Genetec Security Center SaaS User Guide

September 29, 2024
Genetec

Genetec Security Center SaaS

Specifications

  • Product Name: Security Center SaaS Deployment Guide
  • Last Updated: September 6, 2024
  • Document Number: EN.600.001
  • Manufacturer: Genetec Inc.

Chapter 1: Getting Started

  • About Security Center SaaS: The Security Center SaaS is a unified solution for integrators to deploy hybrid components.
  • Setup Overview: This section provides an overview of the initial tasks required to set up the Security Center SaaS system.
  • Signing in to Security Center SaaS: Instructions on how to log in to the Security Center SaaS platform will be detailed here.

Chapter 2: Requirements

  • Presale Checklist: A list of prerequisites and considerations for integrators planning to purchase and deploy Security Center SaaS.
  • Network Requirements: Details about the network infrastructure needed for the deployment of Security Center SaaS.
  • Port Requirements: Information on the specific port configurations required for different components, including direct-to-cloud cameras, appliances, and clients.

FAQs

Q: Can I modify or reproduce the contents of this guide?
A: No, the contents of this guide are protected under copyright law and may not be copied, modified, or reproduced without prior written consent from Genetec Inc.

Q: What should I do if I encounter errors or inaccuracies in the guide?
A: You can send your comments, corrections, and suggestions about this guide to documentation@genetec.com for further assistance.

Security Center SaaS Deployment Guide
Click here for the most recent version of this document.
Document last updated: September 6, 2024

Legal notices
©2024 Genetec Inc. All rights reserved.
Genetec Inc. distributes this document with software that includes an end-user license agreement and is furnished under license and may be used only in accordance with the terms of the license agreement. The contents of this document are protected under copyright law.
The contents of this guide are furnished for informational use only and are subject to change without notice. Genetec Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this guide.
This publication may not be copied, modified, or reproduced in any form or for any purpose, nor can any derivative works be created therefrom without Genetec Inc.’s prior written consent.
Genetec Inc. reserves the right to revise and improve its products as it sees fit. This document describes the state of a product at the time of document’s last revision, and may not reflect the product at all times in the future.
In no event shall Genetec Inc. be liable to any person or entity with respect to any loss or damage that is incidental to or consequential upon the instructions found in this document or the computer software and hardware products described herein.
GenetecTM, AutoVuTM, AutoVu MLCTM, CitywiseTM, Cloud Link RoadrunnerTM, Community ConnectTM, Curb SenseTM, FederationTM, FlexreaderTM, Genetec Airport SenseTM, Genetec CitigrafTM, Genetec ClearanceTM, Genetec ClearIDTM, Genetec CloudlinkTM, Genetec Mission ControlTM, Genetec MotoscanTM, Genetec PatrollerTM, Genetec Retail SenseTM, Genetec Traffic SenseTM, KiwiVisionTM, KiwiSecurityTM, OmnicastTM, Privacy ProtectorTM, SipeliaTM, StratocastTM, StreamvaultTM, Streamvault EdgeTM, SynergisTM, ValcriTM, their respective logos, as well as the Mobius Strip Logo are trademarks of Genetec Inc., and may be registered or pending registration in several jurisdictions.
Other trademarks used in this document may be trademarks of the manufacturers or vendors of the respective products.
Patent pending. GenetecTM Security Center, OmnicastTM, AutoVuTM, StratocastTM, Genetec CitigrafTM, Genetec ClearanceTM, and other GenetecTM products are the subject of pending patent applications, and may be the subject of issued patents, in the United States and in other jurisdictions worldwide.
All specifications are subject to change without notice.
Document information
Document title: Security Center SaaS Deployment Guide
Original document number: EN.600.001
Document number: EN.600.001
Document update date: September 6, 2024
You can send your comments, corrections, and suggestions about this guide to documentation@genetec.com.

About this guide
This guide is intended for integrators who are planning to purchase Security Center SaaS and deploy hybrid components. It introduces our unified SaaS solution and describes the prerequisites and initial tasks to set up the system.
Notes and notices
The following notes and notices might appear in this guide: · Tip: Suggests how to apply the information in a topic or step. · Note: Explains a special case or expands on an important point. · Important: Points out critical information concerning a topic or step. · Caution: Indicates that an action or step can cause loss of data, security problems, or performance issues. · Warning: Indicates that an action or step can result in physical harm, or cause damage to hardware. IMPORTANT: Content in this guide that references information found on third-party websites was accurate at the time of publication, however, this information is subject to change without prior notice from Genetec Inc.

Contents

Preface

Legal notices . . . . . . . . . . . . . . . . . . . . .

ii

About this guide . . . . . . . . . . . . . . . . . . . .

iii

Chapter 1: Getting started

About Security Center SaaS . . . . . . . . . . . . . . . . . .

2

Setup overview . . . . . . . . . . . . . . . . . . . . . 3

Signing in to Security Center SaaS . . . . . . . . . . . . . . . .

4

Chapter 2: Requirements

Presale checklist . . . . . . . . . . . . . . . . . . . . . 6

Network requirements . . . . . . . . . . . . . . . . . . .

7

Port requirements . . . . . . . . . . . . . . . . . . . .

8

Port requirements for direct-to-cloud cameras . . . . . . . . . . . .

8

Port requirements for appliances . . . . . . . . . . . . . . .

11

Port requirements for clients . . . . . . . . . . . . . . . .

18

Port requirements for Federation . . . . . . . . . . . . . . .

20

Supported devices . . . . . . . . . . . . . . . . . . . . 21

Supported features . . . . . . . . . . . . . . . . . . . . 22

Chapter 3: User management

Adding users . . . . . . . . . . . . . . . . . . . . .

24

Adding groups . . . . . . . . . . . . . . . . . . . . . 27

Chapter 4: Device management

Adding devices . . . . . . . . . . . . . . . . . . . . . 30

Adding Axis direct-to-cloud cameras . . . . . . . . . . . . . . . . 31

Adding Axis Powered by Genetec devices . . . . . . . . . . . . . .

35

Signing in to an Axis Powered by Genetec device . . . . . . . . . . . . 38

Adding Genetec Cloudlink 310 appliances . . . . . . . . . . . . . .

40

Applying a static IP configuration to Genetec Cloudlink 310 . . . . . . . . .

42

Adding cameras to Genetec Cloudlink 310 using automatic discovery . . . . . . . 43

Adding cameras to Genetec Cloudlink 310 manually . . . . . . . . . . . 44

Adding Synergis Cloud Link appliances . . . . . . . . . . . . . . .

45

How privacy protection works in Security Center SaaS . . . . . . . . . . .

47

Chapter 5: Federation through reverse tunneling

What is reverse tunneling . . . . . . . . . . . . . . . . . .

50

Deploying Security Center Federation using reverse tunneling . . . . . . . . . . 52

Creating reverse tunnels on the Federation host . . . . . . . . . . . . . 53

Opening reverse tunnels between remote sites and the Federation host . . . . . . .

55

Connecting the Federation host to remote sites through reverse tunnels . . . . . . .

57

Resetting reverse tunnels . . . . . . . . . . . . . . . . . .

59

Glossary . . . . . . . . . . . . . . . . . . . . . . . 61

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

iv

Technical support . . . . . . . . . . . . . . . . . . . . 66

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

v

Getting started
This section includes the following topics: · “About Security Center SaaS” on page 2 · “Setup overview” on page 3 · “Signing in to Security Center SaaS” on page 4

1

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

1

Getting started
About Security Center SaaS
Security Center SaaS is a unified hybrid-cloud solution offering physical security as a service. It integrates advanced security capabilities, emphasizes cybersecurity and privacy, and manages complex security tasks on premises, in the cloud, or both. With the flexibility of Security Center SaaS, organizations can efficiently monitor and respond to security threats from one place. To introduce yourself to Security Center SaaS and learn more about the product, see the following:
On the TechDoc Hub
· Security Center SaaS User Guide for Web
Security Center SaaS resources
· Security Center SaaS brochure · Security Center SaaS product page · Introducing GenetecTM Security Center SaaS · How to modernize your existing security systems using hybrid-cloud · Physical security designed to last · How to choose a cloud-based physical security solution that will stand the test of time
Cloud-managed appliance resources
· Cloud-managed appliances product page · Genetec CloudlinkTM 310 datasheet

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

2

Getting started
Setup overview
Setting up Security Center SaaS involves planning, ordering, activating, and configuring the system. 1. Learn about Security Center SaaS and how it works. 2. Review the Security Center SaaS requirements:
a. Presale checklist b. Network requirements c. Ports and protocols d. Supported devices 3. Commission a new system:

a. Review business requirements b. Build quote c. Place order d. Activate system
IMPORTANT: After activation, only designated users have immediate access to the system. To enable access for other users, the End-User System Admin specified on the order must sign in and accept our Terms of Service. 4. Sign in to Security Center SaaS. 5. Create your users and apply roles. 6. Create groups to define inherited user permissions based on group membership. 7. Add devices NOTE: The visibility of local devices depends on the location of your appliances. For devices to be discoverable, the appliance must be on the same local network as the device. 8. (Optional) Configure federation through reverse tunneling. 9. (Optional) Download desktop clients from the Security Center SaaS Welcome page. 10. (Optional) Install mobile clients from the Apple App Store or Google Play.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

3

Getting started
Signing in to Security Center SaaS
After you activate your user account, sign in to your Security Center SaaS web portal to manage devices and users in the GenetecTM Configuration application.
What you should know
Use a valid user account from a supported identity provider when accessing Security Center SaaS. The system ID can change depending on which user account signs in.
Procedure
1 Enable cookies and JavaScript in your web browser. 2 In your web browser, go to https://securitycentersaas.genetec.cloud/. 3 On the Welcome page, enter your email and click Sign in. 4 If you have more than one system, select the system that you require.
TIP: To switch systems, you can also click Change system from the Profile options in the Configuration sidebar.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

4

Requirements
This section includes the following topics:
· “Presale checklist” on page 6 · “Network requirements” on page 7 · “Port requirements” on page 8 · “Supported devices” on page 21 · “Supported features” on page 22

2

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

5

Requirements
Presale checklist
Use this checklist to collect information about the customer’s environment and to ensure that it meets Security Center SaaS requirements. · Check the internet Service Level Agreement (SLA) with the customers internet provider. · Resolve any outstanding IT or security concerns before purchase. · Make sure that Security Center SaaS supports the features that you need.
NOTE: Plugin integrations are not supported. Estimate the number of simultaneous users of the following software: · GenetecTM Configuration on desktop, web, and mobile · GenetecTM Operation on desktop, web, and mobile Check Access Control information: · Number of SynergisTM Cloud Link units · Number of Axis Powered by Genetec units · Number of Access Control system devices (readers, inputs, and outputs) · Estimated number of cardholders and credentials to be handled Check Video information: · Number of camera devices including models · Number of Genetec CloudlinkTM appliances · FPS, resolution, and retention to ensure that the correct package is chosen
Check FederationTM information: · Video compression standards (only H.264 is supported) · ISP policies: Static versus dynamic IP addressing · Required firewall configuration · Number of remote systems and their corresponding federated camera connections · Available upload bandwidth per site (see Bandwidth considerations) · Any required expansion resources on site (such as IP door controllers)
Related Topics
Supported devices on page 21

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

6

Requirements
Network requirements
To successfully deploy Security Center SaaS in the cloud, network infrastructure must meet the required performance criteria, and network policy must adhere to the setup recommendations.
General network requirements
Security Center SaaS have the following network requirements: · Azure® connections: High-latency connections might negatively impact the availability of remote sites. A
latency of 150 ms or less to the closest Azure® data center is mandatory. Use the Azure® Storage Latency Test to determine which Azure® data center is the best for hosting your servers. · Internet service level: A service level of 99.9% guaranteed by the customer’s Internet service provider (ISP) is highly suggested. · Bandwidth: Bandwidth considerations depend on the number of cameras performing recording or playback functions, and whether you are recording locally or pushing your recordings to the cloud. Playback has no effect on the number of cameras that can be viewed simultaneously. These considerations do not apply if the client workstation is in the same network as the camera being viewed.
Federation network requirements
FederationTM in Security Center SaaS has the following extra considerations and requirements: · Bandwidth: The number of cameras that can be viewed simultaneously depends on several factors:
· Outbound bandwidth from the remote site
· Inbound bandwidth to the client workstation · Quality of requested video streams NOTE: All managed devices always go through the cloud. · Multi- streaming: Cameras at remote sites should support multiple streams. These multiple streams ensure that a lower bandwidth stream can be used for outbound video streams from the remote sites. Only a single stream is supported for managed devices.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

7

Requirements

Port requirements
To enable communication with cameras, appliances, clients, and on-premises Security Center systems, you must open specific network ports. · Port requirements for direct-to-cloud (D2C) cameras · Port requirements for appliances · Port requirements for clients · Port requirements for Federation

Port requirements for direct-to-cloud cameras
To enable communication with direct-to-cloud (D2C) cameras, you must open specific outbound ports for the associated domains.

All D2C cameras

For all D2C cameras, open the following outbound ports for the associated domains to enable them to connect to cloud services, be managed, and stream video.

Outbound port Endpoint domain

Port usage

UDP 53

Connection to the Domain Name System (DNS)

Domains: .blob.core.windows.net .genetec.cloud login.genetec.com

TCP 443

Details for the Australia region:
eastau.video.genetec.cloud australiaeast.tds.genetec.cloud
auescsaas01.blob.core.windows.net auescsaas02.blob.core.windows.net auescsaas03.blob.core.windows.net auescsaas04.blob.core.windows.net auescsaas05.blob.core.windows.net auescsaas06.blob.core.windows.net auescsaas07.blob.core.windows.net auescsaas08.blob.core.windows.net auescsaas09.blob.core.windows.net auescsaas10.blob.core.windows.net auescsaas11.blob.core.windows.net auescsaas12.blob.core.windows.net auescsaas13.blob.core.windows.net auescsaas14.blob.core.windows.net auescsaas15.blob.core.windows.net auescsaas16.blob.core.windows.net

Management and recording offload

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

8

Outbound port

Endpoint domain
Details for the Canada region:
centralca.video.genetec.cloud cancentral.tds.genetec.cloud
cacscsaas01.blob.core.windows.net cacscsaas02.blob.core.windows.net cacscsaas03.blob.core.windows.net cacscsaas04.blob.core.windows.net cacscsaas05.blob.core.windows.net cacscsaas06.blob.core.windows.net cacscsaas07.blob.core.windows.net cacscsaas08.blob.core.windows.net cacscsaas09.blob.core.windows.net cacscsaas10.blob.core.windows.net cacscsaas11.blob.core.windows.net cacscsaas12.blob.core.windows.net cacscsaas13.blob.core.windows.net cacscsaas14.blob.core.windows.net cacscsaas15.blob.core.windows.net cacscsaas16.blob.core.windows.net

Details for the Europe region:
westeu.video.genetec.cloud westeurope.tds.genetec.cloud
weuscsaas01.blob.core.windows.net weuscsaas02.blob.core.windows.net weuscsaas03.blob.core.windows.net weuscsaas04.blob.core.windows.net weuscsaas05.blob.core.windows.net weuscsaas06.blob.core.windows.net weuscsaas07.blob.core.windows.net weuscsaas08.blob.core.windows.net weuscsaas09.blob.core.windows.net weuscsaas10.blob.core.windows.net weuscsaas11.blob.core.windows.net weuscsaas12.blob.core.windows.net weuscsaas13.blob.core.windows.net weuscsaas14.blob.core.windows.net weuscsaas15.blob.core.windows.net weuscsaas16.blob.core.windows.net

Port usage

Requirements

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

9

Requirements

Outbound port

Endpoint domain

Port usage

Details for the US region:
eastus2.video.genetec.cloud eastus2.tds.genetec.cloud
eus2scsaas01.blob.core.windows.net eus2scsaas02.blob.core.windows.net eus2scsaas03.blob.core.windows.net eus2scsaas04.blob.core.windows.net eus2scsaas05.blob.core.windows.net eus2scsaas06.blob.core.windows.net eus2scsaas07.blob.core.windows.net eus2scsaas08.blob.core.windows.net eus2scsaas09.blob.core.windows.net eus2scsaas10.blob.core.windows.net eus2scsaas11.blob.core.windows.net eus2scsaas12.blob.core.windows.net eus2scsaas13.blob.core.windows.net eus2scsaas14.blob.core.windows.net eus2scsaas15.blob.core.windows.net eus2scsaas16.blob.core.windows.net

TCP 1935
TCP 443 UDP 3478 TCP 3478
TCP 80

IMPORTANT: Ensure that you include

Interactive Connectivity Establishment

the Cloud Security Center Virtual Machine

(ICE) TCP in Web Real-Time

associated with your system: *.gsc-cloud.com in Communication (WebRTC) for live

your allowlist.

streaming

turn.video.geneteccloud.com stun.relay.metered.ca global.relay.metered.ca

Traversal Using Relays around NAT (TURN) server and Session Traversal Utilities for NAT (STUN) server for live video streaming

stun.relay.metered.ca global.relay.metered.ca

WebRTC relay (STUN and TURN)

Axis D2C cameras

Axis D2C cameras need extra connections to Axis services for onboarding, correct operation, and maintenance.

Outbound port Endpoint domain

Port usage

UDP 123

pool.ntp.org
NOTE: An Axis domain might replace this domain in the future

Network Time Protocol (NTP)

*.connect.axis.com

TCP 443

Details:

cep.prod.flagsmith.connect.axis.com

cep.otelcol.connect.axis.com

Device management and diagnostics

eu.prod.otelcol.connect.axis.com

appinsights.connect.axis.com

prod.adm.connect.axis.com

signaling.prod.webrtc.connect.axis.com

onboardme.prod.oneclick.connect.axis.com

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

10

Outbound port TCP 443

Endpoint domain
*-st.axis.com
Details:
dispatchus1-st.axis.com dispatchse1-st.axis.com dispatchse2-st.axis.com dispatchjp1-st.axis.com dispatcher-st.axis.com

TCP 443

s3-ats-migration-test.s3.euwest-3.amazonaws.com

Port usage

Requirements

Device onboarding

Test Amazon Web Services (AWS) Public Key Infrastructure (PKI)

Port requirements for appliances
To enable communication with appliances, you must open specific network ports.

Genetec Cloudlink 310 to Security Center SaaS
For Genetec CloudlinkTM video, the following ports must be open for the associated domains. Opening the ports ensures that the devices can connect to cloud services, be managed, and stream video.

Outbound port Endpoint domain

Port usage

UDP 123

Network Time Protocol (NTP) servers are selected from the following sources (highest priority to lowest priority):
1. Manual NTP configuration in Genetec Cloudlink 2. DHCP 3. Default NTP servers:
· time1.google.com · time2.google.com · time3.google.com · time4.google.com

Connection to an NTP server.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

11

Requirements

Outbound port Endpoint domain

Port usage

Genetec Cloudlink communicates with the following domains: .azurecr.io .azure-devices.net .azure-devices-provisioning.net global.azure-devices- provisioning.net .cloudapp.azure.com .blob.core.windows.net .in.applicationinsights.azure.com *.genetec.cloud login.genetec.com eastus2-3.in.applicationinsights.azure.com eastus2.livediagnostics.monitor.azure.com

TCP 443

Details for the Australia region:

genetec-dm-hub-prod-eau-0.azure-devices.net

edgeosprodeauappstore.azurecr.io

edgeosprodeauappstore.australiaeast.data.azurecr.io

prod0eaufwimages.blob.core.windows.net

prod0eaudevicesdiags.blob.core.windows.net

Connection to the cloud.

eastau.video.genetec.cloud australiaeast.tds.genetec.cloud

tds1astleasthrz.blob.core.windows.net tds2astleasthrz.blob.core.windows.net tds3astleasthrz.blob.core.windows.net tds4astleasthrz.blob.core.windows.net tds5astleasthrz.blob.core.windows.net tds6astleasthrz.blob.core.windows.net tds7astleasthrz.blob.core.windows.net tds8astleasthrz.blob.core.windows.net

auescsaas01.blob.core.windows.net auescsaas02.blob.core.windows.net auescsaas03.blob.core.windows.net auescsaas04.blob.core.windows.net auescsaas05.blob.core.windows.net auescsaas06.blob.core.windows.net auescsaas07.blob.core.windows.net auescsaas08.blob.core.windows.net auescsaas09.blob.core.windows.net auescsaas10.blob.core.windows.net auescsaas11.blob.core.windows.net auescsaas12.blob.core.windows.net auescsaas13.blob.core.windows.net auescsaas14.blob.core.windows.net auescsaas15.blob.core.windows.net auescsaas16.blob.core.windows.net

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

12

Requirements

Outbound port Endpoint domain

Port usage

Details for the Canada region:
genetec-dm-hub-prod-cca-0.azure-devices.net edgeosprodccaappstore.azurecr.io edgeosprodccaappstore.canadacentral.data.azurecr.io prod0ccafwimages.blob.core.windows.net prod0ccadevicesdiags.blob.core.windows.net
centralca.video.genetec.cloud cancentral.tds.genetec.cloud
tds1cancentralhrz.blob.core.windows.net tds2cancentralhrz.blob.core.windows.net tds3cancentralhrz.blob.core.windows.net tds4cancentralhrz.blob.core.windows.net tds5cancentralhrz.blob.core.windows.net tds6cancentralhrz.blob.core.windows.net tds7cancentralhrz.blob.core.windows.net tds8cancentralhrz.blob.core.windows.net
cacscsaas01.blob.core.windows.net cacscsaas02.blob.core.windows.net cacscsaas03.blob.core.windows.net cacscsaas04.blob.core.windows.net cacscsaas05.blob.core.windows.net cacscsaas06.blob.core.windows.net cacscsaas07.blob.core.windows.net cacscsaas08.blob.core.windows.net cacscsaas09.blob.core.windows.net cacscsaas10.blob.core.windows.net cacscsaas11.blob.core.windows.net cacscsaas12.blob.core.windows.net cacscsaas13.blob.core.windows.net cacscsaas14.blob.core.windows.net cacscsaas15.blob.core.windows.net cacscsaas16.blob.core.windows.net

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

13

Requirements

Outbound port Endpoint domain

Port usage

Details for the Europe region:
edgeosprodweuappstore.azurecr.io edgeosprodweuappstore.westeurope.data.azurecr.io edgeosprodweuappstore.northeurope.data.azurecr.io prod0weudevicesdiags.blob.core.windows.net genetec-dm-hub-prod-weu-0.azure- devices.net
westeu.video.genetec.cloud westeurope.tds.genetec.cloud
tds1westeuhorizon.blob.core.windows.net tds2westeuhorizon.blob.core.windows.net tds3westeuhorizon.blob.core.windows.net tds4westeuhorizon.blob.core.windows.net tds5westeuhorizon.blob.core.windows.net tds6westeuhorizon.blob.core.windows.net tds7westeuhorizon.blob.core.windows.net tds8westeuhorizon.blob.core.windows.net
weuscsaas01.blob.core.windows.net weuscsaas02.blob.core.windows.net weuscsaas03.blob.core.windows.net weuscsaas04.blob.core.windows.net weuscsaas05.blob.core.windows.net weuscsaas06.blob.core.windows.net weuscsaas07.blob.core.windows.net weuscsaas08.blob.core.windows.net weuscsaas09.blob.core.windows.net weuscsaas10.blob.core.windows.net weuscsaas11.blob.core.windows.net weuscsaas12.blob.core.windows.net weuscsaas13.blob.core.windows.net weuscsaas14.blob.core.windows.net weuscsaas15.blob.core.windows.net weuscsaas16.blob.core.windows.net

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

14

Requirements

Outbound port Endpoint domain

Port usage

Details for the US region:
edgeosprodeus2appstore.azurecr.io edgeosprodeus2appstore.eastus2.data.azurecr.io edgeosprodeus2appstore.southcentralus.data.azurecr.io edgeosprodeus2appstore.westus2.data.azurecr.io genetec-dm-hub-prod-eus2-0 .azure-devices.net prod0eus2fwimages.blob.core.windows.net prod0eus2devicesdiags.blob.core.windows.net
eastus2.video.genetec.cloud eastus2.tds.genetec.cloud
tds1eastus2horizon.blob.core.windows.net tds2eastus2horizon.blob.core.windows.net tds3eastus2horizon.blob.core.windows.net tds4eastus2horizon.blob.core.windows.net tds5eastus2horizon.blob.core.windows.net tds6eastus2horizon.blob.core.windows.net tds7eastus2horizon.blob.core.windows.net tds8eastus2horizon.blob.core.windows.net
eus2scsaas01.blob.core.windows.net eus2scsaas02.blob.core.windows.net eus2scsaas03.blob.core.windows.net eus2scsaas04.blob.core.windows.net eus2scsaas05.blob.core.windows.net eus2scsaas06.blob.core.windows.net eus2scsaas07.blob.core.windows.net eus2scsaas08.blob.core.windows.net eus2scsaas09.blob.core.windows.net eus2scsaas10.blob.core.windows.net eus2scsaas11.blob.core.windows.net eus2scsaas12.blob.core.windows.net eus2scsaas13.blob.core.windows.net eus2scsaas14.blob.core.windows.net eus2scsaas15.blob.core.windows.net eus2scsaas16.blob.core.windows.net

TCP 1935
TCP 443 UDP 3478 TCP 3478

IMPORTANT: Ensure that you include the Cloud Security Center Virtual Machine associated with your system: *.gsccloud.com in your allowlist.
turn.video.geneteccloud.com stun.relay.metered.ca global.relay.metered.ca

Interactive Connectivity Establishment (ICE) TCP in Web RealTime Communication (WebRTC) for live streaming
Traversal Using Relays around NAT (TURN) server and Session Traversal Utilities for NAT (STUN) server for live video streaming

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

15

Requirements

Outbound port Endpoint domain

Port usage

UDP 53

DNS servers are selected from the following sources (highest Connection to a DNS

to lowest priority).

server.

1. Manual DNS configuration in the Edge OS (local device webpage).
2. DHCP
3. Default DNS servers:

· 1.1.1.1 · 8.8.8.8 · 1.0.0.1 · 8.8.4.4

ICMP Ping

8.8.8.8

Diagnostics to indicate if the appliance can reach a global, public endpoint.

Genetec Cloudlink 310 to cameras
For Genetec Cloudlink video, the following ports must be open towards the on- premises local cameras. Opening the ports ensures that the Cloudlink can connect to those cameras, manage them, and stream video.

Inbound port

Outbound port

Port usage

TCP 443 TCP 80

Camera connections
HTTPS on port 443 is preferred. Genetec Cloudlink only falls back to HTTP on port 80 if secure communication isn’t available.

TCP 554

RTSP for video requests

UDP 3702

Camera discovery requests on 239.255.255.250 (multicast)

UDP 10000 to 10599

Real-Time Transport Protocol (RTP) and Real-time Transport Control Protocol (RTCP) communication from cameras to the Genetec CloudlinkTM 310 unit

UDP 20000

Camera discovery responses

Synergis Cloud Link appliances
For SynergisTM Cloud Link, the following ports must be open for the associated domains. Opening the ports ensures that the devices can connect to the cloud services, be managed, and ensures correct access control operations.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

16

Requirements

Outbound port

Endpoint domain

Port usage

The Synergis Cloud Link communicates with the following domains and URLs: .geneteccloud.com .servicebus.windows.net .blob.core.windows.net .global .azure-devices-provisioning.net *.azure-devices.net google.com

Domain details:

TCP 443 UDP 123

acaas-gateway-prod01.geneteccloud.com serbusnwskuumgkdlgi.servicebus.windows.net evhubnwskuumgkdlgi.servicebus.windows.net evhubbacknwskuumgkdlgi.servicebus.windows.net storsyncnwskuumgkdlgi.blob.core.windows.net storhealnwskuumgkdlgi.blob.core.windows.net storgatwnwskuumgkdlgi.blob.core.windows.net global.azure-devices- provisioning.net

Connection to the cloud

Details for the Australia region:
iothub844650092.azure-devices.net google.com

Details for the Canada region: iothub1887217071.azure-devices.net

Details for the Europe region: iothub645286700.azure-devices.net

Details for the US region: iothub1914824792.azure-devices.net

Default: time.windows.com

Connection to a Network Time Protocol (NTP) server

Axis Powered by Genetec appliances
For Axis Powered by Genetec appliances, the following outbound ports must be open for the associated domains. Opening the ports ensures that the devices can connect to cloud services, be managed, and ensure correct access control operations.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

17

Requirements

Outbound port Endpoint domain

Port usage

The Axes Powered by Genetec devices communicate with the following domains and URLs: .geneteccloud.com .servicebus.windows.net .blob.core.windows.net .global.azure-devices-provisioning.net .Azure-devices.net google.com .connect.axis.com *st.axis.com

TCP 443

Details:
acaas-gateway-prod01.geneteccloud.com serbusnwskuumgkdlgi.servicebus.windows.net evhubnwskuumgkdlgi.servicebus.windows.net evhubbacknwskuumgkdlgi.servicebus.windows.net storsyncnwskuumgkdlgi.blob.core.windows.net storhealnwskuumgkdlgi.blob.core.windows.net storgatwnwskuumgkdlgi.blob.core.windows.net global.azure-devices- provisioning.net iothub1914824792.azure-devices.net google.com
cep.prod.flagsmith.connect.axis.com cep.otelcol.connect.axis.com eu.prod.otelcol.connect.axis.com appinsights.connect.axis.com prod.adm.connect.axis.com signaling.prod.webrtc.connect.axis.com onboardme.prod.oneclick.connect.axis.com

Connection to the cloud

UDP 123

ntp.pool.org

Connection to a Network Time Protocol (NTP) server

Port requirements for clients
To enable communication with clients, you must open specific network ports. The following ports must be open for the associated domains, so the client can connect to cloud services, select the correct organization, and authenticate.

Outbound port

Endpoint domain

Port usage

Web clients

TCP 443

securitycentersaas.genetec.cloud us.securitycentersaas.genetec.cloud

Security Center SaaS Web Services

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

18

Requirements

Outbound port

Endpoint domain

login.genetec.com id.login.genetec.com assets.login.genetec.com challenges.cloudflare.com

login.microsoftonline.com aadcdn.msauth.net login.live.com

events.launchdarkly.com app.launchdarkly.com clientstream.launchdarkly.com

sgnlr-uni-prodglobal-eastus2.service.signalr.net canadacentral-1.in.applicationinsights.azure.com

az416426.vo.msecnd.net dc.services.visualstudio.com widget.intercom.io js.intercomcdn.com

GenetecTM Operation web and mobile applications

TCP 443

*.gsc-cloud.com a.tile.openstreetmap.org b.tile.openstreetmap.org

GenetecTM Configuration web

TCP 443

eastus2.video.genetec.cloud

Genetec Operation and Genetec Configuration desktop applications

TCP 5500

*.gsc-cloud.com

TCP 554 TCP 560
TCP 960

.gsc-cloud.com .gsc-cloud.com

TCP 443

downloadcenter1.genetec.com

Port usage
GenetecTM single sign-on (SSO)
Genetec features management Monitoring & eventing Dependencies
HTTPS port
HTTPS port for video operations Genetec Security Center TLS proxy RTSP port (over TLS) Live and playback stream requests HTTPS

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

19

Requirements

Port requirements for Federation
For FederationTM of on-premises Security Center systems into Security Center SaaS, you must open firewall ports to allow communication between the sites.

Federation of on-premises system into Security Center SaaS

The following table lists the default network ports that are used in a Federation setup. The administrator can choose to use different ports. For more information on port usage, ask your GenetecTM Channel Partner for the latest Federation port diagrams.

Computer

Inbound

Endpoint domain

Port usage

Directory (onpremises)

TCP 5500

*.gsc-cloud.com

Reverse tunnel communication

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

20

Requirements
Supported devices
For a list of devices and the associated firmware that are supported with Security Center SaaS, see Supported Device List. To avoid potential issues, install the recommended firmware version for your device. For detailed information about your particular device, see your device’s documentation or visit the manufacturer’s website. For information about device compatibility, see Security Center SaaS Device Compatibility Guidelines.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

21

Requirements
Supported features
For an overview of the key features and differences between Security Center SaaS and Security Center onpremises, download the Security Center SaaS Feature matrix.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

22

User management
This section includes the following topics: · “Adding users” on page 24 · “Adding groups” on page 27

3

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

23

User management
Adding users
Before you can manage devices and users in GenetecTM Configuration, you must first add users in Security Center SaaS. Different roles can also be added to the users to grant different system privileges.
What you should know
Security Center SaaS supports third-party authentication through Microsoft Entra ID or by using the OpenID Connect protocol. For help with integrating your identity provider with Security Center SaaS, contact the GenetecTM Technical Assistance Center (GTAC).
Procedure
1 In Genetec Configuration web, select Users from the left sidebar, and click Add user. 2 In the Add user dialog, enter the required information.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

24

User management
3 Select one or more roles for the user: In Security Center SaaS, we provide some default roles to get you started.
TIP: If you need different roles or more granular controls, use Genetec Configuration desktop to configure users or roles as needed.
· Owner: This role is designed for system owners. It grants user management privileges and the ability to accept terms and conditions. Only an Owner can grant or remove this role.
· Administrator: This role is designed for system administrators. It provides full access to both Genetec Configuration and GenetecTM Operation.
· Operator: This role is designed for security operators who monitor real-time events within the system. It provides access to Genetec Operation.

4 (Optional) Send an activation email to the user immediately by selecting Send an activation link to the user. TIP: You can create all your users first and send activation emails later.
5 Click Add user. The user is created.
If an activation link was sent immediately, the new user receives a notification email inviting them to complete their registration, accept terms of use, and sign in to the system.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

25

After you finish
If required, send an activation email to pending users: · Filter the Users page for Status:Pending. · Select a user. · In the side pane, click Send invitation.

User management

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

26

User management
Adding groups
Set up groups in Security Center SaaS to have users automatically inherit privileges based on their group membership.
Procedure
1 In GenetecTM Configuration web, select Users from the left sidebar, and click the Groups tab. 2 Click Add group. 3 In the Add group dialog, enter the required information. 4 Select one or more roles for the group:
In Security Center SaaS, we provide some default roles to get you started. TIP: If you require different roles or more granular controls use Security Center SaaS desktop to configure users or roles as needed. · Administrator: This role is designed for system administrators. It provides full access to both
GenetecTM Configuration and GenetecTM Operation. · Operator: This role is designed for security operators who monitor real-time events within the system.
It provides access to Genetec Operation.

5 Click Create. The group is created.
6 Select the new group from the Groups list.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

27

User management 7 In the group side pane, click Add user , select users to add to the group, and click Add user .

8 Click Save.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

28

Device management
This section includes the following topics:
· “Adding devices” on page 30 · “Adding Axis direct-to-cloud cameras” on page 31 · “Adding Axis Powered by Genetec devices” on page 35 · “Adding Genetec Cloudlink 310 appliances” on page 40 · “Adding Synergis Cloud Link appliances” on page 45 · “How privacy protection works in Security Center SaaS” on page 47

4

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

29

Device management
Adding devices
To add your devices you can scan a QR code, enter the information manually, or automatically discover devices on the local network.
Procedure
1 In GenetecTM Configuration web, select Devices from the left sidebar, and click Add device. 2 Choose one of the following:
· Scan QR code · Use device information 3 If you selected Scan QR code, choose one of the following: · Add a Genetec Cloudlink 310 appliance. · Add a SynergisTM Cloud Link appliance. 4 If you selected Use device information, choose one of the following: · Access control devices:
· Add an Axis Powered by Genetec appliance manually. · Add a Synergis Cloud Link appliance manually. · Video devices: · Add an Axis direct-to-cloud camera manually. · Add a Genetec Cloudlink 310 appliance manually.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

30

Device management
Adding Axis direct-to-cloud cameras
Before you can view, record, and upload video to Cloud Storage, you must add your direct-to-cloud (D2C) cameras in Security Center SaaS.
Before you begin
· Have the device serial number and Owner Authentication Key (OAK) ready. You can find this information in the Axis Communications: Owner Authentication Key document that is included with the device. Alternatively, you can obtain this information from the camera’s web page.
· If the camera has been activated on another system, perform a factory reset before adding it to Security Center SaaS.
What you should know
Enrolling an Axis direct-to-cloud camera in Security Center SaaS automatically does two things: · Upgrades the device firmware to the latest version.
Security Center SaaS ensures that all your devices are running the latest firmware, when it becomes available. · Generates a username and password for the device and deletes all previous credentials. Security Center SaaS manages passwords for you, ensuring that all your devices are protected by strong passwords. For supported devices and firmware, see Supported Device List and Security Center SaaS Device Compatibility Guidelines. Direct-to-cloud requires a corresponding product subscription.
Procedure
1 From the Devices page in GenetecTM Configuration web, click Add device and click Use device information.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

31

Device management
2 In the Add device dialog box, click Serial number + Owner Authentication Key (OAK) and enter the required information: · Name: Enter a descriptive name for the device. · Serial number: Enter the device serial number. · Owner Authentication Key (OAK): Enter the Axis OAK.

3 Click Continue. The camera is added to the device list.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

32

4 In the Device added dialog box, read the instructions and click Finish.

Device management

5 If you have physical access to the camera, press the control button on the camera body. Activation can take up to 10 minutes. This activation process includes installing firmware, downloading application updates, and bringing the camera online. You can continue with other tasks while the device activation completes in the background.
6 If you don’t have physical access to the camera, enable the one-click cloud connection in software: a) On the camera’s web page, click System > Network. b) Under One-click cloud connection, set Allow O3C to Always and click Save. The camera is now available in Security Center SaaS.
After you finish
· To configure basic camera settings, select the device and click the Settings tab in the side pane.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

33

Device management
· If you need to change camera settings that aren’t available in Genetec Configuration, sign in to the device. To obtain the camera credentials, select the device and click View credentials on the Overview page of the device side pane.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

34

Device management
Adding Axis Powered by Genetec devices
After unpacking and connecting the Axis Powered by Genetec device to your company LAN, you must add the device to Security Center SaaS before it can be used.
Before you begin
Have your device serial number and Owner Authentication Key (OAK) ready. You find this information on the Axis Communications: Owner Authentication Key document included in the device packaging.
What you should know
Enrolling an Axis Powered by Genetec device in Security Center SaaS automatically does two things: · Upgrades the device firmware to the latest version.
Security Center SaaS ensures that all your devices are running the latest firmware, when it becomes available. · Generates a username and password for the device and deletes all previous credentials. Security Center SaaS manages passwords for you, ensuring that all your devices are protected by strong passwords.
Procedure
1 From the Devices page in GenetecTM Configuration web, click Add device and click Use device information.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

35

Device management
2 In the Add device dialog box, click Serial number + Owner Authentication Key (OAK) and enter the required information: · Name: Enter a descriptive name for the device. · Serial number: Enter the device serial number. · Owner Authentication Key (OAK): Enter the Axis OAK.

3 Click Continue. The device is added.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

36

4 In the Device added dialog box, read the instructions and click Finish.

Device management

The device is added to the device list with the Device type indicating Unknown and the Status indicating Action required.
5 Open the casing of your Axis Powered by Genetec device and press the control button to begin activation. Activation can take up to 15 minutes. The device is ready for use when its Status is Online.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

37

Device management
6 To view the device credentials, select the device and click View credentials the Overview page of the device side pane.

Click to view the password. NOTE: The Open web interface shortcut only works when you’re connected to the same local network as the device.
After you finish
If you need to change the default settings of the device, such as the reader and credential settings sign in to the device. For information on how to configure the device, see the Axis Powered by Genetec Help.
Signing in to an Axis Powered by Genetec device
To configure an Axis Powered by Genetec door controller, you need to sign in to the AXIS device interface with a web browser.
What you should know
· The AXIS device interface is the administrative web portal for the Axis Powered by Genetec device. For more information, see The device interface in the Axis Powered by Genetec Help.
· There are two ways to sign in: · If you have not enrolled the device in Security Center SaaS, sign in directly to the device using a web browser. · If you have enrolled the device in Security Center SaaS, sign in from the GenetecTM Configuration device overview panel.
Procedure
To sign in directly from a web browser:

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

38

Device management
1 Open a web browser, and enter https:// followed by the controller hostname or IP address. The Axis Powered by Genetec device is factory configured for DHCP. The default device hostname consists of AXIS-, followed by the device’s MAC address. The MAC address is also the serial number. It can be found on a label at the bottom of the device or on the Axis Communications: Owner Authentication Key document included in the device packaging. Example: https ://AXIS-B8A44F6554C4
2 (First sign in only) Set the default administrator user password. If it is your first sign in, or if you performed a factory reset, the default administrator username is root without password. You set the password the first time that you sign in. For more information, see Set a new password for the root account in the Axis Powered by Genetec Help. IMPORTANT: After setting the password, wait 5 minutes for the SynergisTM Softwire app to initialize.
3 In the Sign in dialog box, enter the username and password, and then click Sign in. The AXIS device interface opens on the Status page or the last page that you visited.
To sign in from Genetec Configuration: 1 From the device list, click the Axis Powered by Genetec device you want to connect to. 2 In the Overview panel, click View credentials.
The View credentials dialog box opens.

3 Click Open web interface. A new browser page named AXIS opens with the Sign in dialog box.
4 Copy and paste the Username and Password from the View credentials dialog box to the Sign in dialog box, and click Sign in. The AXIS device interface opens on the Status page.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

39

Device management
Adding Genetec Cloudlink 310 appliances
After starting Genetec CloudlinkTM 310 and connecting the appliance for the first time, you must add the appliance to Security Center SaaS before it can be used.
Before you begin
· If required, apply a static IP configuration to the appliance. · Have the device QR code or serial number and activation code ready. You can find this information on the
Add this appliance to Security Center SaaS insert card that is included with the appliance.
Procedure
1 From the Devices page in GenetecTM Configuration web, click Add device. 2 Do one of the following:
· Click Scan QR code to add the appliance using a QR code. · Click Use device information to add the appliance using the serial number and activation code.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

40

3 If you selected Scan QR code: a) If required, allow or enable camera access in your web browser. b) Position the QR code in front of your camera.

Device management

c) In the Add appliance dialog, select a recording mode.

d) Click Add, then click Finish.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

41

Device management
The initial setup can take a few minutes. During this time, the device shows Connecting while the required applications are downloaded and installed. TIP: Select the device tile to display status information.
4 If you selected Use device information: a) Click Serial number + Activation code. b) Enter the serial number and activation code. c) Click Add, then click Finish. The initial setup can take a few minutes. During this time, the device shows Connecting while the required applications are downloaded and installed. TIP: Select the device tile to display status information.
The Genetec Cloudlink 310 is now available in Security Center SaaS.
After you finish
· Add local cameras using automatic discovery. · Add local cameras manually.
Applying a static IP configuration to Genetec Cloudlink 310
If DHCP is not available on your network, you must apply a static IP configuration to Genetec CloudlinkTM 310 before it can be used.
Before you begin
BEST PRACTICE: Set up Genetec Cloudlink 310 in a pre-deployment environment with DHCP and Universal Plug and Play (UPnP) enabled.
What you should know
By default, Genetec Cloudlink 310 uses DHCP to obtain an IP address and is discoverable by UPnP. If an IP address cannot be obtained from DHCP, the appliance automatically falls back to a link-local address in the range of 169.254.0.0/16. To retrieve the IP address, you can use network discovery or connect a monitor to the unit.
Procedure
1 On a computer connected to the same subnet, open a web browser and connect to https://, where is the hostname or IP address of your unit. The default hostname is printed on the unit label beside Nom/Name. NOTE: Genetec Cloudlink 310 uses a self-signed certificate. When connecting to the unit, the browser might warn you that the connection is unsafe. If you get this warning message, ignore it and proceed with the connection. The appliance web page opens.
2 Enter the username “admin” and your password, and then click Connect. If you are connecting to the appliance for the first time, the default password is printed on the unit label beside PWD. You will be asked to change this password after logging on.
3 From the Genetec Cloudlink 310 homepage, click the Settings tab.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

42

Device management
4 Under Interfaces, select Static, and input the network configuration. The following values are required: · IP Address · Subnet Mask · Default Gateway · DNS Settings NOTE: To add name servers and search domains, you must click Add after each entry.
5 Click Save. The static IP configuration is applied. You might not be able to reconnect to the unit before moving it to the required location.
After you finish
The Genetec Cloudlink 310 appliance is now ready for deployment in your static IP network.
Adding cameras to Genetec Cloudlink 310 using automatic discovery
Use automatic discovery to add cameras on the local network to the Genetec CloudlinkTM 310 appliance in Security Center SaaS.
Before you begin
· Ensure that the Cloudlink 310 is online. · Have the camera username and password ready. · Ensure that WS-Discovery is enabled on the camera and that discovery is allowed on the local network.
What you should know
· Cameras must be on the same subnet as a Cloudlink 310 appliance. · You can only add one camera at a time. · Only Axis or ONVIF-compliant cameras are currently supported.
Procedure
1 From the Devices page in GenetecTM Configuration web, click Add device. The system searches for cameras automatically. A list shows discovered cameras that aren’t in the system. IMPORTANT: Automatic discovery might detect cameras that aren’t officially supported in Security Center SaaS. For supported devices and firmware, see Supported Device List and Security Center SaaS Device Compatibility Guidelines.
2 Click Add next to the required camera. TIP: If the list is long, you can search for a camera by name or IP address. If the required camera wasn’t discovered, you can try to add the camera manually.
3 In the Add camera dialog, enter the required information, and click Add. The camera is added. You can close the dialog and perform other tasks while the camera is connecting.
After you finish
· To configure basic camera settings, select the device and click the Settings tab in the side pane.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

43

Device management
· If you need to change any camera settings that aren’t available in Genetec Configuration, sign in to the device.
Adding cameras to Genetec Cloudlink 310 manually
If automatic discovery doesn’t work or isn’t available, you must add cameras to Genetec CloudlinkTM 310 manually in Security Center SaaS.
Before you begin
· Ensure that the Cloudlink 310 is online. · Have the camera IP address, username, and password ready.
What you should know
· Cameras must be on the same subnet as the associated Cloudlink 310 appliance. · Only Axis or ONVIF-compliant cameras are currently supported.
Procedure
1 From the Devices page in GenetecTM Configuration web, click Add device. 2 In the Searching for cameras dialog, click Use device information. 3 In the Add device dialog, click IP address, username, and password. 4 Enter the required information and click Continue.
The camera is added. 5 Click Finish.
After you finish
· To configure basic camera settings, select the device and click the Settings tab in the side pane. · If you need to change any camera settings that aren’t available in Genetec Configuration, sign in to the
device.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

44

Device management
Adding Synergis Cloud Link appliances
After you’ve connected to your SynergisTM Cloud Link appliance for the first time, add it to Security Center SaaS before using it.
Before you begin
· Have the device QR code or serial number and activation code ready. You can find this information on the Add this appliance to Security Center SaaS insert card that is included with the appliance.
· If your Synergis Cloud Link unit was previously enrolled in an on-premises Security Center system or in a hosted Security Center SaaS Edition (Classic) system, do the following: 1. Upgrade your unit to Synergis Cloud Link 3.1.1 or later. 2. In the SynergisTM Appliance Portal, click Configuration > Unit-wide parameters and select the Communicate with the cloud for enrollment option. For more information, see Configuring unit-wide parameters for Synergis Cloud Link units.
What you should know
For supported devices and firmware, see Supported Device List and Security Center SaaS Device Compatibility Guidelines.
Procedure
1 Configure the Network Time Protocol (NTP) server to avoid time differences for events or device synchronization issues. a) In your web browser, enter https:// followed by the SynergisTM appliance’s hostname or IP address. Example: https://SCLXXXXXXXXXXXX, where XXXXXXXXXXXX represents the MAC address. b) If you opened a new browser session to sign in to the Synergis appliance, you get a certificate error message. Follow your browser’s on- screen instructions to continue to the website. c) Enter the username and password, and then click Log on. d) Click Configuration > Network. e) In the Network time section, select Use network time and enter time.windows.com.

2 From the Devices page in GenetecTM Configuration web, click Add device.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

45

Device management
3 Do one of the following: · Click Scan QR code to add the appliance using a QR code. · Click Use device information to add the appliance using the serial number and activation code.
4 If you selected Scan QR code: a) If required, allow or enable camera access in your web browser. b) Position the QR code in front of your camera.

c) Click Add, then click Finish. The initial setup can take a few minutes. During this time, the device shows Connecting while the required applications are downloaded and installed. TIP: Select the device tile to display status information.
5 If you selected Use device information: a) Click Serial number + Activation code. b) Enter the serial number and activation code. c) Click Add, then click Finish. The initial setup can take a few minutes. During this time, the device shows Connecting while the required applications are downloaded and installed. TIP: Select the device tile to display status information.
The Synergis Cloud Link is now available in Security Center SaaS.
After you finish
Connect and configure interface modules.
Related Topics
Logging on to the Synergis appliance

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

46

Device management

How privacy protection works in Security Center SaaS
In Security Center SaaS, privacy protection anonymizes video by pixelating parts of a video stream where movement is detected. The identity of individuals or moving objects is protected, without obscuring movements and actions or preventing monitoring. Privacy protection is a default feature in Security Center SaaS. This differs from enabling privacy protection in Security Center on-premises, which requires the installation and configuration of the KiwiVisionTM Privacy Protector module.
Activating privacy protection on cameras in Genetec Configuration
In Genetec Configuration, administrators can activate and deactivate privacy protection as needed on individual cameras. To activate privacy protection: 1. On the Devices page, select a camera. 2. In the side pane of the camera, click the Settings tab. 3. Select the Activate privacy protection checkbox. NOTE: Security Center SaaS only applies privacy protection to video streams displayed in a video tile. This uses fewer computing resources and less storage than KiwiVisionTM, which applies privacy protection to all video streams, even those that aren’t displayed.
Deactivating privacy protection on video streams
In Genetec Configuration and Genetec Operation, you can deactivate privacy protection in video tiles that are actively displaying live or playback video. · Genetec Configuration: Click the privacy protection icon ( ) in the video tile. · Genetec Operation: Right-click on a video tile and select Deactivate privacy protection. · Genetec Operation web: In the selected video tile, click Show more ( ) and select Deactivate privacy
protection. NOTE: Deactivating privacy protection in a video tile doesn’t change the privacy protection setting on the camera that provides the stream. If an operator deactivates privacy protection in a video tile, it remains active in all other video tiles.
Privacy protection and video streaming
There are two types of streams related to privacy protection: · Public streams: Contains privacy-protected content with video anonymization applied. · Private streams: The original video stream from the video unit, where video isn’t anonymized or masked. Security Center SaaS only saves private streams. When users play back these streams, privacy protection is applied to video through GenetecTM Cloud Services. Security Center on-premises differs by saving private and public streams by default.
Exported video
To apply privacy protection to exported video, the feature must be activated on the camera and enabled in the video tile when the operator exports the video. If privacy protection is active on a camera, but inactive in the video tile when the operator exports the video, privacy protection isn’t applied to exported video.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

47

Device management
Camera compatibility
Security Center SaaS doesn’t support privacy protection on the following camera types: · 360-degree fisheye cameras · PTZ cameras
Licensing
No additional license is required to activate privacy protection on cameras.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

48

5
Federation through reverse tunneling
This section includes the following topics:
· “What is reverse tunneling” on page 50 · “Deploying Security Center Federation using reverse tunneling” on page 52 · “Creating reverse tunnels on the Federation host” on page 53 · “Opening reverse tunnels between remote sites and the Federation host” on page
55 · “Connecting the Federation host to remote sites through reverse tunnels” on page
57 · “Resetting reverse tunnels” on page 59

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

49

Federation through reverse tunneling
What is reverse tunneling
Reverse tunneling is a method of securing communication between clients and servers that are behind a firewall. This technique enhances security and simplifies firewall management. When using a reverse tunnel, the server initiates a connection to the client. This tunnel connection is secured by a previously shared keyfile that contains an identity certificate. When established, the reverse tunnel allows bidirectional communication without opening inbound firewall ports.
Context
In Security Center SaaS, reverse tunneling is typically used to connect one or more remote Security Center systems to the FederationTM host in the cloud. Using a reverse tunnel simplifies the firewall management and configuration of Security Center Federation. By default, the tunnel uses outbound TCP 5500 to connect the remote site to the Federation host. NOTE: If required, reverse tunneling can be used to connect Security Center SaaS to an external Federation host, such as a system on-premises, or Security Center SaaS Edition (Classic). For help setting up this configuration, contact the GenetecTM Technical Assistance Center (GTAC). Regular Federation can be challenging to set up due to the number of ports required to connect the Federation host to the Security Center main server at the remote site. The following diagram shows the communication flow of a regular Federation, shown in blue, and a Federation over reverse tunnel, shown in purple. In a regular Federation, the Federation host is the client that initiates a connection to federated site, which acts as a server. This flow is reversed in a Federation over reverse tunnel.

To use reverse tunneling, you must create a Reverse Tunnel Server role on the Federation host and a Reverse Tunnel role at the remote site. Reverse tunneling works as follows:
1. The Reverse Tunnel Server role generates a keyfile, which includes an identity certificate, network connectivity information, and a one-time use token.
2. The Reverse Tunnel role accepts the keyfile to open the reverse tunnel. 3. The Security Center FederationTM role connects to the federated site through the reverse tunnel.
Limitations and requirements
· Reverse tunneling only supports TCP: The network segment used for tunneling between the remote site and the Federation host must support unicast TCP. After video reaches the cloud, the Best available transport protocol can be used.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

50

Federation through reverse tunneling
· Video streams must go through a redirector before and after the tunnel: The tunneling mechanism is only implemented at the level of video redirectors, and is transparent to the client application.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

51

Federation through reverse tunneling
Deploying Security Center Federation using reverse tunneling
To deploy Security Center FederationTM using reverse tunneling, you must first create a reverse tunnel on the Federation host for each remote site. After creating the reverse tunnel, open it from the remote site before you federate it.
Before you begin
Prepare the following: · Names of remote sites to federate and the version of Security Center they are running. · Credentials to sign in to the remote systems as the following Security Center users:
· The Federation user · An administrator · An external storage device to save the tunnel keyfiles created for the remote systems. · The system that hosts the Reverse Tunnel Server role must be reachable from remote sites that can use DNS to resolve the server hostname.
What you should know
If possible, use a workstation that can access the Federation host and remote sites.
Procedure
1 Create reverse tunnels for each remote site on the Federation host. 2 Open the reverse tunnel between remote sites and the Federation host. 3 Connect the Federation host to remote sites through the reverse tunnel.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

52

Federation through reverse tunneling
Creating reverse tunnels on the Federation host
To open a reverse tunnel between a remote site and the FederationTM host, you must first create a reverse tunnel for the remote site on the Federation host.
Procedure
1 In GenetecTM Configuration desktop, sign in to the Federation host system. 2 Open the System task and click Roles > Reverse Tunnel Server > Properties. 3 At the bottom of the page, click Add an item ( ). 4 In the Name field, enter a unique name to identify the remote site you want to federate and click Add.
A reverse tunnel is created with the status Not registered.
5 Click Apply. By default, all reverse tunnels have encryption enabled. Video is encrypted while in transit from the remote site to the Federation host. IMPORTANT: Fusion stream encrypted video cannot be played back in GenetecTM Operation web and mobile.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

53

6 Get the keyfile by doing one of the following:

Federation through reverse tunneling

· If your workstation can access the remote site, click Copy keyfile to clipboard ( ). · If your workstation cannot access the remote site, click Save keyfile to disk ( ), and specify the file
location. A file named .keyfile is saved to the folder that you select. 7 Click Apply.
After you finish
Open the tunnel from the remote site using the tunnel keyfile.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

54

Federation through reverse tunneling
Opening reverse tunnels between remote sites and the Federation host
To establish a reverse tunnel connection between a remote site and the FederationTM host, you must open the tunnel from the remote site.
Before you begin
Create a reverse tunnel on the Federation host and generate a tunnel keyfile. NOTE: For security reasons, a keyfile can only be used once.
Procedure
1 In Config Tool, sign in to the remote system. 2 Open the System task, and click the Roles view. 3 Click Add an entity > Reverse Tunnel. 4 On the Specific info page, enter the keyfile for this tunnel.
Do one of the following: · If the keyfile was copied to the clipboard, paste it into the Tunnel keyfile field. · Click Select file ( ), browse for the keyfile, and click Open.

The tunnel site name and the time it was created are displayed.

5 Confirm that you have the correct name and click Next. If you used the wrong keyfile, click Clear ( ) and try again.
6 (Optional) Enter the role name and description. The default role name is Reverse Tunnel. If multiple hosts federate this site, choose a different name for each host.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

55

Federation through reverse tunneling
7 Click Next > Create > Close. The Reverse Tunnel role is created. It takes a few seconds for the role to connect to the Reverse Tunnel Server role on the Federation host.

8 (Optional) Click the Properties tab and select an Encryption option. IMPORTANT: By default, connections to a Security Center SaaS Federation host require encryption. · Encrypt: Encrypt video in transit from the remote site to the Federation host. · Prefer encryption: Encrypt video in transit if both the remote site and the Federation host support TLS. Use this option if you are not certain of the capabilities of the Federation host. · Do not encrypt: Do not encrypt video in transit. Only use this option if the video is encrypted through other methods.
9 (Optional) Turn on the Create agents on role servers option. By default, servers hosting Directory, Media Router, and Redirector roles all require internet access for reverse tunneling.
When this option is enabled, only servers listed on the Resources need outbound internet access for reverse tunneling. 10 (Optional) Click the Resources tab and configure failover for the Reverse Tunnel role. For information about role failover, see Setting up role failover on the TechDoc Hub.
After you finish
1. Sign in to the Federation host and confirm that the status of the remote site is Online. 2. Connect the Federation host to the remote site through the reverse tunnel.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

56

Federation through reverse tunneling
Connecting the Federation host to remote sites through reverse tunnels
To connect the Security Center SaaS FederationTM host to a remote site using reverse tunneling, you must follow a specific pattern for the Directory name while configuring the Security Center FederationTM role.
Before you begin
Open a reverse tunnel on a remote site.
What you should know
In Security Center SaaS, the Security Center Federation roles necessary to federate your remote systems are created for you. Configure these roles to connect to your remote systems with the required options.
Procedure
1 In GenetecTM Configuration desktop, sign in to your Security Center SaaS system. 2 Open the System task and click the Roles view. 3 If required, do the following:
a) In the entity tree, select an UnconfiguredFederation and activate the role. b) On the Identity tab, enter a new name and description for this Federation. 4 Select a Security Center Federation role ( ), click the Properties tab, and enter the reverse tunnel name in the Directory field. The reverse tunnel name is formatted as: directory..tunnel.genetec.com, where is the name for the remote site in the Reverse Tunnel Server role. For example, if the remote site is named VM31614, enter: directory.VM31614.tunnel.genetec.com The string is not case-sensitive.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

57

Federation through reverse tunneling
5 Configure the other Federation role settings as needed:
· Username and password: Credentials used by the Federation role to sign in to the remote Security Center system. The rights and privileges of that user determine what your local users can see and do on the federated remote system.
· Resilient connection: Turn this option on to automatically attempt to reconnect the Federation role to the remote site if the connection is interrupted. If the role has been unable to reconnect by the Reconnection timeout, the connection is considered lost and the role goes into a warning state. NOTE: Activating Resilient connection is highly recommended for remote systems that might have an unstable connection to the cloud.
· Reconnection timeout: The number of seconds that the Federation role attempts to reconnect to the Directory before the connection is considered lost.
· Forward Directory reports: Turn this option on to view user activities and configuration changes performed at the federated site. User activities include viewing cameras, activating the PTZ, and so on. This information is provided by the Activity trails and Audit trails reports on the FederationTM host, if the FederationTM user has the privileges and access rights to view them. You can also view the federated units in the Hardware inventory task.
· Default live stream: The default video stream that is used for live video from federated cameras. Remote is selected by default.
If your workstation does not require specific video stream settings for FederationTM, you can use the default stream settings from GenetecTM Operation instead.
· Enable playback requests: Turn this option on for users to view playback video from federated cameras.
· Federate alarms: Turn this option on for users to receive alarms from the federated system. · Federate custom icons: Turn this option on for federated entities to share custom icons with the
Federation host. This means that entity icons in the Federation host appear identical to the federated system. It can take a few minutes to synchronize custom icons. · Federated events: Select events to receive from the federated system. Events are necessary if you plan to monitor federated entities in Genetec Operation, or to configure event-to-actions for the federated entities.
6 Click Apply. The Federation role is configured.
The connection status should say Synchronizing entities, or Connected.
7 After the role successfully connects to the remote system, open the Area view task.
8 Expand the Federation role in the Area view and verify that all federated entities were successfully imported. The entity hierarchy corresponds to the Area view on the federated system. NOTE: It can take up to an hour after synchronizing a new role for video to work.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

58

Federation through reverse tunneling
Resetting reverse tunnels
If the identity certificate of the FederationTM host or remote site is modified while the reverse tunnel is disconnected, you must reset the tunnel by generating and applying a new keyfile.
What you should know
For security reasons, a reverse tunnel keyfile can only be used once. The tunnel keyfile is only needed to establish the first connection from the remote site to the host. NOTE: A tunnel reset is not required if the Federation host certificate is replaced while the tunnel is connected. The new host certificate is propagated to the remote system automatically.
Procedure
1 Generate a new keyfile on the Federation host: a) In Genetec Configuration desktop, sign in to the Federation host system. b) Open the System task and click Roles > Reverse Tunnel Server > Properties. c) Select the site with the broken tunnel and click Force re-enrollment of this site ( ). d) click OK > Apply. The status of the site reverts to Not registered. e) Get the keyfile by doing one of the following: · If your workstation can access the remote site, click Copy keyfile to clipboard ( ). · If your workstation cannot access the remote site, click Save keyfile to disk ( ), and specify the file location. A file named .keyfile is saved to the folder that you select.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

59

Federation through reverse tunneling
2 Apply the new keyfile to the remote site: a) In Config Tool, sign in to the remote system. b) Open the System task and click Roles > Reverse Tunnel > Properties. c) (Optional) Select an Encryption option. IMPORTANT: By default, connections to a Security Center SaaS Federation host require encryption. · Encrypt: Encrypt video in transit from the remote site to the Federation host. · Prefer encryption: Encrypt video in transit if both the remote site and the Federation host support TLS. Use this option if you are not certain of the capabilities of the Federation host. · Do not encrypt: Do not encrypt video in transit. Only use this option if the video is encrypted through other methods.
d) (Optional) Turn on the Create agents on role servers option. By default, servers hosting Directory, Media Router, and Redirector roles all require internet access for reverse tunneling.
When this option is enabled, only servers listed on the Resources need outbound internet access for reverse tunneling. e) Enter the keyfile by doing one of the following:
· If the keyfile was copied to the clipboard, paste it into the Tunnel keyfile field. · Click Select file ( ), browse for the keyfile, and click Open.

3 Click Apply. The Connection status changes to Connected.
After you finish
Sign in to the Federation host and confirm that the status of the remote site is Online.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

60

Glossary

Glossary

Access control
The Access control task is the administration task for configuring your access control entities, which include roles, units, cardholders, credentials, and access rules.

access rule
An access rule entity defines a list of cardholders to whom access is either granted or denied based on a schedule. Access rules can be applied to secured areas and doors for entries and exits, or to intrusion detection areas for arming and disarming.

active alarm An active alarm is an alarm that has not yet been acknowledged.

alarm

An alarm entity informs users of a situation that requires immediate attention and provides details on how it can be handled in Security Center. For example, an alarm can indicate which entities (usually cameras and doors) best describe the situation, who must be notified, how it must be displayed to the user, and so on.

alarm acknowledgment
An alarm acknowledgment is the final user response to an alarm that ends its lifecycle and removes it from the active alarm list.

antipassback
Antipassback is an access restriction placed on a secured area that prevents a cardholder from entering an area that they have not yet exited from, and vice versa.

bookmark
A bookmark is an indicator of an event or incident that is used to mark a specific point in time in a recorded video sequence. A bookmark also contains a short text description that can be used to search for and review the video sequences at a later time.

camera
A camera entity represents a single video source in the system. The video source can either be an IP camera, or an analog camera that connects to the video encoder of a video unit. Multiple video streams can be generated from the same video source.

cardholder
A cardholder entity represents a person who can enter and exit secured areas by virtue of their credentials (typically access cards) and whose activities can be tracked.

cardholder group A cardholder group is an entity that defines the common access rights of a group of cardholders.

Config Tool
Config Tool is the Security Center administrative application used to manage all Security Center users and to configure all Security Center entities such as areas, cameras, doors, schedules, cardholders, patrol vehicles, ALPR units, and hardware devices.

credential
A credential entity represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time.

custom event
A custom event is an event added after the initial system installation. Events defined at system installation are called system events. Custom events can be user-defined or automatically added through plugin installations. Unlike system events, custom events can be renamed and deleted.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

61

Glossary

door

A door entity represents a physical barrier. Often, this is an actual door but it could also be a gate, a turnstile, or any other controllable barrier. Each door has two sides, named In and Out by default. Each side is an access point (entrance or exit) to a secured area.

door contact
A door contact monitors the state of a door, whether it is open or closed. It can also be used to detect an improper state, such as door open too long.

door side
Every door has two sides, named In and Out by default. Each side is an access point to an area. For example, passing through one side leads into an area, and passing through the other side leads out of that area. For the purposes of access management, the credentials that are required to pass through a door in one direction are not necessarily the same that are required to pass through in the opposite direction.

entity

An entity represents anything in your system that requires configuration. This can be a physical device, such as a camera or a door, or an abstract concept, such as an alarm, a schedule, a user, a role, a plugin, or an add-on.

event
An event is a record of an activity or incident that occurred in the system. Security personnel can monitor events in real time and investigate them later. Events can also trigger automations in the system.

event-to-action
An event-to-action links an action to an event. For example, you can configure an alarm to trigger when a door is forced open.

failover
Failover is a backup operational mode in which a role (system function) is automatically transferred from its primary server to a secondary server that is on standby. This transfer between servers occurs only if the primary server becomes unavailable, either through failure or through scheduled downtime.

FederationTM
FederationTM joins multiple, independent GenetecTM security systems into a single virtual system. With this feature, users on a central system, called the Federation host, can view and control entities that belong to remote systems.

FederationTM host
The FederationTM host is the Security Center or Security Center SaaS system that runs FederationTM roles. Users on the FederationTM host can view entities that belong to federated systems and control the entities directly from their system.

Genetec Configuration
GenetecTM Configuration is the Security Center SaaS administrative application used to manage all Security Center SaaS users and to configure all Security Center SaaS entities such as areas, cameras, doors, schedules, cardholders, and hardware devices.

Genetec Operation
GenetecTM Operation is the unified user interface of Security Center SaaS. It provides consistent operator flow across all Security Center SaaS main systems. The unique task-based design of Genetec Operation lets operators efficiently control and monitor multiple security and public safety applications.

identity provider
An identity provider is a trusted, external system that administers user accounts, and is responsible for providing user authentication and identity information to relying applications over a distributed network.

incident category An incident category is an entity that represents a grouping of incident types that have similar characteristics.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

62

Glossary

map

A map entity is a two-dimensional diagram that enables you to interact with your security equipment, while providing a reference to their physical locations and statuses.

map link A map link is a map object that brings you to another map with a single click.

map object
Map objects graphically represent entities, cities, highways, and other geographical features on maps. Using map objects, you can interact with your system without leaving the map.

map preset
A map preset is a saved map view. Every map has at least one preset, called the default view, that is displayed when a user opens the map.

Maps

The Maps task is an operation task that heightens your situational awareness by providing the context of a map to your security monitoring and control activities.

Media Router
The Media Router is the central role that handles all audio and video stream requests in Security Center or Security Center SaaS. It establishes streaming sessions between the stream source, such as a camera or an Archiver role, and the client applications that request the sessions. The location and transmission capabilities of each party determine the routing decisions.

People counting
The People counting task is an operation task that keeps count in real-time of the number of cardholders in all secured areas of your system.

privacy protection
In Security Center, privacy protection is software that anonymizes or masks parts of a video stream where movement is detected. The identity of individuals or moving objects is protected, without obscuring movements and actions or preventing monitoring.

redirector A redirector is a server assigned to host a redirector agent created by the Media Router role.

redirector agent
A redirector agent is an agent created by the Media Router role to redirect data streams from one IP endpoint to another.

Reports
The Reports task enables users to generate customized queries about entities, activities, and events for investigation or maintenance purposes.

reverse tunnel
A reverse tunnel is a private communication channel open between a server inside a secured LAN and a client outside. In the Security Center implementation, certificate authentication is used to protect against manipulator-in-the-middle attacks.

Reverse Tunnel
The Reverse Tunnel role is used on the federated system to connect to the FederationTM host residing in the cloud. The connection is established using a keyfile generated from the cloud system. The keyfile can only be used once to ensure maximum security.

reverse tunneling
Reverse tunneling is a method of securing communication between clients and servers that are behind a firewall. This technique enhances security and simplifies firewall management. When using a reverse tunnel, the server initiates a connection to the client. This tunnel connection is secured by a previously shared keyfile

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

63

Glossary

that contains an identity certificate. When established, the reverse tunnel allows bidirectional communication without opening inbound firewall ports.

Reverse Tunnel Server
The Reverse Tunnel Server role is used on the FederationTM host to manage reverse tunnels. Reverse tunnels are created using this role, but must be opened from the federated sites using the Reverse Tunnel roles.

role

A role is a software component that performs a specific job within Security Center or Security Center SaaS.

Security Center
Security Center is a truly unified platform that blends IP video surveillance, access control, automatic license plate recognition, intrusion detection, and communications within one intuitive and modular solution. By taking advantage of a unified approach to security, your organization becomes more efficient, makes better decisions, and responds to situations and threats with greater confidence.

Security Center FederationTM
The Security Center FederationTM role connects the local system to an independent remote Security Center system. After connecting to the remote system, your local system acts as the FederationTM host and you can view federated entities and events locally.

Security Center SaaS
Security Center SaaS is a unified hybrid-cloud solution offering physical security as a service. It integrates advanced security capabilities, emphasizes cybersecurity and privacy, and manages complex security tasks on premises, in the cloud, or both. With the flexibility of Security Center SaaS, organizations can efficiently monitor and respond to security threats from one place.

task

A task is a customizable user interface designed to handle a specific aspect of your work. For example, you can employ a monitoring task to observe real- time system events, an investigation task to identify suspicious activity, or an administration task to configure system settings.

third-party authentication
Third-party authentication uses a trusted, external identity provider to validate user credentials before granting access to one or more IT systems. The authentication process returns identifying information, such as a username and group membership, that is used to authorize or deny the requested access.

threat level
A threat level warns system users of changing security conditions, such as a fire or a shooting, in a specific area or the entire system. Specific handling procedures can be automatically applied when a threat level is raised or canceled.

tile
A tile is an individual window within the canvas, used to display a single entity. The entity displayed is typically the video from a camera, a map, or anything of a graphical nature. The look and feel of the tile depends on the displayed entity.

tile ID
The tile ID is the number displayed at the upper left corner of the tile. This number uniquely identifies each tile within the canvas.

tile pattern The tile pattern is the arrangement of tiles within the canvas.

user

A user entity is an account with access to the system. System administrators create user entities and configure their rights and privileges on the system.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

64

Glossary

user group
A user group is an entity that defines a group of users who share common properties and privileges. By becoming member of a group, a user automatically inherits all the properties of the group. A user can be a member of multiple user groups. User groups can also be nested.

zone

A zone is an entity that monitors a set of inputs and triggers events based on their combined states. These events can be used to control output relays.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

65

Technical support
GenetecTM Technical Assistance Center (GTAC) is committed to providing its worldwide clientele with the best technical support services available. As a customer of Genetec Inc., you have access to TechDoc Hub, where you can find information and search for answers to your product questions. · Genetec TechDoc Hub: Find articles, manuals, and videos that answer your questions or help you solve
technical issues. Before contacting GTAC or opening a support case, it is recommended to search TechDoc Hub for potential fixes, workarounds, or known issues.
To access the TechDoc Hub, log on to Genetec Portal and click TechDoc Hub. Unable to find what you are looking for? Contact documentation@genetec.com. · Genetec Technical Assistance Center (GTAC): Contacting GTAC is described in the Genetec Advantage Description.
Technical training
In a professional classroom environment or from the convenience of your own office, our qualified trainers can guide you through system design, installation, operation, and troubleshooting. Technical training services are offered for all products and for customers with a varied level of technical experience, and can be customized to meet your specific needs and objectives. For more information, go to http:// www.genetec.com/support/training/training- calendar.
Hardware product issues and defects
Contact GTAC at https://portal.genetec.com/support to address any issue regarding Genetec appliances or any hardware purchased through Genetec Inc.

techdocs.genetec.com | Security Center SaaS Deployment Guide

EN.600.001 | Last updated: September 6, 2024

66

References

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals