Home/Access/Integrations/Genetec/Genetec Synergis Integration Guide
Table of Contents
1 SAFR - Genetec Synergis Integration Guide
2 Genetec Synergis Operation Guide
3 Troubleshooting
4 Genetec Federated Systems

4 Genetec Federated Systems

4.1 About Genetec Federation and Identity Sync

Genetec recommendations Federated systems are not the method to be used to manage Cardholders and Credentials centrally. Cardholders and credentials should be created and managed at each federation site and SAFR should be connected to each federated site to synchronize Cardholders and credentials.

Per Genetec subject matter expert on the subject:

Federation is meant as a monitoring tool to bring entities and event data from remote systems into a head end system, such as a GSOC or HQ. Federation is not intended as a means to administer multiple systems.

Although it is possible to give a Federated cardholder local access it is not recursive, meaning the Federation Host cannot grant access to doors at a remote site. Any additional credentials given to a Federated cardholder stay on that local system and are not saved on the source system.

If a customer wants to manage cardholders globally from one location, we typically recommend ClearID or a system design where all Cloudlink devices communicate with a single system. Global Cardholder Management is a last resort and not often recommended or deployed.

There are other options, such as the cardholder sync plugin that could be deployed, but those would be created as local cardholders to the system where the plugin is deployed.

At the end of the day, if you are trying to solve for the Federated model, each system should contain a unique set of cardholders, or should all be synced with the same source (AD or database view), so hopefully you wouldn’t have to worry much about replicated cardholders. If a particular customer chooses to deploy your solution, and their system architecture poses an issue, we should discuss it before deployment.

4.2 SAFR Architecture with Genetec Federated Systems

Cardholders and credentials should be created and managed at each federation site and SAFR should be connected to each federated site to synchronize Cardholders and credentials.

In below diagram, a separate instance of SAFR is connected to each local Genetec Security Center server. No cardholders are managed in the central Genetec Federation server.

This configuration requires a SAFR License Account for each instance of SAFR. This does not incur additional costs but requires that multiple license requests be submitted, one for each SAFR Server.

4.3 SAFR Behavior with Genetec Federation

While not recommended, SAFR maybe connected a Genetec Federation Host. This section describes the behavior when doing so. The recommended configuration (SAFR Server connected to local Genetec Synergis Servers) will result in best performance for both full synchronization and incremental synchronization.

SAFR will synch federated Cardholders from the Federated Host (meaning the Federated Host has cardholders from the Federated system(s)) with the following caveats.

  1. SAFR does not do incremental synchronization of Federated Cardholders.
  2. An initial synch will import all Cardholders and credentials that are federated to the federated Host. Thereafter, SAFR can be configured to run a full cardholder synchronization on a regular schedule that will pick up any edits and changes that have been made to the Cardholders since the last synch.
  3. For the initial synch, SAFR external synch should not be established until all the Cardholders are federated to Host.
    1. There is a race condition where the cardholder and credential are loaded before the picture. Safr’s frequent synch will grab the cardholder and credential before the picture is available on the Host and will not update the record with the picture until next full synch.
      • Any changes/edits that are made to existing cardholders on federated system are immediately updated on the federated Host but SAFR is not importing (incremental synch) any changes to existing Cardholders until next full synch.
      • Deleted Cardholders + Credentials in Genetec will be immediately deleted in SAFR.
      • New Cardholders will be added to SAFR based on the full synch configuration.
      • Please contact your SAFR contact person to customize the full synchronization schedule.

Questions or comments about the documentation? Email us at safr-doc-feedback@realnetworks.com .

1