Jump to content
RooiValk

Lenel Onguard - Separating PROD from TEST

Recommended Posts

All,

 

I recently had an issue where changing panel information in our test environment resulted in the panel going offline in our Production Alarm Monitoring. I've listed the background below, but wanted to find out the best way to make sure that our test environment can *never* communicate with a production panel, or anything in production for that matter. I would appreciate any experience or advice on this.

 

Here's background to the issue, and bear in mind that the intent of the actions below was to ensure complete separation between production and test ...

 

1) We allocated a new VM server and database to a Lenel TEST environment, and refreshed the database from production.

2) The database was renamed to AccessControlTEST and a new user ID was used.

3) The ODBC connection referenced the new test server, database, and user ID for the test environment.

4) The only services running on the test server were the license and login services.

5) I logged into System Admin on the *test* server and disabled all the panels by unchecking the ONLINE option on the Access Panel page. This was a copy of production data so the intent was to remove references to production to prevent changes affecting production. Toggling them offline had not affect on production so I thought we were golden.

6) For added precaution, I then modified the following for the panels:

* Change the Workstation (comm server) to a non existent serve name

* Removed the primary IP address

* As a result of the IP, had to also provide a fake host name.

Again the intent here was to completely remove any reference to production panels. And it's at this step that the problem occurred ....

 

After saving step # 6, the production panel showed offline in Alarm Monitoring. Not in the way of "black X marks the spot" for disabled panels, but in the way of "red X marks the spot" for a panel that has lost connection.

 

7) I logged into System Admin *production* and the panel still had a check next to ONLINE, so at least the database was not affected. However the panel itself was, so I toggled it offline and online again in production, and the panel went online in production alarm monitoring.

 

So my questions are this:

1) Why would any change in step # 6 affect the production panels when they were marked as offline in step # 5.

2) How can I make 100% certain that changes in test will *never* affect production, without isolating the test environment from the network - I know this is a solution but it is not one we can use. At some point I need to turn on all the other services and my concern is that something is going to cross into production.

 

BTW I changed all references to production servers and IP addresses on the backend DB by running an SQL script to update them in the ACCESSPANE table, but I'm wondering if this is enough.

 

Again, thanks for any feedback and I would appreciate any experience on this.

 

Ian

Share this post


Link to post
Share on other sites

Hi Ian,

I am wondering if your client was still trying to connect to the old "production" server, since that server was still available online?

Also... old school question. Is your network mask 24 bit? Can you IP your new server and close your subnet mask the way that it cannot reach the old server even if it wanted too?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×