Hi-Tech Security Solutions looks at some of the issues installers and integrators must deal with when installing IP security solutions.
We all know that IP surveillance is growing at a rapid rate. We also know that all too often we hear of failures that give IP surveillance a bad reputation. The reality is, many, if not most of the failures we hear about are the result of poor planning and installation.
Whether it is poorly skilled technicians, too few people being pushed to cut corners to speed up an installation and reduce costs, there are many reasons for installations to fail. One reason we hear about regularly is that the network was not set up correctly, resulting in delayed images, bottlenecks and a general unhappiness in the final result.
Hi-Tech Security Solutions asked a few people who know about IP networks to give us some insight into the issues around installing these IP solutions and making them work. The goal of this article is to highlight some of the reasons IP solutions underperform, giving installers and customers an insight into what to look out for and what they can improve in their own companies to prevent these common problems.
Hi-Tech Security Solutions: Why do installers that are proficient at installing analogue networks and surveillance solutions struggle to make the change to IP systems? What is different about an IP network? What are some of the things installers (or anyone) needs to learn before trying to install an IP network?
Miro (Chris Sutherland, Alex Bantjes, Warren Phillips and Bertus van Jaarsveld): This problem is not unique to the IP industry; it is a symptom of IP convergence. We saw the same thing in the wireless and telecommunications industries. The real problem is that analogue installers have no idea what IP really is, they do not know about the intelligence behind IP because of their lack of training and product knowledge. Analogue is a physical point-to-point connection, while IP networks are all virtual; this means that you cannot see the mistakes you made because the transport layer is packet based.
Before trying to install an IP network, it is essential that an installer take part in a basic IP networking course. They should also have a basic understanding of how cameras work. Miro will be hosting an IP Convergence Conference on 21-23 August in Gauteng where there will be a free half-day training course on how to create an IP network. For more information visit www.ip-con.co.za.
Duxbury Networking (Andy Robb): While traditional CCTV installers generally have the skills necessary to make good decisions about the choice of cameras and their utility in security applications, they often lack the experience needed to make the transition to IP installations. They are faced with challenges associated with integrating IP surveillance networks into existing IP infrastructures – which could be multi-service networks with a range of modern features such as global monitoring from multiple devices such as mobile phones, laptops and tablets.
That said, it is perhaps unrealistic to expect traditional installers to get ‘up to speed’ on current IP technology at levels which the IT industry has taken decades to reach. The solution for these installers is to collaborate with experienced IP professionals, allowing each party to focus on its own strengths when presenting solutions to potential end-users.
Cisco (Edward Agostinho): Although IP network solutions may seem to be plug and play, in reality, careful planning, design and configuration is required to ensure the network performs optimally and reliably. Every day new features are developed, which allow customers to scale their infrastructure for growing business needs, increased network intelligence with visibility and control, simplify operations, and improve security for users and applications. The introduction of these features brings with it complexity. Installers are required to continuously stay abreast of technology trends and the benefits these features bring to customers. IP networks today also carry a multitude of applications, each with different characteristics; hence the network requires the intelligence to manage these accordingly.
There are a number of key considerations required when planning an IP network, which may include IP addressing, scalability, network resiliency, bandwidth, segmentation, security, quality of service, network protocols, power budgets, throughput and network management. Installers require a deep technical knowledge of all these aspects to correctly deploy IP networks.
Huawei Enterprise Business (Shabir Satar): There is a perception that analogue systems are much cheaper than IP systems when the reality is in fact the opposite. The IP solutions offer more flexibility, scalability, functionality and security. IP systems can tap into an existing network infrastructure and can share storage on an organisation’s SAN environment. These days, IP systems utilise less bandwidth and offer clever ways of transporting video streams and storing them.
Hi-Tech Security Solutions: Is IP networking amenable to plug and play? What are the crucial aspects one should know about IP networking?
Miro: IP networks can be plug and play if you purchase the correct basket of products. There are certain features like ONVIF and PSIA that are trying to make IP products as easy to setup as possible. These will get you up and running initially, but in the long run you would need at least some knowledge of IP networks. You will need to understand your network environment to know the best practices of the network.
People should stop being afraid of IP. It is not that complex, 80% of what you need to know you will be able to learn in one day. The other 20% will be learned by doing installations and gaining experience.
Duxbury Networking: While the IT industry has, to a large extent, made installing IP systems easier with the introduction of default configurations and templates, the real challenges come when these systems malfunction. Then expertise is crucial. Against this background, training is essential to give traditional installers a level of understanding of IP systems, allowing them to react appropriately and timeously.
Cisco: Manufacturers are continuously looking at ways to make it easier for system integrators to deploy networks more efficiently and effectively. As an example, Cisco has Auto Smartports as part of Cisco’s Medianet architecture, which allows installers to connect a Medianet compliant IP camera to a switch port and, in turn, Auto Smartports automatically applies a macro to that switchport. The macro enables quality of service (QoS), security features and a dedicated VLAN to ensure proper treatment of delay-sensitive traffic. This is one example of how Cisco is trying to automate the installation and commissioning process.
However, this does not mean system integrators do not require fundamental knowledge of the overlying technology. It is essentially a mechanism to speed up the commissioning process. Each customer has unique requirements for their network environment, therefore a 'one-size-fits-all' automated deployment is not feasible.
Huawei Enterprise Business: Depending on the organisation and their policies around security, one can install an IP solution with ease and have it up and running in no time. However, it is advisable that these devices are connected on their own VPN (virtual private network) thus separating the business critical applications.
Hi-Tech Security Solutions: What security issues should installers be aware of when it comes to IP networking? Is a switch on an ADSL line transporting video more or less secure than a ‘normal’ corporate data IP network?
Miro: Local networks are usually secured and therefore not such a big threat, but you should still make sure that you have a decent firewall. The same applies for when your IP network is going over the Internet. All cameras and recording systems are already password protected and with IP cameras, data is encrypted right from the start. All the security tools you will need already exist and it is free. You just need to use them. If you do the basics right, the rest will follow.
Duxbury Networking: From the IT industry’s perspective, security cameras operating across an IP infrastructure are seen (collectively) as ‘just another application’, as secure as any other on the corporate network. What security professionals should be aware of is the characteristics of the security procedures associated with each network element and be able to effectively secure one from another within the context of a complementary operating environment.
Cisco: All IP devices are susceptible to malicious attacks. Security is therefore key in protecting the networking and networked devices. Some common attacks are Man-in-the-Middle, denial of service, IP spoofing and password based attacks. Intelligent networking devices manufactured by Cisco have built-in features to identify and prevent such attacks. These features are not enabled by default and need to be configured by system integrators deploying the IP networks. Turning on all security features may also negatively affect common applications, therefore careful planning and knowledge is required.
Commercial products also ship with a subset of security features, but these are seldom enabled due to the lack of knowledge of the consumer market and this increases the risk of malicious attacks. Some switches are also not manageable, which again exposes customers to danger.
Huawei Enterprise Business: Security is key, whether a solution is installed at one’s private residence or a company’s premises. These days, entry-level ADSL routers offer USG (Unified Security Gateway) functionality, these devices offer a fairly high level of IPS (Intrusion Prevention) and encryption on data transported.
Hi-Tech Security Solutions: From an end user perspective, what qualifications/certifications should you expect your installers to have before allowing them to install an IP network for you? What about wireless networks? Are there specific tricks one needs to be aware of?
Miro: An IP network installer should at least have an IP network training certificate as well as basic knowledge of IP cameras. There are many self-taught IP gurus out there, but it is recommended that you use a professional with a qualification to do your installation.
Once again, experience is very important when it comes to installing wireless networks.
* Make sure you are using the correct equipment.
* Do a proper site survey and plan your network beforehand.
* Make sure you have line of sight.
* Ensure enough capacity by doing bandwidth planning.
Duxbury Networking: A lack of IP networking skills should not necessary preclude traditional security systems installers from meeting end-users’ requirements for modern IP or wireless-based security systems, provided they partner with organisations with the appropriate skills and have made the effort to obtain at least basic training, if not qualification, in this arena. This will instil confidence into end-users who need to be reassured that the introduction of IP-based security systems will not lead to an overall degrading of the corporate network.
Cisco: Customers are encouraged to verify the system integrator’s credibility when commissioning a network and to interview the integrators about how reliability, scalability and security was applied in their network designs.
Cisco publishes the certifications which partners have attained, providing customers the ability to select system integrators that are best suited in a specific technology. Cisco has specialisation tracks for routing and switching, security, wireless, content security and others. To attain these specialisations, system integrators go through instructor-led or e-learning content and are required to write an exam. Cisco’s certification processes are more stringent than other manufacturers in the market, but this affords customers the peace of mind that the system integrator is indeed skilled in a specific field.
Huawei Enterprise Business: Different vendors offer different levels of qualifications. One should ensure that the installer is qualified and certified by that vendor. Track history is also key. Wireless networks open a new can of worms. The risks around them are too high unless the proper security is applied. Huawei Enterprise offers end-to-end network security products that are rated as probably the world’s best. IPS (Intrusion Prevention), TSM (Terminal Security), DSM (Document Security) and BYOD (Bring Your Own Devices) solutions are necessary when deploying physical and wireless infrastructures. The greatest DDos (Denial of Service) attack recorded to date was calculated at 150 million hits per second. Research the different products available. Understand the threats out there and make an informed decision.
Hi-Tech Security Solutions: Are there any specific issues/tips that are important when it comes to installing and managing IP networks?
Miro: Make sure you are not using indoor cable when running cable outdoors.
* Do not use the cheapest hard drives you can find, and make sure the ones you do use are long-run drives.
* Use the correct switches.
* Isolate your camera network from the rest of your network traffic.
* Do not create large bridge networks. If at all possible, route your traffic.
* Understand the limitation of ADSL.
* While planning your network, make use of the Vivotek Bandwidth Calculator available to download on most smartphones. Visit the Miro blog to download it: blog.miro.co.za.
* Make sure you choose the correct equipment, video management system and cameras.
* Make sure your equipment is compatible with each other.
* Use all of the features available on the cameras, they are there for a reason. Take the time to investigate and figure them out.
Duxbury Networking: One of the main benefits – and drivers – of an IP network installation is its cost effectiveness. Installers often try to maximise this aspect by opting for the cheapest possible ancillary equipment or cabling, which is often below approved or recognised standards. Regrettably, it is an all-too-common problem which leads to failures and system interruptions, which are then exacerbated by the ‘always-on’ premise of a security system which demands 24x7 reliability in order to deliver an equitable return on investment.
In the current economic climate, it is often difficult to persuade end users to purchase new technology (such as an IP security network) without offering them significant advantages. It therefore behoves the installer/system integrator to ensure that, for example, camera image quality is significantly enhanced over previous systems and that new-generation benefits – such as remote image monitoring, cloud storage of crucial data and images – are part of the upgrade.
Cisco: System integrators should change default configurations to reduce the security risk to customers. There are numerous networking features, which when enabled, will provide added value to customers. This value-added service will differentiate system integrators.
They should spend more time in planning and designing a resilient network as surveillance is a critical application which requires minimal network outages. Through the addition of redundancy, high levels of operation may be achieved.
The cheapest networking device may not be best suited. Ensure you use a reputable manufacturer’s devices which is able to scale, offer reliability and the necessary security to protect your customer solutions.
Huawei Enterprise Business: Challenges are posed when customers have a multi-vendor environment, one needs engineers trained on each of the different products. Management of the infrastructure is on different platforms and can be extremely difficult when trying to consolidate and produce one report. This can be an administrator’s nightmare and could also possibly put the organisation at risk in many ways. It is important to research the different products. Have a full understanding of what is available. Do the products conform to industry standards? Is it possible to manage them of one platform? What is the operation of managing these products? Do not fall in to the trap of procuring because of relationships or what others are doing. Make informed and calculated decisions.
Hi-Tech Security Solutions: What additional issues do you think should be mentioned?
Miro: Before tackling a project like this, make sure you understand the need of the client/end-user. Ask questions, plan the system on paper, and then go to your distributor for a second opinion. Big projects should be 80% planning and 20% installation. And more megapixels does not always mean better quality, just like higher resolution does not always mean better picture quality.
|Tel:||+27 11 543 5800|
|Fax:||+27 11 787 8052|
|Articles:||More information and articles about Technews Publishing|
© Technews Publishing (Pty) Ltd | All Rights Reserved