Features that impact an upgrade to Security Center 5.9.4.0 - Security Center 5.9.4.0

Security Center Release Notes 5.9.4.0

series
Security Center 5.9.4.0
revised_modified
2020-12-02

It is important to know about Security Center 5.9.4.0 features that will change how you interact with the system after an upgrade.

Note the following when upgrading to Security Center 5.9.4.0:
Issue with configuration files during Security Center 5.9 upgrade
If you upgrade to Security Center 5.9.4.0 and Security Center 5.7 was installed in the past, the 5.7 version of the configuration files are used during the upgrade. As a result, you lose any changes that were made to the configuration files in 5.8 or a previous version of 5.9 (such as the public IP, Directory database backup folder, the SMTP email address, and so on).

For more information, see [KBA-7905] Issue with configuration files during Security Center 5.9 upgrade.

End of support for Windows 7 and Windows Server 2008
Microsoft® Windows 7 Pro/Enterprise/Ultimate SP1 and Microsoft® Windows Server 2008 R2 SP1 are no longer supported because they are no longer supported by Microsoft.
New .NET Framework requirements
Starting with Security Center 5.8 GA, .NET Framework 4.7.1 is included in Security Center. The minimum Windows 10 version supported is 1607 (Windows 10 Anniversary Update). The Security Center installation will fail with older versions of Windows 10.
Enhanced complexity requirements for main server password
Starting with Security Center 5.8 GA, when you update the main server password used by Server Admin, the new password must meet all of the following criteria:
  • At least 8 characters long
  • 1 or more upper case letters
  • 1 or more lower case letters
  • 1 or more numerical characters
  • 1 or more special characters
  • No spaces or double quotation marks.
Changed default port for redirectors
Starting with Security Center 5.8 GA, TCP port 960 replaces TCP port 5004 as the initial default port for stream requests.

If you are upgrading from Security Center 5.6 or 5.7, your redirectors will continue to use TCP port 5004 and no action is needed.

If you are upgrading from Security Center 5.5 or earlier, your redirectors will use TCP port 960. Ensure that port 960 is open in addition to port 560 for firewall and network address translation purposes, or you might not be able to view live video streams from remote sites.

Changed Logon dialog box
Starting with Security Center 5.7 SR2, you can no longer leave the Directory field blank in the Logon dialog box. You must enter the name or IP address of the main server you want to connect to. If your client application is running on the main server, you can also enter Localhost as the Directory name.
Deprecated custom temporary access rules based on custom fields
Temporary access rules are supported natively in Security Center 5.7 SR1 and later. Because custom and native temporary access rules cannot be used together, we recommend that you use our native solution. If you are currently using the custom solution in Security Center 5.6, and want to upgrade to Security Center 5.7 SR1 or later, contact our Technical Assistance Center (GTAC) for help.
Deprecated events in Area activities and Monitoring tasks
Starting with Security Center 5.9.0.0, the following events are depreciated and not visible in Area activities or Monitoring tasks:
  • Antipassback disabled: Unit is offline
  • People counting disabled: Unit is offline
  • An interlock cannot have perimeter floors
  • Antipassback disabled: Elevator on area perimeter
Enhanced security in the Map Manager role
Starting with Security Center 5.9, Map Manager requires all clients that request image maps to pass authentication. To ensure legacy clients can view image maps after upgrading the server, Map Manager roles upgraded from 5.8 and earlier run in backward compatibility mode by default.

When in backward compatibility mode, Map Manager grants access to image maps without authentication. This mode is intended to temporarily maintain map functionality during a staged upgrade where some clients remain at an older version for a limited time. For more information on Map Manager backward compatibility, see Configuring the Map Manager role.

Best Practice: Switch Backward compatibility OFF after all client applications have been upgraded for enhanced security.
Introduced ECDSA certificates for Directory communication
Starting in Security Center 5.9.3.0, you can use Elliptic Curve Digital Signature Algorithm (ECDSA) certificates to secure the communication between Security Center servers.

If you are planning to use an ECDSA certificate with Security Center, one or more of the following compatibility restrictions might apply:

  • All servers running Security Center 5.9.3.0 or later with an ECDSA certificate, are not compatible with servers running Security Center 5.9.2.0 or earlier.
  • Security Center systems using an ECDSA certificate are not compatible with third-party authentication using SAML 2.0.
  • Federation™ hosts using an ECDSA certificate can only stream video from federated sites that also use an ECDSA certificate.
Introduced EdDSA for digital signatures
Starting in Security Center 5.8.1.1, video digital signatures are now signed with the more secure Edwards-curve Digital Signature Algorithm (Ed25519).

No action is required for video files that were signed in earlier versions of Security Center. Untampered files still pass validation, but are reported as authenticated with an obsolete algorithm.

Introduced native double-badge events
If you have event-to-actions configured for double-swipe in Security Center 5.7, you must reset your event-to-actions to use the Double badge on and Double badge off events in Security Center 5.8 GA or later.
Introduced new port for Archiver roles
Starting with Security Center 5.6 GA, Archivers require two ports: one port for live and playback stream requests (TCP 555) and one port for edge playback stream requests (TCP 605). If you are upgrading from Security Center 5.5 or earlier, make sure that port 605 is open in addition to port 555 for firewall and network address translation purposes, or you might not be able to view playback video streams from edge devices.
Recommendations for running the Global Cardholder Synchronizer (GCS) role
If your system is a sharing guest, make sure of the following:
  • The sharing host system is running the same version, or a later version of Security Center.
  • You have recorded a list of the global partitions you want to synchronize, in case you must apply them after the upgrade.
  • If the GCS role is running on an expansion server, perform one of the following two options:
    • Move the GCS role to the main server hosting the Directory role.
    • Keep the GCS role on the expansion server, but deactivate the role until both the main and expansion servers are running the same version of Security Center.
Renamed video watermarks to digital signatures
Starting in Security Center 5.9.0.0, all references to anti-tampering watermarks in the user interface and the associated documentation have been renamed to digital signatures.

A video watermark now refers to an optional text overlay that can be permanently added to exported video files. It is a deterrent to prevent users from leaking video recordings. For more information on video watermarking, see About video watermarking.

RTSP stream usage
Starting in Security Center 5.9.0.0, you can only use RTSP over HTTP or TCP when combined with SDK access.
Supported integrated software
Plugin users might need to upgrade their integrated software to a version supported by Security Center 5.9.4.0. For more information, refer to Supported plugins in Security Center.
For instructions about how to upgrade Security Center, see Installing Security Center.