Alert EnterpriseWiki

Honeywell Pro-Watch (HSDK)

Honeywell·AE_HSc_HoneywellProwatchConnectorGuide

PACSactiveHoneywell Pro-Watch 4.1, 4.2
Transports
sdk · jdbc
Direction
bidirectional
Authentication
HSDK server credentials +1
Topology
on-prem
Compare with another connector →Open in composer →

Overview

The Honeywell Pro-Watch connector integrates AlertEnterprise Guardian with Honeywell Pro-Watch — Honeywell's enterprise PACS platform, widely deployed in industrial, utility, and federal-adjacent environments. This connector covers the HSDK-based integration path; see honeywell-pro-watch-dtu for the DTU SOAP path and pro-watch-dtu-rest for the modern REST path on Pro-Watch 6.x.

The connector ships as ALNTProWatchConnector-5.0-SNAPSHOT.jar and registers com.alnt.connector.prowatch.provisioning.services.ProWatchConnectorInterface. It uses a hybrid transport architecture: provisioning + command execution flows through the Honeywell HSDK (Honeywell Software Development Kit) hosted on a designated HSDK server, while reconciliation queries pull directly from the Pro-Watch SQL Server database via JNDI-bound JDBC. Pro-Watch's data model exposes badge attributes (BADGE_ALL, BADGE_CARD_ALL, BADGE_CLEARANCE, BADGE_TIME_CLEARANCE, BADGE_TEMPORARY_CLEARANCE) that the connector queries directly.

Notable capabilities vs other PACS: Pro-Watch exposes explicit Lock User Account and Unlock User Account operations as first-class provisioning verbs — most PACS connectors implement equivalent behavior by toggling badge status. The connector exposes these as discrete operations with configurable Lock Action / Unlock Action system parameters mapping to badge status values.

Architecture

Composed from this connector's actors + edges. Trust zones are color-coded; trust crossings render as thicker lines.

Composing diagram — running ELK layout6 actors · 6 edges

Authentication

2 methods supported

HSDK server credentials
basic

Authentication to the Honeywell HSDK server uses a username + password configured as UserId and Password system parameters. The connector also requires the HSDK server Host (IP), Port, and URI (e.g., HSDKPNLApplicationModule).

Credential storage
Encrypted in AE connector configuration.
Pro-Watch SQL Server (JDBC via JNDI)
basic

Reconciliation operations execute SQL queries directly against the Pro-Watch SQL Server backend, accessed through a JNDI-bound DataSource configured in the AE application server. The Jndi Name system parameter identifies the bound DataSource.

Credential storage
Managed by the AE application server's JNDI binding.

Prerequisites

Everything that must be in place for this connector to work, with the owner who's responsible.

HSDK server deployed and reachable

customer

A Honeywell HSDK server (the SDK's web service host) must be deployed and reachable from the AE application server. The HSDK application module name (e.g., HSDKPNLApplicationModule) must be known and configured.

Read access to Pro-Watch SQL Server via JNDI DataSource

customer

The AE application server must have a JNDI DataSource bound to the Pro-Watch SQL Server database, with read access to the cardholder, badge, and clearance tables (BADGE_ALL, BADGE_CARD_ALL, BADGE_CLEARANCE, BADGE_TIME_CLEARANCE, BADGE_TEMPORARY_CLEARANCE, CLEAR, BLOBS, BADGE_TYP, BADGE_STATUS, HSDK_CHANGELIST).

HSDK_CHANGELIST table populated for incremental reconciliation

customer

Incremental user reconciliation queries HSDK_CHANGELIST filtered by BACNET_TYPE='ACCESSUSER' and LAST_MODIFIED_TIME >= $LAST_RUN_DATE. The Pro-Watch system must be configured to populate this change-log table for incremental sync to work; full reconciliation works without it.

Lock / Unlock action mapping defined

ae

Operators must specify Lock Action (e.g., INACTIVE) and Unlock Action (e.g., ACTIVE) system parameters — these define which badge status values the connector sets when locking or unlocking a user.

Known limitations

Documented constraints to set customer expectations before deployment.

Roles assigned at badge level (not user level)

important

Unlike most PACS, Pro-Watch assigns access levels to badges, not to users directly. Multi-badge cardholders may have different role sets per badge. Implementations that assume user-level role assignment must accommodate this — typically by enforcing one-active-badge-per-user or mapping AE-side role grants to the cardholder's "primary" badge.

Data fields

16 fields mapped between AE Guardian and the vendor system.

AE fieldVendor fieldDescriptionDirectionRequired
userIdUserIdHex-encoded Pro-Watch user ID — queries use `(`0x`+CONVERT(varchar(max),A.ID,2))` to expose the GUID-like internal ID as a hex string.bidirectionalyes
firstNameFNAMEbidirectionalno
lastNameLNAMEbidirectionalno
middleNameMIbidirectionalno
badgeId / cardnumberCARDNOPro-Watch card number. Bound to the `Prowatch BadgeId Attribute Name = cardnumber` system parameter.bidirectionalyes
PINPINCODEoutboundno
validFromISSUE_DATE / Activation_Timebidirectionalno
validToEXPIRE_DATE / Expiry_Timebidirectionalno
assetStatusCredential_Status (CARDSTATUS_DESCRP)bidirectionalno
BADGE_STATUSBADGE_STATUS (joined to BADGE_STATUS table for STAT code)`A` is treated as Active when the column is null.inboundno
BADGE_TYPEBADGE_TYPE (joined to BADGE_TYP for DESCRP)inboundno
roleType (Permanent / Timed / Temporary)ROLE_TYPEPro-Watch supports three role validity types — Permanent (no expiry), Timed (range-bound by EXPIRE/TEMPACCESS flags), and Temporary (range-bound by TEMPACCESS_START_TIME / TEMPACCESS_END_TIME). bidirectionalno
textROLE_NAME (BADGE_CLEARANCE.DESCRP)bidirectionalno
companynameCompanybidirectionalno
BADGE_IMAGEBLOBS.BLOBCardholder image stored as SQL BLOB, joined from the BLOBS table on user ID.inboundno
validityBADGE_BIRTHDATE / BADGE_EMPLOYER / BADGE_SUPERVISOR / BADGE_HAIRCOLOR / BADGE_EYECOLOR / BADGE_AGE / BADGE_HEIGHT / BADGE_WEIGHT / BADGE_SSN / BADGE_TITLE / BADGE_DEPARTMENT / BADGE_BUILDING / BADGE_FLOOR / BADGE_HOMEPHONE / BADGE_OFFICEPHONE / BADGE_ADDRESS1 / BADGE_ADDRESS2 / BADGE_CITY / BADGE_STATE / BADGE_ZIP / BADGE_COUNTRYPro-Watch exposes a wide cardholder-profile column set on `BADGE_ALL`. The connector reads all of these during reconciliation; mapping to AE-side attributes is site-configured. inboundno

PACS specifics

Cardholder model

Pro-Watch models a cardholder as a BADGE_ALL row keyed by an internal binary ID (exposed as hex '0x'+CONVERT(varchar(max),A.ID,2)). Each cardholder can have one or more cards in BADGE_CARD_ALL (CARDNO, PINCODE, ISSUE_DATE, EXPIRE_DATE, CARDSTATUS_DESCRP). Photo data is in BLOBS.BLOB. The cardholder profile is unusually rich (employer, supervisor, hair color, eye color, height, weight, SSN, address) — reflecting Pro-Watch's industrial / government-adjacent heritage.

Access rights model

Pro-Watch assigns access at badge level, not user level. Access is granted by inserting rows into BADGE_CLEARANCE (permanent), BADGE_TIME_CLEARANCE (timed), or BADGE_TEMPORARY_CLEARANCE (temporary) — joined on CARDNO. The CLEAR table holds the master clearance definitions. Each clearance has an EXPIRE flag and a TEMPACCESS flag that derive the role-type discriminator.

Multi-tenancy

Single Pro-Watch instance is typically a single tenant. Multi-instance federation requires one connector per Pro-Watch server.

Topology + Events
Topology
on-prem
Event model
polling
Anti-passback
unknown
Holiday schedules
unknown
Source materials
  • src/connectors/honeywell-prowatch/source.pdf Full connector guide — 25 pages, updated 2023-04-11
  • src/connectors/honeywell-prowatch/source.pdf p5 — Supported Version
  • src/connectors/honeywell-prowatch/source.pdf p7 — Connector Architecture
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.