Setting up VLANs is also recommended, you should also use hardware-based Firewall (like Ubiquiti's Security Gateway); makes it easier to configure VLANs and inbound/outbound Firewall rules
Also, since these devices are apparently so good and so sneaky at dialing home and compromising your network information, no one's worried that malware could make it from the cams to the BI machine and then out to the rest of the world that way? If this is possible then the only way to prevent this is to VLAN the cams off so they can't talk to any other devices on your network thus sneaking information out via another device on your network which is connected to the internet. Using the Dual NIC setup instead of a VLAN the Cams are talking directly to an internet connected machine and thus able to spread malware, correct? I keep reading about these devices sending your network info back "home" and it doesn't seem farfetched that if the person(s) that installed this malware really want to get this information out and back to them that the malware could then spread to your BI machine? Thoughts? Too Tom Clancy and farfetched?
Edit: I don't know if you put the cams on a different VLAN than the BI Machine if BI would still be able to grab the RTSP stream. I'm prob over thinking all that, it was just the first thing that came to mind when I started reading about the Dual NIC setup.
Edit 2: I guess the BI Machine would still be able to talk to the rest of the devices on the Network and if there was some malware that really wanted out and could spread from device to device on your network it will find a way.