Cisco's Video Management (VSM and Stream Manager) Examined

AL
Antony Look
Published Dec 08, 2010 00:00 AM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

Cisco's approach to video surveillance management is uncommon. Before one can appreciate how it is better or worse, it is important to understand what it is and how it differs. In this report, we examine both of Cisco's VMS offerings - the Cisco Video Surveillance Manager and the Cisco Stream Manager as well as Cisco's physical security appliances.

Unlike most providers offering tiered VMS versions (e.g., basic and pro), Cisco's 2 VMS are positioned at different markets with varying combination of feature sets. While the Stream Manager is targeted towards casinos, the Video Surveillance Manager is targeted to the general professional market. Additionally, Cisco has an SMB surveillance / VMS offering called Cisco Small Business Video Monitoring System.

Much more so than most VMS providers, Cisco focuses on an end to end offering. In addition to the appliances, readers should review our reports on Cisco's IPICS (communication interoperability) offering and Cisco's MediaNet (video optimization) solution to understand the components in a full Cisco security/surveillance offering.

UPDATE March 2011: Cisco Stream Manager will be discontinued.

[premium_content]

Recommendations and Applications

While the review covers both of Cisco's VMS offerings, we are going to focus our recommendations on Cisco's general purpose/marketed system - the Video Surveillance Manager. We see two core applications:

  • Primarily Cisco IP camera deployments
  • Enterprise deployments

Let's examine each one by one:

Primarily Cisco IP camera deployments: The key driving factor is that Cisco waives its per camera license fee (normally $325 MSRP) when using Cisco IP cameras. Additionally, unlike many companies offering free support for its own cameras, Cisco supports a modest number of 3rd party IP cameras. The downside is the per camera pricing for 3rd party cameras is pretty high for anything but large scale deployments. Because of that, if you were doing smaller projects (say under 100 cameras), to keep the pricing competitive, you would want to limit the 3rd party cameras to a minority. On the other hand, Cisco IP cameras are fairly expensive - on average about $200 more than similar feature set, name brand cameras. Also, since the portfolio is relatively narrow (e.g., nothing above 1080p, no HD PTZs), many deployments would likely need at least some non Cisco cameras.

For small camera deployments with primarily non-Cisco IP cameras, the solution will be expensive, complicated and competitively unattractive. As we mentioned in the introduction, Cisco Small Business would be more appropriate. However, it's an OEM of NUUO that has some important limitations (see our NUUO test results).

Industry insights delivered to your inbox weekly.

Sign up to get notified of new reports, investigations, research and more.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Enterprise deployments: While the offering is designed for enterprise use (enterprise management, LDAP/AD integration, video distribution, PSIM integration, etc.), it does have a number of important deficiencies that impact large scale deployments:

  • Support for software only on a project basis only (not standard)
  • Runs on Linux only
  • No technical support for iSCSI SAN integration (e.g., Intransa, Pivot3)
  • No recorder or central management redundancy / failover
  • Limited access control integration (outside of Cisco's own)

If you can accommodate these major divergences/deficiencies relative to VMS systems like Genetec, Milestone, DvTel, etc., then Cisco might be a fit. Also, and this goes almost without saying, if you want a full Cisco solution, this will be highly attractive.

However, for large scale enterprise deployments, we think the Cisco VSM will have challenges competing with more mature, deeper feature sets offerings from leading VMS providers.

Cisco Video Surveillance Manager (VSM) Overview

The name for Cisco's general purpose VSM is the Cisco Video Surveillance Manager (VSM). The Cisco VSM is comprised of one or multiple recording devices, called Cisco Video Surveillance Media Server (VSMS), managed by a centralized management server called the Cisco Video Surveillance Operations Manager (VSOM).

Unlike most VMSes in the market, the Cisco VSM solution is an appliance based solution running on a Linux OS (SuSe or RedHat). For specific projects, the Cisco VSM may be run on COTS hardware but this is not available as a standard or 'out of box' option.

The architecture is client-server versus the peer-to-peer architecture found in the Stream Manager solution (Cisco's other VMS, see below). Another key component of the solution is the Video Surveillance Virtual Matrix Server (VSVMS) providing video distribution.

The three primary servers (recording, management, and virtual matrix) are Linux applications. The recording server (VSMS) requires significantly more processing power than the management (VSOM) and virtual matrix servers (VSVM) - the VSOM and VSVM mainly process control data and commands. As such the VSMS, VSOM and VSVM servers can all co-reside on a single Cisco MSP server 'box'.

While the VSM server applications require Linux/Cisco MSP platforms, Windows PC platforms are supported for the client side applications (VSOM web-client and Virtual Matrix Client).

Only one instance of the management (VSOM) and virtual matrix (VSVM) servers is required for multiple recording (VSMS). A centralized user database and web-based client access provides the system with enterprise scalability and management. The VSOM server controls access to the VSM resources based on user credentials and a granular set of access rights that can be assigned per group or user. Existing LDAP databases can also be leveraged for more efficient user management.

VSM Administration and Operation

All administration and operator functions are performed via web interface. The solution supports Internet Explorer (Active-X controls are used). The web-portal is comprised of an 'Operator Page' and 'Administrator Page'. Operators are presented with live viewing, playback, events/alarms inbox, and virtual matrix controls all within easy reach within the 'Operator Page' interface. With proper rights, an operator can simply switch to the 'Administrator Page' with a simple click of an icon/hyperlink. The 'Administrator Page' provides system administration and configuration tasks - user accounts/privileges, storage, recording, schedules, camera settings, etc.

Virtual Matrix monitors are Windows PC based systems with attached digital monitors. These systems act as PC based decoders and support megapixel video outputs. The installation is wizard based. Live and/or recorded video can be 'pushed' to these systems over the network via the same VSOM web-client used to view live streams, playback historic video, and monitor alarms.

3rd Party Integration

The VSM integrates with a number of 3rd party systems:

  • Cisco's own security offerings: IPICS and Cisco Access Control systems
  • A large number of Command and Control/PSIM systems including Boeing, CNL, Integraph, Northrop Grumman, Proximex, SureView, Vidsys, etc.
  • Weak support for 3rd party access control systems
  • Modest support for 3rd party IP cameras and encoders (150+ unique models from 20+ different manufacturers) [note the list is only shared with Cisco partners]

VSM Hardware and Storage

The VSM runs on Cisco provided hardware -- the Cisco Physical Security Multiservices Platform. This line has 3 form factor options - 1RU with 4 drive bays, 2RU with 12 drive bays and 4RU with 24 drive bays. The 2RU and 4RU units can manage up to 250 cameras with a throughput of 200 Mb/s per unit. Of course, given the constraint of 200 Mb/s per unit, 250 cameras is likely only achievable with lower resolution/lower frame rate. With 50 to 100 HD/MP cameras, the throughput max is likely to be achieved.

Cisco supports fibre channel SANs for extended / large scale storage. However, Cisco does not support 3rd party iSCSI / IP SANs such as Pivot3 or Intransa. Customers may use them but they will not be supported by Cisco's support/service programs.

VSM Pricing

Total VSM pricing is a combination of Cisco hardware costs plus software licensing.

Pricing starts with appliance selection:

  • 1RU with 4 drive bays (online $2500)
  • 2RU with 12 drive bays (online $7500)
  • 4RU with 24 drive bays (online $9500)

The base appliance does not include hard drives nor software licenses. A 1TB Cisco drive for the MSP platforms has an online price $550. Each VSMS server requires a software license (MSRP $1185); the VSOM server requires a software license as well (MSRP $1000). The VSOM license includes unlimited client connections. While Cisco cameras do not require a license charge,  non-Cisco cameras have a license fee of $325 MSRP.

Assuming a 16-channel Cisco IP camera system on a 1RU MSP with 4TB of HDD capacity, the total estimated cost would be $6885 or $430 per channel. The discount becomes more compelling as the camera count increases per server. For example, 32-channels on the same platform reduces the per channel cost to $215. The savings is due to the 'free' connection licenses for Cisco IP cameras. Note that the limited 4TB storage on the 1RU MSP makes it more appropriate SD cameras of just a few HD cameras.

For a 50 or 100 camera HD deployment the 4RU with 12TB MSP is more appropriate. The Cisco total cost for hardware and software, assuming Cisco IP cameras is $21,585. At 50 Cisco HD cameras this yields nearly $430 per channel and $215 per channel for 100 HD cameras. Competitor VMS solutions would require roughly $15K for hardware and an additional $7,500 for 50 channel licenses or $15K for 100 additional channel licenses. Per channel that puts competitor VMS solutions at around $450 (50 cameras) and $300 (100 cameras). Thus, relative to offerings such as Genetec, DVTel and Milestone, the Cisco VSM is cost competitive when used with Cisco IP cameras. On the other hand, other VMS systems can use lower cost cameras than Cisco to reduce their total cost.

VSM Infrastructure Considerations

Technically, the installation and maintenance of the servers can pose a significant challenge for security professionals - especially those unfamiliar with Linux. Cisco, however, typically provides thorough documentation and better than average support for their products when a service contract is obtained.

Because of the additional complexity involved in deploying a Cisco VSM solution, customers with high IT skills are more appropriate fits. Moreover, environments where existing Cisco networking gear is already in place, may benefit from medianet capabilities (e.g. auto-provisioning, HA, and QoS). Also a key downside of the VSM solution is the lack of redundancy and fail-over features for key management and recording applications. Since cost efficiency is based on the exclusive use of Cisco IP cameras, potential adopters should consider whether Cisco IP cameras will meet the application needs sufficiently.

Cisco Stream Manager (Video Surveillance for Casinos and Gaming)

Cisco's video surveillance solution for the casino/gaming market is based on the Stream Manager Software suite and focuses on IP enabling analog security equipment (e.g., cameras, keyboards, and matrix switches). The key value proposition is to eliminate DVR based recording and extend system management, live monitoring, and investigations across IP networks.  Also, the solution provides virtual matrix capabilities, eliminating the need for traditional CCTV matrix switches, while enhancing overall video distribution methods and administration.

The solution is highly closed in the sense that it only supports Cisco's IP Gateways (encoder/decoders), Services Platform/Integrated Services Platform (NVR appliances), a limited number of CCTV keyboard/PTZ/matrix manufacturers, and limited 3rd party IP camera support. 3rd party storage (e.g., Intransa and Pivot3) may be used to extend storage capacities, however, Cisco will not provide support.

*The solution provides support for a variety of products from major CCTV equipment (keyboard/PTZ/matrix switchers) manufacturers: Bosch, Pelco, Honeywell, and American Dynamics.

Key Benefits

  • Provides highly scalable and efficient video distribution capabilities (virtual matrix)
  • Maintains use of analog cameras and CCTV equipment, while enabling IP based functionality
  • Elegant auto-discovery of system components using IP multicast simplifies deployment and allows efficient bandwidth utilization
  • Supports CCTV equipment integrations from major manufacturers: Bosch, Pelco, Honeywell, and American Dynamics

Key Concerns

  • No support for access control system integration
  • No video analytics
  • Limited support of 3rd Party IP cameras and PoS systems
  • Several different thick clients required for administration/operation
  • Auto-discovery and system functioning relies on IP multicast - a more advanced networking technology
  • Exceedingly high per-channel cost ($2700 per camera)
  • No megapixel cameras - supports only SD (up to D1) resolution streaming and recording
  • No centralized server for user management or enterprise features

Stream Manager Architecture

The key components of the solution are recording appliances pre-loaded with Cisco Stream Manager Software, Cisco IP Gateway Encoders/Decoders, and Stream Manager configuration, viewing and administration/monitoring applications. Notably, the solution does not include a central management server. The architecture is distributed, whereby each video surveillance device/entity discovers all other entities using proprietary protocols.  Access to video is controlled by a distributed user database, hosted on each recording device (Services Platform/Integrated Services Platform)

There are essentially two types of NVR appliances offered. The Services Platform (SP) and Integrated Services Platform (ISP). Both varieties feature internal storage and Stream Manager software, which enables the appliances to record and distribute video feeds. The SP, however, has the option to directly connect analog cameras (up to 64). External storage options are supported but limited to DAS devices manufactured by Cisco storage partners.

Stream Manager Pricing

ISP platforms are offered in 4 models providing 8 or 12 channels with 2TB or 6TB of RAID5 storage. An estimated cost for a 24 channel system would require two 12-channel ISPs at $25,000 each or $50,000. The 24 connection licenses for cameras (at $350 per connection) adds $8,400 of cost. A cost of $6100 is required for a minimum set of client applications. Tallying up for this basic 24-channel system yields an astounding $2700 per camera cost.

Because of the high cost of the recording platforms (SP/ISP) and channel licenses the cost structure does not provide any savings as the size of deployment scales. Additionally, even though there are no license costs for adding decoders to the system - used for video distribution (virtual matrix) - Cisco IP Gateway decoders must be used at a cost per monitor of $675. Moreover, each client connection must be licensed per connection/instance at a cost of $1800.

Stream Manager Infrastructure Considerations

Cisco's Stream Manager based IP video surveillance solution is highly reliant on an IP multicast network. This allows more efficient bandwidth utilization when e.g., one camera's video is being requested by several clients, virtual matrix monitors (decoders), and/or recording servers simultaneously. Also the IP multicast leveraged architecture provides auto-discovery of the system components greatly simplifying system installation.

The auto-discovery of components (peer-to-peer architecture) promotes the 'feel' of a centrally managed solution, but results in limitations in scalability and enterprise management (e.g., user accounts) as each recording device must maintain and control it's own user database.

Administration and Operation

The system is managed and operated using three separate thick-client applications: 1) Stream Manager Configuration Module; 2) Stream Manager Client Viewing Module; and 3) Stream Manager Administration and Monitoring Module.

The Configuration Module and Administration and Monitoring Module combined provide the interface to detect and configure new devices (e.g., resolutions, fps, IP addresses etc.), change settings to existing devices, configure recording schedules, and monitor health of storage/utilization.

The Client Viewing Module features a handful of viewing layouts, but can only view a maximum of 10 simultaneous video streams. This application also detects all the virtual matrix monitors in the environment and displays them on the interface. Feeds are dragged and dropped onto the monitor icons to distribute video to virtual matrix monitors (decoders). The IP multicast nature of the design allows one stream to be distributed to multiple decoders (client viewing software, recorders, and virtual matrix monitors) in a highly bandwidth efficient manner.