Infrastructure as a Service

How did we get here, and what does it mean for IP video surveillance?

• By Vince Ricco
• Aug 01, 2013

In the 1980s, a keynote speaker at a Novell Users Group meeting said, “All things will become IP.” It was almost certain the industry would adopt Asynchronous Transfer Mode, or ATM, as a more secure and deterministic networking technology. We all know who the smarter person was in the room that day.

Today, there are many terms used to describe the state of IT, specifically about application and application support. The same can be said for terminology used to describe tying legacy technology to IPbased, networked applications. It’s been that way for decades.

Since the beginning of networked PCs, different technologies have been adopted into network-based applications. Once the mainframe world realized that PCs were not a fad and their futures depended on adoption and support of PCs, the gates were forever open.

This technology shift was certainly a change, but perhaps more impactful was the shift in the channels that supplied the technology. Traditional, low-voltage suppliers began offering network cabling, while electrical contractors began installing network infrastructure. Software distributors began to sell hardware, and so on.

As IP became the standard for networking protocols and enterprise, home telephony became an application on the network through VoIP intelligent controllers for industrial applications, such as power plants and machinery. Traditional cable entertainment became triple play services: voice, video and data on large scale and private networks.

Currently, there is wide-spread adoption of surveillance video as an IP application over both dedicated and non-dedicated networks. Along with surveillance video, a host of adjacent technologies crossing the IP line include access control, digital signage, intelligent building automation and even smart grid applications. As each of these applications bridge over to IP, IT support becomes an increasingly interesting topic.

Structured vs. Unstructured Video

IP, or network video surveillance, has perhaps experienced some of the more vigorous resistance to convergence over the IT backbone due in part to technology questions and to the perception of the issues associated with supporting video on a single backbone. Infrastructure advancements, efficient compression and exceptional performance have relieved some of IT’s hesitation about adopting support as a service.

However, a better understanding of supporting structured video versus unstructured video—the difference in the configuration capabilities of network surveillance cameras versus typical video that traverses the network—has opened the door for IT adoption and support of physical security applications. With structured video, the constant stream, or bandwidth load, can be calculated and accommodated, based on the characteristics of the video. Unstructured video, on the other hand, can take the form of streamed Internet content such as news feeds, You- Tube content and more.

While 74 percent of IT managers acknowledge video Internet content exists on their networks, this is accepted as normal, day-to-day, network traffic. As IT becomes more educated on network video surveillance and corresponding transmission attributes, the realization will be that this represents more of a network design issue than a long-term, support challenge.

The Evolution of IT Infrastructure

IT infrastructure has evolved to better support more multimedia applications running concurrently on the network. More intelligent switches allow better network segmentation, prioritization and quality of service (QoS). Lower-cost bandwidth support in the form of Gigabit Ethernet (GigE), 10-Gigabit, 40-Gigabit and 100-Gigabit connections offer tremendous growth capabilities for support in terms of bandwidth usage because storage costs keep in line with Moore’s Law, allowing for greater retention of digital information, including network video.

Standards-based communications and infrastructure have been adopted, making all of this possible by allowing technology to scale and become cost effective and open to innovation, despite anyone’s profit and loss plans.

Who owns the system?

Some have compared the shift from analog to IP video surveillance to the shift from plain old telephone service (POTS) to VoIP. Where network video surveillance diverges most from the adoption of VoIP, however, is the question of ownership. More specifically, who owns the cameras; who owns the stored video; and who owns the video management software?

In most large environments, IT will not replace security forces, safety officers or chief security officers. In fact, in best practice cases, there is close cooperation between security, safety, operations and IT. One excellent example is a major U.S. university’s IT department that adopted the following practice:

• Security provides the number and location of cameras to be added to the network.
• Security provides the funding for installation of the cameras.
• Security maintains the cameras and manages the application(s) on the servers.
• IT provides PoE-powered network ports to the cameras.
• IT provides the required server(s) and storage per 100 cameras.
• IT manages and maintains the switches, servers and storage.
• Security and IT work out the number of servers and amount of video storage needed per 100 cameras.

This demonstrates collaboration between IT and security, making it a classic example of Infrastructure as a Service, because both parties maintain control of their respective budgets and tools, while neither assumes responsibility for a role not under their traditional acumen.

Bandwidth and Storage Still Leads the Conversation

As an IT professional, two areas of network camera, video-related technology to focus on are storage and bandwidth. Network switches provide enhanced capabilities specific to video today, but huge strides are being made that benefit the industry relating to storage capabilities. Recent advancements include the adoption of more edge storage, such as an SD card inside an IP camera or video encoder, network attached storage (NAS) devices, blade storage and of course, Big Data.

Understanding the benefits of different storage architectures is as important as the network design itself. As savvy system designers are using switches today to prioritize critical network traffic and create redundant network architecture to protect against pathway failures, end users can similarly use Edge to Centralized Storage to guard against network outages, contain bandwidth in the form of video storage to network segments and as allow for less intensive trickle storage to be centralized and stored in a cloud.

IT still has some interesting decisions to make about network and storage additions as well as designs for how to support added network traffic and storage requirements. IT can take the opportunity to consolidate the infrastructure cost and either spot or wholesale upgrade the network designs, based on current infrastructure life cycles.

For example, switch enhancements allow for greater bandwidth control through traffic policies, VLANs and basic QoS settings. This offers IT the ability to upgrade the backbone connection switch in the intermediate closets and configure that switch to manage policy for the video by traversing the network for the other connected switches or simply expand the upgrades from that point on.

Beyond Just Physical Security

As bandwidth concerns subside from the addition of networked cameras on IT’s infrastructure, concerns about the cyber security of cameras and video streams is increasing. Manufacturers of IP-based cameras typically support commonly-used, network security protocols, the best of which support the gamut of password protection, IP address filtering, HTTPS encryption, IEEE 802.1X network access control, digest authentication and user access logging. Using standard, network security protocols, the cameras and video should be as secure as the network.

Another consideration for IT is that IP-based camera applications are expanding beyond just physical security. For instance, retailers are dual-purposing cameras to include people counting as well as keeping track of customer traffic and dwell times in specific retail aisles or store areas. Known as “heat mapping,” this traffic pattern information helps manage item placements to help cross-sell or determine vendor cost for “hot” locations.

Others are using video for marketing compliance, such as video proof that the retailer placed a specific product and/or product materials in a specified location, for a fee from the supplier. Instead of completing affidavits of compliance, the retailer simply provides time stamped video evidence of compliance for billing the supplier(s).

There are some clear takeaways for resellers on both sides of the IT and physical security fence. Traditional security integrators are making strides in networked video from networking design to hosted video in the cloud, while traditional IT VAR is moving into the IP video surveillance space, even though these were not their historical footprints.

Next Generation of Infrastructure as a Service

The point of IT Infrastructure as a Service becomes increasingly relevant as additional adjacent applications become IP centric. Access control is already joining IP cameras as an adjunct to security and safety, but technologies that are a bit less obvious in terms of ownership including intelligent building automation, IP-based audio and visual, HVAC control and the smart grid.

If security has its own network:

• Which one grows with these added applications?
• What happens as the campus store starts using security-class cameras for quality control, people counting and marketing compliance validation?
• Whose network is this going to run on?
• Who is going to manage these servers and storage?

The answers seem clear; IT continues to provide connectivity and rack space while the individual departments manage their own applications. This is already happening with other technologies across the enterprise. After all, IT might service the payroll system, but it’s the finance department that cuts the checks.

This article originally appeared in the August 2013 issue of Security Today.