Indigovision Control Center Web

IndigoVision
Control Center Web
Administrator's Guide
Control Center Web
THIS MANUAL WAS CREATED ON MONDAY, AUGUST 9, 2021.

DOCUMENT ID: IU-CC-MAN007-13
Legal Considerations
LAWS THAT CAN VARY FROM COUNTRY TO COUNTRY MAY PROHIBIT CAMERA SURVEILLANCE . P LEASE ENSURE THAT THE RELEVANT LAWS
ARE FULLY UNDERSTOOD FOR THE PARTICULAR COUNTRY OR REGION IN WHICH YOU WILL BE OPERATING THIS EQUIPMENT . INDIGO VISION
LTD. ACCEPTS NO LIABILITY FOR IMPROPER OR ILLEGAL USE OF THIS PRODUCT.
Copyright
COPYRIGHT © INDIGOVISION LIMITED. ALL RIGHTS RESERVED.
THIS MANUAL IS PROTECTED BY NATIONAL AND INTERNATIONAL COPYRIGHT AND OTHER LAWS. UNAUTHORIZED STORAGE, REPRODUCTION,
TRANSMISSION AND/OR DISTRIBUTION OF THIS MANUAL, OR ANY PART OF IT, MAY RESULT IN CIVIL AND/OR CRIMINAL PROCEEDINGS.
I NDIGO V ISION IS A TRADEMARK OF I NDIGO V ISION L IMITED AND IS REGISTERED IN CERTAIN COUNTRIES . I NDIGO U LTRA , I NDIGO P RO ,
I NDIGO L ITE , I NTEGRA AND C YBER V IGILANT ARE REGISTERED TRADEMARKS OF I NDIGO V ISION L IMITED . C AMERA G ATEWAY IS AN
UNREGISTERED TRADEMARK OF INDIGOVISION LIMITED. ALL OTHER PRODUCT NAMES REFERRED TO IN THIS MANUAL ARE TRADEMARKS OF
THEIR RESPECTIVE OWNERS.
S AVE AS OTHERWISE AGREED WITH I NDIGO V ISION L IMITED AND / OR I NDIGO V ISION , I NC ., THIS MANUAL IS PROVIDED WITHOUT EXPRESS
REPRESENTATION AND / OR WARRANTY OF ANY KIND . T O THE FULLEST EXTENT PERMITTED BY APPLICABLE LAWS , I NDIGO V ISION L IMITED
AND I NDIGO V ISION , I NC . DISCLAIM ALL IMPLIED REPRESENTATIONS , WARRANTIES , CONDITIONS AND / OR OBLIGATIONS OF EVERY KIND IN
RESPECT OF THIS MANUAL . A CCORDINGLY , SAVE AS OTHERWISE AGREED WITH I NDIGO V ISION L IMITED AND / OR I NDIGO V ISION , I NC ., THIS
MANUAL IS PROVIDED ON AN “AS IS”, “WITH ALL FAULTS” AND “AS AVAILABLE” BASIS. PLEASE CONTACT INDIGOVISION LIMITED (EITHER BY
POST OR BY E-MAIL AT TECHNICAL.SUPPORT@INDIGOVISION.COM) WITH ANY SUGGESTED CORRECTIONS AND/OR IMPROVEMENTS TO THIS
MANUAL.
S AVE AS OTHERWISE AGREED WITH I NDIGO V ISION L IMITED AND / OR I NDIGO V ISION , I NC ., THE LIABILITY OF I NDIGO V ISION L IMITED AND
I NDIGO V ISION , I NC . FOR ANY LOSS ( OTHER THAN DEATH OR PERSONAL INJURY ) ARISING AS A RESULT OF ANY NEGLIGENT ACT OR
OMISSION BY INDIGOVISION LIMITED AND/OR INDIGOVISION, INC. IN CONNECTION WITH THIS MANUAL AND/OR AS A RESULT OF ANY USE OF
OR RELIANCE ON THIS MANUAL IS EXCLUDED TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAWS.
Contact address
IndigoVision
Caledonian Exchange,
1st Floor, 19a Canning Street,
Edinburgh,
EH3 8EG
2 Administrator's Guide - v13

TABLE OF CONTENTS
Legal Considerations 2
Copyright 2
Contact address 2
1 About this guide 5

Safety notices 5
2 Control Center Web Overview 6

Components 6
3 Installation 8
System requirements 8
Browser compatibility 8
Certificates 8
Install the media server 9
Enable Hyper-V 9
Configure Hyper-V networking 10
Create the virtual machine for the media server 10
Install the media server on the virtual machine 11
Site Database Server configuration 12
Install the application server 13
Time synchronisation 15
4 Control Center Mobile 16

Compatibility 16
Install the Control Center Mobile certificate 16
Install the Control Center Mobile certificate on an Android device 16
Install the Control Center Mobile certificate on an iOS device 17
Download the Control Center Mobile app 17
Login to Control Center Mobile 17
5 Deploying Control Center Web on the Internet 18

Configuring the media server 19
Configuring the application server 20
Configuring port forwarding and DNS 20
IPv6 Networks 21
Control Center Web Administrator's Guide - v13 3

Control Center Web
Setting up automatic operating system updates 22

Application server 22
Media server 22
6 Operations 23
Transfer files between the media server and Control Center Web application server 23
Configure permissions for Control Center Web to read the Site Database Files directory 24
Change the media server password 24
Change the media server network settings 24
Configure NTP on the media server 26
Change keyboard mapping for media server 27
Change the media server address in the application server 27
Change the site database location 27
Manually install an existing certificate 28
Request a certificate from a Certificate Authority 28
Export certificate from Windows for use in the media server 29
Create the certificate request file 30
Import the certificate in Windows 30
Export the certificate and private key from Windows 30
Transfer the certificate files to the media server 31
Convert the certificate and private key file 31
7 Upgrading Control Center Web 32

Upgrading the media server 33
Upgrading the Control Center Web application 33
9 Troubleshooting 35
I am configured to use Windows authentication, but cannot login 35
When I log in, I receive an error saying that the service is unavailable 35
When I select a camera in live mode, I cannot view video 37
When I view live video, the web browser displays error messages 37
When I select recorded footage on an alarm, I cannot view video 38
When I select recorded footage on an alarm, I cannot hear audio 39
I cannot see available presets for my PTZ camera 39
I cannot log in using the Control Center Mobile Android app 39
I cannot log in using the Control Center Mobile iOS app 40
Control Center Mobile is not working on Android 40
A Optimizing Control Center Web 41
4 Control Center Web Administrator's Guide - v13

1 ABOUT THIS GUIDE
This guide is written for users of IndigoVision Control Center Web. It provides installation
and configuration information for the system, as well as details of operation.
Please ensure you read the instructions provided in the guide before using the system.
Safety notices
This guide uses the following formats for safety notices:
Indicates a hazardous situation which, if not avoided, could result in death or serious injury.
Indicates a hazardous situation which, if not avoided, could result in moderate injury,
damage the product, or lead to loss of data.
Indicates a hazardous situation which, if not avoided, may seriously impair operations.
Additional information relating to the current section.

2 CONTROL CENTER WEB OVERVIEW
IndigoVision Control Center Web allows you to access an existing IndigoVision Control
Center system through a web browser.
Operators can access live video without having to install the Control Center software on a
PC. This makes using Control Center much easier for occasional users or operators on the
move.
Control Center Web provides the following:
• Access to low latency live video from any supported ONVIF camera
• Active alarm management
• Recorded video and audio from the time of an alarm
• Access to a Control Center site securely over the Internet
• Ability to control access through the Control Center site database
Control Center Web does not require plugins or other software to be installed in the web
browser.
Components
Control Center Web consists of the following components:
• Control Center Web application server
A web service that runs in IIS to provide the business logic for Control Center Web. It
also serves the client application to users.
You must configure the Control Center Web application server with a Site Database
Server, a Site Database Files directory, and media server in order to operate.
• Control Center Web media server
A physical or virtual machine, which provides services to adapt video streams from
cameras within the IndigoVision system, to allow the streams to be viewed using a
standard web browser or mobile application.
You can install it on the same PC as the application server, using virtualization
technology such as Microsoft Hyper-V.
• Control Center Mobile
A native mobile app that runs on Apple iOS or Android, and can access Control
Center Web without requiring a separate web browser.

2 Control Center Web Overview Control Center Web
Control Center Mobile Application

Camera
Web Browser
Media Server
Application Server
Site Database Files
Site Database Server
Figure 1: Control Center Web components
The Site Database Server and Site Database Files must be installed and configured before
Control Center Web. You can use the same site database for Control Center Web and
Control Center. This allows you to use the same user accounts and camera viewing
permissions for both Control Center Web and Control Center.
To perform administrative tasks in the site database, for example user management and
camera configuration, you must use Control Center.

3 INSTALLATION
System requirements
You can install Control Center Web on one of the following Windows operating systems:
• Windows Server 2019
• Windows Server 2016
• Windows Server 2012 R2 (recommended)
• Windows 10 64-bit
IndigoVision recommends that you install Control Center Web on a server-style system,
with a server network adaptor, and the following minimum requirements:
• Server class PC
• 8 GB of RAM
The IndigoVision Enterprise NVR- AS 4000 1U and 2U and IndigoVision Hybrid NVR
Workstation are all compatible with Control Center Web . These platforms can be used to
run both the NVR-AS software and Control Center Web simultaneously.
Control Center Web is compatible with common virtualization software, including VMWare
ESXi and Microsoft Hyper-V.
Browser compatibility
The Control Center Web client application is compatible with the following web browsers:
• Mozilla Firefox 54.0 or later
• Google Chrome™ 60.0 or later
• Microsoft Edge 79 or later
IndigoVision recommends that all browsers are kept up to date with the latest security
updates.
Certificates
Control Center Web requires a certificate to secure the service. You must use one of the
following options:
• Use a certificate signed by a trusted public Certificate Authority (CA)
Using a public CA to secure the service is the best option in several ways.
It has the major advantage of not requiring certificates to be installed on the client
devices. This is particularly useful when you wish to deploy Control Center Web on
the Internet to give access to individuals outside of your organization.
However, it will usually involve paying a fee to the CA vendor.
• No need to install certificates on client devices
• No need to setup a private CA server

3 Installation Control Center Web
• Use a certificate signed by a private Certificate Authority (CA)

You can set up a private CA service using Microsoft Active Directory Certificate
Services or other tools.
► For more information, refer to "Types of Certification Authorities", at
https://technet.microsoft.com/en-us/library/cc732368(v=ws.11).aspx
Many IT departments in a corporate environment will have set up a private CA as
part of their network infrastructure.
• No fee to a CA vendor
• CA root certificate must be installed on all client devices
• CA service must be set up separately
• Use a self-signed certificate
1
Using a self-signed SSL/TLS certificate introduces a significant security risk to your system
and may allow attackers to access sensitive data. IndigoVision always recommend using a
signed certificate from a trusted Certificate Authority.
Control Center Web can generate and install a self-signed certificate automatically.
This allows the system to be set up quickly, and has no cost implications. However,
self-signed certificates do not provide the same level of security as CA signed
certificates.
• No need to setup a private CA server
• No fee for CA vendor
• Easy to set up
• Insecure
When installing Control Center Web, it is important that you are aware of these options,
and understand which option best fits your deployment. This choice is not permanent and
you can change the certificate after installation.
1
To securely deploy Control Center Web for use over the Internet, separate SSL/TLS
certificates will be required for the Control Center Web application server and the media
server.
Alternatively, a wildcard SSL/TLS certificate can be used for both servers (e.g.
*.yourdomain.com).
Install the media server

The first component to install for Control Center Web is the media server. This is distributed
as a live CD ISO image for installation on any modern virtualization technology.
The following instructions assume that you are using Microsoft Hyper- V, on Windows
Server 2012 R2 or Windows Server 2016.
Enable Hyper-V
To use Hyper-V on Windows Server 2012 R2, you must enable it as a server role.
1. In the Server Manager application, select Add Roles and Features.
2. In the Installation Type screen, select Role-based or feature based installation.

Control Center Web 3 Installation
3. In the Server Selection screen, select the local server.

4. In the Server Roles screen, select Hyper-V.
5. In the Features screen, go to Remote Server Administration Tools > Role
Administration Tools and ensure that Hyper-V Management Tools is selected.
6. Click Install, accept all confirmations, and restart the PC.
Hyper-V is installed on Windows Server 2012 R2.
Configure Hyper-V networking

In order to install Control Center Web , correctly the media server must be accessible to
both the application server and the client web browsers. IndigoVision recommends using
an External Switch configuration on the Hyper-V host to achieve this.
1. Open the Hyper-V Manager tool.
2. In the pane on the left of the screen, ensure that the local PC is selected.
3. In the Actions pane, select Virtual Switch Manager....
4. In Virtual Switches, select New virtual network switch.
5. In Switch type, select External.
6. Click Create Virtual Switch.
7. In Switch name, enter External Switch.
8. In External network, select the physical network adapter which you want to use.
If you are using an Enterprise NVR-AS 4000, select one of the following adapters:
• 10 Gbps Team (preferred)
• 1 Gbps Team
9. Ensure that Allow management operating system to share this network adapter is
selected.
10.Click OK.
A new network adapter named vEthernet (External Switch) is created on
the server.
Use this adapter if you want to change the IP address on the teamed interface.
Create the virtual machine for the media server

You must create a virtual machine on which to install the media server.
3. In the Actions pane, select New > Virtual Machine.
4. In Specify Name and Location specify the following for the new virtual machine:
• Name: for example Control Center Web Media Server
• Location: the location to store the virtual machine. If you are using an NVR-AS
4000, then IndigoVision recommends that you use the default location on the C:
drive.
5. In the Specify Generation screen, select Generation 1.
6. In the Assign memory screen, select the required memory.
IndigoVision recommends that you configure Hyper-V to dynamically assign
memory to the media server when it is required, by doing the following:
• Enable Dynamic Memory
• Set the minimum to 1024 MB
• Set the maximum to the amount of memory on the host PC

7. In the Configure Networking screen, select External Switch.

8. In the Create Virtual Hard Disk screen, do the following:
• Create a new virtual hard disk.
• If required, edit the name and location for the disk.
If you are using an NVR-AS 4000, IndigoVision recommends using the C: drive
as the default location.
• Set the disk size to 10 GB.
9. Select Install the Operating System later and complete the wizard.
The new virtual machine is created.
Install the media server on the virtual machine

You must install the media server on the Hyper-V virtual machine.
3. Right-click the virtual machine to which you want to install the media server, and
select Settings.
4. Select the IDE controller with a DVD drive and click Browse….
5. Navigate to the mediaserver.iso file.
This is on the IndigoVision Control Center CD-ROM, in the Control Center Web
directory.
6. Select Processor and set Number of virtual processors to the number of logical
processors in your system.
This can be found by accessing the Performance page in the Windows Task
Manager.
7. Close the dialog.
select Start.
select Connect.
A dialog opens, showing the progress of the media server installation.
10.When prompted, enter the following to set the network configuration for the media
server:
• IP address for the media server
• Netmask of the network
• Gateway IP address
• Name server IP address
You can change the IP configuration for the media server after installation.
► For more information, see "Change the media server network settings" on page
24
The server restarts and presents a login prompt.
11.Login to the media server with the following details:
• Username: msuser
• Default password: 1234
12.Change the password using the following command:
passwd
13.Follow the prompts to change the password for the msuser user.
► For more information, see "Change the media server password" on page 24

The media server can now be used with the application server as part of Control Center
Web .
Site Database Server configuration

Control Center Web requires access to the Site Database Server. To communicate
securely, a service authentication token must be generated on the Site Database Server.
To generate a service authentication on the Site Database Server, do the following:
1. Open the Windows Start menu and select IndigoVision > Site Database Server
Setup.
2. In the Site Database Server Setup tool, click Next.
3. On the Site Database Configuration page select Generate a service authentication
token and click Next.
4. Take note of the token displayed on the Generate a Service Authentication Token
page. This will be needed later.
5. Click Next to add it to the Site Database Server.
6. After the configuration has completed, click Finish to close the Site Database Server
tool.
If you have already generated a service authentication token, there is no need to generate
another. The same token can be used by multiple applications.
If the Site Database Server is using a self-signed certificate, the Site Database Server
certificate must be installed on the PC that hosts the Control Center Web application
server.
1
This is only required if you are using a self-signed certificate on the Site Database Server.
To export the self- signed Site Database Server certificate and install it on the Control
Center Web host, follow these steps::
1. On the Site Database Server, navigate to Start > Control Panel.
2. Search for the Manage computer certificates application within the Control Panel
and open it.
3. Select Personal > Certificates.
4. Search for the certificate with the following in the friendly name column: Self Signed
Site Database Server Certificate.
5. Right click on the certificate and select All tasks > Export…
6. Follow the wizard to export the certificate.
• Do not export the private key
• Accept the other default options
7. Copy the resulting .cer file to the Control Center Web application server host PC.
8. Open the certificate on the Control Center Web application server host PC and click
Install…
9. Follow the wizard and do the following:
• Install the certificate to the Local Machine
• Select the Trusted Root Certificate Authorities store

10.The Control Center Web application server host PC will now trust connections with
the Site Database Server.
Install the application server

Install the application server component after the media server.
1. Insert the IndigoVision Control Center CD-ROM.
The IndigoVision Control Center install screen opens.
2. In Windows Explorer, navigate to the Control Center Web directory on the CD-ROM
and double-click the ControlCenterWeb.exe file.
The End-User License Agreement dialog opens.
3. Read the agreement, select the check box to accept the agreement, and click Install.
The Control Center Web Setup Wizard opens.
4. Click Next.
The Configuration Options dialog opens.
5. Update the following fields:
• Install IndigoVision Control Center Web to:
Enter the location to which you want to install the Control Center Web.
• Specify the Media Server URL:
Enter the URL that will be used by Control Center Web to access the media
server.
You must replace SET_MEDIA_SERVER_HOST_HERE with the hostname or IP
address of your media server.
1
IndigoVision recommends that you use a UNC path for remote Site Database Files, instead
of mapped drives.
1
If access to the directory hosting the Site Database Files is restricted, the user account
installing the application must have access to this location for installation to complete.
6. Click Next.
The Site Database Server Configuration dialog opens.
7. Enter the hostname or IP address and port of the Site Database Server and the
service authentication token noted earlier.
If using Windows Server 2012 R2 to host the application server, the address of the Site
Database Server entered here must exactly match the Common Name or Subject field in
the Site Database Server certificate.
8. Click Next.
The Site Database Files Configuration dialog opens.
9. Update the following fields:
• Select the Control Center Site Database Files location:

Enter the location of the Site Database Files directory. The location can be on a
local drive or a network location, using a local address or UNC path (for example:
\\exampleserver\IndigoSiteDB).
• Specify a different Windows user to access the directory:
If the location specified above is a network location that requires credentials to
access, enter them here.
10.A valid SSL/TLS certificate must be installed in order for Control Center Web to
operate.
For more information on SSL/TLS certificates, see "Certificates" on page 8
Choose from the following options:

• Supply a certificate file
If you have an existing certificate, do the following:
a. Select the Supply an Existing certificate file (.pfx) radio button.
b. Click Select, and select the desired file.
c. Enter the password for the certificate.
d. Click Next.
• Automatically generate a self-signed certificate
Control Center Web can automatically generate and install a self-signed
certificate. These do not provide as much security as signed certificates but allow
installations to be set up quickly and easily. To configure:
a. Select the Generate an untrusted self-signed certificate radio button and
click Next.
b. A warning message will be displayed to highlight the security issues
associated with this type of certificate. Read the information provided and
click Confirm to proceed.
• Continue without installing a certificate
If you wish to configure a certificate later, you can skip this step. However,
Control Center Web will not operate until a valid certificate is correctly installed.
To continue:
a. Select the Configure later radio button and click next.
b. A warning will appear highlighting that a certificate is required for Control
Center Web to operate. Click Next to proceed.
11.Click Install.
The application server installation begins.
12.If prompted to restart the PC, enter Y.
When your PC restarts, the installer automatically starts again when you log back in.
13.When the installation is finished, click Close.
14.If you wish to configure a TLS/SSL certificate after the installation completes, do one
of the following:
• Request a certificate from a Certificate Authority (CA)
► For more information, see "Request a certificate from a Certificate Authority"
on page 28
• Use an existing certificate
► For more information, see "Manually install an existing certificate" on page 28
15.Ensure the correct permissions have been set to allow Control Center Web to
access the Site Database Files location.

► For more information, see "Configure permissions for Control Center Web to read
the Site Database Files directory" on page 24
Time synchronisation
All devices in the IndigoVision system, including Control Center Web application server,
media server, Control Center, NVR-AS and camera equipment, must be time synchronised
using the same NTP hierarchy. If they are not, warnings are issued, and certain
functionalities may not behave correctly, including aspects of video playback.
► For more information on installing a Windows NTP Server, refer to the "IndigoVision
Control Center Installation Guide" appendix E: "How to install a Windows NTP Server".
Additionally, details for configuring NTP on the media server can be found in the
Configure NTP on the media server section of the Operations chapter.
The installation is complete.
You can login to Control Center Web using a compatible browser.
► For more information, see "Browser compatibility" on page 8
You must login using the login details of a valid user in the configured Control Center site
database.

4 CONTROL CENTER MOBILE
IndigoVision recommends that you use the Control Center Mobile app when using Control
Center Web from mobile devices.
You can use Control Center Mobile on Android™ and iOS devices.
Compatibility
You can install Control Center Mobile on one of the following operating systems:
Table 1Control Center Mobile compatibility
Operating System Versions
Android 6.0 and later1
iOS 10.0 and later
Install the Control Center Mobile certificate

If Control Center Web has been set up with a certificate signed by a private Certificate
Authority, you must download or transfer the root certificate to the device.
► To install a certificate on an Android device, see "Install the Control Center Mobile
certificate on an Android device" on page 16
► To install a certificate on an iOS device, see "Install the Control Center Mobile certificate
on an iOS device" on page 17
Install the Control Center Mobile certificate on an Android device

1. In your device settings, select Personal > Security
2. Under Credential storage, select one of the following:
• Install from storage
• Install from SD card
3. In Open from, navigate to the certificate.
If prompted, enter the key store password, then select OK.
4. Enter a name for the certificate.
5. Select one of the following:
• VPN and apps
• Wi-Fi
1If the Google Chrome browser is installed on an Android device, the Control Center Mobile Android app will make use of it to
provide increased performance and feature compatibility. IndigoVision recommend that Google Chrome is installed and up to date
on Android devices.

4 Control Center Mobile Control Center Web
6. Select OK.
Install the Control Center Mobile certificate on an iOS device

1. Email the root certificate to an email address set up on the device.
2. In your device, select the email attachment, and follow the wizard to install the
certificate.
3. In your device settings, select General > About > Certificate Trust Settings.
4. Enable the certificate.
Download the Control Center Mobile app

You can download Control Center Mobile from the following locations:
• Android:
https://play.google.com/store/apps/developer?id=IndigoVision
• iOS:
https://itunes.apple.com/us/developer/indigovision/id510308099
Login to Control Center Mobile

To login to the Control Center Mobile app, do the following:
1. Open Control Center Mobile.
2. When prompted, enter the following:
• Control Center Web Server: the address of the Control Center Web application
server, in the following format:
https://myserver.example.com.
• User and Password: your Control Center credentials.
3. If the Control Center Web application server is configured with a self-signed
certificate, tick the Allow untrusted certificates check box. A warning message will
appear specifying the security implications of allowing connection to severs using
untrusted certificates. Read the information provided and click Proceed when ready.

5 DEPLOYING CONTROL CENTER WEB ON THE
INTERNET
You can deploy IndigoVision Control Center Web safely over the Internet. Control Center
Web sends user and video data over encrypted channels to keep your IndigoVision system
secure.
Figure 2: Internet deployment
Figure 2 shows a typical deployment of Control Center Web using IPV4 networks.
The client device is on a separate private network connected to Control Center Web
through the Internet. The client can access the application and all of its features from
outside of the network where Control Center Web is installed.
To allow this, you must do the following:
• Configure Control Center Web with a TURN server
A TURN server is a network service that allows the video traffic to traverse network
address translation (NAT) devices.
• Configure port forwarding and DNS
You must configure the deployment NAT and firewalls on the network hosting
Control Center Web to allow application server and media server traffic through.
To protect your installation, you should secure access to the TURN server with a valid
TLS/SSL certificate. This can be requested from a Windows PC and exported to the media
server:
1. Generate a certificate request in Windows and submit to a suitable Certificate
Authority (CA).
2. Import the returned certificate file into Windows.
3. Export the certificate file and private key.
4. Transfer the file to the media server.
5. Convert the file into a usable format.
6. Configure the TURN server to use the certificate.

5 Deploying Control Center Web on the Internet Control Center Web
► For full guidance on this, see "Export certificate from Windows for use in the media
server" on page 29.
Configuring the media server

To use the TURN server, you must configure the media server.
1. Login to the media server with the following details:
2. Open the TURN server configuration file, using the following command:
sudo nano /etc/turnserver.conf
3. Edit the configuration file:
• tls-listening-port: The port on which you want the TURN server to listen
for secure client connections.
The TURN server only uses this port if a certificate is correctly configured. See
cert for details.
If you do not configure the tls-listening-port, then the TURN server uses
the default port of 3478 to listen for insecure client connections.
IndigoVision recommend that you only use secure communications channels with the
TURN service.
This port must be exposed by a port forward on the deployment NAT.

• user: The username and password for the TURN server, specified in the format
username:password.
The default username and password are Admin:1234. Reset them to a unique
value.
• cert: The path to the TLS certificate on the local machine.
Ensure that the certificate is for the fully qualified domain name of the media
server, for example: mediaserver.mydomain.com.
Ensure that the certificate is stored within the /etc directory or one of its
subdirectories.
Ensure that the certificate is in .pem format, with a separate private key file. See
pkey for details.
The self- signed certificate generated by Control Center Web cannot be used with the
TURN server. If you plan to make such a server accessible from the Internet, leave this
setting empty. This allows the TURN server to operate using insecure communication
channels.
In this mode the media and data channels for your system are still encrypted, but the TURN
service itself is not secured.
• pkey: The path to the private key file for the certificate file.
Ensure that the key file is stored within the /etc directory or one of its
subdirectories.

Control Center Web 5 Deploying Control Center Web on the Internet
1
Password-protected private key files cannot be used with the TURN server.
Save your changes and close the configuration file.

4. Open the default configuration file, using the following command:
sudo nano /etc/default/coturn
5. In the line #TURNSERVER_ENABLED=1, delete #, so it reads TURNSERVER_
ENABLED=1.
Save your changes and close the default configuration file.
6. Restart the media server, using the following command:
sudo reboot
When the media server restarts, the TURN server also starts.
► For more information on how to transfer files to the media server, see the Transfer files
between the media server and Control Center Web application server section of the
Operations chapter.
Configuring the application server

To use the TURN server, you must configure the application server.
• TurnServerUrl: The URL for the TURN server as used by clients. It uses the
following format: [turn|turns]:mediaserverdomainname:port
mediaserverdomainname is the fully qualified domain name of your media
server. Client devices must be able to reach this address from the Internet.
port is the port forward configured on the deployment NAT for the TURN server.
If you have correctly specified a certificate for the TURN server, protect the TURN
server credentials by specifying turns, for example
turns:myserver.mydomain.com:5349.
Client devices must be able to access the MediaServerUrl from the application server on
the local network.
Unless you are using split-horizon DNS, you should use the IP address for the media
server in the MediaServerUrl field.
► For more information on DNS configuration, see "Configuring port forwarding and DNS"
on page 20.
• TurnServerUsername: The username for the TURN server.

This must match the username from the user setting in the turnserver.conf file.
• TurnServerPassword: The password for the TURN server.
This must match the password from the user setting in the turnserver.conf file.
In the IIS Manager tool, close and reopen the Control Center Web site.
Configuring port forwarding and DNS

To allow clients to access the TURN server and application server from outside the private
network, you must configure the deployment NAT with the following port forwards.

5 Deploying Control Center Web on the Internet Control Center Web
Table 2 shows an example port forwarding configuration. The destination port numbers
may be different for your configuration.
Table 2 Example port forwarding
Protocol Destination Host Destination Port
TCP Application server 443 (https binding port)
TCP/UDP Media server 5349 (tls-listening-port)
You must configure the media server and application server with different fully qualified
domain names which resolve correctly to the public address of your network.
Table 3 DNS configuration
Fully Qualifed Domain Name (FQDN)

Destination Used by
example
Application server certificate

ccweb.example.com Your public IP
User logging in to site
Media server certificate

mediaserver.example.com Your public IP TurnServerUrl in application server
settings
If you use the DNS configuration in Table 3, clients operating within your private network
will route all HTTPS traffic through your network's public IP address.
For larger sites, IndigoVision recommend that you set up split-horizon DNS, using a private
DNS server. This allows clients on your private network to resolve the application server
FQDN directly to the application server IP address.
It is essential that the certificates which you use to secure the application server and the
TURN server match the fully qualified domain name.
IPv6 Networks
IndigoVision Control Center Web supports IPv6 network deployments.
The Control Center Web application server, media server and client devices can all be
used with IPv6 networks.
If your deployment network and client devices are all using IPv6 networking, then you do
not need to configure TURN. The TURN service is only required for NAT traversal.
► For more information about the Control Center Web firewall configuration, refer to the
Control Center Installation Guide
If you are using IPv6, you must still configure IPv4 addresses for the cameras in your site
database.

Control Center Web 5 Deploying Control Center Web on the Internet
Setting up automatic operating system updates

IndigoVision highly recommend that you enable automatic OS updates on both the
Application Server PC and the media server. This is especially important for an Internet
deployment.
Application server
1. Open the Windows Update tool.
2. Click Turn on automatic updates.
Windows Update proceeds to check for updates. Continue with the steps whilst this
process is underway.
3. Navigate to Change Settings > Important updates, and select Install updates
automatically (recommended).
4. Click OK to confirm.
5. After Windows has identified all pending updates, click the following to install all
important updates immediately:
a. "<number> important updates are available"
b. Install
Media server
1. Edit the 20auto-upgrades file:
sudo nano /etc/apt/apt.conf.d/20auto-upgrades
2. Uncomment the following lines by removing the two leading forward slash
characters:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
where 1 is once a day and 7 is every seven days
• This configures the server to daily perform a package list update, download
available updates, and install them.
• The downloaded packages are cleaned once a week.
3. Save the file and exit the editor.

6 OPERATIONS
This chapter describes common tasks required for the operation of the Control Center Web
device.
Transfer files between the media server and Control Center

Web application server
You may want to transfer files between the media server and a Windows PC such as the
Control Center Web application server. To do this, create a Windows share on the
Windows PC and mount it on the media server.
1. On the Windows PC, create a shared directory.
Choose a suitable user to use with the shared directory.
2. Login to the media server with the following details:
3. Access the windows share from the media server, by running the following
command:
sudo smbclient -U ExampleDomain\\ExampleUser
//ExamplePC/ExampleShare
Where, in this example:
• ExampleDomain\\ExampleUser is the domain and username
• //ExamplePC/ExampleShare is the UNC path to the share
4. When prompted, enter your password.
You can now interactively move files between the share and the media server using
the get and put commands.
5. To move files from the media server to the share, use the put command.
For example, to send the /etc/ntp.conf file to the windows share, enter the following
command:
put /etc/ntp.conf ntp.conf
6. To move files from the share to the media server, use the get command.
For example, to send the ntp.conf file to the media server's /etc directory, enter the
following command:
get ntp.conf /etc/ntp.conf
7. When you have finished moving files, enter exit to close smbclient.

6 Operations Control Center Web
Configure permissions for Control Center Web to read the Site

Database Files directory
To use Control Center Web, you must set read permissions on the Site Database Files
directory.
1. Navigate to the directory containing the Site Database Files.
2. Right-click the database folder, then click Properties > Security > Edit.
3. When prompted, click Add…
4. If a user was not specified during the installation of Control Center Web, type IIS_
IUSRS. If a user was specified, enter it here.
5. Click Check Names.
6. Click OK.
7. Enter the following permissions:
• Read & execute
• List folder
If user credentials were specified for the site database location during installation and these
need to be changed, Control Center Web must be uninstalled and then reinstalled using
the updated credentials.
Change the media server password

You can change the password for the msuser user on the media server.
3. Right-click the media server virtual machine, and select Connect....
4. When prompted, login to the media server with the following details:
5. Enter the following command:
passwd
6. Follow the prompts to change the password for the msuser user.
• The new password must be at least 8 characters long.
7. When prompted, exit the login prompt by entering the following command:
exit
The media server password has been changed.
Change the media server network settings

You can change the media server network settings after installation.

Control Center Web 6 Operations
IndigoVision recommends that you change the default password after installation.
► For more information, see "Change the media server password" on page 24
5. Run the following command:

sudo nano /etc/netplan/01-netcfg.yaml
6. When prompted for the sudo password, enter the media server password with which
you logged in.
7. With the default installation settings, the configuration file contains text similar to the
following example:
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
addresses: [ 10.1.146.6/11 ]
gateway4: 10.0.0.1
nameservers:
addresses:
- "10.0.0.205"
- "10.0.0.204"
Do not change the indentation of the text. Changing the indentation may impact how the file
is processed.
The adapter name, for example enp0s3 , may be different depending on your hardware
configuration.
8. If required, edit the configuration file.

Edit the section under the adapter name. These can be changed as follows:
• To switch to DHCP, replace the section under the adapter name with the
following:
dhcp4: true
For example:
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dchp4: true
• To switch to, or modify the static IP configuration, modify the previous example
as follows:

addresses: [ <STATIC_IP>/<NETMASK> ]
gateway4: <GATEWAY>
nameservers:
addresses:
- "<DNS_SERVER>"
- "<DNS_SERVER>"
9. To save your changes to the file, press Ctrl + X and follow any prompts.
10.Reboot the virtual machine, using the following command:
sudo reboot
The media server IP configuration is updated.
You must update the application server to use the new media server address.
► For more information, see "Change the media server address in the application server"
on page 27
Configure NTP on the media server

IndigoVision recommends that you synchronize time settings on the cameras and the
media server using NTP.
Configure the media server to use your site's NTP server.
1. If your media server is running as a Hyper-V virtual machine you must first connect to the
machine using the Hyper-V Manager Tool:
5. Run the following command:
sudo nano /etc/ntp.conf
6. When prompted for the sudo password, enter the media server password with which
you logged in.
7. In the configuration file, remove the following lines:
pool 0.ubuntu.pool.ntp.org iburst
pool server ntp.ubuntu.com
8. In the configuration file, add the following line:
server <SERVER> iburst
where <SERVER> is the name or the IP address of your site's NTP server.
If you have multiple servers in a pool, add a line for each server in the pool.
9. To save your changes to the file, press Ctrl + X and follow any prompts.
10.Restart the NTP service, using the following command:
sudo systemctl restart ntp
NTP is configured on the media server.

Change keyboard mapping for media server

You can change the keyboard layout used by the media server.
1. Log in to the media server.
2. Enter the following command: sudo dpkg-reconfigure keyboard-
configuration.
3. Follow the wizard which will guide you through setting your keyboard type and
layout.
Change the media server address in the application server

You can change the address of the media server that Control Center Web uses.
If an upgrade or repair is performed, any changes made in this way will be lost.
1. In the IIS Manager tool, open the Control Center Web site.
2. Within the main Features View, open the Application Settings tool.
3. Update MediaServerUrl, using the format wss://MEDIA_SERVER_
ADDRESS:8888, where MEDIA_SERVER_ADDRESS is one of the following:
• If DNS is correctly configured:
a correctly qualified hostname, for example myserver.mydomain.com
• If DNS is not correctly configured:
the IP address of the media server, for example 192.168.1.2
When you make changes to the configuration using this dialog, the Control Center Web
application server restarts. Any logged-in users must log in again.
4. Click OK to complete the changes.
Change the site database location

You can change the Site Database Server and Site Database Files that Control Center
Web uses.
If an upgrade or repair is performed, any changes made in this way will be lost.
2. Within the main Features View, open the Application Settings tool.
3. Update ControlCenterSiteDbFiles with the location of the Site Database Files
that you want to use.
You can use a network share or a locally stored directory.
4. Update the SiteDatabaseServerAddress field to change the Site Database
Server IP address or hostname.

5. Update the SiteDatabaseServerPort field to change the Site Database Server

port.
6. Update the SiteDatabaseServerToken field to change the Service
Authentication Token used to authenticate with the Site Database Server.
When you make changes to the configuration using this dialog, the Control Center Web
application server restarts. Any logged-in users must log in again.
7. Click OK to complete the changes.
Manually install an existing certificate

You can use an existing certificate with Control Center Web and use it to secure HTTPS
connections.
2. Within the main Features View, open the Server Certificates tool.
3. In the Actions pane, select Bindings....
The Site Bindings dialog opens.
4. In the Bindings dropdown list, Select https.
5. Click Edit.
6. In the SSL/TLS Certificate dropdown list, select the certificate you want to use.
7. Click OK.
8. Click Close.
Request a certificate from a Certificate Authority

You can use a certificate from either a public or private Certificate Authority (CA) with
Control Center Web. The process for requesting a certificate from your Certificate Authority
will differ depending on the type of CA you are using.
► For more information, see "Certificates" on page 8
Many public CA services will use an online web portal to request the certificate.
Create a certificate request:

1. In the IIS Manager tool, click on the local server in the Connections pane.
2. Select Server Certificates.
3. Select Create Certificate Request... from the Actions pane.
4. Populate the request with your server details:
a. Common Name
This should be the fully qualified domain name (FQDN) that clients will use to
access your server, for example myserver.mydomain.com or for wildcard
certificates *.mydomain.com.
b. Organization
Your company name.
c. Company Unit

Your department within your company.

d. Enter the address details for your company:
•City/Locality
•State/Province
• Country/Region
Once entered, click Next.
Some browsers require a Subject Alternate Name field in SSL/TLS certificates before they
are considered secure. IIS Manager does not populate this field. You can populate this field
using the Certificate Enrollment Wizard.
► For more information refer to "How to Request a Certificate with a Custom Subject
Alternative Name" at https://technet.microsoft.com/en-us/library/ff625722
(v=ws.10).aspx
5. In Cryptographic Service Provider Properties, select a bit length of at least 2048,

and click Next.
6. Specify the location of the request file to save
7. Click Finish.
The dialog closes.
Process the certificate request on the CA server:
• The exact steps depend on the type of CA you are using.
• At the end of the process, you have a certificate from the CA server for your
Control Center Web server .
The Certificate Authority may provide different formats of signed certificate, for example
.pfx, .pem, .crt, .cer, .ca-bundle etc. When installing the certificate through IIS, it should be
provided in .cer format. Alternatively, a .pfx format certificate can be installed during
Control Center Web installation.
Import the certificate:

1. In the IIS Manager tool, click Complete Certificate Request... in the action pane.
2. Browse for the certificate file.
3. Rename the certificate file, using a name which you will find easy to remember.
4. Click OK.
You can now use the certificate with Control Center Web.
► For more information, see "Manually install an existing certificate" on page 28
Export certificate from Windows for use in the media server

In order to fully secure the TURN server that is used for Internet deployment, a valid
TLS/SSL certificate must be used. The generation of the certificate can be controlled from
the Windows PC running the Control Center Web application server, then transferred to the
media server. The process is as follows:

Create the certificate request file

Creation of the certificate request file is identical to that for Control Center Web ( see
"Certificates" on page 8) with one exception:
When specifying the details for the certificate request (.csr), supply the Fully Qualified
Domain Name (FQDN) of the media server rather than Control Center Web server.
If you have created a wildcard certificate that covers the Control Center Web and media
server, you do not need to generate a separate certificate.
Import the certificate in Windows

Your Certificate Authority may supply your certificate in a variety of formats. In order to
ensure that the certificate is in a usable format, it should be imported to Windows, then
exported.
To install a certificate:
1. Double-click the returned certificate file.
A certificate properties page appears.
2. Click Install Certificates.
3. On the dialogs that appear, select Local Machine and Automatically select the
certificate store based on the type of certificate.
4. Click Finish to complete the installation.
Export the certificate and private key from Windows

You now need to export the certificate and private key. These are both exported in the
same .pfx file, which can then be imported into the media server.
To export the .pfx file:
1. On the Control Center Web server, open the Start menu and select Run.
2. Enter mmc in the text box and click OK.
3. From File, select Add/Remove Snap-in....
4. In the left-hand pane, select Certificates and click Add.
5. In the dialog that appears, select Computer account > Local Computer and click
Finish.
6. In the left-hand pane, open Console Root > Certificates > Personal > Certificates.
7. Select the certificate for your media server, right-click and select All Tasks >
Export....
8. Select Yes and export the private key.
9. On the next dialog, ensure that Personal Information Exchange - PKCS #12
(.PFX) is selected.
10.Ensure that the following check boxes are selected:
• Include all certificates in certificate path if possible
• Enable certificate privacy
Click Next.
11.On the Security tab, select Password and enter a suitable password.

12.Select a name and location to store the file.

13.Review the settings and click Finish to export the file.
You now have an exported .pfx file.
Transfer the certificate files to the media server

The .pfx file needs to be transferred to the media server.
To transfer the file from the Control Center Web server to the media server on the same
network:
1. On the server where the certificates are located, create a folder on the root of your
C:\ drive named share.
2. Copy the certificate file into this folder.
3. Right-click on the share folder and go to the Sharing tab.
4. Enable sharing and click on Permissions.
5. Select the Everyone user, allow Full Control and click OK twice.
6. Under the Sharing tab, take note of the Network Path.
For the next steps, see "Transfer files between the media server and Control Center Web
application server" on page 23.
Make sure that file is copied into the /etc directory, for example /etc/certificate.pfx.
Convert the certificate and private key file

The media server is incompatible with .pfx files. As such, the file must be converted before
it can be installed.
1. On the media server, enter the following commands, entering the media server
password if requested:
a. sudo openssl pkcs12 -in /etc/certificate.pfx -out
/etc/cert.pem -nokeys -clcerts
b. sudo openssl pkcs12 -in /etc/certificate.pfx -out
/etc/pkey.pem -nocerts -nodes
For each command, enter the password used when you exported the .pfx file.
2. Amend the permissions of the private key file to so it can only be read by the root
user:
sudo chmod 400 /etc/pkey.pem
The .pfx file should now be deleted from the media server.
The TURN server can now be configured to use this certificate.
► For more information, see "Configuring the media server" on page 19.

7 UPGRADING CONTROL CENTER WEB
To upgrade Control Center Web:

1. Upgrade the Media Server. See "Upgrading the media server " on page 33.
2. Upgrade the Control Center Web application server. See "Upgrading the Control
Center Web application" on page 33.

Upgrading the media server
1
The media server has a different version numbering scheme from Control Center Web and
Control Center Mobile.
You do not have to upgrade the media server with every Control Center release. Check the
Control Center release notes to see if the Media Server has been updated.
1
Media Server 1.0 has known compatibility issues with modern web browsers. Existing
systems should be upgraded as soon as possible.
To upgrade the media server, do the following:

1. Install the new media server on a new virtual machine alongside the old one.
► For more information, see "Install the media server" on page 9
2. Copy any manual configuration from the old media server to the new one using a
shared directory. This can include the following:
• NTP configuration: /etc/ntp.conf
• TURN server configuration: /etc/turnserver.conf
• Certificate and key files for the TURN server
► For more information, see "Transfer files between the media server and Control
Center Web application server" on page 23
3. Re-apply any custom network configuration.
The format for configuring network settings changed between version 1.0 and 1.1, see
"Change the media server network settings" on page 24.
4. Delete the old media server virtual machine.
Upgrading the Control Center Web application

1
Depending on the configuration of your Control Center Web installation, you may have to
carry out additional manual steps when upgrading.

Control Center Web
1
If you specified a user during installation of Control Center Web, make sure you have the
credentials to hand. Installation cannot complete without re-entering the credentials for that
user, or a user with similar access privileges.
To upgrade Control Center Web, do the following:

1. If a TURN server has been specified, those settings must be manually copied prior to
upgrading and restored after the upgrade completes:
• Open the IIS Manager tool and then the Control Center Web site
• From the Actions pane, select Explore….
• Copy the Web.config file from this directory to a separate location.
2. Run the installer for the new release of Control Center Web.
3. Confirm the settings for Installation location and Media Server URL.
Make sure that the Media Server URL begins with wss:// if upgrading from Control Center
Web 17.2 and Media Server 1.1 or earlier.
4. Provide the details for the Site Database Server and Site Database Files directory.
5. If you supplied a user during installation to access the location of the Site Database
Files, confirm the username and re-enter the associated password.
6. When ready, click Install to continue with the upgrade.
7. If the TURN settings were copied in step 1:
a. Return to the IIS Manager tool and open the Control Center Web site.
b. Open Application Settings.
c. Open the Web.config file stored earlier and locate the TurnServerUrl,
TurnServerUsername and TurnServerPassword.
d. Use these settings to update the settings in Application Settings.
Control Center Web is upgraded.

9 TROUBLESHOOTING
This section provides troubleshooting information to resolve common issues. If you

experience problems, you can find additional information in the Control Center Web logs, in
%PROGRAMDATA%\IndigoVision\ControlCenterWeb\Logs.
I am configured to use Windows authentication, but cannot

login
Control Center Web supports Control Center users that are configured to use Windows
authentication. You must have permission to access Control Center in order to access
Control Center Web.
If you are configured with Windows authentication and still cannot login, try logging in to the
PC running the Control Center application server, using the same username and
password.
If this fails, contact your administrator to make sure you have permission to access Control
Center.
When I log in, I receive an error saying that the service is

unavailable
If you are trying to log into Control Center Web, and receive an error message saying The
Control Center Web service in unavailable, ensure the following:
• Ensure that you are using an HTTPS address in the browser to access Control
Center Web.
If you are using an HTTPS address and you cannot access the login page, check that IIS is
configured correctly.
There is an HTTPS binding configured with a valid security certificate.
If you did not use the default port of 443 for the HTTPS binding, the port number must be
specified in the browser.
• Ensure that Control Center Web can access the configured Site Database Files
directory.
On the PC where Control Center Web is installed, navigate to %PROGRAMDATA%
> IndigoVision > ControlCenterWeb > Logs in Windows explorer.
Open the latest log file CcWeb.log
If you find messages with the following format, then the configured Site Database
Files could not be found:

9 Troubleshooting Control Center Web
2020-08-13 11:32:48,476 [INFO ]

[ControlCenterWeb.Services.Config.ConfigStore]: Configured to use Site
Database Server "mysds.mydomain.com:8135" and Site Database Files
"C:\IndigoVisionSiteDBFiles"
2020-08-13 11:32:49,885 [ERROR][ControlCenterWeb.Services.SiteDbReader]:
Failed to access Control Center Site located at
The directory name C:\IndigoVisionSiteDBFiles is invalid.
If you find messages with the following format then the Site Database Server could
not be reached on the network:
2020-08-13 11:30:54,585 [INFO ]
Failed to query the server discovery document: 'Error connecting to
https://mysds.mydomain.com:8135/.well-known/openid-configuration. An
error occurred while sending the request..'
An error occurred while sending the request.
Unable to connect to the remote server
A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond mysds.mydomain.com:8135
• Check that the directory indicated is the correct path for the Site Database Files,
and that the Site Database Server is correctly configured and available on the
network.
If the settings are not correct, you can change them through IIS Manager.
► For more information, see "Change the site database location" on page 27
• If user credentials are required to access the Site Database Files location, ensure
that these credentials are correct.
To confirm, log into Windows using the account details supplied during the
installation process. Try to access the Site Database Files location.
► To change the credentials used to access the site database, Control Center Web
needs to be uninstalled and reinstalled.
If you find messages with the following format, then Control Center Web does not have the
right permissions to access the Site Database Files.
Failed to access Control Center Site located at "C:/IndigoSiteDb/"
► For more information, see "Configure permissions for Control Center Web to read the
Site Database Files directory" on page 24
If you find messages with the following format, then the Site Database Server certificate is
not trusted by the Control Center Web application server:
2020-08-13 11:05:34,032 [INFO ]

Control Center Web 9 Troubleshooting

Failed to query the server discovery document: 'Error connecting to
https://mysds.mydomain.com:8135/.well-known/openid-configuration. An
error occurred while sending the request..'
An error occurred while sending the request.
The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.
• Check that the Site Database Server certificate is trusted by the PC hosting the
Control Center Web application server. If you are using a self-signed certificate
for the Site Database Server, it must be manually installed on the application
server.
► For more information, see "Site Database Server configuration" on page 12.
When I select a camera in live mode, I cannot view video

If you select a camera in live mode in Control Center Web, and the Control Center Web
does not display video, do the following:
• Ensure that live video works for the camera in IndigoVision Control Center.
If live video does not work in Control Center, it will not work in Control Center Web.
Control Center Web uses the same profile and credentials for the camera as Control
Center uses for viewing live video.
► For more information on resolving issues in IndigoVision Control Center, refer to
the troubleshooting section in the Control Center Help.
• Check for any error messages in the web browser.
► For more information, see "When I view live video, the web browser displays
error messages" on page 37.
• Check if you are using a supported browser.
Unsupported browsers may cause Control Center Web to behave in an unexpected
manner.
► For more information, see "Browser compatibility" on page 8.
When I view live video, the web browser displays error

messages
When you start live video, you may see messages indicating the following types of
problems:
• Problems communicating with the camera
Check that the camera is online and the correct credentials are specified in Control
Center.
• Browser compatibility problems
Check that you are using a supported browser.
► For more information, see "Browser compatibility" on page 8
• Problems creating streams on the media server
Make sure you are using the latest version of both Control Center Web and the
Media Server.
► For more information, see "Upgrading Control Center Web" on page 32.

Check that you have configured the correct media server URL in the application
server.
► For more information, see "Change the media server address in the application
server" on page 27
Check if the media server is running.
Check if there is a valid network route between the application server and media
server. For instance use the “ping” command.
• Problems with the browser communicating with the media server
Check that the device running the web browser has a valid route to the media server,
for example by using the ping command in the Command Line Interface.
When I select recorded footage on an alarm, I cannot view

video
If you click on the recoded footage icon in the alarms tab and you do not see video, check
the following:
1. Is there a video source configured for the zone in the site database?
Recorded footage is only available for the alarm if there is a video source configured.
2. Is the configured video source an ONVIF protocol camera?

Control Center Web only supports ONVIF protocol devices.
3. Does the logged in user have List and Playback permission for the camera?
These permissions are required to view recorded video from the camera.
4. Check for specific error messages in the video pane relating to the NVR.
If there is no recorded footage on the NVR, or the NVR is offline, or no NVR is
configured for the camera a suitable error will be shown.
5. Check the media profile used when recording the camera.
Control Center Web only supports the H.264 codec for recorded video. Other codecs
such as MJPEG and MPEG-4 are supported in Live, but not for alarm video.
6. If you repeatedly see the buffering indicator when trying to view recorded video, try
the following:
a. Where possible, use WiFi rather than cellular connections.
b. Ensure that the network signal is strong.
c. Prevent any other applications from using the network connection.
d. Try recording the camera using a different media profile with a reduced resolution
or frame rate.
7. If you see either a plain black video pane, or a blue video pane with the message
"Failed to play video on device", when trying to view recorded video from the alarms
tab, try the following:
a. Reduce the resolution of the recording profile.
Mobile devices, especially older devices with lower screen resolutions, will not
play very high resolution video streams.
Try recording the camera using a different media profile with a resolution of
1080p or less to see if this is the issue.
b. Review the certificate used to secure your server.
If you are using a private Certificate Authority, ensure that your installation is
considered completely secure by Chrome. For example, you might need to
specify a subject alternate name.

Control Center Web 9 Troubleshooting
Check that the security certificate used by Control Center Web is considered
"secure" by a recent version of Google Chrome. You can achieve this by opening
the browser and navigating to your Control Center Web installation. For example,
in the current release of Google Chrome, secure installations display a green
padlock icon at the top of the browser window next to the URL.
If the installation is not secure, an error message occurs. In this case, you can
check the browser for more detail on the problem and resolve it by recreating the
certificate to satisfy the browser's requirements.
► For more information, See "Certificates" on page 8 and See "Request a
certificate from a Certificate Authority" on page 28.
When I select recorded footage on an alarm, I cannot hear

audio
If you are playing recorded footage from the alarms tab and you cannot hear any audio
check the following:
1. Is the recording job configured to include audio using the AAC codec?
g.711 audio is not supported by Control Center Web.
2. Check the volume settings on the mobile device or desktop PC operating system.
There are no audio controls in the video pane itself.
I cannot see available presets for my PTZ camera

If you have set up a PTZ camera within Control Center with valid preset positions and
cannot access the preset modal in the live view, try the following:
1. Does the currently logged-in user have PTZ permission?
If an administrator can control preset movement but a regular user cannot, the
problem is likely a permissions issue. In Control Center, navigate to the Setup
section and then Users Explorer. Select the user from the list and in the Access
Permissions pane on the right, right-click the camera and select edit permissions.
Ensure that the Control check box is enabled. Log out and back into Control Center
Web to receive the updated permissions.
2. Is PTZ enabled in the live media profile?
To confirm this, open Control Center and access the Video Explorer tab in the
Setup section. Right-click the camera in question and select Properties. Click the
Live video tab and check the profile details near the bottom of the page. There
should be a PTZ heading in addition to Name and Video.
If there is not, open the ONVIF Configuration Utility and log into the camera. Select
profiles from the menu on the left and then Edit this profile next to the profile you are
using. Tick the Enable PTZ box, ensuring a valid PTZ profile is selected in the drop-
down list, and click OK to save the settings.
3. If high and low resolution profiles are configured, is PTZ enabled in both profiles?
As with the checks for Is PTZ enabled in the live media profile?, confirm in the
camera properties that each profile has PTZ enabled. If not, it can be enabled using
the same method described above.
I cannot log in using the Control Center Mobile Android app

If you are unable to log into Control Center Mobile, you may see the following messages:

The Control Center Mobile service is unavailable

Request was denied for security
If you are using a private Certificate Authority, ensure that the root certificate is installed on
the device.
► For more information, see "Install the Control Center Mobile certificate on an Android
device" on page 16
If you have configured Control Center Web with a self-signed certificate, make sure you
have ticked the Allow untrusted certificates check box on the login page.
I cannot log in using the Control Center Mobile iOS app

If you are unable to log into Control Center Mobile, you may see the following message:
The Control Center Mobile service is unavailable
If you are using a private Certificate Authority, ensure that the root certificate is installed on
the device.
► For more information, see "Install the Control Center Mobile certificate on an iOS
device" on page 17
If you have configured Control Center Web with a self-signed certificate, make sure you
have ticked the Allow untrusted certificates check box on the login page.
Control Center Mobile is not working on Android

If you are having issues with Control Center Mobile on an Android device that cannot be
reproduced on other platforms, it is worth ensuring that the Google Chrome app is also
installed and up to date.
When Google Chrome is installed, the Control Center Mobile Android app will leverage the
browser's rendering engine and other features. This should provide the best device
compatibility.

A OPTIMIZING CONTROL CENTER WEB
IndigoVision Control Center Web is designed to provide access to live video streams that
are optimized for mobile devices. To achieve this, the media server transcodes video from
the cameras before sending them on to the client devices.
Control Center Web uses the live profile from the site database to choose a media profile. A
configuration with higher resolution and frame rate will require more resources on the
media server and may increase the frequency of buffering on low-bandwidth networks.
In some deployments, you may want to optimize the system configuration to allow a greater
number of concurrent video streams through Control Center Web, for example if you have
a large number of users trying to stream video at the same time. To optimize the system
configuration for Control Center Web, you should choose suitable media profiles for the
cameras in the site database.
When you change the live profile for a camera in the site database. this affects the profile
used by both Control Center and Control Center Web.
To use a high resolution, high frame rate profile for Control Center but a lower frame rate or
lower resolution for Control Center Web, you can do one of the following:
• Configure a low resolution profile
Within Control Center, you can modify a camera's Live Video settings to switch video
profiles, specifying both the ONVIF Profile Token (High Res) and the ONVIF Profile
Token (Low Res). In this case, Control Center Web will use the low resolution media
profile for live streaming, therefore enhancing performance.
• Use a separate site database
This allows you to configure cameras with different profiles for Control Center and
Control Center Web. You can therefore retain high fidelity video in Control Center,
while increasing the number of streams available in Control Center Web.
• Use cloned cameras
You can clone cameras in the site database by adding them to the site while holding
down the CTRL key.
► For more information, refer to Control Center Help
You can configure one clone with the high fidelity profile for Control Center, and
another clone with a profile suitable for Control Center Web.
• Use a separate operator for Control Center Web
You can create an operator account which is only used for Control Center Web. You
can then configure the cameras to use a profile suitable for Control Center Web
when they are used with the new operator account.
► For more information, refer to Control Center Help

A Optimizing Control Center Web Control Center Web
You can therefore retain high fidelity video in Control Center, while increasing the
number of streams available in Control Center Web.

Indigovision Control Center Web

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Indigovision Control Center Web

Uploaded by

Copyright:

Available Formats

IndigoVision

Control Center Web

THIS MANUAL WAS CREATED ON MONDAY, AUGUST 9, 2021.

2 Administrator's Guide - v13

1 About this guide 5

2 Control Center Web Overview 6

4 Control Center Mobile 16

5 Deploying Control Center Web on the Internet 18

Control Center Web Administrator's Guide - v13 3

Setting up automatic operating system updates 22

7 Upgrading Control Center Web 32

A Optimizing Control Center Web 41

4 Control Center Web Administrator's Guide - v13

Additional information relating to the current section.

Control Center Web Administrator's Guide - v13 5

Control Center Web Administrator's Guide - v13 6

Control Center Mobile Application

Site Database Files

Site Database Server

Figure 1: Control Center Web components

7 Control Center Web Administrator's Guide - v13

Control Center Web Administrator's Guide - v13 8

• Use a certificate signed by a private Certificate Authority (CA)

Install the media server

9 Control Center Web Administrator's Guide - v13

3. In the Server Selection screen, select the local server.

Configure Hyper-V networking

Create the virtual machine for the media server

Control Center Web Administrator's Guide - v13 10

7. In the Configure Networking screen, select External Switch.

Install the media server on the virtual machine

11 Control Center Web Administrator's Guide - v13

Site Database Server configuration

Control Center Web Administrator's Guide - v13 12

Install the application server

13 Control Center Web Administrator's Guide - v13

For more information on SSL/TLS certificates, see "Certificates" on page 8

Choose from the following options:

Control Center Web Administrator's Guide - v13 14

15 Control Center Web Administrator's Guide - v13

Table 1Control Center Mobile compatibility

Operating System Versions

Android 6.0 and later1

iOS 10.0 and later

Install the Control Center Mobile certificate

Install the Control Center Mobile certificate on an Android device

Control Center Web Administrator's Guide - v13 16

Install the Control Center Mobile certificate on an iOS device

Download the Control Center Mobile app

Login to Control Center Mobile

17 Control Center Web Administrator's Guide - v13

Figure 2: Internet deployment

Control Center Web Administrator's Guide - v13 18

Configuring the media server

This port must be exposed by a port forward on the deployment NAT.

19 Control Center Web Administrator's Guide - v13

Save your changes and close the configuration file.

Configuring the application server

• TurnServerUsername: The username for the TURN server.

Configuring port forwarding and DNS

Control Center Web Administrator's Guide - v13 20

Table 2 Example port forwarding

Protocol Destination Host Destination Port