Glossary for Active Directory integration in Security Center - Security Center 5.11

Active Directory Integration Guide 5.11

Applies to
Security Center 5.11
Last updated
2022-10-24
Content type
Guides > Integration guides
Language
English
Product
Security Center
Version
5.11

access control unit

An access control unit entity represents an intelligent access control device, such as a Synergis™ appliance or an HID network controller, that communicates directly with the Access Manager over an IP network. An access control unit operates autonomously when it is disconnected from the Access Manager.
Also known as: door controller

access point

An access point is any entry (or exit) point to a physical area where access can be monitored and governed by access rules. An access point is typically a door side.

action

An action is a user-programmable function that can be triggered as an automatic response to an event, such as door held open for too long or object left unattended, or that can be executed according to a specific time table.

Active Directory

Active Directory is a directory service created by Microsoft, and a type of role that imports users and cardholders from an Active Directory and keeps them synchronized.

Active Directory (AD)

Acronym: AD

antipassback

Antipassback is an access restriction placed on a secured area that prevents a cardholder from entering an area that they have not yet exited from, and vice versa.

Archiver

The Archiver role is responsible for the discovery, status polling, and control of video units. The Archiver also manages the video archive and performs motion detection if it is not done on the unit itself.

Archive transfer

(Obsolete as of Security Center 5.8 GA) The Archive transfer task is an administration task that allows you to configure settings for retrieving recordings from a video unit, duplicating archives from one Archiver to another, or backing up archives to a specific location. Starting from Security Center 5.8 GA, Archive transfer is a page inside the Video administration task.

archive transfer

Archive transfer is the process of transferring your video data from one location to another. The video is recorded and stored on the video unit itself or on an Archiver storage disk, and then the recordings are transferred to another location.

area

In Security Center, an area entity represents a concept or a physical location (room, floor, building, site, and so on) used for grouping other entities in the system.

Area activities

The Area activities task is an investigation task that reports on access control events pertaining to selected areas.

authentication

The process of verifying that an entity is what it claims to be. The entity could be a user, a server, or a client application.

authorization

The process of establishing the rights an entity has over the features and resources of a system.

automatic enrollment

Automatic enrollment is when new IP units on a network are automatically discovered by and added to Security Center. The role that is responsible for the units broadcasts a discovery request on a specific port, and the units listening on that port respond with a message that contains the connection information about themselves. The role then uses the information to configure the connection to the unit and enable communication.

AutoVu™

The AutoVu™ automatic license plate recognition (ALPR) system automates license plate reading and identification, making it easier for law enforcement and for municipal and commercial organizations to locate vehicles of interest and enforce parking restrictions. Designed for both fixed and mobile installations, the AutoVu™ system is ideal for a variety of applications and entities, including law enforcement, municipal, and commercial organizations.

Auxiliary Archiver

The Auxiliary Archiver role supplements the video archive produced by the Archiver role. Unlike the Archiver role, the Auxiliary Archiver role is not bound to any particular discovery port, therefore, it can archive any camera in the system, including cameras federated from other Security Center systems. The Auxiliary Archiver role cannot operate independently; it requires the Archiver role to communicate with video units.

badge template

A badge template is an entity used to configure a printing template for badges.

bookmark

A bookmark is an indicator of an event or incident that is used to mark a specific point in time in a recorded video sequence. A bookmark also contains a short text description that can be used to search for and review the video sequences at a later time.

camera (Security Center)

A camera entity represents a single video source in the system. The video source can either be an IP camera, or an analog camera that connects to the video encoder of a video unit. Multiple video streams can be generated from the same video source.

camera blocking

Camera blocking is an Omnicast™ feature that lets you restrict the viewing of video (live or playback) from certain cameras to users with a minimum user level.

cardholder

A cardholder entity represents a person who can enter and exit secured areas by virtue of their credentials (typically access cards) and whose activities can be tracked.

cardholder group

A cardholder group is an entity that defines the common access rights of a group of cardholders.

certificate authority

A certificate authority or certification authority (CA) is an entity or organization that signs identity certificates and attests to the validity of their contents. The CA is a key component of the public-key infrastructure (PKI)

certificate authority (CA)

Acronym: CA

contract permit parking

Contract permit parking is a parking scenario where only drivers with monthly permits can park in the parking zone. A whitelist is used to grant permit holders access to the parking zone.

credential

A credential entity represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time.

database server

A database server is an application that manages databases and handles data requests made by client applications. Security Center uses Microsoft SQL Server as its database server.

Directory

The Directory role identifies a Security Center system. It manages all entity configurations and system-wide settings. Only a single instance of this role is permitted on your system. The server hosting the Directory role is called the main server, and must be set up first. All other servers you add in Security Center are called expansion servers, and must connect to the main server to be part of the same system.

Directory authentication

Directory authentication is a Security Center option that forces all client and server applications on a given machine to validate the identity certificate of the Directory before connecting to it. This measure prevents man-in-the-middle attacks.

Directory server

A Directory server is any one of the multiple servers simultaneously running the Directory role in a high availability configuration.

discovery port

A discovery port is a port used by certain Security Center roles (Access Manager, Archiver, ALPR Manager) to find the units they are responsible for on the LAN. No two discovery ports can be the same on one system.

encryption certificate

An encryption certificate, also known as a digital certificate or public-key certificate, is an electronic document that contains a public and private key pair used in Security Center for fusion stream encryption. Information encrypted with the public key can only be decrypted with the matching private key.

entity tree

An entity tree is the graphical representation of Security Center entities in a tree structure, illustrating the hierarchical nature of their relationships.

event

An event indicates the occurrence of an activity or incident, such as access denied to a cardholder or motion detected on a camera. Events are automatically logged in Security Center. Every event has an entity as its main focus, called the event source.

expansion server

An expansion server is any server machine in a Security Center system that does not host the Directory role. The purpose of the expansion server is to add to the processing power of the system.

Federal Information Processing Standard

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors.

Federal Information Processing Standard (FIPS)

Acronym: FIPS

Federation™ user

The Federation™ user is the local user account on the remote system that the Federation™ host uses to connect to the remote system. The Federation™ user must have the Federation™ privilege. It is used to control what the Federation™ host can access on the remote system.

fusion stream encryption

Fusion stream encryption is a proprietary technology of Genetec Inc. used to protect the privacy of your video archives. The Archiver uses a two-level encryption strategy to ensure that only authorized client machines or users with the proper certificates on smart cards can access your private data.

Genetec Mission Control™

Genetec Mission Control™ is a collaborative decision management system that provides organizations with new levels of situational intelligence, visualization, and complete incident management capabilities. It allows security personnel to make the right decision when faced with routine tasks or unanticipated situations by ensuring a timely flow of information. To learn more about Genetec Mission Control™, refer to the Genetec™ resource center.

Genetec™ Update Service

The Genetec™ Update Service (GUS) is automatically installed with most Genetec™ products and enables you to update products when a new release becomes available.

Genetec™ Update Service (GUS)

Acronym: GUS

geocoding

Geocoding, sometimes called forward geocoding, is the process of converting a street address into geographic location, such as a latitude and longitude pair.

hash function

In cryptography, a hash function uses a mathematical algorithm to take input data and return a fixed-size alphanumeric string. A hash function is designed to be a one-way function, that is, a function which is infeasible to revert.

identity certificate

An identity certificate is a digital certificate used to authenticate one party to another in a secure communication over a public network. Identity certificates are generally issued by an authority that is trusted by both parties, called a certificate authority (CA).

identity provider

An identity provider is a trusted, external system that administers user accounts, and is responsible for providing user authentication and identity information to relying applications over a distributed network.

Import tool

The Import tool is the tool that you can use to import cardholders, cardholder groups, and credentials from a comma-separated values (CSV) file.

interface module

An interface module is a third-party security device that communicates with an access control unit over IP or RS-485, and provides additional input, output, and reader connections to the unit.

interlock

An interlock (also known as sally port or airlock) is an access restriction placed on a secured area that permits only one perimeter door to be open at any given time.

Keyhole Markup Language

Keyhole Markup Language (KML) is a file format used to display geographic data in an Earth browser such as Google Earth and Google Maps.

Keyhole Markup Language (KML)

Acronym: KML

layout

In Security Desk, a layout entity represents a snapshot of what is displayed in a Monitoring task. Only the tile pattern and the tile contents are saved, not the tile state.

load balancing

Load balancing is the distribution of workload across multiple computers.

main server

The main server is the only server in a Security Center system hosting the Directory role. All other servers on the system must connect to the main server to be part of the same system. In a high availability configuration where multiple servers host the Directory role, it is the only server that can write to the Directory database.

major version

A major version is a software version that adds new features, behavioral changes, SDK capabilities, support for new devices, and performance improvements. Using backward compatibility mode, major versions are compatible with up to three previous major versions. A license update is required to upgrade to a new major version. A major version is indicated by a version number with zeros at the third and fourth positions: X.Y.0.0. For more information, see our Product Lifecycle page on GTAP.

man-in-the-middle

In computer security, man-in-the-middle (MITM) is a form of attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

man-in-the-middle (MITM)

Acronym: MITM

Map Manager

The Map Manager is the central role that manages all mapping resources in Security Center, including imported map files, external map providers, and KML objects. It acts as the map server for all client applications that require maps and as the record provider for all Security Center entities placed on georeferenced maps.

map object

Map objects are graphical representations on your maps of Security Center entities or geographical features, such as cities, highways, rivers, and so on. With map objects, you can interact with your system without leaving your map.

map view

A map view is a defined section of a map.

mobile credential

A mobile credential is a credential on a smartphone that uses Bluetooth or Near Field Communication (NFC) technology to access secured areas.

Network view

The Network view task is an administration task that you can use to configure your networks and servers.

Omnicast™

Security Center Omnicast™ is the IP video management system (VMS) that provides organizations of all sizes the ability to deploy a surveillance system adapted to their needs. Supporting a wide range of IP cameras, it addresses the growing demand for HD video and analytics, all the while protecting individual privacy.

overtime rule

An overtime rule is an entity that defines a parking time limit and the maximum number of violations enforceable within a single day. Overtime rules are used in city and university parking enforcement. For university parking, an overtime rule also defines the parking area where these restrictions apply.

parking session

The AutoVu™ Free-Flow feature in Security Center uses parking sessions to track each vehicle's stay in a parking zone. A parking session is divided into four states: Valid (including convenience time, paid time, and grace period), Violation, Enforced, and Completed.

Parking sessions

The Parking sessions task is an investigation task that you can use to generate a list of vehicles that are currently in violation. You can create a vehicle inventory report for the current parking zone occupancy or for a specific time in the past based on the selected time filter.

parking zone

The parking zones that you define in Security Center represent off-street parking lots where the entrances and exits are monitored by Sharp cameras.

partition

A partition is an entity in Security Center that defines a set of entities that are only visible to a specific group of users. For example, a partition could include all areas, doors, cameras, and zones in one building.

People counting

The People counting task is an operation task that keeps count in real-time of the number of cardholders in all secured areas of your system.

Plan Manager

(Obsolete) Plan Manager is a module of Security Center that provides interactive mapping functionality to better visualize your security environment. The Plan Manager module has been replaced by the Security Center role, Map Manager, since version 5.4 GA.

primary server

The primary server is the default server chosen to perform a specific function (or role) in the system. To increase the system's fault-tolerance, the primary server can be protected by a secondary server on standby. When the primary server becomes unavailable, the secondary server automatically takes over.

privacy protection

In Security Center, privacy protection is software that anonymizes or masks parts of a video stream where movement is detected. The identity of individuals or moving objects is protected, without obscuring movements and actions or preventing monitoring.

private task

A private task is a saved task that is only visible to the user who created it.

Record Fusion Service

The Record Fusion Service is the central role that provides a unified querying mechanism for data records that come from a wide variety of sources, such as Security Center modules or third-party applications. All record requests go through this role, which then queries their respective record providers.

record type

In Security Center, a record type defines the data format and display properties of a set of records that you can share across the entire system through the Record Fusion Service role.

recording mode

Recording mode is the criteria by which the system schedules the recording of video streams. There are four possible recording modes:
  • Continuous. Records continuously.
  • On motion/Manual. Records according to motion detection settings, and when a user or system action requests it.
  • Manual. Records only when a user or system action requests it.
  • Off. No recording is permitted.

redundant archiving

Redundant archiving is an option to enhance the availability of video and audio archives during failover and to protect against data loss. If you enable this option, all servers assigned to an Archiver role archive video, and audio, at the same time.

restricted camera

Restricted cameras are cameras that Genetec Inc. has identified as cybersecurity risks.

reverse geocoding

Reverse geocoding is the process of converting a geographic location, such as a latitude and longitude pair, into a human-readable address.

secondary server

A secondary server is an alternative server on standby intended to replace the primary server in case the latter becomes unavailable.
Also known as: standby server

Security Center

Security Center is a truly unified platform that blends IP video surveillance, access control, automatic license plate recognition, intrusion detection, and communications within one intuitive and modular solution. By taking advantage of a unified approach to security, your organization becomes more efficient, makes better decisions, and responds to situations and threats with greater confidence.

Security Center Mobile

(Obsolete) See Mobile Server and Genetec™ Mobile.

security clearance

A security clearance is a numerical value used to further restrict the access to an area when a threat level is in effect. Cardholders can only enter an area if their security clearance is equal or higher than the minimum security clearance set on the area.

self-signed certificate

A self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies, as opposed to a certificate authority (CA). Self-signed certificates are easy to make and do not cost money. However, they do not provide all of the security properties that certificates signed by a CA aim to provide.

server

In Security Center, a server entity represents a computer on which the Genetec™ Server service is installed.

server certificate

A server certificate is an identity certificate used to authenticate the server's identity to the client. Server certificates are also used to encrypt data-in-transit to ensure data confidentiality.

sharing guest

A sharing guest is a Security Center system that has been given the rights to view and modify entities owned by another Security Center system, called the sharing host. Sharing is done by placing the entities in a global partition.

sharing host

A sharing host is a Security Center system that gives the right to other Security Center systems to view and modify its entities by putting them up for sharing in a global partition.

Software Development Kit

The Software Development Kit (SDK) is what end-users use to develop custom applications or custom application extensions for Security Center.

Software Development Kit (SDK)

Acronym: SDK

Synergis™

Security Center Synergis™ is the IP access control system (ACS) that heightens your organization’s physical security and increases your readiness to respond to threats. Synergis™ supports an ever-growing portfolio of third-party door control hardware and electronic locks. Using Synergis™, you can leverage your existing investment in network and security equipment.

task cycling

A task cycling is a Security Desk feature that automatically cycles through all tasks in the active task list following a fixed dwell time.

third-party authentication

Third-party authentication uses a trusted, external identity provider to validate user credentials before granting access to one or more IT systems. The authentication process returns identifying information, such as a username and group membership, that is used to authorize or deny the requested access.

threat level

Threat level is an emergency handling procedure that a Security Desk operator can enact on one area or the entire system to deal promptly with a potentially dangerous situation, such as a fire or a shooting.

transient parking

Transient parking is a parking scenario where the driver must purchase parking time as soon as the vehicle enters the parking lot.

user group

A user group is an entity that defines a group of users who share common properties and privileges. By becoming member of a group, a user automatically inherits all the properties of the group. A user can be a member of multiple user groups. User groups can also be nested.

user level (Security Center)

A user level is a numeric value assigned to users to restrict their ability to perform certain operations, such as controlling a camera PTZ, viewing the video feed from a camera, or staying logged on when a threat level is set. Level 1 is the highest user level, with the most privileges.

video analytics

Video analytics is the software technology that is used to analyze video for specific information about its content. Examples of video analytics include counting the number of people crossing a line, detection of unattended objects, or the direction of people walking or running.

video archive

A video archive is a collection of video, audio, and metadata streams managed by an Archiver or Auxilliary Archiver role. These collections are catalogued in the archive database that includes camera events linked to the recordings.

video sequence

A video sequence is any recorded video stream of a certain duration.

video unit

A video unit is a video encoding or decoding device that is capable of communicating over an IP network and that can incorporate one or more video encoders. The high-end encoding models also include their own recording and video analytics capabilities. Cameras (IP or analog), video encoders, and video decoders are all examples of video units. In Security Center, a video unit refers to an entity that represents a video encoding or decoding device.

VSIP port

The VSIP port is the name given to the discovery port of Verint units. A given Archiver can be configured to listen to multiple VSIP ports.