James Marcella is director of technical services for Axis Communications.
Photo credit: (Photo courtesy Axis Communications)
Everyone knows a Car Guy. It’s the person who can name the make, model and year of a moving car from a hundred yards away. It’s who we consult before buying a new car or taking in an old one for service. It’s the one who can actually answer the question: “What the heck is that sound?”
If you are the Car Guy or Gal of your group, you probably relish in the chance to talk shop with mechanics and salesmen. If not, chances are you’re a bit apprehensive when taking in your car to be serviced. You assume that the mechanic knows much more than you and could pretty much tell you anything—and you’d be forced to believe them.
With our industry shifting from analog to all-IP technology, many security professionals feel the same way when working with IP solutions that reside on the IT department’s network. To work successfully alongside your IT counterparts, you need to have a basic grasp of networking lingo and an understanding of what motivates—and stresses—those colleagues about maintaining the company’s infrastructure where all the business systems operate.
Turning IT opponents into security allies
Many IT professionals have already bought into network video surveillance because they fully appreciate the value of IP-based systems; after all, this is the career they’ve chosen. However, not all are as open and willing to share “their” resources with the physical security department. It’s your job to be upfront about their concerns and find appropriate ways to address them. When framing your argument, use the same terminology that IT professionals use so that there’s no miscommunication (See “IP Speak for Technicians,” by Steve Surfaro, August 2009 issue of Security Dealer & Integrator).
So what are the basic network concerns that most IT folks have?
IT security risks
Debunking the bandwidth hog myth: 5 arguments to win over IT
When it comes to bandwidth, some network professionals believe video is a voracious application—one that will consume all the available bandwidth. But IP video surveillance is different than the video they are used to dealing with:
Surveillance video is locally-generated content and in most cases doesn’t leave the network where it was created. In other words, the lobby camera being viewed by the security guard only traverses the local area network (LAN), which is the company’s largest and least expensive pipeline. The negative network performance impact that IT fears from video comes from employees downloading or streaming clips from external sites like online news outlets, YouTube and ESPN.com—a connection that happens to be the smallest and most expensive bandwidth a company utilizes.
Unlike an Internet download, surveillance video can be segmented from other production data either physically or logically using Virtual LANs (VLANs). This prevents video traffic from grabbing the lion’s share of bandwidth.
Each IP camera on the network can be customized for specific performance to meet not only the physical security needs, but also the company’s network and storage guidelines. Once IT understands that video streams can be tailored to preferred frame rates, resolution, compressions and events-based actions, they’ll realize that IP video surveillance is very much a controllable application.
The standard for edge-based connectivity is 100Mbps. Surveillance video is generally recorded at six frames per second (fps), which puts the bit rate under 1Mbps. IP video surveillance represents only a fraction of the available bandwidth.
If the objection concerns the aggregate impact of multiple video streams, simply do the math. For 20 cameras set up to dual stream (one stream for viewing, the other for recording), each camera would generate 7Mbps. Multiply that by 20 and you have 140Mbps—the total amount of bandwidth needed to view and record all 20 network cameras. This represents less than 15 percent of a one gigabit uplink, which has been a standard feature in network switches for the past decade.
Rebutting counterarguments; So what happens if IT tells you that they don’t support VLANs and the switches don’t have gigabit uplinks, or they have not deployed 100Mbps to the desktop (edge)? Suggest that this is great time to upgrade their infrastructure to industry standards and that the security department will contribute to the budget. You might end up being their best friend.
Addressing the impact of storage options
Storage is another hot topic directly related to bandwidth consumption, from hard drives connected to PC servers to network attached storage (NAS) devices and SD cards embedded in network cameras and video encoders. Each represents a different cost per gigabyte of storage and a different level of scalability. The cost of server-based storage hovers around $.20 per gigabyte and can scale into terabytes, while SD cards run $.78 per gigabyte with a maximum capacity of 64GB for surveillance devices.
Determine how many cameras are needed to achieve the company’s security objective and then how long video should be stored. Server-based storage or network video recorders (NVRs) are typically the best options for systems with 16 or more cameras. In-camera SD card storage, NAS devices or cloud-based hosted video are best for small systems because it eliminates the cost of a DVR while upgrading the system from outdated analog to today’s digital quality. Edge storage can also be used in larger systems as emergency backup recording devices in case of network outages.
Determining computing requirements
The computing demand that the Video Management Software (VMS) is going to place on the system will fluctuate depending on whether you’re simply viewing and recording video or using video analytics. Check the manufacturer’s specifications for the recommended processor or CPU speed, RAM, graphics card, network interface card speed and operating system. Use manufacturers’ online design tools to factor the number of cameras, desired resolution and fps to generate a customized hardware configuration report that you can share with the IT department. This alone should help debunk bandwidth-hogging myths.
If the customer’s IT department has preferred hardware and software manufacturers, make sure your video server request dovetails with the systems already in place. For instance, if the company is standardized on IBM or HP or Dell, then IT probably has a service level agreement in place for uptime of those servers. Leverage those relationships for the physical security system as well.
Countering the fear of hacking
The IT department’s most visceral fear about adding new devices to the network is the increased opportunity for being hacked. You need to acknowledge the validity of their concerns and assure them that IP video surveillance components can be handled in the same manner as any other secure device on the network. The phrases “authentication protocols” and “data encryption” will be key to the discussion.
Authentication protocols Concede that some physical security devices—especially those deployed on building exteriors and in garages and parking lots—might increase the risk of an information security breach because they give adversaries an opportunity to unplug the cable from the camera and use it as a physical connection to the internal network. But this threat can be easily overcome using authentication protocols such as 802.1x that employ private and public shared keys to authenticate devices at the port level on a switch. If the camera is unplugged and another device is connected in its place, the switch automatically shuts down all traffic to that port. IT professionals have been using this protocol for decades to secure the more traditional devices on the network, like laptops and PCs.
Data encryption The most commonly deployed encryption standard is WPA2. It’s used predominantly in wireless infrastructures to block outsiders from grabbing a free ride on the company’s Internet connection as opposed to hacking the network and stealing company secrets. Of course, if you’re implementing a physical security system for a nuclear power plant or bank, this fear of hacking is a more prominent one. In both cases, encryption should always be used with wired and wireless networks. Make sure the security devices you select are professional-grade and employ all the same security protocols as standard networking gear.
Becoming the IP guy or gal
You may not be ready to deploy an enterprise-level network implementing VLANs to segregate the video traffic from the company’s production network, but understanding the general lingo and initial IT apprehensions will go a long way. To take it to the next level, basic and advanced networking techniques are best learned in a hands-on classroom setting, which nearly all IP video manufacturers offer today.
The physical security industry is moving to all IP. Take the initiative to become the IP Guy, not the one asking for their advice.
James Marcella has been a technologist in the security and IT industries for more than 18 years. He is currently the director of Technical Services for Axis Communications, Chelmsford, Mass.