Avigilon Agent User Guide

Introduction

About this Document

The HID Visitor Manager Avigilon Agent documentation aims to provide information and instructions for configuring the HID Visitor Manager Avigilon Agent for integration with the on prem Avigilon Security Center Systems. The document also specify tools and techniques that are generally used to troubleshoot any problems that may arise while integrating. It uses a combination of high -level feature descriptions, representative screen images and specific sequences to perform configuration and integration of HID Visitor Manager with Security Cen ter.

Summary of Agent Functionality

The agent, once configured, communicates with Avigilon Security Center to achieve:

  • Master Data Import (e.g.roles assigned to clearances)

  • Propagation of Person, card and clearance details to Security Center (applies to HID Visitor Manager)

  • Propagation of Visitor, card and clearance details to Security Center (applies to HID Visitor Manager Credential Manager)

Note that Readbacks (Automatic Change Detection and Synchronization from the PACS) are currently not supported on HID Visitor Manager platform.

Intended Audience

It is expected that this guide will be used by administrative and technical staff during the integration of HID Visitor Manager with the Avigilon Security Center system. In order to get the most from this guide, the readers should have an understanding and familiarity of:

  • The local computer environment at the site where Security Center are installed.

  • HID Visitor Manager system, agents and Avigilon Security Center systems and its components.

Pre-Requisites

  • IMPORTANT: The agent works by communicating with the Avigilon Access Control Manager Application Software Version: 5.8.2. Make sure this is installed in the system.

  • HID Visitor Manager account must be enabled with Avigilon PACS subscription.

  • Avigilon administrator has to closely work with the HID Visitor Manager deployment team to create an operator account in Avigilon with appropriate permissions.

  • The HID Visitor Manager Avigilon Agent will need to be able to access the Avigilon system across TCP port 8080 (by default). Ensure that any relevant firewall rules are modified to allow this traffic.

  • A valid license /Key Combination for the PACS to support an Avigilon integration from our integrated agent.

Version of Avigilon System

Avigilon Access Control Manager Application Software Version: 5.8.2.

Downloading the Agent Installer

  1. Log in to HID Visitor Manager portal using Visitor Administrator credentials

  2. Navigate to Settings app > Downloads

  3. Click the HID Visitor Manager Agent Installer link and save the file (OnPremAgentSetup.Zip)

  4. Install the HID Visitor Manager Agent installer by following the instructions in the next section

On-prem Installer Guide

The On-Prem agents will need to be installed and configured in a somewhat similar way as every other agent but will happen outside of the scope of the standard SAFE Application Server. Standard SAFE installation will not be required for such IOT Enabled On-Prem agents, and instead, the following installer will perform the requisite duties of initially installing the agent On-Premise. 

From a high level, the workflow of the installer will need to perform the following actions, and will do-so in the following order spelled out by the installation steps below.

System Requirements

Operating System: Windows 10, Windows Server 2016 Standard, or Windows Server 2019 Standard. 
NOTE: The OS must be synchronized with a valid NTP server.

RAM: 4 GB
Processor: Intel Core i3 @ 1.00 GHz
Hard Drive Space: 5 GB

Software: Microsoft .Net Framework 4.8 (https://dotnet.microsoft.com/download/dotnet-framework/net48)

Launch the Installer Application

The downloaded file (OnPremAgentSetup.zip) will need to be copied to the On-Prem server where the agent is intended to be run. From there, once extracted, the Installer Application (OnPremAgentSetup.exe) will need to be launched. The user will be presented with the following screen:

Run the Agent Installer file

PACS Specific Details will be Captured

Enter the HID Visitor Manager URL, Username and Password which is provided to log in to the tenant. Click Next  to continue.

Provide URL and credential details

Validate Operator Credential

When the operator enters the wrong credentials,the operator will be notified immediately and need to enter the correct credentials before trying again.

Invaild Credential Details

Select a System to Install

On this page, choose a PACS system to install from the dropdown menu as required. 

Select the Agent System from the dropdown as required

Specify Installation Path for the Agent

An installation path will be selected to install agent files. This allows the user to specify which directory they would like to install the agent. The default path is set to the standard agent installation location, alternatively, the user can click on the Browse button to select the directory to install, and agent files will be installed on that directory. 

Based on this path, the Windows Service entry for the agent will point to this location, if a custom directory was chosen. Click on the Nextbutton to begin the Agent Installation.

Select the Agent Installer path

Installation Process is Started

The next screen will show the progress bar, as well as the details of the steps being performed along the way. 

Installation Process is started

The steps that will be performed during this installation are as follows:

  • Prerequisite Checks will be Performed
    Based on the agent selected on the previous screen, a customized set of prerequisites will be performed for things such as .NET framework version installation, or other items specific to a given integration.

  • Generate Certificates for IOT Device Registration
    PK/CSR based on the system where this is running, and the agent being installed, will be generated.

  • Call Agent Registration Service
    The PK/CSR generated in the previous step will be used as input to this service, in order to generate and/or match up with the appropriate IOT device that will be used to broker communications between SAFE in the cloud, and the On-Prem service.

  • Extract Device Certificates and Store them into the Windows Certificate Manager
    The certificates relating to the IOT device for this agent will be parsed out of the response to the registration service and installed into the Windows Certificate Store. The AWS Root certificate will be installed in the Local Systems 'Trusted Root', and the actual device certificate will be installed into the Local Systems 'Personal' certificate store. 

  • Create Agent Folder
    The files required for the soon-to-be created service will be installed into the appropriate location on the local file system, based on the system to integrate, chosen on the previous screen of the installer. 

  • Create the Agent Service
    This is where we will create theWindows service (integrated agent) that will act as the communication point to the connected system. Such agents run as Windows services on the operating system and are responsible for processing requests sent from SAFE in order to translate them and provision the specified actions/data into the connected system.

  • Update the Registry
    Some Windows logging features/paths are stored in and loaded from the Windows Registry. These registry keys will be set up at this time, and are primarily used for logging purposes.

Installation Complete

When all of the above steps are completed, the user will be presented with the following screen indicating that the installation has completed successfully.

Note:

In the case of an error, the installer will proceed to the final screen, and details of the error will be presented in order tooutline what occurred. 

Installation has completeed successfully

Configuring Agent  

  1. Log in to HID Visitor Manager.

  2. Click App Launcher and select Settings app.

    Configure Genetec

  3. Click on the Configuration Manager link, the list of integrated systems appears.

    Configuration Manager

  4. Select the Avigilon agent system and click the Advanced sub-tab.

  5. Configure the Required settings under OpenAccess Configuration.

  6. Once the configuration is complete please start/restart the HID Visitor Manager Avigilon Agent window service. Follow the below steps to navigate to services.

    1. Press Windows  +  R  keys.

    2. In the run dialogue box enter services.msc and click OK.

      Restart genetec service

Agent Verification 

This section explains how the access areas are synced from Avigilon to HID Visitor Manager and how they get assigned to a Visitor.

Master Data Import for Access Area

Follow the below steps to verify master data (Access Areas) sync from Avigilon to HID Visitor Manager:

  1. Once the Agent is started, navigate to Admin app > Audit tab.

  2. Search for Source as Avigilon, it displays an entry for MasterDataFullLoad from Avigilon to HID Visitor Manager with the Response as Success.
    Agent Verification

  3. Click on any audit record to open the audit details.

  4. Click on the Request sub-tab, it displays the CLEARANCE(Access Area) read as part of the master data load. Copy one of the Area Names

    Master Data Import for Access Area

  5. Navigate to Admin app > Access Areas tab.

  6. Search for the Access Area copied from Audit, then it is displayed under Access Areas.

    Master Data Import for Access Area

Visitor Provisioning

This section explains how the visitor gets checked in and has access areas provisioned from HID Visitor Manager to Avigilon.

Use the following steps to set up a HID Visitor Manager system with access areas imported from Avigilon. 

  1. Add a location.

  2. Open Location record, in the Location Details sub-tab, select the Avigilon that manages the location from the Managed By field.

    Select the Genetec that manages the location from the Managed By field

     

  3. Navigate to Location record > Preferences sub-tab. Make sure the Allow hosts to request for access for their visits planned for this location setting enabled.

    Allow hosts to request for access areas for their visit

     

  4. Click the Access Areas sub-tab. Search access areas by searching the system name as 'Avigilon' and assign access areas for the location.

    Search access areas by searching the system name as 'Genetec'

  5. Click on the Visitor Default Access sub-tab and assign default access areas of the location. The Access Area added defined here can be assigned to a Visitor. Set access areas as Auto Request - the access area will be automatically requested for the visit. 

    Assign default access areas of the location

  6. Create a Visit by going to the Host a Visit quick link from Self Service app. Make sure Issue Access Card to Visitor is selected as Yes. Note that default Visitor Access Areas are visible at the bottom of the page.

    Pre-register a visit

  7. Check-in the visitor from Visitors app > Check-in tab. While checking-in the visitor, make sure to enter the Card Number.

    Check In the Visitor

  8. Navigate to Visitors app > Audit tab.

    1. You should see the Audit entry for the checked-in visitor from HID Visitor Manager to Avigilon with the Response as Success. If the response is Pending, wait for few seconds and verify the status by refreshing the page.

      Status of Audit

Troubleshooting

This section provides steps to understand and resolve potential installation complications:

On-prem agent Logs: Use log located at C:\ProgramData\HID Global\SAFE\Common\Logs on agent installation machine to troubleshoot issues with Avigilon agent. All Avigilon agent-related log entries are stored in 'AvigilonAgentLog.txt'.

Error 1 :General Installation Failure - GPO / Application Activation Error

On-Prem agent installation can fail due to some Windows permissions issues related to GPO (Group Policy) settings. The installation fails even when running as an administrator and an error can be seen only within Windows Event Viewer as shown below:

Error while installing On-Prem Agent

This error is caused by a Windows Server group policy configuration, prominently on Windows Server 2016 (but possibly on other versions of Windows as well). Follow the below step to resolve the issue:

  1. Press Windows  +  keys.

  2. In the run modal, enter gpedit.msc and click OK.

  3. Navigate to Windows Settings > Security Settings > Local Policy > Security Options.

  4. Locate User Account Control: Admin Approval Mode for the Built-in Administrator Account, and open the same.

  5. Under the Local Security Setting tab select  Enable.

  6. Click on Apply and OK to save.

Error 2: Audit Log

HID Visitor Manager application audit logs can be used to troubleshoot any issues as it logs all transactions that happen between HID Visitor Manager and Avigilon. Refer the below screenshots to understand how audit logs can be used to troubleshoot issues. Navigate to Visitors app > Audit tab. On this you can search and filter for specific audit logs you need to analyze. You can search for messages from HID Visitor Manager to Avigilon as well as from Avigilon to HID Visitor Manager .

The below image shows the list of failed messages from HID Visitor Manager to Avigilon.

The system lists all the messages which have a status of Failure. You can drill down to the details by clicking on the Audit ID as shown below:

If the Avigilon agent successfully processed the XML message, then the result is returned and the response status is recorded as Success.

Error 3: Errors due to incorrect mappings

Check the agent mappings in the web configurator Data Objects tab to make sure the case is correct for all the field names (e.g. a field name set to 'STATUS' may behave differently than if it were set as mixed case 'Status').