IPconfigure New Release Claims 'Most Secure' VMS

By: Brian Karas, Published on Mar 09, 2016

The latest release of IPConfigure's Orchid VMS server makes bold claims about being the "most secure" VMS.

In this brief update we take a look at what IPConfigure has added and how it will impact a typical user.

*** ****** ******* ** IPConfigure's ****** *** ****** makes **** ****** ***** being *** "**** ******" VMS.

** **** ***** ****** we **** * **** at **** *********** *** added *** *** ** will ****** * ******* user.

[***************]

Overview ** *********** ****** ***

****** ** * ******* ***** VMS ******** **** ** Windows ****** **********, ** there ** **** **** *****. Orchid **** ****** ** "mobile *****" ** *******, not ********* ********** ******** or ********.  ****** **** is ******** ** ******* installations (** ******* ** less). ************, *********** ****** Orchid ****** ***** ** a *****-******, ****** *******.

"Most ******" ******

***********'**.* **************** **** ******* *** Orchid, ***** ***** **** other ******* **** **** makes ****** "*** **** ****** *** efficient *** ******** *********."

What ** ****?

****** ******* ** *** in **** ** ** a ***** ********* ********, but **** ** ***** security **************/********** ********* (*** S ** ****).  **** is ********** ******* ** for ** *******, *** it *** **** ******** heavily *** **** *** other *********.  

SRTP ** *****

*** **** ****** *** to ****** ******* ** video ************ ******* *** been ********* **** ***** (see ********** ***** ** ********* RTSP/RTP ****** *****).

**** ** ******* ** HTTPS ** **** ** can ******* * ************** stream ******* * *******, but ** *** ***** benefit *** ****-********* ******* (such ** ***** ** video) ** ********* ***** lower ******* *** **** overhead **** *****, ****** it ** *** ***** how *********** **** ***** be ** ******** *** could *********** ******** *** gains.

SRTP **** ** ** ****

**** ******* ** ** cameras ********* ***** ** rare ** ****. ** know ** ** ********, IPConfigure **** **** **** Cisco ******* ***** *** a *** ********* ******* list ** ** ***** specification ******. ******* ** this **** ** ****** support, *********** ** *** supporting **** **** ****** to ******.

Server ** ****** ****

***********'* "**** ******" ****** only ***** ** *** ServerClient **************.  ***** ** no ******* ** ******** around *** ******->****** **** stream, *** ************* *** camera ***** **** ** an ****** ****** **** the *** ** ****** to ******* ******* ** replaced ****** ******* *** Orchid ******** ************ ** this ******* ********* *** notification.

Secure ********* **** *********

**** **** ******** ****** ********* and *********** ** ********** to ******* ********* ********* from ***** ******* ** clients. **** ** *** available **** *****. *******, multicast ** ****** ******** ** smaller *********** *** ** not ******* **** ** ****** ones, ****** **** **** limited *************.

Certificate ******* *** ** *******

******* ** *** ****** security *** *****/**** ******** certificate **********, ******* *** installation.  *** ********* *** perform ***** ***** ** their ***, ** *********** can ******* **** ** a ****-*** ******* *** $500/server. 

Impact ****** ** ** *******

************** ******** ** (***) slowly ******* ********* ** the ******** ******, *** while ***** *** ****** to **** ***** ********, it ***** ***** ** rank ******** *** ** the ******** *****. ********* most ****** ** ***** security ****** *** ** organizations **** **** ********* feature / ******** *****, outside ** ******'* ************.  We ** *** ********** ***** security ************ ** **** a ***** ****** ****** overall *** ***** **** IPConfigure *** **** **** end, ******** ********* *****. 

Comments (7)

Setting up web server security for HTTPS/SRTP requires certificate generation, signing and installation. The installer can perform these steps on their own, or IPConfigure can provide this as a turn-key service for $500/server.

I'm not sure how that reconciles with this answer given here:

As a design decision, Orchid does not support self-signed certificates without a CA.

I was trying to not get bogged down in minor details on this post.

I didn't mean to imply that you could self-sign your cert, just that you can create a cert/signing request on your own, get it signed, and install the cert all without having to pay IPConfigure $500.

I was trying to not get bogged down in minor details on this post.

I appreciate that. No worries:)

The thing is that since this is aimed at small installations, the added cost of someone having to register and renew a yearly CA is non-trivial.

Verisign is at least a couple hundred a year.

What does an 8-user Orchid Core license cost?

Unless, I'm misunderstand Dr. Tompkins, to use the secure VMS, you need to

  1. Already have a trusted cert
  2. Buy one from them for $500
  3. Get one from someone else $$ ?

Though I may be misunderstanding. What is your interpretation?

UD1,

You can use Orchid out of the box in its unencrypted mode. If you want to enable encrypted mode and you elect to configure this yourself, you need to:

  1. Generate a private key on your Orchid server.
  2. Buy a TLS/SSL certificate. Certificates signed by a "big name" root CA and accepted in all modern browsers can be had for less than $50/yr.
  3. Put your private key and certificate files in a directory, edit a text file, restart Orchid.

As long as an integrator or end-user is even passingly technical, this is an easy and well-documented process.

Our $500 service offering is designed for those who are willing to pay for a completely turn-key configuration solution.

With respect to cost, Orchid is licensed on a per-camera basis ($69 MSRP); there is no restriction on the number of users.

UD1,

Both of those points are consistent. In the first, I meant that an integrator/end-user could purchase a normal TLS certificate from the likes of Digicert, Thawte, Symantec, etc. and install that certificate themselves without paying the $500 for our turn-key certificate installation service.

In the second point, I meant that our SRTP client will reject all self-signed certificates unless you are acting as your own Certificate Authority and configure all of your clients to accept your own root CA.

Best,
Cort Tompkins
VP Engineering, IPConfigure

Legitimate TLS/SSL certificates recognized by all major browsers can now be had for free: https://letsencrypt.org/

Update: Genetec reports that their most recent 5.4 Security Center release supports SRTP from server to clients.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on VMS

Open vs End-to-End Systems: Integrator Statistics 2019 on Nov 11, 2019
Preference for open systems is on the decline, according to new IPVM statistics. We asked integrators: For video surveillance systems, do you...
Rhombus Cameras, VMS and Analytics Tested on Nov 06, 2019
Rhombus boasts they have created "the new standard in Enterprise, cloud-managed video security" and told IPVM in January 2019 they offer twice the...
90+ Companies Profile Directory on Nov 06, 2019
While IPVM covers the largest companies in the industry regularly (like Axis, Dahua, Hikvision, etc.), IPVM strives to do a profile post on each...
Aiphone Video Intercom Tested (IX Series 2) on Nov 05, 2019
Aiphone was one of integrator's favorite intercom manufacturers but how well do their products work? The company's newest offering, the IX Series 2...
Avigilon Appearance Search Tested on Oct 30, 2019
Avigilon Appearance Search claims that it "sorts through hours of video with ease, to quickly locate a specific person or vehicle of interest...
Remote Access (DDNS vs P2P vs VPN) Usage Statistics on Oct 25, 2019
Remote access can make systems more usable but also more vulnerable. How are integrators delivring remote access in 2019? How many are using...
Security Canada Central Show Report 2019 on Oct 24, 2019
IPVM attended Security Canada Central in Toronto to see what is new in the Canadian market. Inside, we share videos and dozens of images...
Illustra Pro Gen3 4K Camera Tested on Oct 23, 2019
Johnson Controls has released the latest generation in their Illustra Pro line, the Pro Mini-Dome Gen 3, a non-OEM model claiming to "optimize...
Access Control Door Controllers Guide on Oct 22, 2019
Door controllers are at the center of physical access control systems connecting software, readers, and locks. Despite being buried inside...
Alarm.com Acquires OpenEye on Oct 21, 2019
Alarm.com is targeting commercial expansion and now they have a commercial cloud VMS with the acquisition of OpenEye. In this note, based on...

Most Recent Industry Reports

Hidden Camera Detectors Tested on Nov 18, 2019
Hidden cameras are a growing problem as cameras become smaller, cheaper and easier to access. However, some companies claim to be able to detect...
Wyze Fires Back at JCI - Your Patents Are Invalid, Pay All Of Our Costs on Nov 18, 2019
Goliath JCI targeted startup Wyze this summer alleging the fast-growing consumer startup was violating a slew of JCI's patents. Now, Wyze has...
ADT Stock Surges - "Leading The Commercial Space" on Nov 15, 2019
Don't call it comeback... but maybe call it a commercial provider. ADT, whose stock dropped by as much as 2/3rds since IPOing in 2018, has now...
Gatekeeper Security Company Profile - Detecting Faces Inside Vehicles on Nov 14, 2019
Border security is a common discussion in mainstream US news and politics, as is the use of banned Chinese equipment by US Government agencies....
Hikvision CEO And Vice-Chair Under PRC Government Investigation on Nov 14, 2019
In a surprising and globally covered move, Hikvision CEO Hu Yangzhong and Vice-Chairman Gong Hongjia are being investigated by China's securities...
Camera Field of View (FoV) Guide on Nov 13, 2019
Field of View (FoV) and Angle of View (AoV), are deceptively complex. At their most basic, they simply describe what the camera can "see" and seem...
UK Big Brother Watch: Hikvision Is 'Morally Bankrupt' on Nov 13, 2019
UK civil liberties advocate Big Brother Watch has condemned Hikvision as being 'morally bankrupt' following IPVM exposing Hikvision marketing...
Color Low Light Mega Camera Shootout - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Panasonic, Speco, Sony, Vivotek on Nov 12, 2019
This is the biggest color low light shootout ever, testing 20+ super low light models from 10 manufacturers: Increasingly, each manufacturer...
Wireless / WiFi Access Lock Guide on Nov 12, 2019
For some access openings, running wires can add thousands in cost, and wireless alternatives that avoid it becomes appealing. But using wireless...