CCTV Camera System for Enterprise Environment

[kiteboy]

Hi guys

I posting here for work colleagues really - we have a number of remote cameras IP cams of various makes and manufacturers

The problem is the work environment is restrictive so we are unable to install the various plugins that maybe required for the various cameras we have

So its a bit messy at the moment with users that need access to the cameras going direct to fixed IPs

Often this is through plain http as sometimes the self signed certificates also cause problems on the internal work environment - so it really is restricted

Theres also some cameras on normal sims (not fixed ips - and the guys are then using the p2p method of that camera to get access to that particular camera

So its all over the place really

I would probably recommend angelcam or something like that for ease of use but just wondering if there are any other systems out there

They need streaming and recording if possible

I have heard of blue iris but never used - they used to have a non-networked machine to bring camera images in previously so blue iris fits that bill

Plus the ability to set up a webserver for blue iris for remote access is even better - so it sounds good really - we woulkd need a number of users accessing at the same time - possibly upto 30 users

Any thoughts or advice welcome to be honest

 

[lcam]

BI should be able to do the job. Download the free version and test it with one of your cameras.

 

[kiteboy]

Thanks...it's just giving them something to try...they are starting to put in 4k type cameras in but don't realise that.....the broadband will ideally need to be better and in some of these places it's very unlikely....do you need a high spec windows machine for it to run on?

 

[lcam]

Not anymore since BI supports sub streams from the cameras. Check the Wiki for recommendations on hardware. An i5 would work for most installations.

 

[IpCam_User]

I would suggest not allowing access to the BI's web page from the Internet. Now days if someone needs remote access to anything on your network they should connect to the enterprise network using a VPN. Have them connect via a VPN then they can pull up the BI's web server page for viewing.

With the 4K cameras, you will need a lot of space to store videos; depending on what your needs are. While not everyone on here feels the same, and I would suggest you decide for yourself, I am partial to using (and do use) Seagate Skyhawk AI 10TB Surveillance Internal Hard Drive. You may want multiple drives or a larger one for your system (also do not "raid" them as they are not designed for that and may actually perform worse as a raid array).

 

[IpCam_User]

If you can do it, I would also suggest that you come up with a "standard" set of cameras for your environment and as new cameras are added or old cameras are replaced they are setup using this standard. It will make long term support of the cameras cheaper.

I have to admit, the idea of someone using P2P in an enterprise environment scares me from a network security point of view.

You don't say if you forwarded a port from the internet to BI port 81.
How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

 

[kiteboy]

Well its in an enterprise environment but other than connecting to the cameras individually they are not on the internal network so to speak

They are on the public internet and we just access via their fixed public Ip for viewing when needed

As you can imagine as the users that have been installing the cameras dont really understand the ins and out (nor do i understand every facet) you end up with various manufacturers - plugins for days and it becomes more and more difficult to manage

I do like the look of blue iris and that has loads of options - I cant connect to any of the remete cameras we have yet as they all work on port 80 through the cameras internal webpage

So I gather we would need to set up an RTSP stream into blue iris maybe - but then again that means opening ports to allow the stream remotely

 

[IpCam_User]

I would suggest looking for cameras that support the ONVIF standard (standard port 554). That should allow almost any camera that is purchased to connect to BI and many other systems.

I am going to assume (this may be bad) that you also have a more robust router/firewall system in to your network from the Internet? (If you can not start making everyone use a VPN to get on the network If this is the case, you will want a DMZ setup with a reverse proxy to your BI server. Then firewall off the DMZ from the rest of your network and only allow very limited ports from the reverse proxy to communicate with the actual BI server. Set the reverse proxy to use authentication in order to view the site.

It took us a couple of years (planned that way) but we setup a standard for our copiers. We went from supporting 150+ different makes and models to one make with about 4 models. If you create a camera standard and then make it easy for people within your enterprise to purchase one of the "standard" cameras it will make your life much easier! Look at the the 80% needs use case and look for a make and several models that would support those cases. {I eventually chose Dahua but found that I need at least one Hikvision as Dahua does not have a camera that does the same thing in the same format. You do not need to use Dahua, but highly suggest picking a make after you discover several models that will fit at least 80% of your needs.} [Can I create a ip camera CCTV system?]

If possible, put all the cameras on one vLAN or one physical network that is not connected to your data network. Make sure the BI server has two NICs in it with one on the camera network and one on the data network. I like the physical network over vLAN but it basically doubles one's hardware costs as one would need a switch for their data traffic and then a second switch for their camera traffic (let not forget the double amount of cabling, runs, etc).

Enterprise environments can be more difficult to design for as there are many more things to consider than for a home/soho. Things like who needs to see which cameras, how to mange their authentication to them and how to long term mange turnover of employees. If such systems are already in place for other things (i.e. AD for logging in to workstations), is there something that can connect to the camera system to integrate said permissions natively? This way, with "role-based" security when someone is added to their role group they get all the correct permissions they need to do their job and when they leave and removed from that one role all their permissions across the enterprise are removed automatically.

Depending on the size of your 'enterprise', in number of employees, locations of employees, number of projected cameras, etc you may want to consult a Local (to you) VAR (or three) for recommendations and quotes. This may also end up saving the company money in the long run.

 

[IpCam_User]

As for 4K cameras, look for ones that support both ONVIF and H.265. The H.265 should give you better quality at a lower bandwidth requirement than H.264 standard. I would be surprised if BI does not support H.265 recordings as it has been out a while now.

I like the Seagate Skyhawk AI Surveillance drives over their WD counterparts; however, what is the best for your situation would depend on the results of your needs analysis and [hopefully] not what I like. Please do not use a "desktop/workstation" drive to store your videos on. They are not fond of running 24/7 where as the surveillance ones are.

 

[kiteboy]

Thanks for the massive post! Ive been thinking they also have some cameras on sims (only one or two) and are using a p2p app to view those as its not a fixed IP sim
Ive also been looking at cloud storage / images like the angelcam too as a consideration

yeh the work environment is very secure hence why they are looking at keeping things totally away from that network entirely to be honest

the BI PC would have to be on a separate BT broadband connection most likely to do this - they just want something that they can see all their cameras on - be able to access through a browser and from any phone really

In the above scenario would opening up 554 on the remote routers to allow BI to communicate with the cameras work - or not really a good idea?

Im trying BI on my laptop now and I cant connect to any of the camera images remotely on port 80 at the moment - thats the only port that open at the moment for all the cameras

These cameras are connected to an NVR (Hitel) (proper old school)) and its so old they dont actually stream video - they stream images - updated very quickly I cant get any of these to work with BI yet
ive tried load of options too

 

[IpCam_User]

"... opening up 554 on the remote routers to allow BI to communicate with the cameras ... not really a good idea."