In recent installments of Pelco Consultant, we’ve discussed the benefits of aggregation as an approach for accessing and administering multiple remote IP video surveillance systems. In this installment, we will look deeper into the complexities of video system scalability, and we’ll consider a few approaches.
A Basic Scenario
A regional or national retail chain is a great example of an end-user customer that would have multiple sites, with multiple video cameras at each site. Let’s suppose that each retail location is roughly 3,000 to 3,500 square feet, and each has from nine to 24 cameras per site. The cameras watch entries and exits, provide coverage of the showroom floor to watch over merchandise and people, exterior cameras monitor parking lots and entrances, and inside a few cameras are dedicated to capturing image detail at the cash register/transaction desk.
First and foremost, the video system records activity inside and outside the retail location, providing a record of what happens, so that, in the event of an incident (theft, vandalism, slip and fall) we can review the recorded video and hopefully find evidence that will identify “who did what” and will lead to appropriate decision-making and resolution: arrest and prosecution of a burglar, settlement of an injury claim, etc. To meet these purposes, a relatively few number of people actually need access to video – the manager of each location, a regional supervisor, security staff, and maybe someone in corporate facilities. If the number of locations and the number of users are relatively small, traditional video management systems (VMS) can offer sufficient flexibility to manage those users’ permissions and privileges. As a general guideline, with 10 or more systems to manage, administration begins to get unwieldy.
Growing Complexity… More, More, More
Use of video in organizations, like the retail chain in our example, is growing, and it’s growing in any way that you measure it. More sites. More users. More reach.
More sites. Suppose an individual in the organization needs to access the local video system at each location. Your master system has to account for that individual user at each site. If that person needs access to 10 sites, you have to manage 10 accounts for that person. That means either: that user needs to remember 10 different logins (one for each system she/he needs to access), or the System manager needs to manage the synchronization of this one user’s account across all those 10 sites. If an administrator is managing across all these remote systems, then she/he has to do this synchronization for each user.
More users. As we’ve noted in the past, a growing trend is that organizations are realizing that video data can be used for more than just security and surveillance. Sales and marketing professionals can use video to analyze traffic flows, to ensure that local stores are displaying appropriate, timely promotional materials. Facilities managers can look for safety compliance and potential issues. And so on. With just a little thought, it’s easy to imagine a growing number of non-traditional users — all seeking video data to improve their decision-making and improve the organization’s operations. That means there will be a need to support more and more users.
More reach. As an organization grows, the reach of a single employee is continuing to expand. She/he needs to see more and more sites, and access more and more systems. Additionally, the people who report to this individual now need access to additional sites. His direct reports need video – this expands the user base.
We are also broadening the types of users. We’re introducing new user profiles that require different sets of permissions. We need to set additional parameters — who can access video? Which cameras can they access? What frame-rate can they stream? How do we accommodate law enforcement access to video? How do we provide video for regulatory oversight? This brings increasingly complex sets of user roles and permissions.
With each new site and each new user, the administrator’s job becomes complex and burdensome.
How to deal with it all?
One possibility is that every time you add a site, you could add staff to deal with administration, but this is fraught with risk: It’s costly to hire new people, it opens you up to multiple human-error mistakes across all your systems, and without careful controls, permissions can lapse, and people who’ve left the company can still access video.
Another choice is to deploy a centrally managed VMS (Video-Management System) solution, in which the core head end is in your central location, with satellite/remote systems. The advantage of this approach is a single user-store-repository, a single set of permissions to manage, a single set of accounts to manage. However, this approach requires a very reliable connection between remote systems and central system, because every time remote users log in, they need to authenticate to central system. This type of approach is very network-dependent and tends to be very expensive. (Think high-end, enterprise class).
Another approach would be a mini-federation, by placing a federated server at each location. This approach mitigates the real-time network-dependency problem; however, when network connection goes down, you still have to deal with reconciling any conflicts that occur when people change records/data while the central system is down. Also, this tends to be expensive — because it requires adding an expensive high-end federation server at each site in addition to the existing remote system. These servers tend to be at an expensive, high-end, enterprise-class price.
You could try to purchase a bunch of DVRs and network video recorders (NVRs) and create your own system to centralize the management of those accounts. You could write to each DVR’s/NVR’s application programming interface (API) to coordinate with some sort of user database you create based on LDAP (Lighweight Directory Access Protocol). It’s similar to a centrally managed system, but you benefit from use of software development kits (SDKs) for automatic updating. There are costs, and you’re limited by the capabilities of the NVR SDK you use. There can be limits to the granularity of permissions control offered by a particular NVR’s SDK. For it to work successfully, you must have a strict process in place for when and how you do system updates, permissions updates, etc.
An Aggregation Solution
The solution that Pelco™ by Schneider Electric™ is moving forward with is aggregation. System aggregation uses a virtual machine (an aggregation server), which can be installed anywhere in your network, to unite various remote systems. The benefit of the aggregation server is that it allows you to deploy individual (remote) systems, but at run-time, you can access all systems and pull up the current state of permission access. You can add users, change users’ roles, and you can push updates out to remote systems.
System aggregation leverages the data store at each remote system. You don’t have to maintain one single, centralized system representation. Instead, you’re always getting the latest state of the system when you log in and call up the permissions store, because it’s the aggregate of the permissions on all of the systems you’ve aggregated.