higher education lenel users group - stanford...

© 2011 Cisco and/or its affiliates. All rights reserved. 1 © 2011 Cisco and/or its affiliates. All rights reserved. 1

Higher Education Lenel Users Group

How Cisco uses Lenel

Deon Chatterton

March 14, 2012

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 2

• Introduction to SSBR

• How we use Lenel

• Extending Lenel Functionality

© 2011 Cisco and/or its affiliates. All rights reserved. 3

Security Facilities

Operation Centers

David Walters

Director, SSBR

Deon Chatterton

Sr. Manager, STS

Pete Williams John Chang

Wayne Homell James Duffy

Systems Technology

Managers

James

Hessenius

Jeremy

Hutchinson

David

Fose Mike

Yudichak

Jose

Santiago

Carlos

Pinel Paul

Mauvais

Derek DeLisio

Security Technologies

Lawrence

Ingraham

Roger Biscay

Treasurer


• Lenel OnGuard Enterprise Multi-Server Architecture

Server Environments

Master - San Jose, CA

AMER Western Region – San Jose, CA

AMER Eastern Region – Raleigh, NC

EMEA Region – London, UK

APAC Region – Bangalore, India

• Lenel OnGuard Access Control and IP Video

Global Client Connections

50 Thick Clients used for Badging and Alarm Monitoring

3000 Thin Clients used for ID Credential Center, System Administration, and Area Access Manager

Global Transaction Volume

~1,000,000 User Transactions (Month)

~12,000,000 Events (Month)

~500,000 Enterprise Replication Transactions (Month)


Americas

2111 System Users

377 Access Panels

5960 Readers

218 Video Servers

3694 Cameras

EMEAR

710 System Users

137 Access Panels

1737 Readers

66 Video Servers

1276 Cameras

APJ and India

576 System Users

124 Access Panels

1553 Readers

80 Video Servers

1106 Cameras

Global Footprint

91 Countries

316 Sites

639 Buildings

425 Buildings w/ Lenel

126,262 Cardholders (A)

100,973 Badges (A)

3397 System Users

4975 Access Levels

638 Access Panels

9261 Readers

365 Video Servers

6123 Cameras

SJC to RCDN

RTP to RCDN

AMS to RTP

BGL to SJC


• AMER West (Cylinder1)

Located in San Jose, CA 15 Team Members (Rotating 24x7 Shifts)

• AMER East (Cylinder2)

Located in Raleigh, NC 10 Team Members (Rotating 24x7 Shifts)

• EMEA (Cylinder3)

Located in Bedfont Lakes UK 10 Team Members (Rotating 24x7 Shifts)

• APAC (Cylinder4)

Located in Shanghai 12 Team Members (Rotating 24x7 Shifts)

• INDIA (Cylinder4)

Located in Bangalore India 13 Team Members (Rotating 24x7 Shifts)


HRMS

First and Lastname

Cisco ID

User ID

EMP / CONT

AMER West

AMER East EMEA

APJ

CYLINDER1

CYLINDER2 CYLINDER3

CYLINDER4

SECLOCK

Downstream Systems


• System Administration

Purpose: Used for programming of system settings, as well as all device configuration and programming

Primary Users: Integrators, SFOC, and SSBR

Published: Direct Client (ODBC), Citrix MetaFrame

• Alarm Monitoring

Purpose: Used for monitoring security alarms, alarm video, and for device command/control

Primary Users: SFOC, Integrators


• ID CredentialCenter

Purpose: Used for management of cardholder related data, printing of Cisco ID badges, and Temporary Badge Issuance

Primary Users: SSBR Badging Offices, Lobby Ambassadors


• Area Access Manager

Purpose: Allows designated area owners to grant/remove access for cardholders to their individual areas

Primary Users: Lab Managers, Datacenters, Specialized Areas

Published: Citrix MetaFrame, Web-based client on IIS

• VideoViewer

Purpose: Used to view Live and Recorded video clips for any camera connected to system

Primary Users: Investigators

Published: Direct Client (ODBC), Web-based client on IIS


David Walters


• Lenel Embedded Software Engineers

2 Full Time developers dedicated to Cisco

Utilized for various development needs within Cisco

Feature Enhancements to Lenel OnGuard Core

Integration of internal Cisco applications with Lenel OnGuard and Security Apps

Development of “Add-On” applications for functionality extension of Lenel OnGuard

• Goals and Strategy

Create add-on applications that enhance the off-the-shelf functionality that is provided with Lenel OnGuard

Applications will bridge functionality gaps or solve an internal issue being faced by Security users at Cisco


Step 1 Step 2 Step 3 Step 4 Step 5

Specification and

Requirements

Design and

Development Support and

Evolution

User Acceptance

Testing Production

Deployment

Cisco PM and

Consultant

Cisco PM,

Consultant, and

Lenel Embedded

Developers

Cisco PM,

Consultant, and

Lenel Embedded

Developers

Cisco PM and

Consultant Cisco PM and

Consultant

• Development Lifecycle occurs internally Cisco Program Manager responsible for overall project delivery

Consultant responsible for design, specification, UAT, and Milestones

Lenel Embedded Engineers responsible for all Software Development


• Industry Standard Development Techniques and Platforms

Web-applications developed using Microsoft ASP.net

Front-end UIs developed using HTML5, Java Script, and Jquery

Content hosted on Microsoft Internet Information Services (IIS) Web-servers

• Cisco Internal InfoSec Security Standards

Development follows all internal Cisco IT standards for application development and security

Applications are put through full Cisco IT penetration testing and security reviews

Source control and bug tracking software packages used for version management

Content secured behind HTTPS using SSL


• Applications in Production

Web Area Access Manager (Datacenter)

Cardholder Data manager (CDM)

Panel Spatial Linkage Tool

NVR Retention Manager

Cisco Security Portal

Xerox Secure Print

Event Registration Portal

Security Device IP Manager

ERT Roster and Membership Management

• Upstream Data Integration to Lenel (Import)

HRMS

Education Management System (EMS)

Cisco Online Testing (COLT)

WPR Building and Spatial Information (CCRE)

GGSG Cardholder Flag

• Downstream Data Integration to Lenel (Export) Cisco Directory

Café Debit System

Site Information Management (SIM)

Cisco Child Care Center

Cisco InfoSec (CSPO)

Cisco SAS Case Management System (DIAD)

Cisco WPR Building Utilization Tool

OnGuard Report Server

Cisco Emergency Response Team

Cisco Event Management Team

Cisco Fitness Center

SecureJet Printing Interface

GGSG Card Management System

Cisco Lab Tools

Restricted Area Access Request Tool

Datacenter Authorized Entry Lists

Vehicle Management System (India)

Perimeter Detection System (India)

Cisco Connected Real Estate

Cisco Physical Access Manager


The Cisco Web AAM application was designed and built to bridge several functionality gaps that existed with the Lenel native AAM client. Datacenter users required ability to pre-enroll access for cardholder, as well as allow other systems like their Change Management system the ability to automatically grant transactional access once a change has been approved in another system. The formal ROI of this tool is currently being completed now, but the initial results show greater than 50% time savings for each access grant transaction.

Some features in this new tool include:

Enhanced AAM functionality

More granular scheduling capabilities for Access

Introduction of Access “Transaction” concept

Pre-register Access for multiple cardholders

Detailed auditing for SOC and ISO compliance

Integration engine which allows internal Cisco applications to publish Access Transactions

Simplified assignment workflow

Supported on all industry standard browsers (Internet Explorer, FireFox, Safari, Chrome)

https://cylinder1.cisco.com/SSBR/cisco/aam/OnGuardLogon/




Simplified 3-step assignment wizard for

Managed Access Levels

(1) Select Cardholders

(2) Select Access Levels

(3) Enter Validation Data


Highlights

• Enhanced feature set allows for decreased workload

• Support for pre-enrollment of access transactions

• Built-in transactional reporting which provided complete audit trail

• Simplified UI decrease the number of overall steps to perform daily AAM actions

• WebServices interface allows downstream systems to subscribe to data and post access transactions

• Provides foundation for new workflow automation of access requests

Future

• Expand deployment to all global AAM users (~2000 total)


The Cisco Event Registration Portal was designed and built to provide the Event Management Team with a simplified tool to track admittance for registered events within Cisco such as Global Sales Meetings, and Shareholders Meetings. The team was previously using a manual validation process and spreadsheet to track participants, which was not an efficient use of time and resources. The new Event Registration Portal utilizes USB and Bluetooth card readers for reading Cisco security badges and tracking personnel as they arrive at an event. The system stores a linkage to the cardholder badge and the event they are attending, and a full attendance report can be generated anytime from within the tool. This application has completely changed the way the Event Management Team handles these events and gives them a real-time snapshot of their data.


Support simultaneous events

Multiple Sites and Locations supported for each event

Cardholder Details and Photo display on each valid Badge read

Integrated to Lenel Access Levels for Whitelist or Blacklist capabilities

Data is stored in the Lenel database and correlates to Cardholder and Badge data

Real-Time reporting and auditing built-in to the tool


https://seclock.cisco.com/ssbr/eventregistration

https://seclock.cisco.com/ssbr/eventregistration/eventeditor



https://seclock.cisco.com/ssbr/eventregistration/eventeditor


Highlights

• Event Management solution using standard Security Badges for enrollment

• Full Integration with Lenel OnGuard Identity, Credential, and Access Level information

• Data stored in Lenel OnGuard database for reporting and reference

• Support for several different Card Readers allows use of multiple tablet platforms

Future

• Migration of code-base to native Android OS for use on Cisco Cius

• Adapt application to have built-in Mustering support


The Cisco Cardholder Data Manager was designed and built to provide Client Services personnel with a simplified tool and workflow to manage Cardholder and Badge data from Lenel without needing access to all functionality in OnGuard. The CDM tool also interfaces with Cisco HR and other sub-systems to validate that the data is synchronizing correctly with Lenel. Users have the ability immediately force a synchronization of certain objects without requiring further case creation and investigation. Over the first year of deployment this tool reduced the case volume for data inconsistencies between Lenel and HR by 75%. Users have the ability to resolve the problem immediately which also decreases the amount of time that a client is impacted by the issue.


Cardholder, Badge, Photo, and Access Level view

Validation and comparison of cardholder data between HR and Lenel

Validation and comparison of cardholder data between Lenel and downstream systems

Forced synchronization of individual records

Integrated with Lenel HR Import Scheduled Interface

Advanced Search Engine for records

Real-Time reporting and auditing built-in to the tool


https://seclock.cisco.com/ssbr/cdm




Highlights

• Single application to manage cardholder and identity data between various systems

• Empowers Safety and Security users to quickly resolve data issues without intervention from other support teams and HRMS

• Simplified user interface allows Safety and Security to synchronize data real-time without waiting for scheduled data transfer

• Application allows non-Lenel users to view Cardholder and Identity data

Future

• Implementation of support for forced Emergency Terminations to all Lenel Regional Servers real-time without Replication delays

• Added functionality to display Access Levels for Cardholders


• Global Master Authorizer List (MAL) Overall Management of Reader and Access Level Ownership

Linkage of Lenel Security devices to physical WPR Spaces for enhanced automation and audits

Single application for total Cisco population to review and request specific restricted (AAM) access levels

Interacts with new Cisco Web AAM Application to simplify approval and assignment workflow

• Lobby Receptionist Management Tool Cardholder Data searching and review

Simplified and secured workflow for issuance of Temporary Badges

Enhanced notification mechanism for Badge Issuance and Return

• SSBR Security WebServices API Common set of APIs that allow downstream applications to subscribe to Security Data

Used for internally developed applications to streamline development and interaction with Lenel

Allows downstream systems to perform approved functions in the Security System from within their applications


• Continued delivery of “Security Platform” Initiative Security becomes single-source of truth for various data and systems

Expanded portfolio of managed devices and systems through SFOC

• Utilize Cisco badge to enhance existing process and improve productivity Efforts such as Café Debit System and Xerox Secure Printing Integration

• Security Platform goes Mobile Migration of existing applications to mobile platforms and OS

Creation of new security applications that take advantage of mobile enabled features

• Remain Focused with internal Cisco-on-Cisco Initiatives Integration of Security Devices and Systems with Cisco Product Portfolio

• Security API Layer API integration layer that allows other internal systems to interact with SSBR Security Systems such as Lenel OnGuard

Cisco specific business logic can be applied to standard Lenel OnGuard functions while being performed by other systems


Thank you.

higher education lenel users group - stanford...

Documents