Airport Upgrade RFP ReviewedBy John Honovich, Published on Nov 25, 2010
A US airport has released an RFP looking to upgrade their surveillance system to migrate to an IP video solution. To do so, they want to convert their exist cameras to run on their LAN and deploy a storage area network. In this note, we look at some important design tradeoffs in this approach. The specification itself is rather short. Members should review the Airport's specification [link no longer available].
The following are key requirements from the Airport's RFP:
- Analog cameras are already in place (presumably connected to DVRs). The Airport wants those cameras to be connected to encoders and transmitted to centralized recording/storage: "encode the existing analog CCTV cameras onto an IP based system which will become the basis for the future CCTV system"
- The airport plans to use its general LAN for video distribution: "recording shall be via Virtual LAN (VLAN) on the Airport’s LAN that is being provided under this Project. Coordinate IP addressing, Ethernet switch port assignments and bandwidth utilization with the Owner."
- The bidder must provide and deploy a SAN for video recording: "responsible for providing a Storage Area Network of sufficient capacity and speed to provide recording of all CCTV camera video"
- The selected VMS must Integrating with CCURE: "required to provide full integration of this Project with the existing Access Control System, CCure 800"
Analysis and Observations
The specification document is extremely vague as to any details of the encoders or VMS solution required. We suspect that the details will be informally communicated at bid meetings. However, this can result in confusion and may reflect an incompletely planned system designed.
In our analysis, since details are so scarce, we are going to focus on 3 fundamental design choices that impact many large organizaitons:
- Re-using the Corporate LAN: We are a somewhat surprised about the Airport re-using their corporate LAN for video surveillance. While the Airport requires a dedicated VLAN for surveillance, VLANs do not prevent overloading a network's bandwidth. Whether this is a real risk, depends on the size and load of the network plus the bandwidth requirements of the cameras. Many organizations choose to build a separate LAN infrastructure for surveillance to avoid this. In a relatively small airport like this one (Wichita Mid-Continental), this might be feasible. As the airport expands its surveillance cameras count, using the existing corporate LAN could cause problems for the Airport's other services or constrain camera expansion. Secondly, using the Airport's LAN for external cameras might pose a security risk as it provides a physical interface to their overall network (this depends and can be minimized by using technologies such as 802.1x).
- Deploying a Storage Area Network (SAN): For larger deployments, storage area networks offer cost and management savings. Rather than small pools of storage (usually with no redundancy) distributed across a surveillance deployment, SANs provide a variety of benefits (see our surveillance SANs report). On the other hand, SAN efficiency depends on aggregating video from numerous cameras. The downside of this is that video needs to be transmitted from each of the camera sites to the SAN's physical location. In an airport surveillance application this can be a problem as cameras are widely dispersed across the organization, increasing bandwidth demands on the network.
- Access Control Integration: Requiring new surveillance recorders to integrate with existing access control systems is extremely common for large scale organizations. In the US, one of the most common is Software House's CCURE. Integrating these systems is important in quickly visually verifying and monitoring movement throughout a facility. The downside of such requirements is that it significantly reduces the VMS systems that the organization can consider. For instance, CCURE only integrates with 8 video surveillance manufacturers [link no longer available]. While some of these are relatively large (e.g., DvTel, Genetec, Nice, OnSSI, Verint), it's certainly limiting relative to the dozens of available surveillance systems. Another important point is verifying version comparability. If you check on the individual systems on the CCURE 3rd party support page [link no longer available], you will see that integration is only between certain versions of CCURE and the 3rd party VMS. For instance, this airport has the older CCURE 800. However, the version listed as integrated with 3rd parties is the newer CCURE 9000 series. Moreover, even the minor version number of CCURE might have an impact (e.g., Software House lists DvTel as supporting CCURE 9000 firmware version 1.93 while Genetec is supporting version 1.92). Not only can access control integration restrict choice, it can be a headache to ensure specific version compatibility (see our API tutorial/review for more comments).