<aside> 💡 This article describes the Floorsense system architecture and security controls

</aside>

Contents

Introduction

This document describes the data security elements present in the standard Floorsense(including Smartalock) system so as to be evaluated against a clients IT security requirements. There are 2 types of system deployments with each having different sets of sensor devices and thus security considerations – Floorsense and Floorsight.

Floorsense provides a occupancy reading for the area it is attached to providing customers with occupancy data relating to workspaces without knowing anything about the end users at each workspace.
Floorsight has the same occupancy sensor, but also provides a top of desk combo RFID reader with Wireless/Wired charger. Floorsight allows end users to tag on and off workspaces with building swipe cards or smartphones. Floorsight provides customers with detailed occupancy data coupled with specific user utilisation, way finding, location searching and more detailed reporting.
Floorsight with Smartalock adds the Smartalock locker system into the Floorsight deployment which adds locker reservation and sharing to the data model associated with each user.

System Architecture Options

There are different possible locations for the control logic and client data source repository

– either on premise hosted at the client site, or hosted by Floorsense in our cloud service, ora mixture option called Hybrid where an on-premise controller houses all client data and control logic, but the source of such client data (ie user names, email addresses) is located in a client cloud repo such as Azure AD / Microsoft Graph and is accessed via a SSO method.

The following table summarises the differences in System Architecture options

Architecture Option	Fully On Premise	Hybrid	Cloud
Master Controller Location	On Premise	On Premise with VPN to FS Cloud	Master Controller hosted as a VM at FS Cloud (Amazon AU or NZ
End User Database Source Options	Typically On Premise via client Firewall - SSO source is option	SSO / Microsoft Graph generated	SSO / Microsoft Graph generated

System Architecture – On Premise

The below drawing shows the typical deployment architecture and traffic flows between system components in a full Floorsense / Floorsight / Smartalock deployment where the main controller (“Master” or “Primary” controller) is physically located at the client site.Under this option if client does not wish to have end user smartphone access, the InternetVPN connection would only be used for Floorsense to provide remote support. (Green line)