Another Noob, Blue Iris system planning & design, doing a ton of research (this is why I left IT years ago LOL)

SkyKen

n3wb
May 13, 2021
8
4
Pacific Northwest
Hi New Friends,

As the title says I am learning as much as I can to build out from my existing small home network a decent, secure and efficient Blue Iris system. I have constraints such as an old home with no easy attic access (not that I want to deal with like tight access, previous owner put HVAC system up there, he thought he'd avoid the mice, duh they climb like my cat, and I had the insulation upgraded so I am not going to slog through 10" of cellulose). I can get under the house okay, but want to avoid that, I might change my mind. I can run some under eves, etc. And that's just running cable stuff. Main things I am looking at right now are how to design my set up using as much of the gear I already have and replace or upgrade if need be. I am able to purchase what I need but don't want to just throw money at this and honestly my actual needs are less than my desire to put up a nice, tight, clean system. I tend to overdo it a bit because I really don't like having too little, too late then redoing.

I know things will change as I learn, test stuff out, and hopefully get advice from experienced folks. I am looking for information on: VLANs, two L3? switches: 4-6 unknown cameras off a switch at the main house (half PoE, half wi-fi), 4 PoE cameras off another switch connected to a back-haul where I will run my BI server which is a beefy Dell Precision 3640 Tower (top BI specs). No gaming here, mostly just two people doing light usage. Hopefully I can figure out intelligent network equipment selection & set up, placement of the network segments and of course tight security. Should take an afternoon or so. :rolleyes:

Nice to be in such a strong community with lots of information!

P.S. I might be willing to hire professional help with the above depending on price and availability.
 
  • Like
Reactions: mat200
:welcome:

If you put a second NIC card in the PC no need for VLANs. It is the simplest approach but does mean your cameras can only be accessed from the Blue Iris PC.

Welcome to the enchanted land of video surveillance lunatics, good guys, nut jobs and miscreants (yes, I fit into at least three categories). There are a lot of knowledgeable people on here and knowledge and experience are shared constantly. That's how I got to be a lunatic (already a nut job and miscreant).

Start out by looking in the WiKi in the blue bar at the top of the page. There's a ton of very useful information in there and it needs to be viewed on a computer, not a phone or tablet. The Cliff Notes will be of particular interest although the camera models listed there are a generation old at this point. The best way to determine what kind of camera you need in each location and where each location should really be is to buy one varifocal camera first and set up a test stand for it that can be easily moved around. Test using that, viewing using the web interface of the camera, during the day and at night. Have someone walk around behaving like a miscreant and see if you can identify them. There is also information for choosing hardware and securing the system along with a whole bunch of other good stuff.

Don't chase megapixels unless you have a really BIG budget. Chase sensor size and bigger is better. To confuse you more sensor sizes are listed in fractions so do the basic math to be sure, 1/2.8 is bigger than 1/2.7 or 1/3. General rule of thumb is that a 4MP camera will easily outperform an 8MP camera when they both have the same sensor size. Reason being that there are twice as many pixels in the 8MP versus the 4MP. This results in only half the available light getting to each pixel in an 8MP that a pixel in the 4MP "sees".

A dedicated PC doesn't need to be either expensive to purchase or to run. A used business class machine can be had from eBay and various other sources. The advances made in Blue Iris make it easily possible to run a fairly large system on relatively inexpensive hardware which also makes power consumption low, as in under 50 watts in many cases. The biggest expenses turn out to be hard drives for storing video and a PoE switch to power the cameras and, of course, the cameras themselves.

The three basic rules of video surveillance cameras-

Rule #1 - Cameras multiply like rabbits.
Rule #2 - Cameras are more addictive than drugs.
Rule #3 - You never have enough cameras.

Quick guide -

The smaller the lux number the better the low light performance. 0.002 is better than 0.02
The smaller the "F" of the lens the better the low light performance. F1.4 is better than F1.8
The larger the sensor the better the low light performance. 1/1.8" is better (bigger) than 1/2.7"
The higher the megapixels for the same size sensor the worse the low light performance. A 4MP camera with a 1/1.8" sensor will perform better than a 8MP camera with that same 1/1.8" sensor.

Don't believe all the marketing hype no matter who makes the camera. Don't believe those nice night time captures they all use. Look for videos, with motion, to determine low light performance. Any camera can be made to "see" color at night if the exposure time is long enough, as in half a second or longer. Rule of thumb, the shutter speed needs to be at 1/60 or higher to get night video without blurring.

Read the reviews here, most include both still shots and video.

Avoid Reolink, Foscam, SV3C, Nest, and all the other consumer grade cameras. They all struggle mightily at night and never get anything useful on video. Here's a link to a whole thread debunking Reolink in particular.

Compiled by mat200 -

Avoid WiFi cameras, even doorbell cameras. WiFi is not designed for the constant, 24/7, load of video that a surveillance camera produces. At best, with two cameras on WiFi, they will still experience dropouts multiple times daily. Murphy's Law says that will happen at the worst possible moment.

Lens size, focal length, is another critical factor. Many people like the wide, sweeping, views of a 2.8mm lens but be aware that identification is problematic with a lens that wide. Watch this video to learn how to analyze each location for appropriate lens size and keep in mind that it may take two cameras to provide the coverage you need or desire. Another factor that effects view angles is the sensor size. Typically larger sensors will have a larger field of view in any given lens size.


The 5442 series of cameras by Dahua is the current "king of the hill". They are 4MP and capable of color with some ambient light at night. The 2231 series is a less expensive alternative in 2MP and does not have audio capabilities, no built in microphone, but is easier on the budget. The 3241T-ZAS has similar spcs as the 2231 and has audio. There are also cameras available from the IPCT Store right here on the forum and from Nelly's Security who has a thread in the vendors section.

5442 Reviews

Review - Loryata (Dahua OEM) IPC-T5442T-ZE varifocal Turret

Review - OEM IPC-B5442E-ZE 4MP AI Varifocal Bullet Camera With Starlight+

Review-OEM 4mp AI Cam IPC-T5442TM-AS Starlight+ Turret

Review IPC-T5442TM-AS-LED (Turret, Full Color, Starlight+)

Review: IPC-HDBW5442R-ASE-NI - Dahua Technology Pro AI Bullet Network Camera

2231 Review
Review-OEM IPC-T2231RP-ZS 2mp Varifocal Turret Starlight Camera

3241T-ZAS Review

Less expensive models -

VPN Information Thread
 
Welcome.
On a real computer, study this:

Hahahaha @Real computer And in your Tips.pdf "phone" I really dislike reading much on my PHONE, which I actually use to do voice stuff, like make actual telephone calls.

And thanks for pointing me to your SouthernYankeeTips; I have gathered chunks of information mentioned therein but have much to learn. As I am still trying to sus out network implications first, I am not at the stage of Cam selection, and I know a 4K will have a different impact on a network than a 1080, but substreams, right?

Yes, the endless "how do I do _?" that is asked a million times. But, sometimes there is so much information so as to drown a noob trying to find simple answers, to build knowledge, to the next, and hopefully, more intelligent questions. I'm still reading, thinking and pondering. One that popped up is how to test without buying the gear to test with? Hummm (Amazon returns?) LOL
 
If you put a second NIC card in the PC no need for VLANs. It is the simplest approach but does mean your cameras can only be accessed from the Blue Iris PC.

That's what I gathered from my reading, bummer. Main house was built during WWII so we bought into massive limitations for 2020's tech upgrading. We've been here a few years, attic is a huge mess, I suppose I'm going to have to run some cable in the crawl space and under eaves for the main house, again, a huge bummer. Lots of poor grade lath and plaster which the ceiling is almost 90% original.

At the main house is where the internet line terminates and my modem/router are. I have a building 130 feet from the house with a buried ethernet line and that's where I have my daytime office, will run my BI server, etc, so with those constraints I was thinking I would be able to set up VLANS (and a combination of second NIC card to keep that traffic off the main network, but still have to have other camera feeds in that one Cat7 line (I know, I know). Not much usage on our network, zero gaming, I am pretty much the only user on the system.

So, my network layout is the first big part I need to resolve. Was thinking I'd have one PoE switch at the house, another PoE switch off the 130 ethernet and see if I can make that work. Thoughts, suggestions? I have thought about putting the BI machine in the house but we really don't want to do that. Lots to consider, think about. Thank you!!
 
  • Like
Reactions: sebastiantombs
As an Amazon Associate IPCamTalk earns from qualifying purchases.
That's what I gathered from my reading, bummer. Main house was built during WWII so we bought into massive limitations for 2020's tech upgrading. We've been here a few years, attic is a huge mess, I suppose I'm going to have to run some cable in the crawl space and under eaves for the main house, again, a huge bummer. Lots of poor grade lath and plaster which the ceiling is almost 90% original.

At the main house is where the internet line terminates and my modem/router are. I have a building 130 feet from the house with a buried ethernet line and that's where I have my daytime office, will run my BI server, etc, so with those constraints I was thinking I would be able to set up VLANS (and a combination of second NIC card to keep that traffic off the main network, but still have to have other camera feeds in that one Cat7 line (I know, I know). Not much usage on our network, zero gaming, I am pretty much the only user on the system.

So, my network layout is the first big part I need to resolve. Was thinking I'd have one PoE switch at the house, another PoE switch off the 130 ethernet and see if I can make that work. Thoughts, suggestions? I have thought about putting the BI machine in the house but we really don't want to do that. Lots to consider, think about. Thank you!!

You can do Microsoft Remote Desktop to access the BI computer from other devices on the network.
 
  • Like
Reactions: SkyKen
Hi, Wittaj, thank you for your suggestion. I am aware of options to remote in (MS, Chrome) but not sure how that will help in my scnario as I ultimately will have my BI rig next to me in my home office, but I am considering any and all options.
 
At the main house is where the internet line terminates and my modem/router are. I have a building 130 feet from the house with a buried ethernet line and that's where I have my daytime office, will run my BI server, etc, so with those constraints I was thinking I would be able to set up VLANS (and a combination of second NIC card to keep that traffic off the main network, but still have to have other camera feeds in that one Cat7 line (I know, I know). Not much usage on our network, zero gaming, I am pretty much the only user on the system.

I've had good experiences with EnGenius products. Another option for your scenario is the EnGenius ENH500v3 [2-Pack] in bridge mode to bolster your CAT7 connection to your outbuilding. TightVNC is a great alternative to MS's remote desktop
 
  • Like
Reactions: SkyKen
WIFI is not recommend for security cameras, it is easy to just jam it. Also it can get just a little overloaded and become very unstable.

If you absolutely must use WIFI, use a separate WIFI network from your home network. Use an access point for the separate network. On 2.4 GHZ WIFI you can run about three 2MP cameras at 15fps, above that the network will become unstable

Absolutely no camera traffic pass thru the main home router during normal operations.
 
OP currently has an ethernet cable to the outbuilding that carries current office activity traffic. Moving the current capacities to wireless and devote the security cam traffic to the buried ethernet.
 
  • Like
Reactions: SkyKen
OP currently has an ethernet cable to the outbuilding that carries current office activity traffic. Moving the current capacities to wireless and devote the security cam traffic to the buried ethernet.

The refrigerator door opens, and the light bulb comes on!! Been trying to wrap my head around implementing @sebastiantombs suggestion; read up on wireless and it looks fairly straightforward to set up to my exsisting configuration, carry the load of my office and free up everthing else for my camera traffic on the buried ethernet line. I was trying to figure out how this would help my security delima of having one set of cameras on a secondary network on the BI server and unfortunately, the other set on a switch connected to my router and not seeing it. I think the answer is this doen't help that issue. I'm still poking around about VLANs, L2, L3 which seem to be a much more complex way of securing the set of cameras connected directly to my router, but also seems to be my only solution at this point?
 
WIFI is not recommend for security cameras, it is easy to just jam it. Also it can get just a little overloaded and become very unstable.

If you absolutely must use WIFI, use a separate WIFI network from your home network. Use an access point for the separate network. On 2.4 GHZ WIFI you can run about three 2MP cameras at 15fps, above that the network will become unstable

Absolutely no camera traffic pass thru the main home router during normal operations.

I should have mentioned my primary goal with these cameras is seeing what is going on around my house more than for security, which might sound like the same thing. I'm in a geographically isolated area with few neighbors and we all know each other with several of us work from home types. There are fields all around where one can see for quite a distance and one road in, zero way out other than back the same small road or maybe a helicopter. LOL Yes, everyone is vulnerable, and we are, too, just not as huge a priority like city living or being isolated with no one around in which case I'd be looking at pressure plates, razor wire and gun turrets along with a security system. ;)

We have a variety of wildlife all around and I want to keep track of them as much as the humans. Game cameras just aren't as much fun!!

I also do NOT want my network to be a node for fancy bear so I will lock things down as best I can once I figure it out. Don't want to get a CCNA to do it, but once I get into something, I get it all over myself, like a kid with candy, so I will get it done. I really appreciate the suggestions on Ipcamtalk and the friendly, knowledgeable people here. Trying to find the good balance between looking forever for something vs "will you help me build my system, waah?" I could hire someone to do it, but it looks like I've hired myself. :oops:
 
The refrigerator door opens, and the light bulb comes on!! Been trying to wrap my head around implementing @sebastiantombs suggestion; read up on wireless and it looks fairly straightforward to set up to my exsisting configuration, carry the load of my office and free up everthing else for my camera traffic on the buried ethernet line. I was trying to figure out how this would help my security delima of having one set of cameras on a secondary network on the BI server and unfortunately, the other set on a switch connected to my router and not seeing it. I think the answer is this doen't help that issue. I'm still poking around about VLANs, L2, L3 which seem to be a much more complex way of securing the set of cameras connected directly to my router, but also seems to be my only solution at this point?

A couple unmanaged switches for each end of the house & out-building connection(s) (2 for 'work' network & 2 for security network). You might find you will not need PoE for the work network equip. The ENH500v3 came with their own power injectors at one point, not sure if they are included these days. OR A couple managed PoE switches, configure multiple VLAN's to segment the traffic. The latter results in less pieces of hardware, but more effort spent towards configuring all the components. At this point I typically build a parts/price list for each, as this often times affects the decision making process.

As other have mentioned previously, the best security practice is to have a second network interface on the BI server. One will connect to the work network, the other will connect to the security network.