The Access control task is an
administration task that you can use to configure access control roles, units, access
rules, cardholders, credentials, and related entities and settings.
access control unit
An access control unit entity represents an intelligent
access control device, such as a Synergis™
appliance or an HID network controller, that communicates directly with the Access
Manager over an IP network. An access control unit operates autonomously when it is
disconnected from the Access Manager.
Also known as: door
The Access Manager role manages and monitors access
control units on the system.
An access point is any entry (or exit) point to a physical
area where access can be monitored and governed by access rules. An access point is
typically a door side.
An access right is the basic right users must have over any
part of the system before they can do anything with it. Other rights, such as viewing
and modifying entity configurations, are granted through privileges. In the context of a Synergis™ system, an access right is
the right granted to a cardholder to pass through an access point at a given date and
An access rule entity defines a list of cardholders to whom
access is either granted or denied based on a schedule. Access rules can be applied to
secured areas and doors for entries and exits, or to intrusion detection areas for
arming and disarming.
Access rule configuration
The Access rule configuration
task is a maintenance task that reports on entities and access points affected by a
given access rule.
Access troubleshooter is a tool that helps you
detect and diagnose access configuration problems.
With this tool, you can find out
about the following:
- Who is allowed to pass through an access point at a given date and time
- Which access points a cardholder is allowed to use at a given date and time
- Why a given cardholder can or cannot use an access point at a given date and
An alarm entity describes a particular type of trouble situation
that requires immediate attention and how it can be handled in Security Center. For example, an alarm can indicate
which entities (usually cameras and doors) best describe the situation, who must be
notified, how it must be displayed to the user, and so on.
Antipassback is an access restriction placed on a secured
area that prevents a cardholder from entering an area that they have not yet exited
from, and vice versa.
In Security Center, an area
entity represents a concept or a physical location (room, floor, building, site, and so
on) used for grouping other entities in the system.
The Area activities task is an
investigation task that reports on access control events pertaining to selected
The Area presence is and investigation
task that provides a snapshot of all cardholders and visitors currently present in a
The Area view task is an
administration task that you can use to configure areas, doors, cameras, tile plugins,
intrusion detection areas, zones, and other entities found in the area
The area view is a view that organizes the commonly used entities
such as doors, cameras, tile plugins, intrusion detection areas, zones, and so on, by
areas. This view is primarily created for the day to day work of the security
Automatic enrollment is when new IP units on a network are
automatically discovered by and added to Security Center. The role that is responsible
for the units broadcasts a discovery request on a specific port, and the units
listening on that port respond with a message that contains the connection information
about themselves. The role then uses the information to configure the connection to the
unit and enable communication.
The Badge designer is the tool that you can use to design
and modify badge templates.
A badge template is an entity used to configure a printing
template for badges.
Card and PIN
Card and PIN is an access point mode that requires a cardholder to
present their card, and then enter a personal identification number (PIN).
A cardholder entity represents a person who can enter and
exit secured areas by virtue of their credentials (typically access cards) and whose
activities can be tracked.
The Cardholder access rights
task is a maintenance task that reports on which cardholders and cardholder groups are
granted or denied access to selected areas, doors, and elevators.
The Cardholder activities task
is an investigation task that reports on cardholder activities, such as access denied,
first person in, last person out, antipassback violation, and so on.
configuration is a maintenance task that reports on cardholder
properties, such as first name, last name, picture, status, custom properties, and so
A cardholder group is an entity that defines the common
access rights of a group of cardholders.
The Cardholder management task
is an operation task. You can use this task to create, modify, and delete cardholders.
With this task, you can also manage a cardholders' credentials, including temporary
Commercial Identity Verification
Commercial Identity Verification (CIV) is a credential standard that
works within the Personal Identity Verification (PIV) framework, but is tailored for the
Commercial Identity Verification (CIV)
A controlled exit is when credentials are necessary to leave a
Controller module is the processing component of
Controller with IP capability. This module comes
pre-loaded with the controller firmware and the web-based administration tool, Synergis™ Appliance Portal.
A credential entity represents a proximity card, a biometrics
template, or a PIN required to gain access to a secured area. A credential can only be
assigned to one cardholder at a time.
The Credential activities task
is an investigation task that reports on credential related activities, such as access
denied due to expired, inactive, lost, or stolen credentialsl, and so
A credential code is a textual representation of the
credential, typically indicating the Facility code and the Card number. For credentials
using custom card formats, the user can choose what to include in the credential
The Credential configuration
task is a maintenance task that reports on credential properties, such as status,
assigned cardholder, card format, credential code, custom properties, and so
The Credential management task
is an operation task. You can use this task to create, modify, and delete credentials.
With this task, you can also print badges and enroll large numbers of card credentials
into the system, either by scanning them at a designated card reader or by entering a
range of values.
The Credential request
history task is an investigation task that reports on which users
requested, canceled, or printed cardholder credentials.
A custom event is an event added after the initial system
installation. Events defined at system installation are called system events. Custom
events can be user-defined or automatically added through plugin installations. Unlike
system events, custom events can be renamed and deleted.
A debounce is the amount of time an input can be in a changed
state (for example, from active to inactive) before the state change is reported.
Electrical switches often cause temporarily unstable signals when changing states,
possibly confusing the logical circuitry. Debouncing is used to filter out unstable
signals by ignoring all state changes that are shorter than a certain period (in
Degraded mode is an offline operation mode of the interface
module when the connection to the Synergis™ unit
is lost. The interface module grants access to all credentials matching a specified
Dependent mode is an online operation mode of the
interface module where the Synergis™ unit makes all access control decisions. Not all
interface modules can operate in dependent mode.
The Directory role identifies a Security Center system. It manages all entity
configurations and system-wide settings.
Only a single instance of this role is permitted on
your system. The server hosting the Directory role is called the main server, and
must be set up first. All other servers you add in Security Center are called
expansion servers, and must connect to the main server to be part of the same
A discovery port is a port used by certain Security Center roles
(Access Manager, Archiver, ALPR Manager) to find the units they are responsible for on
the LAN. No two discovery ports can be the same on one system.
A door entity represents a physical barrier. Often, this is an
actual door but it could also be a gate, a turnstile, or any other controllable barrier.
Each door has two sides, named In and Out by default. Each side is an
access point (entrance or exit) to a secured area.
The Door activities task is an
investigation task that generates reports on door-related activities, such as access
denied, door forced open, door open too long, hardware tamper, and so
A door contact monitors the state of a door, whether it is open or
closed. It can also be used to detect an improper state, such as door open too
Every door has two sides, named In and Out by default.
Each side is an access point to an area. For example, passing through one side leads
into an area, and passing through the other side leads out of that area. For the
purposes of access management, the credentials that are required to pass through a door
in one direction are not necessarily the same that are required to pass through in the
A door template defines the wiring for a specific door
configuration, which simplifies and accelerates the door creation process by eliminating
the need to manually map the physical wiring for a door entity.
The Door troubleshooter task is
a maintenance task that lists all the cardholders who have access to a particular door
side or elevator floor at a specific date and time.
With double-badge activation, also known as
double-swipe activation, an authorized cardholder can unlock a door and trigger actions
by badging twice. The door remains unlocked and the action remains active until the next
electric door strike
An electric door strike is an electric device that releases
the door latch when current is applied.
An elevator is an entity that provides access control
properties to elevators. For an elevator, each floor is considered an access
The Elevator activities task is
an investigation task that reports on elevator related activities, such as access
denied, floor accessed, unit is offline, hardware tamper, and so on.
Entities are the basic building blocks of Security Center. Everything
that requires configuration is represented by an entity. An entity can represent a
physical device, such as a camera or a door, or an abstract concept, such as an alarm, a
schedule, a user, a role, a plugin, or an add-on.
An event indicates the occurrence of an activity or incident, such
as access denied to a cardholder or motion detected on a camera. Events are
automatically logged in Security Center. Every
event has an entity as its main focus, called the event source.
An event-to-action links an action to an event. For example, you
can configure Security Center to trigger an
alarm when a door is forced open.
An expansion server is any server machine in a Security Center
system that does not host the Directory role. The purpose of the expansion server is to
add to the processing power of the system.
An extension refers to a group of manufacturer-specific
settings found in the Extensions configuration page of a role, such
as Archiver, Access Manager, or Intrusion Manager. Most extensions are built-in to
Security Center, but some require the
installation of an add-on; in those situations, the extension also refers to this
Federal Agency Smart Credential
A Federal Agency Smart Credential Number (FASC-N) is an identifier
used in the Personal Identity Verification (PIV) credentials issued by US Federal
Agencies. FASC-N credential bit lengths vary based on reader configuration; Security Center natively recognizes 75-bit and 200-bit formats.
Federal Agency Smart Credential Number (FASC-N)
The Federation™ feature
joins multiple, independent Genetec™ IP
security systems into a single virtual system. With this feature, users on the central
Security Center system can view and control entities that belong to remote
The first-person-in rule is the additional access
restriction placed on a secured area that prevents anyone from entering the area until a
supervisor is on site. The restriction can be enforced when there is free access (on
door unlock schedules) and when there is controlled access (on access
four-port RS-485 module
A four-port RS-485 module is a RS-485
communication component of Synergis™ Master
Controller with four ports
(or channels) named A, B, C, and D. The number of interface modules you can connect to
each channel depends on the type of hardware you have.
A free access is an access point state where no credentials are
necessary to enter a secured area. The door is unlocked. This is typically used during
normal business hours, as a temporary measure during maintenance, or when the access
control system is first powered up and is yet to be configured.
A free exit is an access point state where no credentials are
necessary to leave a secured area. The person releases the door by turning the doorknob,
or by pressing the REX button, and walks out. An automatic door closer shuts the door so
it can be locked after being opened.
Global antipassback is a feature that extends the
antipassback restrictions to areas controlled by multiple Synergis™
Global Cardholder Synchronizer
The Global Cardholder Synchronizer role ensures the
two-way synchronization of shared cardholders and their related entities between the
local system (sharing guest) where it resides and the central system (sharing
Global Cardholder Synchronizer (GCS)
A global entity is an entity that is shared across multiple
independent Security Center systems by virtue of its membership to a global partition.
Only cardholders, cardholder groups, credentials, and badge templates are eligible for
Global partition is a partition that is shared across multiple
independent Security Center systems by the partition owner, called the sharing
The Hardware inventory task is a
maintenance task that reports on the characteristics (unit model, firmware version, IP
address, time zone, and so on) of access control, video, intrusion detection, and ALPR
units in your system.
A hardware zone is a zone entity in which the I/O linking is
executed by a single access control unit. A hardware zone works independently of the
Access Manager, and consequently, cannot be armed or disarmed from Security
The Import tool is the tool that you can use to import
cardholders, cardholder groups, and credentials from a comma-separated values (CSV)
An interface module is a third-party security device that
communicates with an access control unit over IP or RS-485, and provides additional
input, output, and reader connections to the unit.
An interlock (also known as sally port or airlock) is an
access restriction placed on a secured area that permits only one perimeter door to be
open at any given time.
Intrusion detection designates one of the following:
intrusion detection (hardware) or intrusion detection
An intrusion detection area entity represents a
zone (sometimes called an area) or a partition (group of sensors) on an intrusion
Intrusion detection area
The Intrusion detection area
activities task is an investigation task that reports on activities
(master arm, perimeter arm, duress, input trouble, and so on) in selected intrusion
The Intrusion detection task
is an administration task that you can use to configure intrusion detection roles and
An intrusion detection unit entity represents an
intrusion device (intrusion panel, control panel, receiver, and so on) that is monitored
and controlled by the Intrusion Manager role.
Intrusion detection unit
The Intrusion detection unit
events task is an investigation task that reports on events (AC fail,
battery fail, unit lost, input trouble, and so on) related to selected intrusion
The Intrusion Manager role monitors and controls
intrusion detection units. It listens to the events reported by the units, provides live
reports to Security Center, and logs the events
in a database for future reporting.
An intrusion panel (also known as alarm
panel or control panel) is a wall-mounted unit where the alarm sensors
(motion sensors, smoke detectors, door sensors, and so on) and wiring of the intrusion
alarms are connected and managed.
Also known as: alarm
The I/O configuration task is a
maintenance task that reports on the I/O configurations (controlled access points,
doors, and elevators) of access control units.
I/O (input/output) linking is controlling an output relay based on
the combined state (normal, active, or trouble) of a group of monitored inputs. A
standard application is to sound a buzzer (through an output relay) when any window on
the ground floor of a building is shattered (assuming that each window is monitored by a
"glass break" sensor connected to an input).
An I/O zone is a zone entity in which the I/O linking can be
spread across multiple Synergis™ units, while one unit acts as the master unit. All
Synergis™ units involved in an I/O zone must be managed by the same Access Manager. The
I/O zone works independently of the Access Manager, but ceases to function if the master
unit is down. An I/O zone can be armed and disarmed from Security
Desk as long as the
master unit is online.
A live event is an event that Security Center receives when the event occurs.
Security Center processes live events in
real-time. Live events are displayed in the event list in Security
Desk and can be used to trigger
The main server is the only server in a Security Center
system hosting the Directory role. All other servers on the system must connect to the
main server to be part of the same system. In a high availability configuration where
multiple servers host the Directory role, it is the only server that can write to the
The Maps task is an operation task that
heightens your situational awareness by providing the context of a map to your security
monitoring and control activities.
An offline event is an event that occurs while the event
source is offline. Security Center only receives
the offline events when the event source is back online.
An output behavior is an entity that defines a custom
output signal format, such as a pulse with a delay and duration.
A partition is an entity in Security Center that defines a set of entities that
are only visible to a specific group of users. For example, a partition could include
all areas, doors, cameras, and zones in one building.
The People counting task is an
operation task that keeps count in real-time of the number of cardholders in all secured
areas of your system.
Personal Identity Verification
Personal Identity Verification (PIV) is a credential specified by
the US government's Federal Information Processing Standard Publication 201 (FIPS 201),
which specifies cryptographic key sizes, algorithms, biometrics, and best practices in
physical access control.
Personal Identity Verification (PIV)
Personal Identity Verification-Interpoerable
Personal Identity Verification-Interoperable (PIV-I) is a
credential specified by the US government's Federal Information Processing Standard
Publication 201 (FIPS 201), which is mainly issued by US non-federal entities, but might
be used for either federal or non-federal installations.
Personal Identity Verification-Interoperable (PIV-I)
Privileges define what users can do, such as arming zones,
blocking cameras, and unlocking doors, over the part of the system they have access
A reader is a sensor that reads the credential for an access control
system. For example, this can be a card reader, or a biometrics scanner.
request to exit
Request to exit (REX) is a door release button normally located
on the inside of a secured area that when pressed, allows a person to exit the secured
area without having to show any credential. This can also be the signal from a motion
detector. It is also the signal received by the controller for a request to
request to exit (REX)
A role is a software component that performs a specific job within
Security Center. To execute a role, you must assign one or more servers to host
A schedule is an entity that defines a set of time constraints
that can be applied to a multitude of situations in the system. Each time constraint is
defined by a date coverage (daily, weekly, ordinal, or specific) and a time coverage (all day,
fixed range, daytime, and nighttime).
A scheduled task is an entity that defines an action that
executes automatically on a specific date and time, or according to a recurring
A secured area is an area entity that represents a physical
location where access is controlled. A secured area consists of perimeter doors (doors
used to enter and exit the area) and access restrictions (rules governing the access to
A security clearance is a numerical value used to further
restrict the access to an area when a threat level is in effect. Cardholders can only
enter an area if their security clearance is equal or higher than the minimum security
clearance set on the area.
The server mode is a special online operation mode restricted
to Synergis™ units, in which the unit allows the Access Manager (the server) to make all
access control decisions. The unit must stay connected to the Access Manager at all
times to operate in this mode.
A Service Release (SR) is a standalone release that
includes minor functionality improvements, bug fixes, and the integration of new
hardware, intrusion devices, and plugins.
Service Release (SR)
A sharing guest is a Security Center system that has been
given the rights to view and modify entities owned by another Security Center system,
called the sharing host. Sharing is done by placing the entities in a global
A sharing host is a Security Center system that gives the right to other
Security Center systems to view and modify
its entities by putting them up for sharing in a global partition.
Standalone mode is an operation mode where the interface
module makes autonomous decisions based on the access control settings previously
downloaded from the Synergis™ unit. When the module is online, activity reporting occurs
live. When the module is offline, activity reporting occurs on schedule, or when the
connection to the unit is available. Not all interface modules can operate in standalone
A standard schedule is a schedule entity that can be
used in all situations. Its only limitation is that it does not support daytime or
A strict antipassback is an antipassback option. When
enabled, a passback event is generated when a cardholder attempts to leave an area that
they were never granted access to. When disabled, Security Center only generates
passback events for cardholders entering an area that they never exited.
Supervised mode is an online operation mode of the
interface module where the interface module makes decisions based on the access control
settings previously downloaded from the Synergis™ unit. The interface module reports its
activities in real time to the unit, and allows the unit to override a decision if it
contradicts the current settings in the unit. Not all interface modules can operate in
A Streamvault™ is a turnkey appliance that comes with an
embedded operating system and Security Center
pre-installed. You can use Streamvault™ appliances to quickly deploy a unified or
standalone video surveillance and access control system.
Synergis™ is the IP access control system (ACS) that
heightens your organization’s physical security and increases your readiness to respond to
threats. Synergis™ supports an ever-growing portfolio
of third-party door control hardware and electronic locks. Using Synergis™, you can leverage your existing investment in
network and security equipment.
appliance is an IP-ready security appliance manufactured by Genetec Inc. that is dedicated to access control
functions. All Synergis™ appliances come
pre-installed with Synergis™
Softwire and are enrolled as
access control units in Security Center.
Synergis™ Appliance Portal
The Synergis™ Appliance Portal
is the web-based administration tool used to configure and administer the Synergis™ appliance and upgrade its
Link is an
intelligent PoE-enabled IoT gateway designed to address the demand for a non-proprietary
access control solution. Synergis™ Cloud
Link provides native
support for a wide variety of intelligent controllers and electronic
Synergis™ IX (pronounced
"eye-ex") is a family of hybrid controllers and downstream modules used to manage both
access control points and intrusion points. The Synergis™ IX product line is only available to the Australian
and New Zealand markets.
the web-based administration tool that you use to configure and administer the Synergis™ IX controller and upgrade its
(SMC) is an access control appliance of Genetec Inc. that supports various third-party
interface modules over IP and RS-485. SMC is seamlessly integrated with Security Center and can make access control decisions
independently of the Access Manager.
Softwire is the
access control software developed by Genetec Inc. to run on various IP-ready security
Softwire lets these appliances
communicate with third-party interface modules. A security appliance running Synergis™
Softwire is enrolled as an access control unit in
A Synergis™ unit is a Synergis™ appliance that is
enrolled as an access control unit in Security Center.
A system event is a predefined event that indicates the occurrence
of an activity or incident. System events are defined by the system and cannot be
renamed or deleted.
Threat level is an emergency handling procedure that a Security
Desk operator can enact on one area or the entire system to deal promptly with a
potentially dangerous situation, such as a fire or a shooting.
Time and attendance
The Time and attendance task is
an investigation task that reports on who has been inside a selected area and the total
duration of their stay within a given time range.
Timed antipassback is an antipassback option. When
Security Center considers a cardholder to be already in an area, a passback event is
generated when the cardholder attempts to access the same area again during the time
delay defined by Presence timeout. When the time delay has expired, the
cardholder can once again pass into the area without generating a passback
The two-person rule is the access restriction placed on a door
that requires two cardholders (including visitors) to present their credentials within a
certain delay of each other in order to gain access.
A unit is a hardware device that communicates over an IP network that can
be directly controlled by a Security Center role.
We distinguish four types of
units in Security Center
- Access control units, managed by the Access Manager role
- Video units, managed by the Archiver role
- ALPR units, managed by the ALPR Manager role
- Intrusion detection units, managed by the Intrusion Manager role
Unit discovery tool
Starting with Security Center 5.4 GA the Unit discovery tool has
been replaced by the Unit enrollment tool.
Unit replacement is a tool that you can use to replace a
failed hardware device with a compatible one, while ensuring that the data associated to the
old unit gets transferred to the new one. For an access control unit, the configuration of the
old unit is copied to the new unit. For a video unit, the video archive associated to the old
unit is now associated to the new unit, but the unit configuration is not
Unit synchronization is the process of downloading
the latest Security Center settings to an access control unit. These settings, such as
access rules, cardholders, credentials, unlock schedules, and so on, are required so
that the unit can make accurate and autonomous decisions in the absence of the Access
An unlock schedule defines the periods of time when free access
is granted through an access point (door side or elevator floor).
A user is an entity that identifies a person who uses Security Center applications and defines the rights
and privileges that person has on the system. Users can be created manually or imported
from an Active Directory.
user level (Security Center)
A user level is a numeric value assigned to users to restrict their ability to perform certain operations, such as controlling a camera PTZ, viewing the video feed from a camera, or staying logged on when a threat level is set. Level 1 is the highest user level, with the most privileges.
A virtual zone is a zone entity where the I/O linking is done by
software. The input and output devices can belong to different units of different types.
A virtual zone is controlled by the Zone Manager and only works when all the units are
online. It can be armed and disarmed from Security
The Visit details task is an
investigation task that reports on the stay (check-in and check-out time) of current and
The Visitor activities task is an
investigation task that reports on visitor activities (access denied, first person in,
last person out, antipassback violation, and so on).
visitor escort rule
The visitor escort rule is the additional access
restriction placed on a secured area that requires visitors to be escorted by a
cardholder during their stay. Visitors who have a host are not granted access through
access points until both they and their assigned host (cardholder) present their
credentials within a certain delay.
The Visitor management task is
the operation task that you can use to check in, check out, and modify visitors, as well
as manage their credentials, including temporary replacement cards.
A zone is an entity that monitors a set of inputs and triggers
events based on their combined states. These events can be used to control output
The Zone activities task is an
investigation task that reports on zone related activities (zone armed, zone disarmed,
lock released, lock secured, and so on).
The Zone Manager role manages virtual zones and triggers
events or output relays based on the inputs configured for each zone. It also logs the zone
events in a database for zone activity reports.