What VMSes Support Multicasting?

JH
John Honovich
Feb 06, 2014
IPVM

I'd like to make a list.

Just to start, my understanding is that:

Genetec and Milestone Corporate do.

Avigilon, Exacq and other Milestone versions do not.

I also believe that the way multicasting is implemented varies across VMSes (e.g., some multicast from camera to client, others unicast from camera to server and then multicast out to client).

Ok, please share what you know.

Background: Multicasting Surveillance Tutorial

UD
Undisclosed Distributor #1
Feb 06, 2014

AxxonNext

JH
John Honovich
Feb 06, 2014
IPVM

All versions support it? Or?

UD
Undisclosed Distributor #1
Feb 06, 2014

Latest version does 3.5, I believe they implemented it since ver 3 if I am correct.

UI
Undisclosed Integrator #2
Feb 06, 2014

I am not sure I see the value of multicasting on larger sites where there is typicaly a need for central management of users, so logging onto a server opposed to directly to the camera makes sense. Ensuring integrity of video is questionable with multicasting, additionally any bad network design can be severly punished. It seems that some VMS's will use the camera multicasting because they dont have any transcoding ability to retransmit the video in a more bandwidth efficient form from the server to client.

JH
John Honovich
Feb 06, 2014
IPVM

We can and have debated the value of multicasting here and here. For this discussion, I am trying to focus on who supports it.

Avatar
Roberto Morales
Jul 25, 2015
IPVMU Certified

does goevision support it. Is it reccomended for government applications? 500 cameras?

TS
Tariq Saleh
Feb 06, 2014

Netavis supports the multicast but I never tried it.

EF
Eric Fleming Bonilha
Feb 06, 2014

John

Since you are making a list...
Digifort does support multicasting, but only from server to clients, basically server will use unicast connection to the cameras and can deliver the received images to the clients either by unicast or multicast

FL
Francis Lachance
Feb 06, 2014

Hi John,

Genetec support multicasting from camera to client as well as from the server to client. As you mentioned, when comparing different solutions that support multicast, it is important to know whether that capability extends from the camera to the client, or from the server to the client.

Also multicast is supported in all versions of the product and can work in a mix mode with multicast and unicast in the same system or on the same server.

Francis Lachance, Genetec.

JH
John Honovich
Feb 06, 2014
IPVM

Francis, thanks. Can you clarify if there is any difference in multicast support between Omnicast and Security Center?

Avatar
Richard Lavin
Feb 06, 2014
Salas O'Brien • IPVMU Certified

I know that DVTEL Latitude supports multicasting. I believe it does unicast from camera to server and then multicast out to the clients. I have not used it though, so I'm not certain about that.

UM
Undisclosed Manufacturer #3
Feb 06, 2014

Aimetis Symphony supports multicasting.

Avatar
Carl Lindgren
Feb 06, 2014

IndigoVision supports Multicast for both recording and live viewing. With devices capable of multiple streams, each stream can be independently set to either TCP/IP Unicast, RDP Unicast or Multicast. IV recommends TCP/IP Unicast for recording and, in applications with many users, Multicast for live viewing.

FL
Francis Lachance
Feb 06, 2014

There are no differences. Both Omnicast and Security Center supports the same capabilities in terms of multicast.

AK
Alex K
Feb 07, 2014

Avigilon does support multicasting and used for redundant recording to multiple servers.

JH
John Honovich
Feb 07, 2014
IPVM

To clarify, that's just for redundant recording but NOT for client viewing, correct?

I thought it's good 'ol HDSM magic for the server / client connection? :)

AT
Andrew Thomas
Jul 25, 2015

We can always count on John to take a Poke at Avigilon. Regardless, I'm having an extremely hard time trying to imagine when I would need Server to Client Multicasting. the display bandwidths are extremely low going to display monitors, and the complexity of setting up Multicast groups in switches, for desktops. Could someone shed some light on the reason they would ever need (absolutely this is the best solution) to multicasting to clients? In our experience, having 20 to 30 users, and a few dozen 30" screens on a wall, they are all viewing different view configurations....
If we need to duplicate the same screen content onto hundreds of other screens, there are off the shelf multicast stand-alone solutions for that.

JH
John Honovich
Jul 25, 2015
IPVM

Andrew, we can always count on you to knee jerk defend Avigilon. Some people want true multicast (the minority for sure). You can't imagine it, fine.

Most of those people who want / value true multicast do not want to use 'a multicast stand-alone solution' as they want it built into the VMS server and client. It's what you might call a true multicast end-to-end solution, not an add-on.

AT
Andrew Thomas
Jul 25, 2015

John, we're a match made in Heaven. We were an early adopter of VoIP about 15 years ago, and M/C was required for overhead and on hook paging. My point after my obligitory jab is the following. Out best practice is to secure all cameras within a fully private LAN with ZERO access from anything but the Video recorders, and a management monitoring probe. For critical systems, and we have a few 24x7 sites where cameras are multicasting to multiple servers. On the LAN side of the video servers where they connect to the corporate VLANs, it is impossible to MC cameras directly to a client in some sort of STREAM hand-off process since the recorders are not Routers.

Perhaps had HomeDepot, Target, CVS, and the federal goverment placed their POS systems on provide non-routable networks a lot of folks personal data had been better protected. Search Google for the following words

casino video system hacks

Is there value in M/C? Sure, and I think its biggest value is multiple recording of the same stream.

I see s lot of security issues with M/C streams from a camera to a client since the protocol provides no authentication from sender to reciever, and we would have a very difficult time defending the decision to use M/C in an audit.

The same security concerns exist if the recorders were to use M/C to VMS clients.

Regardless of the VMS, using M/C requires that you or your client must step up and reconfigure new or existing LAN equipment, and all those dumb switches in departments used as splitters for printer and workstations must go.

Here is good primer for M/C

http://medusa.sdsu.edu/network/CS596/Lectures/ch14_Multicasting.pdf

U
Undisclosed #5
Jul 25, 2015
IPVMU Certified

I see s lot of security issues with M/C streams from a camera to a client since the protocol provides no authentication from sender to reciever, and we would have a very difficult time defending the decision to use M/C in an audit.

Do the same auditors ever give you a hard time about camera credentials being left at the default of "admin/admin"?

Even though, they are segmented to a locked down VLAN, it still seems like something that an auditor might object to on principle, no?

Also, not all streams consist of state secrets, and the streams most likely to benefit from m/c are often the most benign ones like "lobby" and "guest parking".

AT
Andrew Thomas
Jul 25, 2015

True, and my concerns are not so much about secrets, but from a practical support standpoint, isolation all cameras certainly isolates us from dealing with the company IT lan. I can't could the number of times we recieved a call about company LAN issues weeks after a camera installing asking if our cameras can be causing problems with their Wireless or other LAN problem. Proving a negative is impossible, so having everything off-lan is a big plus in that respect.

In cases where they want to share a real-time video stream from a camera, as in a front door callbox camera, most VMS should support streams from multi-IP ranges and NICS, so a few cameras like this are on the company LAN, and an RSTP streaming with VLC Viewer, or with many cameras they provide some ActiveX viewer is a great way to have the front / rear doors in real-time.

Having been in the IT support business since the late 70's, and having written some large checks when I screwed up years ago, I've grown to be a bit paranoid.

BY
Bill Young
Feb 07, 2014

Multicast supported VMSes:

Pelco Endura - recording and to the client from the edge

Geutebruck - recording and to the client from the edge, or proxy

Indigo - recording and to the client from the edge

OnSSI - supported in ES only

Milestone - supported in Expert and Corporate

Genetec - supported from edge and proxy

Dallmeier - live viewing from edge and proxy

Synectics - supported from the edge but not certain if only for live viewing or if there are options to MC record too

Not a complete list but a start!

All manufacturers listed will support Unicast recording but some offer the flexibility of recording via multicast too. My personal preference is multicasting from the edge, as it allows the network to do the work it is capable of doing and eliminates the single point of failure of a server being the host for all streams. Of course most enterprise VMSes today offer failover redundancies to avoid single point of failure downtime, however MC of live video to the client is the most reliable means to maintain as close to 100% uptime of live video. I say as close to 100% uptime because the camera itself and the network has the potential for failure too. Sorry for the deviation from the MC list.

RK
Rajesh Kandpal
Feb 08, 2014

Hi,

I suppose only Genetec and NICE supports Multicasting in more meaningful way. i.e., these VMSes take advantage of multi-cast of cameras and supply the multicast stream from camera to client directly upon the request from multiple clients which means fewer loads on network and no load on servers. Servers remain free to just record and serve playback. For live viewing clients are supplied streams directly from camera but of course authorized by directory servers

Other than this multicast by servers is supported by most of the VMSes like Milestone, Genetec etc

Avatar
Carl Lindgren
Feb 08, 2014

Mohd, that is exactly how IndigoVision does it. Their IP cameras and encoders are typically set up to stream TCP/IP Unicast for recording and Multicast for live viewing. That method is also used for third-party devices, although in our limited testing of third party cameras so far, neither Axis nor Ganz cameras were capable of delivering simultaneous 30fps streams at 720p+ resolution.

Axis claims their cameras can as long as both streams are set up the same but unless I missed something, their ONVIF streams can't do that. I tried using exactly the same settings and was only able to get their cameras to deliver 22-24fps per stream.

RK
Rajesh Kandpal
Feb 08, 2014

Dear Carl, Thanks for the update. I didnt know about IndigoVision as never used this product before.

U
Undisclosed #4
Feb 09, 2014

To clarify, while many have pointed out that Milestone Corporate and Expert are the only versions that support multicasting, nobody has specifically noted that Milestone also only does multicasting from the server side. Cameras stream unicast to the server.

The servers Multicast tab is checked to engage the function (checked by default), and specific cameras are then enrolled to be multicast from the server with a similar checkbox on the camera's Record tab (not checked by default).

JH
Jim Hall
Feb 09, 2014

Is that because Milestone doesn't support UDP from the camera at all? If it does support unicast UDP it why would it give a hoot?

BY
Bill Young
Feb 09, 2014

MY best guess at why some VMSes only support multicast as proxy from their software on a server is it is easier to write the code into their own software for multicast support from the clients. Alternatively, supporting multicast direct from 3rd party cameras will require some additional work on the drivers for those cameras, and each manufacturer may have their own specific nuances therefore for the time being it is simply easier to standardize the IGMP joins from the clients to their own software as a proxy.

My 2 cents and may not be 100% accurate.

JH
Jim Hall
Feb 09, 2014

i'd say you nailed it Bill, from tldp

2.2 Levels of conformance.

Hosts can be in three different levels of conformance with the Multicast specification, according to the requirements they meet.

Level 0 is the "no support for IP Multicasting" level. Lots of hosts and routers in the Internet are in this state, as multicast support is not mandatory in IPv4 (it is, however, in IPv6). Not too much explanation is needed here: hosts in this level can neither send nor receive multicast packets. They must ignore the ones sent by other multicast capable hosts.

Level 1 is the "support for sending but not receiving multicast IP datagrams" level. Thus, note that it is not necessary to join a multicast group to be able to send datagrams to it. Very few additions are needed in the IP module to make a "Level 0" host "Level 1-compliant", as shown in section 2.3.

Level 2 is the "full support for IP multicasting" level. Level 2 hosts must be able to both send and receive multicast traffic. They must know the way to join and leave multicast groups and to propagate this information to multicast routers. Thus, they must include an Internet Group Management Protocol (IGMP) implementation in their TCP/IP stack.

MR
Miriam Rautiainen
Feb 09, 2014

Aimetis Symphony supports multicasting from camera to client in all versions (Standard/Pro/Enterprise).

JV
Jason Vidéo
Jul 12, 2014

Any new discoveries?

AT
Andrew Thomas
Jul 25, 2015

In 99% of our installations, the cameras are not accessible from a client workstation. All cameras are on a private Fiber or copper environment, and 100% shielded from any tampering with ACL and MAC table security, and the switches are monitored by tools like ManageEngineUtils, looking for missing or potential rogue MAC appearances (not likely given the ACL/MAC security) It is my .02 on the subject that having cameras accessible by workstations increases the security footprint.... We all read and know about BAD firmware... Having all cameras secured greatly reduces that threat.

(1)
Avatar
Roberto Morales
Jul 25, 2015
IPVMU Certified

What is meant by this? please carify Geovision support multicasting through a webcam.

Rv
Rogier van der Heide
Jul 25, 2015

I'm suprised this wasn't mentioned yet. But Bosch their BVMS software supports Multicasting.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions