Background:
Because there are many components in motion, we've compiled a list outlining requirements, clarifications, and areas of responsibility to ensure the seamless integration between Inlet and the lock system.
Read more about the security principles for Inlet and the connections to locks here.
Practical and Technical Requirements:
Prerequisites:
- C•CURE 9000 with Victor web service installed and operational on v3.0 (SP1) or newer.
- Administrator access to C•CURE Administration Workstation.
- Service account credentials in C•CURE with required privileges (will be created in the steps below).
Installation:
- Locksmith installs the locks.
- An IT supplier provides a server capable of running the C•CURE 9000 software.
- The IT supplier then ensures the server is secured with a proper firewall and access control measures.
- The server needs to be connected to the internet and have a proxy or a static IP.
- IT supplier installs HTTPS certificates to enable proper HTTPS communication with the server.
Configuration:
- To be able to add Inlet into your system a script needs to be created and executed on the server and system Inlet will be connecting to.
- Create a batch (.bat) file, on windows, containing the following:
cd C:\Program Files (x86)\Tyco\CrossFire\Tools
InsertLicenseOption /U /V /S:"WIN-ABCD1234\SQLEXPRESS" /N:"Inlet Cloud Access Hub" /A:"Inlet" /G:5a99d11d-23ca-47b4-8d4c-7846b8c9ef3d /C:2 /P:0
@pause
- Be careful not to change the Inlet GUID
- Change the "WIN-ABCD1234\SQLEXPRESS" to the actual URL for your SQL database.
- Copy the script to the folder: C:\Program Files (x86)\Tyco\CrossFire\Tools on the computer with CCure installed.
- Right-click on the .bat file and hit "Run As Administrator"
- Click Run or Accept on any popup that might show up
- In “License Administration” there should now be an option named "Inlet Cloud Access Hub"
- Create a batch (.bat) file, on windows, containing the following:
- Create a Privilege for the Integration
- In C•CURE Administration, go to Configuration → Privilege → New.
- Name the privilege, e.g.
Inlet Integration Privilege. - Grant read access to:
- Partition
- iSTAR Readers/Doors and Elevators
- Clearances
- ClearanceItem
- Objects.GroupMember
- iStarDoor (Actions/ExecuteAction)
- Grant read and write access to:
- Personnel
- Credentials
- PersonnelClearancePair (Objects/Persist)
- Roles and Card Types
- Save the privilege.
- Create a Service Account
- In C•CURE Administration, go to Configuration → Operator → New.
- Assign the previously created privilege.
- Set a username and password (needs to be sent to Inlet).
- Ensure the account is Enabled.
- For CODE to work, the setting "Allow card numbers to be entered from keypad" needs to be set on the card readers that should be accepting code.
- IT supplier ensures IP whitelisting and sets up port forwarding on port 443(https) from an external port to an internal port on the server, enabling access to the API.
- Locksmith or IT supplier needs to verify that the windows firewall allows traffic on port 443, and that the Victor Web Service is able to communicate out.
- Inlet needs to receive the following information by mail to support@inlet.tech:
- Customer Name
- Information on what locks and lock groups Inlet should set up.
- CCure 9000 username and password
- ClientName
- ClientID
- Public URL or static IP address of the server.
- Inlet retrieves IDs for the locks to configure Inlet with the locking system.
- Inlet provides information to the main system/booking system for testing.
- Inlet requires a minimum of 2 weeks of testing with the main system/booking system after the installer has completed all the steps above.
IP addresses that need to be whitelisted:
Required: 52.164.185.179
Required: 77.110.204.178
Ports that need to be mapped:
External TCP port 443 to internal TCP port 443 on the Server.
Access System Server IP Address Configuration:
A static IP address should be assigned to prevent it from being changed during a restart, and causing downtime due to the mapping in the previous point