Due to the increased importance of video systems, any failure that results in service downtime can have severe implications for the security and safety of an organisation’s assets, customers and employees. The financial implications may be equally vital. A failed system may cause the unnecessary evacuation of an airport or lead to personal liability lawsuits being served on the management.
In terms of traditional video surveillance systems, their reliability depends mainly upon the reliability of the specific CCTV components on site. On the other hand, IP-based video solutions may be installed in centralised as well as highly distributed architectures. Therefore, the overall video surveillance architecture – and its underlying layer in the shape of the IP network – must be highly resilient or the system might not provide the required reliability.
Building a resilient system
To achieve the required reliability for the security organisation, it’s necessary to ensure resilience on several layers. This concept is referred to as multi-layered resilience (or MLR). In essence, the MLR approach integrates the resilience of the various layers, reinforcing overall system resilience and ensuring that system operations are always available to the security team (even in cases of failure).
At the foundation of a video surveillance system lies the IP network infrastructure. The IP network is used to carry IP-encoded video data from surveillance cameras to decoding devices. A failure in the IP network – or even a temporary disturbance – might degrade or even completely stop the overall video streaming. This creates a security risk.
Therefore, operators must ensure that the networking infrastructure is based upon proven switching and routing components supplied by well-known vendors, and that it employs high availability mechanisms – such as rapid spanning tree protocol (RSTP) in L2 devices and virtual router redundancy protocol (VRRP) in L3 devices.
To support the redundant structure of the IP network, the video surveillance system itself must provide dual networking interfaces to the network such that, if a specific network switch or router fails, the video traffic is then routed to the alternative path without user intervention and delay.
On top of the network infrastructure, the video surveillance components themselves have to be designed to be resilient to various failures and problems. At the ingress point of the video into the video surveillance networks are the video encoders. Encoders are used to convert analogue video signals into digital video and transport it across the IP network. Careful attention should be given to encoder redundancy mechanisms because failure in the encoding devices results in no video streaming.
Ensuring encoder resilience
First of all, the encoder ought to include dual power supplies which should be connected to different power sources. That being the case, even during a power failure the video streams are not affected. Second, the encoder should employ dual fans to ensure proper operation even if one of the fans fails.
The encoder must employ dual Network Interface Cards (NIC) to route video traffic through the second interface if a failure in the first interface – or a network switch-connected port – occurs.
Another important mechanism is complete encoder redundancy. In this architecture, a single encoder is used as a back-up device to a group of encoders. This configuration is sometimes referred to as ‘N+1 redundancy’ (where N represents the number of active devices that are backed-up by the additional decoder, which itself is in stand-by mode).
If an active encoder fails, the standby encoder takes its place and continues to route the video signals transparently to the end user.
Finally, one of the most important features for the encoding device is its support of multicast streaming. With multicast streaming, the video signal may be delivered directly to the edge devices without having to pass through the network video recorder, thereby improving overall system reliability.
Note that for multicast support the network video recorder (NVR), decoding devices and IP network must all be able to support multicast protocols such as Internet Group Multicast Protocol (IGMP).
Network Video Recorder resilience
The NVR is responsible for recording video streams originating from encoding devices (IP encoders and/or IP cameras) to an internal or external storage device. The recording functionality is essential to the investigation capabilities of the security force.
The NVR must be designed as a highly reliable computing platform, including all the relevant components, starting from the CPU and memory through to networking interfaces and ending with storage devices. The latter is one of the most critical components in the NVR system, mainly because video data is physically stored on the hard drives and retrieved for later use on a regular basis.
As hard drives are mechanical components, by definition they are prone to failure, whereas failure in the storage device means that the video recorded on the device cannot be used for investigation. To overcome this barrier, the NVR must support Redundant Array of Independent Disks (RAID) configuration, which is a standard technology in IT environments. RAID ensures that even if a hard drive should fail, it’s possible to recreate – or rebuild – the original data from the remaining disks.
At this point, it’s important to stress that the data rebuilding operation requires massive computing and storage resources such that NVR performance is limited during this time. Therefore, it’s absolutely essential to measure and publish NVR performance under rebuilding conditions. Otherwise, the operator risks a significant drop in video quality – and, potentially, even video loss – due to limited recording and playback resources.
The ‘rules’ for DVRs
A video surveillance system can be based on digital video recorders (DVR) which replace both encoder and NVR in legacy environments. A video surveillance system based on DVRs should employ high resilience architecture similar to network-based architectures. Like the NVR, the DVR must be designed as a highly reliable computing platform including all components (particularly support RAID arrays). Furthermore, the DVR platform must provide resilient physical architecture including dual power supplies, dual fans and dual networking interfaces.
The DVR should also support multicast transmission to enable multiple decoders to receive the video stream, and thus overcome possible decoder failures.
The last link in the video streaming chain is the decoding device. Decoding devices come in various forms – such as embedded devices, dedicated appliances and PC workstations – to tailor the solution to customer needs. Decoder resilience should be complemented by advanced application functionalities such as Level of Service and persistent video monitoring (PVM).
Applications and services resilience
The video surveillance service is based on the underlying networking and video infrastructure, and controlled by the user via the security application. Therefore, both the service and the application itself must provide a resilient and consistent user experience for security officers. This will ensure that monitoring and investigation are effective at all times.
Among the most important mechanisms ensuring a resilient and reliable user experience is the Level of Service support. Level of Service is a mechanism that ensures the end user receives the optimal video stream according to both networking conditions and decoding platform resources. For example, if the user defines that the required resolution for the video signal monitoring is 4 CIF at 30 frames per second (for NTSC), but the IP network cannot sustain the load due to congestion or other related phenomenon, the Level of Service mechanism is initiated.
The Level of Service mechanism reduces the frame rate or resolution to accommodate the new conditions. A similar overload in the decoding station is handled by the mechanism, ensuring smooth viewing for the operator (who doesn’t need to configure the network or decoder parameters).
The application suite should employ a PVM mechanism to ensure the video signal is automatically displayed once the data is available. The PVM mechanism ought to be accompanied by appropriate buffering techniques that guarantee a high-quality experience for the security officer.
The overall application – including the virtual matrix functionalities – must be designed in such a way that the end user is able to recognise problems in the video recording and streaming, and is able to perform corrective actions, such as monitoring re-routing or quick configuration of the recording devices to record a certain channel.
Management and IT security
Management operations and system security against malicious attacks must be ensured. The management components are responsible for the ongoing configuration and maintenance of the system, and also for central point of management and enforcement of the connections between different entities of the systems. Therefore, the Application Management Server (AMS) must be highly resilient, and should employ high-availability architecture.
Consequently, even if the primary AMS fails, the back-up server continues to control and maintain the overall video surveillance system operations and handling. Furthermore, all monitoring and investigation operations must be able to continue without interruption.
To assist maintenance and operations personnel to quickly locate and isolate problems and failures in the video surveillance system, the management system should provide the user with a comprehensive and accurate maintenance alarm application which offers clear details about the fault source and enables the maintenance crew to fix the problem rapidly, ensuring the continuation of all security operations.
Last, because the video surveillance system is based on IP infrastructure, it can be penetrated and even disabled by hacker attacks. Therefore, the IP network itself must be protected against cyber attack. Additionally, the video surveillance system must provide extensive user configuration and operational capabilities to define relevant operational profiles.
Configurability ensures proper segmentation between users and departments, so that only relevant personnel are able to perform specific actions with specific equipment. This limits the potential damage from malicious attacks or even incorrect operation.
To complete the protection of the system, the video surveillance management application should include an extensive password protection scheme, with comprehensive password configuration capabilities designed to hinder potential intruders from gaining access to the system.
