Cisco Physical Access Manager Appliance User Guide, Release 1.1.0
System Configuration Settings
Downloads: This chapterpdf (PDF - 1.89MB) The complete bookPDF (PDF - 36.19MB) | Feedback

System Configuration Settings

Table Of Contents

System Configuration Settings

Contents

LDAP Settings

Password Policy Settings

Event/Alarms Settings

Data Entry/Validation - Personnel Settings

Data Entry/Validation - Badge Settings

Custom Personnel Fields Settings

Custom Device Fields Settings

Custom Badge Fields

Personnel ID Number Generator

PIN Generator

Card Number Generator

Support Contact Information

Badge Design

Miscellaneous Settings

Cisco Settings


System Configuration Settings


This chapter describes the system-wide site settings available in the System Configuration module.


Note We recommend restricting access to the System Configuration module to administrators only See Defining User Profiles for Desktop Application Access, page 6-2 for more information.


To modify the system configuration settings, do the following:


Step 1 Select System Configuration from the Admin menu.

Step 2 Select a configuration topic from the tabs on the left (Figure 16-1).

Step 3 Enter the settings and configurations as described in the sub-sections listed below.

Step 4 Click Save to save changes made in a system configuration window.

Step 5 Restart the Cisco Physical Access Manager (exit and relaunch the application).


Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).



Contents

LDAP Settings

Password Policy Settings

Event/Alarms Settings

Data Entry/Validation - Personnel Settings

Data Entry/Validation - Badge Settings

Custom Personnel Fields Settings

Custom Device Fields Settings

Custom Badge Fields

Personnel ID Number Generator

PIN Generator

Card Number Generator

Support Contact Information

Badge Design

Miscellaneous Settings

Cisco Settings

LDAP Settings

The LDAP options (Figure 16-1) include login validation settings required to use the Lightweight Directory Access Protocol. See Table 16-1 for field descriptions.


Tip For more information, see Configuring LDAP User Authentication, page 6-11.


Figure 16-1 LDAP Settings

LDAP uses a principle to authenticate. The principle is formed from the username: prefix + username + suffix. The exact format of the principle varies based on the type of LDAP server, and the domain.

For Active Directory, the prefix should be the (uppercase) domain followed by \\ (example: MY-DOMAIN\\) and the suffix should be blank.

For OpenLDAP, the prefix should be: uid=
The suffix should be changed to reflect the actual domain.
So for my-domain.com, this would be:
,dc=my-domain,dc=com

Table 16-1 describes the LDAP settings:

Table 16-1 System Configuration LDAP Settings 

Field
Description

Enable LDAP

Click the checkbox to enable or disable LDAP support.

LDAP server URL

URL of LDAP server, must begin with ldap://

Example: ldap://192.168.1.1

Principle suffix

Appended to the username for authentication. See above.

Principle prefix

Prepended to the username for authentication. See above.

Search root

LDAP search root. The search root is the node in the LDAP tree, the subtree under which the user account should be found.

For Active Directory, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com: cn=Users,dc=my-domain,dc=com.

For OpenLDAP, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com:dc=my-domain,dc=com.

LDAP version

Advanced setting that generally should be left unchanged.

JNDI authentication type

Advanced setting that generally should be left unchanged as simple.

JNDI factory

Advanced setting that generally should be left unchanged as com.sun.jndi.ldap.LdapCtxFactory



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Password Policy Settings

The Password Policy options (Figure 16-2) determine password expiration and strength requirements.

Figure 16-2 Password Policy Settings

Table 16-2 describes the Password Policy settings.

Table 16-2 System Configuration Password Policy Fields 

Field
Description

Passwords expire after (days)

Passwords expire after this many days.

Minimum alphabetic characters

Minimum number of a to z characters or A to Z characters in the password.

Minimum password length

Minimum number of characters in the password.

Minimum uppercase characters

Minimum number of uppercase password characters.

Minimum lowercase characters

Minimum number of lowercase password characters.

Minimum numeric characters

Minimum number of numeric password characters.

Minimum special characters

Minimum number of special characters in the set specified below.

Set of "special" characters

Which characters qualify as special characters for the above.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Event/Alarms Settings

Use the Events/Alarms tab (Figure 16-3) to define how alarms are managed by the system, and how much video is recorded for events.

Figure 16-3 Events/Alarm Settings

Table 16-3 describes the Event and Alarms settings.

Table 16-3 System Configuration Alarm Fields 

Field
Description

Allow commenting of cleared alarms

Allow operators to comment on alarms that have already been cleared.

Consolidate duplicate alarms window (mins)

If duplicate alarms are being consolidated, this is the maximum time difference between the original and the duplicate. If an alarm that would otherwise be considered a duplicate occurs after this time, it becomes a new original alarm and subsequent duplicate alarms will bump up its duplicate count.

Consolidate duplicate alarms

Consolidate duplicate alarms identical other than time, into a single alarm, with an increasing alarm count. This is useful for preventing a flood of individual alarms; for example, if an armed alarm point is on an external gate which is flapping in the wind, repeatedly triggering the alarm. It is not recommended that this be unchecked without careful consideration of the possible performance impact of the increased number of individual alarms.

Duplicate alarm cache size

The size of the cache for duplicate alarms.

Length of video to display pre-event

The number of seconds of video that are included before the event occurred.

Length of video to display post-event

The number of seconds of video that are included after an event occurs.

Repeat alert sounds

Defines if alarms sounds are played only once, or repeated.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Data Entry/Validation - Personnel Settings

Figure 16-4 Personnel Data Entry Settings

Table 16-4 describes the Data Entry/Validation - Personnel settings.

Table 16-4 Data Entry/Validation - Personnel Settings 

Field
Description

Default personnel ID specifier

The type of personnel ID specifier the field will default to. The various ID specifiers will be available in the drop-down.

Allow duplicate personnel IDs

Allow personnel to be added with duplicate personnel IDs.

Warn about duplicate personnel IDs

Warn if personnel are added with duplicate personnel IDs.

Use signature capture

Enable the ability to capture personnel signatures with a signature capture device. Signature capture devices must be configured in the application preferences before they may be used. See Enabling Signature Capture Devices, page 10-37.

Use single-screen personnel wizard

Enables a single-screen personnel wizard used for personnel data entry. All personnel information is available on one screen.

Use custom fields on personnel wizard

Enable custom fields in the single-screen personnel wizard. This makes the screen larger, but is useful if important data is being stored in the custom fields. Refer to custom fields in the Custom Personnel Fields window.

Use CSV personnel import wizard

Enable the CSV import wizard in the personnel module. The CSV import wizard allows operators to add personnel to Cisco Physical Access Manager using a CSV file. See Importing Personnel Records Using a Comma Separated Value (CSV) File, page 10-13.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Data Entry/Validation - Badge Settings

Figure 16-5 Badge Data Entry Settings

Table 16-5 describes the Data Entry/Validation - Badge settings.

Table 16-5 Data Entry/Validation - Badge Settings 

Field
Description

Allow printing of unsaved badges

Allows printing new badges before the badge is saved. For highest security, leave this unchecked. When allowed (which may be more convenient), it is possible to print a badge without having any record of the badge.

Set 'today' as the default effective date

Uses the current date as a new badge effective date.

Use single-screen badge wizard

Enables a single-screen badge wizard for data entry. Most badge properties are on one screen.

Require PIN to be unique

Requires cardholder PINs to be unique. Useful in systems that use PIN-only access-control.

Allow null PIN

Allows badges to have null PINs. Useful in systems that do not use PIN for access-control.

Require numeric hot stamp

Requires hot stamp field to be numeric.

Disallow leading zeros in hot stamp

Prohibits users from adding hot stamps with leading zeros.

Use effective times for badges

Select this checkbox to enable the effective time constraint for badges, in addition to effective date, which is always enabled.

Use expiration times for badges

Select this checkbox to enable the expiration time constraint for badges, in addition to effective date, which is always enabled.

Use custom fields on badge wizard

Enables custom fields in the badge wizard. This makes the screen larger, but is useful if important data is being stored in the custom fields.

Max PIN Length

The maximum number of characters in a PIN.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Custom Personnel Fields Settings

The Custom Personnel Fields defines the custom fields available in the personnel detail window.

Figure 16-6 Custom Personnel Fields

Table 16-6 describes the Custom Personnel Fields settings.

Table 16-6 Custom Personnel Fields 

Field
Description

Custom Personnel Field

Selects which of the available custom fields is to be viewed or edited.

Enabled

Select the checkbox to enable the selected custom field.

Drop down

Select the checkbox to use a drop-down for entry the selected custom field.

Column header

Changes the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example: Driver's License Number.

Form label

Changes the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example: Driver's license number.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Custom Device Fields Settings

Configures which the custom fields which are available in the device detail window.

Figure 16-7 Custom Device Fields

Table 16-7 describes the Custom Device Fields settings.

Table 16-7 Custom Device Fields Settings 

Field
Description

Custom Device Fields

Selects which of the available custom fields is to be viewed or edited.

Enabled

Select the checkbox to enable the selected custom field.

Drop down

Select the checkbox to use a drop-down for entry the selected custom field.

Column header

Change the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example, Serial Number.

Form label

Change the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example, Serial number.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Custom Badge Fields

Configures which the custom fields which are available in the badge detail window.

Figure 16-8 Custom Badge Settings

Table 16-8 Custom Badge Fields 

Field
Description

Custom Badge Fields

Selects which of the available custom fields is to be viewed or edited.

Enabled

Select the checkbox to enable the selected custom field.

Drop down

Select the checkbox to use a drop-down for entry the selected custom field.

Column header

Changes the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example: Serial Number.

Form label

Changes the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example: Serial number.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Personnel ID Number Generator

The personnel ID number generator is used for generating random personnel ID numbers, and is useful when personnel IDs do not correspond to any pre-existing ID numbers, such as employee ID, Social Security Number.

Figure 16-9 Personnel ID Number Generator Settings

Table 16-9 Personnel ID Number Generator Settings 

Field
Description

Enabled

Enables the personnel ID number generator. New personnel entries will have randomly generated ID numbers entered in the field.

Length

The digit length of generated IDs.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


PIN Generator

Use the PIN generator to generate random PIN numbers for badges.

Figure 16-10 PIN Generator Settings

Table 16-10 PIN Generator Settings

Field
Description

Is Present

Enable the personnel ID number generator. Adding new personnel will have randomly generated ID numbers entered in the field.

Length

The amount of digits in the generated PIN.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Card Number Generator

With the card encoder enabled the card number generator will create a card number with the minimum and maximum digits specified below.

Figure 16-11 Card Number Generator Settings

Table 16-11 Card Number Generator Settings 

Field
Description

Is Present

Enables the card number generator. Adding new badges will have randomly generated card numbers entered in the Card # field.

Maximum

Maximum amount of card digits.

Minimum

Minimum amount of card digits.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Support Contact Information

This information is displayed in the About window available from the Help menu. It is intended to be customized with the dealer/installer/integrator's contact information, as this is often the first contact for support purposes.

Figure 16-12 Support Contact Information Settings

Table 16-12 Support Contact Information Settings

Field
Description

Company

Support company's name.

Contact name

The name of the contact person.

Contact person's email address

The contact person's email address.

Contact person's phone number

The contact person's phone number.

Company's website

Support company's company website address.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Badge Design

This window lists the database links available in Badge Designer.

Figure 16-13 Badge Design Settings

Miscellaneous Settings

This window includes a variety of settings, as described in Table 16-13.

Figure 16-14 Miscellaneous Settings

Table 16-13 Miscellaneous Settings

Field
Description

Load all strings from database

Loads all text strings from the database. Used in conjunction with the advanced Text Strings module. Normally there is no reason to check this, as any strings that have been changed or customized since the time of install will be automatically loaded from the database.

Always open new modules in same window

If checked, opening a new module simply replaces the module in the same window, rather than opening a new window.

Enable Window>New Window

Allows modules to be opened in multiple windows. Adds an additional New Window button to the toolbar.

Prevent force quit (Command-Q) on Mac OS X

Blocks the force quit command.

Allow deletion of items that normally may only be disabled

Enables a true delete option in some modules. Normally, important items should be disabled, not deleted. Even with this option enabled, only items that are not referenced by other items may be deleted. For example, if a device has an event occur for it, it may no longer be deleted, as the event references the device. This is because true deletion in this case would result in the inability to correctly report on any such events.

Allow deletion of devices with events

Deletes events associated with a device when a device is deleted.

Note Cisco recommends that you do not delete devices. Events that are associated with the device will be deleted if the device is deleted.

Restrict new devices to wizards only

All new devices added to the Hardware module will use an add wizard.

Default max rows

Limits the number of visible rows in list-based modules such as Events and Badges. For example, if the default max rows is set to 100, the badges module displays a maximum of 100 rows.

Enter a number between 1 and 5000.

Change queue buffer size

Enter a new buffer size.

Enable Credential Watch

Enables the Credential Watch feature which places color borders around photos in the Event Photos module. See Adding a Color Border to Event Photos (Credential Watch), page 12-16.

Use cross-platform page setup dialog for badge printing

Select this option to use the cross-platform Java page dialog if the badge image is truncated. This occurs when using the default printer dialog on some printers (such as the Zebra printer).

Truncate imageable area values used to initialize cross-platform page dialog

If the image is still truncated using the cross-platform Java page dialog, select this option to apply .01 inch margins.

Use Pageable print interface for badge printing

The Java Printable printing interface is used by deafult. If printing problems occur (such as with the Evolis printer), select this option to use the Java Pageable printer interface.

Stroke text before printing badges

If problems occur printing text, such as on a Mac, select this option to apply a stroke when printing.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Cisco Settings

This window includes the settings described in Table 16-13.

Figure 16-15 Cisco Settings


Note You must restart the Cisco PAM appliance to activate changes made to all parameters in the Cisco settings screen except for Display soft commands on default module (this setting requires that you restart the Cisco PAM desktop application). See Performing Additional Configuration, Administration, and Monitoring Tasks, page 4-11, or ask your system administrator for assistance.


Table 16-14 Cisco Settings

Field
Description

Default discovered gateway time zone

Defines the time zone for all discovered Gateways. This time zone is configured on all discovered Gateways.

Credential download frequency (mins)

Defines how often (in minutes) credential information is downloaded to the Gateways.

Note You can also download credential changes immediately. Select Hardware from the Doors menu, right-click on the Access GW Driver, and select Apply Credential Changes. See Configuring Personnel, page 10-2 for more information.

Display soft commands on default module

Displays the soft commands for the default m01 (Gateway) module.

Display "Delete All Cameras" command on the camera driver

Displays the Delete All Cameras command for the Cisco VSM Video Driver in the Hardware module. See Deleting the Cisco VSM Cameras, page 15-18.