The latest release of IPConfigure's Orchid VMS server makes bold claims about being the "most secure" VMS.
In this brief update we take a look at what IPConfigure has added and how it will impact a typical user.
Overview ** *********** ****** ***
****** ** * ******* ***** *** ******** with ** ******* ****** **********, ** there ** **** **** *****. ****** **** claims ** "****** *****" ** *******, not ********* ********** ******** ** ********. Orchid **** ** ******** ** ******* installations (** ******* ** ****). ************, IPConfigure ****** ****** ****** ***** ** a *****-******, ****** *******.
"Most ******" ******
***********'**.* **************** **** ******* *** ******, ***** along **** ***** ******* **** **** makes ****** "*** **** ****** *** ********* *** solution *********."
What ** ****?
****** ******* ** *** ** **** it ** * ***** ********* ********, but **** ** ***** ******** **************/********** component (*** * ** ****). **** is ********** ******* ** *** ** cameras, *** ** *** **** ******** heavily *** **** *** ***** *********.
SRTP ** *****
*** **** ****** *** ** ****** streams ** ***** ************ ******* *** been ********* **** ***** (*** ********** ***** ** ********* ****/*** ****** HTTPS).
**** ** ******* ** ***** ** that ** *** ******* * ************** stream ******* * *******, *** ** has ***** ******* *** ****-********* ******* (such ** ***** ** *****) ** generally ***** ***** ******* *** **** overhead **** *****, ****** ** ** not ***** *** *********** **** ***** be ** ******** *** ***** *********** quantify *** *****.
SRTP **** ** ** ****
**** ******* ** ** ******* ********* today ** **** ** ****. ** know ** ** ********, *********** **** that **** ***** ******* ***** *** a *** ********* ******* **** ** on ***** ************* ******. ******* ** this **** ** ****** *******, *********** it *** ********** **** **** ****** to ******.
Server ** ****** ****
***********'* "**** ******" ****** **** ***** to *** ************ **************. ***** ** no ******* ** ******** ****** *** Camera->Server **** ******, *** ************* *** camera ***** **** ** ** ****** vector **** *** *** ** ****** to ******* ******* ** ******** ****** without *** ****** ******** ************ ** this ******* ********* *** ************.
Secure ********* **** *********
**** **** ******** ****** ********* *** *********** is ********** ** ******* ********* ********* from ***** ******* ** *******. **** is *** ********* **** *****. *******, multicast ** ****** ******** ** ******* *********** and ** *** ******* **** ** ****** ones, ****** **** **** ******* *************.
Certificate ******* *** ** *******
******* ** *** ****** ******** *** HTTPS/SRTP ******** *********** **********, ******* *** installation. *** ********* *** ******* ***** steps ** ***** ***, ** *********** can ******* **** ** * ****-*** service *** $***/******.
Impact ****** ** ** *******
************** ******** ** (***) ****** ******* awareness ** *** ******** ******, *** while ***** *** ****** ** **** about ********, ** ***** ***** ** rank ******** *** ** *** ******** chart. ********* **** ****** ** ***** security ****** *** ** ************* **** more ********* ******* / ******** *****, outside ** ******'* ************. ** ** not anticipate ***** ******** ************ ** **** a ***** ****** ****** ******* *** could **** *********** *** **** **** end, ******** ********* *****.
Setting up web server security for HTTPS/SRTP requires certificate generation, signing and installation. The installer can perform these steps on their own, or IPConfigure can provide this as a turn-key service for $500/server.
I'm not sure how that reconciles with this answer given here:
As a design decision, Orchid does not support self-signed certificates without a CA.
I was trying to not get bogged down in minor details on this post.
I didn't mean to imply that you could self-sign your cert, just that you can create a cert/signing request on your own, get it signed, and install the cert all without having to pay IPConfigure $500.
I was trying to not get bogged down in minor details on this post.
I appreciate that. No worries:)
The thing is that since this is aimed at small installations, the added cost of someone having to register and renew a yearly CA is non-trivial.
Verisign is at least a couple hundred a year.
What does an 8-user Orchid Core license cost?
Unless, I'm misunderstand Dr. Tompkins, to use the secure VMS, you need to
Though I may be misunderstanding. What is your interpretation?
UD1,
You can use Orchid out of the box in its unencrypted mode. If you want to enable encrypted mode and you elect to configure this yourself, you need to:
As long as an integrator or end-user is even passingly technical, this is an easy and well-documented process.
Our $500 service offering is designed for those who are willing to pay for a completely turn-key configuration solution.
With respect to cost, Orchid is licensed on a per-camera basis ($69 MSRP); there is no restriction on the number of users.
UD1,
Both of those points are consistent. In the first, I meant that an integrator/end-user could purchase a normal TLS certificate from the likes of Digicert, Thawte, Symantec, etc. and install that certificate themselves without paying the $500 for our turn-key certificate installation service.
In the second point, I meant that our SRTP client will reject all self-signed certificates unless you are acting as your own Certificate Authority and configure all of your clients to accept your own root CA.
Best,
Cort Tompkins
VP Engineering, IPConfigure
Legitimate TLS/SSL certificates recognized by all major browsers can now be had for free: https://letsencrypt.org/
Update: Genetec reports that their most recent 5.4 Security Center release supports SRTP from server to clients.
