DEV Community

Cover image for Genetec Security Center 5.14.0.0: What's Coming, What's Already Here, and Why I'm Still Telling Clients to Wait
Hans Study
Hans Study

Posted on • Originally published at hans.study on

Genetec Security Center 5.14.0.0: What's Coming, What's Already Here, and Why I'm Still Telling Clients to Wait

#genetec #vms #securitycenter #devops

Security Center 5.14.0.0 hit Genetec techdocs on May 13, 2026. That's 12 days ago as I'm writing this. The release is real, it's public, the techdocs are live, the installer is downloadable, and the marketing page is up. My phone has been ringing since the announcement, mostly from clients asking the same question: should we upgrade?

Short answer: not yet. Not because 5.14 looks bad. Because day-1 upgrades on a unified physical security platform that runs your video, your access control, and your alarms are a category of risk that doesn't pay off, ever. My upgrade clock on Genetec major versions starts at 30-60 days post-GA, minimum. Sometimes longer if the release notes hint at deep architectural change. This one does.

Here's what's in 5.14, what I'm excited about, what I'm watching for, and how it stacks against 5.13.3.0 (which is the baseline most production environments should still be on right now).

The "wait 30-60 days" rule, and why it exists

Genetec runs a continuous-delivery model. New minor versions ship roughly every 6-10 months. Bug fixes and cumulative updates ship more often. The first .0 release of any new minor version is, statistically, the version with the most undiscovered issues. Not because Genetec ships sloppy code. Because the matrix of real-world deployments (every combination of hardware, third-party integration, federated topology, and custom workflow) cannot possibly be reproduced in QA.

The first 4-8 weeks after GA is when the early adopters find the edges. The Known Issues page grows. The cumulative update (5.14.0.1, 5.14.0.2) arrives quietly. The patch revision (5.14.1.0) ships with the real "production-ready" version of the platform.

My thought: I tell every client the same thing. The integrator who tells you to upgrade to 5.14.0.0 in your next maintenance window is either eager for the line-item revenue or hasn't been burned by a .0 release yet. Either way, you'd be the test subject.

The exceptions: critical security advisories that mandate a specific minimum version, a feature you genuinely cannot live without (rare), or a brand-new deployment where there's no production version to break. Otherwise, wait.

So with that framing, let's get into what 5.14 actually brings.

The big platform shifts

Web App replaces Web Client, exclusively

This is the headline. Starting in 5.14.0.0, the Genetec Web App is the only web-based client. Upgrading from any prior version automatically migrates Web Client to Web App.

Web Client has been deprecated in slow motion for 2 release cycles. 5.14 closes the door. Web App brings real feature parity with Security Desk for many monitoring workflows: maps, real-time access control event monitoring via Watch list, Mission Control incident handling, secure video sharing to Clearance, work request creation, fleet monitoring.

This matters because it's the first release where remote operators can genuinely do their job from a browser without dropping back to Security Desk for half the tasks. The Web App is also where Genetec is putting most of its forward-looking UX investment.

What to watch: the migration is automatic, but the change in user-facing UI is significant. Any operator runbook, training material, or SOP that references Web Client by name is now outdated. Budget time for documentation updates and operator retraining.

Custom privilege templates

This is the feature I've been asking for. Custom privilege templates let you define precise combinations of privileges, save them as reusable templates, and apply them to users or user groups without manually checking boxes one at a time.

If you read my piece on user granularity, you know I'm a heavy advocate for fine-grained RBAC. The previous workflow for building out 10+ custom roles meant building each role by hand, then trying to remember the exact privilege set when you needed to clone it for a new partition. Custom templates make this maintainable at scale.

My thought: this is the kind of feature that quietly transforms how administrators manage their systems. It won't make a marketing slide jump off the page, but the admins who live in User Management will notice immediately.

Microsoft Entra OAuth for SMTP

Basic authentication is being phased out across Microsoft 365 SMTP. 5.14 brings native Entra OAuth support for email delivery, which means your Security Center email notifications can keep flowing through Microsoft 365 without falling back to less-secure auth methods or app passwords.

Small feature, big real-world impact for any environment standardized on Microsoft 365 for tenant email.

Media component now runs 64-bit

This is the architecture change I've been waiting on. The media component (which handles decoding, the Media Gateway, and Web App video processing) is now 64-bit. The direct effects:

  • Better decoding performance and lower latency.
  • Full compatibility with NVIDIA RTX 50X series GPUs (the current generation, which 32-bit had real trouble with).
  • Smoother Media Gateway operation, especially at scale.

The follow-on effect: this is one of the architectural pieces Genetec needed to address before the platform could move further toward modern hardware acceleration and cloud-edge workloads. It's not the only piece, but it's a necessary one.

Time drift alerts between Directory and failover/expansion servers

If you read my 5.13.3.0 review, you know time-drift visibility on the client was a welcome addition. 5.14 takes the next step: the Directory now actively detects and reports time drift greater than 10 seconds between itself and connected failover or expansion servers, raising health events and admin warnings when drift is detected.

This is the system-wide health view I was asking for in the 5.13.3 write-up. Genetec moved on it faster than I expected.

Retain audit trail when replacing a camera

When you use the Unit replacement tool, you can now preserve the original camera's activity and audit trail data and merge it with the new unit. This is a compliance-driven feature with real teeth: for any environment subject to evidentiary retention or audit requirements, the previous behaviour of losing the audit chain when swapping hardware was a gap that had to be papered over with manual records. 5.14 closes the gap natively.

Access control: the HID VertX/Edge end-of-life notice

This is the section every Synergis customer needs to read carefully.

Native HID VertX and Edge controller integration is officially marked end of life in the 5.14 release notes. HID itself reached EOL on these products back in 2023, which means no firmware fixes, no new features, no security patches from HID. Genetec is supporting them through the lifecycle of the 5.14 branch, but the techdocs include this language:

Since HID no longer provides fixes or develops new features for these controllers, we strongly recommend planning for a hardware replacement before upgrading to Security Center 5.15.

In plain English: you have one Security Center major version of runway. After that, your VertX or Edge controllers won't be supported. If you're on Synergis with HID hardware that hits this category, your hardware refresh planning starts now. Mercury MP1502/MR52 panels remain the standard upgrade path, with Axis A1610 and A1810 picking up share on the newer deployments.

Other access control items worth noting:

  • PIN credentials now require dual-entry on creation and modification, which catches typos that previously locked cardholders out until manual reset.
  • A new View PINs privilege separates PIN visibility from credential code visibility, which is a quiet but meaningful data-protection improvement.
  • Cardholder, Visitor, and Credential management tasks now require both the task privilege and the corresponding View properties privilege. This is going to surface on upgrade as users who previously had implicit read access suddenly get permission errors. Plan for it.

Video enhancements worth flagging

Granular firmware upgrade privileges

The previous "Upgrade video units" privilege has been split into two:

  • Upgrade video units using the Genetec Update Service (GUS), which restricts upgrades to Genetec-certified firmware.
  • Upgrade video units using user-provided hardware (the new name for the old broad privilege), which allows uploading firmware files from the manufacturer directly.

Default templates include only the GUS privilege; user-provided uploads have to be explicitly granted. This is the right default. Existing users with the old privilege get both new ones automatically, but for new deployments and new roles, you're now opting into raw-firmware-upload capability rather than getting it implicitly.

My thought: I've been at sites where a junior tech downloaded the wrong firmware from a sketchy mirror and bricked 6 cameras in an afternoon. This privilege split would have prevented that. Welcome change.

Visual tracking overlays

When configuring visual tracking, you can now add polygons, images, and text objects to help operators understand the camera layout. Useful for complex sites where the spatial relationship between cameras isn't obvious from a tile view.

Watermarking enhancements

Watermarks can now be applied to live, playback, and exported video individually or in any combination, with custom text up to 100 characters, configurable colour and outline, and an auto-scale option to keep the watermark visible within the frame.

For evidentiary workflows where chain of custody matters, this is overdue.

Federated stream statistics via PowerShell

A new ShowFederatedStreams debug command accessible through Server Admin or the Genetec PowerShell module gives operators a way to monitor active federated streams, bit rates, and playback sessions without bouncing between interfaces. Useful for federated environments where stream-level visibility was previously buried.

# Available via Server Admin or the Genetec PowerShell module
ShowFederatedStreams
Enter fullscreen mode Exit fullscreen mode

Automation: the next step beyond delays

5.13.3.0 introduced delays between automation response actions. 5.14 adds the next obvious step: a Wait for event action that pauses execution until a specific event occurs (or skips remaining actions if it doesn't happen within a defined timeout).

Combined with time-zone-aware scheduling (also new in 5.14) and the new Automation Manager health events for overload conditions, the automation engine is starting to look like a real workflow tool rather than the basic event-action pair it used to be.

What's still missing

Same wishlist as my 5.13.3.0 review. None of these landed in 5.14:

  • Native, structured log streaming to SIEM. Still SDK or third-party connector territory.
  • Native MFA for local accounts. Still relies on AD or external IdP for second factor.
  • Linux server option for Directory, Archiver, or Access Manager roles.
  • True hybrid parity between SaaS and on-prem feature sets. The gap is, if anything, wider with this release.

The custom privilege templates feature partially addresses the "finer RBAC" item from my last wishlist. The 64-bit media component is the kind of architectural change that opens doors for future capability without being the door itself. The HID EOL is a forcing function on hardware refresh planning for a chunk of the installed base.

My thought: Genetec's pace is steady, and the changes are mostly the right ones. The frustrations are mostly the things that haven't moved.

How 5.14 compares to 5.13.3.0

If you read my 5.13.3.0 review, the comparison is roughly:

Release Type Highlights Risk Profile
5.13.3.0 Polish Batch firmware, AV1 codec, copy-config privilege, client time-drift Low, broadly applicable
5.14.0.0 Platform Web Client retirement, 64-bit media, custom privilege templates, HID EOL Higher, more upgrade considerations

If you're on 5.13.2.0, your immediate path forward is still 5.13.3.0, not 5.14.0.0. That's the safer step in any case, and the patch revisions on 5.13.3.x will continue for the foreseeable future.

The upgrade timeline I'm telling clients

  • Now through end of June 2026: stay on 5.13.3.0 (or 5.13.2.0 if you haven't moved yet). Read the 5.14 release notes. Identify what affects your environment.
  • July 2026: watch for the first cumulative update (probably 5.14.0.1 or 5.14.0.2). Read the Known Issues page. Note which issues are resolved and which are deferred.
  • August through September 2026: if 5.14.1.0 or later has shipped and the Known Issues list looks clean for your deployment profile, plan your upgrade. Test on a non-production system first. Verify your federated systems, your SDK integrations, your custom workflows, and your operator training materials.
  • Q4 2026: roll the upgrade in your normal maintenance windows, deployment by deployment, not all sites at once.
  • Through 2027: plan your HID VertX/Edge hardware refresh before 5.15 forces the issue.

This isn't a Genetec-specific timeline. It's the same approach for any major platform upgrade on a system that touches life-safety, evidence, and critical operations. Move deliberately. Verify at each step. Don't be the test subject.

My take

  • 5.14 is a real platform release, not a polish release. Architectural changes (64-bit media component, Web App exclusivity, custom privilege templates) outweigh feature additions.
  • Web Client is gone. The Web App migration is automatic, but your operator training materials and runbooks aren't going to update themselves.
  • Custom privilege templates finally let you build the 10-role hierarchy properly without rebuilding it by hand for every partition. Quiet win, big admin impact.
  • HID VertX and Edge: the clock is now visible on the wall. One major version of runway. Plan the controller refresh before 5.15 forces it.
  • 64-bit media component opens the door to RTX 50X series GPUs and architectural moves Genetec couldn't make on the 32-bit stack. Watch this space.
  • It's a fresh .0 release on a unified security platform. Wait 30-60 days. Read the Known Issues page. Watch for 5.14.0.1 and 5.14.1.0. Then plan the upgrade in a real maintenance window.
  • The integrator pushing you to upgrade in your next maintenance window is either eager for the line-item revenue or hasn't been burned by a .0 release yet.

Have you deployed 5.14.0.0 yet? Lab or production? I'm curious what others are seeing in the wild. Drop your experiences in the comments.

Hans Study, CISSP, advises end users and integrators on Genetec deployments, including upgrade planning, hardening, and lifecycle management. More at hans.study.

Top comments (0)