Admin Training
What Admin Training Coversβ
Admin Training walks new administrators through everything needed to deploy, configure, and maintain GCXONE β from first login to daily operational routines. This guide covers network requirements, system architecture setup, pre-launch tasks, and ongoing monitoring cadences.
Why It Mattersβ
A misconfigured deployment β missing roles, unmapped sites, or unchecked camera health β creates operational failures that are hard to trace after the fact. Following the structured training path ensures every admin starts from a solid, validated foundation.
How It Worksβ
Pre-Deployment: Browser & Network Requirementsβ
Browser Requirements:β
| Browser | Support Level |
|---|---|
| Google Chrome v90+ | Optimal (recommended) |
| Mozilla Firefox v88+ | Supported |
| Microsoft Edge v90+ (Chromium) | Supported |
| Apple Safari v14+ | Limited |
| Internet Explorer (any version) | Blocked. Not supported |
Firewall & Port Requirements:β
| Port | Direction | Purpose |
|---|---|---|
| 443 (HTTPS) | Client β Cloud | Core UI, API tunneling, Sanity CDN |
| 554 (RTSP) / 443 | Bidirectional | RTSP streams or WebRTC negotiation |
| 8000 / 80 | Device β Cloud | Hikvision/ISAPI HTTP event nodes |
| DC09 Protocol | GCXONE β CMS | External alarm receiver forwarding |
note
βΉοΈ INFO β IP Whitelisting: For secured corporate networks, GCXONE provides CIDR block ranges. These ranges are critical for edge-bridge hardware and must be whitelisted before go-live.
Super Admin Onboarding Pathβ
- Receive Invitation Email β NXGEN dispatch sends a welcome invitation to the Super Admin's business email from
no-reply@nxgen.cloud. - Confirm Email Address β Click Confirm Email to validate the domain. This mitigates routing errors and locks the user schema against spoofing.
- Set Cryptographic Password β Click the Password Configuration token. This payload expires precisely 24 hours post-issuance.
- Authenticate β Return to your tenant URL. Log in with established credentials. Multi-tenant operators will see an organization selector.
Establishing System Architectureβ
- Define Service Provider Info β Set root organization branding, regional locale, operational timezones, and SOC contact variables. Navigation: Settings β Service Provider
- Create Customer Entities β Map your clients or internal divisions. For 100+ entities, use the BulkImport CSV framework. Navigation: Configuration β Customers
- Deploy Sites β Define unique geographical constraints and link each site to its correct customer. Navigation: Configuration β Sites
- Register Devices β Add bridges, NVRs, or cloud-direct nodes with correct endpoint definitions and credentials. Navigation: Configuration β Devices
Four Critical Pre-Launch Tasksβ
note
οΈ WARNING β Configure Roles Before Inviting Users: A user invited without a role assigned lands on a blocked screen the moment they log in and stays blocked until an admin manually assigns them a role. Design your role structure, create the roles, then invite users.
- Configure Roles Before Inviting Users β Create your complete role structure before sending any user invitations.
- Super Admin β full access, internal only.
- Operator β alarm queue, video viewer, map.
- Installer β device configuration, limited to assigned sites.
- End User / Customer Viewer β dashboard and live view only.
- Set Up the Alarm Management System β Configure your CMS integration before any site goes monitoring-active. Alarms generated by unmapped sites have no destination and are silently discarded. Minimum: DC-09 connection verified (green), every active site mapped to a CMS Account ID, and at least one test alarm confirmed received at CMS.
- Enable HealthCheck on All Sites β HealthCheck must be subscribed before cameras go live β it cannot retroactively capture events. Recommended: Subscribe at Customer level with Include Children enabled. Navigation: Configuration β [Customer] β Analytics Tab β Camera Health Check
- Create at Least One Scheduled Report β Monthly HealthCheck SLA reports serve as verifiable uptime evidence for customers. Set up the schedule before go-live so the first cycle captures baseline data. Navigation: Settings β Reports β + Create New Schedule
Key Capabilitiesβ
Deployment Validation Checklistβ
| Item | Area |
|---|---|
| Firewalls, routing, and NAT rules verified | Comms/Security |
| Super Admin login operational | Access Control |
| Minimum Customer/Site topology mapped | Topology |
| First hardware node connected and streaming | Ingestion |
| Test alarm received at Talos/DC09 | Delivery |
| HealthCheck engine active on node 1 | Diagnostic |
Event-Driven Workflowsβ
New Site Goes Live:
- Create the Site entity under the correct Customer.
- Register Devices and confirm they show Online.
- Map the site in AMS (set DC09 Account ID or Talos sync).
- Enable HealthCheck at site or device level.
- Send a test alarm and confirm receipt at CMS.
- Assign any site-specific user access via role entity selection.
Camera Goes Offline:
- Check HealthCheck board for the diagnostic code.
- If Network Timeout: verify physical connection and firewall rules.
- If Sabotage Detected: dispatch field technician.
- If Image Quality β Illumination: check IR/lighting at site.
- Log the incident in your ticket system with HealthCheck screenshot as evidence.
Alarm Not Reaching CMS:
- Open Marketplace β Alarm Management System.
- Confirm the AMS card shows green status.
- Open the AMS mapping table β look for red rows (unmapped sites).
- For red rows: click Edit, verify DC09 Account ID matches CMS exactly (case-sensitive).
- Run a test alarm from the affected site.
- If still failing: check firewall rules for DC09 Receiver IP and Port.
User Reports Access Issue:
- Navigate to Settings β Users β [User].
- Check their assigned role.
- Verify role has the required module enabled (e.g. Video Viewer).
- Check entity access β confirm the relevant Customer/Site is included.
- Use Edit Entity Access on the user record for per-user adjustments without changing the shared role.
Real-World Use Casesβ
- A new admin completes full onboarding β Super Admin login, system architecture, and first test alarm β in a single day using this training path.
- An admin completes the Deployment Validation Checklist and catches a missing HealthCheck subscription before the site goes live.
- An admin follows the Camera Goes Offline workflow and identifies a Sabotage Detected code β dispatches a technician before the morning shift.
- A new operator logs in and sees a blocked screen β the admin traces it immediately to a missing role assignment and resolves it in minutes.
Best Practicesβ
- Always configure roles before inviting any users β a user with no role is immediately blocked on login.
- Complete the Deployment Validation Checklist before any site goes monitoring-active.
- Enable HealthCheck at the Customer level with Include Children β this future-proofs new site onboarding automatically.
- Run a test alarm after every new site goes live β never assume delivery is working.
- Follow the Daily and Weekly cadences consistently β most operational failures are caught during routine checks, not incident response.
Additional Detailsβ
Daily Monitoring Cadenceβ
- Dashboard KPIs β Unusual spike in Total Alarms; elevated Unhealthy Cameras count.
- Real vs. False Alarm ratio β Sharp drop in real alarm % may indicate AI over-blocking.
- HealthCheck board β Any new Critical Offline or Sabotage-Detected cameras.
- AMS connection status β Green = forwarding; red = alarms not reaching CMS.
- Stale alarm queue β Unacknowledged alarms older than shift window need follow-up.
Weekly Operational Cadenceβ
- Review offline camera list β Escalate cameras offline > 48h to site contact.
- Audit new user invitations β Confirm all pending invitations have been accepted.
- Check report delivery logs β Failed deliveries indicate email routing issues.
- Review Audit Log for anomalies β Look for unexpected role changes or mass configuration edits.
- Validate DC-09 site mappings β Any red rows in AMS mapping = unrouted alarms.