Can Blue Iris REALLY handle this job?

[Overcast451]

Does the Blue Iris UI allow the user to easily playback multiple (synchronized) cam streams simultaneously? For example, let’s say you want to observe the route taken by a person as he moves from the field of view of one camera to the next camera. Could you watch, say, 10 pre-recorded cam feeds (side by side) at the same time? If so, can this "composite" video be exported ?

On that.. there are a number of various 'screen recorders' out there (bandicam is one) - that gamers often use. These could get all the screens on your monitors into a single video - if that is the objective. Also if you have an nVidia card (even onboard, if it can use the nVidia driver), you might be able to use 'GeForce Experience' to do the same.

 

[bennuss]

Also you might want to have a second nic for the web server and one dedicated for recording streams

 

[DWW0311]

Also you might want to have a second nic for the web server and one dedicated for recording streams

Not a bad suggestion. I just bonded both of the onboards into an LACP pair to double the available bandwidth. That having been said, truthfully, you'll have a difficult time saturating even a single gigabit connection with just IP cams. All of mine report back through a single gigabit fiber run and it normally sits somewhere around 5% utilization. Your network connection is rarely the chokepoint in these setups.

 

[bennuss]

I use the second nic not just for a bandwidth increase but also for security. I keep the cameras in a second subnet with no gateway. If I am using the same switch then I put them in a separate vlan. Only the webserver port has access to the net or is available to the computers on the lan

 

[DWW0311]

I use the second nic not just for a bandwidth increase but also for security. I keep the cameras in a second subnet with no gateway. If I am using the same switch then I put them in a separate vlan. Only the webserver port has access to the net or is available to the computers on the lan

I sandboxed the entire thing. Cameras and server all live on their own vlan. It has no outbound access to any other vlan, and no outbound access to the internet. I allow SPI inbound to the sandbox from 1 client on my desktops vlan and from my VPN vlan. The only inbound path to anything from the outside is via IPSec tunnel on an odd port with certificate authentication via AD.

 

[NVR990]

I sandboxed the entire thing. Cameras and server all live on their own vlan. It has no outbound access to any other vlan, and no outbound access to the internet. I allow SPI inbound to the sandbox from 1 client on my desktops vlan and from my VPN vlan. The only inbound path to anything from the outside is via IPSec tunnel on an odd port with certificate authentication via AD.

My basic understanding of NVR setups is that you use your router to forward port requests to the machine (in this case a Windows PC) running the surveillance software (in this case Blue Iris). If the surveillance software has this same port “open”, this is what allows you to remotely access your surveillance software/hardware. Did I get this correct?

Is this inherently a risky setup? What is the chief concern here?

There must be a reason that you guys go through the trouble of creating VLANS.

 

[DWW0311]

My basic understanding of NVR setups is that you use your router to forward port requests to the machine (in this case a Windows PC) running the surveillance software (in this case Blue Iris). If the surveillance software has this same port “open”, this is what allows you to remotely access your surveillance software/hardware. Did I get this correct?

Is this inherently a risky setup? What is the chief concern here?

There must be a reason that you guys go through the trouble of creating VLANS.

There are essentially two ways to contact a server which is internal to your network from the internet - you can either implement VPN or you can poke holes in your firewall.

Port forwarding is poking holes. While you can (to some degree) qualify who is allowed to pass through those holes, they're still holes and they open you up to potential problems re: exploits / hackers / etc. The server remains internal to your network, the client remains external to your network, and if they somehow compromise your server, without vlans they potentially have access to everything in your network.

VPN provides for an authenticated, secure path into your network which only authorized clients are able to utilize. Once established, the client - although physically located on the internet - logically becomes co-located on your internal network, where you can implement restrictions on what they are able to access.

The biggest reason that I sandbox is that these things have a tendency to want to "phone the mothership" - i.e. Chinese cameras have a tendency to want to connect to IP addresses in mainland China. For obvious reasons, that is a non-starter. You can get more granular with respect to the security limitations you implement (i.e. this ip address allowed, but not that one, etc.) but the biggest reason is just security. If, by some miracle, somebody managed to get through my firewall and connect to VPN, there is very little that they can do, because the security restrictions bar them from accessing most of my VLANs.

At its most basic, VLANs allow you to segment traffic & put barriers in place if so desired, and they contain broadcasts. Without them, you'd have a ton of clients all potentially sending broadcast messages & clogging up your network.

 

[owenmpk]

I really like BI but i have found that it does not cost effectively scale up to larger systems especially when the customer wants 20 FPS rather than 10 FPS. The issue is the hardware cost a LTS NVR for a 32 camera system is $500-600 while a PC or server that can handle the load is $1000-$2000. I recently went through this with a system i am installing late today and i could not get comfortable with knowing what hardware would support a 32 camera 4MP 20 FPS BI system. I contacted BI for help with this because i wanted to stay with BI but i was pointed to the forums which we all know have good and bad info. When selling a client on a ~$10,000 (hardware cost) system i have to know the hardware will support the load and have someone to go to if and when the hardware does not. It killed me to step away from BI but had to.

 

[NVR990]

I really like BI but i have found that it does not cost effectively scale up to larger systems especially when the customer wants 20 FPS rather than 10 FPS. The issue is the hardware cost a LTS NVR for a 32 camera system is $500-600 while a PC or server that can handle the load is $1000-$2000. I recently went through this with a system i am installing late today and i could not get comfortable with knowing what hardware would support a 32 camera 4MP 20 FPS BI system. I contacted BI for help with this because i wanted to stay with BI but i was pointed to the forums which we all know have good and bad info. When selling a client on a ~$10,000 (hardware cost) system i have to know the hardware will support the load and have someone to go to if and when the hardware does not. It killed me to step away from BI but had to.

Thanks for your post, Owen. I’m just the noob who started this thread, but I thought I’d share my experience, since it’s the opposite of yours in certain ways.

I have an off-the-shelf NVR (16 camera, 2MP) that I used for the past few years. The NVR worked passably for a while, though it lacked certain functionality that I really wanted (fairly basic stuff). When this functionality became available via firmware upgrade, I immediately upgraded. Unfortunately, after upgrading the firmware, the NVR had unacceptable (to me) latency: it took much longer to switch between live cams, search/view recorded footage. So, then what? I’ve got a 16-cam NVR that doesn’t REALLY handle 16 cams, at least to the performance level that I require. I can’t return the 3-year-old unit to the manufacturer, and I don’t really have another use for the NVR.

I’m thinking that, if I had instead gone with a PC/Blue Iris package from the outset, I could have more easily upgraded my PC hardware when required. Even if I had to upgrade the CPU (buy a new PC), at least I’d have an “old” PC with some remaining life/utility (I could repurpose it as a web browsing client, give to the kids, etc.)

On top of this, I was always a little bit uncomfortable with the fact the NVR is really a “black box” and I can’t readily ascertain or control what it does. For example, certain cams and NVRs are known to “phone the mothership” (as DWW0311 says in an above post), and I just feel like there is lower risk of this sort of thing happening with Blue Iris on a PC.

-----

On the cost issue….

it seems to me that one could certainly configure a PC to specs that are technologically superior to what is available in an off-the-shelf NVR. However, you said PCs do not “cost effectively” scale (at least for your application), compared with off-the-shelf NVR. The cost comparison issue confuses me.

For example, let’s consider Dell (PC) vs Hikvision (NVR). As a business, Dell has massive scale relative to Hikvision, and Dell competes in a very, very highly competitive marketplace. In the cutthroat world of selling PCs, Dell thrives by using its scale to purchase components (CPUs, etc) from its suppliers at very low cost, and then passing some of this savings to its customers. If Dell doesn’t sell cheap, it loses market share to HP etc., because PCs are a highly commoditized product. So, I can’t fathom how Hikvision can be materially cheaper than Dell for two boxes with the same hardware inside. Possibly Hikvision is willing to accept lower margins than Dell, but Dell makes practically nothing on PCs (single-digit gross margins), so it’s hard to imagine Hikvision could survive long-term by undercutting Dell on price. Maybe this issue is more complicated, or maybe I’m missing an important factor. I welcome any thoughts. Certainly, your real-world experience (pricing out comparable NVR/PC systems) seems to suggest that I am missing something.

 

[owenmpk]

NVR990, I am very much like you and to prefer to use a PC because of it's flexibility, also BI has many more features than a typical NVR and also supports many more cameras. Also I typically can find i7 OptiPlex systems at Dell's Outlet store for $500-600 which is a good price BUT a mini-tower can only handle 2 hard drives and some only now have space for 2.5" drives not the 3.5" drives. Also I have found that many systems will only support up to 2TB drives so if you have 12-16 cameras that are recording frequently you have limited internal storage space. So the next step is to go to a NAS.

The LTS model LTN8832K NVR can support 4 6TB drives and NVR is ~$500 so this beats the Dell. I order to get 4 drives in a Dell you have go to a server and some servers will not well with desktop OS, BUT a Lenovo TS140 with the Xeon can support four 4 TB drives and in the past i have found these with out drives and an OS for a little as $298 but are now running it the $500-600 range.

So what made me look at this in detail was the client needs and not knowing what PC / server hardware i would be needed to run a 32 camera system. I just could not take the risk. Again i would have preferred to use BI but I need to know exactly what hardware BI would need to support 32, 4MP, 20 FPS cameras running 24-7.

Also I find LTS and other NVR interfaces to be clunky and amateur looking but BI is well laid out that being said, most NVR systems need to be accessible to folks that are not very computer savvy. I have had some clients that call me every time with BI when the want to export a file simple to you an I but to them they need it like Apple products that are usable by someone just out the Hunter Gatherer stage, and BI takes someone that wants to think not just push a button.

 

[krp70s]

Hi everyone,

I am about to build a 30+ camera, mostly at 1080P or higher system.

I've built many 15-17 camera 1080 P @ 30 fps, Blue Iris Servers in the past, running Windows 10 or Windows Server 2012 R2 (Running in a windows 10 virtualized environment, i.e. Hyper V).

All my systems I build only with INTEL CPU's, and usually 4th-6th generation i5 or i7's.

I have tested with server dual CPU Xeon servers in the past and they were absolute rubbish.

I was originally thinking of getting a system to run 30+ cameras using a i7 6900 K, 8 core, 16 threads, however, there is no QUICKSYNC on this CPU,

So I feel like I may head towards the new i7 7700K and run direct to disk, 1080P (2MP) @ 15 fps for 30+ cameras.

Does anyone here have experience with the i7 6900K, 8 core 16 thread or i7 6800k 6 core 12 thread Blue Iris Systems?!

Don't bother with AMD, waste of time and uses way too much power.

In addition, I normally have systems with a quad port broadcom server grade lan nic, where the four ports connect to a Cisco gigabit poe switch which I configure to LACP, effectively giving me a 4 GB/S pipeline.

The hard drives I install normally are 8 x 3.5" 2 Terabyte drives, on an LSI SAS/SATA Raid Card, in raid 5.

Some of my system servers and switches have not been reset over the past 4 years other than for update from Blue Iris V3 -> Blue Iris V4. They do not miss a beat.

I spoke to Ken the person behind BI and he said that once you get to around 12 cameras, that seems to be the limit for Quicksync, and after that number, you don't really see the effectiveness of having it.

Hope this helps.

K

 

[NVR990]

The web/browser client has much less functionality than the local BI client (it is very simplistic and old-fashioned). The mobile apps (iOS / Android) are better, but still limited in what they can do. Full functionality requires access to the local GUI. Simultaneous playback is ONLY in the local GUI.

I suggest downloading my custom web client which is linked in my signature. This will bring it nearly up to par with the mobile apps in terms of functionality.

Thanks, @bp2008.

To access Blue Iris via the Blue Iris web/browser client, are browser plug-ins or ActiveX controls used? How about via your custom web client, @bp2008?