Dedicated Vs Converged IP Video Networks Statistics

IT
IPVM Team
Published Sep 12, 2017 14:48 PM

'Convergence' has been a major industry theme for many years. All organizations have IP networks today with laptops, tablets, phones and more running on them.

But how many actual IP video surveillance systems are running on converged networks with those other devices? There are definitely pros and cons as we explained in our Converged vs. Dedicated Networks For Surveillance Tutorial.

Now, IPVM has the stats on actual usage based on ~150 integrator responses. Their comments, and our analysis of trends in preferences are in this report.

Results ********

********* ******** *** ** ***** ************ systems ******** ** **** **** * to *, ** ***** *****: 

*******, ********* ******** **** **** ****** ** larger ************* **** ****** ****** ****** so *** ***** ****** ** ******* overall ** ********* ******** ** ** least **** ****** **, ** *** higher, than ***** ** ********* ********.

Slow ******** ***** ****

** **********,** ****, *** ***** *** **% for ********* ** **%*** *********. ***** *** *** *** closed, ** *** *** ****** **** over **** * **** ******.

Dedicated ******* *** - ********* ** *********

******** ********* **** ** *********** *** the *** ****** ****** *** ***** dedicated ********. *********** ****** **** ********* networks ********** ******** **** *********/**********, *** made ** ****** *** **** ** setup *** ************:

  • "***** **% ** ***** ************ ******* i ****** *** ** ********* ********. The ****** ** *** ****** ****** dictates *** *** ** ****** ********* networks. *** ****** ******* ******** ********** and *** ******* ******** , ***** require **** ****** *** ********* ********."
  • "***% ********* ******** *** *********** *******"
  • "********* ********. ********* **** *** ********** with ********* *********** ** ***** ******** and **** ** ***** **** ***** moving *******."
  • "*********. ** ********** **** *** **** additional ********* ** "*****" ********* ********"
  • "**% ***** ** ********* ********. ** are ******** ********** ********** ******* *** the ****** *** ** ******** *** keen ** **** **** ********* *** the ********* ***."
  • "**% *** *********. ** **** ** separate *** ****** **** ********* ****** and *****. **** ****** *** ** to ****** ** *** ** *** trouble *****."
  • "***** **% ** ********* *******. ****** fault *******, ***********, ** ******** **** IT ********."
  • "** ** ****** ** ****** * dedicated ******* *** *** **** ** deal **** * ******** ** ******, however, ** ********** ******, **** ** an *****."
  • "**** ****** ***** **% *** ** dedicated ********. ** *** ****** **** easier ** ******** **** * ********* network, ***** ** ******* **** ****** pointing."
  • "**% ** *** ******* *** ** dedicated ********. ** ** **** ** there ** ** ****** ******** *** it ****** ** ** **** ****** since ** ***'* **** ** **** for *** ********* ** ********** ** spin ** * ******* **** **** the ******** **** ***** ** *** more ********."

Dedicated ******* *** - ********* ******** 

********* ******** **** **** ********** **** increased ********/********** ** ******* *** ******* potential. **** *** * *** ***** from ****, **** ***** ******** ********* was ********* ***-********:

  • "****** ***% ********* ********, ********* *** security *******, *** **** ** ***** bandwidth ********* **** ** ***********."
  • "********* **% *** **** ******** ********."
  • "*********... ******* ********* *** ******** ********** deployment ********"
  • "**% (********** *****) ********** ********* - easier *** ***** ******* *** **** secure ***** ***** ******* ***** *** Hik ** *****-***** ****."
  • "**%, ****** ********* ******* *** ******** and *********."
  • "********* ******** *** ******* *** **** of *** ******* **** *** ********* attacks, ***** **** ****** ** ****** to ****** *** ************ *** *** to *** **********."
  • "**% ** *********. **** ***** ** virus's/attacks."
  • "**** ******** ********* *** ****** ** a ********* *******."
  • "****** **** ** *** *********** *** on * ********* ******* *** ******** and ********* ******"
  • "***** *** ******** *** ****** ******, we *** ********* *******"

** **********, **** *********** / ********* has ****** ************ ******* *** ***** cost ******* ******* **** **** ***** security ***** ******* ** * *** to ****** ***** ** ***** *******.

Dedicated ******* *** - ********* *****

**** *********** ******** ********* ********* ********, but ***** **** ** ***** **** prohibitive ** *** ***********:

  • "********** ********* ******** *** ****, *** to ***** *** *********** ** ******* WiFi/IoT ****** ** **** ********. **** than *%."
  • "**% ** ********* *******, *** ** perceived ******* ** *** ******** ** implement * ********* *******"
  • "***** *%. **** *** ** *** customers ** *** **** ** *** for *** ********** **** ** ********** equipment. **** ***** ****** *** ***** own *** **** ***** *** ** Personal **** ********* ** **."
  • "***** *** ** *** ******* ** share ********* *** ******* ** *** high ******, ** *** ********* ******* to ****** ******* *** *********** *****."
  • "** *** ***** ***** ** ***** create *** *** ******** ******* *** typically **** ***'* ******** *** ** cost."
  • "** ** ****** ** ****** * dedicated ******* *** *** **** ** deal **** * ******** ** ******, however, ** ********** ******, **** ** an *****."
  • "**% ** *** ****** ******* *** on ********* ********. ** ****** ** quote ***** ** ********* *** **** clients ******* *** ** ****."

Robust ********* ******** **** ******

******* *********** ***** **** ********* ******** were ******, ********* *** ** ******* availability ** ****** ********* *** ******* IT ***********:

  • "****** *% ** *** *** ********* we ******* *** ** * ********* network. **** ** *** ********* **** robust ******* *************** **** ********* ** place *** **** *** ***** ** switches ** ** ****."
  • "**% ** **** *** ********* ******** if ** **** **. ** **** if *** ***’* **** *** ******** isolation *** **** **** ** ******* in *****."
  • "**% *********. **** ********* *** ***** own ******* ************** *** ****** ** manage *** ******** *** *** ******* associated."
  • "**/**, ***** ****** ** * ********* but * *** ** ******** *** mandated ** ******** ** *** ******** infrastructure *** **** ***** ** ***** manage *** ******."
  • "**% (********** *****) ********** ********* - easier *** ***** ******* *** **** secure ***** ***** ******* ***** *** Hik ** *****-***** ****. **% (********** trend) ** ****-********** *******"
  • "*********. ** *** * ********** ******* and ******* **** ******** *** ******* of ******** *** ***** ** ******* and ****. ** ****** *** ** leverage ******** ************** ** ***********."
  • "**% ********* *** **% *********. ********** clients ********** **** ***** *** ******, pricey ******* ** *****. ** ****, they *** **** ******** ** ****** twice."

Larger ************* ***** *********

****** ************* / ******* ******* ****** to ***** ********* **** ********* ******** since *** **** *** ********** ** building * ********* ******* ****** ****** footprints / ********* ** **** **** costly / ***********:

  • "**** ***** ************ * **** **** leverage ***** ******** ******* **** *** infrastructure ** ******* *** ******** ********* including *******."
  • "**** ******. **** ** *** ******** take ***** ** ***** ************ *** have ******* ******** ***** ******** *** optimized ***** *********."
  • "****** ******* ********* *** ** *** customers ******** ******* **** ********* *****, as **'* ********* *** **** ********* to ******* * ******** ******* ** the ********."
  • "********* ** *****, ******** ***** ***** the **** ** *** **** ** cabling ** *** ***** ** *** the ******."

** ********, **** ******* ************* ** smaller **********, ** ***** ** ** relatively ****** *** *********** ** *** the ***** ****** ** ****** ********* for *** ******* / ************ ******.

Potential ***** ******* **** *********

******** ** ****, ******* ******* ******** are **** ******* *****, *** *********** the ******* *** *** ********* ** network. ***** ******** **** ******* ** VLANs, *** ******* **/ ********/********* *** on *** **** ******** ******* **** more ********* **** ** *** ** the ********* ** *** ******. **** may ******* *** ******** ** ********* network *****, *** ***** **** ******* ****** converged ******** ** *** ******. 

Remote ****** ** ***? **** **********

**** ****** *** *** *** / consider **** ********** ** ********* ** video ************ ******** ***** ****** ****** *** mobile *******. ** **** ** ***** this ** ** ******** ******.

Comments (15)
UE
Undisclosed End User #1
Sep 12, 2017

I was excited to read this post, in my wheelhouse sort of so I have a little subject matter expertise.  While I cannot disclose details just imagine a very LARGE ENTERPRISE of thousands of locations and north of 100K cameras.

While a dedicated IP Camera Network was a good practice back in the day before cyber concerns, now what it leaves you in most cases is a Unmanaged Network which can present a even bigger challenge.  It all depends on how you look at it, ease of deployment vs cyber security.  Bandwidth challenges can be overcome since most VMS platforms can utilize some form of local storage in most cases if needed, it all depends on the use case for surveillance and the IT/Business Requirements.

The question is how do you manage and patch all of the devices connected to that unmanaged switch?  You don't unless you have the luxury of using the Switch Configuration Port remotely on a secure WAN.  Now you have potentially tens of thousands of IP Cameras that you cannot patch with ease, you either rely on the VMS platform to provide some sort of camera management utility or you do truck rolls to each location to connect the dedicated network and push patches.  Oh wait, I cannot let the Integrator plug their non-whitelisted computing device into the PoE Switch any longer because of new Policy for cyber concerns, Houston we have a problem!  In my world that mean I am potentially not in compliance with Policy and that is a NO NO!

Here lies the problem, you must depend on the VMS platform to close the gap, this goes for both managed and unmanaged networks.  While we all want a single IP Camera manufacturer to minimize the patching effort that is mandated by Policy, it is not always the case.  Now you have say three manufacturers that you must deal with, that means three separate camera utilities to play with across the Enterprise, this is where the VMS can close the gap and manage those updates from a single UI that is already connected to those cameras. 

Even using say the Axis Camera Management tool (which is pretty darn good btw) you have limitations with things like camera discovery across subnets unless the VLANs are done right, and even with that broadcast traffic from bonjour could be blocked.  The VMS platform can bridge this gap, it likely already discovered the cameras and has an address book.  VMS manufactures just need to make an investment and create a Universal Enterprise Camera Management Utility that can does more than just discover and connect camera, the tools are in many cameras SDK's, many of these things are beyond the standard Image/Recording Settings most deal with today.

A few things Enterprise Organizations need to press the VMS manufactures to do to step it up.

  • Enterprise Device Discovery
    • IP Address assignment in batch by device MAC
  • Enterprise Camera User Management
    • User ID Management
    • Password Management
    • AD/LDAP
  • Asset/Device Management
    • What type of device
    • What type of OS/Version info
    • Patch History/Drift Management
    • Baseline Configuration/Drift Management  
    • uptime since last reboot/restart
  • 802.1x Certificate Management between VMS and IP Camera
  • Firmware/Patch Management
    • Universal tool to push updates to camera connected to Enterprise

Just a few things to mull over, please feel free to chime in and tell me what you think, I am very interested in feedback on how others attempt to tackle this challenge without hiring a FTE just to maintain and patch the IP Cameras.  Even if its a FLAT Managed Network it still takes a ton of resources to do patching and making sure Policy in enforced so it makes sense to find a single UI to do all if this. 

 

(1)
(3)
Avatar
Brian Karas
Sep 12, 2017
IPVM
In reply to Undisclosed End User #1

IP Address assignment in batch by device MAC

Does this mean you want the VMS to act as a DHCP server?

UE
Undisclosed End User #1
Sep 12, 2017

Brian,

Not necessarily a DHCP Server but that would be a nice to have I am sure for some folks but not applicable to my application.  I would like to see enhanced enterprise tools to manage the devices IP address remotely via a single UI/common platform.  It could be similar to how a tool like Axis Camera Manager does IP addresses after discovery with some tweaks.  With a ever changing network topology and configurations its becomes necessary to have enterprise tools to manage the devices with minimal effort and manpower.

(1)
(1)
Avatar
Tim Sutton
Sep 13, 2017

I like the way you think!  I will be bringing this up with my preferred VMS at ASIS in Dallas but I have a feeling that they will already know about your post as most security manufacturers of any size at all are members of IPVM (at least that is my experience).

It only makes sense for a VMS to have this feature.  Certainly would help to establish the need to standardize and truly manage and maintain the system as an enterprise.  

This WILL become a feature in the near future, I am convinced.  Which VMS will be the first?

UE
Undisclosed End User #2
Jan 01, 2018

Good article. I am happy with the converged network what we have.

While we are currently on converged network with close to 1000 cameras, the suppliers keep insisting us to move to dedicated network whenever we complain that few cameras are not recording properly. There is absolutely no conflict with IT department and they are always ready to do the changes as per our supplier's recommendation. Their monitoring system shows that more than desired bandwidth is available and proper QoS is done. Suppliers keep giving funny reasons to separate the network such as security, bandwidth, better management etc etc whenever we complain of distortion in the recording.

I fail to understand why they are not trying to resolve the real issue rather than pin pointing on other things.

(3)
(1)
MM
Michael Miller
Jan 02, 2018
In reply to Undisclosed End User #2

When you don't "own" the network it is not easy to troubleshoot issues.  We always recommend dedicated networks.  This way there is no finger pointing between IT and security. Also in our world security might have an issue where they need a camera installed right away and IT might have other things more important to do.  When we have our own network we can get cameras installed as fast as security needs them. 

(1)
(1)
U
Undisclosed #3
Jan 02, 2018
IPVMU Certified
In reply to Michael Miller

We always recommend dedicated networks.

Do you recommend even viewing clients sometimes be placed directly on the security network, maybe thru dual-NICs?

(1)
UE
Undisclosed End User #2
Jan 02, 2018
In reply to Michael Miller

Does this mean that if there is absolutely no conflict or ownership or priority issue between IT and Security, converged network is fine. What I understand from your response is that it is convenience and non-technical reasons to go for dedicated network.

MM
Michael Miller
Jan 02, 2018

If it is dedicated to video viewing only and no WAN access is needed then yes it would get installed on the dedicated security LAN and/or VLANd for a dedicated client network. All depends on what the client machine is being used for. If the client machine needs to have WAN access I would normally recommend the IT department to handle it with the client on their network.  

Avatar
Walter Holm
Jan 05, 2018
IPVMU Certified

I would like to note that security is not a Pro dedicated network thing.  More than likely the connection points are not monitored and anyone can jack in without notice.  If IT notices someone on the dedicated gear they might not think anything of it since it's not theirs.  Firmware updates are not typically done on the dedicated equipment.

Dedicated can be secure, but it offers different security (physical to the primary network only!).  The lack of that physical link does not mean it is secure or even more secure.

CR
Chad Rohde
Jan 06, 2018
In reply to Walter Holm

 If IT notices someone on the dedicated gear they might not think anything of it since it's not theirs.

Even worse, a lot of times IT isn't capable of thinking. Usually when IT is also Advertising, or sales, or HR.......

(1)
CR
Chad Rohde
Jan 06, 2018

"Converged. We are a networking company and believe that networks are capable of handling the needs of cameras and data. We always try to leverage existing infrastructure on deployments."

I smell whatcha stepping in.

(1)
(1)
UE
Undisclosed End User #2
Jan 07, 2018

In today's scenario many applications are integrated with dashboards, incident management, HR/payroll etc where data from security system has to flow in/out. In case security is compromised for one network, it does not guarantee that other network will be completely safe.

I still do not see a strong technical reason for separating network.

U
Undisclosed #3
Jan 07, 2018
IPVMU Certified
In reply to Undisclosed End User #2

I still do not see a strong technical reason for separating network.

What about bandwidth?

UE
Undisclosed End User #2
Jan 07, 2018
In reply to Undisclosed #3

In current scenario: On fiber network with fiber slots on switches & routers, ample bandwidth is available even to run cameras on HD/4K. Another point, usually IT applications does not consume bandwidth in gigs so most of the bandwidth is available for cameras.

In the past it used to be issue when we were having bottleneck on switches with copper slots.