Bringing It All Together

Bringing It All Together

Multi-site video security helps resolve many challenges

High camera counts, limited bandwidth for connecting multiple locations and linking together a variety of different security technologies are just some of the challenges facing multi-site organizations when selecting video security technology.

Tying it all together by using the right mix of integrated technologies can lead to a more cost-effective security program and better protection of people and assets.

USER ACCESS, PERMISSIONS AND SECURITY

The security of the system is an often overlooked aspect of technology selection, as is deployment and configuration. With the vast majority of products now IPcapable, it helps to consider how systems are configured and deployed to avoid compromising network and data security.

Multi-site deployments typically provide video security access to users at each site and more frequently have centralized monitoring and investigations as another layer of access.

With multi-user access, exporting evidence needs to be controlled to avoid sensitive security information being released. The video management platform should provide the ability to permission user access to playback, exporting video and taking snapshot images to limit access to such features. Export events should be logged, providing an audit trail of the camera, time range of exported video, VMS user account, time of export and the workstation used to export video. Some systems will create a “blind” copy of the exported evidence on centralized storage automatically providing a record of all the video exported. Additionally, consider adopting a policy preventing the use of smartphones and cameras in any rooms with VMS client software to prevent users from recording the screen which would bypass built in system permissions and logging.

In the event of an emergency or other significant security event, many users may want to access the same camera simultaneously. In the event the camera is PTZ and multiple users have permission to move the camera, it’s important the VMS system allows for prioritizing user access so the highest priority user maintains control. Also, look for systems that allow user access to cameras to be shut down immediately, which can prevent users from accessing live video of a particularly sensitive security event.

Finally, physically securing network connection points should be considered when deploying cameras. Generally, cameras are placed in public areas. Each IP camera has a network cable leading back to a switch, so what’s to prevent someone from taking the cable out of the camera and plugging their laptop in to gain access? The best practice is to connect cameras to a dedicated network segment or a camera-only VLAN which prevents traffic from the camera-network-segment from reaching the business network. Using an NVR with multiple NICs allows simultaneous connection to the camera network and the business network allowing users on the main business network to access video and recordings, without connecting the cameras directly to the primary business network.

INTEGRATION WITH COMPLIMENTARY SECURITY TECHNOLOGIES

Combining data from multiple complimentary security systems makes it easier to identify what is happening both in real time and during an investigation.

Some organizations that commonly have multi-site deployments may benefit from integrations that are specific to their industry, such as the integration of video and point-of-sale data in retail.

Outside of industry-specific integrations there are some very common integration targets that most consumers benefit from.

The most common system to target integrating with video is Access Control. When the two are combined, video recording can occur based on access control events, like when someone opens a door. The recordings are automatically associated with their corresponding events, so when looking through a list of events an investigator can click on the event and see the corresponding video. One example of how the integration benefits investigations is when looking through a list of access control events to identify who entered a secured area, the access control system will have a record of the user assigned to the credential used. Viewing the recording of the event will identify whether the person who entered is in fact the person assigned that credential or someone else using the wrong credential.

Less common but of great benefit are risk management and social media monitoring tools that aggregate information from multiple sources and allow filtering based on geography and keyword. Risk management tools may provide news, weather and other information sources and present relevant data related to campus or site locations. Social media monitoring tools, as the name implies, collect user posts from social media services like Twitter, Instagram and others. Posts are aggregated and filtered so security professionals can identify any social media activity taking place at monitored sites that may indicate a threat. Integration with video allows for visual verification of the individual posting or correlation of real world events with news, weather or social media reports.

REDUNDANCY

When we think of redundancy, NVR failover and RAID are top of mind. N+1 access to video, at least for investigative purposes. Centralized live monitoring of video feeds from remote sites is less common primarily due to limited bandwidth available at each site.

Take for example a small retail location with eight 720P cameras each streaming with a bit rate of 700kb/s. In order to stream all those cameras back to a central location, the local site would need an internet connection that supported a minimum of 5.6Mb/s of upstream bandwidth, just for the video.

Many VMS platforms offer bandwidth saving features that go beyond standard video compression to reduce live streaming bitrates dramatically. The most common capabilities include multicast, multi streaming and transcoding.

Multicasting is a great technology if you have many clients simultaneously receiving the same information. A prime candidate for multicasting would be an internet broadcast of a live sporting event with thousands of viewers. If the sporting event was being unicast there would be thousands of copies of the same information being streamed simultaneously, one for each recipient. If using multicast instead, a single stream is sent from the servers hosting the live feed and the network replicates the stream for each of the recipients. This process saves an enormous amount of bandwidth but again the technology is effective when there are lots of clients receiving the same data at the same time.

In video surveillance, you usually have many sources of data and very few recipients (for instance 64 cameras and a single security operations center where monitoring takes place). If planning for many client viewing workstations streaming the same cameras at the same time, multicast makes sense, but it’s an unusual scenario and not commonly applicable for multi-site deployments. Multi-streaming, on the other hand, can save bandwidth all the time and even with limited numbers of client workstations pulling live streams. Multi streaming involves the VMS platform pulling multiple streams of video from each camera. In a simple scenario, one stream would be pulled at 720P resolution and a second stream would be pulled at VGA resolution (about 1/3 the resolution of 720P). The 720P quality stream would be recorded but the VMS platform would switch between the streams when transmitting live video to clients for viewing. If the client workstation is viewing video full screen, then the VMS would send 720P resolution so the video is presented at its full quality level. If multiple cameras are being displayed on screen, the screen resolution available to display each camera is lower. In this case the VMS may send the VGA stream, because it would contain enough pixels to present the video at the highest quality level for the limited display area but would save bandwidth as compared to sending 720P.

The next step beyond multi streaming would be transcoding. With transcoding, the VMS pulls a single stream of video from the camera and modifies the resolution of the stream to send the correct resolution to clients. The full quality stream is recorded but if a client workstation wants to view video in any resolution, the resolution of the video sent is resized prior to transmission. The end result is full video quality displayed on the client using the lowest amount of bandwidth.

Transcoding is much more granular in the resolutions that can be streamed to clients which results in greater bandwidth savings as compared to multi streaming. For multi-streaming to work the cameras or encoders used need to support that capability and have enough CPU performance to send multiple streams at the frame rate desired, otherwise the number of streams or frame rate of the streams would need to be sacrificed. Transcoding results in a small CPU overhead on the NVRs related to scaling the video streams for client workstations.

CENTRALIZED MANAGEMENT

Multi-site deployments benefit greatly from a focus on how system management, health monitoring and configuration can be accomplished. Without centralized management tools, the time spent performing maintenance and updates will grow as the system expands. Many multi-site organizations may not have IT or facilities staff at some locations making the need for centralized health monitoring and configuration a necessary tool for remote troubleshooting and maintenance.

The administration time spent on system configuration and software up-dating should be considered. Tools that allow system configuration changes and software updates to be deployed to multiple systems simultaneously should be considered a prerequisite for any organization deploying a system which spans more than 20 sites.

Centralized health monitoring is key to ensuring any faults in the system are detected in a timely fashion so troubleshooting can begin immediately. One example of the benefit is as the system grows there is an increased risk of cameras going down without being noticed. In order to reduce the risk of not recording an important security event, automated notification of system issues should be an available feature and properly configured.

PLANNING AND VENDOR SUPPORT

Meeting technology selection project deadlines can be difficult and it’s not uncommon for important features or the best deployment architecture to get overlooked in the rush. Putting together good action plan before deploying new technology can save many headaches and produce better results. The importance of good planning for multi campus organizations is amplified as a result of the scale involved.

It’s not uncommon for consumers to deploy systems and use only a fraction of the features. Once a technology has been deployed changes may become more difficult as the size of the installation grows. Going back and modifying configuration of many sites or identifying an architectural flaw in the deployment after roll out can cause delays and added workload.

Leveraging support and engineering resources from your technology vendors is not only a best practice for multi campus deployments but is often also available with little to no impact on the budget. As part of the planning process, consider performing a design review with a vendor’s field engineer. As part of the process ask your vendor to participate in commissioning a proof of concept site so they can see the proposed deployment model and comment before full roll out. These processes give you a second set of eyes from an expert that has seen a multitude of deployment designs along with the corresponding benefits and drawbacks.

Field engineering resources from your technology vendor can help you get the most out of your technology investment. That’s why the level of support engagement from your technology vendor should be a key criterion when selecting a partner.

This article originally appeared in the September 2016 issue of Security Today.

If you like what you see, get more delivered to your inbox weekly.
Click here to subscribe to our free premium content.

comments powered by Disqus
  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • School Planning & Managmenet
  • College Planning & Management