Professional Documents
Culture Documents
Ar 10steps Secinfowatch Us 0612 PDF
Ar 10steps Secinfowatch Us 0612 PDF
watch
.com
10Dispelling
Steps to athe
Successful
Top 10
IPMyths
Surveillance Installation
of IP Surveillance
ALL THIS IS JUST ONE MANS RESPONSIBILITY.
Guess who he calls about video surveillance?
www.axis.com
FREE! Your copy of the Axis technical guide to network video at www.axis.com/free_guide/
10
Video Surveillance
Steps
to a Successful
IP Surveillance Installation
By Fredrik Nilsson
The following are a series of articles looking Step #5: Incorporating Analog Cameras with Video Servers. . . . . . pg. 13
at the steps to a successful IP surveillance installa- Step #6: Wireless Networking Options for Surveillance
tion. Fredrik Nilsson, general manager at IP sur- Video Transmissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . pg. 14
veillance manufacturer Axis Communications,
Step #7: Designing the Network. . . . . . . . . . . . . . . . . . . . . . . . . pg. 16
has authored 10 articles on how to successfuly
install an IP surveillance system that have been Step #8: Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . pg. 18
published on securityinfowatch.com and in Step #9: Hot Technologies Definining IP Surveillance: Intelligent
Security Technology & Design. Mr. Nilsson can Video, Megapixel Cameras and Immersive Imaging. . . . . pg. 20
be reached at fredrik.nilsson@axis.com.
Step #10: Best Practices for IP Surveillance Projects. . . . . . . . . pg. 22
portant consideration for security and sur- a vendor where the innovation, support, than buyers have experienced with analog
veillance applications. upgrades, and product path will be there technology. The end user has to be smart.
Extensive support of Video Management for the long term. Vendors will tell a lot of great sounding sto-
Applications The security industry mi- Just like with analog cameras, not all ries, but the user has to have a solid list of
gration to network video includes the use network cameras are created equal. Far evaluation criteria, test the different choic-
of open systems and platforms. Make sure from it, and the differences among network es, and understand the differences between
to select a network camera that has open cameras are greater and more significant the available products.
interfaces (an API or Application Program-
ming Interface), which enables a large va-
riety of software vendors to write programs Network Camera Check List Suggestions
for the cameras. This will increase your
choices in software applications and will Lens: F2.0 and auto iris for outdoor applications
ensure that you are not tied to a single ven- Image sensor: Progressive scan CCD image sensor or high
dor. Your choice of network camera should quality CMOS
never limit vendor options and functional- Resolution: 640x480
ities.
Vendor history and focus It is impor-
Frame rate: 30 frames per second
tant to make network camera decisions Video formats: MJPEG & MPEG4 at Advanced Simple Profile
based on estimations of future growth and level 5
the need for added features and functional- Power over Ethernet: 802.3af compliant
ity. This means your network camera man- Audio: G.711 or AAC-LC format
ufacturer is going to be a long-term partner. Software compatibility: Open API supported by many
Its important to choose a solid partner, so Network Video Recorder software developers
be sure to look for a company that has a
large installed base of cameras, is profit-
Security: Multi-level user name/password protection minimum
able, focuses on network camera technolo- and IP filtering and HTTPS for high security requirements
gy, and offers you local representation and Management: Built in web interface and multi-camera
support. You want to choose a camera from management application
reducing the amount of data transferred and in a MPEG-4 system, there is more latency court system, which has been leading digi-
stored in a network video system. There are before video is available at the viewing sta- tal video admissibility, requires an audit
advantages and disadvantages to each, so it tion. The viewing station needs to be more trail that describes how the images were
is best to consider the goals of the overall powerful (and hence expensive) to decode obtained, where they were stored, etc., to
surveillance system when deciding which of MPEG4, as opposed to the decoding of Mo- make sure the information is not tampered
the two standards is most appropriate. tion JPEG streams. with in any way. As digital video becomes
Due to its simplicity, Motion JPEG is of- One of the best ways to maximize the more widely adopted, the issue of admis-
ten a good choice. There is limited delay benefits of both standards is to look for net- sibility in court will be one to watch.
between image capturing, encoding, trans- work video products that can deliver simul- Compression is one of the most impor-
fer, decoding, and finally display. In other taneous MPEG-4 and Motion JPEG streams. tant factors to building a successful net-
words, Motion JPEG has very little latency, This gives users the flexibility to both maxi- work video system. It influences image and
making it most suitable for real-time view- mize image quality for recording and reduce video quality, latency, cost of the network,
ing, image processing, motion detection or bandwidth needs for live viewing. storage, and can even determine whether
object tracking. One other item to keep in mind is that video is court admissible. Because of these
Motion JPEG also guarantees image qual- both MPEG-2 and MPEG-4 are subject to considerations, it is important to choose
ity regardless of movement or image com- licensing fees, which can add additional your compression standard carefully ...
plexity. It offers the flexibility to select ei- costs to the maintenance of a network vid- otherwise, the video may be rendered ob-
ther high image quality (low compression) eo system. It is important to ask your ven- solete for your purposes.
or lower image quality (high compression), dor if the license fees are paid. If not, you
with the benefit of smaller file sizes and de- will incur additional costs later on. Does one compression
creased bandwidth usage. The frame rate standard fit all?
can easily be adjusted to limit bandwidth Other Considerations When considering this question and when
usage, without loss of image quality. Another important consideration is the use designing a network video application, the
However, Motion JPEG files are still typi- of proprietary compression. Some vendors following issues should be addressed:
cally larger than those compressed with dont adhere to a standard 100 percent or use What frame rate is required?
the MPEG-4 standard. MPEG-4 requires their own techniques. If proprietary compres- Is the same frame rate needed at
less bandwidth and storage to transfer sion is used, users will no longer be able to ac- all times?
data resulting in cost savings. At lower cess or view their files should that particular Is recording/monitoring needed at
frame rates (below 5 fps) the bandwidth vendor stop supporting that technology. all times, or only upon motion/event?
savings created by using MPEG-4 are lim- Proprietary compression also comes into For how long must the video
ited. Employing Motion JPEG network consideration if the surveillance video will be stored?
cameras with video motion detection built potentially be used in court. If so, using What resolution is required?
in, is an interesting alternative, if a higher industry standard compression ensures What image quality is required?
frame rate is only required a portion of that video evidence will be admissible. What level of latency (total time for
the time when motion is in the image. If Some courts believe that evidentiary video encoding and decoding) is acceptable?
the bandwidth is limited, or if video is to should be based on individual frames, not How robus/secure must the system be?
be recorded continuously at a high frame related to each other or manipulated. This What is the available network
rate, MPEG-4 may be the preferred option. would eliminate MPEG because of the way bandwidth?
Because of the more complex compression the information is processed. The British What is the budget for the system?
so. As employees use their cardkeys for ac- the area both for security purposes and for
cess, officers are able to match live images monitoring processes.
of the people against pictures stored in the Audio can also be easily integrated with
access control database. This also saves of- video management systems because net-
ficers from manually verifying false alarms, works can carry any type of data. Depend-
which saves time and manpower. ing on the video file format, audio can be
Video management systems also enable transported with or in tandem to the video
video to be integrated into industrial auto- stream. This reduces the need for extra ca-
mation systems or BMS, such as heating, bling - as opposed to analog systems where
ventilation, and air conditioning systems an audio cable must be installed along with
(HVAC). To do this, digital inputs and out- the coaxial. Integrating audio into the sys-
puts (I/O) provide data to the system or tem makes it possible for remote personnel
the network cameras for functionalities to hear and speak with possible perpetra-
The Michigan State Polices Forensic Science like controlling the heating or lighting in a tors. Audio can also be used as an indepen-
Lab used video management to integrate room when it is not in use. dent detection method, triggering video
network video with a building management I/O can be configured to record video or recordings and alarms when audio levels
system. send alarms in response to external sen- surpass a preset threshold.
sors. This allows remote monitoring sta- IP-based video management platforms
A prime example of integrating video tions to become immediately aware of a allow users added flexibility and control
with access control systems is the Michigan change in the monitored environment. of a surveillance system. As additional
State Polices Forensic Science Lab. When For industrial automation systems, video features are integrated into the system it
the lab moved to a new facility outside of is sometimes the only way to monitor ac- creates a more total solution for the secu-
the police compound, it installed a network tivity in a room. For example, it is often not rity and building management needs of an
video system integrated with the building possible to enter a clean room or an area organization. As we look forward to intel-
access systems. This allows off-site police containing dangerous chemicals. Integrat- ligent video, video management software
officers to visually verify that the person ing video surveillance with access control will increasingly help generate and manage
entering a secure area is authorized to do is the only way to have visual access to actionable information.
2. MB per hour x hours of operation per located in the same PC server that runs the Technologies such as Fiber Channel are
day / 1000 = GB per day video management software. The PC and commonly used, providing data transfers at
3. GB per day x requested period of stor- the number of hard disks it can hold de- four gigabits per second (Gbps).
age = Storage need termine the amount of storage space avail- This type of hard disk configuration al-
MPEG able. Most standard PCs can hold between lows for very large and scalable solutions
1. Bit rate / 8(bits in a byte) x 3600s = KB two and four hard disks. With todays tech- where large amounts of data can be stored
per hour / 1000 = MB per hour nology, each disk can store approximately with a high level of redundancy. For ex-
2. MB per hour x hours of operation per 300 gigabytes of information for a total ca- ample, the Kentucky Department of Ju-
day / 1000 = GB per day pacity of approximately 1.2 terabytes (one venile Justice (DJJ) recently updated an
3. GB per day x requested period of stor- thousand gigabytes). analog tape storage system to a SAN sys-
age = Storage need When the amount of stored data and tem, allowing the department to install a
management requirements exceed the lim- greater number of cameras throughout its
Storage Options itations of direct attached storage, a NAS or locations and centralize the storage of re-
As previously mentioned, IP surveillance SAN and allows for increased storage space, mote video feeds. The DJJ employed EMC
does not require specialized storage solu- flexibility and recoverability. Corp.s Surveillance Analysis and Manage-
tions - it simply utilizes standard compo- NAS provides a single storage device that ment Solution (SAMS) to make the video
nents commonly found in the IT industry. is directly attached to a Local Area Network searchable. This system, which handles
This provides lower system costs, higher (LAN) and offers shared storage to all cli- hundreds of cameras, is easily expanded
redundancy, and greater performance and ents on the network (See image 2, network and managed as each individual facilities
scalability than found in DVR counterparts. attached storage). A NAS device is simple needs change.
Storage solutions depend on a PCs or to install and easy to administer, provid-
servers ability to store data. As larger hard ing a low-cost storage solution. However, it Redundant Storage
drives are produced at lower costs, it is provides limited throughput for incoming SAN systems build redundancy into the
becoming less and less expensive to store data because it has only one network con- storage device. Redundancy in a storage
video. There are two ways to approach nection, which could become problematic system allows for video, or any other data,
hard disk storage. One is to have the stor- in high-performance systems. to be saved simultaneously in more than
age attached to the actual server running SANs are high-speed, special-purpose one location. This provides a backup for
the application. The other is a storage so- networks for storage, typically connected recovering video if a portion of the storage
lution where the storage is separate from to one or more servers via fiber. Users can system becomes unreadable. There are a
the server running the application, called access any of the storage devices on the number of options for providing this added
network attached storage (NAS) or storage SAN through the servers, and the storage is storage layer in an IP surveillance system,
area networks (SANs). scalable to hundreds of terabytes. Central- including a Redundant Array of Indepen-
Direct server attached storage is prob- ized storage reduces administration and dent Disks (RAID), data replication, tape
ably the most common solution for hard provides a high-performance, flexible stor- backups, server clustering and multiple
disk storage in small to medium-sized IP age system for use in multi-server environ- video recipients.
surveillance installations (See image 1, ments. In a SAN system, files can be stored RAID RAID is a method of arranging
server attached storage). The hard disk is block by block on multiple hard disks. standard, off-the-shelf hard drives such
storage area networks (SAN) and Redun- Remote recording and monitoring
dant Arrays of Independent Disks (RAID). Video servers allow users to access and
These storage systems are easily expand- record video at remote locations, provided
able, reliable, cost effective, and repair- they have the appropriate authorization
able or replaceable in case of failure. By and login information. Off-site recording
contrast, DVR systems require proprietary can be beneficial in retail environments
hardware, which is more costly and diffi- where it guarantees that video is protect-
cult to replace or upgrade. CamCentral and ed during a theft on the premises. Off-site
the Alaska DOT also took advantage of the viewing allows security personnel to keep
video servers ability to handle firewalls, an eye on their establishment without be-
passwords and other network security ing on the premises. Video server installed alongside an analog
technologysomething that can rarely be Decentralization Video servers de- camera.
done with DVRs. centralize digitization and compression
Scalability Both video servers and functions, so information is handled at the cause computing power is a scarce resource
DVRs leverage existing investments in ana- source instead of in a centralized place. that video and analysis are forced to share.
log cameras, but only video servers make This opens the door for up-and-coming ap- Even networked DVRswhich incorporate
total use of network infrastructure. This plications like intelligent video, which can an Ethernet port for network connectiv-
is particularly important when expanding be used in identifying abandoned luggage at itydo not provide the same functionality
the network video system. An IP surveil- an airport or reading a license plate num- as a video server system.
lance system is expandable in one-camera ber in a parking garage. Video servers can provide cost savings
increments. DVR systems, on the other In the case of the Alaska DOT, using and more functionality than analog or DVR
hand, expand in larger increments. Once video servers allowed CamCentral to cre- systems. They create a truly digital surveil-
the capacity of a DVR is maximized, a new ate specialized motion-detection software lance system and allow users to capitalize
DVR box with 16 or more channels must be that was optimized for the marine environ- on almost all the benefits of network video
added to the system, even if only a handful ment. A centralized processing system, like while incorporating network cameras as
of cameras need to be accommodated. a DVR, cannot handle such applications be- expansion and upgrades are required.
Transmitting Data
Once your network layout is established
and your devices are connected, informa-
Figure 2. In a combined network, the IP surveillance network and general-purpose tion will be transmitted over the network.
network operate in parallel. Transmission Control Protocol/Internet
Protocol (TCP/IP) is the most common way
to transmit all types of data. It is the pro-
tocol used for nearly every application that
2. Combination Network In some 3. Existing Network When there is runs over a network, including the Inter-
cases, it might make sense to implement a enough capacity on the network and the net, e-mail and network video systems.
dedicated IP surveillance network in con- application doesnt require heavy secu- TCP/IP has two parts: TCP breaks data
junction with a general-purpose network. rity, you may simply add network video into packets that are transmitted over the
Video can be recorded locally and isolated equipment onto the existing network. You Internet and reassembled at the destina-
to the dedicated network, except when a can further optimize your network using tion. IP is the address that enables the
viewer on the general-purpose network technologies such as virtual local area packets to arrive at the correct destination.
wants to access it, or when an event trig- networks (VLAN) and quality-of-service For identification and communication pur-
gers video to be sent to a user on the gener- (QoS) levels. poses, every device on the network needs a
al-purpose network (see Figure 2). Because A VLAN uses the existing LAN infrastruc- separate IP address.
access to video using the general-purpose ture but separates the surveillance net-
network (and the extra load it causes) is work from the general-purpose network. Network Performance
temporary, it makes sense to have the two The router/switch is configured to provide After the network is set up, it is criti-
networks work in combination. a range of IP addresses with assigned fea- cal to consider how much information will
Figure 3. The router/switch keeps data from the IP surveillance network separate
from the general network, even though they share a common infrastructure.
pass over the network and the contingency A VPN creates a secure tunnel between software, or a combination of both. All
plan if critical components fail. points on the network, but it does not se- data entering or leaving the intranet
The amount of bandwidth required is cure the data itself. Only devices with the passes through the firewall, which ex-
dictated by the amount of information correct access key will be able to work amines it and blocks data that does not
passing through your network. In general, within the VPN, and network devices be- meet the specified security criteria. For
avoid loading a network to more than 50 tween the client and the server will not example, using a firewall, one can make
percent capacity, or you risk of overload- be able to access or view the data. With sure that video terminals are able to ac-
ing the network. When building a new a VPN, different sites can be connected cess the cameras while communication
network or adding capacity to an existing together over the Internet in a safe and from other computers will be blocked.
network, build in 30 to 40 percent more secure way. Some network cameras have built-in IP
capacity than calculated. This will pro- Another way to accomplish security is address filtering, a basic form of firewall
vide flexibility for increasing use in the to apply encryption to the data itself. In that only allows communication with
future. Bandwidth calculatorsavailable this case there is no secure tunnel like the computers that have pre-approved IP
free on the Internetwill analyze your VPN, but the actual data sent is secured. addresses.
bandwidth and recommend an appropri- There are several encryption techniques Network video systems can take a num-
ate capacity. available, like SSL, WEP and WPA. (These ber of different forms depending on the re-
latter two are used in wireless networks.) quirements of the individual installation.
Security Considerations When using SSL, also known as HTTPS, a No matter what form your network takes
With the success of the Internet, secur- certificate will be installed in the device or or what elements you choose to deploy, it
ing networks has become a mandate. Today computer that encrypts the data. is important to work with a well recognized
there are several technologies available, A firewall is designed to prevent un- and reliable vendor to ensure all compo-
such as virtual private networks (VPNs), authorized access to or from a private nents work well together and you have
SSL/TSL and firewalls. network. Firewalls can be hardware or maximized the systems functionality.
(HTTPS)encrypts the data itself, rather Protected Access (WPA) encryption. user names and passwords, which should
than the tunnel in which it travels. There WEP creates a wireless network that has be at least six characters longthe longer,
are several different types of encryption, comparable security and privacy to a wired the better. Passwords should also mix lower
including SSL, Wireless Equivalent Privacy network. It uses keys to prevent people and upper cases and use a combination of
(WEP) and WiFi Protected Access (WPA) without the correct key from accessing the numbers and letters. Additionally, tools
for wireless networks. When using SSL, a network, which is the security commonly like finger scanners and smart cards can be
digital certificate can be installed from the found in home networks. Data encryption used to increase security.
server to authenticate the sender. Certifi- protects the wireless link so that other Viruses and worms are also major secu-
cates can be issued locally by the user or typical local area network security mech- rity concerns in IP surveillance systems,
by a third party such as Verisign. anismsincluding password protection, so a virus scanner with up-to-date filters
Additional network security can be cre- end-to-end encryption, VPNs and authen- is recommended. This should be installed
ated with the use of firewalls. Firewall ticationcan be put in place. on all computers, and operating systems
software normally resides on a server However, WEP has several flaws that should be regularly updated with service
and protects one network from users on make it unsuitable for use in a corporate packs and fixes from the manufacturer.
other networks. The firewall examines environment. The standard uses a static Network cameras and video servers with
each packet of information and deter- key, making it easy to hack into the net- read-only memory will also help protect
mines whether it should continue on to work with inexpensive, off-the-shelf soft- against viruses and wormsprograms that
its destination or be filtered out. The fire- ware. write themselves into a devices memory. If
wall serves as a gatekeeper, blocking or For additional protection, wireless IP you use network cameras and video servers
restricting traffic between two networks, surveillance should employ WPA, which with read-only memory, these programs
such as a video surveillance network and changes the encryption for every frame will not be able to corrupt the devices in-
the Internet. transmitted. WPA is considered the base ternal operating systems.
level of security for corporate wireless net- Employing the outlined security mea-
Wireless Security works, but for even higher security, WPA2 sures makes an IP surveillance network
Wireless network cameras can create should be used. WPA2 uses Advanced En- secure and allows users the flexibility
additional security requirements. Unless cryption Standard (AES), the best encryp- of off-site access without the worry that
security measures are in place, everyone tion available for wireless networks today. video will fall into the wrong hands. Un-
with a compatible wireless device in the derstanding and choosing the right se-
networks range is able to access the net- Protecting System Access curity optionssuch as firewalls, virtual
work and share services. To better secure In addition to protecting data, it is criti- private networks (VPNs) and password
IP surveillance installations with a wireless cal to control access to the system via a protectionwill eliminate concerns that
component, users should consider using Web interface or an application housed on an IP surveillance system is open to the
Wired Equivalent Privacy (WEP) and Wi-Fi a PC server. Access can be secured with public.
Immersive Imaging
Another way to utilize megapixel tech-
nology is for whats being called immer- Distributed intelligence, video servers
sive imaging. By using a wide-angle lens
attached to a megapixel camera, the cam-
era can span a much wider field of view
(some camera lenses designs even cover
a full 360 degrees) than normal cameras.
Immersive imaging facilitates digital pan/
tilt/zoom (PTZ). The result is the abil-
ity to pan, tilt and zoom in on a field of
view, even though the camera stays put.
Because there are no moving parts, us-
ers dont experience the mechanical wear
and tear that exists in analog PTZ cameras
which must physically move Theres also DIGITIZATION DIGITIZATION DIGITIZATION DIGITIZATION
COMPRESSION COMPRESSION COMPRESSION COMPRESSION
a potential gain in speed, since an analog/
mechanical PTZ can be no faster than its INTELLIGENCE INTELLIGENCE INTELLIGENCE INTELLIGENCE
drive motor.
Important Considerations
IV, megapixel and immersive imaging of-
fer a number of benefits to an existing or
new surveillance system. IV can lower the IP NETWORK
total cost of a surveillance system by gen- PC
erating fewer false alarms, and by reducing
the amount of people required to operate
the system. The surveillance system will
alert personnel as appropriate when an un-
usual event occurs. Megapixel imaging al- Distributed intelligence, network cameras
lows for even higher resolutions, which in
turn allow IV algorithms to act even more
exactly.
To be most effective it is critical to work
with vendors that employ open standards
for the use of IV. This allows the user to
DIGITIZATION DIGITIZATION DIGITIZATION DIGITIZATION
choose the best IV algorithms and appli- COMPRESSION COMPRESSION COMPRESSION COMPRESSION
cations for their needs without having to
worry about interoperability challenges. INTELLIGENCE INTELLIGENCE INTELLIGENCE INTELLIGENCE
IV, megapixel and immersive imaging re-
main hot because they will greatly improve
system performance and will continue to
evolve creating even greater user advan-
tages in the coming years. Network video IP NETWORK
is a best of breed system, utilizing open
computing platforms and storage systems, PC
which will result in new hot technologies
on the horizon faster than usual.
Reprinted with permission from Security Technology & Design magazine and SecurityInfoWatch.com 2006