Architecture of Global cardholder management - Security Center 5.11

Security Center Administrator Guide 5.11

Product
Security Center
Content type
Guides > Administrator guides
Version
5.11
Language
English
Last updated
2024-07-05

To share cardholders across multiple independent Security Center systems, one of the systems must act as the sharing host, while the others act as sharing guests.

Sharing Guest 3 Sharing Guest 2 Sharing Host Local areas Local doors Local elevators applied to Partition D þ Global partition Local partition ¨ Global partition Local access rules Partition C þ Global partition Partition B þ Global partition Partition A þ Global partition grant or deny access to cardholders Local access rules Copy of Partition B Local access rules Sharing Guest 1 Copy of Partition A Local access rules Copy of Partition C Copy of Partition B Copy of Partition C Copy of Partition D Two-way synchronization through Global Cardholder Synchronizer roles

Sharing host system

The sharing host is the Security Center system that you choose to initiate the sharing process. This is done by creating a global partition on that system. All cardholders, cardholder groups, credentials, and badge templates that are members of the global partition automatically become available for sharing. Other types of entities can be part of the global partition, but they are not visible to the sharing guests.

The sharing host owns the master copy of the global partition and the entities that are in it. The sharing host validates all changes made by a sharing guest to the content of the global partition before propagating the change to other sharing parties.

The global partition is like a central database. The sharing host is like the database server and the sharing guests are like the database clients. There is no limit to the number of global partitions that a host system can share.

Sharing guest systems

The sharing guest is a Security Center system that participates in the sharing process. Participation is achieved by creating a Global Cardholder Synchronizer (GCS) role on that system, and using it to connect the sharing guest to the sharing host.

As the sharing guest administrator, you can decide which partitions shared by the host are of interest to your system. The GCS role then creates a copy of the selected global partitions and entities on your local system. Only cardholders, cardholder groups, credentials, and badge templates are eligible for sharing. The shared entities are visually identified with a green icon () superimposed over the regular entity icon.

You can assign local access rules and credentials to global cardholders to grant them access to your local areas, doors, and elevators. You can create, modify, and delete entities from the global partition. The actions you can perform depend on the access rights and privileges of the user account representing the GCS role on the sharing host. All changes made to global entities on the guest system must be validated by the host system. All modifications rejected by the host system are also rejected on your local system.