Higher Education Lenel Users Group

© 2011 Cisco and/or its affiliates. All rights reserved. 1

© 2011 Cisco and/or its affiliates. All rights reserved. 1

Higher Education Lenel Users Group

How Cisco uses Lenel

Deon Chatterton

March 14, 2012

• Introduction to SSBR

• How we use Lenel

© 2011 Cisco and/or its affiliates. All rights reserved. 3

Security Facilities

Operation Centers

David Walters

Director, SSBR

Deon Chatterton

Sr. Manager, STS

Pete Williams John Chang

Wayne Homell James Duffy

Systems Technology

Managers

Security Technologies

Roger Biscay

Treasurer

•

Lenel OnGuard Enterprise Multi-Server Architecture

Server Environments

Master - San Jose, CA

AMER Western Region – San Jose, CA

AMER Eastern Region – Raleigh, NC

EMEA Region – London, UK

APAC Region – Bangalore, India

•

Lenel OnGuard Access Control and IP Video

Global Client Connections

50 Thick Clients used for Badging and Alarm Monitoring

3000 Thin Clients used for ID Credential Center, System Administration, and Area Access Manager

Global Transaction Volume

~1,000,000 User Transactions (Month)

~12,000,000 Events (Month)

© 2011 Cisco and/or its affiliates. All rights reserved. 5

Americas

2111

System Users

377

Access Panels

5960

Readers

218

Video Servers

3694

Cameras

EMEAR

710

System Users

137

Access Panels

1737

Readers

66

Video Servers

1276

Cameras

APJ and India

576

System Users

124

Access Panels

1553

Readers

80

Video Servers

1106

Cameras

Global Footprint

91

Countries

316

Sites

639

Buildings

425

Buildings w/ Lenel

126,262

Cardholders (A)

100,973

Badges (A)

3397

System Users

4975

Access Levels

638

Access Panels

9261

Readers

365

Video Servers

6123

Cameras

•

AMER West (Cylinder1)

Located in San Jose, CA

15 Team Members (Rotating 24x7 Shifts)

•

AMER East (Cylinder2)

Located in Raleigh, NC

10 Team Members (Rotating 24x7 Shifts)

•

EMEA (Cylinder3)

Located in Bedfont Lakes UK

10 Team Members (Rotating 24x7 Shifts)

•

APAC (Cylinder4)

Located in Shanghai

12 Team Members (Rotating 24x7 Shifts)

•

INDIA (Cylinder4)

Located in Bangalore India

© 2011 Cisco and/or its affiliates. All rights reserved. 7

HRMS

First and Lastname Cisco ID

User ID EMP / CONT

AMER West

AMER East

EMEA

APJ

CYLINDER1

CYLINDER2

CYLINDER3

CYLINDER4

SECLOCK

•

System Administration

Purpose: Used for programming of system settings, as well as all device configuration and programming Primary Users: Integrators, SFOC, and SSBR

Published: Direct Client (ODBC), Citrix MetaFrame

•

Alarm Monitoring

Purpose: Used for monitoring security alarms, alarm video, and for device command/control Primary Users: SFOC, Integrators

Published: Direct Client (ODBC), Citrix MetaFrame

•

ID CredentialCenter

Purpose: Used for management of cardholder related data, printing of Cisco ID badges, and Temporary Badge Issuance Primary Users: SSBR Badging Offices, Lobby Ambassadors

Published: Direct Client (ODBC), Citrix MetaFrame

•

Area Access Manager

Purpose: Allows designated area owners to grant/remove access for cardholders to their individual areas Primary Users: Lab Managers, Datacenters, Specialized Areas

Published: Citrix MetaFrame, Web-based client on IIS

•

VideoViewer

Purpose: Used to view Live and Recorded video clips for any camera connected to system Primary Users: Investigators

Cisco Confidential

© 2011 Cisco and/or its affiliates. All rights reserved. 11

•

Lenel Embedded Software Engineers

2 Full Time developers dedicated to Cisco

Utilized for various development needs within Cisco

Feature Enhancements to Lenel OnGuard Core

Integration of internal Cisco applications with Lenel OnGuard and Security Apps

Development of “Add-On” applications for functionality extension of Lenel OnGuard

•

Goals and Strategy

Create add-on applications that enhance the off-the-shelf functionality that is provided with

Lenel OnGuard

Applications will bridge functionality gaps or solve an internal issue being faced by Security

users at Cisco

Step 1 Step 2 Step 3 Step 4 Step 5 Specification and Requirements Design and Development Support and Evolution User Acceptance Testing Production Deployment Cisco PM and Consultant Cisco PM, Consultant, and Lenel Embedded Developers Cisco PM, Consultant, and Lenel Embedded Developers Cisco PM and Consultant Cisco PM and Consultant

•

Development Lifecycle occurs internally

Cisco Program Manager responsible for overall project delivery

Consultant responsible for design, specification, UAT, and Milestones

Lenel Embedded Engineers responsible for all Software Development

© 2011 Cisco and/or its affiliates. All rights reserved. 13

•

Industry Standard Development Techniques and Platforms

Web-applications developed using Microsoft ASP.net

Front-end UIs developed using HTML5, Java Script, and Jquery

Content hosted on Microsoft Internet Information Services (IIS) Web-servers

•

Cisco Internal InfoSec Security Standards

Development follows all internal Cisco IT standards for application development and security

Applications are put through full Cisco IT penetration testing and security reviews

Source control and bug tracking software packages used for version management

Content secured behind HTTPS using SSL

•

Applications in Production

Web Area Access Manager (Datacenter)

Cardholder Data manager (CDM)

Panel Spatial Linkage Tool

NVR Retention Manager

Cisco Security Portal

Xerox Secure Print

Event Registration Portal

Security Device IP Manager

ERT Roster and Membership Management

•

Upstream Data Integration to Lenel (Import)

HRMS

Education Management System (EMS)

Cisco Online Testing (COLT)

WPR Building and Spatial Information (CCRE)

•

Downstream Data Integration to Lenel (Export)

Cisco Directory

Café Debit System

Site Information Management (SIM)

Cisco Child Care Center

Cisco InfoSec (CSPO)

Cisco SAS Case Management System (DIAD)

Cisco WPR Building Utilization Tool

OnGuard Report Server

Cisco Emergency Response Team

Cisco Event Management Team

Cisco Fitness Center

SecureJet Printing Interface

GGSG Card Management System

Cisco Lab Tools

Restricted Area Access Request Tool

Datacenter Authorized Entry Lists

Vehicle Management System (India)

Perimeter Detection System (India)

Cisco Connected Real Estate

Cisco Confidential

The Cisco Web AAM application was designed and built to bridge several functionality gaps that existed with the Lenel

native AAM client. Datacenter users required ability to pre-enroll access for cardholder, as well as allow other systems

like their Change Management system the ability to automatically grant transactional access once a change has been

approved in another system. The formal ROI of this tool is currently being completed now, but the initial results show

greater than 50% time savings for each access grant transaction.

Some features in this new tool include:

 Enhanced AAM functionality

 More granular scheduling capabilities for Access

 Introduction of Access “Transaction” concept

 Pre-register Access for multiple cardholders

 Detailed auditing for SOC and ISO compliance

 Integration engine which allows internal Cisco applications to publish Access Transactions

 Simplified assignment workflow

 Supported on all industry standard browsers (Internet Explorer, FireFox, Safari, Chrome)

Simplified 3-step assignment wizard for

Managed Access Levels

(1) Select Cardholders

(2) Select Access Levels

(3) Enter Validation Data

Highlights

•

Enhanced feature set allows for decreased workload

•

Support for pre-enrollment of access transactions

•

Built-in transactional reporting which provided complete audit trail

•

Simplified UI decrease the number of overall steps to perform daily AAM actions

•

WebServices interface allows downstream systems to subscribe to data and post access

transactions

•

Provides foundation for new workflow automation of access requests

Future

© 2011 Cisco and/or its affiliates. All rights reserved. 21

The Cisco Event Registration Portal was designed and built to provide the Event Management Team with a simplified tool

to track admittance for registered events within Cisco such as Global Sales Meetings, and Shareholders Meetings. The

team was previously using a manual validation process and spreadsheet to track participants, which was not an efficient

use of time and resources. The new Event Registration Portal utilizes USB and Bluetooth card readers for reading Cisco

security badges and tracking personnel as they arrive at an event. The system stores a linkage to the cardholder badge

and the event they are attending, and a full attendance report can be generated anytime from within the tool. This

application has completely changed the way the Event Management Team handles these events and gives them a

real-time snapshot of their data.

Some features in this new tool include:

 Support simultaneous events

 Multiple Sites and Locations supported for each event

 Cardholder Details and Photo display on each valid Badge read

 Integrated to Lenel Access Levels for Whitelist or Blacklist capabilities

 Data is stored in the Lenel database and correlates to Cardholder and Badge data

 Real-Time reporting and auditing built-in to the tool

 Supported on all industry standard browsers (Internet Explorer, FireFox, Safari, Chrome)

https://seclock.cisco.com/ssbr/eventregistration

Highlights

•

Event Management solution using standard Security Badges for enrollment

•

Full Integration with Lenel OnGuard Identity, Credential, and Access Level information

•

Data stored in Lenel OnGuard database for reporting and reference

•

Support for several different Card Readers allows use of multiple tablet platforms

Future

•

Migration of code-base to native Android OS for use on Cisco Cius

© 2011 Cisco and/or its affiliates. All rights reserved. 25

The Cisco Cardholder Data Manager was designed and built to provide Client Services personnel with a simplified tool

and workflow to manage Cardholder and Badge data from Lenel without needing access to all functionality in OnGuard.

The CDM tool also interfaces with Cisco HR and other sub-systems to validate that the data is synchronizing correctly with

Lenel. Users have the ability immediately force a synchronization of certain objects without requiring further case creation

and investigation. Over the first year of deployment this tool reduced the case volume for data inconsistencies between

Lenel and HR by 75%. Users have the ability to resolve the problem immediately which also decreases the amount of

time that a client is impacted by the issue.

Some features in this new tool include:

 Cardholder, Badge, Photo, and Access Level view

 Validation and comparison of cardholder data between HR and Lenel

 Validation and comparison of cardholder data between Lenel and downstream systems

 Forced synchronization of individual records

 Integrated with Lenel HR Import Scheduled Interface

 Advanced Search Engine for records

 Real-Time reporting and auditing built-in to the tool

 Supported on all industry standard browsers (Internet Explorer, FireFox, Safari, Chrome)

Highlights

•

Single application to manage cardholder and identity data between various systems

•

Empowers Safety and Security users to quickly resolve data issues without intervention from other

support teams and HRMS

•

Simplified user interface allows Safety and Security to synchronize data real-time without waiting

for scheduled data transfer

•

Application allows non-Lenel users to view Cardholder and Identity data

Future

•

Implementation of support for forced Emergency Terminations to all Lenel Regional Servers

real-time without Replication delays

© 2011 Cisco and/or its affiliates. All rights reserved. 29

•

Global Master Authorizer List (MAL)

Overall Management of Reader and Access Level Ownership

Linkage of Lenel Security devices to physical WPR Spaces for enhanced automation and audits

Single application for total Cisco population to review and request specific restricted (AAM) access levels Interacts with new Cisco Web AAM Application to simplify approval and assignment workflow

•

Lobby Receptionist Management Tool

Cardholder Data searching and review

Simplified and secured workflow for issuance of Temporary Badges Enhanced notification mechanism for Badge Issuance and Return

•

SSBR Security WebServices API

Common set of APIs that allow downstream applications to subscribe to Security Data

Used for internally developed applications to streamline development and interaction with Lenel

•

Continued delivery of “Security Platform” Initiative

Security becomes single-source of truth for various data and systems Expanded portfolio of managed devices and systems through SFOC

•

Utilize Cisco badge to enhance existing process and improve productivity

Efforts such as Café Debit System and Xerox Secure Printing Integration

•

Security Platform goes Mobile

Migration of existing applications to mobile platforms and OS

Creation of new security applications that take advantage of mobile enabled features

•

Remain Focused with internal Cisco-on-Cisco Initiatives

Integration of Security Devices and Systems with Cisco Product Portfolio

•

Security API Layer

API integration layer that allows other internal systems to interact with SSBR Security Systems such as Lenel OnGuard Cisco specific business logic can be applied to standard Lenel OnGuard functions while being performed by other systems

© 2011 Cisco and/or its affiliates. All rights reserved. 31