Subscriber Discussion

Milestone Corporate (~100 Homes) Bandwidth Question

UI
Undisclosed Integrator #1
Jul 25, 2017

I have an interesting client that we’re trying to sell Milestone XProtect Corporate on. It’s an HOA community consisting of roughly 100 single family homes that originally wanted cameras mounted on street lighting fixtures but was denied by the City due to liability. The community has agreed that they are willing to share their houses to mount the cameras/utilize their private WiFi.

I was thinking to get the camera port forwarded, and send the stream to a Milestone XProtect Corporate server located inside a datacenter. The issue I am dealing with right now is that they want the 100 or so homes to have access to the video feeds so they can browse at any time.

How can we accomplish this over the WAN? I am not too familiar with Multicast, and I don’t think it would be possibly to do that over the WAN. Do we have any options?

MM
Michael Miller
Jul 25, 2017

Are you locked into Milestone for the VMS? It sounds like a nightmare managing 100+ consumer routers with port forwarding.  Do you have access to a cloud managed solution which would not require port forwarding to access the cameras? Something like Stratocast, UMBO, CAMIO?  This would also eliminate your issue with having 100+ clients.  

(1)
(1)
Avatar
Josh Hendricks
Jul 25, 2017
Milestone Systems

Can you clarify whether the cameras will be utilizing the individual home owner internet connections? If so, it will be a mammoth task to make sure the cameras stay connected as it would require port forwarding on every customer's network, and would be sensitive to IP/port changes and so on.

If it is possible, try to implement a dedicated wifi network in the neighborhood. Possibly a mesh network?

If the design is intended to use the customer home networks, our software supports Axis One-click and that might be the best way to go when you don't want to have to fiddle with 100 different home routers to setup port forwarding. Using Axis One-click compatible cameras, you can either plug the camera into the consumer network or get it on their wifi, and assuming the camera can reach the internet, it will contact the Axis directory server, get your registered address and make a VPN connection to your site. It effectively eliminates the need to touch the customer's router and also adds an extra layer of security by encrypting all traffic between your central site and the camera.

As far as WAN access goes, I would probably just expose one or more Mobile Servers for WAN access. Then the home owners can access cameras from their smartphones or a web browser, and you can limit the outbound bandwidth by enabling levels of video stream limitations in the Performance tab of the Mobile Server properties. This will let you reduce the resolution and/or FPS for client streams when a specified CPU or bandwidth threshold is reached.

(3)
Avatar
Josh Hendricks
Jul 25, 2017
Milestone Systems

If the current specification does call for using the home owners personal internet connections, I suspect the cost of implementing a private mesh network specifically for the neighborhood surveillance needs would actually be cheaper than the man hours associated with setting up and maintaining 100+ cameras on varying networks you don't control.

You'd have to figure out the backhaul to get those camera feeds to your data center though. I'm not sure what your options are. Ideally you could push all those feeds back through a single connection and in a perfect world it would be a gigabit link.

If you won't have the bandwidth available in a single connection to stream all cameras back simultaneously, you could opt to disable the default live feed rule which tells the Recording Server to pull a live feed from all cameras all the time. Then create rules to either pull a live feed on client request, or on camera-based motion detection. That would result in much fewer than 100 cameras streaming across the connection at any given time, at the cost of motion detection programming on individual cameras instead of server-side detection.

To reduce false VMD, you could choose to use cameras with built-in PIR or similar. Of course it all depends on the intended use and customer requirements.

(2)
UI
Undisclosed Integrator #1
Jul 25, 2017

Thank you both for the responses.

To clarify, the HOA consists of a 100 home owners, but we will be implementing around 30 cameras for this community. The 100 homeowners will need access to these 30 cameras. 

Axis one click sounds like a great option, we are already intending on implementing Axis for them.

We have the option to use the homeowner's private network, or implement our own. Ubiquiti mesh is being looked into as well right now. We do have a large tower to place a line of site to one of the homes, and then branch off from there but I am concerned about the LOS or connectivity to the remote homes from the mesh APs.

 

 

Avatar
Josh Hendricks
Jul 25, 2017
Milestone Systems

30 cameras is a lot more manageable if you end up using the customer's network connections. Just keep in mind it will be come a maintenance task to monitor the connection status of the cameras and reach out to home owners if a camera goes down for some period of time where you potentially will need to go on site to get the camera reconnected (if they change their WiFi SSID/password for example).

One way you could decrease the chance of having to make a site visit in the future is to put your own pre-configured router at each home where a camera will be mounted, and have the router physically connected to their own private router. You can then retain full control over these routers and the only time you would lose connection is if the home owners personal router bites the dust or loses connection to the ISP.

The above, combined with Axis one-click would be a fairly reliable setup and minimize the chances of having to run to someones house to reconfigure a customer network or camera.

With regard to streaming back out to the 100 home owners, multicast is not an option over the WAN unless the customer were to VPN in for example. And that would make the system more difficult to access (but more secure).

What I would do, if possible, is to limit users to using the web client and mobile client where you can implement resolution/framerate limits based on overall bandwidth utilization. I would also try to setup "zones" in the neighborhood and assigning cameras to different zones, and give the homeowners access to view video for only the zones they are authorized. I don't know about the HOA but if I was one of those home owners I wouldn't be very comfortable with neighbors from down the street being able to monitor my property which happens to be in the background of a camera mounted across the street from me.

(3)
(1)
UI
Undisclosed Integrator #1
Jul 26, 2017

Joshua,

Thank you for such detailed responses. It is appreciated.

Just to clarify, if the Axis camera that is mounted on the home is connected via PoE from a PoE injector, which is connected to their current routers, what router settings can the home owner change that would knock the camera offline? WiFi SSID/password shouldn't effect the connectivity of it, would it? Assuming the Axis camera connects via DHCP and dials home through the 1 click connection.

Also, I think limiting them to just the webpage/mobile is certainly something we can do. Only the HOA president will be needing the full XProtect Smart Client on his computer.

Avatar
Josh Hendricks
Jul 26, 2017
Milestone Systems

I misinterpreted something and thought the cameras would be network connected via WiFi. If they are cabled to the home router and can get DHCP, they should be able to get online without issue. So you're right, in that case there is no benefit to supplying your own router.

Once your Axis secure tunnel server is setup in your data center, you should be able to provision the cameras before deployment and verify their connectivity from a different internet connection than the data center ideally. Then you can send someone out to run cable and mount it, and it should "just work". Famous last words of course... :)

(1)
UI
Undisclosed Integrator #1
Jul 26, 2017

Any reason why we would need Corporate on this versus XProtect Pro? I think we'd be able to accomplish everything with the Pro version.

JH
John Honovich
Jul 26, 2017
IPVM

#1, btw have you consider Arcus Global? I am half kidding. On the one hand, Arcus Global is Milestone's 'cloud first' offering but the company is just starting up so I am not sure if it's ready but if you really want Milestone, you might want to see where Arcus Global is at.

Avatar
Josh Hendricks
Jul 26, 2017
Milestone Systems

I would recommend at least going with the "plus" products, XProtect Express+ or XProtect Professional+. The only thing we've discussed that you wouldn't be able to do without XProtect Corporate is using Axis one-click/AVHS.

You could potentially start with XProtect Express+, and either do port forwarding or provide to the homeowners your own provisioned router with VPN back to your datacenter which would enable you to put just about any camera make/model you wish on site without the need to setup port forwarding. A possible advantage to having a router/VPN on the edge is that you could expand the security offering to include other hardware like a unified security/alarm system or sensors of some kind without limiting yourself to pure cloud/P2P offerings.

If you started with XProtect Express+ or XProtect Professional+, you would also be able to upgrade as needed, all the way up to XProtect Corporate by simply importing the new license.

(2)
U
Undisclosed #2
Jul 26, 2017

Personally, I could not fathom doing this the typical way. 

 

In my opinion, the only reasonable solution to this is either Genetec Stratocast or OpenEye. The cost, simplicity, and feature set would, as much as I love Milestone and with all due respect to them, blow it out of the water. 

(1)
(1)
UI
Undisclosed Integrator #1
Jul 26, 2017

Thank you for the suggestion for Stratocast and OpenEye. We will look into it. 

Avatar
Hans Kahler
Jul 26, 2017
Eagle Eye Networks

Full disclosure, I work for Eagle Eye Networks 

This type of solution would be a good fit for Eagle Eye.  We manage the network connectivity from the camera to the cloud, provide easy access for the customer (free apps, and no need to know IP addresses.)  Because it's all centrally managed it's easy to add/remove users, as well as share cameras.  Our system even has a Google Map integration that lets you put the cameras on a map, and view them from there.  

We have looked for this type of deployment, and have done several things like this within codo associations, but not with stand alone homes. 

If you're interested let me know, or check out this video, which focuses on businesses, but I think you'll see how it could be applied to homes

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions