cctv_down_under 0 Posted May 9, 2007 Even if a DVR can be administered by AD they are not part of the sever SOE. That means you can't automatically roll out security updates to it. That is not always correct, many DVR products cater for this and for intgergration to many administrative authentication server processes. Share this post Link to post Share on other sites
woodyads 0 Posted May 11, 2007 Even if a DVR can be administered by AD they are not part of the sever SOE. That means you can't automatically roll out security updates to it. That is not always correct, many DVR products cater for this and for intgergration to many administrative authentication server processes. I didn't say DVR's can't be intergrated into active directory, I said they pose a significant security risk if they are. While DVR's may cater for Active directory the fact that they are on a different box with different hardware from the rest of your servers means all of your testing for patches and upgrades has to be done separately. Where as NVR can be put on your hardware on your standard server build with your standard version of SQL. If your DVR is on different hardware to the rest of your servers you can't automatically rollout updates, they must be tested. Yes if you have several DVR's you can pushout updates after the first one is tested but the issues is the time and organisation required to test the first one. There is also a significant security risk in not using Tier 1 or 2 hardware as the developer my be slow to market. To put things in perspective if you are a small company with one site and have 10 servers chances are you will only have 2 or 3 server operating systems/hardware builds with other services like SQL and Exchange over the top. If you introduce a DVR that will increase your server builds by one. If you have several sites that one can grow to several. So it is important to eliminate as many build instances as possible. If you go for a NVR that is SQL based you can load the software onto an identical build as your SQL server. Another option is to load the SQL component onto an existing server and put in a network disk array. There is little network load on the SQL side of NVR's. The other big advantage of NVR's is you increase the usage of existing systems. I.E. The SQL server so you can justify upgrades earlier and moving to higher end servers. For larger companies, IT service providers can charge as much as $2000 per month per server, $24k per year . Plus extra charges for the new instance since new hardware has been introduce. Redundancy. The NVR system we have can be loaded onto 18 of our 20 servers. And 4 of those servers are identical in hardware so we can direct load the set-up from backup. We currently looking at VMware and again the NVR system is totally compatible. The whole concept of VMware is a contrary to the existence of propriety service and storage systems (DVR). So when you go to recommend an DVR to a small company, Ask them what kind of servers their SQL and Mail are on, What kind of service they are getting from their IT service provider. If either of these are is sub standard then suggest to find a better service provider, upgrade the severs to something decent and then put in a NVR instead. Utilise the synergy of the project together to deliver something far better. While you personally might not believe the stability and functionality of the NVR are any better than the DVR, you have opened up the door for them to bring their other services up to a decent standard and fattened the budget for the project. Yes there will be times when there is no synergies or budget. So DVR is a better choice. But the fact remains NVR is far better technology and the true costs and benefits are not always seen by the vendor or the client. I would highly suspect there are more DVR systems out there that should have been NVR than the contrary. I also respect the fact that most small companies server, OS and security standards fall well short of the mark and its not the CCTV integrators job to deliver these services, nor are they in a position to deliver these or recommend these services. I'm only pointing out where we should be heading. Before anyone comments that they can support a server or an integrate DVR on to AD and support it substantially cheaper than above the prices please make sure your are ISO17799 compliant. Share this post Link to post Share on other sites
woodyads 0 Posted May 11, 2007 Did I miss something? What does power have to do with throughput? .......The power of the radio only has to do with signal strength and reliability, You can still use up to 1 watt of power at the radio with no limitation in antenna gain when going PTP.... Not like you need to anyhow, 200mw is generally fine for any task... I would just say stick with standard "low cost" 802.11a with Turbo OFDM and get yourself a 108Mbps link for 1/11th the cost of the Motorolla gear. $0.02 Some very good points for debate. And I nearly did miss something as well and nearly bought a 5.8GHz version. I was just pointing out that 5.4 is a bit of an unknown and to check your country regulations. Yes I totally agree a clean signal is everything. However people who have been in the game awhile have boosted their signals. The Modular system we use which is a property mesh using Cisco gear has 2W radios instead of 200mw. They have been developing their mobile equipment system for 14 years. And as you said power increases reliability. Reliability is what speed is dependent on. I am pretty sure Orthogon disable the 300mb/s if full power is not achieved. It may not be something they have to do, they might to it price point their 150 system against their 300 systems. I will check on this for you, and let you know if this is the case or not. It's worth noting that Orthogon is true non-line of sight. This may be the reason for the excessive power requirements, to achieve the reliability and speed. I am purchase the Orthogon gear in 8-12 weeks. I know of a few other sites using it and know of a site with issues with it. I will post you to let you the findings. I will also check to see if there is any other high speed bridges on the market. And I am looking at laser with 5.4GHz backhaul. As for pricing, yep its expensive but our security and grade requirements are high and the budget allows for it. Share this post Link to post Share on other sites
WirelessEye 0 Posted May 11, 2007 Some very good points for debate. And I nearly did miss something as well and nearly bought a 5.8GHz version. I was just pointing out that 5.4 is a bit of an unknown and to check your country regulations. Yes I totally agree a clean signal is everything. However people who have been in the game awhile have boosted their signals. The Modular system we use which is a property mesh using Cisco gear has 2W radios instead of 200mw. They have been developing their mobile equipment system for 14 years. And as you said power increases reliability. Reliability is what speed is dependent on. I am pretty sure Orthogon disable the 300mb/s if full power is not achieved. It may not be something they have to do, they might to it price point their 150 system against their 300 systems. I will check on this for you, and let you know if this is the case or not. It's worth noting that Orthogon is true non-line of sight. This may be the reason for the excessive power requirements, to achieve the reliability and speed. I am purchase the Orthogon gear in 8-12 weeks. I know of a few other sites using it and know of a site with issues with it. I will post you to let you the findings. I will also check to see if there is any other high speed bridges on the market. And I am looking at laser with 5.4GHz backhaul. As for pricing, yep its expensive but our security and grade requirements are high and the budget allows for it. I believe 5.4 is legal in the U.S., but it can be bumped by radar frequencies (if present) by law. In my experience, power is needed in rare occasions. Like I said before, we've got 30+ mile links with only 200mw of power at the radio. I see very little reason for a radio that has 10X the power, as you aren't going to go 10X as far-- Most of your signal lies in the antenna. For example, a group of kids recently broke the world record for Wifi with a 300mw radio. The distance? 125 Miles! Of course, they were using (2) 10'+ satellite dishes to do it, but it just goes to show you; 300mw is nothing; antenna, antenna, antenna. Also, cisco stuff until the last few years was garbage. They were so hell-bent on developing their own Wifi chipset, they didn't realize that Atheros was killing them on price/performance/everything. A few years ago, they abandoned their chipset and now use atheros, finally. Of course, this just puts them "on par" with everyone else now. The only difference now between them and everyone else is GUI, Atheros Driver Optimization, and of course with Cisco-- how can forget... Price. Power does to a point, increase reliability, but only in rare cases. The main time it becomes a factor is if your radio is "seeing" another radio in the area and you have to overpower their signal to get your link-- which of course puts the other guy up a creek. My main question is: what kind of distance are you looking at that will require 2watts of radio power? My guess is curvature of the earth issues would kick in way before you could even utilize 3/4 of the power rating. How can Orthogon be true NLOS? There is no such thing in 5Ghz, at least that I know of. Not because of the hardware you are using, but becuase it is a frequency limitation. Even using Multi-Polarized and Circular-Polarized antennae are not going to get you true NLOS, the frequency is just too high. Perhaps it somehow uses the 4 bonded channels to pickup in diversity? I just don't know about Motorolla these days. Next they will claim it runs off of "perpetual motion". Share this post Link to post Share on other sites
woodyads 0 Posted May 12, 2007 I believe 5.4 is legal in the U.S., but it can be bumped by radar frequencies (if present) by law. Also, cisco stuff until the last few years was garbage. Power does to a point, increase reliability, but only in rare cases. My main question is: what kind of distance are you looking at that will require 2watts of radio power? My guess is curvature of the earth issues would kick in way before you could even utilize 3/4 of the power rating. How can Orthogon be true NLOS? There is no such thing in 5Ghz, at least that I know of. Not because of the hardware you are using, but becuase it is a frequency limitation. Even using Multi-Polarized and Circular-Polarized antennae are not going to get you true NLOS, the frequency is just too high. Perhaps it somehow uses the 4 bonded channels to pickup in diversity? I just don't know about Motorolla these days. Next they will claim it runs off of "perpetual motion". 5.4 is leagal in Many contries. Some countries require Radar Detection and avoidance. And there are different power ratings for different countries. I major system I deal with is Modular Mining who were early to the WLan market. They tried to develope there own stuff then ended up going Cisco several year ago. Cisco is not the best stuff but this system works and I don't have to touch it. Modular developed a specialised antenna and they work quite well. They also turned down the speed at the Trucks to 2Mb/s to increase reliability. They only send text so that is enough speed. They also increaced the Radios to 2W. It might be to deal with all the dust in the pit. Or they might just want to flood any other users out of the band. Orthogon developed the technology and Motorola bought them out. So Orthorgon were claiming NLOS before Motorola were on the scene. They use 2 channels and some technology that can reassemble packets that have bounced off other objects etc. Suggest you read their material for a full explanation. I don't think they tell anyone exactly how they do it. When I get one I might give it the full test and see how it goes over dumps. I don't expect it to work NLOS over hills of dirt but I will give it a go. You have probably seen me crap on about tire 1 vendors, Cisco and a like. I know they don't do the best stuff but when dealing with big companies it's quite important to use these vendors. Many small vendors claim to have their security worked out, but quite often its not there. Auditing the security of network products is outside most of our skill sets. Share this post Link to post Share on other sites
rory 0 Posted May 12, 2007 IP is a way better technology, but you really need the synergy of other projects to raise the quality to justify its cost so that you receive the resources required to set up the network properly. The average company network administrator lacks the skills and resources required to set up a IP network for a security system. Sorry guys but you can set up far more advanced monitoring, redundancy and security on a IP system that you will ever be able to on an analogue system. Claims to the contrary only strengthen the argument that network administrators and people setting up IP video systems lack skill and resources to do the job properly. Quick question, which DVRs have you had experience with? BTW, it's not called analogue, its CCTV, it can be a mix of Digital and analogue. Sorry for not answering. I only just saw your post. Simple answer is none. But why would I. I run a several system that covers 40-50 km2 comprising of 15 mobile IP trailers. 2.4, 5.8, 5.4 GHz wireless LAN. 2-way radio, gensets, solar panels, battery voltage, hundreds of different sensors on Trucks, Shovels, Drills, Slope radars for monitoring wall movement, Seismic sensors and Cameras All on IP. These all come back to 20 servers in a data room which is monitored from a control room . The cost of the mining operation is $300m per year so we want to know exactly what is happening where. The cameras are not used for security just auditing. The entire system cost $4m and has taken 2 years to setup and tune. I walk into Perth office 1100km away and plug my laptop in and get all the cameras perfectly over the existing link without spending an single sent extra on the pre-existing infrastructure. Why we are not interested in DVR's. We don't want any non standard servers where can be avoided. We can't integrate our active directory into a DVR without substantial security risks. Where as the NVR is stock standard MS SQL so we can integrate active directory and then we don't need to administer any security, We set up groups of cameras, Access Groups, Then give the existing AD user groups access to the Access Groups. Then you just forget it. When a new geologist comes along they are put in the Geology AD group and automatically get access to the Cameras that Geology have Viewing, PTZ or Review rights. Even if a DVR can be administered by AD they are not part of the sever SOE. That means you can't automatically roll out security updates to it. This is a real hassle. Imbedded server software in propriety systems is based on existing server systems and is prone to security flaws just the same. Any decent IT department should stop these serves from interacting with the AD. So you loose the seamless integration into the network. Our long term plan is to locate a master control room in Perth from where we can push out our technology to 10 - 15 mines all over Australia. We are looking at using VMware on massive blade servers so we can load and unload servers as we wish. Tack on Sans and away you go. Hot spare, redundant, scaleable, serviceable, everything. This makes sense because we can use 4 blades to do the job of 200 severs. I go out of my way to standardise everything to maximise flexibility and opportunity. DVR is not standard. NVR can be. Its not about which is the best system for CCTV its about the synergies you can get between all your systems. Rory when you put a DVR in for a customer how many other non CCTV systems are you catering for? A PC DVR is a PC, same PC that is running an NVR, so essentially it can do exactly the same thing, if needed. I dont understand the last question though? Share this post Link to post Share on other sites
WirelessEye 0 Posted May 13, 2007 Their literature on their website states they use 4 channels, at least for 300Mbps. The problem with NLOS and high frequencies is molecular vibrations of the objects you are passing microwave through. The higher the frequency, the higher "molecular excitement". Not even 900Mhz is truely NLOS if you read the "fine print". Even if you talk to AvaLan who does 900Mhz, they'll tell you 1 or 2 buildings and half your signal is toast. I do know a rep from Motorolla (who was trying to sell me Canopy garbage a while back). I'll get in touch with him this week and see what he has to say about this issue. As far as security goes, there is only so much you can do with Wireless. Especially with video transmission. The more packets you transmit, the easier it is to crack any kind of WEP. Mac's can be spoofed easily and unless you have other measures in place outside of these methods, your data is free for the taking. Even proprietary encryption can be broken. Share this post Link to post Share on other sites
kensplace 0 Posted May 13, 2007 woodyads, you have 4 million to play with, in a specialist application.... your needs are not the same as the needs of 99 percent of most other people. Personally I think you are putting all your eggs in one basket, but thats your choice... for 4 million you could get any solution to work, and me personally, I would not touch MS as a overall solution in that price range, that to me is stupidity.... But each to their own views. One other thing.. If it goes wrong, will you come here and tell people about it? I guess not, as you wont want to look a fool. Share this post Link to post Share on other sites
woodyads 0 Posted May 16, 2007 Their literature on their website states they use 4 channels, at least for 300Mbps. The problem with NLOS and high frequencies is molecular vibrations of the objects you are passing microwave through. The higher the frequency, the higher "molecular excitement". Not even 900Mhz is truely NLOS if you read the "fine print". Even if you talk to AvaLan who does 900Mhz, they'll tell you 1 or 2 buildings and half your signal is toast. I do know a rep from Motorolla (who was trying to sell me Canopy garbage a while back). I'll get in touch with him this week and see what he has to say about this issue. As far as security goes, there is only so much you can do with Wireless. Especially with video transmission. The more packets you transmit, the easier it is to crack any kind of WEP. Mac's can be spoofed easily and unless you have other measures in place outside of these methods, your data is free for the taking. Even proprietary encryption can be broken. Everything you say there is true. It will be interesting to see how this things works out for this new set of technologies. What is actually deivered and what is not. One of my biggest drivers is trying to get everything on one set of management tools. This pushes us closer to the big names, while the smaller companies tend to have better technologies. Share this post Link to post Share on other sites
woodyads 0 Posted May 16, 2007 A PC DVR is a PC, same PC that is running an NVR, so essentially it can do exactly the same thing, if needed. I dont understand the last question though? IT doesn't want servers with non standard hardware in them. And it doesn't want any exceptions to the rule. The CCTV industry doesn't have an argument to be that exception. NVR's can be built on stock standard servers no rogue hardware. I am working at the moment to move three other systems off servers built by third parties. These third parties do not know how to build or support servers properly and they have become security issues. So when you put in a DVR are you considering the customers needs or your own. Are you making sure your server is identical to their existing servers no extra card just their standard servers. Or is that not your problem. This tread was entitled " I haven't really been sold on NVR's yet." Well you won't be until you start looking at the big picture. Look at it from IT's perspective. CCTV is not the only system out there wanting to use IP. Share this post Link to post Share on other sites
rory 0 Posted May 16, 2007 IT doesn't want servers with non standard hardware in them. And it doesn't want any exceptions to the rule. The CCTV industry doesn't have an argument to be that exception. NVR's can be built on stock standard servers no rogue hardware. I am working at the moment to move three other systems off servers built by third parties. These third parties do not know how to build or support servers properly and they have become security issues. So when you put in a DVR are you considering the customers needs or your own. Are you making sure your server is identical to their existing servers no extra card just their standard servers. Or is that not your problem. This tread was entitled " I haven't really been sold on NVR's yet." Well you won't be until you start looking at the big picture. Look at it from IT's perspective. CCTV is not the only system out there wanting to use IP. You are still not making sense. A DVR, or lets say a Video Surveillance Recorder; is a security system - have you any experience in the security industry? You mentioned these 3rd parties dont know how to build servers properly, care to elaborate? If you are saying they dont build them how YOU want them to be, fine, but remember a surveillance system is a security device first and foremost. Also remember many of those 3rd party companies are IT as well. A CCTV recording system should however always be much more secure and stable than a standard computer server, if setup properly - not always the case though. Question: Is the clients DVD player, Satelite Box, or TV, built the same as their Servers? And thats if the client even has a computer network at all. Now, I would really like to know what the big picture is? Cause I AM IT and so are many others on this forum. Are you just saying that because it uses a DVR card and software that makes it insecure, or different? Are you saying that nobody building DVR systems know anything about Windows Security, computers, networking? Whatever job you are contracted to do, you should always consider the customers needs. But what has that got to do with the Price of tea in China? Lastly, how is a "rogue" DVR card going to take down your network? If your answer is software related, well it can be trusted just as much as 3rd party NVR software - or are you saying you develop your own NVR software? This is getting interesting Now, Im not against using NVRs and such, we are in the Surveillance industry, we use what gets the job done, many of us use Cat5 now, or other forms of transmission, other than simple coax, and many of us do extensive networking and internet based applications, many here use both DVRs and NVRs as well. But i tend to lean with what Ken said, as in this industry, the CCTV Industry, NVRs are typically not an option for the majority of the CCTV industry clients today, whether that changes in the future or not, only time will tell. NVR manufacturers can speculate all they like, but they need to actually give CCTV guys valid reasons to use their products, currently most of it is marketing hype, and in many cases myths are spread about existing CCTV gear. It has its place for sure, but dont tell us what our hardware can or cant do, they are not from our industry. Share this post Link to post Share on other sites
woodyads 0 Posted May 16, 2007 woodyads, you have 4 million to play with, in a specialist application.... your needs are not the same as the needs of 99 percent of most other people. Personally I think you are putting all your eggs in one basket, but thats your choice... for 4 million you could get any solution to work, and me personally, I would not touch MS as a overall solution in that price range, that to me is stupidity.... But each to their own views. One other thing.. If it goes wrong, will you come here and tell people about it? I guess not, as you wont want to look a fool. Kensplace. My total budget for shared systems is $4m. My view are different because I come from an IT background and deal with many different systems. Because I have several systems all adding up to $4m then I can create synergies to soak up the cost of infrastructure to run the CCTV system on. And CCTV is far simpler than most of the other systems I deal with. My CCTV system sits on $300k of shared infrastructure with about $75k dedicated to CCTV alone. If I didn't have three other systems on that infrastructure the CCTV would have to wear the extra $300k (Remote power, mesh and wirless bridges). My needs may seem different but infact they are very similar. Centralisation of systems and administration. Production line mentality (see Model T Ford) Security, reliability and serviceability. Too often people look at the initial capital cost and don't see the ongoing support cost or training or lost time to testing and deploying patches and updates. I don't see how I am putting my eggs in one basket. I can deploy the CCTV system to several different servers. I rely on no one piece of hardware and the synergy between my different system has allowed me to build redundancy into my networks. Can you be more concise? As far as the MS comment goes. Tell me what solution should I use to run my VNR. And what hardware will it run on. And if it all goes wrong. Well its been running for a year now. And it takes up less than 1% of my time. Share this post Link to post Share on other sites
woodyads 0 Posted May 16, 2007 You are still not making sense. A DVR, or lets say a Video Surveillance Recorder; is a security system - have you any experience in the security industry? You mentioned these 3rd parties dont know how to build servers properly, care to elaborate? If you are saying they dont build them how YOU want them to be, fine, but remember a surveillance system is a security device first and foremost. Also remember many of those 3rd party companies are IT as well. A CCTV recording system should however always be much more secure and stable than a standard computer server, if setup properly - not always the case though. Question: Is the clients DVD player, Satelite Box, or TV, built the same as their Servers? And thats if the client even has a computer network at all. Now, I would really like to know what the big picture is? Cause I AM IT and so are many others on this forum. Are you just saying that because it uses a DVR card and software that makes it insecure, or different? Are you saying that nobody building DVR systems know anything about Windows Security, computers, networking? Whatever job you are contracted to do, you should always consider the customers needs. But what has that got to do with the Price of tea in China? Lastly, how is a "rogue" DVR card going to take down your network? If your answer is software related, well it can be trusted just as much as 3rd party NVR software - or are you saying you develop your own NVR software? This is getting interesting Now, Im not against using NVRs and such, we are in the Surveillance industry, we use what gets the job done, many of us use Cat5 now, or other forms of transmission, other than simple coax, and many of us do extensive networking and internet based applications, many here use both DVRs and NVRs as well. But i tend to lean with what Ken said, as in this industry, the CCTV Industry, NVRs are typically not an option for the majority of the CCTV industry clients today, whether that changes in the future or not, only time will tell. NVR manufacturers can speculate all they like, but they need to actually give CCTV guys valid reasons to use their products, currently most of it is marketing hype, and in many cases myths are spread about existing CCTV gear. It has its place for sure, but dont tell us what our hardware can or cant do, they are not from our industry. DVD, Satelite encoders are not a part of the network. When I talk about security I am talking about network security. Server updates patches etc. So assuming the reason for deploying a NVR or DVR is you want to use your normal clients machines to for viewing. Therefore you want your sever on the network. You have 50 severs + and you want to do this with minimum fuss. If you have a piece of hardware in a server you can not assume it will be safe to update. You must build a test environment for that server or that group of servers. If you don't do this .....why? I know plenty of IT professionals and organisation that don't know how to build servers properly. Just cause it works doesn't mean its built right. I have two servers that where built by third party IT companies that need rebuilding. One is a SQL server that has the wrong drive configuration. The other is a custer server that I don't even want to start where the problems begin. The vendor just doesn't build enough servers to invest in a team that really know what they are doing. My brother audits network security for a living and the number of companies including IT companies who fail server audits is significant. Recently he audited a large Web page building company, They failed on server audits miserably. I don't expect people in the CCTV industry, vendors and intergraters to get server builds and support right. Its not their main line of business. I leave that up to our server team and they do a very good job. Share this post Link to post Share on other sites
WirelessEye 0 Posted May 16, 2007 This is slightly off topic woodyads, but I was wondering: Would describe your tower systems to be a "Unmanned, vandal-resistant, self-contained, tower-based, wireless, solar-powered surveillance unit and system"? Share this post Link to post Share on other sites
woodyads 0 Posted May 16, 2007 This is slightly off topic woodyads, but I was wondering: Would describe your tower systems to be a "Unmanned, vandal-resistant, self-contained, tower-based, wireless, solar-powered surveillance unit and system"? Unmanned: yes Vandal resistant: no Self Contained: semi Tower-based: yes Wireless: yes Solar Powered: no Surveillance unit and system: no We have a two major issues which our tower systems must overcome. One is the problem safety creates when trying to deliver high availability. The other is the ability to nail down real-estate. I am eliminating climbable towers. Replacing them with four pneumatic telescopic towers on trailers. The trailers have a work platform on top so that we can work from the top of the trailer. All of the trailers are on the edge the pit or on high ground so you need the mast to get over the trucks to one direction but in the other you only need to mount gear 3m off ground level. they are first and foremost comms systems that happen to have a couple of cameras and encoders on them. They use wireless bridges as backbone and two separate mesh systems branching out from there. There is a master trailer that also has fibre running to it and is to have an Orthogon as backhaul. The fibre utilises fibre flow that allows us to go up to 1km without pits. The mesh systems can come in off any of the three trailers to the master for redundancy and the master trailer has redundant everything. All power is supplied by diesel gensets as the power consumption it too high for solar. To use solar we would need too much real-estate making the system only semi mobile. We need to move them for blasts. One of the mesh systems has another 11 solar trailers dedicated to that system alone. Back bone bridges are 5.8GHz, Meshes are 2.4GHz, High speed wirelss bridges are 5.4GHz. Vandal resistance is unnecessary as we are very remote and sealed off by security. Share this post Link to post Share on other sites