Genetec ClearID™ offered either as a globally distributed or as a European-only
solution, synchronizes data between local sites, regional services, and global services. The
web application modules perform tasks or share data between the authoritative sources,
ClearID, and the endpoints.
IMPORTANT: Transferring or copying a customer account from one instance to another
is not supported.
Globally distributed architecture
The following diagram illustrates the globally distributed solution. The diagram
illustrates what data is stored, where data is stored, and how data flows between the
local sites, the regional services, and the global services.
NOTE: Regional services and global services data is stored in the cloud.
ClearID
takes advantage of the following:
Multiple Azure data centers - to minimize the risk of downtime.
Encrypted employee data - to minimize the risk of data theft.
Geo-localized data - to maintain less infrastructure and provides an optimized
approach for data flow performance.
NOTE:1For more information about which data
centers are used in the Global deployment, see the Microsoft Corporation entry
in the ClearID section of the Genetec
Subprocessors list.
For visitors, the relevant guest information is stored in global storage with the visit
event information. This information is then transferred to the Security Center managing the site visited.
Europe only architecture
The following diagram illustrates the Europe only solution - where data is stored in
European data centers. For example, when customers or company policies require data to
be stored in Europe.
ClearID modules
The following diagram illustrates the ClearID
web application modules that are available to customers:
Authoritative source
Shows the identity provisioning options that are available to customers. You
can create identities in ClearID from
one of the data sources (Databases, HR, External sources) by using one of the
tools (Genetec ClearID™ One Identity Synchronization Tool,
Genetec ClearID™ API, or the Genetec ClearID™ LDAP Synchronization Agent).
Global identity management service
Shows an overview of the features and services offered by the ClearID platform.
Endpoint
Shows the modules that customers directly interact with. These modules are
where the customer enters their data or configures their system.
Cloud architecture
ClearID is deployed on the Microsoft Azure cloud platform, to take advantage of its
industry-recognized security. Microsoft Azure has been audited against SOC 1, SOC 2, and
SOC 3 standards. Audits are conducted in accordance with ISO SSAE 16 and ISAE 3402
standards. Certifications are regularly updated and can be provided upon request. Azure
is also compliant with ISO
27001.
The service architecture is built for High availability (HA) and scalability. Data
stored in ClearID is redundant, ensuring the redundancy of critical data and mitigating
the impact of hardware failure. This architecture, coupled with the robustness of the
underlying Microsoft Azure cloud, means that we can provide a 99.9% SLA.
Security controls
Microsoft Azure adheres to a rigorous set of security controls that govern operations
and support. Microsoft deploys a combination of preventive, defensive, and reactive
controls including the following mechanisms that help to protect against unauthorized
developer or administrative activity:
Strict access controls on sensitive data, including a requirement for two-factor
smart card-based authentication to perform sensitive operations.
Combinations of controls that enhance independent detection of malicious
activity.
Multiple levels of monitoring, logging, and reporting.
Security reports can be used to monitor access patterns and to identify and
reduce potential threats proactively.
Microsoft administrative operations, including system access, are logged to
provide an audit trail if unauthorized or accidental changes are made.
High availability
Azure facilities are designed to run 24x7x365 and use various measures to help protect
operations from power failures, physical intrusions, and network outages. These data
centers comply with industry standards for physical security and availability. Microsoft
operations personnel manage, monitor, and administer these azure facilities.