IT Tutorial for Physical Security Managers

Author: John Honovich, Published on Feb 07, 2009

Much of the fear in IT convergence comes from new technology and operational issues of using IT for physical security systems. The goal of this tutorial is to explain the key concepts and issues involved for security managers using IT for physical security systems.

What do You Need to Know?

Security managers do not need to become IT experts to manage deployments of IT based security systems. However, they do need to know the main limitations and concerns of using IT systems. 

Very few individuals are IT experts, even in IT. Ask an IT engineer about their manager and they are likely to say "How did this guy become my boss?" Do the same for IT salespeople and the response is usually, "Why did he tell them we could do that?" 

For better or worse, projects get done in IT with most people lacking critical IT skills. Do not worry about becoming an IT expert - most of your peers in IT are not even experts.

The Key Issues

Here are the 5 key issues you should understand:

  • Using IP Addresses
  • Using network bandwidth
  • Ensuring your systems meet IS standards
  • Enabling remote access
  • Handling installation and service

For most projects, if you address and handle each of these 8 issues, your project should proceed smoothly.

IP Addresses

Every device connected to the network is assigned an IP address - your laptop, your desktop, your IP phones, your DVRs, etc., etc.  However, there are a limited number of IP addresses available. In most organizations, especially large ones, IP addresses are carefully tracked and allocated deliberatively.

Most security systems, whether it is a DVR or an access control panel, need an IP address so that you can remotely view or control the device. Moreover, you usually need that address permanently so you typically request a static, non-changing address.

If you are using analog cameras, they do not need an IP address because they are connected by a dedicated cable to a DVR. However, each IP cameras does need an IP address. If you are going with IP, you certainly need far more IP addresses than with a DVR. On average about 10 - 20 times as many IP addresses are needed for IP than for analog.

Most IT organizations will have IP addresses available but you need to clearly request (1) how many and (2) the use of those IP addresses. In bigger organizations, getting an approval can sometimes take weeks. In smaller organizations, it can be as simple as confirming with the on-site IT manager.

Network Bandwidth

Bandwidth is a critical aspect of IP based video systems. It is important to understand how much bandwidth is available in a network compared to how much bandwidth a video surveillance system requires. Please read my tutorial on bandwidth for the basics on this key issue.

The most important element impacting bandwidth is what you do about recording. This is because most video surveillance applications record far more frequently than they are viewed.

Using DVRs

If you record using a DVR with analog cameras, there will be no bandwidth impact when it comes to recording. The only time bandwidth will be used is when a remote viewer requests video.

Using IP Cameras

If you record using IP cameras or encoders, bandwidth will be consumed from the location of those devices to the place where the recorder is. The key concern is whether the recorder is in the same building as the cameras. Usually when they are, significant amount of bandwidth is available. However, if you try to place a video recorder in a different building than the cameras, you often hit major problems with insufficient bandwidth.

When using IP cameras or encoders, you do need to know the capabilities of your local network. For instance, some banks and retailer still have low speed hubs in their sites. IP cameras would crash these networks. On the other hand, many universities have super high speed networks that can easily transport all of your cameras.

Separate Infrastructure

A common practice when IP cameras are close to the recorder is to simply install dedicated networking equipment to connect the cameras to the recorder. This is a low cost technique that eliminates most bandwidth concerns. In this way, IT does not worry about surveillance video impacting the general company network.

Enabling Remote Access

Whether you are IP or analog, you will need to provide access to view video remotely. Inside of the corporate network, this is usually just an issue with bandwidth. The most accepted technique by IT departments and supported by video recorder vendors is to implement a bandwidth throttle. What IT is most concerned about is that one day, you will need to view lots of video remotely and you will bring the network down.

Bandwidth Throttles

Bandwidth throttling is a software feature supported in most video recorders that restricts the recorder from only sending a set amount of bandwidth to remote viewers. For instance, let's say you have a branch office or a remote store that only has a DSL or cable modem connection.  The bandwidth throttle can be set so that the recorder never uses more than 25% or 50% (or whatever level you set) of the amount of bandwidth available.

This almost always eliminates IT concerns over bandwidth. They may want to test it but once that passes, it usually is approved.

Information Security

IT cares about security systems that connect to the network because those devices can be sources of carriers of information security problems. Fundamentally, the concern over security systems is the same as letting your teenager's laptop connect to a corporate LAN. IT does not know what is on those systems and what, if anything, is being done to protect them.

There are 2 fundamental ways IT can readily approve a device to connect to the network:
  • The device (e.g., DVR) is treated exactly the same as any PCs in the network (same anti-virus, firewalls, restrictions on applications, etc.)
  • The device is deemed a network appliance (like a switch, router, ip telephone) and does not need any additional security measures.

What IT departments definitely do not want is a security device that is essentially someone else's home-built PC. In other words, if your DVR is essentially a PC loaded with a Windows OS and an application to manage video, many IT organizations are going to see this device as an unacceptable risk.

This is why software only video management systems are so favorable to Information Security inspections. The VMS is simply seen as another application running on a standard PC with standard Information Security standards applied.

Alternatively, if IT accepts your security device is an appliance similar to a router or ip telephone, they will often allow the device to be installed with no further action. This is one of the reasons that Linux or embedded DVRs have become so popular.  Indeed, most telephone or switches are simply Linux or embedded applications running on a computer.

IT departments verify and approve in a variety of ways. Some simply have a phone call. Others will want to check product documentation. More demanding organizations will require vendors to complete an information security review. the most demanding will actually have a unit sent in for testing and analysis.

Handling Installation and Service

IP addresses, bandwidth and information security are generally the big 3 disqualifiers for connecting security systems to IT networks. Beyond that, the next big issue is who does the work - meaning who is going to install and service the equipment.

Historically, security equipment was entirely managed, from install to lifetime service, by security integrators. IT was not directly responsible and would only get involved if there was a specific issue like (a) the network is out, (b) an IP address conflict, or (c) an information security problem. Still today, lots of projects are managed in this way.

Every physical security manager needs to determine how they want to handle this. Many will continue to use their security integrator because it is a known and established practice.

To the extent that IT becomes responsible for doing the installation or the service, the more they will want hardware that is consistent with their existing selections. For instance, if IT is responsible, they will prefer purchasing servers and storage from their existing suppliers (rather than from a video surveillance manufacturer).

A key aspect is understanding the IT department's level of interest in doing this. Some want no part in security projects, others will be aggressive about managing it. This will be a function of budget and ambition on the part of IT. On the positive side, IT may be able to reduce costs of hardware because of their volume contracts and direct purchasing. On the downside, IT may not want or be able to take on this project (especially because of increasing budget cuts).

Conclusions

While the best technology for your specific risks should drive your product selection, a number of important IT elements must be taken into consideration. By appreciating and ensuring that each of these 5 areas are factored in, you should be able to smoothly gain IT's support for your project.

**** ** *** **** ** ** *********** ***** **** *** technology *** *********** ****** ** ***** ** *** ******** ******** systems. *** **** ** **** ******** ** ** ******* *** key ******** *** ****** ******** *** ******** ******** ***** ** for ******** ******** *******.

What ** *** **** ** ****?

******** ******** ** *** **** ** ****** ** ******* ** manage *********** ** ** ***** ******** *******. *******, **** ** need ** **** *** **** *********** *** ******** ** ***** IT *******. 

**** *** *********** *** ** *******, **** ** **. *** an ** ******** ***** ***** ******* *** **** *** ****** to *** "*** *** **** *** ****** ** ****?" ** the **** *** ** *********** *** *** ******** ** *******, "Why *** ** **** **** ** ***** ** ****?" 

*** ****** ** *****, ******** *** **** ** ** **** most ****** ******* ******** ** ******. ** *** ***** ***** becoming ** ** ****** - **** ** **** ***** ** IT *** *** **** *******.

The *** ******

**** *** *** * *** ****** *** ****** **********:

  • ***** ** *********
  • ***** ******* *********
  • ******** **** ******* **** ** *********
  • ******** ****** ******
  • ******** ************ *** *******

*** **** ********, ** *** ******* *** ****** **** ** these * ******, **** ******* ****** ******* ********.

IP *********

***** ****** ********* ** *** ******* ** ******** ** ** address - **** ******, **** *******, **** ** ******, **** DVRs, ***., ***.  *******, ***** *** * ******* ****** ** IP ********* *********. ** **** *************, ********** ***** ****, ** addresses *** ********* ******* *** ********* **************.

**** ******** *******, ******* ** ** * *** ** ** access ******* *****, **** ** ** ******* ** **** *** can ******** **** ** ******* *** ******. ********, *** ******* need **** ******* *********** ** *** ********* ******* * ******, non-changing *******.

** *** *** ***** ****** *******, **** ** *** **** an ** ******* ******* **** *** ********* ** * ********* cable ** * ***. *******, **** ** ******* **** **** an ** *******. ** *** *** ***** **** **, *** certainly **** *** **** ** ********* **** **** * ***. On ******* ***** ** - ** ***** ** **** ** addresses *** ****** *** ** **** *** ******.

**** ** ************* **** **** ** ********* ********* *** *** need ** ******* ******* (*) *** **** *** (*) *** use ** ***** ** *********. ** ****** *************, ******* ** approval *** ********* **** *****. ** ******* *************, ** *** be ** ****** ** ********** **** *** **-**** ** *******.

Network *********

********* ** * ******** ****** ** ** ***** ***** *******. It ** ********* ** ********** *** **** ********* ** ********* in * ******* ******** ** *** **** ********* * ***** surveillance ****** ********. ****** **** ********** ** ************ *** ****** ** **** *** *****.

*** **** ********* ******* ********* ********* ** **** *** ** about *********. **** ** ******* **** ***** ************ ************ ****** far **** ********** **** **** *** ******.

***** ****

** *** ****** ***** * *** **** ****** *******, ***** will ** ** ********* ****** **** ** ***** ** *********. The **** **** ********* **** ** **** ** **** * remote ****** ******** *****.

***** ** *******

** *** ****** ***** ** ******* ** ********, ********* **** be ******** **** *** ******** ** ***** ******* ** *** place ***** *** ******** **. *** *** ******* ** ******* the ******** ** ** *** **** ******** ** *** *******. Usually **** **** ***, *********** ****** ** ********* ** *********. However, ** *** *** ** ***** * ***** ******** ** a ********* ******** **** *** *******, *** ***** *** ***** problems **** ************ *********.

**** ***** ** ******* ** ********, *** ** **** ** know *** ************ ** **** ***** *******. *** ********, **** banks *** ******** ***** **** *** ***** **** ** ***** sites. ** ******* ***** ***** ***** ********. ** *** ***** hand, **** ************ **** ***** **** ***** ******** **** *** easily ********* *** ** **** *******.

******** **************

* ****** ******** **** ** ******* *** ***** ** *** recorder ** ** ****** ******* ********* ********** ********* ** ******* the ******* ** *** ********. **** ** * *** **** technique **** ********** **** ********* ********. ** **** ***, ** does *** ***** ***** ************ ***** ********* *** ******* ******* network.

******** ****** ******

******* *** *** ** ** ******, *** **** **** ** provide ****** ** **** ***** ********. ****** ** *** ********* network, **** ** ******* **** ** ***** **** *********. *** most ******** ********* ** ** *********** *** ********* ** ***** recorder ******* ** ** ********* * ********* ********. **** ** is **** ********* ***** ** **** *** ***, *** **** need ** **** **** ** ***** ******** *** *** **** bring *** ******* ****.

********* *********

********* ********** ** * ******** ******* ********* ** **** ***** recorders **** ********* *** ******** **** **** ******* * *** amount ** ********* ** ****** *******. *** ********, ***'* *** you **** * ****** ****** ** * ****** ***** **** only *** * *** ** ***** ***** **********.  *** ********* throttle *** ** *** ** **** *** ******** ***** **** more **** **% ** **% (** ******** ***** *** ***) of *** ****** ** ********* *********.

**** ****** ****** ********** ** ******** **** *********. **** *** want ** **** ** *** **** **** ******, ** ******* is ********.

Information ********

** ***** ***** ******** ******* **** ******* ** *** ******* because ***** ******* *** ** ******* ** ******** ** *********** security ********. *************, *** ******* **** ******** ******* ** *** same ** ******* **** ********'* ****** ******* ** * ********* LAN. ** **** *** **** **** ** ** ***** ******* and ****, ** ********, ** ***** **** ** ******* ****.

***** *** * *********** **** ** *** ******* ******* * device ** ******* ** *** *******:
  • *** ****** (*.*., ***) ** ******* ******* *** **** ** any *** ** *** ******* (**** ****-*****, *********, ************ ** applications, ***.)
  • *** ****** ** ****** * ******* ********* (**** * ******, router, ** *********) *** **** *** **** *** ********** ******** measures.

**** ** *********** ********** ** *** **** ** * ******** device **** ** *********** ******* ****'* ****-***** **. ** ***** words, ** **** *** ** *********** * ** ****** **** a ******* ** *** ** *********** ** ****** *****, **** IT ************* *** ***** ** *** **** ****** ** ** unacceptable ****.

**** ** *** ******** **** ***** ********** ******* *** ** favorable ** *********** ******** ***********. *** *** ** ****** **** as ******* *********** ******* ** * ******** ** **** ******** Information ******** ********* *******.

*************, ** ** ******* **** ******** ****** ** ** ********* similar ** * ****** ** ** *********, **** **** ***** allow *** ****** ** ** ********* **** ** ******* ******. This ** *** ** *** ******* **** ***** ** ******** DVRs **** ****** ** *******.  ******, **** ********* ** ******** are ****** ***** ** ******** ************ ******* ** * ********.

** *********** ****** *** ******* ** * ******* ** ****. Some ****** **** * ***** ****. ****** **** **** ** check ******* *************. **** ********* ************* **** ******* ******* ** complete ** *********** ******** ******. *** **** ********* **** ******** have * **** **** ** *** ******* *** ********.

Handling ************ *** *******

** *********, ********* *** *********** ******** *** ********* *** *** 3 ************* *** ********** ******** ******* ** ** ********. ****** that, *** **** *** ***** ** *** **** *** **** - ******* *** ** ***** ** ******* *** ******* *** equipment.

************, ******** ********* *** ******** *******, **** ******* ** ******** service, ** ******** ***********. ** *** *** ******** *********** *** would **** *** ******** ** ***** *** * ******** ***** like (*) *** ******* ** ***, (*) ** ** ******* conflict, ** (*) ** *********** ******** *******. ***** *****, **** of ******** *** ******* ** **** ***.

***** ******** ******** ******* ***** ** ********* *** **** **** to ****** ****. **** **** ******** ** *** ***** ******** integrator ******* ** ** * ***** *** *********** ********.

** *** ****** **** ** ******* *********** *** ***** *** installation ** *** *******, *** **** **** **** **** ******** that ** ********** **** ***** ******** **********. *** ********, ** IT ** ***********, **** **** ****** ********** ******* *** ******* from ***** ******** ********* (****** **** **** * ***** ************ manufacturer).

* *** ****** ** ************* *** ** **********'* ***** ** interest ** ***** ****. **** **** ** **** ** ******** projects, ****** **** ** ********** ***** ******** **. **** **** be * ******** ** ****** *** ******** ** *** **** of **. ** *** ******** ****, ** *** ** **** to ****** ***** ** ******** ******* ** ***** ****** ********* and ****** **********. ** *** ********, ** *** *** **** or ** **** ** **** ** **** ******* (********** ******* of ********** ****** ****).

***********

***** *** **** ********** *** **** ******** ***** ****** ***** your ******* *********, * ****** ** ********* ** ******** **** be ***** **** *************. ** ************ *** ******** **** **** of ***** * ***** *** ******** **, *** ****** ** able ** ******** **** **'* ******* *** **** *******.

[***************]

******** ***** ******** *** ******** ******** ********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...
IP Camera Specification / RFP Guide 2017 on Aug 14, 2017
RFPs are hard. Do them 'right' and it takes a lot of knowledge and time. Do them 'wrong' and you can be (a) unwittingly locked into a specific...
Competing Against Schneider Electric on Aug 04, 2017
Schneider Electric overall does ~$30 billion USD annual revenue. One of its many parts is a building / security systems integrator. Another is...
Access Control Commissioning / Install Checklist on Aug 03, 2017
This 80+ point checklist helps end users, integrators and consultants verify that access control installation is complete. It covers the following...
Dahua 4K Turret Tested Vs Hikvision (N84BG44 ) on Aug 02, 2017
Dahua has released their latest low cost 4K model, the N84BG44, claiming Smart H.265+ and 50m IR range. We bought and tested this new model against...
IR Surveillance Guide on Jul 31, 2017
Infrared (IR) has become an increasing core component to video surveillance systems. In particular, the expansion of integrated IR cameras that...
$8 Billion Utility Georgia Power Enters Surveillance Business Offering Avigilon And Genetec on Jul 19, 2017
Utilities are typically considered major customers of surveillance integrators but one utility, Georgia Power, with $8+ billion in annual revenue...
Convergint Total Recall CrimeEye Product Profile on Jul 11, 2017
Deploying video surveillance in metropolitan areas often brings challenges, including lack of infrastructure or excessive costs to extend...

Most Recent Industry Reports

Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Sony Next Gen HD Dome Camera Tested (SNC-EM642R) on Aug 18, 2017
Sony has released their latest generation, claiming improved WDR and low light, increased IR range, and more. We tested the SNC-EM642R outdoor IR...
IP Networking Course September 2017 on Aug 17, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...
Axis and Arecont Legal Conflict Over Multi-Imager Cameras on Aug 17, 2017
Arecont threatened Axis. Axis has responded by moving to invalidate an Arecont patent. It is an important contest. Multi-imagers are Arecont's...
Directory Of Consumer Security Cameras on Aug 16, 2017
The consumer camera segment continues to grow, with new startups and models from existing players released seemingly every month. In this report we...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...
Hikvision Responds To Cracked Security Codes on Aug 15, 2017
Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...
Stolen Video NVR / DVR Statistics on Aug 15, 2017
"But what happens if someone steals my recorder?" Anyone who has done more than a handful of jobs has probably heard this question several times....
Hikvision Europe Cutting Out Unauthorized End User Sales on Aug 15, 2017
The days of anyone buying Hikvision from anywhere off the Internet are numbered, at least in Europe, if Hikvision's plan comes to fruition. In...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact