Should IP Cameras Be On The Same Network As Your POS Systems?

What are your options when your clients don't want to add a new modem with a reoccuring cost every month?

is putting your IP cameras on the same network as your wireless or POS systems the worst idea?

It's not a popular approach. Check our Dedicated vs Converged Networks for Surveillance note, and you find there are several potential pain points. Bandwidth crowding, 'the blame game', and ownership of maintenance are chief among them.

"What are your options when your clients don't want to add a new modem with a reoccurring cost every month?"

In retail, this is pretty common, i.e., not wanting to pay for a dedicated WAN connection just for surveillance.

At that point, what typically happens is the surveillance recorder (DVR / NVR / VMS) has a server side throttle set. Let's say the existing 'modem' / WAN connection supports 1Mb/s upstream (using a round number) and IT / management says surveillance can have half. You would go into your recorder and set the bandwidth throttle to 500Kb/s, which would automatically cap how much bandwidth the recorder can use. The downsides of this for remote viewing are (1) lower video quality and or frame rate for live viewing and (2) very slow downloading of recorded video.

When I see this question I immediately go to 'security concerns' rather than 'bandwidth concerns' (although I recognize the bandwidth concern is more likely to be the real customer concern, whereas the security concern is usually a compliance issue).

Regarding security: Many POS systems now define an on-site network architecture that includes a router/firewall that is preconfigured or can be configured to partition the POS and the non-POS traffic off into a distinct subnets or a DMZ. This allows the POS equipment and other gear to share the WAN link, but be unable to communicate with each other, or be configured to deliberately support integration with controls that do not compromise the POS network's security. Gilbarco is a good example of this design "out of the box." Other retailers we work with set up something similar as part of their IT infrastructure and a standardized manageable firewall appliance and configuration at each site.

Regarding bandwidth concerns: in theory they can also be addressed via QoS within an appliance on-site. But in reality I think this is less often explicitely addressed using QoS due to its complexity and administration overhead. A notable exception is retailers who are trying to provide free Wifi to their customers, but can't afford to have a bunch of yokels watching cat videos on Facebook clog up their POS transactions. This gets more difficult as more cloud based services are utilized by the retailer: digital signage, streaming music, customer loyalty programs, and increasing, cloud based POS systems. A retailer using a lot of these services is likely to have a deliberate plan to address the QoS issue and will need to dive into that complexity and management overhead.

As John points out, one way to do it is reassure the customer that your bandwidth throttle will prevent the video from slamming their WAN link. When dealing with smaller retailers it may be that their WAN connection (really just a $20/mo DLS line with a SOHO router) is only used for CC approvals which tend to be very small in terms of bandwidth. We typically set up our bandwidth throttle to be almost all of what we measure as the site's egress bandwidth. We are aren't necessary trying to preserve a huge slice of bandwidth for their POS, we're just making sure we cap our system so it doesn't ever try to oversaturate the link. Reality is the very small CC transactions are able slip through the cracks without much problem. And our video is effectively as good as their bandwidth will allow.

In summary: security concerns can be addressed by an on-site architecture that partitions the POS and video gear. Bandwidth concerns can be addressed by installing a bandwidth throttle on the DVR and configuring it appropriately.

Well I'm not the expert here but I get asked these questions so I figure I'll toss in a few cents worth. In the good old days transactional information was taken from a printer interface and then recorded as an "overlay" or captured and became searchable. It was a pain setting up the printer and capture devices but the information captured wasn't too private since it appeared on the register. More modern registers collect the data and transmit it along with some PCI to centralized databases and for use by POS / Video systems. There is a bit of a rub because you are now mixing PCI and DVR/NVR/IP Cameras which will have remote access. That's a cause for concern.

I have done numerous retail installations where we have integrated the point of sale and run everything on the same network. However the network has never been the problem. Rather the Point of sale vendor not communicating firmware upgrades and or changes which cause problems