Q&A: Cisco's Steve Collen on Convergence and Video Bandwidth

Last week, SecurityInfoWatch.com had the pleasure of speaking with Steve Collen, the director of product marketing for Cisco's physical security business unit. "I'm basically the guy who says this is what we should develop, and this is how we should market it," explains Collen. He brings 11 years of experience at Cisco, having started on Cisco's high-end router line with the Cisco 7000 Series. He then moved into the product marketing of things like firewalls and intrusion prevention systems. Then about six months ago, he moved into the physical security space of Cisco, and has started the growth of that division with the acquisition of SyPixx networks. He says their mission in the physical security unit is to expand that unit above and beyond just video.

More of this interview will appear in the November IP video supplement to Security Technology & Design and Secuirty Dealer, but in this Q&A, Collen addresses the core needs of IT and physical security departments working on converged projects, and discusses the realities of bandwidth management for IP video.

SIW: Steve, what are the concerns you're hearing from IT and physical security departments regarding IP video?

Collen: On the IT side of things, the biggest concern we hear is the concern to roll out physical security projects like video surveillance as projects that the IT department needs to be involved in. So basically, they need a cross-disciplinary team from IT and physical security to roll these things out.

We've heard numerous incidences of the physical security team, wherever they might work, rolling out systems that are essentially maverick systems that don't have the latest security protection on them. It's led to all types of problems. The Nimbda virus affecting the security systems is one that I came across relatively recently. So the IT team wants to be involved; they want to be on the project team, and in certain cases they want to have the right of veto. But they literally want to be involved from the start of the project, when it's being contemplated and planned, right through to the implementation phase. It's a cross between an organizational and technology concern for them.

Now that said, the IT departments really realize the potential that's to be gained from rolling out network-based security systems and they definitely see this as a way of enhancing their overall security posture. The concern is there, but so is the motivation to actually get this technology out and running across the network.

Now when I'm speaking to the physical security team, concerns are rather different. They tend to be looking at things like "How can I leverage my existing cameras, keyboards, etc.?" They don't want to have to buy equipment again when they don't need to; so they're often focused on protecting the investment. They want to avoid having to retrain their security staff, so not just preserving their investments in systems, but also in people.

Then, flipping it around, like the IT team, the physical security department definitely sees huge potential in having these systems network connected. They like the ability to view video and create policies from distant locations. The whole concept of anytime-anyplace access is something that is a motivating factor.

We are looking at a fairly large number of RFPs now, which are a fairly good indicator of what are the motivations and concerns to people, and most want the security platform to be capable of supporting new technologies, and probably the two that I see on almost every RFP that crosses the desk are integration of video analytics and advanced algorithms like H.264 [also called MPEG-4 v.10 or AVC]. So they're looking at rolling out these network systems, but these network systems have to be capable of supporting the new technologies.

SIW: What are the parameters to consider when implementing a security system over the IT network?

Collen: The customers I'm speaking to say they do want to run it [the security system] over the existing network. We get questions along the lines of "Is the bandwidth going to be sufficient for video surveillance, and can I protect the video surveillance system in terms of good security?" The answer to both of those questions is a resounding "Yes, the bandwidth is sufficient and the network protection will be there." So that tends to diffuse any questions of people who would be contemplating a second network.

SIW: Steve, that brings up a question that many users are likely to ask. What is realistic in bandwidth volume for IP-based video?

Collen: From a wired network perspective, there isn't an issue with bandwidth. With MPEG-4 or H.264, you're talking about a 2 to 4 megabits per second bandwidth stream and that -- in corporate networks -- is definitely not an issue. So the bandwidth in a switched environment is going to be there. When you're going across a wireless network or a WAN, then the bandwidth becomes more of a factor and that is when you have to carefully plan what you do and what you send.

We're seeing customers come to us and ask questions like, "What video traffic really is appropriate to send over the WAN, and should I be only sending certain portions of my traffic, and only then, perhaps, at the end of the day?" So, for example, they could only send event traffic across the WAN -- in other words, the "interesting" traffic.

Wireless video is an interesting challenge. There certainly are a lot of questions about wireless video right now. We're actually testing that ourselves, finding out what is and what is not possible to do on a wireless network, but you definitely have to be more sensitive to the bandwidth issues there. In a nutshell, on the corporate LAN network, full-motion video, 24 by 7, should not be a problem. But when it comes to WAN and wireless, you actually have to be a lot more selective about what traffic you exchange.

SIW: But even with a corporate LAN, are they still not experiencing problems with bandwidth and congestion?

Collen: We haven't seen video significantly impact the bandwidth of the corporate network. We're talking about a 100 megabits per second bandwidth stream being pretty standard, and the video traffic is only taking a fraction of that. We are seeing, however, a lot of customer interest in the implementation of quality of service (QOS) mechanisms on the video traffic such that if congestion became a factor, there is a solution for that. Or conversely, you may want to prioritize your video traffic to make sure it gets through. So customers are asking us a lot about Quality of Service mechanisms for doing those things, using type-of-service or precedence bits to mark traffic, and then various queuing mechanisms that you apply based around that marking of traffic.