Jason Lee

As I have discussed before, Northwoods uses ACS Facility Scheduler as the primary application for all facility calendaring, global ministry calendaring and also the data source to populate our website calendar (web calendar is still in development). 

We deploy this application, as previously documented,  to our users via a terminal server.  The Terminal Server environment allows us to install the application in on place and let everyone on the network use it. Note: We are still using Server 2003 for this application so no need to comment on the use of TS in place of Remote Desktop Server Most of the time this works without much of an issue but a recent update to Facility Scheduler started causing us some problems. For future sanity I am documenting the problem as well as the solution.

ACS released Facility Scheduler 2010.1 earlier in March, for the most part the built in updater ran without an issue and all existing terminal server users were able to choose update and login without any issue. 

But after the update we started to notice users who had not ever logged into the terminal server before (new network accounts) weren’t able to launch facility scheduler.  The individuals would login to the Terminal server  launch the Facility Scheduler application and then be prompted to update to 2010.1.  The update would complete and the login would display.  After the update they would enter their login credentials for the application and the loading animated icon would appear but wouldn’t be animated. 

After 1-2 minutes of waiting the application would close. This process happened every time the user tried to launch Facility Scheduler.  Further digging revealed this only happened after a user local profile had been deleted from the Terminal Server or the user was logging into the Terminal Server for the first time.

The Problem:
Since we installed FS on the terminal server and put the Application Data in the default user profile that application data was several revisions out of date (2008.1.9.6). Since there is no auto update feature for the “default’ user profile it was forgotten when everyone else updated.  This resulted in new user’s profile being created with the outdated version of FS and the updater couldn’t apply 2010.1, causing the login to crash.

Solution when One User Impacted:

• Confirm the Affected user is not logged into the Terminal Server
• Login as a user who has the latest version of Facility Scheduler installed and navigate to:
  C:\Documents and Settings\“Username”\Local Settings\Application Data
  (where “Username” is the network username of the user you are logged in as)
• Copy the ACSTechnologies folder to
  C:\Documents and Settings\”Username”\Local Settings\Application Data
  (Where “Username” is the network username of the user who cannot launch Facility Scheduler.
• Have user login and launch Facility Scheduler

Solution when Multiple Users Impacted

• Confirm the Affected users are not logged into the Terminal Server
• Login as a user who has the latest version of Facility Scheduler installed and navigate to:
  C:\Documents and Settings\“Username”\Local Settings\Application Data
  (where “Username” is the network username of the user you are logged in as)
• Copy the ACSTechnologies folder to
  C:\Documents and Settings\Default\Local Settings\Application Data
• Delete the User Profile(s) for the user account(s) that aren’t able to launch Facility Scheduler.
• Have user login and launch Facility Scheduler.

ACS Technologies Facility Scheduler, Terminal Server

Continuation of a series of posts on ACS CheckPoint and Biometric Scanning Part 3 of 5

Part 1: Why Biometric?
Part 2: Why Vein Scanning?
Part 3: Installing M2sys Vein Scan Server & Configuring the Database

Part 4: Installing M2Sys BioPlugin Vein Scanning Client
Part 5: Configuring the M2sys Vein Scanning Client and ACS CheckPoint

As previously mentioned Part 1 & Part 2 we have deployed M2Sys’ products before and have some familiarity with the products.  Even with this familiarity there were a few areas that we had to work thru to get everything working.  Our specific install is unique since we will be deploying both Vein Scanning and Fingerprint Scanning on the same network.  At the time of writing this documentation, the two technologies are not able to be compatible with one another and require separate installation for independent use.  Future updates are expected in the next few months that will allow for one Database install and one client install to support both types of scanning on the same workstation concurrently.  Until that is the case the Vein Scanning Database and Finger Print Scanning Databases must be accessed via two separate servers.

Installation of M2Sys BioPlugIn Vein Scanning Server and Database
Note:
Most steps are identical for Fingerprint Scanning Server and DB but Vein Scanning install requires a different installer than the BioPlugin for Finger Print Scanning.
Your mileage may very depending upon your environment, do due diligence before following these procedures.

- Install OS On a new Server – Since  almost all of our servers are virtual isolation of applications is key.

- When using 2008 or 2008R2 as your server operating system disable UAC prior to starting the install of the M2Sys software.  If UAC is not disabled before install of M2sys the service will fail.
On Server 2008R2 disable UAC by going to Control Pannel>User Accounts>Change User Account Control Settings and change the slider to “Never Notify”.

- Install M2sys BioPlugin Software
Note: Installing BioPlugin 6.6.1 on a 64bit server the service will fail because the application is making a call to the Hitachi Driver which is only 32bit at this time. Uninstalling and installing 6.6.2.2 resolved this issue.

- After installation is completed you will notice a traffic light icon in the system tray

This icon only indicates if the service is running or not.  Administration of the BioPlugin is done in the control panel, not the Sys Tray icon or start menu.

Note: If you are using server 2008 or 2008r2 you will have to change the view of the Control Panel to Large or Small icons to view the BioPlugin control. BioPlugin does not display in any of the Category Groupings.

- After accessing the BioPlugin Server Preferences you will need to apply the license key.  Do this by Navigating to the last tab “"License”.  If you purchased the scanners and software from ACS Directly you will need to send your account manager the Installation ID and they will send back a License ID.  Enter the License ID and Select Apply.

- After you have installed the software and applied the license key you can restart the server and BioPlugin should show green on the little traffic signal.  It is possible for the service to try to start and fail and the green will go back to red.  This is the first indicator that we were having an issue with 6.6.1 not working  on a 64bit server.

- Check the Service is actually running by going back into the Control Panel BioPlugin Server Preferences and click on View Core Server Log.  The Log should display “Waiting for Client Request”. If the service is failing the log file will either not display “Waiting for Client” or when you click on view Core Server log nothing will happen because the log hasn’t yet been created.

Note: It is not stated anywhere in the documentation, but Cached Size: # is the number of registered users you have currently in the BioSnapOn Server.

- Once you know the service is working locally you have to decide to either keep the database on the server as an access database, which M2sys says is ok for up to 10,000 or point the M2sys server to another database server like MySQL, or MSSQL.  Because we already have a backup strategy in place for MSSQL databases and have a server running MSSQL 2008 it was best for our situation to use the MSSQL backend rather than the local access database. 
Note: In a testing environment the local database worked without any issue.

- If you are using a MSSQL database the next step is to create an empty database and user account for the BioPlugin server to use to connect to the database.  Because we already have our finger print scanning database in production we simply created a new database with the same name and added database–02 to the name.  In a dual database setup like ours it is important that the right BioPlugin server be pointing the correct database or your biometric check in with not be successful.  You define which database the BioSnapOn Server connects to in the DB string later in this process.

- After a blank database is created and the user account is set as the owner you run a script to prepare the database for use by BioPlugin.  These scripts can be found in the location on the BioPlugin server where you installed BioPlugin (Default is C:\Program Files\BioPlugin).  Copy Tables-Script-SQL Server.sql for the MS SQL install locally to the SQL Server.  Select the database for the biometrics and execute the script.  Once this is done configure your backup of the database.  After the backup configuration is done the database is ready.

-Now that the database preparation is done be sure the BioSnapon service is not running (make sure the traffic light is red) next launch the BioSnapon Server Administration tool again and Select the Microsoft SQL Server radio button on the Database Tab.  This will change the connection string to a template of a SQL connection string.

- Connecting the SQL database is a little annoying if you (like me) do not frequently work with MSSQL. But in the latest release the BioPlugin server help files give sample definitions for the connection string. You will next want to review the BioSnapOn Installation Help Guide found on the install CD in the Documentation folder.  Navigate to the Help file location: Installation>Database Configuration>SQL Server. This provides settings and options for Using ODBC connection, SA and Windows Authentication.

- We had success with  MS SQL Server DSN-Less Connection with SQL Authentication and the following connection string. Values have been changed and display what information should be entered for each variable.
  Provider=SQLOLEDB.1;
  User ID=SQL Account Created when you created the Database;
  Password=Password for the Account Created Above;
  Persist Security Info=False;Initial Catalog=Database Name for the Database you created above;
  Data Source=Name of the SQL Server to which you are connecting

- Apply the settings and restart the server.  After the restart your BioPlugin server should have a green light and the core server log should be ‘waiting for client request’

Now you are ready to Install and configuring the BioSnapOn Client on the workstation, point it to the BioSnapOn Server and testing scans.

Previous -  Part 2: Why Vein Scanning?

Next – Part 4: Configuring M2Sys Vein Scanning Client

ACS Technologies, Church IT Check In, Finger Print, Vein Scanning

Part 2 of 5

Part 1: Why Biometric?
Part 2: Why Vein Scanning?
Part 3: Installing M2sys Vein Scan Server & Configuring the Database

Part 4: Installing M2Sys BioPlugin Vein Scanning Client

Part 5: Configuring the M2sys Vein Scanning Client and ACS CheckPoint

In the past year we have learned a lot about biometrics and our check-in system and I have had people ask me multiple times a great question, “Would you do it again?”.  They are really asking would we use finger print scanners as an key component of our check-in system, and I would reply, Yes.  The finger print scanning has been successful to accomplish the two areas we saw concern in the other flavors (bar code, key fob, number/name lookup) of check-in: Security and Speed.  The finger scanning has allowed us to have check-in remain secure, limiting the use to families who had followed the registration process and allow them to do it in a process that takes less than 15 seconds per family.  A major positive of the finger scanning over other scanning solutions, the speed isn’t dependant upon the end user remembering to bring a key tag or key fob with them to church.

Even saying Yes to that question wouldn’t mean we haven’t learned things over the past year and we haven’t modified the configuration. We have learned that finger print scanning is dependant upon indoor and outdoor temperatures, humidity, dry skin, etc.  The quality of the scan is affected by more environmental variables than we expected.  A second learning point was paying attention to the scans captured at pre-registration.  This process is much more important than we originally thought.  If attention to detail was paid at the pre-registration process then the success rate increased exponentially.  And finally, we were affirmed in our thought that there would be some people not able to use the biometric system because they just didn’t have “good” fingerprints.  So with the environmental variables and the fact that some people couldn’t use the biometrics we had to identify a workaround, which was allowing people to check-in by pager number. This is not the security number printed on the child’s tag but rather the number that is used to alert families the DLand staff need them to come get their child.  Allowing check-in via pager this did have negative impact on speed and people do forget their number.

So when it was time to start planning our rollout of Jr. High and Sr. High check-in we decided to put all options back on the table.  Our team came to the conclusion that if we could make finger scanning more reliable it was still the best option.  This planning was happening concurrently to the release of a new product by M2Sys called Vein Scanning.

Vein Scanning works under the principal that your vein alignment in your fingers is as unique as your finger prints.  Allowing you to be identified in a system without the environmental and “good” print concerns noted above.  The Scanner uses infrared to ‘see’ your vein alignment in your finger and allows the software to translate that alignment into a string of numbers that can be called back to identify you after you have pre-registered.

The solution sounded good but needed to be tested.  We contacted ACS and asked if we could put the scanner thru some testing and they provided a demo for us.  Our testing showed the Vein scanners to be much higher in accuracy no matter the variables.

So why not vein scanning in the first launch a year ago?  The products weren’t available a year ago in the capacity they are now.

Will you be migrating your finger print users to vein scan users?  Not at this time, currently the two technologies are not able to be used concurrently on the same workstation and would require a mass re-registration process for over 1250 individuals.

Will you possibly migrate everyone to vein scanning?  Once the converged product allowing both types of scanning at one workstation (12 weeks) we might explore this option.

Previous Part 1: Why Biometric?
Next Part 3: Installing M2sys Vein Scan Server & Configuring the Database

ACS Technologies, Church IT Check In, Finger Print, Vein Scanning

Its been just over a year since we launched CheckPoint, an ACS Technologies product, as the software we used to do electronic check in our Discoveryland (Children’s Ministry), birth thru 5th grade.  Being a year out from that launch I am posting a series of posts evaluating the project and also documenting the launch of our second phase in our Jr Hi and Sr. High ministries.

This series of posts will not specifically look at ACS’ Checkpoint product or how to deploy checkpoint specifically, but you can review that by checking out the workshop Taught at the 2009 ACS Convention.

Part 1: Why Biometric?
Part 2: Why Vein Scanning?
Part 3: Installing M2sys Vein Scan Server & Configuring the Database
Part 4: Installing M2Sys BioPlugin Vein Scanning Client
Part 5: Configuring the M2sys Vein Scanning Client and ACS CheckPoint

The Discoverlyand launch used Finger Print Scanners and software made by M2sys.  The parent uses the biometrics to authenticate to the system and in turn sees their family record on screen.  The Choice to use finger print scanning was driven by two factors: speed of check-in and security.

CheckPoint already had the ability to use barcodes and phone number lookup but two concerns were identified with those methods used exclusively.  The first concern is you could always leave the barcode in the car or at home and you would need to then check-in at a desk (taking time away from guest services) or use another method like name or number lookup.  The concerns name and phone number lookup was it took longer for each person to check-in and we couldn’t require pre-registration before using express check-in.  Name and Number lookup might result in you finding your family, but that might be from other involvement (giving, small group, etc) in the church and those vehicles for getting in the database might not include capturing family information.  Resulting in a poor user experience where you can display your record but your children aren’t able to be checked into the system.

Discoveryland has established a process for registration that needs to be completed before you use express check-in for a classroom.  This process includes parents agreeing not to drop children off and and run to the grocery as well as other logistics of how old is your child and what grade are they in.  With this information we can, which a much higher percentage of accuracy, know that your check-in process will work more smoothly.

Once the pre-registration data is collected and entered into the database a family can be pre-register for express check-in with the finger scan.

With the finger scanning we were able to speed up the process of check-in as well as limit the usage of the system to those who have appropriately identified themselves to the Discoveryland team.

Next Part 2: Why Vein Scanning vs.Finger Print Scanning

Uncategorized