STANLEY MANUFACTURED ACCESS CONTROL RELEASE 4.2

(1)

IT

S T A N L E Y M A N U F A C T U R E D A C C E S S C O N T R O L

UIDE

T R O L

4 . 2

R’S GUIDE

R E L E A S E 4

T MANAGER

(2)

3

Issue Record

Details Author Date Version Stanley PAC 3.1. JF 08/12/2006 V1.8 Stanley PAC 3.2. JF 31/07/2008 V1.11

Virtual server info added. SD

23/09/2008 V1.12

Stanley PAC 3.3. Updated system requirements; up-dated bandwidth usage; added info on Windows Server 2008, SMTP, and USB Admin Kit with Windows Vista; updated database information.

SD 03/07/2009 V1.13

Added frequently asked questions for Stanley PAC and SQL, hardware connectivity details; re-edited document to present a more logical structure. JC

03/12/2010 V2.0

Stanley PAC 3.4. Updated system requirements. SD

16/03/2011 V2.1

Added information on Image Capture and installing Windows PowerShell; updated references to database server requirements.

SD 27/07/2011 V2.2

Stanley PAC 4.0. Updated system requirements; up-dated PC name changes and virtualisation. SP

18/10/2012 V2.3

Stanley PAC 4.2. Updated system requirements. SD 25/04/2013 V2.4 Applicability Version Detail Name Product Code 4.2 Stanley PAC P

(4)

5

1. Frequently Asked Questions

The section provides an overview of the system requirements for Stanley PAC and the SQL database, addressing some frequently asked questions. More detailed information can be found in the following chapters.

1.1 Stanley PAC Access Control Administration Software

Q: Are there any particular requirements for the PC / server?

A: Software installation and user administration requires full local administrator rights when logged onto the PC / Server. There should be no Group Policy Objects (GPOs) applied during software installation.

Q: How is the software deployed?

A: May be installed from the CD provided by PAC, or from a network shared drive.

Q: What is the format of the installer?

A: A Setup.exe file is provided; launches a Microsoft Windows Installer.

Q: Will Stanley PAC run in a locked-down environment?

A: Yes, if installed with local rights.

Q: Can the Stanley PAC software be hosted in a Virtual Machine environment?

A: Yes.

Q: Where are the installation files written to?

A: Installation copies files to the Windows System32 folder, and writes to the Windows Registry.

Q: What services or processes will run on the PC / Server?

A: Executables: the Stanley PAC administration software (PACUI.exe) and the PAC Service Manager.

Services: The PAC Communications Engine, PAC Client Manager, PAC Event Manager, PACDatabase Manager and PAC Remote Client Configuration. The PAC OEM Interface Service may also be required if Stanley PAC is to be integrated with a Stanley Astrow Time and Attendance software database or a third party application.

Q: What is the database format?

A: SQL Server — see Section 1.2:SQL Database for Stanley PAC.

Q: Does Stanley PAC require e-mail configuration?

A: Stanley PAC can send e-mail messages in response to a system event. The SMTP server is configured within the application. It may be necessary to configure the SMTP server / firewall — see Section 6.13:Sending Email from Stanley PAC.

(5)

6 Destination Port Source Port Protocol / Direction Location Application 8085 (configur-able) Dynamically assigned TCP / Out

Stanley PAC Server PAC Client Manager

8086 (configur-able)

Dynamically assigned TCP / Out

Stanley PAC Server PAC Event Manager

8087 (configur-able)

Dynamically assigned TCP / Out

Stanley PAC Server PAC Database Manager

8086–8096 N/A UDP / Out N/A COM+ / DLLHost.exe 5020–5040 DCOM as-signed TCP / In-Out Stanley PAC Server

COM+ / DLLHost.exe (DCOM)

1.2 SQL Database for Stanley PAC

Q: What is the database format?

A: All data is stored in the SQL database on the host machine. This may be SQL 2008 R2 Express, which is included on the Stanley PAC installation CD.

Alternatively, Stanley PAC can use SQL Express 2005, SQL Server 2005 SP3 Workgroup (Standard or Enterprise), or SQL Server 2008 SP 2. SQL Server 2000 is not supported.

Q: Can Stanley PAC be installed on a separate machine from the database server?

A: No. Stanley PAC must be installed on the same machine as the database server.

Q: Does Stanley PAC require a specific SQL instance?

A: No. The Stanley PAC database can be hosted on a SQL Server with other databases, however, it must use the default instance.

Q: What Compatibility Mode is the database hosted in?

A: 80.

Q: Can the database be hosted in a Virtual Machine environment?

A: Yes.

Q: Which collation does your SQL database use?

A: Latin1_General_CI_AS.

Q: Does the Stanley PAC / SQL connection employ Optimistic Locking and Connection Pooling to minimise connection times, and close connections between calls?

A: Yes. SQL / Stanley PAC can be configured for Optimistic Locking and Connection Pooling, with minimum connection time.

Q: What is the size of the database at initial installation?

A: Approximately 15 Mb.

Q: Does Stanley PAC have any effect on the tempdb database?

A: No.

Q: What additional SQL Server jobs does the Stanley PAC database create?

A: Backup.

(6)

7

Q: Does Stanley PAC database require any of the following:Analysis Services, Reporting Services, Full Text Catalogues, SSIS packages?

A: No.

Q: Does Stanley PAC database use Extended Stored Procedures?

A: Yes — Xp-dirtree and xp-fixeddrives.

Q: Do Stanley PAC users require sysadmin access or sa login?

A: No.

Q: Do Stanley PAC users require direct access to SQL Server?

A: No.

Q: Can the system operate with Windows Authentication only?

A: No. An account is created during Stanley PAC installation.

Q: Does Stanley PAC require permissions to be granted / denied to the Public Database

role?

A: No.

Q: Does Stanley PAC need to be able to create temporary databases?

A: Yes.

Q: Do Stanley PAC users or external support persons require Fixed Server Roles?

A: No.

Q: Does Stanley PAC store any data outside of the SQL database?

A: No.

P

(7)

8

2. Installation

2.1 System Requirements

You must have administrator privilege to install Stanley PAC. It is recommended that you use the local Administrator account or any account with administrator privilege that will not subsequently be deleted from the PC.

We recommend that the Stanley PAC machine requirements, listed below, for memory and processor speed, are exceeded whenever possible.

2.1.1 Server

• IBM Compatible PC, 1.6 GHz dual core processor — 2 GHz dual core recommended.

• 1 GB RAM — 2 GB recommended if using Windows Vista or later. For increased performance, more memory is recommended.

• Minimum 2 GB of free disk space — 10 GB recommended and more may be required for large enterprise systems.

• Celeron or Atom processors not recommended.

2.1.2 Client

• IBM Compatible PC, 1.6 GHz processor — 2 GHz recommended.

• 1 GB RAM — 2 GB recommended if using Windows Vista or later.

• Minimum 2 GB of free disk space.

• SuperVGA 800×600 graphics — XGA 1024×768 recommended, 1280×1024 for alarm workstations.

• Celeron or Atom processors not recommended.

2.1.3 Operating Systems

The following operating systems are supported:

• Windows Server 2012 Standard edition — referred to as Windows 2012.

• Windows 8 Pro or Enterprise edition, 32 or 64-bit — referred to as Windows 8.

• Windows Server 2008, 32 or 64-bit; or Windows Server 2008 Release 2, 64-bit — referred to as Windows 2008.

• Windows 7 Professional, Enterprise or Ultimate edition, 32 or 64-bit; or Windows 7 Professional, Enterprise or Ultimate edition with Service Pack 1, 32 or 64-bit — referred to as Windows 7.

• Windows Vista Ultimate, Business or Enterprise edition, 32 or 64-bit, Service Pack 2 required — referred to as Windows Vista.

• Windows Server 2003, 32 or 64-bit, Service Pack 2 required; or Windows Server 2003 Release 2, 32 or 64 bit, Service Pack 2 required — referred to as Windows 2003.

• Windows XP Professional 32 or 64-bit, Service Pack 3 required — referred to as Windows XP.

(8)

(9)

10 You should also consider upgrading to SQL Server 2008 R2 Workgroup, Standard or Enterprise

for increased performance if the Stanley PAC Server has more than one CPU.

2.3 Servers and Clients

For optimum performance we recommend using Stanley PAC clients for specific functions. For example, using one client as an Alarm Viewer, one as an Enrolment Station, one as an Event Viewer, etc.

Server

We recommend the use of a dedicated PC for operation as the Stanley PAC server.

Clients

The Stanley PAC client can be easily operated alongside other applications: there is no need for a client to run on a dedicated PC.

2.4 Stanley PAC Server

2.4.1 Prerequisites

Windows Message Queuing

This is a component of Microsoft Windows, and is installed as part of the Stanley PAC installation process.

Microsoft .NET Framework Version 1.1

This software is required and can coexist with any other version of the .NET Framework — there is no need to uninstall the existing version.

Microsoft .NET Framework Version 2.0 is installed as part of the Stanley PAC installation process.

2.4.2 Installation Directories

The software is by default installed into the %ProgramFiles%\Stanley PAC folder. The installation procedure also creates folders for storing database backups and event archives. You may change the folders from the defaults during the installation process.

2.4.3 Databases

If you are installing a Stanley PAC Server and no existing Microsoft SQL Server database instance is found, the setup program requires you to install SQL Server 2008 Express, which is provided. If you have an existing SQL Server database, you may still install SQL Server 2008 Express when you want to run Stanley PAC in a separate database instance.

See Section 2.1.4:Databases for a list of supported database servers.

2.4.4 Microsoft Windows PowerShell

Before you install Stanley PAC 3.4 using the default SQL Express 2008 R2 database server on Microsoft Windows XP 64-bit, Microsoft Windows Vista 64-bit, Microsoft Windows Server 2003 64-bit Standard or Enterprise Edition, or Microsoft Windows Server 2008 64-bit Standard or Enterprise Edition, you must make sure that Microsoft Windows PowerShell is installed on your operating system.

To install Windows PowerShell:

1. On the Stanley PAC installation disk, locate the PowerShell folder, then locate the installer that is specific to your operating system.

2. Double-click on the Windows PowerShell installer to run it and follow the instructions on screen.

3. When Windows PowerShell is installed, start the installation of Stanley PAC. P

(10)

11 guest account should not be remo

The ver Databases 2.4.5.2 Notes on SQL Ser . R2 Express instance er 2008 v er 2005 Express / SQL Ser v

e full DBA access to the SQL Ser v will also ha ws Windo account in Microsoft Administrator

y user allocated a standard ault, an

By def

•

. kups them to restore database bac

w roup will allo g A C_DB A P PA

e user into the ativ administr Placing a non installation. ing roup created dur user g A C_DB A P PA

ws user allocated the Windo y anted to an r is g er 2008 R2 Express instance v er 2005 Express / SQL Ser v

DBA access to the SQL Ser

•

. les kups of these tab m bac

or les and perf C tab

A P PA

y ite the data in the Stanle ights to read and wr

has r computerr C_EKA_ A P PA installation. ing account, which is created dur

computerr C_EKA_ A P PA anted to the r Access is g • . ity is used to access the database ated Secur

r Integ

•

ver 2008 R2 Express Databases ver 2005 Express / SQL Ser

2.4.5.1 Notes on SQL Ser . y e k kupDir DBBac

, and edit the

TIONAL\EKA C INTERNAATIONAL\EKA A ARE\PPA CHINE\SOFTW HKEY_LOCAL_MA vigate to , na avigate to y ws Registr Windo y location, in the kup director the bac o change T To change . y ws Registr Windo

C database according to the path set in A y P PA the Stanle k up y to bac uesda T y er v uns at 15:30 e ault, this task r

By def . kup yBac eekl CW A P PA • . vice Manager ted — via the Ser

set to be autostar y are Engine) if the .g. vices (e t the ser uns at boot time to star This task r . tup CStar A P PA • . e ents to archiv v

viding there are enough old e ent log, pro

v the e ents in v e e y to archiv y da ay to archiv er v uns at 18:00 e ault, this task r

By def . hive c CEventAr A P PA • k. 23:00 to synchronise all access controllers with the system cloc

y thereafter at y da

er v uns at boot time and e ault, this task r

By def . kSync CCloc A P PA • our system: wing scheduled tasks are added to y

ollo The f

. roup ator to be a member of this g oper

A user does not need to be an .

ivilege y other pr database without giving him/her an

or the ator f e a user a database administr ou to mak ws y roup allo This g . A C_DB A P PA • our system: roup is added to y wing local g ollo The f

ust not be changed. andomly and m

ated r or this account is gener ord f

w pass

The . This is a user account that is used to access the database C is installed.

A P PA

y is the name of the computer on which Stanle

computerr , where computerr, C_EKA_ A P PA • k: or ail to w will f C A y P PA ou should not modify or delete it, or Stanle Y

You should not modify or delete it, or Stanle our system.

wing account is added to y ollo

The f

asks

T

t-up

2.4.5 User Accounts and Star

. ating systems ou are using one of these oper

y erShell if w o ws P Windo ou should not need to install Y

Yo

. ise Editions pr

Standard and Enter

er 2008 R2 v

ws Ser Windo ise Editions and Microsoft pr

2003 R2 Standard and Enter

er v ws Ser Windo erShell is already installed on Microsoft w o ws P Windo ault Microsoft By def Note ved m ou Y You ual Editing 2.4.5.3 No Man . itten to the MSDB database kup details are wr

ail when the bac to appear to f

kups , as this could cause bac from the MSDB database

ust not manually edit not update the door controllers

ypasses the front end and does , as this b les y access or MSSQL tab an . not update the door controllers

(11)

12

2.5 Stanley PAC Clients

2.5.1 Prerequisites

Microsoft .NET Framework Version 1.1

This software, required by Stanley PAC, can coexist with any other version of the .NET Framework — there is no need to uninstall the existing version.

Microsoft .NET Framework Version 2.0 is installed as part of the Stanley PAC installation process.

2.5.2 Installation Directories

The Stanley PAC software is by default installed into the %ProgramFiles%\Stanley PAC folder. You may change the folders from the defaults during the installation process.

2.6 Connectivity

The client PC must be in the same workgroup or domain as the Stanley PAC Server to which it is connected.

The name of the Stanley PAC Server to which the client is connecting can be specified in either the installation process or on the client login screen.

2.7 Regional Options and Time Zone

Ensure that the correct regional options and time zone for the country or region is specified on the server and client.

You can set the regional options by choosing Start › Settings › Control Panel and selecting

Regional Options, or by choosing Start › Control Panel and selecting Regional and Language Options, depending on the version of your operating system.

Once the Server / Client has been set, check that the correct time zone is set in Stanley PAC by starting the application and choosing the Tools › Options menu. Look for the Timezone setting.

(12)

13

3. Uninstallation

Stanley PAC can be removed from your system using the Add or Remove Programs item in the Control Panel, or running the Setup program from the installation disk. The prerequisite software, i.e. the .NET framework, service packs, SQL Server 2008 R2 Express, etc., are not uninstalled by this process, but can be uninstalled separately if required.

After uninstallation, the following files are (intentionally) left on your system:

• The database. If you are using SQL Server 2005 Express or SQL Server 2008 R2 Express, these files are in %ProgramFiles%\Microsoft SQL Server\MSSQL.1 and its subfolders. These files can be reused if you reinstall Stanley PAC.

• Any contents of the database backups directory.

• Any contents of the event archives directory. If you no longer need these files, you can manually delete them.

P

(13)

14 To ensure reliab ating system. our oper , depending on y ools T C A y P PA Stanle › ograms Pr All › t Star or ools T Tools C A y P PA Stanle › ograms Pr › t Star am in r ou can find a link to this prog y

ually — net segment and set their IP addresses man C 500s on the local Ether

A am to find P PA r prog dress vice IP Ad Configure De

ou can use the k, y

or our netw If static addressing is used on y

. y dress automaticall Obtain IP ad ace is set to k interf or ws PC when the netw Windo

y a ithm used b alent to the algor

This is equiv on subnet 169.254.0.0, subnet mask 255.255.0.0.

y other host y an

y to select an IP address not used b If not, it will tr

le it will use it. ailab v er is a v ser If a DHCP .

e its IP address automatically v

ie C 500 will attempt to retr A er is applied, the P PA w When po . C systems A y P PA ed on all Stanle y emplo , is not ore eatures are required and, theref C f

A y P PA vice is required where enhanced Stanle This de ating system. ws CE embedded oper Windo uses the ver C 500 Access and Alarm Ser A

P PA

The

ver

C 500 Access and Alarm Ser

A

The P

PA

4.1 ware

d

Har

4.

o ensure reliab

T le, error free operation we strongly recommend the use of static IP addressing

Times

wnload and Update

4.1.1 Do

. AN W WAN er a v er o v ver o Setting up a 500 ser TB198: echnical Bulletin T Technical Bulletin er to , ref k connectivity or C 500 netw A

mation relating to the P PA or

ther inf or fur F

ound on its barcode label. of the unit, which can be f

umber ial n is the ser n n , where n C500_ A P PA

C 500 attempts to set its NetBIOS node name to A

A P PA

.

wnload. of the do

k speed at the time or

, and are reliant upon the netw ximate

wnload times are appro The do Note e update e e load s holder y-e

50,000 K K 11 secs 12 mins / 40kb 14 secs

s holder

y-e

25,000 K K 3 secs 5 mins / 40kb 8 secs

g a P yholder e K Siz Time / wnload Do g pa yholder e K Ke

(14)

15 er is using a

v C 500 ser A

or use when the P PA f

les

ace has a setting that enab The user interf

onou

hr

4.1.2 Suppression of Async

This setting must not be enabled

A P PA

ty sheet, select the In the proper 2. , select the module ware d Har In the 1. vents: onous e hr o suppress async T connection. when com dialup This is intended . ents v s suppression of asynchronous e

us Events

IP connection (via a PSTN modem).

. vents Suppress async e , then select tab C 500 A . er v C 500 ser A e P PA net C 500 using the Ether A

unicating with the P PA mm C 500 uses authenticated A ault, the P PA y def

unicatio

uthenticated Comm

.1.3 A

ned off in the user This can be tur

. unications comm

ons

as required. unications comm ypted Use unencr

, then select or deselect tab

C 500 A P PA

ty sheet, select the In the proper 2. . er v C 500 ser A , select the P PA module ware d Har In the 1. unications on or off: o turn authenticated comm

T

mally recommended. , although this is not nor

ace interf n the user By

4

and 8085–8086. 135, 3000–3020, ts): y UDP por ts (and if necessar TCP por wing ollo affic to the f mit incoming tr er P wer Clients Vie C Alarm A y P PA Stanle . C 500s using non-authenticated comms A

ating P PA 7076 when oper

•

. C 500s using authenticated comms A ating P PA 15081 when oper • ts: TCP por wing ollo affic to the f mit incoming tr y to per It is necessar

t Requirements

or

TCP/IP P

4.1.4

C 500. A mation on the P PA or inf or more C f A y P PA our installation of Stanle y y

er to the documents that accompan Ref

(15)

16

Stanley PAC Intivid VIP DVR

This is only required if the Intivid VIP DVR is being used for CCTV.

Permit incoming traffic to the following TCP ports (and if necessary UDP ports): 5300–5301, 5150–5151 and 5400.

4.2 The PAC 512 IP Door Controller

The PAC 512 IP door controller employs an on-board Lantronix Xport ethernet to serial converter to connect the controller to the network. By default, this device is configured for dynamic IP addressing and, in the absence of a DHCP server, will auto configure an IP address on subnet 169.254.0.0, subnet mask 255.255.0.0.

Static IP addressing is strongly advised. This is performed in the same manner as outlined in Section 4.1.

The Xport device is pre-configured to communicate on Port 8003.

For further information relating to the PAC 512 IP controller network connectivity, refer to the following Technical Bulletins:TB205: Setting up a PAC 512 IP over a LAN and TB200: Setting up a PAC 512 IP over a WAN.

4.3 The PAC 2000 Series Door Controller using IP Connectivity

The PAC 2000 Series door controllers employ the Lantronix UDS1100 ethernet to serial converter to connect the controller to the network. By default, this device is configured for dynamic IP addressing and, in the absence of a DHCP server, will auto configure an IP address on subnet 169.254.0.0, subnet mask 255.255.0.0.

Static IP addressing is strongly advised. This is performed in the same manner as outlined in Section 4.1.

The UDS1100 device must be configured to communicate on Port 14001.

For full details relating to the UDS1100 configuration, refer to Technical Bulletin UDS1100 Unit 2: Using with PAC 2000 Series Door Controllers — Configuration, or the e-Learning tutorial of the same name.

(16)

17

5. Networking and Performance

5.1 Network Security

This section describes how to:

• Configure DCOM for multiple Stanley PAC clients support across a firewall. This is to allow the Stanley PAC Server and Clients, which use DCOM, to communicate with each other.

• Configure firewalls on a WAN. This is required to allow the Stanley PAC Server to communicate with PAC IP controllers.

5.1.1 DCOM / Multiple Clients

To ensure maximum security on your network when using Stanley PAC clients over a firewall the range of TCP ports used by DCOM on the clients must be restricted. Section 5.1.1.2:Restricting the Range of TCP Ports describes how to do this.

5.1.1.1 DCOM and Firewall Address Translation

You cannot use DCOM through firewalls that perform address translation (NAT) — i.e. where a client connects to a virtual address, such as 198.252.145.1, and the firewall maps it transparently to the server’s actual address, such as 192.100.81.101.

P

(17)

18 .

er machine v

y connect to the SCM on the ser umbers when the

t n ight por the r

k up Clients will automatically pic .

er machine v

ou only need to do this on the ser Remember that y . ust create ou m , which y y y, which y e y k registr osoft\Rpc\Internet CHINE\Software\Micr HKEY_LOCAL_MA

w are located under the alues listed belo

named v

All of the .

iction functionality t restr

y settings that control the DCOM por al registr er v There are se ts or TCP P e of 5.1.1.2 Restricting the Rang

ect. e eff or them to tak settings in order f y wing registr ollo y of the f e changes to an ou mak y time y our machine an ust reboot y m ou , y Also . y alue entr named v ts or P y the type required b TI_SZ REG_MULLTI_SZ t the suppor

does not currently

e x edit.e reg

to configure these settings;

e x edt32.e reg ust use ou m Y You m Note Description alue ype Name not should ts alue indicates which por v named ts or P , then the N is set to alue If this v . DCOM applications or ts should be used f which por alue indicates named v ts or P , then the Y alue is set to If this v le ailab v tsInternetA or

P REG_SZ Y Always set this to Y.

ts or

P REG_MULLTI_SZTI_SZ

5141 3000–3020

Example: . ange per line r

t Specify one por

. alue meaning of this named v

mine the w deter options belo The . anges t r One or more por

T

Type V

t. unicates using this por comm

are installed on the system which y other softw are of an w Installers need to be a • k. or er the netw v unicating o ace from comm

ents the OEM Interf v

which pre

are on the system, a conflict can occur y other softw t is also used b If this por t 8658. por TCP ace using unicates with the OEM Interf

, comm w Astro .g. , e are OEM client softw

•

Issue

t 8658. TCP por unicates using are which comm

ty softw y third-par an , and w Astro .g. , e are , OEM client softw ace

een the OEM Interf There is a potential conflict betw

t 8658

or

TCP P

5.2 OEM Interface

. e v ange(s) specified abo r ts or P er in the v our ser on y y) , if necessar ts

ts (and UDP por TCP por

affic from all clients to the mit incoming tr

er P

•

.) t that Microsoft Outlook uses (135 is the Microsoft Exchange por

. er v our ser on y y) t 135, if necessar t 135 (and UDP por

TCP por affic from all clients to mit incoming tr er P • . er v our ser net to y affic from the Inter y all incoming tr

Den

•

ws: ollo net should be configured as f er and the Inter

v our ser een y all betw w The fire wall our Fire Y Your Fire 5.1.1.3 Configuring ts or UseInternetP REG_SZ Y or N . applications or DCOM be used f

(18)

19

Workaround

• It is possible to configure the OEM Interface to listen on a different TCP port; however it may not be possible to configure the OEM client software, e.g. Astrow, to use the new port. Therefore, if a port conflict were to occur, it would be necessary to reconfigure the third-party software to use a port other than 8658.

• Check the third-party software provider’s documentation and website for instructions on how to change the TCP ports that the third-party software uses.

5.3 Bandwidth Data

The bandwidth data below was measured using 50 PAC 500s running at 20 events per second. Event throughput stops when a download begins.

The bandwidth usage of a PAC 512 IP is considerably less than that of a PAC 500. The Serial-to-Ethernet port of a PAC 512 IP is constricted to 57.6 kb/s.

5.3.1 Download Data

Stanley PAC Server to PAC 500 Access and Alarm Server

The download begins with an initial burst of approximately 1,100 kb/s, which is followed by bandwidth usage within the range 300–780 kb/s.

PAC 500 Access and Alarm Server to Stanley PAC Server

The download begins with an initial burst of approximately 980 kb/s, which is followed by bandwidth usage within the range 20–380 kb/s.

5.3.2 Event Throughput

Stanley PAC Server to PAC 500 Access and Alarm Server

Max bandwidth:480 kb/s (approx)

PAC 500 Access and Alarm Server to Stanley PAC Server

Max bandwidth:680 kb/s (approx)

5.3.3 Minimum Client Bandwidth

A Stanley PAC client requires a minimum of 512 kb/s (full duplex) connection to its associated server.

P

(19)

5.4 Backup File Sizes

This section describes the size of files created using the backup utilities which accompany Stanley PAC.

Database Backup File Sizes

The following table lists the size of the Stanley PAC backup files with the following database settings:

• 100 Areas

• 20 Access Groups

• 20 Time Profiles

Approx DB File Size (KB) Number of Keyholders 16,000 25,000 29,000 50,000 42,000 75,000

Events Backup File Sizes

The following table shows the approximate size of the Stanley PAC events backup file for varying numbers of events.

Approx DB File Size (KB) Number of Events 40,600 250,000 81,200 500,000 162,400 1,000,000

Archive File Sizes

The following table shows the approximate size of the Stanley PAC archive file for varying numbers of events. Event archiving is a feature of Stanley PAC v2.2 and higher.

Approx DB File Size (KB) Number of Events 24,900 250,000 50,000 500,000 99,700 1,000,000

(20)

21

6. Tips

6.1 Screen Resolution

A screen resolution of at least 1024 × 768 pixels is recommended when using Stanley PAC. If you are using the Stanley PAC Alarm Viewer we recommend a screen resolution of 1280 × 1024.

6.2 Multiple Monitors

If you are using Stanley PAC on one PC for multiple functions we recommend the use of two monitors, e.g. using the Event Viewer in its undocked form on one monitor, whilst using the Alarm Viewer in the other monitor.

6.3 Database Backups

We recommend making backups of the database on a regular basis using the backup tools provided with Stanley PAC.

6.4 Reports

When running reports, we recommend using queries whenever possible to limit the size of returned data.

If you are using Stanley PAC Clients and Servers, we recommend that you do not run reports on the Server.

6.5 PC Name Changes

Changing the PC name will cause the installation of Stanley PAC on that PC to stop working. This section describes a workaround for this problem.

Workaround

1. Ensure that all Stanley PAC clients are shut down.

2. Change the PC name back to its original value — in Control Panel, open the System item and use the Computer Name tab.

3. Backup the Stanley PAC database.

4. In Control Panel, use Add or Remove Programs to remove the following programs:

• The Stanley PAC installation.

• The SQL Server 2008 R2 Express installation, called Microsoft SQL Server 2008.

5. Change the PC name to its new value — in Control Panel, open the System item and use the Computer Name tab.

6. Reinstall Stanley PAC and SQL Server 2008 R2 Express, but do not select the Preserve existing database option during installation.

7. After reinstalling Stanley PAC, choose the Start › Programs › Stanley PAC Tools › Restore Database command to restore the last database backup.

8. Download the database to the connected door controllers. This may cause disruption to door access. Make sure all users are aware before performing a download.

9. Ensure that the Server name property of any clients that connect to the server is changed to the new name. This property can be found on the logon screen of the Client.

P

(21)

22 http://suppor at Micros er to mation ref or or more inf F Notes t.microsoft.com/defa

ent log, the computer name v

In the e

item in the left ha

System k the Clic 2. , wer Vie Event y the This will displa

command a Run › t Star Choose the 1. io y the PC pr mine the name used b

o deter T To deter

vious PC Nam

6.5.1 Finding the Pre

kstations are shu or

Ensure that all w

, which is located ticle 281642 wledge Base Ar soft Kno ault.aspx?scid=kb;en-us;281642 . Computer ed in the column y e is displa . vent log system e y the nd pane to displa . w pictured belo . eventvwr and type

or to the name change:

me

uing. ore contin wn bef utdo . ents equal to or , Microsoft er or to the . um system requiremen

better than the minim

The system resources . are VMw Hyper-V or tualisation en un on a vir C can be r A y P PA Stanle

tualisation

Vir

6.6

. name change vious computer na o locate the pre

T

To locate the pre 3. oduction Intr

C COM+ Applic

A

y P

PA

6.7 Stanle

System Requireme Section 2.1: nts — see ust be equal to or tual machine m

allocated to the vir

e v tual Ser Vir vironment such as Microsoft n

i ent log to a date pr v wn the e , scroll do me

cations on a Domain PC

it is possib in a Microsoft domain, unning ou are r If y . vices vide application ser er PCs use Microsoft COM+ to pro

v C Ser A y P PA Stanle

le for the domain polices to stop the application running

. roup PCs kg

or lem should not occur on w This prob

d or w wn user name or pass Login failure unkno

DCOM ce: 10004 Sour EVENT ID: ent log: v ws e Windo wing error messages will be seen in the ollo

The f to log into the application.

le ou will not be ab un and y ail to r Engine) will f .g. vices (e C Ser A y P PA , the Stanle On domain PCs .

(22)

23

Cause

This problem occurs because the Log on as a batch job privilege has not been set for the identity of the COM+ package. When you set a user as the COM+ identity, COM+ adds this privilege for you.

However, if the user is a domain account and does not have the Log on as a batch job privilege set in a Group Policy Object (GPO), when the Active Directory performs an update, the identity of the COM+ package is reset and the permission is removed.

If you retype the password, COM+ will add the Log on as a batch job privilege again for the local computer.

Resolution

To resolve this problem, give the domain account the Log on as a batch job privilege in the Group Policy Object in the Domain Controller.

Procedure

1. Ensure that Administration Tools is installed on the local computer from the i386 folder on the Server disc.

2. Choose Start › Programs › Administrative Tools › Active Directory Users and Computers.

3. In the Console tree, right-click on the domain for which you want to set Group Policy.

P

(23)

24 4. Choose Properties and select the Group Policy tab.

5. Select Edit to navigate to the Group Policy Object you want to edit.

6. Choose Computer Configuration › Window Settings › Local Policies › User Rights Assignment.

(24)

25 7. Double click on Log on as batch job in the right pane.

8. Select the Add User to Group button and specify the Administrator group.

P

(25)

26

6.8 Using Stanley PAC on Windows Server 2003

By default, a Windows 2003 server disables COM+, thus stopping a client PC from connecting to the server and generating the following error message:

The component or application containing the component has been disabled

To solve the problem, the network COM+ access and network DTC access must be enabled.

Procedure

1. Choose Start › Control Panel, or Start › Settings › Control Panel, depending on the version of your operating system.

(26)

27 2. Select Add or Remove Programs.

3. Select Add/Remove Windows Components.

4. Select Application Server and choose the Details button.

5. Select the Enable network COM+ access and the Enable network DTC access

checkboxes and choose the OK button.

6. Choose the Next button to complete the wizard. 7. Choose Finish to close the wizard.

(27)

28

6.9 Using Stanley PAC on Windows Server 2008

By default, Windows Server 2008 will not let Stanley PAC clients connect. This is due to two reasons: first, by default Windows Server 2008 is not set up with the role of an Applications Server; second, by default the Windows Server 2008 firewall blocks the ports required by Stanley PAC clients to communicate.

The procedure below explains how to set up Windows Server 2008 as an application server. To find which ports to unblock on the firewall, see Section 4.1.4:TCP/IP Port Requirements. If you are using the OEM Interface, see also Section 5.2:OEM Interface TCP Port 8658.

Procedure

1. On the Windows 2008 Server, choose Start › Administrative Tools › Server Manager

to start the Server Manager.

The Server Manager starts.

(28)

29 c

and then left

Roles k on clic -Right 2.

x in the Add Role The first dialog bo

. d Roles Ad k on clic ou Y You Begin ore Bef

s wizard ( u Begin) appears.

) appea

ver Roles Select Ser

x in the Add Roles wizard ( The second dialog bo

. xt Ne k Clic 3. . ars

(29)

30 4. Left-click in the box next to Applications Server so that it contains a tick.

5. Click Next.

An Add Roles Wizard dialog box appears, informing you that in order to install the Applications server role there are features that require installing.

(30)

31 6. Click the Add Required Features button.

The third dialog box in the Add Roles wizard (Application Server) appears.

7. Read the information, then click Next.

The fourth dialog box in the Add Roles wizard (Select Role Services) appears.

(31)

32 8. Make sure that Application Server Foundation and COM+ Network Access are ticked,

then click Next.

(32)

33 9. Review the selections you have made, and then click Install.

The installation will now proceed.

When the installation is complete, the last dialog box in the Add Roles wizard (Installation Results) appears. For each feature you should see the message Installation succeeded

displayed as below.

10. Click Close and then exit the Server Manager.

P

(33)

34

6.10 Image Capture Utility in Windows Server 2008 R2

Using Stanley PAC under Windows Server 2008 R2, the Image Capture utility may fail to start. The error message An error occurred in image capture is shown.

To resolve this issue, go to the Server Manager and enable Desktop Experience in the Features section. When this feature is installed, restart the PC.

6.11 Accessing Stanley PAC via Remote Desktop

You may experience problems when using several Remote Desktop sessions to access Stanley PAC on a Windows Server 2003 / Windows Server 2008 server. For example, the user of one Remote Desktop session may only be able to see the log-in screen for another session. Therefore we recommend that, at any one time, you should have no more than one Remote Desktop session open to access Stanley PAC on a Windows Server 2003 / 2008 server.

6.12 Windows Updates and Hotfixes

We recommend that you keep any PCs that run Stanley PAC up to date with all updates available from the Windows Update website (http://v4.windowsupdate.microsoft.com), to maintain the security of your system.

Refer to PAC for update recommendations before applying any updates.

6.13 Sending E-mail from Stanley PAC

Stanley PAC connects to the SMTP server using port 25. Depending on the configuration of your network, port 25 may be blocked by anti-virus software, a corporate firewall, or your ISP. If Stanley PAC is not sending e-mail messages, reconfigure your anti-virus software or firewall to unblock port 25 or ask your ISP to resolve the issue. See also Section 5.1:Network Security and Section 5.2:OEM Interface TCP Port 8658.

If Stanley PAC is not able to resolve the name of the SMTP server to an IP address, it will not be able to send any e-mail. If Stanley PAC is not sending e-mail messages, try configuring Stanley PAC with the IP address of the SMTP server, rather than the SMTP server name.

6.14 USB Admin Kit with Windows Vista Business

Issue

This section describes an issue that can occur under Microsoft Windows Vista Business when you create a direct channel, assign a COM port to that channel and attach a USB Admin Kit to the port. If you disconnect the USB Admin Kit and restart Stanley PAC, an alarm is displayed warning you that the COM port has not been found. The direct channel is still fully configured, but the COM port has been removed.

(34)

STANLEY MANUFACTURED ACCESS CONTROL RELEASE 4.2

IT