Global cardholder management (GCM) and Federation™ are both used for sharing information in Security Center, but cardholders and other information are shared differently.
The following table highlights the differences between GCM and Federation.
Best Practice: Use GCM and Federation together on the same system to complement each
other.
| Federation (applied to access control) | Global cardholder management (GCM) |
|---|---|
| Purpose: Central activity and event monitoring | Purpose: Sharing of a central configuration |
| Enables an organization to monitor access control events and activities at independent remote locations (federated sites) from a central location (Federation™ host). | Allows an organization to share the common configuration of access control entities, hosted at a central location (sharing host), with independent remote locations (sharing guests). |
| The Federation host uses the Security Center Federation™ role to connect to the remote sites. | The remote sites use the Global Cardholder Synchronizer (GCS) role to connect to the sharing host. |
| Entities created at remote sites are federated at the central system. | Entities created at the central system are shared at the remote sites. |
| The Federation host can observe but cannot make changes to the remote sites. However, remote entities can be created, modified, or deleted using the Remote configuration task. | The remote site can create, modify, and delete entities shared by the host with all other remote sites, enabling two-way synchronization. |
| A federated site has no visibility into the activities at the Federation host or other federated sites. | All sharing guests have the same read/write access to all shared (global) entities, while maintaining full ownership of their local entities. |
| Almost all entities that generate events can be federated for monitoring purposes. | Only cardholders, cardholder groups, credentials, and badge templates can be shared. |
| Custom fields are not federated. | All custom fields and data types are shared. |
| A federated cardholder can be granted access to the facility managed by the Federation host, but the reverse is not possible. | A global cardholder can be granted access to all facilities participating in the sharing. |
| If you delete a Federation™ role, you can release ownership of the entities to your local Security Center system. If you recreate the role, it can reclaim ownership of the entities that were previously released. For more information, see About releasing or reclaiming ownership of entities from a role. | If you delete a GCS role, the sharing guest automatically loses access to the entities in the shared partition. The only way for a sharing party to transform a global entity into a local entity is to remove it from the shared partition. When this is done, all other systems lose their access to that entity. For more information, Stopping entity sharing with other sites. |