BioConnect Enterprise

Architecture Overview
 109 Atlantic Avenue, Suite 202
Toronto, ON Canada
M6K 1X4

Contents
Summary ...................................................................................................................................... 2
What is BioConnect Enterprise Replication offering? ................................................. 2
What are the primary benefits of data replication? ...................................................... 2
Architecture Overview .............................................................................................................. 4
General MAS/SAS Architecture.......................................................................................... 4
Detailed Overview ...................................................................................................................... 6
Summary of Resiliency components ................................................................................ 6
Deployment Architecture Overview .................................................................................. 7
BioConnect Enterprise Server............................................................................................ 7
BioConnect Enterprise Client ............................................................................................. 7

1
 109 Atlantic Avenue, Suite 202
Toronto, ON Canada
M6K 1X4

Summary
This document is intended for audiences considering a move to BioConnect’s data replication offering, it
will go through providing a basic understanding of database replication in the context of BioConnect,
benefits, architecture and basic things required before deciding to upgrade your system.

What is BioConnect Enterprise Replication offering?

Database replication is a method of copying data across your system to ensure that relevant information
is identical across all your databases. BioConnect Enterprise (BCE) is often deployed across different
locations with thousands of biometric readers which means there are a lot of data elements at play. A
basic BioConnect system has data elements such as:

• User and credential data getting synced from your PACs system.
• BioConnect software server and biometric device communication
• BioConnect software server and local client communication.

When the system is expanded to across several regions, the data is never stagnant - it’s important to
ensure this data is consistent, resilient, and performant regardless of location.

For large scale deployments, BioConnect Enterprise software is often deployed in a hub and spoke setup.
This is a topology that lets the software be configured such that there is a central node (Master
Application Server) and all other nodes (Satellite Application Servers) only have a connection to this
central node. This is also sometimes referred to informally as a MAS/SAS setup. This adds a new data
element in that the MAS -SAS communication which must be used to ensure near real-time data
replication, but this is the basis of the BioConnect Replication offering, ensuring local redundancy,
performance, and data consistency across large scale systems.

What are the primary benefits of data replication?

Some general use cases driving an Enterprise deployment for customers include:

• Consolidation of data across different sites

• Large scale deployments where load on one single server is too high.
• High availability requirement of the database
• Regional database replication to improve user experience.

Let’s start with resilience and recovery. In case of outages, data is stored across multiple servers across
the network. If a Satellite Application Server (SAS) loses connectivity to the Master Application Server
(MAS), customers at that SAS region can continue to do biometric enrollments. Due to the consistent
duplication of records, user data, transactions at different locations - data such as an enrolled biometric
template not lost and can help improve data availability and accessibility. This is critical in a software
intrinsic to physical security and driving user experience for employees at a secure door.

2
 109 Atlantic Avenue, Suite 202
Toronto, ON Canada
M6K 1X4

By spreading the data across multiple sites, customers have seen improved performance as opposed to
deploying a single instance of BCE which needs to support an increasing number of biometric devices,
cardholders, and transactional data. A distributed system leads to improved performance and reduced
processing time at large scale. This leads to some tangible benefits such as being able to connect more
devices to a system.

In a global system, it is also possible to encounter latency issues while access data in a Server Matching
scenario. While minor in a biometric authentication use case, having a distributed system and speedier
access to data improves performance by reducing latency as well.

For disaster recovery scenarios, database replication can be key in ensuring uptime and limited data loss.
Customers often deploy BioConnect Enterprise in a clustered configuration.

For customers utilizing BioConnect’s “ACM Sync” capability to stay in sync with your PACS servers for
cardholder information, this can also help reduce load on the primary ACM server. The PACS Server
would only be connected to one BioConnect server (the MAS) instead of each disparate deployment of
BioConnect all requesting updates for the same cardholder information. This can help reduce any
potential performance impact on unrelated functionality of the PAC.

3
 109 Atlantic Avenue, Suite 202
Toronto, ON Canada
M6K 1X4

Architecture Overview
As mentioned, BioConnect uses a Hub-and-spoke topology to set up a BioConnect server that is
configured as a MAS and satellite servers running as SAS. The MAS syncs periodically with the customer
ACM server to ensure cardholder information is up to date. Each SAS gets user information from the MAS
which is responsible as the primary source of user and card information in the system.

Biometric devices are added at each SAS level (regionally) and are responsible for handling device
template matching and saving enrollments. This enrollment is distributed to other systems via the
BioConnect replication engine as well. The MAS reaches out to pull information and sync from and to the
SAS.

General MAS/SAS Architecture

The BioConnect replication engine is a java based, light weight program that is configured as part of
BioConnect Enterprise SAS & MAS installs for replication customers. The MAS will reach out to pull
information and sync from the SAS. In this scenario, the MAS is the orchestrator. This is a transactional
replication model where changes are replicated across the system for specific data in increments. It is not
a copy of the entirety of all data changes. This helps make the system more performant and offers near
real-time consistency across all data locations. HTTPS communication is used.

4
 109 Atlantic Avenue, Suite 202
Toronto, ON Canada
M6K 1X4

SAS Install Screen

A node can be clustered to provide high availability and load balancing. Generally, in a clustered server
configuration, multiple applications can connect to the same database to work on the same tasks which
provides high availability of the application server. Clustering and Failover is a common use case that is
supported by BioConnect for our replication engine. If any machine fails, a backup can be used for
continuous uptime such as in an Active/Passive cluster. Note that external load balancers must be
provided to handle failover and balance the https requests across the replication instances.

BioConnect only replicates a subset of the information inside of the database. This provides more
flexibility in environment setup. The data movement around the system corresponds to three areas of
information.

• Cardholder Information
• Card Information
• Biometric Template

5
 109 Atlantic Avenue, Suite 202
Toronto, ON Canada
M6K 1X4

Detailed Overview
For customers that require additional resiliency there are clustering and failover options available for
certain parts of the application as indicated in the previous sections. Additionally, inside of this section
additional considerations for larger multi-region projects are indicated.

For any configuration it is highly recommended that the customer has a lower environment that can be
used to test and validate changes prior to deployment and for ensuring that clear expectations inside of
the infrastructure can be set for customer Disaster Recovery and failover scenarios.

Summary of Resiliency components

More specifics around the implementation of these components and the requirements are outlined in the
section below.

Application Replication Clustering configuration [SDS]

Our replication component supports a clustered configuration so systems can quickly recover in the event
there are access or other network related issues that can occur across a large infrastructure.

• Customer is responsible for providing load balancer needed for clustering configuration. These
specific requirements should be discussed with BioConnect team prior to deployment.

Application BioConnect Enterprise Failover Configuration

The BioConnect application can be configured to support failover by adding an additional failover server
to your application instance. This setup will have one application server set as the primary connected to
the databases [Symmetric & BioConnect Primary] and actively managing the devices.

An additional server with the same configuration will be set in an inactive state that is not actively
connected to the existing databases or managing the devices. During an outage event the primary server
will be shut down and the secondary server brought online. As the database will be current the second
application server will pick up on all new data prior to the outage.

Database Failover configuration [Availability Groups]

BioConnect Enterprise versions 5.1 and above support availability group configuration for SQL Server.
This allows customers to provide protection for database access to maintain uptime requirements without
needing to make any application adjustments.

• The customer is responsible for the configuration of SQL server to accommodate this setup.
• Nonstandard SQL Availability group configurations will need to be discussed with BioConnect
team prior to implementation.

6
 109 Atlantic Avenue, Suite 202
Toronto, ON Canada
M6K 1X4

Requirements
Note that this is intended for an average system and may be different for high load systems. BioConnect
recommends discussing your deployment specifics to determine the optimal configuration of the systems
prior to

BioConnect Enterprise Server

Note that below is intended for an average system (~ 20,000 cardholders). Higher load systems may
require different system specifications.

Minimum Recommended
x64-capable dual core processor with x64-capable quad core processor with
CPU
speeds of 2.4 GHz or more speeds of 2.7 GHz or more
HDD 10 GB Available Space 30 GB Available Space
RAM 8 GB 16 GB
OS Windows Server 2016 Windows Server 2019
Database SQL Server 2016 or above
.Net Framework 4.0 and above
RabbitMQ 3.10.7
Installed
Erlang version 25.0
Features
BioConnect Network Utility Tool
BioMini Driver 2.2.0
Firewall TCP/UDP Ports 8139 (Server), 5671 (RabbitMQ),
[Open Ports] 51212 (Gen2)

BioConnect Enterprise Client

Minimum Recommended
CPU x64 or x86 dual core processor with speeds x64-capable quad core processor with speeds
of 2.4 GHz or more of 2.3 GHz or more
HDD 8 GB 16 GB
RAM 4GB 8GB
OS Windows 10 Windows 10

In addition to above, you will need to have at least one BioConnect Enterprise MAS license and
BioConnect Enterprise SAS licenses depending on the number of nodes you have.

SQL Server Requirements

Please follow Microsoft’s recommendation for requirements. Click Here to follow the link to
Microsoft's Recommendation for SQL Server specifications. Even thought Microsoft does
recommend a minimum of 4GB of memory, BioConnect recommends configuring SQL Server to
have 12GB of memory.

In addition, to Microsoft’s Server requirements the BioConnect DB will require the following:

7
 109 Atlantic Avenue, Suite 202
Toronto, ON Canada
M6K 1X4

• MAS Database 5GB of Hard Disk Space

• SAS Database 2GB of hard Disk Space