Global cardholder management (GCM) and Federation™ are both used for sharing information in Security Center, but cardholders and other information are shared differently.
The following table highlights the differences between GCM and Federation™.
Best Practice: Use GCM and Federation™ together on the same system to complement each
other.
Federation™ (applied to access control) | Global cardholder management (GCM) |
---|---|
Purpose: Central activity and event monitoring | Purpose: Sharing of a central configuration |
Allows an organization to monitor from a central location (Federation™ host), the access control events and activities at independent remote locations (federated sites). | Allows an organization to share the common configuration of access control entities, hosted at a central location (sharing host), with independent remote locations (sharing guests). |
The Federation™ host uses the Security Center Federation™ role to connect to the remote sites. | The remote sites use the Global Cardholder Synchronizer role to connect to the sharing host. |
Entities created at remote sites are federated at the central system. | Entities created at the central system are shared at the remote sites. |
The Federation™ host can observe, but cannot change anything on the remote sites. Remote entities can be created, modified, or deleted using the Remote configuration task. | The remote site can create, modify, and delete the entities that are shared by the host with all other remote sites (two-way synchronization). |
A federated site has no visibility on what is going on at the Federation™ host or other federated sites. | All sharing guests have the same read/write access to all shared (global) entities, while maintaining full ownership of the local entities. |
Almost all entities that generate events can be federated (monitored). | Only cardholders, cardholder groups, credentials, and badge templates can be shared. |
Custom fields are not federated. | All custom fields and data types are shared. |
A federated cardholder can be granted access to the facility managed by the Federation™ host, but not the reverse. | A global cardholder can be granted access to all facilities participating in the sharing. |