Professional Documents
Culture Documents
An Essential Guide
This book’s author, Alex Lytkin, has spent many years working with digital
video surveillance systems. In this guide, he addresses, step by step, all the
topics related to IP video surveillance systems.
Starting with the structure of IP cameras, Alex Lytkin describes in detail the
mechanisms of IP-flows transmission, ways of recording, and the structure of
video servers. A large section of the book is dedicated to networking
technologies, switching equipment and issues related to building a high-
quality network infrastructure. At the end of the book, the author gives
examples of typical IP video surveillance systems for a variety of facilities,
ranging from installations in private houses to complex systems in banks and
shopping malls, where hundreds of cameras are used.
The book is written in simple, clear language. The author manages to present
even the most complex material associated with various network technologies
in the most accessible form.
IP video surveillance: An Essential Guide is a great guide for beginners as
well as for those who already have experience in this field. This book aims to
help you open the door to the future of video surveillance systems.
Feel free to ask questions and make comments on the book’s website
http://ipvideosystemdesign.com/
1. Chapter 2: Cameras
2. Chapter 3: Lenses
3. Chapter 4: Video Recording
4. Chapter 5: Video Playback
5. Chapter 6: Network
Notations
To improve navigation, the book uses a series of notations:
The arrows indicate references to other sections of the book. For example,
if in one chapter we analyze a video surveillance system that uses DDNS
technology, you will find a reference to the section of the book devoted to the
description of the technology. Using this reference, you can quickly refresh
your knowledge of DDNS technology, and then return to the analysis of the
original system.
Chapter 1
Understanding IP Video
Surveillance
In this chapter:
Let us mention again that the main advantage of IP cameras is their high
resolution.
The term “server” has two meanings: a computer device or software. For
example, a 19”rack mount server is a computing device, while a web server is
software which forms web pages.
All these devices will be discussed in more detail below. We will analyze
their arrangement and types as well as pay special attention to ways of
preventing mistakes when choosing various components.
Chapter 2
IP Cameras
IR-Cut filter
We begin from a small device located between the camera lens and the
sensor. This is an optical filter or an infrared filter. Basically, it is a small
glass plate, which does not let the infrared (IR) light pass to the sensor. Why
is it necessary?
Figure 2.2: Operating principle of the IR filter.
The fact is that the sensors are sensitive not only to visible light, but also to a
fairly large part of the infrared spectrum. If the IR filter is not set, then
because of the contact of the infrared spectrum with the sensor, the colors of
the resulting image will be distorted beyond recognition.
Many cameras are equipped with a special mechanical drive that can install
the IR filter in front of the sensor and when necessary - remove it. Why is it
necessary to remove the filter? At night, when visible light is low, it is
reasonable to remove the IR filter to allow more light to reach the sensor,
even in the infrared range. When this happens, the camera goes into black
and white mode, solving the problem of color distortion. This type of camera
is called a "day-night camera."
Sensor
Today’s CCTV cameras use two types of sensors: CCD and CMOS. To
convert light into electrical charges, the CCD and CMOS sensors use
photocells. The difference between these sensors lies in the way the electric
charges are read.
CCD reads a signal by a consistent charge transfer from the cell, where it was
formed, to the adjacent cells until it reaches the edge of the sensor, where it
will be transmitted to the amplifier and video editing processor.
Figure 2.3: CCD arrangement.
Let’s imagine: the light strikes a photodiode of one of the CCD pixels. This
results in a few free electrons, i.e., a negative electric charge. This charge
must somehow be delivered to the amplifier, and further - to the camera
processor. In this case, we are not talking about the current that can be
transmitted by wire, but only about a few electrons, which, before they can be
transmitted somewhere, have to be amplified, i.e. converted into voltage.
Thus, the charge of the pixel, where it was formed, is shifted to the adjacent
pixel, and then moves successively from pixel to pixel until it reaches the
edge of the sensor. Then it gets into the shift register and in the same way is
successively transferred from cell to cell, until it finally reaches the amplifier.
Here the charge is converted into the voltage that can be further processed by
the processors.
Unlike CCDs each of the CMOS sensor’s photodiodes has its own transistor,
which converts the charge into an electrical signal directly on the pixel.
Hence, in the CMOS there is no such thing as a successive transfer – the
signal is read directly from the pixel.
Figure 2.4: CMOS arrangement.
As the drawing shows, the ACS technology allows for a significant increase
in the area of the photosensitive element as compared with APS.
When selecting IP cameras, pay attention not only to the type of sensor –
CCD or CMOS, but also to the technology – ACS or APS. ACS is more
sensitive than APS.
Low noise level. Compared with CMOS, CCD has a minimal number of
active electronic elements, which could cause the thermal noise in the picture
in the result of heating.
CMOS advantages
Resolution. Now, relatively low-cost CMOS sensors with resolution of 10
megapixels or higher are available. The maximum resolution of CCD used in
CCTV is only 1 megapixel.
Low-cost CMOS. Cameras that use CMOS are significantly cheaper than the
cameras using CCD.
Compact size and lower power consumption can significantly reduce the
size of cameras.
Compression processor
Video-stream compression is usually performed by a separate DSP (Digital
signal processor). The DSP chip, apart from the processor itself, has its own
memory to which the software algorithms that perform compression are
loaded. Today’s DSPs have quite an impressive performance that allows
compression of the megapixel streams in H.264 format at 30 FPS.
After compression, the stream is transferred to the camera management
software for onward transmission to the network or recording to the built-in
flash card.
Camera CPU
The IP camera, in fact, is a small self-contained computer. And like any
computer, the IP-camera has a central processing unit (CPU), memory,
operating system (usually a modified Linux) and software ("firmware"). This
complex provides the overall management of the camera and allows
implementation of additional user features. Some of these features are listed
below.
Web server
The web server is a special program. When you type the address of your
favorite web site in the browser, your computer connects to the server and
requests the necessary information. In response, the program "web server"
sends us an HTML page of the web site.
Figure 2.6: Web server of the camera.
Similarly, when we specify the IP address of the camera in the browser, the
web server working in the camera sends us an HTML page. On this page we
see the camera settings and video stream.
Network interface
The connection of the IP cameras to an Ethernet network is carried out
through an adapter. Many camera adapters also support PoE (Power over
Ethernet), allowing the camera not only to obtain data, but also to receive
power through a single cable.
Box Camera
Dome Camera
PTZ, SpeedDome
Non-mechanical pseudo PTZ dome camera. The operator controls the
rotation of the camera, as in the case of the PTZ camera. The camera
does not physically move. It is equipped with a wide-angle lens and
captures the whole panorama from 180° to 360° at once. The operator
only moves a virtual window with the help of software.
Miniature hidden camera
Resolution
As a rule, we base our choice of IP camera on the resolution parameters
because this is the most obvious indicator of quality. The resolution of an IP
camera can be up to 10 megapixels, but beware: a large number of
megapixels may not only provide advantages, but also serious disadvantages:
Also be aware of the fact that sometimes the claimed camera resolution can
be higher than the resolution of the sensor itself. How can this be? For
example, we take the frame 1280x720 and transmit it to the camera’s
processor, which increases the frame resolution up to 1920x1080, and
calculates the missing pixels as the mean value between the adjacent
elements. This method is called interpolation, and results in a large image
with blurred details.
Besides the sensor, the performance of the video processor and compression
quality affect the final resolution obtained on the screen. The actual
resolution of the camera is measured in the TV lines during testing. For this
purpose, one should make several video recordings of the testing table in
different lighting conditions, and then look at what point the lines of the
testing wedge merge. This will be the actual resolution of the camera.
Figure 2.8: Testing wedge for measuring the resolution capability of the
camera.
Light sensitivity
This parameter is by far one of the most important to consider when choosing
the IP camera. We are used to getting a decent picture at night by installing
an inexpensive analog camera on the street. So it often can be a surprise when
you replace that old camera with an IP camera, which, among other things, is
several times more expensive, and instead of a picture at night, you see a
"black screen".
When choosing a camera, the first thing you need to pay attention to is the
sensitivity stated in the specifications. A minimum necessary level of
illumination is measured in lux. 1 lux means the camera will show something
at dusk, but at night it will catch nothing without artificial illumination. Here
are some benchmarks for comparison:
Framing speed
Framing speed is also a quite interesting and worthwhile option. Unlike the
analog cameras that always transmit video in real-time at 25 or 30 FPS, not
all IP cameras can boast such a speed. For example the cameras with very
high resolution will not be able to shoot at a speed of more than 5 - 10 FPS.
This means that you will have the renewal slides, but not video on your
monitor wall. In this case, you must decide what is more important: a high
resolution or comfort of the operator.
Resolution
Light sensitivity
Framing speed
Capabilities of the video signal processor
Compression algorithm
PoE.
Audio
Analog output
Flash card and dry contacts
The internal structure of the video streamer is similar to that of the IP camera.
In fact, it is the IP camera without the camera itself, i.e. without the sensor
and video signal processor.
Video streamers are often used to connect analog cameras to the IP video
surveillance system. For example, at the upgrading the majority of cameras
are replaced by IP cameras. But some expensive high-speed PTZ dome
cameras are kept and connected to the new system through the video
streamer. Besides the video stream itself, the streamers allow passing of the
audio data, information on the status of the dry contacts, as well as telemetry
signals through the IP network.
Chapter 3
Lenses
Lens resolution
Lens types
What is the lens aperture?
Focus quality
Sizes and types of the lens mounts
A good camera always requires a good lens. Now that cameras are able to
form many megapixel images, the requirements for the quality of lenses have
increased dramatically.
When choosing a lense, the first thing we usually look at is its focal distance,
or "view angle". However, apart from this, the lens has a number of important
parameters. Let us consider them in order starting with the most complex one
- its resolving power.
Lens Resolution
Once you have decided on the camera, you have to solve an equally tricky
problem, which is to choose a good camera lens. If you install the wrong lens
on a many megapixel camera, the quality of the resulting images will like that
of a conventional analog camera, instead of megapixel quality.
The problem is that the resolving power of the lens may significantly vary
from model to model. On the other hand, in their specifications,
manufacturers do not specify any parameters to enable one to draw a
conclusion about the quality of the lens. The only thing manufacturers do is
add the prefix «Megapixel Lens» to the name of the camera, which, in fact,
hardly clarifies anything. In some cases, these so-called megapixel lenses are
worse than conventional CCTV lenses for analog cameras.
So how can you choose a good lens? We can suggest three ways:
Individual testing. This does not refer to a full test with detection of such
parameters as the number of lines per millimeter (for this we would need a
laboratory), but to making a few test recordings using different lenses with
the camera we plan to use onsite. The standard test patterns or simply a
contrast scene with lots of small details can be used as a subject. The made
recordings will help assess the acuteness and detail of the frame and to select
the appropriate model.
Published tests, comparisons and comments. To choose the appropriate
model you can view articles with comparisons and also read user comments.
Price. Production of the high-quality lens is a complicated and expensive
process (compare the cost of the CCTV lenses, and lenses used in
photography), so a cheap lens is unlikely to have a high resolution.
Lens types
Standard lenses are used with the box cameras.
Zoom lenses or motorized lens with the remote control of the focal distance
(zoom). I recommend having autofocus for this type of lens.
Pinhole is a lens with a small diameter cone front. These lenses are used for a
hidden camera installation.
Panoramic lenses have an extremely wide viewing angle and allow capture
of a full hemisphere in a single frame. This type of lens strongly distorts the
geometric proportions of the image. The camera’s processor or software on
the server side performs the subsequent normalization of the frame geometry.
The panoramic lenses are used in pseudo PTZ cameras that shoot the entire
hemisphere. With these, the operator controls the camera by moving a virtual
window throughout the hemisphere that is being shot.
Mirror lenses use a combination of mirrors and lenses for high zooming at a
minimum size.
Lenses with a built-in image stabilizer can largely eliminate the jitter of the
image when the camera is exposed to strong vibrations. It is worth pointing
out that there are program methods to stabilize the frame: digital processing
on the side of the camera, processing on the side of the server or the
subsequent processing of the video using specialized editors. However, the
quality of the software processing is significantly inferior to capabilities of
lenses with stabilization.
Varifocal lens, or a lens with variable focal distance, has the ability to
change the focal distance and, consequently, the angles.
There are a number of free and paid programs that not only help convert
millimeters of the focal distance in the angles, but also visually present to you
how an object will look on the screen when you use certain lenses.
Aperture ratio
The original definition of the aperture ratio is a quantity characterizing the
degree of attenuation of the light flux by the lens. This attenuation depends
on many lens parameters. In everyday life, we can give a less complicated
definition for the aperture ratio. It is the focal length divided by the f-number,
for example F/1.4. The f-number determines how wide the aperture is
opened. And the lower this number, the wider the aperture and the more light
can pass through the lens. That is why a lens of F/1.4 will be faster than a
lens of F/5.6.
Figure 3.2: Lenses with different aperture ratios.
However, money spent on an expensive fast lens is not always well spent. It
is important to know one nuance associated with the sharpness. The wider the
aperture opens, i.e. the larger the focal number, the more difficult it is to get a
clear focus on the entire area of the frame. In some cases, instead of buying
an expensive rapid lens, it is better to choose a more sensitive camera or to
provide artificial lighting for your subject.
We will examine in detail why it is difficult to obtain a sharp image with an
open aperture, as well as other issues related to the focus:
Focus quality
The main objective of the lens is to focus the rays on the camera’s sensor.
But this is quite difficult to do well. Let us examine the issue of focusing with
an example.
Asphere
Suppose we have a camera lens that we will depict as a simple lens.
Figure 3.3: Spherical lens.
Note how the rays entering our lens converge to different points. At the same
time, no matter how we try to adjust the sharpness, we will get a blurry
picture. This is a common problem of many lenses, caused by the fact that
spherical lenses do not provide an ideal focus for the entire area. To solve this
problem you need to use more expensive aspheric lenses. Therefore, if the
use of the aspheric lenses is mentioned in the specifications you can expect a
better focus.
Figure 3.4: Aspheric lens.
IR correction
Suppose we have chosen a good aspheric lens and installed it on a street
camera. After a while, watching the night records we notice that despite the
image being sharp in daylight, at night the sharpness declines substantially.
One reason for this is infrared radiation. At night when the camera goes into
black-and-white mode, the IR filter is removed and a large fraction of the
light in the infrared range strikes the sensor. The refraction angles of visible
light and infrared radiation are different, so the focus for the IR spectrum is at
a different distance if compared to the visible light.
Lenses with IR correction, which due to the use of different types of lenses,
have focus for both visible light and IR radiation at almost the same point,
can help cope with this effect.
Depth of field
There is another way to increase the quality of the lens focusing. And this
way, unlike the first two, is completely free. All you need to do is to close the
aperture as much as the lighting conditions permit. The smaller the aperture,
the sharper image we get. On one hand, this effect is related to the depth of
field, which is the distance between the near and distant points in space that
are sharp in the frame. When you close the aperture, the depth of field
becomes bigger, sharpening the details that were previously out of focus.
Figure 3.5: Depth of field.
On the other hand, closing the aperture, we block the rays passing through the
peripheral zone. The rays can only pass through the center of the lens. The
fact is that the farther from the center, the more difficult it is to maintain a
perfect geometric lens shape and to provide a uniform focus. For example,
we remember that when we use the spherical lenses, the edges of the picture
may get blurred. With a sufficient closing of the aperture, the rays will only
pass through the center and the blurred edges will become clear again.
Figure 3.6: Closing the aperture to improve the image quality.
While experimenting with the aperture, remember that when we close the
aperture we deprive the camera of light, which in low lighting leads to noise
and resolution reduction of the obtained images.
Other characteristics of the lens
Format
There are different lenses for sensors of different sizes. For example, the lens
may be suitable for a 1/3 or 1/2 lens. This parameter is always cited in the
specifications. The lens for a bigger sensor can be used with a sensor of a
smaller size. If you do the opposite, such as install a lens 1/3 in a camera with
a sensor 1/2, you will have a black border at the edges of the frame.
Mounting
Two types of mounting are used in CCTV: C and CS. The difference between
them lies only in the distance from the lens mounting plane to the sensor. The
earlier format C has a distance of 17.5 mm. With the advent of the more
compact sensors (less than 1/2") you can reduce this distance to 12.5 mm (CS
format) and thereby reduce the size and the cost of the lens itself. Nowadays
the majority of CCTV lenses correspond to the CS format. C lenses can be
used with the CS cameras, using the adapter ring, while on the contrary C
cameras cannot be used with CS lenses.
Figure 3.7: Installation of the lens with different types of mounting.
Aperture control
There are 3 methods of controlling the aperture.
Manual method, when the opening degree of the aperture is regulated by a
swing ring on the lens.
VC or video signal control (Video Drive) - In this case, the camera
transmits a video signal to the lens and the lens, analyzing the signal, decides
whether to open or to close the aperture.
DC control (Direct Drive), when the camera itself estimates the brightness of
light falling on the sensor, and applies a voltage directly to the lens motor that
controls the opening of the aperture.
Chapter 4
Video Recording
The first task of the video surveillance system is to get a high-quality image
of the object. The second is to store the image for potential investigation into
an incident observed in the recording. In this chapter, we will examine in
detail all the issues associated with video recording, starting with the process
of obtaining images from the cameras and ending with a description of the
individual functions of the server software.
Video
recorder
As a rule, the recorder is It has fewer features
easier to set up than a than the computer
computer system; system;
Limited ability to
integrate with other
security systems (e.g.
fire and burglar alarms);
Software
plus
computer Wide variety of software Building a high-quality
ranging from completely free system requires
versions up to packages that extensive knowledge of
cost tens of thousands of information
dollars; technologies;
Integration of video There may be problems
surveillance with other with the interoperability
systems is relatively quick to of the software and
achieve; selected computer
components;
Server for
video
recording High level of reliability; As a rule, the server is
Complete solution that the most expensive
eliminates the problem of solution;
software and hardware
interoperability;
SaaS
Put the IP camera in this mode and try to enter the location address of
JPEG images in the address line of the browser. (The location address may be
found in the manual of your IP camera). Pressing F5 or the update will enable
you to see changing images in the browser. In fact the recorder does the same
thing: it updates the images several times per second and saves the result.
That is how video surveillance systems worked a few years ago. Now this
method is seldom used, as the streaming compression algorithms and
streaming methods for video transmission are becoming increasingly popular.
The most prominent representatives of streaming compression algorithms are
MPEG4 and H.264 that, in contrast to JPEG, do not compress each image
individually, but work with a sequence of frames, selecting and recording
only the changing frames. The most common mechanism of the streaming
transmission is RTSP. Let us examine this in further detail.
RTSP
RTSP (Real Time Streaming Protocol) is an application protocol, which
describes the commands for the video stream control. With these commands,
we can order the camera or server, for example, to start broadcasting the
video stream. The request at the beginning of the playback appears as
follows:
PLAY rtsp://192.168.0.200/h264 RTSP/1.0
This means that RTSP is simply a set of commands for the video stream
control.
TCP
Suppose we have chosen RSTP over TCP and want to start the video-stream
transmission. What will happen at the level of the transport mechanisms? A
connection between sender and receiver will be preset with the help of
several commands. After this, the transmission of the video will begin. In this
case, TCP will ensure that all data reaches its intended recipient without
change and in the correct sequence. TCP will also adjust the speed of
transmission so the transmitter does not send more data than the receiver can
handle.
UDP
UDP is an alternative to TCP. Unlike TCP, UDP does not establish a prior
connection, and instead just starts sending the data. UDP does not ensure that
the data is received and does not duplicate it if separate parts are missing or
were received with errors. UDP is less reliable than TCP. But on the other
hand, it provides faster transmission of streams due to the lack of the iteration
mechanism of the lost packages.
The difference in TCP and UTP can be illustrated by the following example.
Two friends meet:
TCP variant
Mike: Hi! Let's chat! (Connection is being established)
Eddie: Hi! Ok! (Connection is being established)
Mike: Yesterday I was at the store. Do you understand? (Data transfer)
Eddie: Yes! (Confirmation)
Mike: The new equipment was being unloaded there. Do you understand?
(Data transfer)
Eddie: No (Confirmation)
Mike: The new equipment was being unloaded there. Do you understand?
(Retransmission)
Eddie: Yes! (Confirmation)
Mike: Tomorrow I'll be there again. Do you understand? (Data transfer)
Semyon: Yes! (Confirmation)
UDP variant
Mike: Hi! Yesterday I was at the store (Data transfer)
Mike: The new equipment was being unloaded there. (Data transfer)
Mike: Tomorrow I'll be there again. (Data transfer)
Mike: I can ask the price for you. (Data transfer)
Mike: They have promised discounts for large quantities (Data transfer)
Mike: If you want, call me and we will go together (Data transfer)
Eddie: Ok, I’ll call (Data transfer)
You can also see the difference in the protocols by running the following
experiment: try to set the camera in RTSP over TCP and wave your hand in
front of the lens - you will see a delay on the screen. Now run the same test in
RTSP over UDP. The delay will be shorter.
RTP
RTP (Real-time Transport Protocol). This protocol was created specially to
transport real-time traffic. It allows monitoring of synchronization of the
transmitted data, to correct the sequence of the package delivery and, that is
why it’s better for transporting video and audio data.
In general, it is better to use RTP or UDP for video stream transmission.
Working through TCP is justified only when we have to deal with problem
networks, because TCP will be able to correct the mistakes and failures
arising at the data transmission.
CPU
The process of recording information to disk does not require high computing
power, so the load on the CPU is usually low.
The CPU loading on the Windows based systems can be seen with the
task manager by pressing «Ctrl + Shift + Esc»
If you have already had to deal with IP video surveillance systems, then you
may have asked this question: "We have installed an IP video surveillance
system and a very powerful computer with the most productive process used
for recording, but the CPU is constantly loaded to 100%. Why is this
happening? "
Most likely, this computer does not only perform recording, but also video-
stream encoding / decoding. It happens in the following cases:
Here one more question may arise: "If CPU and RAM are not so important
for video recording, why can’t we save on the hardware and record all of our
100 cameras to one computer?"
Answer: Even with optimal use of computer resources, it is quite difficult to
do this. One of the limitations is the speed of recording to the hard disk.
What is RAID?
RAID is a Redundant Array of Independent Disks. In other words, RAID is a
few disks integrated by the controller. With this integration, the system and
the user see the disks as a whole.
There are two main objectives of integrating disks in a single array. The first
objective is to increase fault tolerance and reliability of the data storage. The
second one is to increase the speed of reading / recording. A striking example
of the disks’ integration with the aim of increasing the operation speed is
RAID0.
The incoming information is divided by the controller into blocks and
recorded to all disks in the array. The advantage of RAID0 is an
exceptionally high reading / recording speed, which is due to division of the
incoming stream between the individual disks reaching 800 Mbytes / s. The
disadvantage has to do with reliability, as the failure of any of the disks leads
to the loss of all data.
Figure 4.2: RAID 0.
Suppose that one disk has failed. In this case, the lost blocks will be
recovered by simple logic addition of all blocks left on other disks, and the
hash total stored on the last disk. In binary terms it simply appears as follows:
Disk 4
Disk 1 Disk 2 Disk 3
“Hash Total”
0 0 0 0
1 0 0 1
1 1 0 0
1 1 1 1
With logic addition 1+1 is 0, 0+0 is 0, 1+0 is 1.
Problem.
Servers receive streams from the cameras and record each of them to their
own disk array. The connection can be carried out through different
interfaces, ranging from a low-speed USB and ending with a Fibre Channel.
NAS means Network Attached Storage. Actually, this is a server connected
to the network, which provides its disks for the use of other computers. Users
see this server as a network drive, and they can open the folders, read and
record the files.
Figure 4.8: NAS connection diagram.
The video recording server receives the streams from the cameras and re-
sends them over the network to a specified network drive.
SAN (Storage Area Network) in contrast to the first two options, is not a
device, but a network - a separate data storage network. This network has its
own SAN switches, through which the individual data storage devices are
connected to each other. Typically, the SAN network uses high-speed optical
communication lines.
Figure 4.9: SAN diagram.
The servers receive the streams from the cameras and record them to a virtual
disk that is physically a whole infrastructure. For example, the server sees the
virtual disk, but in reality there are two separate arrays, which are located in
different parts of the building, connected by optics, and which duplicate each
other's recordings. In this case, the server does not have to take care of the
data backup mechanisms and load distribution between the individual
storages - these issues are dealt by the SAN controller.
The question is: which option should you choose for the IP video surveillance
system? The most popular solution is DAS. These devices provide good data
transfer speed, they are easy to configure, and are also relatively inexpensive.
The disadvantage of DAS is the limited flexibility.
If we use the internal drives or DAS, we cannot solve this problem so easily.
If you compare NAS and DAS, then the DAS storage in the video
surveillance systems is used more often than the NAS storage. If you use
NAS, large amounts of data are sent over the video surveillance network,
which is already heavily loaded. So if you plan to install NAS storage, you
have to pay special attention to the calculations of the network capacity.
SAN systems are very rare in the field of IP video surveillance. SAN is
usually used in enterprise networks with thousands of computers, when you
need to organize a single universal storage system with a high level of
processing speed and fault tolerance. In video surveillance, we are generally
dealing with only a few servers and workstations. SAN is a quite expensive
system, so the use of this technology for a small number of similar devices
rarely pays for itself.
Network interface
Having dealt with the issues of recording to the disk, let’s turn our attention
to the server’s network interface. The server receives video streams from the
IP cameras over a network. Nowadays there are two common types of
network interfaces: with a capacity of 100Mbits / s (100BASE-T) and 1Gbit /
s (1000BASE-T). There are also interfaces with a capacity of 10Gbits / s, but
these are rarely used now.
Determine how many streams you can take through the network card of
1Gbit/s, if each stream is transmitted at a speed of 20Mbits/s.
Operating system
Nowadays you can find a video recorder running both Windows and Linux.
For years the experts have been arguing which system is better. Let's try to
compare and determine the advantages and disadvantages of each system.
Supported cameras
This is the second important and difficult question. We are interested not only
in the possibility of obtaining images from the camera on the server’s screen,
but also in how deeply the server knows the camera interface.
Find out answers to the following key questions:
On what protocol can the server receive a video stream from the
camera? If the server works with this particular camera only in JPEG
over HTTP - it's bad. First, we will neither be able to get the real-time in
recording, nor when watching the live video. And second, we will
unreasonably load the network, because the JPEG stream is very
extensive. The best option for today is the support of h.264 codec with
RTSP over UDP (RTP).
Can the server obtain information from the hardware motion
detection working on the camera? Each IP camera has its own motion
detector. Once the camera detects motion in the frame, it informs the
server that puts the corresponding stream on a record. If the server is not
able to receive information about the state of the camera motion
detector, it'll have to use its own software detector. In this case, the
server will need to pre-decode the incoming stream, causing a high load
on the CPU.
If you have a video surveillance system based on the computer, run the
following experiment: put the camera on a permanent record (preferably in
h.264) and watch the CPU load. In our case it loaded to 16%. If you use the
hardware motion detector, the load will remain unchanged, as all work will
be done on the camera. And now put all the cameras on a record according to
the motion detector using the software detector. The CPU load in this case
was 100%. So, if by connecting a large number of cameras we have to use the
software detector, then we should be ready to face a shortage of computing
power. In this case, the last recourse is to refuse the recording mode "by
motion" altogether.
Additional questions:
Can the server receive and record the audio stream of the camera?
Can the server send commands to telemetry when it comes to PTZ
cameras?
Can the server connect to the camera via the secure SSL connection?
Can the server automatically detect the camera in the network and
configure its IP address?
Can the server operate the dry contacts of the camera?
Can the server operate the camera settings?
Having answers to these questions will help us understand how the server is
suitable for a particular type of camera.
How to calculate the required capacity of the array knowing the number
of cameras and streams?
Let’s solve this problem by an example.
6/8 x 20 = 15Mbytes
15Mbytes is recorded by our server every second. Now we need to know how
much data is recorded every day:
15 x 60 x 60 x 24 = 1.296 million Mbytes/day.
This is for permanent recording. If you record using the detector, and motion
in the frame will be present for an average 12 hours a day, then the necessary
amount will be reduced two-fold, i.e. to 9Tb.
It is necessary to remember that when using RAID, a substantial proportion
of the disk space is occupied with the operation information. So when using
RAID 5, the effective capacity is reduced by one disk. When using RAID 6 -
by two disks. When using RAID 1, the effective capacity is reduced by half.
In addition, many manufacturers recommend allocating a separate disk for
the operating system, which also reduces the capacity available for the video
archive.
The actual recording speed of the array can be found only by testing.
To connect the external arrays the following interfaces can be used:
Fiber Channel
SAS
iSCSI
Ethernet
eSATA
USB
For more information on the arrangement of SAN and NAS refer to the
section "What are DAS, NAS and SAN".
Software features
Having defined the basic characteristics of the IP recorder, such as the
number and the type of supported cameras, you should pay attention to its
functional capabilities. Let us review the most common of these.
In some cases, such a task can be solved by using a camera with a dual
stream. One stream is recorded to one server, and the second one – to another
server.
Flexibility in configuration
Remote operation
Integration features
Integration with BFA and ACS means the ability to exchange data
between the video surveillance systems, BFA (burglar and fire alarm)
and ACS (access control system). This this integration, we can configure
the system, for example, as follows: when the perimeter detector
actuates the command from the BFA system, data is sent to the video
surveillance server, which automatically directs the camera to the
needed part of fencing and displays it on the operator’s screen.
Integration with POS allows you to get a video segment showing a
buyer with the cash register data witnessing what the buyer has paid.
Integration with storage software allows the logistics companies to
attach the video archive to the database with the numbers of boxes,
containers or vehicles. After specifying the number of the box, you will
get not only the time of its passage through the terminal, but also the
relevant video.
Integration with ATM is a reliable tool for protection against fraud.
After attaching the video archive to the transaction numbers, we can
easily see who drew the money from a particular credit card.
Chapter 5
Video playback
Now we know how to organize the recording of the video streams. But the
video system is not only for recording but also for performing surveillance
itself. In this chapter, we will examine in detail how the operator’s workplace
is organized in the IP video surveillance system. Let's start with the simplest
aspect of this organization – with the monitors.
LCD (Liquid crystal display). This is perhaps the most popular and
versatile option available today. Liquid crystals reflect or block radiation
from the backlight, thus turning pixels on and off.
OLED (Organic Light-Emitting Diode). This is a relatively new and
promising technology. For example, the OLED-based monitors have no
such parameter as the angle of view: the image can be seen from any
angle. In addition, the advantage of OLED is its high color quality,
absence of inertia, as well as smaller size and weight. However, current
OLED technology has a significant drawback - the life of the monitor is
about 2-3 years.
The plasma panel is used in CCTV, when you need a diagonal of
50"and above. In this technology, cells with ionized gas-plasma, which
glow at an electric discharge, are used as the pixels. Compared with
liquid crystals, plasma panel cells have much larger dimensions. For this
reason, it makes sense to use the panels for the construction of large
monitor walls only.
There are also projection and laser monitors, but these are generally
not used in video surveillance.
There are copper cables that allow transmission of VGA and DVI at
distance of up to 50 meters, and HDMI – of up to 15m. DVI or HDMI optic
cables with a maximum distance of about 100m are also available on the
market. When choosing a long cable, it is important to specify what
resolution it will allow to pass.
Sometimes one or more alarm monitors are left without any image; that
is, only the black background is displayed. In this case the appearance of the
alarm camera on the screen will definitely attract the attention of the guard.
Decoding
The playback issue in analog video surveillance systems is very different
from how it is done in IP video surveillance. The normal recorder receives
video signals from the analog cameras, digitizes and immediately displays
them on the screen. Here we do not come across any difficulties and can
display 16, 20 or more cameras at the same time. Unlike analog cameras, the
IP cameras transmit the compressed, i.e. encoded video. And before
displaying the picture on the monitor, the video must be decoded.
Nowadays, decoding and simultaneous displaying of multiple megapixel
cameras on the multi screen is one of the most difficult issues in IP video
surveillance.
With the advent of digital high-definition video the streams have increased
substantially. So the first task to deal with is the efficient compression of the
streams. With the advent of the H.264 codec the matter of compression
became irrelevant, but there was another problem: decoding of one H.264
stream with a resolution of Full HD 1920x1080 increases the CPU load on
the average PC by 50%. What should we do if we need to decode dozens of
cameras at the same time? And if we are working at an airport and we need to
display not just dozens of cameras on the screens, but hundreds? Let us
examine these issues in order and begin with a description of the existing
decoding devices.
The head is followed by the actual data that is being transmitted (letter).
Some programs may choose the port numbers for their independent
operation. Others use only certain officially registered ports.
The switch, that knows where the computer (recipient of our packet) is and
what port to send the packet to, works in the LAN as a post office.
Figure 6.2: Port is a part of the address, as well as the physical connector of
the network device.
But suppose that our friend does not live on the next street, but in another
town. In this case the post office employees do not know where his house is.
They only know the address of another post office, which will be able to
deliver the card. So they redirect it there.
In this case each of the towns is a separate network. If we want to send a
packet from one network to another, then we need a router. This device, like
a post office, according to its routing tables redirects the packet to the switch
of another network.
Figure 6.3: Router makes a connection between networks.
The devices in the different networks can have the same IP addresses, just as
there are streets with the same name in different towns.
The postal address on our card consists of two parts - the country and index,
which indicate the post office nearest to the recipient, and the second part -
street, house and apartment where the letter can be delivered directly to the
recipient. The IP address is divided in the same way: the first part is the
address of the network, and the second one is the address of the host
(computer). For example the IP address 10.130.16.12 can be divided as
follows: 10.130.16 – it is the network address and 12 – it is the address of
the host.
Sending data between the networks is performed by the router, which knows
nothing about the host, and sending data between the hosts is performed by
the switch, which, in its turn, does not know the addresses of networks.
Host is a common name for any network device. Host can be both server
and IP-camera.
OK, now we know that the data transmission between the devices that are in
the same network can be performed via the switch, and for data transmission
between devices from different networks, the router is required. And the IP
address defines whether the device belongs to this network or not.
Example. Look for the IP address of your computer. In our case the
address is 192.168.1.154. Now change the first number. In our case we
change 192 to 193. Now your computer is not in your network and
cannot share data through the communication switch. Try to open any
network resource and you'll see that it is not available.
And now let’s examine something more interesting. Suppose the address of
our computer is 192.168.1.154. If, instead of changing the first number, we
change the third, that is, in place of 1 we put 2, for example, will the
computer belong to the network or not?
In order to determine whether the computer belongs to the network or is
considered to be located in another network, there is such a thing as a subnet
mask.
For example a subnet mask 255.255.255.0 means that the first three
numbers completely determine the network and the last number from 0 to 255
specifies the address in the network. That is in our case all addresses ranging
from 192.168.1.0 to 192.168.1.255 will belong to the same network. And
address 192.168.2.0 belongs to another network, and can connect to it only
through a router.
If a mask is specified as 255.255.0.0, then the first two numbers define the
network, and the second two numbers define the host. In such a network there
may be not 256 addresses, as in the previous example, but 65536, that is, all
addresses from 192.168.0.0 to 192.168.255.255. If we specify the subnet
mask, for example 255.255.255.192, then this segment will have only 64
unique IP addresses starting with 192.168.0.0 and ending with
192.168.0.63. The number of the available addresses has to be calculated at
the network design stage.
Sometimes, the subnet mask is stated together with the IP address using a
slash. For example, 192.168.0.1/24 means the address 192.168.0.1 with a
subnet mask 255.255.255.0. Compliance of the specific values can be found
in the directory, or calculated using special calculators.
At this point you might ask: why bother to divide the network into separate
subnets? Let everything be a single address space.
There are two main reasons for the division of the networks into subnets:
OSI Levels
Information transfer through the network is also very similar to a
conversation between people. Both can be viewed with varying degrees of
proximity. For example, the sounds form the basis of the conversation. More
broadly, people do not communicate with sounds, but with words. If we take
a wider view, people speak a certain language. That is, in communication
they follow certain rules for using words and building phrases.
These are the levels in the conversation mechanisms.
The network has the same levels, and they are called the OSI levels (base
model of open systems interconnection). In total there are seven levels.
More on addressing
We already know that the IP packets find their recipients using specified IP
addresses. But what if, for example, our new IP camera has no IP address yet.
In this case we cannot send it a request and get an answer. In other words we
cannot work at the level of the IP packets, i.e. at the network level. To
configure the IP address of the camera, we need to go down to the lower
layer, i.e. the data link layer.
MAC address
The low data link layer has its own addressing system, which allows devices
to be found within the same LAN. This addressing is based on the physical
address of the network card - a MAC address, which is also sometimes called
an Ethernet address. This is an absolutely unique address which is assigned to
the network device during the manufacture and looks like this: 00-BC-DF-83-
AB-F7.
Using the MAC address you can send a request to the device without the IP
address. In addition to the addresses that belong to specific devices, there is a
so-called MAC broadcast address FF-FF-FF-FF-FF-FF. This address does not
belong to any device, but when you send a request to this address the
information is sent immediately to all devices in the network.
So, having included one or more new IP cameras in the network, we first
have to give them IP addresses. To do this you can use the supplied utility
program. This application usually sends the broadcast request to the network
at the address FF-FF-FF-FF-FF-FF. All of the manufacturer’s cameras send
their data to the program after receiving this request. As a result all the
connected cameras are immediately displayed as a list of MAC addresses,
and now you can assign a unique IP address to each of them.
Figure 6.5: Assigning the IP addresses to the cameras.
It is important to remember that the transfer at the data link level, i.e. to
the MAC addresses, works within a single LAN. If our cameras are located in
different networks, the search should be conducted in succession, connecting
to each network separately.
DHCP
If in our system there are a large number of cameras, it makes sense to
automatically obtain the IP address through DHCP (Dynamic Host
Configuration Protocol), rather than to manually assign each individual
camera’s IP address.
The program that assigns the IP addresses to the new devices is called a
DHCP server. It can run on both PC and the communication switch. In order
for the DHCP server to be able to assign a new IP address to the new device,
the device must support DHCP and be prepared to obtain the address
automatically. Typically in the camera’s network settings, a checkmark
appears next to Obtain the address automatically. All modern IP cameras
support DHCP.
Thus, when connecting a new IP camera, the DHCP server automatically
assigns it the correct IP address. However, in order for the system to have
some order, it is desirable for the IP addresses to be assigned according to
certain rules.
Figure 6.6: Automatic assignment of the IP addresses to the cameras.
What is a Firewall?
A firewall is a program that filters the IP packets. For example a firewall can
pass the data from the address 192.168.0.10:80 to the computer, and block
the data from the address 192.168.0.15:25. Note: the firewall filters not only
the IP addresses, but also the ports. The main task of the firewall is to ensure
safety when working in the network.
Here's an example: we have two offices. Each office operates its own IP
video surveillance network, but you need to make sure that the security
personnel from one office can access the other office’s video
surveillance system. To do this, we connect the two networks over the
Internet.
Figure 6.8: Restricting access to the network with the help of the firewall.
It is important to remember that the firewall blocks the unwanted inbound
and outbound traffic, thus protecting the local network from intrusion.
However, when sending the information over the Internet, there is also a risk
of its interception. The most common way to protect against leakage is to use
the VPN connection.
Here, the stream from the multicast router is sent to the client through the
switch. In this case, for the system to work, this switch must support IGMP-
snooping. With this function, the switch can determine whom to send the
stream that came from the router. In the absence of this function, the switch
cannot identify the recipient and will broadcast the stream to all its ports.
Transmission medium
In order to deliver the data from one device to another, we usually need a
cable or, in general terms, a transmission medium.
IP networks use three types of media: copper cable, fiber optics, and radio
channel. Let us examine the features of each type.
Copper cable
The most popular transmission medium is a copper twisted pair. There are
several types of twisted pair.
Also the twisted pair has such a parameter as a category - from 1 to 7. The
higher the category, the higher its bandwidth and the more high-speed
connections it can provide. In practice, two types of cables are used in the
network: CAT-5 and CAT-6. The fifth category is suitable for 100-megabit
connections, the sixth one - for gigabit channels. To connect the twisted pair
to the network device the RJ-45 connector is used.
For both categories the maximum line length between the nodes is 100
meters. This is an important limitation to consider when designing a system.
Very often in video surveillance, the distance between the camera and the
recording device exceeds 100 meters. There are several ways to increase the
length of the line:
Figure 6.13: Using the converters for signal transmission over long
distances.
Example. We need to send an image from 5 IP cameras to a central
server room over a distance of 1.5 km. The stream from the cameras is 5
x 8Mbits/s = 40Mbits/s. The specification of the converter specifies that
at a distance of 1.5 km, the maximum capacity is no more than 20
Mbits/s. Conclusion: we cannot use the converter in this case.
Fiber optics
The fiber optics is a thin photoconductive thread. The transmitter with LED
or laser sends the light pulses through the fiber optic thread, and the receiver
at the other end receives them.
There are two types of fiber optics:
Multimode fiber. Core diameter of the fibers is approximately 50 microns.
For optics this is quite a lot, and that’s why the rays or modes from the
transmitter propagate along different trajectories. The trajectories have
different lengths, and the rays going along the short trajectory come before
the rays going along the long trajectory. The longer the line, the more
noticeable the difference is and the more blurred the signal that arrives at the
receiver. Because of this, Multimode is not used at distances greater than 2
km.
Figure 6.14: Propagation of light in the multimode fiber.
Single-mode fiber. Due to the small diameter, the light within the core may
propagate only along a single common trajectory. Thus, all the rays starting
at the same time reach the receiver over tens of kilometers also at the same
time, without any blur. Using single-mode fiber we can arrange the transfer
of data at a speed of 1Gbit/s over a distance of 100km.
Figure 6.15: Propagation of light in a single-mode fiber.
Figure 6.16: Connecting the remote switch via the optic line.
Equipment for fiber optic networks
In this section we will briefly discuss the various devices that are used to
arrange the fiber optic connections.
The media converter connects the optic line with the copper line. Typically
the media converter is a small device that on the one hand has an optical
interface, and on the other - an interface for connecting the twisted pair.
Figure 6.17: Connecting the camera to the optic line via media converter.
There is a large number of SFP modules, which vary depending on the type
of fiber optics and the length of the transmission lines.
The attenuator is a device designed to reduce the signal level. Power of the
optical transceivers is calculated for a specific length of optical lines. If the
transceivers designed for a distance of, for example, 10 km are installed at the
ends of the line, but in reality the length of the line is 500 meters, then to
make this work, we need to install the attenuator.
Pigtail is a segment of optical fiber designed to terminate the fiber-optic
cables. On one side of this segment there is a connector and its other end is
connected to the cable by welding or permanent connection.
Connectors. The following common types of connectors are used to connect
optics to the network devices:
SC
LC
2ХLC
Wireless connection
It is possible to transfer the data not only by cable, but with the help of radio
signals. Nowadays the most common standard for wireless transmission is
Wi-Fi (standard 802.11). The main advantages of the wireless network are its
low cost and ease of installation. For the arrangement of the IP video
surveillance system based on Wi-Fi, you need only to power the IP cameras
with the built-in Wi-Fi-adapter and set the access point.
Figure 6.19: Connecting the camera via Wi-Fi.
In addition to the standard access points, there are the so-called Wi-Fi
bridges, which are a pair of transceivers with narrow beam antennas. The
Wi-Fi bridge allows organization of the wireless connection at a distance of
several kilometers! Antennas should be placed in the line of sight to each
other. The speed of transmission over a Wi-Fi bridge can be up to
100Mbits/s.
Figure 6.20: Example of using a Wi-Fi bridge.
The wireless connection, apart from its obvious advantages, has some very
significant disadvantages:
Poor connection. If necessary, the radio signal can be suppressed using a
simple device that generates harmful interference in a certain frequency
range. This means that even before the attacker gets into the field of view of
the cameras, the server stops receiving a video signal.
Complexity of calculating the transmission speed and maximum
distances. The transmission speed strongly depends on the external
conditions. So, when you install Wi-Fi in the room, the speed will be
influenced by the location of antennas in the room, thickness and type of
walls, and presence of other radio sources. When using Wi-Fi on the street,
you need to take into account the weather conditions: rain or fog can greatly
reduce the operating range of the network. In other words, at the design stage
it is difficult to determine the speed and stability of the connection at a
particular location of the cameras and access points.
Speed is shared between the connected devices. The Wi-Fi network is
arranged so that at one time the data transfer can be performed by one device
only. If, for example, two IP cameras begin to transmit the stream, in fact
they will do so alternately, sharing the total bandwidth between themselves.
Network equipment
To interconnect the cameras, servers and workstations, in addition to cables,
we need switching equipment: hubs, switches, and routers. All of them
transmit the data from one device to another. In this case, how do these
devices differ?
Hub
Hub is the simplest device. It only works with the electrical signals (OSI
level 1) and knows nothing about the addressing. When the signal comes to
the hub, it just duplicates it simultaneously to all its ports without worrying
about who the signal is intended for. A computer that was waiting for this
information will receive it. The rest of the computers that are waiting for this
data just ignore it.
Now hubs are practically no longer in use - they have been replaced by
switches.
Switch
The switch is a more sophisticated device. In contrast to the hub, the classic
switches are on the second (data link) OSI level, that is, despite the fact that
they still know nothing about the IP addresses, they can determine by the
MAC address who the specific data is intended for within a single network.
That is, within the same LAN, they can effectively switch the data streams by
sending them to the port, which the receiving computer is connected to.
Figure 6.21: Switch connects devices within a single network.
Router
The next complex device is a router. This device works on the third
(network) OSI level, that is, it perceives the passing data not in the form of
electrical impulses as the hub does, and not in the form of segments with the
MAC addresses (frames) as the switch does, but as full-fledged IP packets
with IP addresses. Using the IP addresses, the router can transmit the data
from one LAN to another. The main task of the router is the arrangement of
connections between the different networks.
Figure 6.22: Router connects the networks.
Wireless access point
The wireless access point works in a way similar to the hub, only for
signaling it uses not wires, but a radio channel. In addition to the wireless
part itself, at the present time a large number of the access points have built-
in switches with multiple ports, and also have the functions of the router.
Number of ports
The number of the ports is a key parameter that indicates how many devices
you can combine with this switch. Different switch models may have from 5
to 48 ports.
Internal capacity
It is important to know that the capacity of the switch depends on the
performance of its processors. It should in no way be taken as the sum of
speeds on all ports. For example, a switch for 8 ports of 1Gbit/s each is not
always able to pass the total stream of 8Gbits/s. The performance of its
switching processor can be, for example, only 4Gbits/s. This means that at
peak load, the switch cannot provide the gigabit speed simultaneously to all
ports.
If you are choosing a switch to connect the camera, then the internal capacity
can be ignored. The cameras operate with the streams on an average of up to
10Mbits/s, and therefore cannot give the peak load even for a 100Mbit-port.
However, the internal capacity is important in large systems when choosing a
central switch to which the other edge switches are connected.
Also, be aware that in practice the actual internal capacity does not always
correspond to the value declared in the specification.
To arrange the power supply over PoE it is necessary for both cameras and
switches to support this technology. If the switch does not support PoE, then
in order to power the camera, you can install additional PoE injectors.
Figure 6.25: Powering the camera from PoE injector with PoE.
Let us examine in a little more detail what happens when you connect the
camera to a PoE switch. First of all, the switch must determine whether the
connected device supports PoE, and whether it should be powered or not. For
this, it applies a voltage of 2.8-10V and determines the input resistance. If the
test is passed, then the switch increases the voltage up to 14.5-20.5V and
measures the power consumption to determine the class of the PoE device.
Class Power Comments
0 0.44 – 12.95 W Unclassified Device
1 0.44 – 3.84 W Main Class
2 3.84 – 6.49 W Main Class
3 6.49 – 12.95 W Main Class
4 12.95 – 25.50 W High Power Device
There are three main classes, from first to third and two additional classes: 0 -
unclassified devices and 4 - high power devices. At the stage of
classification, the switch tries to determine the class and to reserve the
appropriate power for the device. If the device cannot be classified, then the
switch assigns it class 0 and reserves 12.94Wt for the device. After the
classification, the switch goes into operation mode, and applies full voltage of
48V.
When choosing the camera and switches, it is important to pay attention to
their power to prevent situations where a switch cannot provide the necessary
power and the camera ends up without power.
Switch level
The classic switches operate at Layer 2 (L2), that is, at the data link layer.
However, nowadays the switches, which operate at Layer 3 (L3), are widely
used. These devices actually combine the functions of the switch and the
router and allow management of network streams with much more flexibility.
However, when choosing the switch in the first place, pay attention not to its
level, but to the specific functions that this level can implement.
Managed or unmanaged
Unmanaged switches just perform the data transfer between the devices.
Managed switches, in addition to the data transfer, can perform a number of
additional features, such as, for example, DHCP, QoS, STP, Mulicast, and
VLAN. Let us examine in more detail what these letters mean.
DHCP support
DHCP allows automatic assignment of IP addresses to the connected devices.
DDNS support
If we want to connect remotely to the video surveillance system over the
Internet, but our ISP does not provide a static IP address, then we can use
DDNS. DDNS converts the dynamic IP address in the constant domain name.
Figure 6.26: Remote connection to the IP camera over the Internet.
That is, to connect, we will specify not the IP address but the name, for
example: cameradom-1.dyndns.org.
For more information refer to section "DNS and DDNS".
NAT support
NAT means Network Address Translation. This mechanism works as
follows:
Suppose that a packet for the socket 85.05.45.11:50001 arrives at a router.
According to the set rules, the router translates the socket
85.05.45.11:50001 into 192.168.0.151:80, thus broadcasting a packet to a
particular device.
If you work at home and are connected to the Internet through your
router, then try to configure NAT. First of all you need to know your
external IP address. The easiest way to learn this is to go to the address
http://who.is/, which will display your IP. Then go to this IP address
through a browser - you should see the web interface of your router. Go
to the NAT settings and add an entry in the table, redirecting the packets
from the port, say, 50000 (chosen randomly) to the IP address of our
camera.
Priority tags
In the specifications for the switches you can sometimes encounter the
feature Priority tags, or QoS (Quality of Service). This feature allows you to
manage the priorities. For example, you can configure the switch so that the
video stream from the cameras will be transmitted with the highest priority,
and then, all other data - only provided that they do not interfere with the
primary task.
Loop protection STP (RSTP and MSTP)
Local Ethernet networks can be built only according to the tree topology.
Figure 6.28: Network tree structure.
Note that in this case, if the central switch is damaged, the entire video
surveillance system will fail. To ensure the efficiency of the IP video
surveillance, a fault-tolerant topology with duplicated switches and
communication lines is used.
Figure 6.29: Duplicating the central switch and communication lines.
This is called a broadcast storm. The switches with STP (Spanning Tree
Protocol) automatically detect the loop and block one of the lines, relegating
it to the reserve. If the main line ruptures, the switch activates the blocked
line and directs the stream through this line. To relegate the stream to a
secondary line of STP usually requires 30 to 60 seconds. RSTP and MSTP
are improved versions of STP and require less than one second to relegate the
stream.
Internal firewall
The firewall passes or blocks the IP packets, depending on the address which
they came from and what computer or program they are addressed to. If you
are looking for a router or a routing switch, through which the internal
network will be connected to the external networks, the presence of a firewall
is more than justified.
We need to make sure that staff in one office can access the video
surveillance systems in the second office.
To achieve this, the office IP video surveillance networks connect to the
Internet through the VPN gateway, the role of which can be played by both
router and computer. Next, using VPN, the secured connection is established
between the office networks, or the so-called tunnel. Before leaving one
office network, the data is encrypted. At the other end of the tunnel, in
another office, the data is decrypted.
Figure 6.33: Creating a VPN tunnel between two routers.
Thus, in fact we are working through the Internet, but due to the VPN tunnel
the data is protected as securely as if we had a leased line connection between
the offices. If a router or a routing switch acts as the VPN gateway, it must
have the support of VPN.
You should also understand that VPN is a common brand name for a
connection technology. Each particular connection is based on a specific
protocol. This may be one of the following:
VLAN support
To clearly understand what this technology is, let’s look at an example.
Figure 6.34: Users connected to the same switch form a single network.
All users on the network can share data. In order to divide the users into
groups and physically restrict the access, you must connect them to different
switches.
Figure 6.35: Two independent networks.
Stacking
Stacking means combining several switches into one logical device to get a
virtual switch with more ports. That is, using a special high-speed bus, the
switches are combined with each other and can easily pass the data among all
of their ports.
In the field of IP video surveillance, stacking is quite rare, since most of the
switches are located in more than one server room, separated from each other
over long distances and interconnected by optics.
In addition to their functionality, the switches vary in their hardware design.
Temperature mode
Any switch can be set in the server room with air-conditioning. However, in
the field of IP video surveillance you may often be faced with the need to
install switches in unheated rooms or sealed enclosures.
For this purpose, there are industrial switches with passive cooling that do not
use fans. The operating temperature range of these devices is sometimes even
greater than -40°C – +70°C.
Wi-Fi standards
The maximum speed depends on the standard in which the wireless devices
work. Currently, there are three common Wi-Fi standards:
Standard Speed
802.11b Up to 11Мbits/s
802.11g Up to 54Мbits/s (up to 108 Мbits/s with MIMO)
802.11n Up to 600 Мбит/c
Despite the rather widespread popularity of 802.11n, most cameras operate in
802.11g, so in most cases, you should focus on a maximum speed of
50Mbits/s. Remember that this speed does not account for each camera, and
will be divided among all the cameras, connected to a single access point.
Also, note that many manufacturers of Wi-Fi equipment achieve higher
speeds than specified in the standards, with the help of internal technologies.
However, the speed data is achievable only when using the manufacturer’s
equipment on both the transmitting and receiving sides.
Transmitter power
Both radius of coverage and ultimately the speed of data transmission depend
on this parameter. Most often, the level of the transmitter power is not
measured in watts, but in decibels - dBM. Power of a typical access point is
about 20 dBM.
Antenna gain
In addition to the power of the transmitter, an important role is played by the
antenna gain, which is measured in isotropic decibels dBi. This parameter
determines how much greater the power of the antenna radiation in a certain
direction is than the power of radiation from an isotropic antenna.
Typically, the narrower the antenna directional pattern, the higher the gain.
Number of antennas
Depending on the technology used, the use of multiple antennas can either
improve the stability of the connection, or increase the speed by channel
spacing.
Other features
As we have already seen, the access point often has features of the router.
Therefore, it may have such network functions as DHCP, VLAN, VPN, and
IGMP.
We have analyzed what these functions are in the section "Selecting the
Switch".
Chapter 7
Examples of the IP video
surveillance systems
Task
To monitor the apartment when the owners are out.
Solution
In our case one can enter the apartment either through the entrance door or
the balcony. So for reliable protection, we are going to need two cameras.
Before installing them, we need to determine how we are going to transmit
the signal from the cameras for viewing and recording. Typically it is quite
difficult to draw additional wires in an apartment with a fine finish. Therefore
the best solution is to use Wi-Fi wireless cameras. In this case the only wires
we need are those for power supply from the nearest socket.
The next issue is the arrangement of the video recording. Typically it is too
expensive to buy a separate recorder, or a server for two cameras. If we
decline the recorder, the following options will remain:
To turn off the cameras physically, that is, to remove power from the
cameras, when you are home.
To set up a timetable determining when the camera has to record and
when it doesn’t have to. This feature is not present in every camera.
Equipment
So to build the system, we need the following equipment.
Device Quantity Key parameters and comments
IP 2
cameras
Camera with the built-in Wi-Fi interface.
In order that the system is not very expensive let’s
decide in favor of a resolution of 640х480 up to 1
megapixel, with CMOS. Remember that the
resolution of the camera does not always indicate
its quality. Before buying the camera try to view
the images it takes.
Camera has to have a built-in mask motion
detector with adjustable sensitivity.
Camera has to be able to perform event-driven
recording to the memory flash card.
Additional features
You can adjust the system so that you can connect to the cameras remotely
over the Internet and view the current conditions. For this purpose the Wi-Fi
router has to have two functions, which are by the way present in all modern
routers:
Task
We need to provide a twenty-four-hour monitoring of the internal premises,
as well as the adjacent territory. There is no video surveillance post. The
system has to operate independently – to perform recording when the motion
appears in the frame and to store these recordings for two weeks. Access to
the live video will be carried out with the home computer, as well as remotely
over the Internet.
Solution
To protect the house we need 5 outdoor and 9 internal cameras. So as not to
disturb the interior design, we will choose tiny domes as the internal cameras.
It is important to understand that on one hand, the tinier the camera, the
less it disturbs the interior design, and on the other hand, the tinier the camera
lens, the more difficult it is to get a high-quality picture.
All our cameras will have the resolution of 1 megapixel. On the street, the
installed box cameras will be enclosed in sealed housings.
Now let’s determine how we will connect the cameras to the central
equipment – by wires or via Wi-Fi. Let’s compare the following options:
Wire
Wi-Fi
connection
Advantages We can We can install cameras almost anywhere
connect regardless of whether there are embedded
cameras of parts or not.
different Due to the absence of wires we can
resolution and significantly reduce costs on mounting.
in any number.
Disadvantages We need Typically the Wi-Fi connection does not
structured allow data transfer with the total speed of
cabling. 20Mbits/s. In our case if we share 20Mbits
If the fine among 9 internal cameras, the maximum
finish has stream from the camera will be of about 1-
already been 20Mbits/s. But for high-quality megapixel
performed, we video, we need a capacity of 4-6Mbits.
wouldn’t
always be able
to use the wire
connection.
Suppose that in our house the fine finish has not been performed yet and we
can lay the twisted pair. Therefore we choose the wire connection option. The
structure of our system will be as follows:
Figure 7.3: Video surveillance system in the house.
As we see, the central element will be a switch. The cameras and server are
connected to this switch. Also, a Wi-Fi router will be installed in the house to
connect the laptop and Internet output.
Number of ports. We have 14 cameras, a server and a switch, that is, 16
devices. We can install a 16-port switch, but typically the switches are
installed with future extensions in mind. Therefore we will choose the 24-
port option.
Capacity. The ports for connection of the cameras can be of 100Mbits/s.
However, the port, which the switch is connected to, has to be a gigabit port.
Cameras with 1 megapixel resolution will form the stream of 4-6Mbits/s.
Therefore the total stream equals 14x6 = 84Mbits/s. If we take into account
that the capacity will be calculated with a minimum 30% margin, then
100Mbits/s for this stream will not be enough.
PoE. We will power all the internal cameras from the switch, which means it
always has to have the PoE support. The external cameras could also be
powered from the switch, but there’s no sense in doing this, if we need to
supply power to heat the housing. Therefore we will power the outdoor
cameras along with the housings.
Let’s examine the issue of the video recording arrangement.
As the video recording devices we install the server with the appropriate
software. To determine the required power of the server we contact the video
recording software developers and specify the models of the cameras and
their number. In response, we need to get the requirements for the server
hardware and confirmation that the camera models are supported by the
program. The important point is the integration degree of the IP camera. We
can significantly reduce our costs on the hardware if the software supports
the motion detector, operating on the side of the camera.
Taking into account that the cameras will be recorded not permanently, but
by the motion detector, divide 12.7TB approximately by 2. That is, we will
need 6.35 terabytes. To have some margin, set 8 TB – 4 disks 2 TB each.
The functionality of the software will not be considered, since this issue is
very individual. We will only say that for a home video surveillance system,
remote monitoring plays an important role, namely, such features as the
automatic sending of the alarm frames to email, sending SMS, the ability to
re-code the stream to work over low-speed connections.
But as for the requirements for the Wi-Fi router, they will be the same as for
the video surveillance system in the apartment. That is, important functions
for us are DDNS and NAT, which allow connection to the server over the
Internet.
Device Number Key parameters and comments
Internal IP 9
camera
Dome camera
1 megapixel with CMOS
PoE support
Outdoor IP 5
camera
Box camera day-night
1 megapixel preferably CCD or sensitive CMOS
Preferably with noise-canceling function 3DNR
Video 1
recorder
Video server with software
4 disks 2Tb each
Switch
24 ports
At least one port of 1Gb/s
PoE support
Wireless 1 In our case, any Wi-Fi access point will fit with
access point DDNS and NAT.
Computer Setting and viewing of the archives can be performed
from any computer via web browser.
Additional features
Sometimes it happens that the country house cannot be connected to the
Internet, but remote viewing is still required. In this case, you can use GSM.
Instead of our router, we connect the GSM modem to the server, and now the
server can send the alarm reports to our email. If we want to connect to the
server over the Internet to view the video archive, DDNS has to be set up on
the server. In addition, it is important to understand that the speed of the
connection through the cellular networks may be tens or even hundreds times
lower than standard fixed-line channels.
These are the maximum values determined by the technology used. In real
conditions, the speed will be much lower. First, external factors such as
noise, signal stability and the like have an influence. The worse the signal,
the lower the speed is. Second, if we want to get video from a server that is
connected to the Internet via GSM modems, then we are interested not in the
receiving speed, but in the data transmission speed. The speed of data transfer
itself is several times lower than the rate for the reception.
The market offers programs that allow you to establish the VPN
connection without requiring the configuration of VPN and routing. These
programs establish connections almost automatically and can make life easier
for the novice system administrator.
Task
We need to monitor the parking lot and the playground. Live video from the
surveillance cameras will be available to all tenants.
Solution
In this example we need to connect ten megapixel outdoor IP cameras. The
standard box cameras are enclosed in the sealed housings and connected to
the central switch. The server, which performs recording of all video streams,
is connected to the same switch. This part is standard. However, the most
interesting part of this system is providing access to the live video from the
cameras for all tenants. And here we will focus on the multicast transmission.
As we recall from the theory, when broadcasting in multicast mode, the
camera transmits the stream not to a specific client, but to a special multicast
address. A client, if he wants to watch the video, should subscribe to this
stream by sending a specific request from the computer.
Pay attention to the features of cameras and recording server. Can the
server receive the Multicast stream from the cameras? If not, can the camera
transfer the Multicast stream to the tenants and Unicast to the server
simultaneously?
Tenants should have access to our multicast router. To ensure this we will
need to negotiate with the ISP to connect to the LAN of the building. Once
the connection has been established, the client can watch our cameras with a
program for watching IP TV, for example by using VLC Media Player. To
do this it is necessary to specify a multicast address of the desired camera
along with a port number in the box Open URL, e.g. udp ://@
224.10.0.10:5004. Of course, for convenience, you can put the address data
in the form of tabs or a playlist, or, for example, make a special web page,
through which the streams will be broadcast.
Device Number Key parameters and comments
Outdoor 10
IP
cameras Box camera day-night
1 megapixel preferably with CCD or sensitive
CMOS.
Preferably with noise-canceling function 3DNR
Multicast support
Switch 1
as a
multicast 16 ports
router Minimum 2 ports 1Gbit/s
IGMP support
Additional features
If the ISP provides the digital television service in the house, we can try to
connect our cameras as additional digital channels. Digital TV uses the same
multicast transmission with the same multicast router and the programs for
watching. So instead of setting our own multicast router, we can try to
negotiate with the ISP and send the streams from our cameras to their router
or multicast server. In this case, the user, having opened the list of digital
channels, will see our cameras among them. In this case the connection
diagram will look slightly different.
Figure 7.6: Connection of the video surveillance system through digital
television channels.
Task
We need to monitor the sales areas, checkout counters, parking lot and
adjacent territory. The video archive should be stored for 7 days. We need to
organize the operative surveillance post for one guard.
Solution
To perform the tasks we need the following cameras:
8 outdoor cameras
20 internal cameras to monitor the sales areas
35 internal cameras to monitor the checkout counters
6 high- speed PTZ dome cameras
In addition to the issues related to the delay, you need to pay attention to the
connectivity of the proportional joystick or the convenience of controlling the
camera with the mouse.
Device Number Key parameters and comments
Internal IP camera (sales 20
areas)
Dome camera
1 megapixel
PoE support
Internal IP camera 35
(checkout counters)
Box camera
1 megapixel
PoE support
Video recorder 3
Video server with software
4 disks 2Tb each
Switch 24 ports 3
24 ports
Minimum 1port 1Gb/s
PoE support
Switch 8 ports 1
8 ports 1Gb/s
Additional features
As an addition you can install several large monitors on the trading floor and
display the image from several cameras so that visitors see that all their
actions are being monitored. To do this we need the decoders, which will
receive the video stream either from the camera or from the servers and
display it on the screen. The connection diagram in this case is as follows:
Figure 7.9: Video surveillance system with extra decoders.
In general, you can configure the decoder using its web interface and
determine which stream it should decode. If the central software supports the
function of the decoder control, instead of a strict peg of the specific camera
to the specific monitor, you can choose to display any cameras on the
monitor, or, for example, set up an automatic paging of the cameras.
Surveillance in a shopping center
The shopping center is an area of special interest. Usually there are hundreds
of cameras installed here. Therefore, if we decide to build a surveillance
system based on IP technology in a shopping center, particular attention
should be given to the competent construction of the network infrastructure.
Task
We plan to install a total of 250 cameras in the shopping center. The
recording has to be conducted with an archive depth of 14 days. It is also
necessary to organize the observation post, which will be operated by six
people.
Solution
We begin, as always, with the issue of the cameras connection. The most
convenient is to power the internal IP cameras directly from the PoE
switches. Therefore, let’s install the 24-channel PoE switches in different
parts of the building and connect all of our cameras to them. Then our
switches distributed around the building need to be combined. There may be
several options. For example, one way is to establish the star-type connection
of all peripheral switches with a single powerful central switch. This is the
most common topology, since it is easy to set up and calculate.
Figure 7.10: Star-type network topology.
The second option is a series connection of switches in line. Depending on
what switches will be connected with each other, we can get either a tree or a
ring.
Figure 7.11: Tree-type and ring-type network topologies.
In our case, when combining all five switches, each of which has 24 cameras
connected to it, the last switch in the circuit will have to transmit the stream
from all 120 cameras (24 x 5) through its port. The camera transmits video at
6Mbits/s, so the total stream is 6 x 120 = 720Mbits/s, which is a large stream,
even for a gigabit port.
Since we have not 120 but 250 cameras, we are not going to experiment with
the tree- and ring-type structures, and instead, will choose the clear star-type
topology ". In this case, our system is as follows:
Figure 7.13: Video surveillance system in a shopping center.
The peripheral switches are connected with the central switch through the
gigabit ports. Through each of these ports the stream from 24 cameras, i.e. 24
x 6 = 144Mbits/s, is transferred. Here the only limitation is likely to be the
total capacity of the switch. In our example, the total stream passing through
the central switch will not exceed 2 GB. (240 cameras x 6Mbits/s =
1440Mbits/s plus the stream from the servers on the monitoring station).
Here, you will likely have a question regarding the fault-tolerance of the
system. The bottleneck in this case is a powerful central switch. If it fails, the
whole network stops working, that is, the servers will not record, and the
video will escape from the operators’ monitors.
To insure the system against such risks, instead of one central switch, you
need to install a pair of identical switches, which will duplicate each other’s
functions. In this case, the connection diagram is as follows:
Figure 7.14: Duplication of the central switches.
As can be seen in the diagram, one redundant switch is installed along with
the main switch and duplicates connection to the peripherals. That is, each
peripheral switch is now connected not with one, but with two central
switches. If one of them fails, the stream will be transmitted through the
second one.
However, if we look closer into this diagram, we see that a loop is formed in
this connection. And we remember that the Ethernet topology should not
have any loops, because through the loops the packets will be transmitted in a
circle, resulting in a broadcast storm.
Figure 7.15: Transmitting the broadcast IP packet between the switches in a
circle.
Therefore, for this scheme to work, you need to use switches with loop-
protection function STP (RSTP, MSTP).
Outdoor IP 20
camera
Box camera day-night
1 megapixel preferably with CCD or sensitive
CMOS
Preferably with noise-canceling function
3DNR
Video recorder 16
Video server with software
6 disks 2Tb each
RAID 5
2 ports 1Gb/s
Switch 24 11
ports
24 ports
2 ports 1Gb/s
PoE support
Central switch 2
48 ports 1Gb/s
STP (RSTP, MSTP) support
DHCP support
Workstation 6
Powerful computer with the ability to connect
two monitors
2 ports 1Gb/s
Task
Here we have a perimeter 2 km long. The cameras must be installed every 70
meters. One security guard will work at the observation post. He will
constantly monitor the ten most important cameras. If the detector actuates,
he will automatically get an image of the corresponding area.
Solution
First of all, let’s examine the matter of building the network.
Network
The most extensive line of the perimeter is a side A. Its length is 700 meters.
Taking into account that the cameras are installed every 70 meters, we have a
total of 11 cameras on this side.
Figure 7.17: Video surveillance system along a perimeter.
We remember that the maximum length of UTP cable from the camera to the
switch cannot exceed 100 meters. Therefore, we will put one simple switch in
the sealed enclosure next to each camera.
Figure 7.18: Cameras connection.
We will connect switches consistently through each other. Having combined
five cameras in this way, we connect our line to the grouping switch, which is
connected to the central switch though optics.
Likewise, we will connect five cameras, located to the right of the grouping
optical switch.
Now, let’s answer some frequently asked questions.
Why can’t we draw the optics directly to each camera?
First, this would be much more expensive, as the optical switches and media
converters can be ten times more expensive than the regular UTP-operating
switches. In addition, the creation of a large number of optical connections is
difficult in terms of installation.
Can we put not five switches in line, but, say, 10 or 20?
In a series, you can connect quite a lot of switches. The main limitation is the
capacity. The regular switches, which we put next to each camera, operate at
a speed of 100Mbits/s. In this case, the last switch in the chain passes through
its port 5 cameras x 6Mbits/s = 30Mbits/s. We can increase the number of
switches to, say, ten, that is, to the stream of 60Mbits/s at the extreme switch.
It is clear that we cannot transfer 20 cameras over a single line.
When working at the perimeter, pay special attention to the quality of the
cables and the quality of their installation. If you use poor quality cable, place
it along with other cables, causing interference, or perform a careless
crossing, you may face a lack of connection or a connection at a speed of
10Mbits/s instead of 100Mbits/s.
Choosing cameras
Having dealt with the network, let’s move to the issue of choosing the
cameras. The main requirement imposed on the perimeter camera is a good
light sensitivity. So first we look for day-night cameras, sensor type - CCD or
modern expensive CMOS, minimum illumination - 0.01 lx, with an advanced
noise reduction system. It is very desirable in this case to pre-test the camera,
that is, to make a test recording of moving objects in low light conditions.
As a rule, the sensitivity of the IP megapixel cameras is lower than the
sensitivity of analog cameras. So using the additional IR illumination will not
be superfluous. Here, however, special attention should be paid to the quality
of the lens and the ability to use a model with the high-quality IR correction.
Video 1
recorder
Video server with software
6 disks 2Tb each
RAID 5
Switch located 20
next to the
camera 4-6 ports
The switch is installed outdoors in the sealed
enclosure, so it should be without fans and
with extended temperature range
Grouping 3
switch
4-6 ports
At least one port for optics connection
The switch is installed outdoors in the sealed
enclosure, so it should be without fans and
with extended temperature range
Central switch 1
4-6 ports
At least 2 ports 1Gb/s
At least 3 ports for optics connection
Task
In total, we will install 160 cameras in our bank. They will be located along
the perimeter of the building, in the storage, at ATMs, as well as in the
banking hall and hallways. Only guards will be able to view the live video
from the camera and the archive records. The exception will be 10 cameras in
the banking hall. The staff involved in assessing the quality of the customer
service should have access to these cameras.
Solution
As we said earlier, the basic requirement for the video surveillance system
will be its fault tolerance. Let us examine this question in detail.
Fault tolerance
What is meant by this concept? The ideal fault-tolerant system maintains its
performance even in the event of failure of any of its components. Imagine:
for example, one of the servers goes down, but the system continues to
operate, all cameras are recorded, all the multi screens are displayed, and
operators work properly!
You ask: How is that possible? Here is an example of constructing such a
system.
Figure 7.19: Fault-tolerant system for IP video surveillance.
The cameras and workstations, as always, are connected to the LAN
switches. The servers in our case do not perform the recording.
The task of the servers in the system is the management of all the other
devices. When the operator at his workstation selects a camera, say, number
30, the command is sent to the server, which directs the stream of the
respective camera to a given computer. If the operator requests the archive
records, the server sends him to appropriate records from the storage device.
That is, the server itself does not generate any streams - it only manages
them. Recording is carried out to the dedicated network storage devices. If
one of the arrays fails, the management server automatically distributes the
streams among the remaining devices or redirects them to a dedicated spare
array.
Each server can handle a fairly large number of cameras and workstations. In
our system there are 160 cameras, and one server is enough to manage them.
To provide fault tolerance the servers are duplicated, that is, one more server
is installed in addition to the server. This second server monitors the state of
the main server and if the main server stops responding, it automatically takes
over its functions. Note that not only the servers, but also the connection is
duplicated. The servers are connected to the LAN switches simultaneously
through two ports, which provides protection against failure of one of the
central switches.
In this case, each server records its cameras to the internal disks. In the event
of failure of one of the servers, the most that can be done is to change the
configuration of the remaining servers to make them record the most
important neighbor cameras, in addition to their own cameras.
Providing external users with access to the cameras
Remember that ten cameras installed in the banking hall should be accessible
to external users. In other words, we must organize a secure connection to an
external network.
For a secure connection, the first thing we need to do is to install a firewall.
In our case it will be a separate computer, which in addition to its firewall
functions will act as a router.
Figure 7.21: Organizing secure remote access to the video surveillance
system.
The users coming from the external network through a router will be in
VLAN1. As we may remember, if we are in one network, the second network
simply does not exist for us. Therefore, for external users the video system
will consist of a single server. The rest of the video surveillance network
infrastructure will be unavailable to them.
For more information about VLAN refer to the section "VLAN support".
Further access restrictions should be performed at the level of the video
surveillance software. In order for external users to access all 16 but only 10
cameras of the server, the video surveillance software must have a function
for managing access rights individually for each camera.
Having scanned the network to identify the numbers of the IP and MAC
addresses of the cameras, he can pass himself off as one or several
cameras, sending a false video to our servers. You say: What about
passwords? After all, you need to know the password for access to our
cameras. The fact is that most of the cameras run under HTTP and
transmit passwords in a clear text, that is, if necessary the password can
be intercepted.
At the right time, he can start sending broadcast requests, thereby
violating the network. That is, at a particular moment, all our cameras
will cease to transmit video.
He can launch his own virus program.
He can provide a hidden remote access to our system by installing, for
example, a small computer unit with GSM modem connected to our
network behind the false ceiling.
So how can you protect against the connection of unauthorized devices? The
easiest way is to pre-determine the devices that will work in our network. We
register the MAC address of all the cameras, servers and computers on the
switches. Then, using the switch function Port Security we block the ability
to connect devices that are not included in our list. In case of an unauthorized
connection attempt you may, in addition to the notice to the administrator,
automatically block the port to eliminate the possibility of even a short-term
unauthorized connection.
The video surveillance system, in contrast to the corporate networks, is a
closed system, with a minimum number of users and running programs.
Therefore, it is relatively easy to ensure the security of the network. Having
configured the firewalls and blocked the access of the unauthorized devices,
we get rid of 99% of potential threats.
It is also worth noting that as a rule the most vulnerable is not the network
and the network technologies, but the surveillance software. Despite the fact
that video surveillance is related to security systems, protectability of many
software packets is poor. So, very often, with the help of simple actions we
can change the configuration of the server, or even delete the records without
having the rights of the administrator.
Device Number Key parameters and comments
130
IP cameras
Dome camera
1 megapixel
PoE support
Outdoor IP 30
cameras
Box camera day-night
1 megapixel, preferably with CCD or sensitive
CMOS
Preferably with noise-canceling function 3DNR
Video 10
recorder
Video server with software
14 disks 2Tb each
RAID 6
Switch 7
24 ports
At least 2 ports 1Gb/s
PoE support
Port Security
Central 2
switch
48 ports 1Gb/s
STP (RSTP, MSTP) support
DHCP support
Task
There are 40 restaurants, and we need to install 3 cameras in each of them.
The video surveillance system is created to address three objectives:
assessing the quality of customer service, resolving disputes, and getting
additional evidence in the investigation of incidents.
Solution
Taking into account the fact that every restaurant has only 3 cameras, instead
of installing a separate video recorder, we will record to the internal memory
cards of these cameras. We will transmit video over Wi Fi – this greatly
simplifies the installation. For each restaurant, we need three cameras with
built-in Wi-Fi transmitter, plus Wi-Fi router.
Next, we need to connect LANs of all the restaurants to the central office
network. For this purpose, we will use the existing Internet connection and
VPN tunnels.
The diagram is as follows:
Figure 7.23: Integral video surveillance system of a chain of restaurants.
In our case each router creates a permanent secure VPN connection. It is
desirable for the routers to have allocated IP addresses. Otherwise, you can
either set up the already familiar DDNS, and connect through the constant
domain names, or use the services of companies providing VPN connection
without the use of permanent IP-addresses.
For more information on VPN refer to the section "Support for VPN
connections".
You also need to configure a firewall on all routers to block any unauthorized
access to the internal networks. Thus, the central office will be permanently
connected to all the restaurants in the same manner as if the restaurants had a
direct connection to the central office. With the help of special software, or
just through a browser, a staff officer can get a video from any camera, and
download files.
As for the calculation of the network capacity, basic requirements are
imposed on the traffic upload speed provided by the ISP when connecting the
restaurants to the Internet. If you use megapixel cameras the stream can be
6Mbits/s. Therefore, while viewing remotely the total upload speed should be
at least 6 x 3 = 18Mbits/s. When using the standard resolution cameras, each
stream will be equal to 1 Mbit /s, that is, totally - 3Mbits/s.
To exclude the possibility that, in the event of a robbery, a criminal will take
video cameras with recordings with him, you can provide a fallback choice
for recording. To do this, we will install a small server in the central office,
which in case of a security alarm in a restaurant, will start a parallel recording
of all cameras that are there.
There are several options for transferring the signal from the security system
to the video recording server in the central office. For example, you can
programmatically integrate one system to another. Or you can connect the
dry contacts of the security system to the input contacts of the camera and
configure the server so that when the contacts close on the camera the
recording starts automatically.
Device Number Key parameters and comments
IP 2
cameras
Camera with built-in Wi-Fi interface.
In order to prevent the system from becoming very
expensive let’s decide in favor of resolution
640х480 up to 1 megapixel, with CMOS.
Camera has to have a built-in mask motion detector
with adjustable sensitivity.
Camera has to be able to perform the event-driven
recording to the memory flash card.
1
Wireless
access Router function
point VPN connection support
Configurable firewall
Central 1
switch
Router function
Support of at least 40 simultaneous VPN tunnels
Configurable firewall
Video 10
recorder
Video server with software
Ability to connect to 120 cameras
Ability to turn on the recording when the alarm
system triggers at the remote site.
The modern video surveillance system can not only record frames but can
also act as an observer, assessing the situation. Imagine: the system itself
constantly monitors the events developing in the field of view of the cameras,
evaluates them and informs the security guard if the situation seems
suspicious.
While choosing the required functions of the video analysis, you need to
pay attention to the quality of detection. The reality is that most detectors on
the market work reliably on the display stand only.
Ping
If you experience problems with your network connection, the first thing that
must be checked is the ability to send and receive IP packets. To do this, use
the command "Ping".
1. Checking the operability of the network interface. Type the command
ping 127.0.0.1. The computer tries to send the IP packets over the network
interface to itself.
C:\Users\Alex>ping 127.0.0.1
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
IPConfig
Using the command ipconfig you can find out the configuration parameters
of the computer network interfaces.
C:\Users\Alex>ipconfig
Windows IP Configuration
Ethernet adapter Local network connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::1cb:cc77:3551:f9ce%10
IPv4 Address. . . . . . . . . . . : 192.168.10.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
If you type ipconfig /all in the command line, the detailed information on all
interfaces will be displayed.
C:\Users\Alex>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Alex-Micro
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Подключение по локальной сети:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000
Mbps Ethernet
Physical Address. . . . . . . . . : 00-13-20-28-DE-56
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::1cb:cc77:3551:f9ce%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.10.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.1
DHCPv6 IAID . . . . . . . . . . . : 244382630
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0D-60-49-90-
FB-A6-84-2C-72
DNS Servers . . . . . . . . . . . : 192.168.10.1
NetBIOS over Tcpip. . . . . . . . : Enabled
According to this report you can find the errors in the network adapter
configuration. For example, if your computer has an IP address that matches
the address of another network device, the subnet mask will have a value of
0.0.0.0.
PathPing
If there are several commuting or routing devices between the nodes, it is
important to check the connection parameters for each sector. To do this, you
can use either the command tracert, or pathping. The report allows you to
see the entire route of the packet from the sender to the recipient along with
the response time for each sector and the packet loss level.
C:\Users\Alex>pathping google.com
Tracing route to google.com [173.194.69.102] over a maximum of 30
hops:
0 Alex-Micro [192.168.10.101]
1 192.168.10.1
2 62.84.96.31
3 62.84.97.61
4 193.232.246.232
5 72.14.236.248
6 216.239.43.251
7 72.14.236.93
8 209.85.242.187
9 209.85.240.88
10 173.194.69.102
Computing statistics for 250 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent=Pct Address
0 Alex-Micro [192.168.10.101]
1 1ms 0/100 =0% 0/100 = 0% 192.168.10.1
2 1ms 0/100 =0% 0/100 = 0% 62.84.96.31
3 6ms 0/100 =0% 0/100 = 0% 62.84.97.61
4 8 ms 0/100 =0% 0/100 = 0% 193.232.246.232
5 33ms 0/100 =0% 0/100 = 0% 72.14.236.248
6 --- 100/100=100% 30/100 = 30% 216.239.43.251
7 --- 100/100=100% 30/100 = 30% 72.14.236.93
8 --- 100/100=100% 30/100 = 30% 209.85.242.187
9 --- 100/100=100% 30/100 = 30% 209.85.240.88
10 71ms 70/100 = 70% 0 100 =0% 173.194.69.102
Trace complete.
For example, the command ping showed a high percentage of packet loss
when requesting one of the IP cameras. After typing pathping "address of
the camera" we will see between which nodes we should look for the cause
of the unstable connection.
Netstat
After typing the command netstat you can see all the current network
connections of the device.
Route
If your computer or server operates as a router, that is, the packets pass
through it from one network to another, it is important to know the routing
configuration. To view these settings you need to type the command route
print.
IPv4 Route Table
=====================================================================
Active Routes:
Network
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.101 276
=====================================================================
In this example, the only route is the redirection of the packets to the router
192.168.10.1, which is our only gateway on default.
For example, our server has two network interfaces: one is connected to the
internal video surveillance network 192.168.1.0, and the other one- to the
external corporate network 10.0.0.0. If we want to connect to the external
network node from the internal network, we need to specify the appropriate
route. The packet has to go through the following nodes: sender's computer
-> server -> external network router -> receiver’s computer. To configure
the route run the following command:
route ADD -p 10.0.0.0 MASK 255.0.0.0 10.120.30.1
where 10.0.0.0 is the address of the receiver, that is, any computer with an
address 10.x.x.x, and 10.120.30.1 is the address of the external network
router, where the packet will be forwarded to.
ARP
As we know, within the local network the switches use the MAC addresses to
transfer data between the nodes. Compliance of MAC addresses and IP
addresses is stored in a periodically updated table. This table can be seen by
typing arp -a.
C:\Users\Alex>arp -a
Interface: 192.168.10.101 --- 0xa
Internet Address Physical Address Type
192.168.10.1 00-14-d1-bc-cd-dd dynamic
192.168.10.110 00-22-43-0a-b8-bf dynamic
192.168.10.201 1c-4b-d6-aa-a0-0a dynamic
192.168.10.255 ff-ff-ff-ff-ff-ff static
224.0.0.2 01-00-5e-00-00-02 static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
224.0.0.253 01-00-5e-00-00-fd static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
In rare cases, this table may be damaged and because of this, the connection
with the external devices may be lost. That is, the computer pings its own
address only. You can update the table with the command "netsh interface ip
delete arpcache".
For more information on the ports, refer to the section "IP addresses,
packets, sockets".
To check the availability of a specific port, you need to use a separate utility.
One such utility is a free program called NMAP. In the camera or server
settings, we figure out which ports are used, and then check the availability of
these ports.
To check the availability of the port 554 (RTSP) NMAP open NMAP and
type in the command line:
nmap -p 554 "address of the server"
Nmap scan report for 192.168.10.110
Host is up (0.0030s latency).
PORT STATE SERVICE
554/tcp filtered rtsp
MAC Address: 00:22:43:0A:B8:BF
Nmap done: 1 IP address (1 host up) scanned in 1.15 seconds
As we see in the report, port 554 is "filtered", which means that the packets
are blocked by a firewall, router rules, or computer security filters.
Patch cord
Figure 9.1: Patch cord crimping diagram.
Both ends of patch cord follow the same wiring format.
Crossover
Figure 9.2: Crossover crimping diagram.
The crossover ends have different wiring order.
If the network device is pinged when connecting to the switch, and is not
pinged when connected directly to the computer, then most likely the
problem is in the wrong crimping of the cable.
Antenna arrangement
To get a steady high-speed connection the transceiver antennas should be
arranged in the line of sight, that is, in other words, there should be no
barriers between the antennas. Almost all types of barriers that are in the way
of the radio waves cause a significant attenuation of the signal, and the
reinforced concrete walls and floors present an insurmountable barrier for the
high-frequency Wi-Fi radiation.
It is important to know that there should be no barriers, not only in a straight
line between the antennas, but also in the area adjacent to this straight line.
The radio waves propagate not in one line, but occupy a certain area around
the line of sight. This area is called the Fresnel zone.
Figure 9.3: Fresnel zone between the antennas.
Objects falling into the Fresnel zone may significantly weaken the radio
signal, and therefore you should avoid all possible barriers located at a short
distance from the line of sight. The width of the Fresnel zone depends on the
distance between the antennas, as well as the frequency of the signal.
Table. The Dependence of the Fresnel Zone Radius on the Distance between
the Antenna
Distance Radius of the first Fresnel Radius of the first Fresnel
between zone at a frequency of 2.4 zone at a frequency of 5
antennas GHz GHz
50 m 1,2 m 0,9 m
100 m 1,8 m 1,2 m
500 m 3,9 m 2,7 m
1 km 5,6 m 3,9 m
3 km 9,7 m 6,7 m
5 km 12,5 m 8,7 m
10 km 17,7 m 12,2 m
If a lot of objects that cause a strong attenuation of the signal fall in the
Fresnel zone, you should either move the antennas, or use an intermediate
retransmitter.
Antenna directivity
When establishing the wireless connection, you should pay attention to the
directivity of the antennas. As we know, there are two basic types of
antennas: omni-directional and directional.
Directional antennas usually have a large gain in a certain area and should be
quite accurately directed at each other. The correctness of the installation is
determined by the signal level at each of the access points.
Omni-directional antennas, installed on most wireless cameras and home
access points, are vertically mounted rods that relatively evenly radiate in a
horizontal plane through 360 degrees. However, it should be remembered
that in the vertical plane of the omnidirectional antennas tend to capture only
a small sector.
Figure 9.4: Radiation sector on the horizontal plane.
So if, for example, the camera will be located on the ground floor of one
building and the access point antenna on the roof of the neighboring building,
their directivity diagrams on the vertical plane will not intersect and no
connection will be established.
When installing the antenna in addition to the directivity you should consider
the polarization parameter. Most Wi-Fi antennas have either a vertical or a
horizontal linear polarization.
Figure 9.5: Horizontal and vertical polarization of the antennas.
When installing, you should see to it that the transmitting and receiving
antennas have the same polarization direction.
If both antennas are simultaneously turned through 90 degrees, you can
change the plane of polarization, for example, from vertical to horizontal. By
performing this simple procedure in some cases, you can get rid of
unnecessary radio interference.
Ping
In order to assess the stability of the connection you can use the command
Ping.
Type in the console mode ping -t "IP address of the camera".
If no packet loss is observed, and the response time is few milliseconds, then
the connection is stable. The next thing to check is the connection speed. To
do this you need to play back the live video simultaneously from all cameras
that are connected through this Wi-Fi channel and see the network load, for
example, through the Windows Task Manager.
Windows Task Manager can be called up using the key combination "Ctrl
+ Shift + Esc"
Lightning protection
When using the external antennas you need to protect the access point against
damage caused by the static discharge during a thunderstorm. For this
purpose the antenna coaxial cable is connected to the access point through the
compact lightning protection device of the antenna feeder system.
When using the outdoor access point connected to the switch with a twisted
pair, you need to use the lightning protection designed to protect the Ethernet
lines.
1. Ethernet switch
2. Power supply unit
3. Circuit breaker for the line 220V
4. Lightning protection device for the power line
5. Lightning protection device for the Ethernet line
6. Temperature stabilizer
7. Sealed enclosure
8. Magnetic tamper for opening control
9. Terminal blocks
IP Video Surveillance
An Essential Guide
Feel free to ask questions and make comments on the book’s website
http://ipvideosystemdesign.com/
Table of Contents
IP Video Surveillance
Introduction
About the Author
Who this book is intended for
Structure of the Book
Notations
Understanding IP Video Surveillance
What Do These Two Letters Mean?
Advantages of IP video surveillance
Are there other ways of transmitting megapixel resolution besides
networks?
What does an IP video surveillance system consist of?
IP Cameras
How the IP camera is arranged
IR-Cut filter
Sensor
Video signal processor
Compression processor
Camera CPU
Network interface
How to choose the IP cameras
What is a video streamer?
Lenses
Lens Resolution
Lens types
Focal distance or view angle
Aperture ratio
Focus quality
Asphere
IR correction
Depth of field
Other characteristics of the lens
Format
Mounting
Aperture control
Video Recording
Where is the video stream from the IP camera recorded?
How the process of getting the video stream is arranged
How does a computer-based video recorder work
CPU
Video recorder hard disks
Network interface
Random access memory
Operating system
Software for video surveillance
What is the difference between the video recorder and
computer?
How to choose the best recorder or server
Number of connected cameras
Supported cameras
Number and maximum capacity of disks
Reliability of the hardware
Software features
Video playback
All you need to know about the monitors
Choosing the monitor according to the features
How many monitors do we need?
Decoding
What do the monitors in the IP video surveillance system
connect to?
Comparison of compression standards in terms of decoding
Graphic accelerators and CUDA
Network
How is the network arranged?
IP addresses, packets, sockets
Networks, subnet mask, routing
DNS and DDNS
OSI Levels
More on addressing
What is a Firewall?
What are Unicast, Broadcast and Multicast?
Transmission medium
Copper cable
Fiber optics
Equipment for fiber optic networks
Wireless connection
Network equipment
Selecting the switch
Choosing a wireless access point
Examples of the IP video surveillance systems
IP video surveillance in an apartment
IP video surveillance in a house
Monitoring the yard and parking lot of an apartment building
Surveillance in a supermarket
Surveillance in a shopping center
Surveillance along a perimeter
Surveillance in a bank
Surveillance for a chain of restaurants
Video analysis
How is video analysis arranged?
What types of detectors are there?
How to build a surveillance system with video analysis?
Hints
Checking network connection
Ping
IPConfig
PathPing
Netstat
Route
ARP
Checking the ports
Crimping the twisted pair
Organization of the wireless Wi-Fi connection
Antenna arrangement
Antenna directivity
Cables to connect the antennas
Choosing the channel
Ping
Lightning protection
Components of the sealed enclosure for an outdoor IP camera
IP Video Surveillance