IT trends impacting IP video: Network monitoring

March 6, 2012
Network infrastructure monitoring software can help avert recording disasters

It's been more than a decade since the IT and telecom industries first introduced early warning systems to prevent catastrophic network failures. But not until this past year's ASIS show in Orlando did the physical security industry begin showing signs that it was really ready to apply this technology to network security systems.

With the avalanche of news last fall that came during that tradeshow, one press release that may have gotten buried was for a new service called Net.Monitor, from routing/switching manufacturer Allied Telesis, specifically designed for the surveillance world. Essentially, Net.Monitor proactively monitors the critical components in an entire system – edge devices, network infrastructure and even application servers. Through skilled analytical programming, which has been used in the IT networking world for more than a decade, the service recognizes potential fault conditions and proactively notifies the user before they actually occur to forestall outages from happening.

Separating fact from fantasy

This omniscience sounds like science fiction in the vein of Minority Report or Person of Interest. It's akin to having your NVR send you a message saying it's going to fail within the next 24 hours. But the value is very much grounded in reality.

Imagine a security director or operations manager responsible for thousands of buildings spread across the country, each with hundreds of network cameras deployed – yet his or her company doesn't have local IT personnel keeping tabs on the system. Fortunately, IP-based systems are intelligent by design, and this networking hardware intelligence is the final piece to the puzzle to keep systems up and running.

Cameras are obviously no longer the dumb devices used in the analog world. Network cameras with active tampering alarms can not only alert the user when they have been re-aimed or covered, but also when they are not working. Many VMS platforms have built in fault notification capabilities that send alerts if video is not being received. Now with intelligence specifically designed for surveillance systems to keep tabs on other networking components (switches, servers, routers, etc.), the old horror story of searching for video of an incident only to find that it wasn't recording will become a thing of the past.

If you apply this proactive oversight to the network infrastructure as well as the servers that are hosting the recording applications, you'll soon realize that the payback grows exponentially. Each component could fail in any number of ways but if the system could monitor itself and inform you that, for instance, a fan in the server at the Chicago site just stopped, you could deploy someone to swap it out before the whole server overheated and became damaged beyond repair. The IT sector has been using network management for over a decade and, in many cases, reaping the benefits of extended uptime in the realm of 99.999 percent.

And realize this: Not only will system failure be avoidable with proactive oversight, but this intelligent reporting makes identifying a point of failure faster and easier, instead of having to check each individual component one by one like you were testing a string of Christmas lights.

This concept isn't futuristic or farfetched. It's here today, but how does it work?

The simple elegance of SNMP

The IT industry uses Simple Network Management Protocol (SNMP) to manage devices on a network and includes SNMP as a subset of the Transmission Control Protocol / Internet Protocol (TCP/IP). Devices with built in support for SNMP include switches, routers, printers and servers. How does this relate to the security industry? Many manufactures also include the protocols inside network cameras and networked door access control systems.

The SNMP protocol defines three basic components: managed devices, agents and network-management systems (NMS). A managed device could be a network camera with an embedded agent that collects information from the device and sends it to the NMS via SNMP. The NMS is the interface to the user, providing a dashboard on the current status of the managed devices. It can also be programmed to alert you when thresholds have been reached, which would serve as an early warning that something was trending in the wrong direction.

Read, trap and probe to a healthier security network

Information from a managed device is either requested by the NMS through a "read" command or sent to the NMS through what is termed a "trap." For example, an NMS might send a read command to the Chicago server for the current CPU utilization and receive a reply that shows utilization levels at 50 percent. A trap is typically used to report information that indicates a predetermined threshold has been exceeded. In fact, a common trap that's actually found in network cameras today is the authentication of credentials, which would alert operators to unauthorized attempts to gain access to a camera. If we went back to the example of a server in Chicago where utilization was at 90 percent, a trap would be sent out because the system was programmed to raise the alarm if utilization reached 90 percent or higher.

Another tool used by network management systems is called a "probe." Probes are written to test specific functions of an application and report back whether they are within acceptable guidelines. For example, a probe could be written to determine if your VMS is actually recording the video it's receiving.

The network management system could also use an "agent" embedded on a network switch to monitor bandwidth of an individual switch port. In this instance, the NMS might report an unexpected increase in bandwidth utilization by a specific network camera, which would prompt security to investigate the matter further. Interestingly enough, you might trace the increase bandwidth to any of several reasons, such as the camera being pulled significantly out of focus or poor lighting conditions at dusk, causing the image to stream with excessive noise. Or it could be as simple as one camera was streaming using MJPEG compression while all the other cameras in the vicinity were streaming with more efficient H.264. All of these situations could be easily remedied if you knew they were occurring.

Knowing the right questions to pose

When it comes to network monitoring, the real issue is not the technological capability of these systems but rather the knowledge of the people programming them. If the integrator didn't know that a network loop is a bad thing – a situation where two switches constantly send the same data between them causing bandwidth bottlenecks – then they wouldn't know to program the NMS to notify the user when it happens. Writing probes also requires knowledge of the application, which again points to experienced people on staff. If you don't have the personnel or the funds to deploy an NMS yourself, then you can opt for an intelligent service offering such as Net.Monitor.

Using network monitoring to document your SLAs

Many applications are being moved to the cloud, which makes network management all the more important. Being able to quickly pinpoint exact areas of failure or predict them before they happen enables companies to efficiently solve problems without the headache of finger pointing. It also is a great platform for reporting on Service Level Agreements (SLAs).

Just like the message center in your car informing you that it is time for service or that tire pressure is low, SNMP-enabled systems provide security professional with real-time health checks of their integrated security systems. Beyond the obvious benefit of proactively notifying you that something is wrong or trending in a problematic direction, it also gives you the ability to objectively report on system effectiveness. Imagine coming to your next annual review with a report in hand that provided indisputable proof that all your cameras remained 99.999 percent operational. And regarding the one issue that did arise, you were able to fix it during scheduled downtime before compromising security operations.

About the author: James Marcella has been a technologist in the security and IT industries for more than 17 years. He is currently the Director of Technical Services for Axis Communications.

About the Author

James Marcella | Director of Technical Services

James Marcella has been a technologist in the security and IT industries for nearly two decades. He is currently the Director of Technical Services for Axis Communications. To request more info about Axis, visit