printer friendly version

CCTV over IP

At Cisco Systems, the safety and security department managed internal security for more than 3000 facilities worldwide.

Based on the size and risk level of a facility, the department deploys security technologies such as physical intrusion detection and electronic security access control systems, including more than 6000 card readers and more than 2600 closed-circuit TV (CCTV) cameras for surveillance.

When Cisco first began using CCTV for surveillance, analogue cameras at building entrances and other high-security locations sent analogue video signals over coaxial cable to video cassette recorders (VCRs) that recorded onto tape. Managing the tapes was labour-intensive and prone to human error. Cameras were multiplexed in groups of eight or nine. They captured action at the rate of 1,88 frames per second, and each tape could hold only one day's worth of video.

As a result, for every VCR in operation, Cisco needed to store 31 tapes - one for each day of the month. A month's worth of video from the current 2600 cameras would fill nearly 10 000 tapes. Security guards personally had to visit each building daily to verify that the recorders were operating (tape review) and then remove, label and store the old tape, and insert a fresh one.

Forgetting to press the record button meant a day of lost video - and the risk that Cisco would have no video evidence to investigate an incident. In addition, if a break-in or theft occurred, the facility had to send the physical tapes to the safety and security department at Cisco headquarters, resulting in investigative delays of up to several days.

In 1999, the Cisco Security, Technology and Systems (STS) department surmounted these difficulties when it transitioned from VCRs to a third-party digital video recorder (DVR) card running on a Microsoft Windows NT 4.0 server platform that safety and security supported without help from IT. An economic evaluation proved that a system-wide conversion from VCRs to DVRs would save worker resources (no one would be replacing tapes), and support faster and more efficient video retrieval during investigations.

The analogue cameras continued to send an analogue signal over coaxial cable, but rather than capturing the video on a VHS tape, Cisco captured it on a proprietary card in a server that converted the signal to digital and then stored the digitally-encoded video on a local hard disk. Because the DVR software could be programmed to store only the video that included motion, Cisco could store data collected during an entire month on direct attached storage within the DVR server. To preserve LAN and WAN bandwidth, Cisco security operations personnel 'pulled' the video over the network only if they needed it for incident investigation.

This case study begins when Cisco transitioned from its original proprietary DVR solution to a networked-centric application that Security Operations controls and IT supports from its existing server and network operations centres. The new IT-supported system reduces costs at the same time it improves the effectiveness of surveillance video.

Challenge

After the Cisco Safety and Security department began storing digital surveillance video on DVRs, the system grew until the STS department found itself managing more than 330 servers at Cisco facilities worldwide. The department was overburdened by the need to keep so many servers online and up to date with the latest software patches. "One hardworking IT administrator can take care of 100 boxes, and we had three times that many," says Ken Lang, STS video program manager. Adds Bill Jacobs, manager of safety and security, Cisco Systems, "The major problem resulting from our transition to digital surveillance video was that servers with hard drives require a higher management skill set compared with VCRs. Traditional security investigators do not understand patches, secure access, and data backups, and these are among the IT infrastructure group's core competencies."

Another powerful incentive to find an IT-managed solution for CCTV over IP arrived in 2003 in the form of the Nimbda virus. "One morning, IT informed us that about a third of our servers were infected," says Lang, "That was our wake-up call to abandon the 'silo' support model, where we purchased and self-managed equipment, and instead to work closely with IT to deploy standard server equipment for CCTV." By collaborating with IT, the Safety and Security department mitigated the risk of being unable to record or retrieve surveillance video due to a malfunction of the server hardware or software.

Working with Cisco IT, the Safety and Security department established the following criteria for its new CCTV over IP system:

* IT standards-compliance - the system would conform to IT standards for the server platform, operating system and virus software. Because IT agrees to support standards-compliant platforms, the STS group would shrink its management responsibility to the application software and associated device peripherals, and it meant that the solution could no longer include non-IT-standard video cards in the servers. "We wanted the server and everything in it to belong to IT and everything associated with the security applications and the cameras to belong to Safety and Security," explains Lang, "That meant that the encoding could no longer take place on a card inside the server chassis but would need to happen in a dedicated video encoder outside the server."

* High video quality - the higher the video quality, the easier to identify faces. The target was four frames per second, as compared to two frames per second on the previous system, or 1,88 (multiplexed) on analogue tapes.

* Enterprise-friendly topology - previously, STS maintained a separate database for each remote DVR. By centralising the CCTV video database into four regional database environments that would replicate back to an enterprise master, Cisco would simplify management and lower equipment costs.

* Network friendly design - to ensure that the system would not saturate network bandwidth, STS met with Cisco IT Transport group. Together, they determined that for remote sites with limited WAN bandwidth, the video-recording server would reside at the facility itself rather than at Cisco headquarters. Surveillance video would travel over the WAN only if security operations personnel explicitly retrieved it during or after a security incident, retaining their 'on demand' philosophy.

* Integration with access control and intrusion detection - the ability to integrate, or unify, the CCTV surveillance system with alarm systems would increase the effectiveness of security operations personnel and lower the expense of responding to false alarms. "Say a lobby ambassador feels threatened and presses a button to send an alarm to the operations centre," says Deon Chatterton, program manager for the STS group. "We might want that action to push the realtime surveillance video to security operations personnel, so that they can see the situation and take the appropriate response." This unification capability would reduce the false alarm rate, which exceeds 90% in most organisations. In another instance, the security officer might determine that the source of a 'door-forced alarm' was a gust of wind. Video verification over IP increases speed of response and accuracy of information (alarm) validation.

* Upgradabiltiy - Finally, Cisco wanted its new CCTV solution to accommodate new technologies as they matured, including IP video cameras and audio capture, video analysis, integrated facility management, and expert information engines, as well as network management technologies such as Simple Network Management Protocol (SNMP).

Solution

After evaluating nine video management software technologies against the selection criteria, Cisco chose the Lenel Systems digital video system. Lenel provides a software-only solution that runs on standards-based servers - network video recorders (NVRs). Today, many different and mutually exclusive video protocols exist, and most equipment supports only one or two of these protocols, which makes it difficult to integrate new cameras and network video recording servers into an existing security environment. Compatibility with existing security systems helped drive the Cisco STS group's selection of Lenel Systems NVRs. "Encoding standards still vary, and the Lenel Systems NVR solution integrates well with our Lenel Intrusion Detection alarm system, fire alarm software, access control badge readers, and visitor management database for badges," says Chatterton. "In fact, we can pull up video data and compare it on screen to badge pictures and data with a single user interface."

Cisco selected IBM Global Service Delivery as the implementation arm for the new solution and deployed the solution in eight pilot locations worldwide. These include a mix of campus environments and remote locations - San Jose, California; Research Triangle Park, North Carolina; Pleasanton, California; Bedfont Lakes, United Kingdom; Amsterdam, Netherlands; Warsaw, Poland; Tokyo, Japan; and Sydney, Australia.

Surveillance video is captured, stored, and retrieved at the pilot sites:

* Analogue cameras capture video, sending it to Axis 2400+ video encoders over coaxial cable. Each Axis video encoder accepts video from four cameras.

* The video encoder converts the analogue signal to a video signal for transmission over the IP network and sends it to a Lenel Systems NVR in one of three data centres for the processing according to the rules that Cisco has established. For instance, Cisco STS can program the software to record only in the event of motion and tissue alarms in the case of other events such as abrupt motion or motion that occurs between certain hours.

* In remote locations, data is stored locally on direct attached storage within the NVR server hard drive. In campus locations, with its greater camera volume, data is stored on low-cost Clarion storage area network (SAN) frames in data centres. When the storage capacity of the system is exceeded, each new day's video overwrites the oldest stored video files, which are at least 30 days old.

* Cisco security operations personnel can access surveillance video from at least the past 30 days from any facility by pulling it from their own terminals. "Access to archived video on demand accelerates evidence review and improves evidence control," says Jacobs. "It also reduces the investigation manpower we need, because we don't need to send investigators to other facilities as often as before. It allows us to centralise our function and perform global investigations over the WAN."

With the previous system, the surveillance cameras had to be within 300 metres of the recording device over coaxial cable; longer distances require fibre connections. Now that encoding occurs in a separate device, the NVR server can be located anywhere on the network. At San Jose headquarters, for example, Cisco centralised servers in two data centres to simplify management. Physically separating the encoding device from the server has another advantage, as well; the server no longer needs to devote compute cycles to managing video cards and compression. In fact, after the transition, each server can manage 32 cameras compared to the eight to 16 it managed previously, reducing server hardware requirements from more than 330 to 172, or almost 50%.

Share this article:

Further reading: