Newbie Starter Guide to IP Cam System – VPN setup – Computer Hardware – Blue Iris – Dahua Cameras

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
This is an intermediate / newbie guide for people just starting out looking for a surveillance setup.

I know this setup might not be for everyone and there are many options. You can find a lot of this information in the Wiki:
IP Cam Talk Wiki | IP Cam Talk

A great place to start in the Wiki are with the Cliff Notes:
Cliff Notes


I hope others can share some tips and add to this thread

---Computer, software, setup, some basic tips----


This setup relies on purchasing Blue Iris (worth every penny) and buying a computer that can run it. I used an NVR in the past and I cannot suggest using it as the features are not there.
-attached on the bottom of this thread is the Blue Iris v5 pdf help file.

Purchase Blue Iris:
Blue Iris Software | IP Cam Talk

official website:
Home - Blue Iris Software

You must follow and optimize BI here:
Optimizing Blue Iris's CPU Usage | IP Cam Talk

Forum member Dasstrum has the best videos for getting started with BI after the initial setup – his videos will walk you through many options and configurations:
Video Tutorials | IP Cam Talk

For what computer to purchase there is a great guide here:
Choosing Hardware for Blue Iris | IP Cam Talk
Always buy used and do not build – it is cheaper and easier!

Based on cams setup what process is required:
0-500 MP/s ----- 3rd-7th gen i5 desktop CPU (4 cores)
500-800 MP/s --- 3rd-7th gen i7 desktop CPU (4 cores + hyperthreading) or 8th-9th gen i5 desktop CPU (6 cores)
800-1100 MP/s -- i7-8700 (6 cores + hyperthreading) or i7-9700 (8 cores) or the K edition of either
1100-1500 MP/s - i9-9900K

Calculate MP/s:
16 cams x 2MP x 20fps = 640MP/s

Compare CPUs:

Great info about 6th vs 8th Gen CPU
you can buy i5-8500 systems which are faster and newer than the i7-6700 systems for about 400.
A 6700 system cannot handle 1548 at 23, unless limit decoding is selected - which is a bad idea in most cases. See wiki. Compare apples to apples.
The 9700 is significantly faster than the 6700, there was a huge jump from the 6th gen to the 8th+ gen.

When buying used PCs on ebay, the price roughly correlates with their age, but performance does not. An i7-3770 is close to 87% of the performance of an i7-7700, but 30-40% of the price. Really the CPU performance from 2nd gen to 7th gen did not change very much, and Intel only started adding more cores with the 8th and 9th generations due to pressure from AMD. 8th and 9th gen are still too new to find super amazing deals on.

Of course, you never know how much life an old PC still has in it, and older machines typically come with less RAM and storage, and typically will consume a little more power due to less efficient CPUs.
Great way to compare other computers and their setups:
Blue Iris Update Helper

I went with HP G4 because of the dual drive bay and decent prices for higher-end i5/i7 – some great info on the HP Elitedesk G4 and how to set it up extra drives – this has 2 HDD bays:
HP Elitedesk SFF G4

The Dell 7060 is also good. It is smaller than the G4 but it only has 1 HDD bay.

Depending on your setup you can buy $100 refurbished computers on eBay that will work fine with BlueIris.

Many of these systems don’t have HDD but that is ok. The Windows Key is embedded and you only need to purchase storage and use the Windows Media Creation Tool:
Download Windows 10

You will want to install Windows, Blue Iris, & Blue Iris Database on the main NVMe/SSD (256-512gb is best) and videos on a HDD (Purple HDD by WD is most popular)

If your Computer is compatible go with a NVMe:

For BI place all main files on your main disk and use surveillance Camera HDD to store your video clips. The Purple HDD are great:

Turning off Disk Defrag for JUST the purple drives can help avoid any issues when recording - leave it on for the main SSD/HDD where system is installed:

thanks @bp2008 for the great suggestion!

Blue iris only allocates up to 90% of a drives available space. With bigger drives (+4TB) you can allocate 95%. For example if you have a 10TB HDD: It is 10000 GB - usable space would most likely be 9090 GB - 95% would be 8635 GB and that is what you would put in the 'Limit Size' under the Clips and Archiving tab in Blue Iris Settings.

Do you get too caught up on the 5400/7200RPM – simply go with 5400RPM.

Ways to keep your Blue Iris Server automated:
-run BI as a service (this is under Blue Iris Settings -> Startup -> Run as a window service)

-Auto-start BI (you can do this with any program such as team viewer)
Elevated Program Shortcut without UAC Prompt - Create - Windows 7 Help Forums

I found step 23 (from link above) was best to complete the auto-start:
Task - Create to Run a Program at Startup and Log On - Windows 7 Help Forums

-Bios has a setting to boot your computer automatically if the power goes out and comes back on when you are not home.

-You can also remove the log-in/password screen:
How to Skip the Windows 10 Login Screen and Log Into Your User Account Automatically

Watchdog:
Left Click on each Camera -> go to 'Camera Settings' -> Watchdog Tab
-->You can enable the "Fire alerts after: " option to be sent an Alert when BI loses a connection to the camera
-->Blue Iris smartphone app that lets you reboot the BI PC remotely if you ever need to

Disable Windows 10 Automatic Updates:
Disable Windows 10's Automatic Driver Updates

Quick Sync:
You are going to want to enable Quick Sync – a rundown on what to do to get QS to work:
Getting Intel Quick Sync to work with Blue Iris (Settings & Troubleshooting)

Adding a GPU like nvidia can be helpful to take stress off the CPU and for better streaming. You will need to go into bios and enable this under “iGPU Multi Monitor or similar”
-> 99.9% of the time you do not need to add a nvidia graphics card as it will increase power consumption and generate extra heat.
-> nvidia cards are normally suggested if you want to stream 4K video.
Additional info about Nvidia & your BI machine:
4.7.8 - August 28, 2018 - Support for the Nvidia CUDA hardware decoding
Video Encode and Decode GPU Support Matrix
Check the NVDEC Support Matrix (full GeForce list)

Sandy bridge supports H.264 only in a limited fashion.
Firewall/Anti-Virus & Blue Iris:
You will need to exclude BI program and storage folders from your window's anti-virus and firewall.

Power Plan:
Make sure you have "High Performance" option checked as your power plan.
To check and change the setting:
Go to Control Panel -> Hardware and Sound -> Power Options -> click High Performance
Or Control Panel -> All Control Panel Items -> Power Options -> click High Performance

---Computer, software, setup, some basic tips----


----ADD-ONs----

Blue iris tools
is great to add a weather overlay:
Blue Iris Tools - Weather Overlay, Watchdog & more!

NTP (Network Time Protocol) - Another tip is to install nettime so all cams time sync. This is important if you need to use footage as evidence:
NetTime - Network Time Synchronization Tool
Some troubleshooting and tips to get it setup:
Setting up NetTime Time Sync Tool on Windows 10

Artificial intelligence for blue iris:
[tool] [tutorial] Free AI Person Detection for Blue Iris

Sighthound - Industry Leading Computer Vision

LPR:
OpenALPR - Automatic License Plate Recognition

----ADD-ONs----


----Cable/wires/tools----


CAT6 is great for many and you should use 23AWG Solid Copper– this is a popular model:
Use solid (not stranded) copper (not CCA "Copper Clad Aluminum) CAT-5e or 6 cable with jacket rated for your application (CMR for indoors direct/flooded burial for outdoors due to UV, ozone and moisture) -suggested by member TonyR

For making the wires I always felt pass through RJ45 connector and Crimp Tool always worked best and is the easiest.

Keep it neat with a boot:
Amazon.com: Soft Plastic Ethernet RJ45 Cable Connector Boots Cover Strain Relief Boots CAT5 CAT5E CAT6 CAT6E 100PCS By Copapa (Blue): Computers & Accessories

Pass through crimping tool is great:

And straight RJ45 pass through connectors with the crimp tool above works great:

----Cable/wires/tools----


----Switch----


A POE switch powers your cams. You are going to want POE+ (PLUS) is important.
POE+ as it will be able to send more power per port – it is always better to have this extra power as you expand and not much more than a POE:
PoE (802.3af) up to 15W
PoE+ (803.2at) up to 30W (realistically 25W available to end devices)
There are additional PoE versions, standardised or proprietary, pushing the power beyond this:
UPoE (Cisco Propietary) up to 60W
802.3bt type 3 up to 60W
802.3bt type 4 up to 100W

Info posted by @ijdod

I used this but this will be based on your needs (camera amount, power required etc):
Amazon.com: ZyXEL GS1008HP 8 Port POE+ Gigabit Ethernet Switch, 8 x PoE, 60W Budget, Fanless Metal Design, Desktop, 802.3at 802.3af, 5 Year Warranty [GS1008HP]: Electronics

Another POE+ at a nice price:

This thread helps with other POE suggestions:
POE Switch

PoE Switch Suggestion List

----Switch----


----Choosing Cameras / Tips for adjusting Cams----


For cameras – there are many reviews for Dahua – I made a guide here (I will add to it when I see any other reviews):
Dahua Cameras - Quick Reference Guide (Cam Specs & Reviews)

4MP:
Dahua 4MP Starlight Lineup

Andy @Empiretech is great source for buying the cameras. He ships quickly and they are authentic Dahua with great customer service – you can MSG directly here for best pricing or purchase from AMAZON:
Amazon.com: Empire Tech

You can add a IP on your NIC to setup your camera – just follow steps to editing subnet and logging into your Dahua web interface found here:
Dual NIC setup on your Blue Iris Machine

You can also use Dahua Config tool but feel above method is easier and eliminates the need to install more software.
ConfigTool - Dahua Wiki

PaleMoon 32bit is suggested to log into camera web interface:
Pale Moon for Windows downloads

This site can help you with your camera placement and what to purchase:
IPVM Camera Calculator V3

Learn more about Dahua Cameras & Purchasing here:
Dahua Camera Purchasing Info

Also, the IPCAMTALK Branded Cams are amazing. They are rebranded Hikvision with great pricing, shipping, and amazing US support. If you are going with Hikvision you will not receive better pricing or customer service (US based, quick responses and remote help in some situations):

If you need more IR light than the camera produces or need to shut off the cameras IR you can purchase separate IR Illuminators. A small popular model:

TonyR Tips:
Use turret style for best results (bullets have issues with spider webs, domes can have issues with glare and IR bounce backs as dome can get fogged by moisture and dust)
  • For best low-light performance, choose 2MP Dahua Starlight, Hikvision Dark Fighter or IPCT Night Eye; don't get wrapped up by more megapixels, the hi-resolution cams generally want more light.
  • Choose a vari-focal cam so you won't have to be concerned about a 2.8mm being too far away/too wide or a 4mm being too close/too narrow for your various (and different) locations.
  • Mount at 7 feet optimally / 8 feet max.
SouthernYankee Tips:
-Test the cameras placement, use a 5 gallon bucket with a 8-10 ft 2X4, place the camera on the 2x4 at the correct height and placement. Check the view.
-Test that you can Id a person with the camera placement, have a friend with a hoodie, baseball cap and sunglasses and try to break into your front door, and into your car, if you can not easily identify him, then the cops can not ID him.
-Test cameras at night.

Test Rig Example:

----Choosing Cameras / Tips for adjusting Cams----


----Battery/Backup----


UPS – Universal Power Supply – you will need SineWave for many of the newer computer models – this is a popular model:

Model #: APC BR1500MS

A 1500w model can normally get you 40-90 minutes depending on what you are running. This is a great calculator:
APC UPS Selector/Calculator - Find the Correct Battery Backup

There has been some talk about UPS going up in flames – this is very rare but all electronics can have a risk. To keep things safe buy a few of these for station – suggested to buy 2-3 for 1 location to be safe – they last 5 years and are non-toxic.

Look up Fireballs
"Original AFO Fire Extinguisher"

This is a China model but is a lot less than the $120 models and seem to work the same.


----Battery/Backup----


----Security----


Security measures are important and many IPCAMS are vulnerable. People do not want your camera to see the video but to use in online attacks or easy access to your network and information.

There are many advanced ways to secure from vlans, managed switches, pfSense/pfBlocker, firewall hardware, Ubiquiti ERX, etc.

I will only be discussing basic security with a dual NIC Card setup to keep IP cams off the internet and only allowing them to connect to BI:
Dual NIC setup on your Blue Iris Machine

If you want to take more time to secure your system you can use VLANs and more advanced routers:
LAN Security

VPNs (Virtual Private Network) are required to securely connect to your cameras. The easiest way is to simply buy an ASUS router that has a few buttons to click to setup a VPN.

To learn more about VPNs:

A popular Asus router with OpenVPN:

I have this model:

But there are many other Asus routers at more affordable prices that have OPENVPN

Basics that ASUS walks you through:
-Disable uPnP
-Disable WPS
-DO NOT port forward except the required forwarded port for VPN access if you are not running VPN on your router

The openvpn on asus is easy to setup. You simply choose the OPENVPN and after enabling and choosing some settings it will give you an OPENVPN file to load on your phone or computer depending where you will need to remotely connect – here are some basic settings:
Randy : OpenVPN on a Asus router

Many also use PiVPN with a Raspberry Pi 3 B+:

Simply click the openvpn app on your phone or on your computer and then open Blue Iris app.
OPENVPN app for android:

Easy to test: shut off your wifi and open blue iris – it will connect if all is working.

This site can help give you a beginner guide to IPs and how to make your network more secure:
Router Security - Subnets and IP addresses

----Security----


----Viewing Camera feed in different ways----


Settings up ways to view your BI server on other computers/monitors. You can use UI3. Very easy to setup:
Blue Iris UI3

-You can view UI3 on your tablet/TV
-Blue Iris phone app for Android or Apple
You can also setup a Raspberry PI – it makes for a great small computer for viewing ui3:
Using Raspberry Pi B+ / Raspbian to view Blue Iris UI3!

Cool UI3 Picture Frame with Raspberry Pi:

You can also mirror your BI server with HDMI splitter, ethernet cable and HDMI extender. There are a lot of products that can do this for you.

This depends on how far you need to run the wire. HDMI runs only 50 feet – if using 4k you most likely won’t get that quality with a 50 foot HDMI cable:

You can use a HDMI splitter/extender for longer lengths – you will use the same Ethernet wire for your camera.
HDMI Splitter:

HDMI Extender:

You can also run an Ethernet cable and attach a USB to have complete control over your BI machine:

RDP – Remote Desktop Protocol using windows or teamviewer. This might seem obvious but someone just starting out it sometimes is not something they ever did. It is very easy to setup windows RDP within your network.
-Teamviewer is when you are outside of your network normally:

Since you have your VPN setup you can also use the blue iris app to watch your cameras on your phone:

Dahau cam app for phone:

@catcamstar to make gDMSS more secure:

gDMSS can either connect to your infrastructure by IP address (if you put your local ip address of your cams/nvr, you HAVE TO open the VPN tunnel before it even can work) or, you connect by P2P, bypassing any security you may (or may not) have put in place on your home network. The latter does not need any VPN connection. But, P2P and Upnp, port forwards, these are concepts from 1980 when script kiddies were not born. Today, one should indeed know better than that.

So my advice to you:
  • go into your cams: disable all P2P
  • go into your cams: disable all Upnp
  • go into your router: delete ALL port forwardings, Upnp config etc. If unsure how to do it: best way to factory reset your device.
  • install and configure openvpn server on your router
  • deploy the profiles (and certificates) on your mobile device
  • configure gDMSS on your LAN with the internal fixed ips of your cams
  • connect your mobile to 4g
  • open VPN client
  • open gDMSS
  • voilà!

If you want to make it more secure: disable all outbound internet connectivity from your cams/nvr to the internets. BUT then push notifications won't work, for that you'll need to open outbound 2195TCP.

Hooray!
Good luck :)
CC

----Viewing Camera feed in different ways----


All this info was found through the members of IPCT. Below are some members to follow and listen to:
@looney2ns
@fenderman
@bp2008
@catcamstar
@SouthernYankee
@TonyR
@Mike
@mikeynags
@Mr_D
@Walrus
@Dasstrum
@aristobrat

There are probably some other people that helped me along the way that I forgot and I do apologize.

Please feel free to reply with what you found useful in your own setup. Every small detail can be very helpful for someone just starting out.
 
Last edited:
As an Amazon Associate IPCamTalk earns from qualifying purchases.

brad2388

Getting the hang of it
Joined
Oct 5, 2016
Messages
162
Reaction score
24
This needs to be a sticky! Great write up!


Sent from my iPhone using Tapatalk
 

Walrus

Getting comfortable
Joined
Nov 19, 2018
Messages
593
Reaction score
449
Location
Ontario
@TL1096r
I would remove, or add a caution to this line:
Adding a GPU like nvidia can be helpful to take stress off the CPU and for better streaming.

It may mislead people into thinking it's a good idea, which it's not. 99.9% of the time it is not needed, nor recommended. Most of the time all it's going to do is increase power consumption, and generate extra heat.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
@TL1096r
I would remove, or add a caution to this line:
Adding a GPU like nvidia can be helpful to take stress off the CPU and for better streaming.

It may mislead people into thinking it's a good idea, which it's not. 99.9% of the time it is not needed, nor recommended. Most of the time all it's going to do is increase power consumption, and generate extra heat.
Thanks. This is a great point and added the info.

@bp2008 has this setup. He might be able to chime in with pros/cons. I know I was reading if you want a 4K display you would need the nvidia card for the monitor.

More info on the subject:
4.7.8 - August 28, 2018 - Support for the Nvidia CUDA hardware decoding

This is awesome, thanks so much for taking the time to do this. I am making it a sticky.
Thanks, that means a lot and I am happy others might learn from this thread. I know a lot of what I wrote are common questions I see almost daily here.

i add a link to this post in my newbie welcome to the forum post.
Thanks good job.
Thanks. You were one of the first members that I was able to learn from while starting out my build. I'm honored I made it onto your welcome post.
 
Last edited:

adamdylan

Young grasshopper
Joined
Jan 1, 2016
Messages
53
Reaction score
5
This is awesome, thanks so much for taking the time to do this. I am making it a sticky.
WOW Absolutely fantastic out of this world guide TL !!!!

Can you please put it on WIki for others Mike? (cant find it on home or there)
 
Last edited:

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
WOW Absolutely fantastic out of this world guide TL !!!!

Can you please put it on WIki for others Mike? (cant find it on home or there)
Thank you. I will see about adding it to the wiki.

I tried to add a lot of detail because sometimes little things are overlooked.

I have added/edited the thread with some new information and I hope to add more info in the future:
-thread about managed switches, VLANS, pfsense, firewalls, ER-X router and how to set it up with your BI machine.
-Bi rack setup
 

hebronep

n3wb
Joined
Jan 28, 2018
Messages
13
Reaction score
12
Thanks a lot for the effort to gather all the relevant information. Make it much easier for me to setup a new camera system.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
Thanks a lot for the effort to gather all the relevant information. Make it much easier for me to setup a new camera system.
Thanks. I will work on adding this to the wiki page in the coming weeks so it is easier to read through and find exactly what you need.
 

iseeker

Getting the hang of it
Joined
Nov 16, 2018
Messages
229
Reaction score
90
Location
TEXAS
Iseeker

better still *except the required forwarded port for VPN access if you are not running VPN on your router
True. And the temporary port forward each time you renew your certificate, if not on your router.
 

GentlePumpkin

IPCT Contributor
Joined
Sep 4, 2017
Messages
193
Reaction score
321
Highly informative collection of important things to know.
I already thought I knew everything :).

Many thanks for all your efforts!
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
Highly informative collection of important things to know.
I already thought I knew everything :).

Many thanks for all your efforts!
Thank you!

It means a lot coming from the Legendary GentlePumpkin. The work you do is amazing.
 

Leafy

n3wb
Joined
May 29, 2020
Messages
2
Reaction score
0
Location
Nh
Wow, thanks for laying this all out. The only thing I'm left asking is hard drive setup. Is it normal to use software raid 5 within the machine, hardware raid or just throw 1 big drive into the system and backup on a separate nas (which would be in the same room and plugged until the same ups if I did). I don't like cloud services and I'm not going to do physical offsite backups for my home security footage.
 

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,494
Reaction score
22,603
Location
Evansville, In. USA
Wow, thanks for laying this all out. The only thing I'm left asking is hard drive setup. Is it normal to use software raid 5 within the machine, hardware raid or just throw 1 big drive into the system and backup on a separate nas (which would be in the same room and plugged until the same ups if I did). I don't like cloud services and I'm not going to do physical offsite backups for my home security footage.
No Raid.
Small SSD to put Blue Iris, OS and BI DB on, Video goes to a WD Purple drive or drives.
 
Top