New and Overwhelmed

[Kk9]

I just wanted to hook up some cameras...
Wth did I get myself into..

I've read a little about bitrates, surveillance storage drives, framerate*color depth*resolution (x*y), compression methods, hardware acceleration, DNR, Vlans - I have no idea where to begin.

I want an expandable setup (because I'd like to start with maybe 2 cameras to get comfortable with, tinker) maybe up to 8 cams including one of those doorbell ones.
With an open mind, I'm starting on:

• wanting a NAS that also clones or streams to cloud for remote viewing away from home. I guess doubles as cloud backup?
• no 'smart' services such as google, alexa, etc.. (cloud mentioned above is one of my own hosting)

Where do I even begin?

EDIT: I want to try to avoid the broad ask, actually. That's more out of anxiety than anything.
How possible and how feasible is it to stream over the internet while backing up to cloud storage?
Does this completely relieve you of a local storage and is that even a good idea to begin with?

 

[Rob2020]

Welcome



Start with the Cliff Notes;

Cliff Notes

Take your time, read and learn, and then start slow.

I came here a year ago and knew little to nothing, I now have 4 cams recording 24/7, and several more I need to mount.

 

[wittaj]

EDIT: I want to try to avoid the broad ask, actually. That's more out of anxiety than anything.
How possible and how feasible is it to stream over the internet while backing up to cloud storage?
Does this completely relieve you of a local storage and is that even a good idea to begin with?

It is not feasible. These cameras take a lot of bandwidth. A 4MP camera can be using 4GB or more every hour. Do the math. 24/7 is pretty much out of the equation.

You do not want to rely on cloud storage who knows where.

Ironically, security cameras are notorious for not being very secure and if they are exposed to the internet, they will be hacked.

They hacked not because they care to see your video stream; they are hacked to use your internet as a bot attack.

You will pay a premium for cloud storage and get poor return.

The cloud based systems out there barely work for motion detection, and the picture quality is horrible.

You do not need cloud service to review the cameras away from home.

Most of us here use OpenVPN which allows you to VPN back into your router and home to view the cameras. This is free.

Do not mistake this for a paid VPN that is used to hide your IP for illegal streaming and porn lol.

 

[Kk9]

It is not feasible. These cameras take a lot of bandwidth. A 4MP camera can be using 4GB or more every hour. Do the math. 24/7 is pretty much out of the equation.

You do not want to rely on cloud storage who knows where.

Ironically, security cameras are notorious for not being very secure and if they are exposed to the internet, they will be hacked.

They hacked not because they care to see your video stream; they are hacked to use your internet as a bot attack.

You will pay a premium for cloud storage and get poor return.

The cloud based systems out there barely work for motion detection, and the picture quality is horrible.

You do not need cloud service to review the cameras away from home.

Most of us here use OpenVPN which allows you to VPN back into your router and home to view the cameras. This is free.

Do not mistake this for a paid VPN that is used to hide your IP for illegal streaming and porn lol.

Yeah I'm familiar with VPN's, I'm surprised you guys don't prefer wireguard.
I already have my own cloud storage, but as far as I can tell, it would only be good for backups.
I don't ever plan on recording 24/7, just always-on for live access but recording on triggers.. i don't know what specifically though? Motion detection? Facial recognition? Something along those lines.
This Blue Iris software seems to have quite a buzz when I'm looking up information on this stuff, but it's just a software? If I bought an NVR on this site - does it come preloaded with Blue Iris?

 

[Teken]

BI VMS is installed on to any Windows computer system that meets the hardware requirements.

 

[wittaj]

Many here use wireguard as well.

Nope an NVR has it's own software/firmware. BI is a Windows program ran on a Windows computer (although some have it working on other platforms).

 

[Rob2020]

Yeah I'm familiar with VPN's, I'm surprised you guys don't prefer wireguard.
I already have my own cloud storage, but as far as I can tell, it would only be good for backups.
I don't ever plan on recording 24/7, just always-on for live access but recording on triggers.. i don't know what specifically though? Motion detection? Facial recognition? Something along those lines.
This Blue Iris software seems to have quite a buzz when I'm looking up information on this stuff, but it's just a software? If I bought an NVR on this site - does it come preloaded with Blue Iris?

Blue Iris runs on PC, NVR is whatever software the NVR MFG loads. Most NVR only plays friendly with their brand; Dahua works with Dahua. I am sure there are exceptions. With Blue Iris and a PC you can mix n match cameras if you want to. I came here with the mindset of a HIK NVR and HIK cameras and after a lot of reading and questions I have BI and all Dahua cameras. I am 100% happy, if I could go back to day one I would have done the same with the exception I would have bought a bigger POE switch.

 

[Teken]

if I could go back to day one I would have done the same with the exception I would have bought a bigger POE switch.

Everyone makes that mistake on their first run . . .

It's understandable given the vast majority of people have financial priorities and limited resources. Regardless, that's why the used hardware market exists and how people can save lots of money while getting fantastic value.

 

[Kk9]

Many here use wireguard as well.

Nope an NVR has it's own software/firmware. BI is a Windows program ran on a Windows computer (although some have it working on other platforms).

I wasn't expecting that.. Windows only? I was suspecting linux, figuring it's used to more or less build your own nvr box at least. Get the right hardware, box it in a nice compact form factor, install BI (as an OS), and boot it up. Never thought it'd be a windows program.

So you build a separate windows box just to use this? You vlan the the box to join a nas and the ip cams? Do you depend on vlan alone, or do you use a hw fw between the switch and router? (like sonicwall, maybe opnsense?)

 

[wittaj]

An NVR is simply a watered down computer (with poor security as the firmware is rarely if ever updated to fix vulnerabilities).

Most here use a dedicated computer just for BI, which is no different than an NVR and not running any other programs on it.

You can do VLAN, but most of us simply add a second NIC to the machine. All the cameras go on one NIC with one IP address range and no access to the internet and the second NIC with a different IP address range and provides internet service to the BI computer. That is essentially what an NVR does now. The WAN port is the internet on your home IP range and the POE ports on the back are assigned a different IP range.

When I was looking at replacing an existing NVR, once I realized that not all NVRs are created equal (the bandwidth is can process is a huge limiting factor), and once I priced out a good one, it was cheaper to buy a refurbished computer than an NVR.

Many of us buy refurbished computers that are business class computers that have come off lease. The one I bought I kid you not I could not tell that it was a refurbished unit - not a speck of dust or dents or scratches on it. It appeared to me like everything was replaced and I would assume just the motherboard with the intel processor is what was from the original unit. I went with the lowest end processor on the WIKI list as it was the cheapest and it runs my system fine. Could probably get going for $200 or so. A real NVR will cost more than that.

A member here a couple months ago found a refurbished 4th generation for less than $150USD that came with Win10 PRO, 16GB RAM, and a 1TB drive. You won't find a capable NVR cheaper than that...

Blue Iris has a demo, so try it out on an existing computer and see if you like it.

There is a big Blue Iris or NVR debate here LOL. Some people love Blue Iris and think NVRs are clunky and hard to use and others think Blue Iris is clunky and hard to use. I have done both and prefer Blue Iris. As with everything YMMV...

And you can disable Windows updates and set up the computer to automatically restart in a power failure, and then you have a more powerful NVR with a nice mobile viewing interface. I have found the power consumption to be comparable to an NVR and even less in some instances.

Blue Iris is great and works with probably more camera brands than most VMS programs, but there are brands that don't work well or not at all - Rings, Arlos, Nest, Some Zmodo cams use proprietary systems and cannot be used with Blue Iris, and for a lot of people Reolink doesn't work well either. But we would recommend staying away from those brands even if you go the NVR route with one of those brands...

 

[Kk9]

An NVR is simply a watered down computer (with poor security as the firmware is rarely if ever updated to fix vulnerabilities).

Most here use a dedicated computer just for BI, which is no different than an NVR and not running any other programs on it.

You can do VLAN, but most of us simply add a second NIC to the machine. All the cameras go on one NIC with one IP address range and no access to the internet and the second NIC with a different IP address range and provides internet service to the BI computer. That is essentially what an NVR does now. The WAN port is the internet on your home IP range and the POE ports on the back are assigned a different IP range.

When I was looking at replacing an existing NVR, once I realized that not all NVRs are created equal (the bandwidth is can process is a huge limiting factor), and once I priced out a good one, it was cheaper to buy a refurbished computer than an NVR.

Many of us buy refurbished computers that are business class computers that have come off lease. The one I bought I kid you not I could not tell that it was a refurbished unit - not a speck of dust or dents or scratches on it. It appeared to me like everything was replaced and I would assume just the motherboard with the intel processor is what was from the original unit. I went with the lowest end processor on the WIKI list as it was the cheapest and it runs my system fine. Could probably get going for $200 or so. A real NVR will cost more than that.

A member here a couple months ago found a refurbished 4th generation for less than $150USD that came with Win10 PRO, 16GB RAM, and a 1TB drive. You won't find a capable NVR cheaper than that...

Blue Iris has a demo, so try it out on an existing computer and see if you like it.

There is a big Blue Iris or NVR debate here LOL. Some people love Blue Iris and think NVRs are clunky and hard to use and others think Blue Iris is clunky and hard to use. I have done both and prefer Blue Iris. As with everything YMMV...

And you can disable Windows updates and set up the computer to automatically restart in a power failure, and then you have a more powerful NVR with a nice mobile viewing interface. I have found the power consumption to be comparable to an NVR and even less in some instances.

Blue Iris is great and works with probably more camera brands than most VMS programs, but there are brands that don't work well or not at all - Rings, Arlos, Nest, Some Zmodo cams use proprietary systems and cannot be used with Blue Iris, and for a lot of people Reolink doesn't work well either. But we would recommend staying away from those brands even if you go the NVR route with one of those brands...

Thanks!
Yeah I fully intend to avoid brands like that. I'm a privacy advocate so I'm trying to keep it as close to cctv as I can with full control over any exceptions to that.

 

[Swampledge]

@Kk9 Several years ago, my son showed me what he had done at his house with Nest cameras. It seemed like a quick and easy way to get a couple of cameras watching portions of my property that I couldn’t easily see from my house. I set up a couple of cameras and was happy. Then I built a new workshop and, one day, while I was working in there, a couple pulled into my driveway and attempted a break-in. I was working in there. I did not know that’s what they were doing; the woman told me they were only using my driveway to turn around. It didn’t seem right to me, so after they drove off, I checked my Nest cam footage and saw what they had attempted. Unfortunately, the footage was completely inadequate to capture their faces or license plate. More troubling to me, though, was the lengthy buffering that would occur when I attempted to bring up the cameras‘ live views, and the frequent dropouts of signal, even from cameras close to WiFi access points. I resolved to get a system that would solely within my own network. My research led me to Blue Iris. I found a used PC back in July, added a Western Digital Purple Drive, bought an inexpensive Amcrest IP camera, loaded Blue Iris, and had my Blue Iris test setup running. It provided all the features I wanted and now, just a bit over 2 months later, I have a system that would have obtained clear ID videos of the attempted perps.

I’ve still got a bunch of cameras to add, but I know my system is capable, and the learning curve was not at all steep. I just took it one step at a time, and am very satisfied with what I’ve got and where my system is headed. The guys here are incredibly knowledgeable, and spend tons of their time helping newbies like me. They know what they are talking about.

BTW, I too would have preferred a Linux system. I did not have any Windows systems at the house. But Blue Iris was sufficient to convince me to step back into the quagmire that is Windows.

 

[Left Coast Geek]

a pretty good choice for a business grade refurbished PC to use for BI is a HP EliteDesk 800G2 SFF (not Mini), with a core i7-6700 (fastest CPU supported in that generation). these are showing up in good quantities on ebay etc as they come off business leases. they are about 3 years old, still in very good shape. they will hold a couple 3.5" surveillance drives plus a SSD for the windows boot. 16GB ram is more than plenty. they come with Win10 pro 'refurb edition' cleanly installed (this is a special OEM version Microsoft licenses legit refurbishers to use on business desktops/laptops that came with OEM Windows).

I stupidly bought the Mini version ,same CPU and memory specs in a very tiny 7x7x1.5" box, but it only has room for one M.2 SSD and one 2.5" SATA drive, and I didn't expect the only 'large' 2.5" SATA drives you can find easily today are 2TB SMR drives, which suck. I'm using one for now, and archiving my videos that are over 24 hours old onto my NAS (FreeNAS w/ 4x8TB formatted as 21TB usable) where I keep a 6 weeks. With BI, its transparent whether the recorded videos are local or archived, it presents them all in the same time-sorted list. BI has a quite usable web interface for remote viewing, and a UI3 app for mobile that offers a reasonable mobile viewer, with only a few quirky things (like how you swipe between time vs camera when viewing a single full vid).

 

[Left Coast Geek]

p.s. I had some first gen Arlo cameras, they were even worse than the Nest system. they ate CR123 batteries for lunch (4 batts per camera 3-4 times a year), and they used PIR motion sensing so they nearly always trigger way too late. All 4 sit on my bookcase in the 'rejected junk' shelf.

 

[sdkid]

Thanks!
Yeah I fully intend to avoid brands like that. I'm a privacy advocate so I'm trying to keep it as close to cctv as I can with full control over any exceptions to that.

All of this can be done pretty cheap.

I picked up this one on Ebay this past week. This is going to be a computer for my wife to edit embroidery patterns and play media. It would make a great BI machine with a big WD Purple in it, and a boot drive in the M.2 slot. I won't use the little SSD in it (probably old and I wouldn't trust it), but I will put a 500Gb Samsung M.2 in place and install Windows with a fresh download. Windows will identify the computer and see that it is licensed already for a Win10Pro license.


There are plenty of Dells too-- but they pissed me off recently so I'm going to stay away from them.

I STRONGLY suggest you find an old HP Procurve POE switch. They are dirt cheap on ebay (only $40) and originally cost $800 to $1,000. They run quiet, and use less power than comparable Cisco switches. Tiny investment for an enterprise-grade switch. If you want to spend more, look for a gigabit version. There are lots of options out there.

Here is the one I got that has been working just fine. It even isolated damage from a lightning surge to one port.

HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch for sale online | eBay

Find many great new & used options and get the best deals for HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch at the best online prices at eBay! Free shipping for many products!

www.ebay.com

You can buy a cheap rack to put it in and have a nice setup ready to grow as you spot all the other areas you want a camera. LOL Welcome to the dark side!!

 

[Kk9]

These are great tips, I had no idea a used PoE switch could get that inexpensive.
So - this is interesting and new, I just spoke to someone today about this who lives in my area. We talked about a virtual "neighborhood watch" of sorts where if certain willing (and paying) parties would get the required equipment, that maybe we could even mesh network the various vms systems together in a decentralized fashion. Essentially giving each participating household access to each others' cameras/selected cameras, all at once without switching vpn nodes. Has anyone done anything like this or have any idea if it's possible? The idea sounded fascinating and while I understand it closes on "nest" types of surveillance, it is still different in that you should be able to choose which cameras are public & not to mention knowing specifically who has access to them..

 

[Left Coast Geek]

i prefer to use a VPN to make BI accessible from outside my LAN.

the ideal setup from a computer security perspective, you have your internet connection and your firewall router, and your LAN. your BI NVR system has two NICs, one connected to the LAN, and another with a private static subnet and the PoE switch(es) and cameras, so ONLY the BI box can 'see' or talk to the cameras. your firewall router ideally supports some sort of VPN server, be it wireguard or openvpn or whatever, and anyone who wants to connect to your BI via UI3 would have to use a vpn client first, THEN run the BI UI3 client (or a web browser). BI lets you setup multiple users who have different levels of access, and that includes different views of which cameras.

each homes cameras would be their own thing, with their own local storage. so to see the Jonses cameras across the street, you would need to fire up a VPN client to them, then connect and log into their BI via your web browser or mobile BI UI3 client. not totally user friendly, but not unmanageable.


for this to all work right, each neighbor ideally uses a different private subnet for their LAN, l ike 192.168.XXX.0/24, where XXX is the neighbor number (.1., .2., .3., ...). and each 'neighborhood' VPN connection is setup to be restricted so the neighbor who logs onto that VPN can only access the BI NVR, not anything else.

for sure I know I could set this up using pfsense as the firewall router, and probably using OpenWRT or DDWRT. I'm less comfortable with being able to set this up with the typical consumer route, and no effin way on cable xFi kinda ISP provided routers.

 

[Kk9]

i prefer to use a VPN to make BI accessible from outside my LAN.

the ideal setup from a computer security perspective, you have your internet connection and your firewall router, and your LAN. your BI NVR system has two NICs, one connected to the LAN, and another with a private static subnet and the PoE switch(es) and cameras, so ONLY the BI box can 'see' or talk to the cameras. your firewall router ideally supports some sort of VPN server, be it wireguard or openvpn or whatever, and anyone who wants to connect to your BI via UI3 would have to use a vpn client first, THEN run the BI UI3 client (or a web browser). BI lets you setup multiple users who have different levels of access, and that includes different views of which cameras.

each homes cameras would be their own thing, with their own local storage. so to see the Jonses cameras across the street, you would need to fire up a VPN client to them, then connect and log into their BI via your web browser or mobile BI UI3 client. not totally user friendly, but not unmanageable.


for this to all work right, each neighbor ideally uses a different private subnet for their LAN, l ike 192.168.XXX.0/24, where XXX is the neighbor number (.1., .2., .3., ...). and each 'neighborhood' VPN connection is setup to be restricted so the neighbor who logs onto that VPN can only access the BI NVR, not anything else.

for sure I know I could set this up using pfsense as the firewall router, and probably using OpenWRT or DDWRT. I'm less comfortable with being able to set this up with the typical consumer route, and no effin way on cable xFi kinda ISP provided routers.

I briefly tried to mess with either openwrt or ddwrt and I don't remember which one. I recall it being very convoluted though, and asking for configuration of things that i had never even heard of. I'm not exactly new to networking though, but whatever I was looking at felt like it was more of a framework to support building your router from the ground up rather than offering more features than your native asus firmware would.

I can definitely see it operating the way you described, as to access each household via its own vpn setup. I suppose though, to really unify all the cameras from one connection - it would end having to be centralized. Where if I hosted the cameras on a vpn setup like what you described, the vms server here would have to have 'always-on' vpn connections to each vpn host of each household. Allowing everyone to have to make only one connection to see everything. I'm not sure I could get multiple vpn connections at once though off a single box.. The only other standout issue is the extra couple of hops for everyone else.
If there was a software that accommodated this idea though, it would have the function baked-in to look for other instances of itself on the internet to shake hands with and share feeds with. Imagine like the matrix protocol (see matrix.org) but for cameras.

EDIT: brief description of matrix: It's a communication tech that is federated and decentralized.
You can build your own matrix server, sign up an account on your server, make a room on your server, and join that room. I can do all of the same things on my side.. but, I can still then join your room and you can join mine. Even though our accounts are registered on our own servers, the platform (matrix) can speak to any other instance of itself as the admin/server owner permits it.
I'm not at all expecting to find federated vms software, but decentralized doesn't sound impossible.

Also, I see mention of pfsense a lot here. Any particular reason that gets chosen over opnsense?

 

[Left Coast Geek]

pfSense feels way better integrated to me than OpenWRT or DDWrt. but it requires a 2-4GB x86 CPU with 2-4 cores and it doesn't handle wifi at all well, so you need separate wifi access points (I'm using Ubiquiti APs). I run pfSense on a APU2D4 mini board, which has a quad core 1Ghz AMD "Neo" ultra-low power CPU, and 3 Intel gigE ports and 4GB ram. definitely a network nerds router Oh, pfSense is built on a FreeBSD base rather than a Linux base, so its pretty alien to someone who only knows Linux. BSD is much closer to classic Unix than Linux, and also IMHO more long term stable.

I was never officially a 'network engineer' during my career (recently retired after 45 years), I was primarily a software engineer, but I taught myself a whole lot of networking, as well as computer hardware because much of my software engineering was either close to the bare iron at the OS level, and/or dealt with networks, so I figured the more I knew, the better. Back in the 80s, I ended up being the hardware architect on a few projects, and designed several complex boards, AND wrote the drivers and firmware and microcode that made them sing.

 

[Left Coast Geek]

I can definitely see it operating the way you described, as to access each household via its own vpn setup. I suppose though, to really unify all the cameras from one connection - it would end having to be centralized. Where if I hosted the cameras on a vpn setup like what you described, the vms server here would have to have 'always-on' vpn connections to each vpn host of each household. Allowing everyone to have to make only one connection to see everything. I'm not sure I could get multiple vpn connections at once though off a single box.. The only other standout issue is the extra couple of hops for everyone else.
If there was a software that accommodated this idea though, it would have the function baked-in to look for other instances of itself on the internet to shake hands with and share feeds with. Imagine like the matrix protocol (see matrix.org) but for cameras.

You could setup a bunch of discrete BI servers that all 'pushed' alert/trigger videos from the 'shared' cameras to a central webserver, and whip up some sort of website to view them..... this wouldn't be as sweet as a single BI instance, but could be workable enough.

Also, I see mention of pfsense a lot here. Any particular reason that gets chosen over opnsense?

pfSense is the original, and its developers, Netgate, have deep roots in the BSD community. pfSense was originally forked off the rather old m0n0wall project which had run out of steam. opnsense was forked from an earlier version when the people doing the fork didn't like the new UI and wanted to keep updating the old UI framework instead. I've not actually paid much attention to it.

my sub-$200 APU2D4 hardware is easily handling 900Mbit/s routing off my cable modem, although I think its OpenVPN performance is more like 100-200Mbps, but thats plenty good enough for me (and thats a hardware limitation, not a pfsense limitation). Wireguard is pretty close to being mainstream stable on BSD, and when it is, I'll likely use it, but since Covid, I'm mostly at home and don't actually need much VPN.