Converged vs Dedicated Networks For Surveillance Tutorial

By IPVM Team, Published Feb 12, 2020, 11:00am EST (Info+)

Use the existing network or deploy a new one?

This is a critical choice in designing video surveillance systems. Though 'convergence' was a big theme of the past decade, deciding what to do has been much harder in practice.

IPVM Image

** **** *****, ** ***** **** the *** ******* ** **** ********, pro *** ****, *********:

  • ********* ******** *********
  • ********* ******** *********
  • ** ** ******** *********
  • ******** ********
  • *********
  • ******* ******* / ***
  • ********* *********
  • ********* ********** & ****** ****
  • ******** ********
  • ******* *********** *****
  • ********* ** ********* **********

Converged ********

********* ******** ***** ******* ********* ******* several ******** **** ************ *******, **** telephones, ** **** ** ******* **** traffic **** *****, ******** *******, *** more. **** *** ** ********** **** a ********* ********** **** ***** *** existing *** ***** ********* *** *** addition ** ************ *********, ******* ***** will ** ********** *** *********. *** illustration ***** ************ *** ******* ** varied ******* *** ******** ******* ******* resources.

IPVM Image

**** ******** **** *** ******** ** handle *** ******* ** ********** ***** surveillance *********. **** ** * ****** complaint ** ************ ***********.

******* ** ****, ****** ************ ** an ******** ******* *** ***** *********** operational ********, *** **** ******* ***** bandwidth. *** **** ******, **** ****** dedicated ********.

Dedicated ********

**** ******* **** ***** *** ********* network **** **** *** **** *** same ********** *** ********* ***** *** surveillance ********* **** *** ** ******** on *** *** ***. ********* ******** will **** **** ** **** **** require ***** *** *** ** *********.

*** ************ ***** ***** ************ ********* and ***** ******* *** ********* ** their *** *** ** * ********* network.

IPVM Image

IT ** ******** *********

*** ** *** ******* ******* *** little ** ** **** ****** ******* infrastructure ** ********, *** ********.

** ** *** ******** *** *** separate ***********, ***** ** ******, ****** can *****, ********** ** *** *** groups ** *** ***** **** *****.

*** '***** ****' *** ******** ****** cameras ** ************ **** ** ******** for ***** ******. ********** **** ** does *** **** * *** **** in ****** ****** *** ********* ** network ******** *********, *** ***** ****** can ** ******* ** *** **** cause ** **** ********.

**** * ******** *******, *** *********** of ********* ** ********. ********* *********** problems *** ******* *** ********** ********, so *** '***** ****' ** ***** system ** ******* ******** *** ** avoided.

*********

IPVM Image****** * *** ******* ** ** existing ****** *** **** ****** ****** on ***** ************ ** *** *******, such ** ***** ** ****, ***** total ***** ********** ** **** * fraction ** ******* ******* ********. *******, dozens ** ******** ** ******* ****** throughout * ******** ** ****** *** overload ******* ************** ***** ******* ******* is **** *** ******** ***** ******* run ************.

*** ******* ********* ** * ********* network **** *** **** ** ***** bandwidth. ******** * ********* ******* *** surveillance ****** ******* *** ****** ** available ********* ** ****** **** ********. The ******** *********** ***** **** ** cost ** **********, **********, *** *********** a *** *****-**** *******.

*** **** *********** ** ********* ****** see ************ ******************.

VSaaS / *****

IPVM Image***** ************ ** * ******* (*****)********* ******** * ********* ******* ** used. ********** ** ****** (***** ****** in *** *****), ******* ***** (***** stored *******) ** ****** **********, ***** will ******* ******** ************, *** ** thus ****** ** ** ********* ** a ********* ******* *****.

************, **** ***** ******** *** **** work ** * ********* *****, **** full ********** *** *******, ***** ******** the ****** *** ****** ** ** on *** **** ***. ***** * dedicated ****** *******, ******* ** *** main/general ******* ***** *** **** ***** resolution "******" *******.

Quality ** *******

** ********* ** *******, ******** ***** data ***** ******* ** ******** ******** unavailable ****** ** *****. ********** ******** can ****** * ********* *** *** kinds ** *********** ******, **** ****, imagined, ** ******** *******.

IPVM Image

*** ***** ************* / ********** ** ensuring******* ** ********** ********* ******** ***** ** *** expense ** **** **** ******** *** administration ***** ** ******* **. ** a ******** ***** ******, *** ****** of ***** ************ ** ***** ******* may ** ******** *** *********.

**** * ********* *******, **** ***** is *******, *** ***** ** ** fighting **** ***** ******** *** *********. However, **** ***** ******** *** ********.

Technical *********

** **********, ******** *** ***** **** simple ** **** ******* **** ** outward *****. *** **** **** ********** and ********* ***** ** ******** * surveillance ******* ** ********* *********.

***** * ****** ******* ** ****** all **** ******* ***** ***** ** they *** **** ** ******** **** features ** ******* ******** *** *** network ************* ****-***. *********** '******* ** Service *** ***** *** ** * practical *** ********* ****, *** **** when ********** ** ******* ***********. ******* this ***** ** ************* ** ****** security *****, *** ****** ****** ******* the ****** ********** ** ******* **************.

** *** *** *******, * ********** network ** ********* ******* ** ****** and ******** ******* ** ******* **** for *** ****** ****. *** **** is *** ***** ** ************* ****, but *** ****** ******** ****** ** simpler *** ******* ****** * ****** network ******. '**** *** ****' ******** with ******* ************** *** *********** ** dedicated ***** ********, **** **** ****** IT ***** ** ****** *********** *** deploy **** *** ******** **** **** little **********.

Expansion ********** & ****** ****

** *******, *** ***** *** **** of *** ******* ** * *** consideration. *** ******** ******** ******** ********* or ******** *****, *** ************** ********** tying **** ******** *** ** * huge ******* *** ******** *********** ******* to ******** ***** ** ***** ***********.

**** ************* **** ******* ******** ** networks ********** ******** ********* *** ******** together, *** ********* ***** ** ******** links ******* *** ** **********. ********, those ***** *** ***** ******* **** some *********** ** ****** ********* ** mind. *** *********** **** ** ****** video *** ** ********** ***********.

*******, *** ********* ********, **** ***** running *** ****** ******* *********, ***** can ** ********* ********* ** *********. In **** *****, ********* ******** **** a ******** *********.

Security ********

IPVM Image

*** *** *** ***** ** ********* other ********* ******* ******* **** ** a ****** *******. ********** ********** ************ traffic ** *** *** ******* ***** it ****** ** **** ****** **. Moreover, ******* ****** ** ***** ***** explicitly ******** ****** ** *** ******* and ******* **** ******* ****** ** easier. *** **** *********** ***** *** our ****** *************** *** ** ***** ************.

Dedicated ******* *************

**** ************ ********* ** ********* ** a ********* ******* ** ******* **** difficult ** ****** ***** ** ** not ** *** **** *** ** an ************* ***** *********. ** ******** this, *** ******* *** **** *** often ******** **** **** **** *** network *********, **** *** **** ** connect ** *** ****** *** *** another **** ** ******* ** *** facility's ******* *******. ***** **** ******, cameras ** *** ********* *** *** inaccessible ** *** **** *******, *** video *** ** ****** *** *** NVR.

IPVM Image***** ********* ******** *** **** ******* additional *********** *** ************* *** ****** access, ** **** **** *** *** general ******* *** *** **** * route ** *** ****** *******. **** may ******* * ******** *** ***** or *** ** ***** ************ ** available. *** **** *********** ***** *** the****** ******* ****** *** ***** ************ Guide.

Ongoing *********** *****

*** ******* ** *********** ****** ****** can **** ** ****, *** ****** a *** ******.

*******, *** ******* ******* ** * converged ******* ** * ******** ** programmed **** ******* *********** *** ****** by *** *****. ******* *** ******* operational ** * ******** *** ** departments, *** ****** ***** *** * converged ******* ********* ********** *** ******* of ******* ***********.

*******, *** ********** *********** ** ******* network ** ********** ******** ** ******** ignored. ***** ***** *********** *** ******** issues *** ** ********* ** ********* a ********** *******, ******* ** *********** or ******* ********** ** ****** *** be * ******* ****.

*** ******* **** ** * ********* network ** **** ****** *********** *** upkeep *** ** ******* ** **** in ***** *********. ********* ** *********** at **** **** *************** ******** ** fixing ********* ******* ** '***** *******' is * ****, ** **** ** a ********** ** **** *** ******** vendor *** ******* ** '***** ******' or **** ***** **** ******** ******** once ** ***** *** ****.

Integrator ********** **********

** *** *******,*********** **** * ****** ********** *** deploying ********* ************ ********, **** **** * ********* ****** is ********.

IPVM Image

Comments (11)

Strong vote for converged networks.

Agree: 4
Disagree: 4
Informative
Unhelpful
Funny

I like this report in that it reminds all our colleagues of the pros/cons of network design. At the end of the day an integrator has the responsibility to inform the customer of the options. It's the customer who will chose which path to take based on their involvement in the design, implementation and maintenance of the system.

Agree: 5
Disagree
Informative: 1
Unhelpful
Funny

Once you have to apply multicast to a medium+ size network and firewall segments for security reasons/standards the tendency is to separate (dedicate) networks.

The "political" aspect is indeed a primary factor (all over the world...) - sometimes you have other involved parties like the electronics maintenance entity.

The best results we have achieved were in cases which included an SLA between the security and maintenance entities.

Agree
Disagree
Informative
Unhelpful
Funny

With IP Cameras being a hot target for hackers and bots, basic cybersecurity best practices state a dedicated network is definitely the way to go. Restrict services, VLAN IOT devices, enforce password complexity and whitelisting traffic all combine to create a much more resilient IOT network outside the main network, boosting overall network security for the enterprise.

Agree: 2
Disagree: 2
Informative
Unhelpful
Funny

A dedicated vlan is the recommendation on the cyber side. That does not mean dedicated hardware :-) Those things can all be accomplished on the same hardware.

Agree: 6
Disagree
Informative
Unhelpful
Funny

That is true, but when it comes to a layered approach, a network engineer once said to me regarding a VLAN, "..you mean the velvet rope of network security?"

The extra layer of hardware, including a VLAN, is like adding another layer of armor to a tank. Sure a VLAN itself works, but you don't see bomb disposal guys wearing only a helmet and bulletproof vest.

Agree
Disagree: 1
Informative
Unhelpful
Funny

Ha! That gave me a good chuckle but it is fairly overblown. There is a limited set of known ways to compromise vlan security and all are relatively complex. This comes back to the fact that a highly motivated attacker will get in one way or another at some point. Of possible methods, vlan based attacks are generally far from the easiest and we all know that bad actors take the least path of resistance. Unless there is a glaring misconfig (certainly always possible), these attacks are very uncommon. Someone is going to compromise something via phishing or social engineering far before these types of attacks play out unless someone "leaves the door open".

Just my 2 cents. :-)

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

Calling vlans a "velvet rope of security" is more a function of poor network engineering than technological failing. We use vlans extensively across our 120 building, 5 campus enterprise to maintain and monitor a highly secure network. Separate physical networks would be impossible to maintain, support AND secure. For a single building a physically separate net may be workable if not optimal but secure vlans in the larger enterprise are not only possible and desirable but preferable.

Agree: 1
Disagree
Informative
Unhelpful
Funny

How can you deal with the IT department when you have constant packet losses between your IP cameras and the recording iSCSI storages, the network is multicast enabled, ICMP pings show packet losses, and they do not admint that the issue is with their switches ?

Agree
Disagree
Informative
Unhelpful
Funny

Run Wireshark to find where the packets are being dropped and prove to them it is a QoS setting on their end. Obviously, you would need permission to run that on their network and they will probably do it themselves. Hopefully they can admit they are wrong.

Agree
Disagree
Informative
Unhelpful
Funny

Fantastic info! All about the dedicated networks in my mind.

Agree
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports