Cisco's IPICS Solution ExaminedAuthor: Antony Look, Published on Oct 18, 2010
A key component of Cisco's emerging physical security strategy is the integration of three systems: surveillance, access control and communications. Their communications offering is called Cisco IP Interoperability and Collaboration System or IPICS for short.
As IPICS will be a point of differentiation for Cisco's overall 'physec' offering, we are going to examine its functionality, technical requirements, cost and applications.
Prior to joining IPVM this summer, I was a network engineer for a Cisco Channel Partner. One of my larger projects was designing and deploying a statewide IPICS solution that integrated stand-alone analog radio systems through a government run IP network and interfacing them with networked PCs.
Inside the Pro section, I explain the various components used, their approximate cost, the key issues faced and best applications fit.
Since IPICS is likely new to many of you, below is a short video we grabbed from YouTube with Cisco's own product intro:
The Cisco IPICS solution allows collaboration between disparate communications silos (e.g., between IP phone, analog PTT radio, cell phone, PC, and Smartphone). The application was highly focused on Public Safety and inter-agency communications where stand-alone analog radio networks between e.g., fire, police, emergency medical services, and civil defense agencies could be 'patched' together during a critical incident.
However, the IPICS solution has been leveraged to provide greater real-time information (audio, video, and text) distribution capabilities to Cisco's physical security applications. It is now expanded to be woven into Cisco's Connected Physical Security solution.
Because of the high cost and complexity of the IPICS solution, it is most appropriate for larger, IT-centric organizations who would benefit from its robust real-time incident response and collaboration features and possess the IT skill necessary to provide ongoing maintenance and optimization. Histrorically, verticals such as Transportation, Public Safety, Education, Industrial and larger enterprises comprised the sweet-spots for IPICS adoption, because of existing analog radio communications infrastructures. Furthermore, the solution is much more compelling for organizations already invested in associated Cisco IP telephony, Cisco physical security applications, and have a pre-existing Land Mobile Radio system.
Smaller campus-like organizations (e.g., well funded private schools with high security demands from patrons) having associated Cisco technologies already in place for IP telephony, video surveillance and radio communications may also reasonably consider IPICS systems. Such organizations can simply add the IPICS components to achieve a richer level of real-time security information and extend the functionality of both their security and communications systems.
However, IPICS is clearly a high end offering for those with $100,000+ to spend and willing to engage senior network engineers to implement the system. As such, it is out of the range of most small and even medium businesses.
Real World Observations
The implementation of Cisco's IPICS solution can be a very time intensive and highly complex task. Its design requires considerable knowledge in several combined disciplines - IP telephony, analog radio, and advanced data networking. It requries a well coordinated effort between customer and engineer, and a well documented understanding of the customer's existing network and end-user needs and expectations.
A larger government network in which I deployed IPICS within, presented considerable challenges when looking to establish end-to-end multicast capabilities and remote access over the Internet/WAN. Many larger government networks are also managed by more than one concern as they are usually disparate LANs and WANs patched together. This made the acquisition of key information regarding the existing customer network especially challenging.
Although, having the networking gear to support and 'turn-on' multicast, the political or procedural hurdles to doing so required designing less than optimal work-arounds involving multicast over GRE tunneling between sites. Designing the system to allow remote access over the Internet also proved daunting as there were several firewalls within the larger network that had to each be negotiated. This was compounded by having to maintain multiple tunnels (IPSec and GRE) through several firewalls.
The basic IPICS solution, requires several hardware, software and licensing components:
IPICS Server - This component provides centralized management of the entire system and controls when and how various radio systems are 'patched' together. Typically, this software is hosted on Cisco server hardware (Cisco Media Convergence Servers). The starter package costs roughly $50,000+
Router Media Services (RMS) - At least one of these are required. This is a router that processes and mixes audio streams from the various communications devices. It needs to be a relatively powerful and scalable router chassis equipped with one or more dual T1 cards and associated DSP modules, (3900 series routers are the recommended minimum). The RMS is enabled by a feature license atop one of the higher functioning and priced IOS images. This component will roughly cost $20,000+
LMR Gateway Router (LMR) - This router, equipped with an E&M card and associated DSP module(s) is used to interface with stand-alone analog radio systems. It encodes and packetizes the audio stream and multicasts it over an IP network. A solution will require at least one LMR Gateway router at each radio site intended to communicate within the IPICS network. The services can be provided on as low as a 1900 series router with the appropriate feature licenses and voice enabled IOS image. Thus, the cost for each LMR is roughly $2,000 - $5000.
Ideally the three components must be placed on the same multicast enabled IP network. Theoretically, there exist techniques to circumvent these requirements using, for example, Multicast over GRE tunneling, various VPN techniques etc. But such, scenarios will increase complexity and cost of design and integration. The basic components will allow the formerly isolated analog radio systems to communicate with each other in configurable, dynamic and policy based scenarios.
Optional Components and Functionality
More features and functionality can be added to the IPICS solution:
Push-To-Talk Management Console Client (PMC Client) - This software application is supported on Windows based PCs. It allows the operator to participate in radio channel monitoring or two-way communications between LMR Gateway enabled radio systems. PMC clients have thier own 'identity' on the IPICS network and can even communicate with other PMC clients, smartphones, IP phones, and PSTN phones. These are purchased as server controlled, simultaneous connection licenses roughly at $200 - $400 each.
Dispatch Console - This is a more recently added command and control application for the IPICS solution. It provides a front-end for monitoring and controlling the media resources within the IPICS 'network'. The application is also the key ingredient for integration with Cisco physical security applications. The dispatcher console can access Cisco video management systems to provide real-time video information to select personnel. This application is also licensed per active connection and managed by the IPICS server.
Policy Engine - This is a licensed feature for the IPICS server that allows connectivity to span PSTN communications devices, for example, cell phones and land-line phones. The base package includes the Policy Engine feature and a few PSTN connection licenses for roughly $10,000 to $20,000. The Policy Engine requires an IP telephony system or similar gateway to interface the IP network with the PSTN (e.g., Cisco Call Manager Express or Call Manager).
Call Manager Express (CME) or Call Manager (CM) - These IP telephony systems integrate with the IPICS server to provide PTT capabilities to Cisco IP phones. This is especially useful in environments with a supporting WLAN infrastructure whereby Cisco wireless IP phone models can participate in radio over IP communications in a somewhat mobile fashion. If an existing CME or CM system is in place it is just a matter of purchasing individual IP phone PTT licenses at about $300 each. Otherwise the cost will vary wildly to implement an entire IP telephony system for variously sized organizations. A small 25 IP phone CME system can be estimated at roughly at $20,000 to $30,000.
IPICS Mobile Client - This is a smartphone application currently available for Apple iPhones that provides another communication client option to participate in the IPICS environment. If planning to integrate IPICS 4.0 with physical security applications, this component is essential to enable multimedia collaboration. It is a free application in the Apple App store, and is licensed on a per active connection controlled on the IPICS server itself. The Mobile Client can leverage either its WiFi or 3G connectivity to access IPICS systems. Access from remote WiFi and 3G networks is enabled using the iPhone built-in Cisco VPN application.
For video surveillance applications the IPICS Dispatch Console and Mobile Client represent the most compelling optional components. Cisco has already integrated a VPN application with Apple's iPhone OS, making remote WiFi and 3G interaction with the IPICS system highly mobile. To date, I have not seen a SCCP or SIP (SIP softphones exist but work poorly with Cisco call agents) softphone client for the iPhone. Such a development would add great value to the IPICS + Cisco Call Manager (or Express) solution as the iPhone would then be able to serve as both IP phone and IPICS client within corporate or remote WiFi and 3G networks. Imagine a corporate environment where no Cisco IP phones needed to be purchased - just use your or your company issued iPhone with SCCP/SIP softphone and Mobile Client.
Network Engineering Considerations
The design, deployment and optimization of an effective IPICS solution is a fairly complex task. 'Sanctioned' installers of Cisco IPICS must qualify as an Authorized Technology Partner (ATP) channel partner. ATP designations are reserved for advanced and emerging technologies, require an invitation by Cisco, and require considerable training and lab gear investments. The field of Land Mobile Radio itself is one that requires a substantial level of expertise, experience and knowledge. Typically IPICS ATP partners must prove existing competency and industry experience in LMR and also have Cisco Certified Professional level voice specialized (CCVP) network engineer(s) on staff.
Telex and Catalyst (not to be confused with Cisco's Catalyst switches) manufacture competitive offerings to the Cisco IPICS solution. However, these solutions go head to head with Cisco's Land Mobile Radio over IP (or RoIP) functionality, which represents only one aspect of the IPICS solution.
If RoIP is the only consideration than the competing vendors can be had at a significant pricing advantage and simpler integration and usability. The flexibility and overall feature set is limited (no video or physical security extensibility), and sometimes the proprietary nature of the systems prohibit strategies to circumvent less than optimal pre-existing environments.
2 reports cite this report:
Related Reports on Audio
Most Recent Industry Reports
The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.