Safe Storage

Breaking down the benefits of a distributed architecture

  • By Barry Keepence
  • Oct 05, 2009

There are typically two different approaches to storing data in an IP video system: using a centralized architecture with a master database located in the central control room or head office and using a distributed architecture that spreads the data around the security management system, keeping it close to where it is produced or needed.

The stored data can be categorized into two types—configuration and live. Configuration data is site information specifying the design and make-up of the security management system. Examples of configuration data include lists of cameras and users, user permissions, site structure, maps representing the layout of the system and licensing information. After the initial installation and commissioning stages of a security management system, configuration data is not routinely changed. It is, however, routinely accessed by operators when logging in to the system.

Live data is typically CCTV video recordings and alarm information, which is accessed continuously during normal security management operations, either by devices recording the data or operators reviewing the data.

Configuration data is usually held in a site database, which makes it easy for administrators to manage changes; however, it also creates a problem. When an administrator makes a change to the site database, how do the users, distributed throughout the security management system, get the change?

networkClick here or on graph to enlarge.

The most obvious and easiest solution is for the site database to be held centrally on a master database server and have all users access the master server over the network. This is called a centralized architecture.

Many systems use a centralized architecture for storing more than just configuration data. They also may use it for storing live data, such as video recordings or alarm information.

Centralized Architecture

Figure 1 shows a security management system consisting of one or more sites, each with its own local area network connected to a central office. The central office also is where the central file server is located, hosting the site database. NVRs for recording CCTV video and alarm data also are in the central office.

Every camera and workstation in each remote office must regularly, and in some cases continuously, communicate with the central office in order to check for changes and updates in the site database. This includes checking for valid licenses or storing recording and alarm data.

A centralized architecture causes four major problems:

Cost. All users must continuously communicate with the central office. On a LAN, that means buying expensive high-end switches, and on a wide area network, it means using precious bandwidth.

Reliability and resilience. If the WAN or core LAN switch breaks, remote users can be left stranded with no access to the live and recorded video from cameras, even those located locally to them on a working LAN.

Single point of failure. If the server hosting the site database fails, all users of the system rely on access to the site database, for example, to get login credentials verified or license permissions checked. If the site database server fails, the whole security management system goes down.

Scalability. As more cameras and users are added to each remote office and as more remote offices are added to the network, everything gets congested. The local LAN, WAN links and central server are strained coping with increasing levels of traffic checking for site database changes, valid licensing and storing recordings and alarms.

Distributed Architecture

Figure 2 shows how the same security management network can be constructed using distributed databases.

To distribute configuration data, each remote workstation can keep a local cache of the site database. Configuration data does not change very frequently, so the information can be synchronized between the central server and the remote workstations, either according to a managed schedule or on demand when a change is implemented.

In the event that the central server, a core LAN switch or the WAN fails, users at workstations can continue to work using their locally cached site database.

Rather than holding license information in the central server, individual components of the security management system can hold their own licenses. For example, cameras can hold information in their onboard memory about allowed viewing and recording resolutions and frame rates. They also can hold information on which features are enabled, such as advanced motion analytics.

Within such a model, where the sources of valuable data contain their own licenses, the cameras and recorders never need to talk to the central server. This frees up the data-viewing applications, running on each workstation, from requiring any license.

networkIIClick here or on graph to enlarge.

Rather than continuously streaming recording and alarm data from the remote sites to the central site across the WAN, it would be much better to keep the data locally on the LAN. One or more local NVRs at each remote site would reduce traffic across the WAN and allow users at the remote sites to access recordings and alarms, even when the WAN is not available.

The central office is in charge of alarm management, so users can still access the remote NVRs in the event of an alarm or incident investigation. Usually when this happens, they only need to play back or export certain portions of video from certain cameras and don't need to access the full 24/7 recordings of the cameras at the remote site.

Less then 0.1 percent of video is reviewed, so why waste valuable WAN bandwidth unnecessarily? Just use the WAN to restore the pertinent recorded video data when required.

The Upside of Distributed Architecture

The four major problems associated with a centralized architecture are overcome with a distributed architecture:

Cost. Precious WAN bandwidth is not used for continuous communication with all remote devices. Instead, configuration data is distributed in a managed way. In the event of an operational incident, only the live CCTV video that is required is streamed across the WAN or extended LAN. The need to check license data across the network is removed entirely. Cost-effective core network switches can be specified to cope with reduced network loads.

Reliability and resilience. The WAN is a potential source of failure in the security management network. Money can be spent on increasing the reliability of the WAN connections, but it is more effective to distribute the data so users still have a working security management system even if the WAN connections fail.

Single point of failure. Another source of failure in a security management system is the data stores—either the central server hosting the site database or the recorders. Again, money can be spent on increasing the power and reliability of those machines, but it is more effective to distribute the data stores so that users still have a working security management system even if those components fail.

Scalability. With a distributed architecture, additional cameras and users can be added to a local office with a minimal increase in WAN traffic because the video is streamed and recorded locally. Similarly, if another remote office is added, it is just a duplicate of existing offices with local LAN and storage. For larger systems, multiple central servers can be distributed and synchronized, adding yet another layer of distribution and resilience.

Enterprise IP CCTV Systems

A distributed architecture is a fundamental requirement for large enterprise systems with thousands of cameras spread across many locations. Sometimes, these locations will be geographically dispersed across sites, cities or even countries (e.g., a large corporation, city surveillance, rail network or road system).

Sometimes there may be one large location with a high density of cameras split into different groups of cameras, such as at casinos or airports. Even though it is a fundamental requirement for enterprise systems, it is still important for smaller systems. Figure 3 shows a typical layout of a large distributed security management system.

Large systems also will usually have a central control room from which the whole system can be monitored. In fact, some systems will have several central control rooms. The entire network is linked by a WAN, which may use leased lines, wireless connections, DSL connections, satellite links and even the public Internet.

Under a distributed architecture, each location or group of cameras has a local file server and all workstations at that location have local caches. The master configuration database is held in a central control room on a central server. Each location also will have a local file server. The local file servers are all synchronized with the central master database.

WANClick here or on graph to enlarge.

At each location, individual workstations communicate only to their local file server, never to the central server in the main control room. In addition, each workstation maintains a local cache of the configuration data. Also, each location has sufficient local storage in the form of NVRs to record all the locally produced video and alarm data, reducing the traffic on the WAN.

If the central server fails or the WAN link breaks, operators always have local caches of the site database so they can still access any devices on their LAN. In addition, by distributing the recording capability, operators local to an incident will always have access to live video, recorded video and alarm data for their local cameras, even if communication with the central office is down.

System designers and end users should ensure that when choosing an IP video platform for their security system, it is based on a distributed solution, otherwise the lack of scalability may hinder future expansion and the single point of failure could lead to unreliable operation.

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”