control, limits to the number of redirected streams and redirection strategy

Load balancing redirectors
For this exercise, you will need a minimum of 3 servers: A main server with an archiver, plus at least 2 expansion
servers.
Configure the following load balanced video redirectors:
2 Genetec servers sharing the workload of video redirection in the Sales office network
 Ensure that the main server and archiver are in the same network as the cameras (eg Head office)
 Ensure that at least 2 expansion servers are in another network (eg Sales office)
 Ensure that the remote network (eg Sales office) is configured for Unicast UDP

 Ensure that the 2 expansion servers are both video redirectors
 Configure Unicast TCP for the higher level network that connects the 2 lower level networks together.
 Restart the Media Router by selecting the Media Router role in Config Tool  System task  Roles
Click Deactivate role at the bottom of the page. Wait a few seconds, then click again to Activate the role
 Open the Security Desk  Monitoring task

 Click the Security Desk Home button, click Options and place yourself in the remote network (eg Sales Office)
 Display many cameras.
 Tap the [Shift] + [CTRL] + A keys simultaneously (diagnose all tiles keyboard shortcut)
You should find that the Unicast UDP is coming to you from 2 different redirectors. They are sharing the workload of video redirection to the clients.
 Tap the [Shift] + [CTRL] + A keys simultaneously again to turn off diagnose all tiles

Adding and configuring routes
Configure the following network routes:
Here’s how:
 Open your Config Tool  Network view task

 Select the top level network. Click its Properties page. Ensure that it has a Unicast TCP route to each of the
lower networks. Add ( ), delete ( ), or edit ( ) the routes as necessary. Click Apply.
 One by one, select each of the lower level networks.

 Ensure that they each have only 1 route. A route to the top level network configured for Unicast TCP
 Test by displaying a camera. Using your application’s Options menu, when you place yourself in the Head office
network, you should receive Unicast UDP video, but when you place yourself in the Sales office or, warehouse
networks, you should receive Unicast TCP video.
This is expected because when you are in the Head office network, the redirector will send you a Unicast UDP
stream but if you are in one of the remote networks, the redirector must send the video over the Internet using
Unicast TCP.
The same result would apply (Unicast TCP) if the client is not at a remote office site, but simply “on the Internet”.

Configure the following topology:
• A head office site connected to the Internet with Unicast TCP. It is also connected to its 2 remote offices
using private network connections (Unicast UDP to the Sales office and to the Warehouse)
• Each of the remote sites also has a TCP connection to the Internet and a private network connection to the
head office. No direct route between the remote offices exist.
• The head office has the main server with the directory, archiver, media router, etc
• Each of the remote sites has an expansion server with a redirector
 Open your Config Tool  Network view task

 Move (drag and drop) your 2 expansion servers from the head office site,
to the remote sites (1 each)

 One by one, select each one of the lower level networks and configure the as follows:
Head office Sales office Warehouse

Capabilities: Multicast Capabilities: Unicast UDP Capabilities: Unicast TCP
Route 1: Internet - Unicast TCP Route 1: Internet - Unicast TCP Route 1: Internet - Unicast TCP
Route 2: Sale office - Unicast UDP Route 2: Head office - Unicast UDP Route 2: Head office - Unicast UDP
Route 3: Warehouse - Unicast UDP No direct route to Warehouse No direct route to Sales office
Note: TCP should be available for all TCP/IP networks. You will always find it in a route’s capabilities.
Multicast is a type of UDP transmission. Therefore, when you configure a given route to support Multicast, you
will see Unicast UDP and TCP added automatically (multicast is not available if UDP is not supported). And,
when you configure Unicast UDP for a given route, Unicast TCP will be added.

 Open the Config Tool  System task  Roles. Ensure that all 3 servers are redirectors.
 Restart the Media Router by selecting the Media Router and clicking Deactivate role at the bottom of the page.
Wait 10 seconds, and then click Activate role
 Test the configuration by displaying a camera when you’re in each of the different networks (Options menu)
In the previous test, if you were not in the Head office network, the video would stream over the Internet using
Unicast TCP to arrive at your client workstation.
Now that we’ve create “private routes” between our sites, we expect to see:

And,
 How can this be tested to validate your configuration?

Public server (Public/Private IP’s)
In a multiple server system, the client workstation may need to communicate with various servers running on different
physical machines. (Not only the Directory role.) Clients need to communicate with the media router and the
redirectors.
If the Security Center’s multiple servers are behind a firewall or NAT, this may not be possible.
Naming one of our servers as the “Public server” allows it to be used as a proxy passing all client communication back
to the other servers behind the firewall/NAT.
In this way we need only to expose one server to the internet instead of all servers.
Enable your Public server:

 Log in to the Server Admin
 Select one of the servers in the system. Under it’s Network settings, select Proxy and enter the public IP or
hostname in the field Public address. Click Save. Allow the Genetec Server service to restart.
 Once the server has completed its service restart and reconnected to the main server, validate your settings in
the Config Tool  Network view task  Network  Public server

Module 3 - High Availability
Basic role failover
Configure the Report Manager role for failover.

You will first move the Report Manager role to the expansion server, and then configure the Main server to offer
failover protection.
 Open Config Tool  System task  Roles. Select the Report Manager role. Select its Resources tab
 Click Add ( ) to add your expansion server to the role. Click Remove ( ) to remove the main server from
the role. Click Apply
 Wait for the role to come back online. It should now be running on your expansion server
The Report Manager role is now running on the 2nd server (all we have done so far is to move it). We will now
configure the main server to offer failover protection to the Report Manager role running on the 2nd server.

To protect the Report Manager role with a failover server:
 Open Config Tool  System task  Roles. Select the Report Manager role. Select its Resources tab
 Click Add ( ) to add your main server to the role. The order of this list determines which server is primary and
which server(s) is/are for failover.
 Ensure that there is a check mark in the box “Force execution on highest priority server”
That’s it, that’s all. You have configured failover protection for your Report Manager role.
To test your failover configuration:
 Disconnect the network cable of the server running the Report Manager role.
You should see:
1) Server hosting the Report Manager falls offline (TrainingVM3 in this example)

2) Report Manager role stops as it moves to the failover server
3) Report Manager role comes back online. This time, running on the failover server as the primary is offline
 Plug the network cable back in and test if the role moves back to the original server.

Media Router failover
For most roles using a database, we would configure the role to use an external SQL server for its database. The
media router is an exception. The media router’s database can be quickly deleted and rebuilt at any time so unlike
other roles, we will keep its database local and let the role failover from one server to another. Upon failover, the media
router will quickly rebuild a new database.
Configure the Media Router role for failover.

You will first move the Media Router role to the expansion server, and then configure the Main server to offer failover
protection.
 Open Config Tool  System task  Roles. Select the Media Router role. Select its Resources tab
 Click Add ( ) to add your expansion server to the role. Click Remove ( ) to remove the main server from
the role. Click Apply
 Wait for the role to come back online. It should now be running on your expansion server
The Media Router role is now running on the 2nd server (all we have done so far is to move it). We will now configure
the main server to offer failover protection to the Media Router role running on the 2nd server.
To protect the Media Router role with a failover server:
 Open Config Tool  System task  Roles. Select the Media Router role. Select its Resources tab
 Click Add ( ) to add your main server to the role. The order of this list determines which server is primary and
which server(s) is/are for failover.
 Ensure that there is a check mark in the box “Force execution on highest priority server”
That’s it, that’s all. You have configured failover protection for your Media Router role.
To test your failover configuration:
 Disconnect the network cable of the server running the Media Router role.

Role with database failover
Security Center’s failover mechanism will protect the role, but not the SQL database. So, for failover of roles that use a
database, we will use a 3rd server to host SQL. Both Genetec server 1 and Genetec server 2 will be pointed to the
same external SQL server for their database needs. If server 1 fails, the role will move to server 2 who is connected to
the same external database.
Connecting a server role to an external SQL database requires configurations at 3 levels:
a) Windows
b) SQL
c) Security Center
Windows configuration:
On the Genetec servers, and on the SQL server(s):
 Create a new Windows user on all servers.

Ensure that both username and password are identical on all servers.
Ensure that the new user is a member of the local Administrators group.
SQL configuration
 Open SQL Management Studio on the SQL server(s) and connect to the local database instance. By default, the
instance is called (local)\SQLEXPRESS
 Right-click the SQL Instance name at the top of the tree and select Properties.
 Select Connections, and ensure that there is a

check mark beside Allow remote connections to
this server. Click OK.

 Expand the branches: Security  Logins.
 Right click Logins and select New Login
 Add the new Windows user as a Login ensuring that Windows Authentication is used.
 Click Server Roles.

 Place a checkmark beside SysAdmin
 Click OK.
 Restart the SQL Server service
 Open SQL Server Configuration Manager. Select SQL Server Network Configuration.
• Select Protocols for SQLEXPRESS (or, your SQL Instance name)
• Double click Named Pipes and TCP/IP to change them from Disabled, to Enabled.
 Close SQL Server Configuration Manager.
 Restart the SQL Server service.
On the Genetec servers only (not the external SQL server):

 Open the Services MMC (Start  Run  Services.msc).
Double click the Genetec server service and select its Log On tab.
Unselect Local system account and use instead, This account
Enter the new Windows user name and password that you created earlier. Click OK.
 Restart the Genetec server service.
 Repeat the same steps on all Genetec servers hosting roles whose databases are external.
On all SQL servers (Genetec servers and external SQL servers)
1. On the servers, open the Services MMC (Start  Run  Services.msc).
• Double click the SQL Browser service and change the Startup Type from Disabled, to Automatic.
Click OK.
• Start the SQL Browser service.
SQL configuration
 Open SQL Management Studio on the SQL server(s) and connect to the local database instance. By default,
the instance is called (local)\SQLEXPRESS

 Select Connections, and ensure that there is a check mark beside Allow remote connections to this server.
Click OK.
• Right click Logins and select New Login
• Add the new Windows user as a Login ensuring that Windows Authentication is used.
• Click Server Roles.
• Place a checkmark beside SysAdmin
• Click OK.
• Restart the SQL Server service

 Close SQL Server Configuration Manager.
 Restart the SQL Server service.
Genetec server role configuration

1. Open the Config Tool and login with a user who is a member of the Administrators’ user group
2. Open a System task  Roles
3. Select the Zone Manager role. Select its Resources tab.
4. Add the Failover server to the server list for the Zone Manager role.
5. Modify the Zone Manager’s database path from (local)\SQLEXPRESS to SERVERNAME\SQLEXPRESS

(where SERVERNAME is the name or IP of your external SQL server.
6. If the Genetec server cannot connect to the SQL server, you may see a message that a database upgrade is
required. If so, click the Upgrade database button.

7. Click Apply. Repeat steps for other server roles as required.

Archiver failover
Configure a 2nd Genetec server to protect your archiver role

 Open the Config Tool  Video task and select the archiver
 Select the archiver’s Resources tab.
 Click the Add button ( ) at the bottom of the Resources page

 Select the 2nd Genetec server to protect your archiver role and click Add.
 Click Apply
 The archiver role will need to restart to apply the change. Click Yes
 Does the bottom of the archiver’s Resources page now show 2 tabs for the 2 physical servers protecting the
archiver role?
 Inspect each tabbed page to verify the server’s database connection and recording configuration
 Select the archiver’s Camera recording tab and modify its recording mode from the default On motion / Manual
to Continuous. Click Apply
 Display 2 cameras in the Security Desk Monitoring task and add a bookmark to each.

 Disconnect the main archiver
 Add 2 more bookmarks to the same 2 cameras
 You may need to click the Refresh tile widget if the video stream doesn’t continue after the failover
( )
 Try displaying other cameras
 Try controlling a PTZ
 Try the instant replay video widget (Jump Backward)
 Wait a few minutes before reconnecting the main archiver
 Reconnect the main archiver
 Open a Security Desk Bookmark investigation task
 Search for your bookmarks added within the last 1 hour
 Do you find both pre-failover and post-failover bookmarks?
 Drag the results into playback tiles to inspect the recordings

 Open a Security Desk Archive Storage Details maintenance task
 Select your 2 cameras in the area view tree
 Set the event timestamp to the last 2 hours. Click Generate report
 In the report results pane, right click one of the column headers and click Select columns

 Add the field Server to the available columns and remove the fields Source and Protection status. Click OK
 Scroll to the right of your results pane. Can you identify some recordings on the main archiver and some
recordings on the failover archiver?
 Try to identify the exact moment of the failover

 Can you determine how much video recording loss occurred during the failover process?
 Using Windows File Explorer, browse the Video Archive files on the failover archiver.
 Do you find G64 files that were created during the failover?
Redundant archiving
Enable redundant recording for a camera

 Open the Config Tool  Video task and select your camera’s Recording tab
 Click Recording settings: Custom settings
 Modify the recording mode for Continuous, toggle Redundant archiving ON. Click apply
 Open the Config Tool  Video task and select archiver’s Resources tab
 Click Advanced settings at the bottom of the page
 Modify the Maximum length of a video file to 5 minutes. Click OK. Click Apply
 Wait a 15-30 minutes for recordings to accumulate
 Open a Security Desk Archive Storage Details maintenance task
 Search for recordings made by your camera over the last 30 minutes
 Do you find it them duplicate? Once on the main archiver and once on the standby archiver?
 Using Windows File Explorer, browse the Video Archive files on the main and failover archivers
 Do you find G64 files created in duplicate on both archivers?

Directory failover
Configure failover protection for the Directory role

Goal: Both main server and failover server will connect to the same Directory database (on the main server). 2
Directories will then be available for the single system. Clients can connect using either of the 2 Directory
servers. If one of the Directories should fail, the other will continue and pick up the load.
Modify SQL security to access to the database
 Open SQL Management Studio on the SQL server(s) and connect to the local database instance. By default, the
instance is called (local)\SQLEXPRESS
 Select Connections, and ensure that there is a check mark beside Allow remote connections to this server.
Click OK.

• Right click Logins and select New Login
• Add the new Windows user as a Login ensuring that Windows Authentication is used.

• Click Server Roles.
• Place a checkmark beside SysAdmin
• Click OK.
• Restart the SQL Server service
 Close SQL Server Configuration Manager. Restart the SQL Server service.
Modify the service user.
 Open the Windows Control panel on both main Directory server and failover Directory server
 Create a new Windows user account
 Ensure that the user has the identical username and password on both servers
 Configure the new Windows user so that its password never expires and it doesn’t need to change
upon first logon.
 Make sure that the new user is a member of the local Windows Administrators’ user group
 Close the Windows Control Panel
 On the main Directory server, open the Windows Services MMC ([Windows key] + S  Services.msc  [Enter]).
 Double click the Genetec server service and select its Log On tab.
 Unselect Local system account and use instead, This account
 Enter the new Windows user name and password that you created earlier. Click OK.
 Restart the Genetec server service.
 Double click the SQL Browser service and change the Startup Type from Disabled, to Automatic. Click OK.
 Start the SQL Browser service
 Repeat the same steps on failover Directory server.

Modify the Directory’s database path
 Open the Server Admin on the main Directory server. Select the Directory tab
 Modify the Database server path from the default (local)\SQLEXPRESS to MachineName\SQLEXPRESS
 Click OK to accept changing the database location
 Click Apply
 Click Yes to allow the Genetec server service to restart

 Ensure that your Directory has successfully connected to the database before continuing

Add the second server to the “Failover list”
 Open the Config Tool  System task  Roles

 Select the Directory Manager role. Click its Directory servers tab
 Click Add ( ) under the list of Directory servers and add your failover server to the list.
 At the bottom of the page, select Force the first server in the list to be the main server. Click Apply
 You will be warned that modifying the failover list will require a modification to the systems licenses. Accept the
warning by clicking [Modify License]
 Apply the Security Center 5.5 server license that supports Directory failover
 The failover server should restart its Genetec server service to apply the license and create a Directory role. As it
does this, you should see the failover server turn red temporarily.
 Once the service has finished restarting, the server should come back online. If it doesn’t, go back to check the
Server Admin. It may be waiting for you to accept the TLS certificate since changing the service user.
 While in the Server Admin of the failover server, check to ensure that a Directory role has been created,

 Verify its connection to the Directory database. Has it successfully connected to the Directory database on the
main server?
You should now have 2 Directory servers in your system. Both are connected to the same Directory database.
Client workstations can login to the system through either of the Directories. If one should fail, the other should
remain available. Directory failover and load balancing have been configured.
 Test by logging off and logging on repeatedly with client applications. Where are they connected?
Configure failover protection for the Directory’s database

 Open the Config Tool  System task  Roles
 Select the Directory Manager role. Click its Database failover tab
 Toggle Use database failover to ON. Select Failover mode: Backup and restore
 Click Add ( ) under the list of database servers and add your failover server to the list.
 Select your failover server as the Server
 Select the failover server’s database instance as your Database server
 Select Directory as the Database name
 Select a local folder on the failover server for backup/restore files (create a new folder if necessary)

 Click OK.
 Select Automatically reconnect to master database
 Set the full backup for every 1 day at 01:00 AM
 Set differential backups to be done every 15 minutes. Click Apply
 The first full backup should occur.
 Can you see the Backup and Restore of the Directory database from the main server to the failover server in the
State field?
 What is the Last backup time?

 If the first backup/restore of the Directory’s database was not successful, you will see warnings on the Directory
Manager role’s Database failover page
These problems are often due to the inability of the SQL services on the 2 servers to communicate with one another. Check SQL configurations.
 Click the Show more link towards the top of the page for more details
 In this case, it looks like there is a problem communicating with the SQL server on our failover server (VMSRV2)

 Open a Remote Desktop connection to the server with the problem (in the example, VMSRV2).
We will review/validate that all the SQL remote connection configurations have been properly applied.
Upon opening the SQL Server Configuration Manager, a missed configuration becomes apparent:
 Change Protocols: Named Pipes and TCP/IP to Enabled and then restart the SQL service to fix this problem.
Sometime messages may appear in the Windows Event Viewer logs (Application log, System log and Custom:
Genetec log) revealing clues as to what could be causing the problem.
 And sometimes, a blue “I” will appear beside the problem server in the Directory Manager’s Databases available
for failover list. Click the blue “I” for details

Manually browse/validate the backup files on the failover server
 Open a Remote Desktop connection to the failover server.
 Use its Windows file browser to browse the files and folders in the failover server’s Restore folder
 Force a full Directory database backup
 Do you see the date/time stamp update on the backup/restore files on the failover server?
Test Directory failover

 Test your failover configuration by physically disconnecting the main server from the network. Be patient. Client
applications may take 1-2 minutes to reconnect to the failover directory server.

Failover disaster recovery server
Configure a disaster recovery server

 In the Config Tool  System task  Roles  Directory Manager add a server to the Directory Servers list
 Click the Advanced view button at the bottom of the page
 Ensure that the failover server is configured as a Disaster recovery server
 Follow the same configuration and testing steps previously used to test “normal” directory failover.
This time, no directory load balancing should occur. The Disaster recovery server should only manage the
directory role when all other directories are unavailable.

Module 5 – Federation and GCM
Federating Security Center
Create a Federation role

 Open Config Tool  System task  Roles
 Click Add an entity ( ). Select Security Center Federation
 The Creating a role: Security Center Federation dialog box should open
 Configure the name or IP of the remote Directory, the authentication to connect to the remote directory and
select the events that you want to receive from the remote directory
 Click Next, Next, Create and Close

 The new Federation role should now try to connect to the remote directory. It will appear red (offline) while it is
trying to connect
 Once it has successfully connected, the Federation role should come online

 Select the Federation role’s Properties page. Toggle ON the Resilient connection mode with a 15s timeout.
 Open Config Tool  Area view task

 Can you see the remote federated system in your Area view tree?
 Notice that all your local entities (areas, cameras, doors) are represented with standard icons. But the remote
federated entities have big yellow arrows over their icons
 Expand the branch beside the remote system and browse the contents.
 Double click a camera to view live video from the remote system

 If the remote system has doors, open our Security Desk  Monitoring task and monitor some doors.
 Open Security Desk  Archives investigation task and try to play back some remote recordings
 Open Security Desk  Door activities investigation task and generate a Door activities report. Export the
report it in Microsoft Excel format.

Global Cardholder Synchronization (as a group)
Global cardholders are local cardholders who can be shared with other (independent) Security Center systems. You
will need 2 independent Security Center systems to try this exercise. We will consider the existing training server as
the “Sharing host”, and the newly added secondary system as the “Sharing guest”.
Create a user profile for the Global cardholder synchronizer on the Sharing host
For a remote system to be able to connect and download cardholder and credential information from a central system,
authentication will be required to establish the connection. It is recommended to create a new user profile on the host
system to be used by remote systems who need to connect.
 Open Config Tool  Security  Users

 Create a new user with the following (minimum) privileges:
o Application privileges  Global Cardholder Synchronizer: ALLOW
o Administrative privileges  Access control management  View cardholders: ALLOW
o Administrative privileges  Access control management  View credentials: ALLOW
The minimum privileges required for a remote system to connect and download cardholder/credential info.

Create and configure a Global partition on the Sharing host
 With your Config Tool logged into the “master system” or the Sharing host, open Config Tool  Security 
Partitions
 Click Add an item ( ) to create a new Partition
 Assign a name to the new global partition and create it under the System partition. Click Create
 Select the new partition’s Properties page and click Add a Member ( ) to add 2 cardholders and their
credentials as members of this new partition
 Toggle Global partition to ON.
 Select the new partition’s Accepted users tab. Ensure that the new user created for the remote Global
Cardholder Synchronizer connections is an Accepted user of the new global partition

Configure the remote system to connect to the main system as a Sharing guest
This part of the configuration exercise is for the remote system who will connect to the main system to download some
cardholder and credential information.
 With your Config Tool logged into the “remote system” or the Sharing guest, open Config Tool  System
task  Roles
 Click Add an entity ( )  Global Cardholder Synchronizer
 In the Specific info page, enter the following parameters, and click Next.
 Server. Server where this role will be hosted.
 Directory. Sharing host’s main server name or IP.
 Username and Password. Credentials used to connect to the sharing host. The extent of what the
sharing guest can do on the global partition will be limited by what this user can see and do on the
sharing host. The user must have the Global Cardholder Synchronizer privilege on the sharing host in
order to connect as well as the privilege to see cardholders and credentials
 Synchronize automatically. Select this option to have the GCS to update the guest system
immediately, every time a change is made on the host.
 In the Basic information page, enter the name, description, and partition where the GCS role should be
created.
 Click Next, Create, and Close.

 Click the Properties tab.
 Ensure that the remote Global Cardholder Synchronizer role can successfully connect to the host system for
cardholder and credential information. What does the Connection status indicate? Be patient, sometimes it
takes a minute or so to connect, authenticate and download the information.
 Select the partition(s) you want your local system to synchronize and click Apply.
 If the Global Cardholder Synchronizer is not configured to synchronize automatically, then click
Synchronize now ( ). Click Apply.
Once the Global Cardholder Synchronizer has successfully
connected and synchronized with the Sharing Host, we
find can both local cardholders and global cardholders
in our own system.

 Open Config Tool  Cardholder management task
 Do you see the new, global cardholders?
List of cardholders
before the Global
Cardholder-
Synchronizer was
configured.
List of cardholders
after the Global
Cardholder-
Synchronizer was
configured.
Notice that the global cardholders and their credentials have been imported but not automatically added to any
cardholder groups nor access rules.

 Double click one of the newly imported cardholders and add them to a cardholder group
 Click Save and close

The imported cardholder should now inherit access through any access rules that name the cardholder group to
which he/she was added
Test the global cardholders’ access rights

 Identify 1 door where the global cardholder should have access granted (due to his/her cardholder group
membership) and 1 door where he/she should have access denied
 Open Security Desk  Monitoring task
 Add the 2 test doors to the Monitoring task’s list of Monitored entities
 Test access at each of the doors. Do you see the appropriate access granted and access denied events?

Module 6 - Expansion & Customization
Threat Level Management
Create and configure a threat level

 Open the Config Tool  System task  Threat levels
 Click Add an item ( ) to create a new threat level
 Name your threat level after your own user name
 Select a colour for your new threat level
 Under Activation actions, Click Add an item ( )
 Select the action Start recording, and select your own Camera
 Under Activation actions, Click Add an item ( ) again
 Select Add a bookmark, select your own Camera and type the message: Threat level
activated_(YourThreatLevelName).
 Under Activation actions, Click Add an item ( ) again
 Select Send a message, select your own user as the recipient and type the Message:
(YourThreatLevelName) has been activated
 Under Dectivation actions, Click Add an item ( )
 Select the action Stop recording, and select your own Camera, select Stop in: Now
 Under Deactivation actions, Click Add an item ( ) again
 Select Add a bookmark, select your own Camera and type the message: Threat level
deactivated_(YourThreatLevelName).
 Under Deactivation actions, Click Add an item ( ) again
 Select Send a message, select your own user as the recipient and type the Message:
(YourThreatLevelName) has been deactivated
 Click OK. Click Apply
 Open an Area view task. If you don’t have your own area, create one now.
Test your threat level
 In the Security Desk, double click the threat level icon in the notification tray
 Select your Area, select your Threat level and click Apply
 You should receive your treat level activation message
 Display your camera in the Monitoring task
 Your camera should be in recording state. A bookmark icon should appear on the timeline at the moment the
threat level was applied
 Double click the threat level icon in the notification tray again
 Remove your threat level from the area
One at a time, please:
 In the Security Desk, double click the threat level icon in the notification tray
 Apply your threat level to the entire system instead of your area.
All users connected with the Security Desk should see a colour change to the Security Desk skin

External systems’ integration – Plugins
Install the plugin for the external system’s integration

 If you do not already have the plugin installer(s), download it from https://portal.genetec.com
 Download the plugin installer and save a copy on your Security Center server (whichever one will run the plugin
for the external integration)

 Open a Remote Desktop connection to your Security Center server. Open a Windows file browser and browse
the contents of the plugin installer files
 Run the plugin installer on the Security Center server

 Once the plugin installation has completed, the Genetec service should be restarted
 Once the service has restarted, and all roles have completed starting up, open Config Tool  System task 
Roles
 Click Add an entity ( ) and select Plugin
 Select the new plugin to be created. Click Next, Next, Create and Close
 The new plugin role should appear in your System task’s list of roles

 Each plugin is configured differently
Follow your trainer’s instructions for the configuration and testing of your particular plugin
Security Center Mobile
Install the mobile server

 If you do not already have the mobile server installer, download it from https://portal.genetec.com
 Download the mobile server installer and save a copy on your Security Center server (whichever one will run
mobile server). Alternatively, it could be installed on one of the participants’ laptops (with good hardware specs)
 Open a Remote Desktop connection to your Security Center server. Open a Windows file browser and browse
the contents of the mobile server installer files

 Run the mobile server installer (as Administrator).
Mobile server initial setup

 Upon completion of the mobile server installation, your browser should pop open taking you to its Mobile Server
Admin. Accept the browser’s security certificate warning if prompted
 Log on with user: Admin and no password
 In the Mobile Admin page, under Configuration, click Security Center
 Enter the connection details for the mobile server to connect to your main directory
 Click Apply
 You may be prompted to accept the Main server’s security certificate to complete the connection.

 Examine the source of the security certificate (should be your main server) and click [Accept]
 Return to the Home page, and go back to the Configuration  Security Center page
 Has your Mobile server successfully connected to your main Security Center directory?
 Try logging on with a mobile client by pointing your smartphone or

tablet app to your Mobile server’s IP
 Use your “normal” Security Center username and password
 Can you log on and see the area view?
 Can you display a camera?

Configure mobile streaming
 From the Mobile Admin home page, click Mobile streaming settings
 Configure the Number of ports for 15
This setting establishes how many smartphones can stream back to the mobile server
 Note the Starting port and the Number of ports. You will need them shortly.
 Click Apply
 Open Config Tool  Video task
 Click Create Video unit (at the bottom of the page)
 In the Manual add dialog box, select Genetec protocol and configure the IP address of your Mobile server
 Set the port range to whatever was defined in the Mobile admin’s Mobile streaming settings page
 Click Add
 Once the mobile streaming cameras have been added you will see confirmation in the Add a unit dialog box
and the new video units will be created in the Video task
 Click Clear completed tasks
 Use your smartphone’s mobile app to connect to the mobile server

 In the mobile app, click Menu  Start streaming
 Can you see live video from your smartphone on a workstation’s Monitoring task?
 Can you playback recording from a smartphone on a workstation’s Archive investigation task?

Web client
Create Web client server role

 Config Tool  System task  Roles
 Does the Web Client Server appear in the list of roles?
 If not, use the green + Add an entity button at the bottom of the page to create it.
Test web client connections
 In the Config Tool  System task  Roles, select the Web Client server role and select its Properties tab
 Click the URL to test client browser access to the web server
 Accept your browser’s security warning (if prompted)

 Log on with your “normal” Security Center user and password

 Open a Monitoring task
 Try to display a camera
 Click Home to go back to the Web Client’s Homer page and try some of the other tasks

Plan Manager
Plan Manager Role

As of Security Center 5.4, the Plan Manager map system has been redesigned and incorporated into the software as
a dedicated role, and no longer used as a plugin based service. The Map Manager role will be installed by default
with the Directory server software.
To verify the configuration of the Map Manager role, open the System task’s Role view, and click on Map Manager.
 From the Resources tab, verify which server the role is running on
Depending on the network accessibility and the existing resource utilization, we would usually choose one of
our least busy servers to host the Map Manager role
 Click on the Properties tab, and confirm the map cache location; we recommend having the cache folder
accessible to all servers that may run the Map Manager role
 If you are using any external GIS map servers, add them in the Map providers list
 KML objects may be added from the Map layers list as well
Examples of Commercial WMS servers (License required)
Examples of open source WMS servers (No license required)
Map cache folder

Map configuration
Plan Manager maps are configured from the Map designer task of the Config Tool, and are associated with areas.
Open the Area view task, and create any areas needed to represent your map structure.
There are two ways to associate a map with an area, first from the Area view task:
 Click on an area entity

 From the Identity tab, click on the Create map section
 This will load the Map designer task with the area selected
You can also associate a map with an area from the Map designer task:
 Click on the home page of the Config Tool

 From the Administration section, click on the Map designer task

 Click on the Create button on the top right of the map browser window
 Click on an existing area, or click on the New area button on the bottom of the list
 The area entity icon can also be changed to one of the pre-loaded area icons
 Click on the Next button on the bottom right
Either method will bring you to the point where we need to select a background for our map. This can be an imported
image file, or one of the map providers configured previously in the role properties
 If Image is selected, click on Select file to load a file from your drive
 This can be a JPG, BMP, PNG, or PDF (including vectorial PDF) file
 We have included a couple of samples for you to try in the installation package (SC Packages\Plan
Manager\program files\Genetec Plan Manager ConfigTool\Demo maps)

 If you select Geographic, you will need to select the GIS server from the drop down menu on the right,
changing the preview image below
 Click Create when you have your background selected, this will complete the map creation if a GIS map
provider was selected
 If an image was selected, you will see additional controls to rotate
the image, crop the image, or remove the image to select a new file
 When cropping an image, drag the handles until the section you wish to use is within the highlighted area, and
click on the checkmark icon on the top right
 Click Next to continue

 You will now need to select the actual size represented by your image
 Either select one of the presets (Room, Building, Campus, or City) or choose Specific scale
 With Specific scale selected, click and drag on the map to move it to a position where you know the scale of
the map, and use your mouse wheel to zoom in or out
 Select a unit of measurement and enter a specific length, then click on Draw line
 Click on the map and drag to make a line that will represent the length chosen
 The end points can be repositioned by clicking and dragging, or you can Clear the line and draw another
 Click Create and the image will be processed (you will see a progress indicator in the notification tray)
The Area view will now update to show you the new area icon, and you will be in edit mode in the Map designer task.
Edit your map

 Maps can be edited by selecting them from the Map designer task, or from the area they are associated with
in the Area view task
 Once editing a map, you can use your left mouse button to click and drag the map around, and use the scroll
wheel to zoom in or out
 The number of zoom levels is dependent on the size you chose for the map, larger maps having more levels
(ex: a Building preset has 4 zoom levels)
 The side bar of the map designer contains all the object types that can be
added to a map, and the top bar has map maintenance and editing tools
 Click on each one of the top menus to see what is available
 From the Edit menu, choose Select new background
and select a new file to use for this map

Add a camera to the map
 From the Map designer, you can add any entity that is part of the Area view, as well as alarms, macros, I/O
objects, vector objects, images, and text
 Start out by moving the map to a location where you would like to place a camera
 In the Entities section, click on the area icon to open the Area view
 Click on the pin to dock the Area view on the side, if you will be adding many objects
 Locate a camera from your Area view and drag it onto the map
 Use the corner handles to change the object size, or the rotation handle to turn the camera icon
 Hold the shift while rotating to limit the change to 15 degree increments
 From the object properties on the right, put a check in the Show field of view checkbox
 What color is the cone that shows up on the map? Green is for PTZ cameras, blue is for fixed cameras

 Enable the Show motion and Show recording checkboxes as well
 To reposition the camera, click on the camera object or the field of view and drag the object around
 Click on Apply when your changes have been made and the camera is in position
 Go back to the Area view task and select the camera you have added to the map
 If this is not a Federated camera, you can change the object icon by clicking on the arrow next to the entity
type in the Identity tab
 Select one of the presets, or browse to a new camera image for this object
 Now open the Security Desk application, and start a Monitoring task
 Locate the area we associated the map with, and drag it into one of the tiles
 Click and drag to move the map, and use the scroll wheel to zoom in or out, as with the Map designer
 Find the camera you added, do you see the red recording light
on the object? If not, start recording on the camera to see the
recording indicator
 Create some motion in front of the camera, did you see the green circles around the object?
 If this is a PTZ camera, move the camera from another tile to see the field of view change on the map
 You can also click and drag the field of view to rotate the camera

 Click on the object to bring up a tile showing the camera’s video stream
 Right click inside the tile for more camera options, or use the playback controls to review video
Add a door to the map

 If you have the Synergis access control component on your system, you can also add doors to your maps
 Go back to the Config Tool, in the Map designer task
 Click on the area icon in the Entities section if you do not have it pinned currently
 Locate a door from the Area view and drag it into the map
 Rotate, resize, and position it as you did for the camera object
 Apply your changes and go back to the Security Desk

 To see another way of viewing maps, open the Maps task, and select the map you have created

 Locate the door you created on the map
 Present a card at the door and open it, did you see the door object unlock and open?
 If you have the access control events set to display in a tile, you will see the cardholder picture appear above
the door; hover on it to see more details about the event
 Click on the settings button on the top right and choose Show dashboard
 Click on the door to see the door actions that can be performed from the Door widget
Explore the different Entities group objects

 Try to add other objects from the Entities group
 Add an alarm to your map, hit apply, then switch to the Security Desk
 Click on the alarm to pop up the option to trigger it manually and trigger the alarm

 From your map, hover over the alarm to see the event and the alarm options; acknowledge the alarm
 Areas can be added to maps; if a map has been associated with the area, the area will show a preview of the
map, and will operate as a link to that map
 Create a second map associated with another area

 Drag the new area onto your previous map, move and resize it, and apply the change
 From the Maps task, click on the area object you have created. Did it bring you to the new map?
 If an area is being used for access control purposes, people counting for the area can be displayed
 Drag an area that is being used for people counting on the map, move and resize it, and apply the change
 If there are no maps associated with this area, it will show up as a polygon, hold shift to add or remove points

 Use the Color and border widget to change the color, opacity, line color, and line width of the area
 Apply the changes and switch to the Security Desk

 Hover over the area to see anyone who is currently inside the area (if people counting has been configured)
 Any entry or exit from a perimeter door will be shown on the area object on the map
 Have someone walk into or out of the area to view the change on the map
 Click on the I/O object type and drag an output on to the map
 From the Output behaviors widget, associate some actions with this object
 Also from the I/O object type, drag an input onto the map
 Apply the changes and switch back to the Security Desk
 Test the output object by clicking on it and choosing an action

 Change the state on the physical input you placed on the map. Did you see the color change?
 Try other entity types that are available from the Area view, such as camera sequences, zones, and
Federation entities
Explore the different Vector objects

 From the Map designer task, add each one of
the objects from the Vector group to your map
 For each one, look at the properties of the widgets in the dashboard on the side
 The line, rectangle, and polygon object types can be used to represent walls
 Draw a line in front of a camera object’s field of view, and put a check in the Block field of view option
 Apply the change, and note that the field of view is not blocked when in the Map designer
 Switch over to the Security Desk and find your wall on the map, the field of view should be blocked
 Go back to the Map designer task and select a rectangle, polygon, or ellipse object
 From the Identity widget in the dashboard, you can associate any of these object types with an area
 Under the links widget, use the drop down menu to choose another map on your system
 Use the advanced button to choose more than one map

 Apply the changes and switch back to your Security Desk Maps task
 Click on the vector object you had modified
 If you had one link selected, it will bring you to that map directly; having more than one link will pop up a menu
of the links available, allowing you to click on the one you wish to navigate to
 Go back to the Map designer task in the Config Tool

 Add a camera to a map
 Draw a rectangle vector object over the camera object
 Apply your changes and switch back to the Security Desk Maps task
 Click on the camera that you recently added. Are you able to view the video tile?
 The rectangle object is on top of the camera, stopping you from selecting the camera
 Jump back to the Map designer task and select the rectangle object covering the camera
 From the top menu, click on the Arrange menu, and select Send to back, then hit Apply
 Go back to your Maps task in the Security Desk and try to select the camera again
 You should see the video tile pop up now, as the camera is on top of the vector object

Explore the Visual object types
 From the Map designer, click
on the add image object from
the Visual category on the left
 Select an image file to use, standard image types are supported
 Once the file has been selected, click on the map to place the image
 Resize it if needed, and apply the changes
 Note the widgets for this object type; images can be associated to areas and used as links to other maps
 If the image aspect ratio is distorted, change the Stretch value to Proportional
 From the Visual category, experiment adding text to your map as well
 Note the font and alignment options in the Text widget
 Text can also be associated with an area and used as a link to another map

Sipelia
Install Sipelia server

 Launch the Sipelia software installer on the server that will be used to host the Sipelia role
 Install Sipelia on the server
 Allow the Genetec server service to restart after the Sipelia installation has completed
Install Sipelia clients

 Close all Security Center applications (on any Security Desk workstations that will need to make calls)
 Launch the Sipelia software installer
 Install Sipelia on the client workstation
Create the Sipelia server role

 Open Config Tool  Plugins task
 Click Add an entity ( ). Select Plugin
 Select the Sipelia Plugin. Click Next, Next, Create and Close
 Do you see the Sipelia plugin added to the Plugin tree?

Configuring the system communication service
The system communication service for Sipelia is RabbitMQ. RabbitMQ is an open source, external Windows service
that allows applications that are running on different servers, and at different times, to communicate across dissimilar
networks and computers, regardless of whether they are online. Sipelia Server needs this service to properly
communicate with Security Desk. As a result, this is an essential requirement for a Sipelia installation.
 Open Config Tool  Plugins task and select the Sipelia plugin
 Select its General tab
 Ensure that the server hosting the RabbitMQ communications service is shown by name or IP address in the
field Communication service address (default is localhost)
 The default value for the Communication service port is 5672.
 Open the Network task, and then select the server that is hosting the Sipelia Plugin role.
 Click Properties, and make sure that the first IP address shown in Private addresses, that is, the IP address
listed at the top, is the one that you want to be used by the server.
Configuring the SIP port of Sipelia server and the ranges for its extensions
To enable the SIP protocol on Sipelia Server, you must configure the SIP port of Sipelia Server, and ensure that all
connected SIP endpoints (hard-wired phones, voice mail systems, intercoms, software SIP phones and Security Desk
clients) use the same port value.
 Open Config Tool  Plugins task and select the Sipelia plugin
 Select its Servers tab
 Set the following:
•SIP port: The port used to enable the SIP protocol on Sipelia Server. As a result, it is the basis of all SIP
communication in Sipelia. The default value is 5060. Every SIP endpoint, such as softphones and SIP
intercoms, that needs to connect to the Sipelia Server must have this port value in their respective
configurations.
 If you changed the default value of the SIP port, make sure that all SIP clients that are connected to Sipelia
Server also use the new port value.
The phone extension ranges are sets of SIP extensions from which you can assign an extension number to each
of your SIP entities. Each extension range must have a default password for the extensions, you can only have a
maximum of 1000 extensions per range, and you must have a minimum of one defined extension range to be able
to connect a SIP entity to Sipelia. By default, Sipelia provides five extension ranges (Range 1 to Range 5), each
with a default password of 1234.
To define a range of SIP phone extensions:
 Note the extension ranges that are already defined, and decide on how to assign them to your various SIP
entities
 To add an extension range, click Add range ( )
 Enter the following:
• Start: The start value of the SIP extension range. The start value must be unique and cannot be greater
than the end value.
• End: The end value of the SIP extension range. The end value must be unique and cannot be less than
the start value.
• Description: A phrase that describes the range, and perhaps indicates what SIP entity the range is
reserved for.

• Default password: The password for every SIP extension within the range. All SIP entities whose
respective extensions lie within this range must know this password. Every SIP endpoint, such as
softphones and SIP intercoms, that needs to connect to the Sipelia Server must have this password value
(along with the extension) in their respective configurations.
• Confirm password: The confirmation of the default password. Values in both password fields must
match.
NOTE: The start and end values for the extension ranges are inclusive.
 Click Add. Click Apply
Example of a custom port range for SIP extensions
Configuring SIP accounts for Security Center users

To allow Security Center users to communicate with one another using the SIP-related controls in Security Desk,
you must configure a SIP account for each of your users and assign the appropriate privileges.
 Log on to Security Center with Config Tool, and then open the Security task.
 Click Users, and then select one from the list.
 Click the VoIP tab to set up this SIP entity as a SIP endpoint.
 Assign a SIP extension to your SIP entity in one of the following ways:
• Click Auto-assign. Auto-assign automatically assigns the SIP entity the next available phone extension in
a given range. As a result, it is the recommended way of assigning a SIP extension to users, ring groups,
and SIP intercoms. Simply click this button, choose an existing range, and then click Apply.
• Enter the following:
o SIP extension: The SIP entity's phone extension. To be able to communicate with other SIP
endpoints, every SIP entity (user, ring group, or intercom) in Security Center must have a unique
SIP extension assigned to it. Either enter the extension manually, or use the recommended
approach of clicking Auto-assign.
o Password: The password for the extension. This password was specified when creating the
extension range. Each SIP extension within a given range has its password automatically set to
match the default password for that range. Clicking Auto-assign automatically populates this field
with the correct password for the range, and is therefore the recommended approach.
IMPORTANT: Although you can change the password for a given SIP extension by simply entering a new
password, it is not recommended to do so here. It is recommended to change passwords for phone extensions
only in the Servers tab of the Sipelia Plugin role.

 Set the following:
• Record audio and video: Allows you to record the call sessions that the SIP entity participates in (either
caller or recipient of a call). Once recorded, sessions can later be reviewed and exported through the Call
report task. The default value is inherited from the global recording settings which are found on the
Recording page of the Sipelia Plugin role. Changing this setting at the entity level forces the entity to no
longer inherit the value from the global setting, thus allowing you to turn recording on or off for only specific
entities, without affecting all of them.
• Roaming profile: When it is turned on (default value), it stores a user's respective Security Desk option
settings in the database. As a result, users can log on to Security Desk from a different computer on the
same network and keep their settings. For example, if a user has set the option to have incoming calls
always open in a tile, this option will remain intact for this user even on a different Security Desk
workstation that is on the same network.
 Click the Privileges tab to set up the user's privileges for Sipelia.
 Under All privileges  Application privileges  Sipelia, select the privileges corresponding to the actions
the user is allowed to perform.
IMPORTANT: By default, privileges are set to Undefined. For users to make and receive calls, you must
explicitly grant the appropriate privileges.
 Click Apply.

Configuring workstations for voice and video calls
Before you begin
 Configure SIP accounts for your Security Center users.

 Install Sipelia Client on each of the Security Desk workstations that run Sipelia.
 Install the required headsets and webcams. For optimal audio quality, it is recommended to use headsets
instead of microphones and speakers.
To configure workstations for voice and video calls:
 Log on to Security Center with Security Desk.

 Click Options  Sipelia.
 In the Audio and video section, select the physical audio and video devices that are used for calls.
IMPORTANT: Make sure that the devices are properly connected to the Security Desk workstations that run
Sipelia.
 Click to expand the Advanced section, and set the following settings, as required:
• Video codecs: The video codecs that are supported by Security Desk for video communication. By
default, the H.264 and H.263 codecs are turned on, and should suffice for most cases. As a result, it is
recommended to keep the default settings, and to be aware that changing video codecs can disrupt the
video that is streamed during video calls. To be able to view video during a SIP video call, the SIP clients
that are involved in a call must all support at least one common video codec. For example, if SIP client A
only supports the H.264 codec and SIP client B only supports H.263, no video is streamed during a call
session between the two SIP clients.
• UDP port range: The port range for the User Diagram Protocol (UDP). The UDP ports are used by the
different SIP clients to send and receive communication data. The default range is from 20000 to 20500.
It is recommended to keep the default settings, and to change them only if Sipelia logs any port-related
issues about making or receiving calls with Security Desk. 5 Set the following call-related options, as
required:
 Set the following call-related options, as required:
• Open new calls in:
Select whether you want
all incoming calls to
automatically open in the
conversation window or
in a tile within the
Monitoring task in
Security Desk.
• Play sound on new call:
Select this check box if
you want to hear an
audible ring when
receiving an incoming
call.
 Repeat these steps on each of
the Security Desk workstations
that run Sipelia.

Testing Sipelia calls from Security Desk Workstations
 Log on to Security Desk with a Security Center user who has the necessary Sipelia user privileges
 Hover your mouse over the Sipelia icon in the Security Desk notification tray. You should see your Status
(online/offline), your SIP extension, the server to which you are connected and the port number
 Click the Sipelia icon in the notification tray
 You should see Sipelia call panel open displaying your photo, first and last name, extension and status
 Click the Contacts tab
 You should see a list of other Sipelia users and their respective extensions
 Note: Connected users appear green. Disconnected users appear white

 Click Settings at the bottom of the panel to toggle between Simple view and detailed view
 Right click a contact to add them to your Favorites list

 Select a connected user and click the Call button at the bottom of the panel
 Test a call with another user
Caller’s Security Desk
Recipient’s Security Desk

SC-ETC-001 5.7 Exercises

Uploaded by

Copyright:

Available Formats

SC-ETC-001 5.7 Exercises

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SC-ETC-001 5.7 Exercises

Uploaded by

Copyright:

Available Formats

SC-ETC-001 5.

genetec.com | Security Center 5 3

 Login to the additional server(s) as a Windows administrative user

 Select Server installation (Optional: install Config Tool if desired)

genetec.com | Security Center 5 5

genetec.com | Security Center 5 6

genetec.com | Security Center 5 7

Expansion to Main server connection

 Allow the Genetec Server service to be restarted

genetec.com | Security Center 5 8

 Accept your browser’s security warnings to proceed to the login screen

 Login to the Server Admin

 Change the HTTP port to 88

genetec.com | Security Center 5 9

 This time, do not click Stay on this expansion server

 Log out of the Server Admin. Close the browser.

genetec.com | Security Center 5 10

 Open your Config Tool  Network view task.

 Examine the Properties page of each of the network entities

genetec.com | Security Center 5 11

genetec.com | Security Center 5 12

 Open your Config Tool  System task  Roles

genetec.com | Security Center 5 13

 Open your Config Tool  System task  Network view task

 Click the Show video stream diagnosis link

 Click Show video stream status

genetec.com | Security Center 5 14

Camera’s IP: 10.0.30.155

Server’s IP: 10.0.30.140

Client’s IP: 10.0.30.98

1. The archiver receives video from the

This is called Unicast UDP video redirection.

genetec.com | Security Center 5 15

The archiver (server) and Media Player

genetec.com | Security Center 5 16

genetec.com | Security Center 5 17

 Save the change and display live video from a camera.

genetec.com | Security Center 5 19

 Open your Config Tool  System task  System task  Roles

 Click Save. Click Apply

genetec.com | Security Center 5 20

genetec.com | Security Center 5 21

Configure the following load balanced video redirectors:

genetec.com | Security Center 5 22

 Open the Security Desk  Monitoring task

genetec.com | Security Center 5 23

Configure the following network routes:

 Open your Config Tool  Network view task

 One by one, select each of the lower level networks.

genetec.com | Security Center 5 24

genetec.com | Security Center 5 25

 Open your Config Tool  Network view task

genetec.com | Security Center 5 26

Head office Sales office Warehouse

genetec.com | Security Center 5 27

genetec.com | Security Center 5 28

 How can this be tested to validate your configuration?

genetec.com | Security Center 5 29

Enable your Public server: