Alert EnterpriseWiki

Genetec Security Center

Genetec·AE_HSc_GenetecConnectorGuide

PACSactiveGenetec Security Center 5.7
Transports
rest · jdbc · sdk
Direction
bidirectional
Authentication
OAuth 2.0 via Apigee Gateway +1
Topology
hybrid
Compare with another connector →Open in composer →

Overview

The Genetec connector integrates AlertEnterprise with Genetec Security Center, a unified physical-security platform combining access control, video surveillance, and licence-plate recognition. The connector handles cardholder lifecycle (create / update / lock / unlock / delimit / delete) and credential lifecycle (assign / activate / deactivate badge) bidirectionally, plus event reconciliation back from Genetec into the AE platform.

Topology: AlertEnterprise calls the Alert Genetec Connector Agent (an IIS-hosted .NET web service deployed on a customer-controlled Windows Server), which in turn invokes the Genetec Security Center SDK to drive the on-prem Genetec deployment. An optional OAuth-gated Apigee gateway sits between AE and the Connector Agent to mediate authentication for cloud deployments.

Authentication is OAuth 2.0 client credentials when fronted by Apigee; direct deployments rely on the SDK's own auth model. SSL/TLS termination requires the Genetec SDK certificate to be imported into the Java keystore on the AE host.

Architecture

Composed from this connector's actors + edges. Trust zones are color-coded; trust crossings render as thicker lines.

Composing diagram — running ELK layout4 actors · 6 edges

Authentication

2 methods supported

OAuth 2.0 via Apigee Gateway
oauth2-client-credentials

For cloud / managed deployments, AlertEnterprise authenticates to the Connector Agent through an Apigee gateway using OAuth 2.0 client credentials. The gateway URL pattern is https://{env}.api.test.com/partner/genetec/security-center/v1. Credentials are scoped per environment (beta / stage / prod).

Credential storage
AE connector configuration (encrypted at rest)
Genetec SDK SSL certificate
client-certificate

The Genetec SDK requires an SSL certificate to be exported from the SDK URL and imported into the AE host's Java keystore (cacerts) using keytool. This is required for the Connector Agent to communicate with the Genetec Security Center over HTTPS.

Credential storage
Java keystore on AE host

Endpoints

1 endpoint exercised by the connector

MethodPathDescriptionCategory
POST/partner/genetec/security-center/v1Apigee-fronted gateway endpoint for cloud-routed Genetec connector operations.provisioning

Prerequisites

Everything that must be in place for this connector to work, with the owner who's responsible.

Genetec SDK License

customer

A Genetec SDK License must be procured and applied to the Genetec Security Center deployment before the connector can drive it. Verify via Purchase Order entry in the Genetec admin UI.

IIS Server 8.0+

customer

The Alert Genetec Connector Agent is an IIS-hosted .NET web service. IIS Server version 8.0 or above must be installed on the host before agent deployment.

Microsoft .NET Framework 4.0+

customer

The Connector Agent requires .NET Framework 4.0 or above on the IIS host.

Genetec SDK SSL certificate in Java keystore

ae

The SDK's SSL certificate must be exported from the Genetec SDK URL (Base-64 X.509 .CER format) and imported into the AE host's Java keystore using keytool before the connector can establish secure SDK communication.

Known limitations

Documented constraints to set customer expectations before deployment.

Custom card formats require per-deployment configuration

informational

Non-standard card formats (anything outside Genetec's default Wiegand templates) must be defined per-deployment via the Provisioning configuration. The connector does not auto-discover custom formats from the Genetec System.

Data fields

4 fields mapped between AE Guardian and the vendor system.

AE fieldVendor fieldDescriptionDirectionRequired
UserCardholderCardholder records in Genetec map to User entities in AE. The connector creates, updates, locks, unlocks, delimits, and deletes cardholders via the Genetec SDK.bidirectionalyes
CredentialBadge / CredentialPhysical badge / credential records assigned to Cardholders. Connector adds, activates, and deactivates badges.bidirectionalyes
Partition MembershipPartitionMembershipGenetec uses Partitions to scope cardholder visibility; the connector reads PartitionMembership to enforce multi-tenant boundaries on reconciliation queries.inboundno
Access EventUserEvent (access granted / denied / alarm)Reconciliation pulls access events back into AE for audit and downstream policy decisions.inboundno

PACS specifics

Cardholder model

Cardholder is the principal entity. Each Cardholder has zero or more Credentials (badges). Cardholders are scoped by Partition; PartitionMembership controls multi-tenant visibility.

Access rights model

Access rights are assigned to Cardholders via Genetec's native access control model (Access Levels + Schedules). The connector reads and writes these but does not redefine the model.

Multi-tenancy

Partition-based — Genetec's native Partition model is the multi-tenant boundary. AE provisioning operations honor Partition scope via PartitionMembership queries.

Topology + Events
Topology
hybrid
Event model
both
Anti-passback
unknown
Holiday schedules
unknown
Card formats
Wiegand (Genetec defaults)Custom Card Formats (per-deployment configuration; see prerequisites)
Source materials
  • src/connectors/genetec/source.pdf p7 — Chapter 1, Supported Version
  • src/connectors/genetec/source.pdf p7 — Provisioning Capabilities
  • src/connectors/genetec/source.pdf p9 — Connector Architecture
  • src/connectors/genetec/source.pdf p28 — OAuth Framework Implementation for Genetec via Apigee Layer
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.