Home Infrastructure Secure Infrastructure

Secure Infrastructure

by Benchmark

As installers and integrators become increasingly well-informed about the benefits of networked solutions, so the need to be able to provide reliable infrastructure comes to the fore. Here, with the assistance of leading providers in the security market, Benchmark considers the deployment of a secure and stable platform.

Preparing for Disasters
Larry Lummis, Director of Consumer Electronics Product Management, Seagate
It happens all the time. In an effort to win a bid, a security installer or integrator follows the path of least resistance by delivering exactly what the customer asked for. The discussion is about what can be delivered for the smallest amount of money. It’s about meeting the customer’s requirement, and some of the time, that is okay.

But consider what happened recently in Wisconsin. Video containing the interrogations of hundreds of suspects by Milwaukee police have been lost in a major computer malfunction. Recovery efforts are under way, and emergency funding has been secured to pay recovery costs, which are described as ‘fairly staggering’.

As a security installer or integrator, it is easy to get caught up in the never-ending race to integrate the latest technologies. There is a need to make recommendations to customers that require the investment of thousands, if not tens of thousands, of pounds in advanced hardware.

Amongst this celebration of technology, it is easy to lose track of what the purpose of the system is in the first place: to provide access to the data required, in the format required, when that data is required. If the system which has been installed can’t do that, then it has failed in the one thing that the customer demanded.
So what can be done to prevent hard drive failures?

Prevention is always the best option. Communicate to the customer the importance of using the right hard drive for the given environment. Install only surveillance specific hard drives that were purpose designed and built for the rigorous environment inherent in surveillance applications.

Also consider the value of Recovery Services, which – for a small upfront cost – provide data recovery at a fraction of the ‘fairly staggering’ outlay that the Milwaukee Police Department will now need to fund.

Even with prevention plans in place, however, disasters happen. But when they do happen, the effects can be overcome if the customer has disaster mitigation capabilities in place. It is critical that installers and integrators talk to their customers about a basic data recovery plan and system. Educate the customer on the options available.

Remember, the system must provide access to the data required, in the format required, when that data is required. Failure to do this may result in penalties, legal action or unintended costs that the customer will need to address. The benefit of a proactive stance can deliver disaster recovery solutions to the customer, but also provides the installer or integrator with an opportunity to increase the potential service revenue, delivering peace of mind to customers and retaining their trust in the event of a disaster happening.

Server Throughput
Robin Hughes, Sales Director, Secure Logiq
In 2014, IP cameras outsold analogue CCTV with HD1080P cameras becoming the ‘de facto’ camera of choice in most professional applications. Also, 4K has become the latest buzz-word, which at 8 megapixels is four times the resolution of HD1080P and over 20 times the resolution of a conventional analogue CCTV image. There are also cameras with resolutions of up to 30 megapixels on a single sensor.

With additional resolution comes larger image sizes, so when using comparable compression standards and frame rates the data produced by a camera will increase proportionally with resolution. One option to record sufficient cameras on a server is to reduce frame rates or increase compression, and whilst H.264 is a very efficient, the fact remains that over-compressing a megapixel image will eventually eliminate the advantages the additional resolution gave in the first place.

H.264 is motion-compensation-based video compression. Image streams consist of I-Frames, a full frame reference image, followed by a number of P or predictive frames which only update pixel change from the reference image or previous image. This process massively reduces the stream size by not re-creating data that is already stored. Because of this, many industry calculators need to define scene complexity for each camera as the amount of data created (and therefore the processing and storage calculations) will be dependent on the amount of movement in the image. As a result calculations can be give wildly varied results as they are based on partial information.

When calculating server requirements there are two important numbers you need: average bandwidth and peak bandwidth. Average bandwidth is the sum of the individual I- and P-frames in one second during routine operation measured in Mbps (Megabits per second). This is this number that will be used for storage calculations.

The Peak bandwidth value, the maximum potential bandwidth output should all pixels be changing at the same time, is also important. The server selected must be able to handle the peaks caused by high pixel change on all cameras simultaneously, or there is a risk of server failure at potentially the most critical time. On many cameras and VMS solutions, a bandwidth cap can be applied allowing for an easier calculation, but as a rule of thumb peak bandwidth could be up to four times that of a quiet scene and double that of a busy scene.

As an example of where this calculation is important, think of a hotel. Generally there will be a few people walking in the corridors at any one time, a few people at the bar and a few at reception. Most cameras will require low bandwidth as pixel change is minimal. If there is a fire in the middle of the night, suddenly all the cameras will experience very high motion simultaneously, and the server must be able to cope as this is a mission critical applications that the CCTV system was installed for in the first place. The last thing needed is the core of the system failing and shutting down.

So once bandwidth calculations are done, what are the options? Most industry servers are rebadged generalist servers designed for multi-tasking, hosting websites and databases, email servers, etc.. They will also run a VMS if required. However, there is nothing more data intensive than multiple streams of HD video. Because of their generalist nature, IT servers will often have a restricted throughput which limits the number of cameras recording.
There is a common misconception that to increase throughput of a server, the processor needs to be upgraded. However, with specialist knowledge and components, there are many more ways to optimise throughput.

There are some server manufacturers who truly understand how IP video works. These have taken the time to analyse the intricacies and modus operandi of the various VMS options, and are creating servers to meet the demands of increasing camera resolutions without having to make compromises on performance.

Specialist servers for HD Surveillance are available with a throughput of up to 4000Mbps (input and output), equivalent to 15 off-the-shelf IT servers commonly on offer.

The VMS and other parallel video applications such as mobile gateway, LPR or video analytics will all impact on the overall performance of a server, often requiring multiple servers or virtualisation to achieve the end requirement.

Industry calculators will often only highlight an average throughput and a storage number, but will never provide enough information to ensure an optimised solution for the application. Consulting a surveillance server specialist can often save considerable time, money, rack space and power, not to mention the peace of mind that the hardware solution has been designed with a knowledge of both IT and IP video.

As a final thought, recording compressed streams of HD video is only part of the battle. Serious consideration should also be given to the hardware requirements to decode and display multiple streams of HD live and playback images, especially given the recent popularity of HD panoramic cameras.

Retaining Legacy Infrastructure
Stuart Harris, Sales Manager, NVT A Phybridge Company
When it comes to legacy infrastructure, specifically coaxial cabling, often it is – and will continue to be – proven reliable.

There are many reasons to consider repurposing existing legacy infrastructure when implementing an IP network solution. The topology of the existing infrastructure is point-to-point and designed for real-time applications like video. This means that from the camera back to the recording application there is a dedicated cable.

Benefits of a point-to-point topology include a graceful migration. Many customers want to migrate to an IP network without the complexities of ripping everything out. If existing infrastructure can be leveraged, the cables can migrate to an Ethernet over Coax (EoC) switch solution, so deploying IP cameras becomes simpler.

With traditional data switches (100 metre limitation) and rip and replace installation practices, a new backbone would be required. EoC switch innovations allow installers and integrators to leverage existing coax cable and deliver Ethernet and PoE beyond standard switch reach limitations.

The dedicated bandwidth for each end point means that packets travel in order, on time with no contention or loss. In latency-sensitive applications, there is no better topology. IP cameras also are much more bandwidth intensive and can put a greater strain on the performance of data LANs, especially with multi-megapixel devices drawing. Creating a separate physical CAN (Camera Area Network) can be helpful in designing the optimal network.

Having an infrastructure topology that is identical across every location allows for a deterministic business model ensuring a great user experience and profits for the provider.

By leveraging the existing coax infrastructure and using power over long reach EoC switches, costs can be reduced in many ways. New cabling is not needed. If cameras go beyond the 100 metre limitation of data switches, there is a need to install switches in distributed IDF closets. Rack space, power and cooling all add to the costs. With EoC long reach switch technology, these costs can be avoided.

By leveraging existing topology, the end points accumulate in a single location, allowing enhanced PoE port utilisation. Leveraging existing infrastructure also means less time is required in planning and implementation, and for many businesses the idea of ripping and replacing the infrastructure causes significant disruption. This, along with costs, is often a barrier to IP adoption.

There are many EoC technologies available: single port solutions, unmanaged switches, bridges, fully managed switches, etc.. These use different core technologies that may impact on performance. Take the time to understand the capabilities and the differences of each before making a decision, and migrate to IP with confidence.

The Need for RAID
Jeff Burgess, President & CEO, BCDVideo
Storage of video in a typical network video solution can be immense, entailing hundreds of high-resolution streams at up to 30 frames per second, around-the-clock. Data loss could be catastrophic as the recording of video security – regardless of size or scope – should be regarded as critical. Despite this, there are recorders not offering RAID protection, or integrators not utilising RAID protection, leaving the footage vulnerable.

RAID is used to secure both recordings and system configurations. For that reason, it is common to see multiple RAID sets within one system.

RAID technology is not limited to enterprise redundant storage systems. For example, many video recorders have RAID 1 embedded within the system. Merely adding an inexpensive second hard drive allows for disk mirroring.

A 6TB system is more than enough space to manage 16 cameras using standard settings. A second 6TB hard disk drive not only prevents any lost video data, but also protects the operating system and the VMS. This can prevent the need for system restores should the archiver crash.

By simply mirroring the data between two disks, installers and integrators can be reassured that data is secure and the system will not be affected by downtime if a disk fails.

In higher-end installations, if footage is lost or frame dropouts occur, the risks are great, and these can be life threatening or seriously damaging. Sites that are considered as high risk also have significant compliance regulations for the maintenance of data and generally require large storage capacities due to longer retention periods.

With thousands of cameras at these locations, the number of video streams is very high. An installation with as little as 100 cameras can require over 50TB of weekly recording space. These higher-end installations generally engage the highest resolution cameras possible, coupled with long retention and large bandwidth requirements.

Redundancy within the enterprise video recorder should not be limited to the power supplies and fans. The captured data on the hard drives is critical. RAID 5 is the default standard in archival video recording.

RAID 5 writes one parity stripe across all drives in a RAID set. You can take data protection to the next level by having a ‘redundant drive for the redundant drive’.

RAID 6 provides double parity protection for up to two drive failures, and allows ample time to replace failed hard disk drives before the video data is compromised.

For any system to truly be considered as redundant and enterprise, it should have redundant power and a minimum of two RAID sets – one set as RAID 1, protecting the operating system, and the other as RAID 5 or 6, protecting the archival footage.

RAID technology delivers peace of mind with the knowledge that both the system data and the reputation of the installer or integrator are protected.

Power Considerations
Tim Scott, Director, Dantech Electronic Engineering
Security system components have varied power needs: a supply of direct mains, specified DC or AC low voltage, or power over ethernet (PoE). Often systems will use a mixture of supply voltages due to the requirements of individual components. Power distribution decisions should be based on key factors such as reliability, continuity, accessibility, compliance, physical security and cost .

Many system devices are capable of functioning with more than one type of supply. Surveillance cameras might accept a low voltage AC or DC input as well as PoE power.

Security systems consist of pathways carrying information between system components and pathways distributing power. With networked systems these two types of interconnecting path can be located separately, follow a similar route or be physically combined.

System power can be planned much like a simple data network, with the incoming power branching out, via PSUs and power storage devices, to the various components. A good design will minimise power transmission bottlenecks, reduce single points of failure and consecutive points of potential failure within each path.
Mains back-up generators and UPS systems may be pre-existing at a location or specified for installation. These can be helpful but should be scrutinised with regard to acceptability, including the effect of a unit failure.

IP security devices such as surveillance cameras tend to ‘reboot’ following a power interruption for a period that might range from 30 to 90 seconds. The use of a dedicated maintained power supply local to devices ensures seamless operation. The prevention of device reboot downtime makes a powerful case for the use of battery-maintained power supplies in all security applications, as does the continuous provision of functions like edge storage, door entry and call-point access, regardless of mains and network state.

It is more reliable to use power supplies that are separate from network infrastructure. Separation of power provision removes single points of failure, reducing both the likelihood and the magnitude of failures. Good dedicated power units normally have higher life expectancies than switching equipment. All PSUs have a conversion-efficiency loss which is shed as heat, potentially affecting other equipment.

Network devices with integrated power outputs may have a ‘power budget’, limiting the defined output power to a specified total figure, rather than providing full capability to all outputs. This allows the possibility of load devices being connected with insufficient power available. With some supply products it is possible to overload the integrated power supply, resulting in a shutdown of all outputs until the overload is removed. As some common devices have variable power consumption, it is a risk that these will appear to function normally until loads demand higher power levels. While convenient, the use of integrated power outputs for critical operations is questionable. The specification of separate PSUs will improve system reliability.

Given sensibly specified power supplying equipment, bottlenecks in power distribution paths are a function of voltage supplied, power demanded and wire conductor size used. These bottlenecks manifest as resistive ‘volt drop’. Conductors have an inherent resistance at a given temperature and the degree of volt drop is inversely proportional to the voltage supplied. Ohm’s law dictates that for any known conductor and power conducted, a doubling of supply voltage will half the current, hence also halving the voltage drop. Importantly, the resulting transmission power loss is actually quartered as a result of doubling the voltage, due to the halving of the current conducted and the resultant halving of the volt drop. Subsequently it is preferable to use available higher voltages until within the area of load devices, which commonly means using mains power. At the load device area, a secure PSU or PoE midspan can be sited, including battery back-up if required.

The IEEE standard for PoE devices ensures power losses will be acceptable within a 100 metre span. Non-compliant PoE devices are an unknown and a potential hazard.

To reduce points of failure in a power path it is necessary to minimise the number of power conversion stages. Supplying mains voltage to the load area (or where not possible the next highest available voltage) then using one or more low voltage power supplies keeps the path as simple as possible. For normal practical purposes and as a requirement for PoE supplies, installation of the low voltage PSUs should be within 100 metres of the load devices.

If necessary, these can be sited alongside network apparatus such as edge switches and media converters, as well as being status monitored dependent on system requirement. Power repeaters designed for consecutive placement in a power path can save up-front cost but give multiple failure points in the path. They are also inefficient, having a conversion efficiency loss at every stage.

The applicable standard defining the requirements of all compliant PoE devices is IEEE802.3:2012. This incorporates the earlier standard amendments 802.3af (2003) and 802.3at (2009). The ‘af’ and ‘at’ references continue to be seen. Two device power categories exist: up to 15.4W (‘af’) and up to 30W (‘at’ or PoE+). It is sensible to specify the 30W supplies as this allows the connection of any PoE standard compliant device.

The choice of conventional versus PoE power is often debated. Both methods are valid. Whichever is used, the consideration of minimising losses, separating power, removing failure points and spreading risk between multiple power supply units will enable the design of reliable systems.

The Right Switch
Neil Staley, Product Marketing Executive, Mayflex
Installers and integrators must ensure that selected switches are capable of delivering the functionality and reliability demanded from a surveillance solution.

When selecting switches for the deployment of a HD surveillance IP solution, some key considerations need to be addressed. Getting the specification of the element that drives the traffic around the network wrong will only lead to a bad end-user experience, no matter what surveillance solution is installed.

There is no infrastructure element that is more or less important than another. If any fails, it could prove the difference between the solution working as required or not.

Quality of Service (QoS) is a mechanism that allows for management of traffic running over a network, and a switch that has 802.1p capability can help with configurations to ensure that traffic is prioritised and optimised for its core functionality. A QoS-enabled switch can ensure that, for example, a highly critical camera, running through a given port, gets priority traffic over and above all other traffic on a network.

Virtual Local Area Network (VLAN) is a way of dividing and segmenting network traffic within a switch. Switches with this capability can allow the system to ensure different types of traffic are partitioned, ensuring bandwidth is maintained and therefore negating any issues with HD video streams consuming all available network throughput. In simple terms, this technology would allow the corporate network and the surveillance network to work independently of each other, through the same switches, with neither impacting on the other’s performance.

The Power budget of a switch is the total amount of watts that the switch can deliver for PoE devices. It is imperative to ensure that the specification of every camera is researched and the maximum PoE usage needed to drive the cameras is taken into account. Failure to do so creates issues with the solution that can be hard to trace. This is because power may be taken from the switch at random, and therefore creates ad hoc power failures from any camera at any given time.

When designing a solution, the power that each port can deliver is important. Cameras will operate at either 802.3af (PoE) or in the high power requirement spectrum of 802.3at (PoE+). Once you know that the overall budget is covered, you also need to know that the ports driving those cameras can support the power required.

Average Mean Time Between Failure (AMTBF) is all about reliability! No matter where a surveillance solution is to be deployed, the system needs to be reliable. Ensuring that a switch, the item that powers the cameras, drives the network traffic and talks to the VMS, is fully functional and working is of paramount importance. Some switches offer 99.99999 per cent uptime reliability and although this level comes at a premium, it is the right choice when deploying a system into a high risk site.

Speed of network ports is always a headline item for the specification of any switch. However, the ports can only ever really work as fast as the actual ‘brain’ of the switch can process them. This is known as the backplane of the switch, and this should always be designed with non-blocking switch fabric in mind. In simple terms, a switch needs to have a backplane equal to value of all the ports working simultaneously at full speed.

Systems grow. Good design should always allow for expansion. Although it’s difficult to calculate what power these ports might need to deliver, always design so extra ports are available for new device additions.

Internet Group Management Protocol (IGMP) Snooping is an integral part of controlling multicasting within a broadcast domain or VLAN. The function listens to the traffic between hosts and routers and creates a map of which links are using multicast streams. By creating the map the switch can then intelligently ensure that the links that need this traffic receive it, thereby creating a network that reduces network traffic.

Switches that meet 802.az have the ability to conserve energy. Switches with this technology automatically drop power when not needed and re-introduce it when required.

What speed the ports transmit at is always high on the list of questions when looking at what switch to deploy: 10MBs, 100MBs or 1000MBs? This is driven by the NICs that are embedded into the cameras, servers and NAS devices on a solution. One rule of thumb to be considered when choosing a switch is the speed of the network ports used by traffic generated from the video streams into the switch and out to the server or NAS device. To reduce the chances of bottlenecks within the solution, these ports should be 10X the speed of that traffic. In simple terms, if a switch is deployed with 100MB links from the cameras, a 1000MB link would be used to the server.

The location that a switch is to be deployed is extremely important to consider. Due to the nature of surveillance solutions and Ethernet transmission constraints, sometimes switches are deployed in the field. Vendors are acutely aware of this and offer hardened or industrial grade switches for more extreme environmental conditions. Ensure this is considered when installing and scoping equipment in applications such as, for example, a camera mounting pole at the edge of a car park.

Jumbo frames are Ethernet frames that have a payload over and above the normal 1500 bytes. Jumbo frames can carry up to 9000 bytes and can be deployed by IP surveillance solutions. These frames can allow for reduced CPU utilisation, creating a network that can process larger amounts of data more efficiently. Ensuring switches used can process these types of Ethernet frames can help leverage the long term overall benefits of IP surveillance solutions.

In conclusion, the choice of which switch to deploy, to cope with delivering the functionality and reliability demanded from a surveillance solution, comes down to looking at what the solution requires and ensuring – with proper planning and scoping of the full specification – it covers the requirements. It is not just a case of what speed and how many ports it has!

Related Articles

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy