IPconfigure New Release Claims 'Most Secure' VMS

By Brian Karas, Published Mar 09, 2016, 12:00am EST

The latest release of IPConfigure's Orchid VMS server makes bold claims about being the "most secure" VMS.

In this brief update we take a look at what IPConfigure has added and how it will impact a typical user.

Overview ** *********** ****** ***

****** ** * ******* ***** VMS ******** **** ** Windows ****** **********, ** there ** **** **** *****. Orchid **** ****** ** "mobile *****" ** *******, not ********* ********** ******** or ********.  ****** **** is ******** ** ******* installations (** ******* ** less). ************, *********** ****** Orchid ****** ***** ** a *****-******, ****** *******.

"Most ******" ******

***********'**.* **************** **** ******* *** Orchid, ***** ***** **** other ******* **** **** makes ****** "*** **** ****** *** efficient *** ******** *********."

What ** ****?

****** ******* ** *** in **** ** ** a ***** ********* ********, but **** ** ***** security **************/********** ********* (*** S ** ****).  **** is ********** ******* ** for ** *******, *** it *** **** ******** heavily *** **** *** other *********.  

SRTP ** *****

*** **** ****** *** to ****** ******* ** video ************ ******* *** been ********* **** ***** (see ********** ***** ** ********* RTSP/RTP ****** *****).

**** ** ******* ** HTTPS ** **** ** can ******* * ************** stream ******* * *******, but ** *** ***** benefit *** ****-********* ******* (such ** ***** ** video) ** ********* ***** lower ******* *** **** overhead **** *****, ****** it ** *** ***** how *********** **** ***** be ** ******** *** could *********** ******** *** gains.

SRTP **** ** ** ****

**** ******* ** ** cameras ********* ***** ** rare ** ****. ** know ** ** ********, IPConfigure **** **** **** Cisco ******* ***** *** a *** ********* ******* list ** ** ***** specification ******. ******* ** this **** ** ****** support, *********** ** *** supporting **** **** ****** to ******.

Server ** ****** ****

***********'* "**** ******" ****** only ***** ** *** ServerClient **************.  ***** ** no ******* ** ******** around *** ******->****** **** stream, *** ************* *** camera ***** **** ** an ****** ****** **** the *** ** ****** to ******* ******* ** replaced ****** ******* *** Orchid ******** ************ ** this ******* ********* *** notification.

Secure ********* **** *********

**** **** ******** ****** ********* and *********** ** ********** to ******* ********* ********* from ***** ******* ** clients. **** ** *** available **** *****. *******, multicast ** ****** ******** ** smaller *********** *** ** not ******* **** ** ****** ones, ****** **** **** limited *************.

Certificate ******* *** ** *******

******* ** *** ****** security *** *****/**** ******** certificate **********, ******* *** installation.  *** ********* *** perform ***** ***** ** their ***, ** *********** can ******* **** ** a ****-*** ******* *** $500/server. 

Impact ****** ** ** *******

************** ******** ** (***) slowly ******* ********* ** the ******** ******, *** while ***** *** ****** to **** ***** ********, it ***** ***** ** rank ******** *** ** the ******** *****. ********* most ****** ** ***** security ****** *** ** organizations **** **** ********* feature / ******** *****, outside ** ******'* ************.  We ** *** ********** ***** security ************ ** **** a ***** ****** ****** overall *** ***** **** IPConfigure *** **** **** end, ******** ********* *****. 

Comments (7)

Undisclosed #1

IPVMU Certified | 03/09/16 06:10pm

Setting up web server security for HTTPS/SRTP requires certificate generation, signing and installation. The installer can perform these steps on their own, or IPConfigure can provide this as a turn-key service for $500/server.

I'm not sure how that reconciles with this answer given here:

As a design decision, Orchid does not support self-signed certificates without a CA.

Avatar

Brian Karas

IPVM | In reply to Undisclosed #1 | 03/09/16 07:20pm

I was trying to not get bogged down in minor details on this post.

I didn't mean to imply that you could self-sign your cert, just that you can create a cert/signing request on your own, get it signed, and install the cert all without having to pay IPConfigure $500.

Undisclosed #1

IPVMU Certified | In reply to Brian Karas | 03/09/16 08:01pm

I was trying to not get bogged down in minor details on this post.

I appreciate that. No worries:)

The thing is that since this is aimed at small installations, the added cost of someone having to register and renew a yearly CA is non-trivial.

Verisign is at least a couple hundred a year.

What does an 8-user Orchid Core license cost?

Unless, I'm misunderstand Dr. Tompkins, to use the secure VMS, you need to

  1. Already have a trusted cert
  2. Buy one from them for $500
  3. Get one from someone else $$ ?

Though I may be misunderstanding. What is your interpretation?

Avatar

R. Cortland Tompkins, PhD

IPConfigure, Inc.
In reply to Undisclosed #1 | 03/10/16 12:44am

UD1,

You can use Orchid out of the box in its unencrypted mode. If you want to enable encrypted mode and you elect to configure this yourself, you need to:

  1. Generate a private key on your Orchid server.
  2. Buy a TLS/SSL certificate. Certificates signed by a "big name" root CA and accepted in all modern browsers can be had for less than $50/yr.
  3. Put your private key and certificate files in a directory, edit a text file, restart Orchid.

As long as an integrator or end-user is even passingly technical, this is an easy and well-documented process.

Our $500 service offering is designed for those who are willing to pay for a completely turn-key configuration solution.

With respect to cost, Orchid is licensed on a per-camera basis ($69 MSRP); there is no restriction on the number of users.

Avatar

R. Cortland Tompkins, PhD

IPConfigure, Inc.
In reply to Undisclosed #1 | 03/09/16 07:31pm

UD1,

Both of those points are consistent. In the first, I meant that an integrator/end-user could purchase a normal TLS certificate from the likes of Digicert, Thawte, Symantec, etc. and install that certificate themselves without paying the $500 for our turn-key certificate installation service.

In the second point, I meant that our SRTP client will reject all self-signed certificates unless you are acting as your own Certificate Authority and configure all of your clients to accept your own root CA.

Best,
Cort Tompkins
VP Engineering, IPConfigure

Tony Karian

IPVMU Certified | In reply to R. Cortland Tompkins, PhD | 03/11/16 05:45am

Legitimate TLS/SSL certificates recognized by all major browsers can now be had for free: https://letsencrypt.org/

John Honovich

IPVM | 03/23/16 12:30pm

Update: Genetec reports that their most recent 5.4 Security Center release supports SRTP from server to clients.

Read this IPVM report for free.

This article is part of IPVM's 6,746 reports, 909 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports