About ClearID architecture

2024-08-19Last updated

Genetec ClearID™, offered as a globally distributed, European-only, Canadian-only, or Australian-only solution, synchronizes data between local sites, regional services, and global services. The web application modules perform tasks or share data between the authoritative sources, ClearID, and the endpoints.

Important: Transferring or copying a customer account from one instance to another isn’t supported.

Globally distributed architecture

The following diagram illustrates the globally distributed solution. The diagram shows what data is stored, where data is stored, and how data flows between the local sites, the regional services, and the global services.
Note: Regional services and global services data is stored in the cloud.
ClearID takes advantage of the following:
  • Multiple Azure data centers to minimize the risk of downtime.
  • Encrypted employee data to minimize the risk of data theft.
  • Geo-localized data to maintain less infrastructure and provides an optimized approach for data flow performance.
Architecture diagram for ClearID showing the globally distributed solution and the flow of data between local sites and across regional and global services.
Note: 1For more information about which data centers are used in the Global deployment, see the Microsoft Corporation entry in the ClearID section of the Genetec Subprocessors list.

For visitors, the relevant guest information is stored in global storage with the visit event information. This information is then transferred to the Security Center managing the site visited.

Europe only architecture

The following diagram illustrates the Europe-only solution where data is stored in European data centers. For example, when customers or company policies require data to be stored in European data centers.
Architecture diagram for ClearID Europe only solution showing the flow of data between local sites and the global and regional services.
Note: You can also choose from Canada-only and Australia-only data storage solutions.
Canadian data centers
  • Primary data center: Azure Central Canada (Ontario)
  • Secondary data center: Azure East Canada (Quebec)
Australian data centers
  • Primary data center: Azure East Australia (New South Wales)
  • Secondary data center: Azure Central Australia (Canberra)

ClearID modules

The following diagram illustrates the ClearID web application modules that are available to customers:
Diagram of ClearID web application modules that are available to customers and how they relate to a source, a service, or endpoints.
Authoritative source
Shows the identity provisioning options that are available to customers. You can create identities in ClearID from one of the data sources (Databases, HR, External sources) by using one of the tools (Genetec ClearID™ One Identity Synchronization Tool, Genetec ClearID™ API, or the Genetec ClearID™ LDAP Synchronization Agent).
Global identity management service
Shows an overview of the features and services offered by the ClearID platform.
Endpoint
Shows the modules that customers directly interact with. These modules are where the customer enters their data or configures their system.

Cloud architecture

ClearID is deployed on the Microsoft Azure cloud platform, to take advantage of its industry-recognized security. Microsoft Azure has been audited against SOC 1, SOC 2, and SOC 3 standards. Audits are conducted in accordance with ISO SSAE 16 and ISAE 3402 standards. Certifications are regularly updated and can be provided upon request. Azure is also compliant with ISO 27001.

The service architecture is built for High availability (HA) and scalability. Data stored in ClearID is redundant, ensuring the redundancy of critical data and mitigating the impact of hardware failure. This architecture, coupled with the robustness of the underlying Microsoft Azure cloud, means that we can provide a 99.9% SLA.

Security controls
Microsoft Azure adheres to a rigorous set of security controls that govern operations and support. Microsoft deploys a combination of preventive, defensive, and reactive controls including the following mechanisms that help to protect against unauthorized developer or administrative activity:
  • Strict access controls on sensitive data, including a requirement for two-factor smart card-based authentication to perform sensitive operations.
  • Combinations of controls that enhance independent detection of malicious activity.
  • Multiple levels of monitoring, logging, and reporting.
  • Security reports can be used to monitor access patterns and to identify and reduce potential threats proactively.
  • Microsoft administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.
High availability

Azure facilities are designed to run 24x7x365 and use various measures to help protect operations from power failures, physical intrusions, and network outages. These data centers comply with industry standards for physical security and availability. Microsoft operations personnel manage, monitor, and administer these azure facilities.