C•CURE ACS Integration Configuration Guide

NOTE:  Software-based ACS Integrations are a licensed feature from Alcatraz and are not required for a functioning Alcatraz system.  Contact AAI Sales for more information. 

Requirements

Alcatraz Platform Software

v3.4.0 (On-prem or Cloud*)

C•CURE 9000

2.9-SP4, SP5, SP6 Enterprise

3.0-SP1 Enterprise

3.0.3, 3.0.4

C•CURE 9000 License

Alcatraz AI - Frictionless Access -Integration

CC9WS-ALCAI - Alcatraz AI Integration

* Cloud-hosted Platforms require an ACSI Proxy application to be installed on the same network as the C•CURE system. Contact AAI Support to obtain this software.

Notes on Operation

In the current implementation, the ACS Integration will delete profiles that do not have at least one badge that is also present in the ACS. Profiles will be deleted if all associated cards are deleted in the ACS. This includes the scenario whereby a cardholder's 'lost' card is deleted before a replacement card is added.

C•CURE License Injection for Alcatraz Integration

NOTE: For C•CURE 9000 v2.9.0, this script must be executed on each C•CURE server that the Alcatraz Platform will connect to. This step is not required for C•CURE 9000 v3.0 or greater.

The following procedure describes using an injection script to add the AAI Integration option to your C•CURE system. For C•CURE 9000 v2.9.0, this script must be executed on each SAS that the Alcatraz Platform will connect to. This step is not required for C•CURE 9000 v3.0 or greater.

Create a batch file (sample.bat) with the following contents:

InsertLicenseOption /U /V /S:"WIN-L4C78I7S7D5\SQLEXPRESS" /N:"Alcatraz AI - Frictionless Access - Integration" /A:"Alcatraz AI" /G:5eb9318d-8e8b-49bf-9c61-0f012cb0123f /C:2 /P:0

@pause

The Alcatraz Integration GUID is 5eb9318d-8e8b-49bf-9c61-0f012cb0123f and should NOT be changed.

In the sample file, WIN-L4C78I7S7D5\SQLEXPRESS is the name of the SQL instance where the C•CURE database is located. This must be updated to include the actual SQL instance's name.

EXECUTION

  1. The batch file should be copied to the computer running C•CURE and placed in the following folder: C:\Program Files (x86)\Tyco\CrossFire\Tools
  2. Right-click on the batch file and select “Run as Administrator.”
  3. Verify success by launching “License Administration” and checking the “Options” for Alcatraz AI- Frictionless Access - Integration 0/10.

C•CURE Privilege / Operator Creation

The following procedure describes creating a Privilege and Operator in C•CURE that the Alcatraz Platform will use for syncing with the C•CURE system via the Victor WebAPI.

Privilege Creation

  1. In the C•CURE Administration application, select “Configuration” and then “Privilege” and “New”.
  2. Assign the appropriate partitions to the privilege.
  3. Create read-only permissions for the following (see screenshots below):
    1. Personnel >> Personnel Records >> Credential
    2. Personnel >>  Personnel Records >> Personnel
    3. Personnel >> Personnel Related  >> Clearance
    4. Personnel >> Personnel Related  >> Personnel Type
    5. Controllers >> iSTAR >> iSTAR Readers
    6. Controllers >> iSTAR >> iSTAR Door
    7. Controllers >> Elevators >> Elevator
  4. Then check "Enabled", followed by "Save and Close"
  5. Under “Configuration >> Journal Trigger” select “Edit” and “New” as shown in the screenshot, and then check “Enabled”, followed by “Save and Close”.

Operator Creation

  1. In the C•CURE Administration application, create an Operator and “Add” the read-only privilege created above (screenshot below).
  2. Be sure to note the “User Name” and “Password” as they will be utilized when configuring the Alcatraz system.

NOTE: You can see when this operator logs ‘in’ and ‘out’ in the C•CURE Monitoring Station’s Activity Viewer.

Alcatraz Proxy Service Installation (Cloud-Hosted Only)

Cloud-hosted Platforms require an ACS Integration Proxy application to be installed on the same network as the access control system server. Contact AAI Support to obtain this software.

The ACS Integration Proxy Service can be installed on any Windows Server (2019/2022), preferably version 2022. To minimize communication delays between the C•CURE server and the proxy, we recommend installing the proxy on the C•CURE server that it will be communicating with, as it is lightweight.

  1. In the Alcatraz Admin Portal, download the certificate in PEM format, as shown in the "Genetec Integration Configuration" section below.
  2. Copy the certificate to the server where the Proxy Service will be installed. In the screenshot below, the certificate was placed in the "C:\Program Files\Certificate" directory.
  3. Run the Alcatraz Proxy installation file 'as an administrator'.
  4. Configure the following directory items and click Next:
    1. Installation Directory:  C:\Program Files\Alcatraz AI\Proxy (default)
    2. Data Directory:  C:\ProgramData\Alcatraz AI\Proxy (default)
    3. Certificate Directory:  C:\Program Files\Certificate (default)
    4. Certificate Name:  "acs_public_certs.pem" (default)
  5. Click Next on the "Certificate Settings" screen.
  6. Enter the hostname or IP address and the port number (3300) that the ACS Integration service will use to connect to the Alcatraz Platform. For example, "acs.us.alcatraz.ai:3300".
  7. Click Next to complete the installation.

C•CURE Integration Configuration

It is recommended that a VM Snapshot is generated and the system is backed up before attempting to configure an ACS Integration.

Facility Code Mapping

IMPORTANT - The facility codes for cards to be synced should be configured BEFORE enabling the ACS Integration. Failure to do so could result in the deletion of profiles.

Assign facility codes to card formats for the badges that the Alcatraz Platform should sync with C•CURE. If necessary card formats are missing from the list; you can add them as detailed here: Adding Card Formats.

Main Settings

Click Enable ACS Integration and followed by Edit ACS Configuration:

Enter the following details:

  • ACS Integratrion: C•CURE
  • Victor Web Service URL:  https://<Hostname_or_IP_of_CCURE>/victorwebservice/
    • NOTE: In some systems, the Victor Web Service may be running on a machine other than the one where the C•CURE software is installed. In that case, use that machine's hostname, IP address, or FQDN.
  • C•CURE Username: {the Operator created previously}
  • C•CURE Password: {the Operator created previously}
  • Opt Out Field: Logical3 (default)
  • Schedule Full Sync: {daily time for full sync}
  • Send Security Events: {Optionally send Alcatraz Security Events to the C•CURE Journal}
  • Use Proxy: {Enable for Cloud-hosted*, Disable for On-Prem}

Notes:

  • Click Test Connection to verify communications with C•CURE. If the integration comes ‘online’, click Save.
  • ACS Integration status can be seen at the top of the “Account” page and in the “ACS Integration” section under “Account.”
  • *Cloud-hosted systems will need to download a PEM certificate. This certificate is required during the installation of the Proxy Service to secure the communications between the Proxy and the Cloud Platform.

 

 

ACS Integration Logs

The ACS Integration section contains ACS Integration logs and a button to initiate a full sync.

Map C•CURE Card Readers to Rocks

Click Add Reader and map each Rock to a reader in C•CURE.