May 20 2013
5 Comments
SecuritySpy

Adding a Camera Unknown to SecuritySpy

We have an extensive list of cameras that are known to be compatible with SecuritySpy. All these cameras have profiles built into SecuritySpy, making for a quick and easy setup in most cases.

However, it’s a fast-changing market and new cameras are continuously being released. While we do our best to release frequent updates that support these new cameras, it’s a difficult task. You may find yourself intending to use a particular camera that is not yet on our list – this blog post will show you how.

The main requirement for a camera to be compatible with SecuritySpy is that the camera is capable of sending data in either of these two formats:

  • JPEG over HTTP (sometimes called MJPEG or “server-push”)
  • JPEG, MPEG-4 or H.264 over RTSP

This blog post will concentrate on RTSP, because this is the standard format for all modern network cameras.

The first thing to do is to check that your camera supports the RTSP protocol. Most do, and certainly all ONVIF-compatible cameras do. For some cameras, you will need to navigate through its settings pages with a web browser in order to find an option to enable RTSP, however for most cameras it will be enabled by default.

Next, you will need to find out the “request” that the camera understands for sending its RTSP data. This is a short string of text, and might be described in documentation as an “RTSP request” or “RTSP URI”.

There are a few different ways you might be able to discover what this request is:

  • Via the camera’s web interface. Many cameras show the RTSP request string in the section of the settings where the video streams are configured.
  • In the camera’s documentation. Check the camera’s user manual for information about the RTSP requests that the camera understands.
  • On a third-party web site such as SoleraTec or iSpy, both of which host databases of common cameras and their RTSP requests.
  • By contacting the camera’s manufacturer directly. The better companies will readily supply this information.

Example

The setup procedure in SecuritySpy is best shown by an example:

  • You have a camera on your network at the IP address 192.168.1.50 (cameras can be set up on your network like this)
  • Its username and password are both “admin”
  • You have discovered that the RTSP URI for your camera is rtsp://192.168.1.50/video_h264

Here’s how you would set this up in SecuritySpy:

Caveats

In our experience, here are some things that might go wrong:

  • The standard network port for RTSP is 554, and this is what SecuritySpy uses if you leave the port boxes empty. However, a minority of cameras (most notably from ACTi and Foscam) use different ports for their RTSP communication. This information should be shown in the camera’s web interface and documentation.
  • In rare cases, some cameras send MPEG-4 or H.264 video that is incompatible with QuickTime (QuickTime is used by SecuritySpy for video decompression). If you get a green or distorted video feed, this is probably the case.
  • In rare cases, a camera might send a non-standard RTSP stream which SecuritySpy cannot decode. In this case you will get a blue screen with a cross in the middle. In this case, please email us and attach SecuritySpy’s log file (located in your ~/Documents/SecuritySpy/ folder) so that we can look into it.
  • Make sure that you do not have Perian installed on your computer, as this could cause the decompression of H.264 video to fail.
  • Sometimes cameras don’t use a request string, in which case you would need to leave the Request box empty in the above window.

Let us know!

If you have had success with a camera that is not on our list, please email us and let us know the details, so that we can add the camera to our list.

 

Tagged , , , ,
Feb 19 2013
1 Comment
SecuritySpy

Comparison of Streaming Formats

The latest version of SecuritySpy supports new streaming formats which significantly enhance compatibility with new and existing network cameras. The following information about these formats will be useful when making purchasing decisions and setting up video surveillance systems based upon SecuritySpy.

Network Streaming Protocols
There are two main protocols used for carrying video and audio data over IP networks: HTTP and RTSP. Using these protocols, it is possible to transmit video and audio in various compression formats (JPEG, MPEG-4, H.264, AAC etc.).

HTTP is the foundation of communication of the World Wide Web, used for transferring web pages and other associated files between web servers and clients. HTTP has long been established as a method of transmitting JPEG video streams – based on a data streaming method invented by Netscape in 1998, and since then adopted as an unofficial standard and supported by most web browsers. This is the primary format upon which SecuritySpy has been built, prior to version 3.0.

1998 was apparently a good year for video streaming, because it was also the year that the RTSP protocol was invented. While HTTP is designed for general web content, RTSP is designed specifically for media streaming. Unlike HTTP, RTSP is not limited to carrying just JPEG video data; it can conceivably carry video and audio of any compression format.

Despite the long-standing availability of RTSP as a standard, it has only been relatively recently that it has become widely employed in network cameras. For many years, the processing capabilities of network cameras was not good enough to produce the more CPU-intensive compression formats MPEG-4 and H.264, so manufacturers tended to stick to the simplest format with the widest web-browser compatibility, which is JPEG-over-HTTP. But now, with improvements in embedded processing capability, and customer demand for more sophisticated and mobile-friendly compression formats, there has been an explosion in MPEG-4-over-RTSP and H.264-over-RTSP implementation in network cameras.

One drawback of RTSP is the fact that it operates on a different port to HTTP (554 compared to 80), and that it is sometimes blocked by proxy servers and firewalls. In response to this, Apple have described a method for tunnelling RTSP data within an HTTP connection, which resolves these issues. This method, called RTSP tunnelling or RTSP-over-HTTP, is supported by many network cameras, and I would expect its use to become more dominant especially now it has been endorsed by the ONVIF standard.

In response to this changing landscape, SecuritySpy now supports the following formats:

HTTP
Video: JPEG, JPEG 2000
Audio: PCM, G.711 (µ-law and a-law), G.726

RTSP / RTSP-over-HTTP
Video: JPEG, MPEG-4, H.264
Audio: PCM,  G.711 (µ-law and a-law), G.726, AAC, AMR

This covers the vast majority of formats that are produced by modern network cameras.

Which format is best?
When making decisions about which video compression format to use (JPEG vs. MPEG-4 vs. H.264), it is important to bear in mind that one is not necessarily “better” than the others; they all have their advantages and disadvantages.

MPEG-4 and H.264 differ significantly from JPEG in that they are both temporally compressed formats; that is the video sequence comprises one key frame, which encodes one entire image, followed by multiple P-frames (delta frames), which encode only changes in the image since the previous frame. This strategy results in a much lower data rate compared with JPEG encoding, especially for video surveillance footage where the majority of the image often remains the same. The more P-frames that exist between the key frames (the key frame rate, somtimes called the GOV length), the lower the data rate will be.

There is often an impression that MPEG-4 and H.264 are therefore “lower quality” formats compared to JPEG, due to this extra temporal compression, however this is not the case: SecuritySpy provides an adjustable quality setting for each format, at the lower end of which the image will look quite degraded, but at the higher end of which the image will be indistinguishable from the original uncompressed image. At all points where the quality of the JPEG video compared to the MPEG-4/H.264 video is perceived to be the equivalent, the data rate of the MPEG-4/H.264 video will be much lower than the JPEG video. As a (very) rough rule of thumb, the data rate of MPEG-4 is around a fifth of that of JPEG video, and the data rate of H.264 is around half that of MPEG-4, at equivalent perceived quality.

H.264 achieves this extra saving by employing B-frames in addition to P-frames, which depend not only on the previous image in the sequence, but on the next image. As you can imagine, this increase in complexity has costs in terms of processing power required to encode and decode the data.

So, SecuritySpy can receive incoming JPEG, MPEG-4, or H.264 video data, and can additionally be set to save that data to disk directly, without any further encoding, or it can re-encode the video to JPEG, MPEG-4, or H.264 formats. This gives users ultimate control over how the data is processed and saved. Here are the main considerations you need to bear in mind:

Disk space for captured files
Saving JPEG data results in the largest files; H.264 the smallest. If you have no need to transmit the captured files over the internet, it is best to implement a large storage capacity (large-capacity hard disks are inexpensive these days), and have SecuritySpy receive and directly save JPEG data to disk. JPEG is the quickest format to process, resulting in the lowest CPU utilisation and therefore the highest performance (in terms of the total number of frames per second that SecuritySpy can process from all cameras).

If SecuritySpy is receiving JPEG data from a camera, but you need small captured file sizes, it is best to set SecuritySpy to encode this data as MPEG-4 (H.264 can also be used, but it is only viable for a small number of cameras due to its very high memory and CPU requirements).

CPU usage
Saving the incoming data directly to disk without re-encoding typically results in the lowest CPU usage and highest quality possible. If SecuritySpy is receiving MPEG-4 or H.264 data from a camera, it makes sense to save this data directly to disk without re-encoding. However, there are a two disadvantages in doing this. The first is that SecuritySpy cannot modify the images in any way, so it cannot apply a text overlay (date and time) or transformation (rotation or flipping), or change the compression quality. Therefore all such settings must be set in the camera itself, not SecuritySpy. Secondly, for MPEG-4 and H.264 data, being temporally compressed, SecuritySpy cannot change the frame rate of the video; all video capture must be at whatever rate is being supplied by the camera.

Hence with temporally-compressed formats such as MPEG-4 and H.264, SecuritySpy must decode/use every single frame in order to maintain the integrity of the video stream. With JPEG data however, SecuritySpy need decode/use only those frames that are required by the current conditions and can safely ignore those that aren’t (this is another reason why processing JPEG data generally requires less CPU power than MPEG-4 or H.264). Furthermore, if the computer becomes overloaded and has to discard frames, JPEG captures will slow down but otherwise be unaffected, but MPEG-4 and H.264 captures will be come corrupt (for the period until the next key frame), therefore, when using these formats, it is very important to make sure the computer is not overloaded.

Audio
Compared to video streams, the data rate of audio streams is generally much lower, so which audio format to choose is a much less important consideration. Network cameras typically supply one channel of audio (mono) and use a sample rate of 8kHz, which satisfactorily encodes speech at a low data rate.

PCM data is basically uncompressed, so will result in the highest data rate. G.711 uses a very fast encoding scheme that reduces this data rate by a factor of two without losing too much quality. G.726, AMR and AAC offer the lowest data rates of the bunch (albeit with higher CPU usage), but while G.726 and AMR are limited to low-fidelity audio (they were primarily designed for encoding speech for telephone networks), AAC is capable of high-fidelity audio, so is the best choice when quality is the primary consideration. I would generally recommend setting SecuritySpy to capture the audio from the camera directly to disk with no re-encoding, except when the incoming audio data is PCM, in which case I would use G.711 compression in SecuritySpy due to its low CPU usage.

Conclusion
It is difficult to speak in general terms because there is so much variation in customers’ requirements and budgets, however if I were to set up a general-purpose video surveillance system, I would use the following:

  • Employ cameras capable of sending H.264 video data over RTSP (plus audio in any format).
  • Set up a text overlay of the date and time in the camera itself (ideally linked to a network time server for accuracy).
  • Set up the correct frame rate for the video in the camera itself (around 10fps, with a key frame rate of 15-30).
  • Set SecuritySpy to receive these H.264 streams, and record them directly to disk.
  • Test the system to make sure the computer can comfortably handle the incoming video; if it’s overloaded, reduce the frame rates in the cameras.

I hope this post helps to make sense of what can be a complex topic. Please email us with any questions.

Tagged , , , , , ,
Oct 23 2012
2 Comments
SecuritySpy

Setting Up SecuritySpy Over SSL

Secure Sockets Layer (SSL) is a cryptographic protocol that provides secure communications on the internet. It uses two keys to encrypt data: a public key and a private key. URLs that require an SSL connection start with https:// insead of http:// and operate on port 443 instead of 80 by default. SSL increases security as it makes it impossible for someone intercepting the stream of data to decode any information from it.

SecuritySpy does not have built-in support for SSL, however Mac OS X comes with Apache, a fully-featured and powerful web server, that can be used to set up the secure communication between the internet and SecuritySpy. In this way, Apache will be acting as a secure “reverse proxy” web server for SecuritySpy. This post describes how to set this up.

These instructions describe how to set up SSL using “self-signed” certificates. This allows you to get everything up and running, however for a proper installation you should ideally obtain a certificate from a Certificate Authority (such as Verisign or Thawte). A Certificate Authority is a trusted entity that confirms to whomever is connecting to your web server that you are who you say you are. This is only really applicable for web servers available to the general public, and a self-signed certificate is appropriate for when the server will be accessed by you or your employees or agents, as in this case there is no doubt about the server’s authenticity.

Although we have made every effort to make this guide easy to follow, this is a complex setup that requires use of the Terminal and editing of Apache configuration files, so is not for the novice user. This guide assumes that you have already set up the web server feature of SecuritySpy and are familiar with concepts such as dynamic DNS, port forwarding, and IP addressing on local networks.

For editing the configuration files, we highly recommend TextMate – this is a flexible and user-friendly editor that will make editing these files easy. You will also need to use the Terminal application, which is in your Utilities folder within your Applications folder.

These instructions are suitable for Mac OS X versions 10.5 through 10.8.

Step 1: Create a Certificate Authority (CA) certificate

In Terminal, type (or copy-and-paste) the following commands, each followed by a return:

mkdir ~/Documents/myssl
cd ~/Documents/myssl
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

These commands create a myssl folder in your Documents folder, a RSA key file, and a Certificate Authority certificate. You will be asked for some details about you (as the certificate authority), and for a passphrase – use something simple and memorable; it doesn’t have to be secure.

The Terminal output for this step will look something like this:

Create Certificate Authority Certificate

Step 2: Generate a private key for the web server

In Terminal, enter the following commands, each followed by a return:

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr

This creates a server key file.  It will ask for some details about you (as the server administrator). The vital thing here is, when it askes you to enter the Common Name, you must enter the host name (or IP address) of your server as a client would connect to it over the internet. For example, if you have a Dynamic DNS name set up for accessing your server over the internet called myserver.viewcam.me, this is what you enter here. It may also ask you for a challenge password and optional company name - just leave these blank.

The Terminal output for this step will look something like this:

Create Private Key

Step 3: Sign the server key with your CA certificate

You need to download the latest mod_ssl, locate the sign.sh file from the pkg.contrib folder, and place it in your ~/Documents/myssl folder.

Back in the Terminal, enter:

chmod +x sign.sh
./sign.sh server.csr

You will be asked for the passphrase for the ca.key file that you created above. For the questions Sign the certificate? and commit?, type y and enter.

Step 4: Remove the passphrase requirement from the server key file

This step is required so that Apache can read the private key without you having to manually start Apache from the command line with the passphrase every time you need to enable the web server. In Terminal, enter:

cp server.key server.key.original
openssl rsa -in server.key.original -out server.key

You will be asked for the passphrase that you initially specified for the server.key file.

Step 5: Configure the Apache web server for SSL

Now we have all the files needed to enable SSL in Apache. In the Finder, choose Go to folder from the Go menu and type /etc/apache2/ – this is where all the Apache configuration files reside:

Go To Folder

Firstly, copy the server.crt and server.key files from ~/Documents/myssl/ into this folder.

Next, open the httpd.conf file in TextMate (before doing this it is good practice to create a backup of this file before making any changes, in case you need to revert to it). These are the changes you need to make to this file:

• Locate the ServerName parameter and set it to the external host name (or IP address) of your server. Remove any # character from the start of the line

• Locate the line Include /private/etc/apache2/extra/httpd-ssl.conf and remove any # character from the start of this line

• Locate the line LoadModule ssl_module libexec/apache2/mod_ssl.so and remove any # character from the start of this line (Mac OS X 10.7 and above)

• Save the file (TextMate will ask if you want to overwrite the existing file, which you do)

Finally, open the httpd-ssl.conf file within the extra directory (again you should make a backup first). Make the following changes:

• Locate the ServerName parameter and set it to the external host name (or IP address) of your server, and remove any # character from the start of the line

• Locate the SSLCertificateFile parameter and set it to “/private/etc/apache2/server.crt” (with quotes), and remove any # character from the start of this line

• Locate the SSLCertificateKeyFile parameter and set it to “/private/etc/apache2/server.key” (with quotes), and remove any # character from the start of this line

• Scroll to the bottom of the file, and just above the “</VirtualHost>” tag, add these two lines:

RewriteEngine On
RewriteRule ^/(.*) http://127.0.0.1:8000/$1 [P]

• Save the file

Step 6: Test it

Everything is now set up. Go to System Preferences, click on Sharing, and enable Web Sharing –  this starts the Apache web server. If web sharing was already enabled, you need to disable it and then enable it again to restart the web server (if it does not start, check the Console for errors – probably there is some mistake in the configuration files you edited above). Make sure SecuritySpy is open, and then open Safari and enter:

https://127.0.0.1/

Note that this URL starts with https and not http. The IP address 127.0.0.1 is what is called the “loopback” address that refers to “this computer”. You should get a warning about the certificate being invalid because of a host name mismatch. This is because the address that you are using to access the server (127.0.0.1) is different from the address that you specified in the server certificate. This error will not occur when accessing the web server from the internet using the proper host name (although the client will get a warning that the certificate was signed by an unknown authority). Simply click the Continue button to ignore the warning and enter the secure site. You should see the SecuritySpy web interface with a padlock to the left of the address bar (or the top right of the Safari window, depending on your version of Safari), indicating a secure connection.

Step 7: Set up port forwarding

The final step is to set up port forwarding in your router to the computer on port 443 – this is the port used by HTTPS. Then you will be able to access SecuritySpy securely from the internet.

May 11 2012
Leave a comment
SecuritySpy

Protecting Yourself from Server Outages

When your SecuritySpy system is running autonomously at a remote location, there are a number of measures you can put in place to help ensure reliable operation, and to remotely control it if necessary, avoiding the need to physically visit the site to resolve any problems. Problems that may occur include computer crashes and router problems. Although such problems are rare, it is a good idea to implement some or all of the below suggestions, especially if the site is far away and a visit in person would be inconvenient.

This document assumes you have already set up your SecuritySpy system for remote viewing, so you are already familiar with concepts such as dynamic DNS, port forwarding, and IP addressing on local networks. For the purposes of this document, the computer running SecuritySpy is the server computer, and any computer used to connect to it in the ways described below is the client computer.

1. Energy Saver Settings

Open System Preferences on the server computer and click on Energy Saver:

Turn on the option “Restart automatically after a power failure”. This is the most important option here. If the power is cut to the computer for any reason, the computer will automatically turn on and boot up when the power is restored. Make sure that SecuritySpy is set to open automatically after the computer starts (right-click on the SecuritySpy icon in the Dock and enable the Open at Login option).

Turn off the option “Allow power button to sleep the computer”. This will prevent the computer going to sleep if the power button is pressed.

Click the Schedule… button and set the computer to wake up every day (at any time). This is a backup that is useful if for any reason the computer is shut down.

Note that all desktop Mac computers have a “PRAM” battery that is responsible for retaining settings such as the time and date, as well as the above energy saver settings, when the computer is switched off. If the PRAM battery is dead, the computer will not be able to restart automatically in the event of a power failure. Therefore it is a good idea to change the battery every two years or so to avoid this problem. You can tell if the battery is dead by switching the computer off, unplugging the power cable, waiting for a minute, and then powering on the computer on again. If it gives you a warning about incorrect date and time settings, you know that the PRAM battery is dead and needs replacing.

2. Screen Sharing

Open System Preferences on the server computer, click on Sharing and enable “Screen Sharing”:

Screen Sharing allows you to view and control the server computer directly from the client computer through a window that represents its screen. The server computer can be running Mac OS X 10.4 (“Tiger”) or later, but the client computer must be running Mac OS X 10.5 or later for built-in support of this feature.
To access Screen Sharing over the internet, you will need to set up port forwarding to the server computer on port 5900. If the server computer is running Mac OS X 10.4, this feature is also present in the Sharing system preference, but is called “Apple Remote Desktop”.

To connect to the server computer from the client computer, open the Screen Sharing application that is located at /System/Library/CoreServices/ and it will prompt you for the address of the server computer (you could make an alias of this application in a more convenient place if you like).

3. Remote Login (SSH)

Open System Preferences on the server computer, click on Sharing and enable the Remote Login option (see screenshot above).
This allows you to log in from the client computer using the Terminal application and control various things – in this way it is an alternative to (or a backup for) Screen Sharing but requires much less bandwidth so it is useful for situations with slow internet connections. To access SSH over the internet, you will need to set up port forwarding to the server computer on port 22.
To log in remotely from the client computer, open Terminal (which is in your /Applications/Utilities/ folder), and type:
ssh user@ipaddress
where user is the name of the admin account on the server computer, and ipaddress is the IP address or domain name of the server computer’s internet connection. You will be asked for the password for the account you are logging into.
Here are some useful commands for the purposes of remote administration:
ls
Displays a directory listing for the directory that you are currently in. When you first log in, the current directory will the the user folder.
cd ..
Navigates up one directory level.
cd foldername
Navigates into the directory called foldername.
top
Displays a list of current processes along with the processor time being used by that process. Press q to quit top.
man
Displays a manual page for any command. For example “man top” tells you about top. Press q to quit man.
osascript -e ‘tell app “securityspy” to quit’
Sends an AppleScript command to quit SecuritySpy.
kill 235
An alternative to the above, terminates the process with PID 235. The PID for a particular process can be obtained from top. It is better to use the AppleScript command above as it allows the process to perform any tasks that it needs to before terminating.
kill -9 235
This is a “non-ignorable kill” for process 235, equivalent to a force quit. Useful if the process in question is not responding.
open /applications/securityspy.app
Opens SecuritySpy, as if it were double-clicked in the Finder.
sudo reboot
Reboots the computer (you will be asked for the administrator password before this command will be executed).
exit
Ends the ssh session.

4. File Sharing

Open System Preferences on the server computer, click on Sharing and enable the File Sharing option (see screenshot above – this option is called “Personal File Sharing” on Mac OS X 10.4). This allows you to upload new versions of software to the server computer. To access file sharing from the internet you will have to set up port forwarding to the server computer on port 548.
To install a new version of SecuritySpy on the server computer remotely, you would do the following on the client computer:

  • Open Terminal and log in to the server computer using ssh
  • Quit SecuritySpy by typing osascript -e ‘tell app “securityspy” to quit’
  • Connect to the server computer by file sharing: in the Finder, select Connect to Server… from the Go menu, and type in the IP address or domain name of the remote site. Log in with the administrator account and choose the server computer’s hard drive in the list of share points.
  • You will now have the server computer’s hard drive available under the “Shared” section in any Finder window (Mac OS X 10.5), or mounted on your desktop (Mac OS X 10.4). Open it, navigate to the Applications folder, and copy the new version of SecuritySpy across, replacing the old version. Then unmount the drive by clicking the eject icon next to the drive in the Finder window (Mac OS X 10.5), or dragging it from your desktop to the trash (Mac OS X 10.4).
  • In Terminal again, open SecuritySpy by typing open /applications/securityspy.app

5. Power Management Device

The only thing that will help in the rare event of a total server computer crash is an IP-addressable power management device. Several of these devices exist – a good low-cost example is the Dataprobe iBoot:

Dataprobe also make the iBootBar, which has multiple power adapters that can be controlled independently.

So to restart the server computer remotely you would log in to the device using a web browser, cut the power to the computer, wait for ten seconds or so, and then restore the power again. The computer will turn on automatically (due to the settings in Energy Saver described above).

Routers are generally reliable devices, however it is not uncommon to a have a router that stops working every now and then and requires resetting by turning off and on. A solution to this is to connect the router to a standard timer switch which can be obtained cheaply from most electronics/hardware stores. Set the timer switch to turn off and then on one minute later, every week at midnight.

 

Jan 04 2012
Leave a comment
SecuritySpy

USB Cameras and SecuritySpy

We typically advise against using USB cameras with SecuritySpy. This is partly due to their general low video quality and short cable length, but also due to bandwidth limitations on the USB bus making it difficult to use multiple USB cameras at the same time. However, we understand that they can be an attractive option in some situations due to their low cost and simple plug-and-play connection to the computer. Therefore, a USB camera can potentially be a cheap and useful addition to a video surveillance system in certain circumstances.

One USB camera will use most of the bandwidth on a USB bus (this is because USB cameras use uncompressed video, as opposed to network cameras, which use compressed video). Therefore, it is not possible to use more than one camera on the same USB bus at full resolution.

Although Mac computers typically have more than one built-in USB port, they vary in how many USB busses they have. In some Macs, all the ports share the same bus, and therefore the same bandwidth. On other Macs there may be multiple busses. To see how many busses your Mac has, open the “System Information” app (“System Profiler” on systems before OS X 10.7) from your /Application/Utilities/ folder. Click the “System Report” button, and locate the USB section on the left side of the window:

The above system report is for a late-2009 Mac Mini. This computer has five USB ports, and as you can see, it actually has four separate USB busses. The first bus powers the built-in IR Receiver and USB port number 2; the second bus powers the built-in bluetooth controller; the third bus powers USB ports number 3 and 4; and the fourth bus powers USB ports 1 and 5. Note that there is no way to tell from the above information which busses power which ports! You either have to find out this information online or through trial and error. Note also that only the second two busses are “High-Speed”, i.e. USB 2.0. The first two are USB 1.1 busses, which are much slower (useful for bluetooth, keyboards, mice and other low-bandwidth devices only).

So, with the above computer, if you wanted to use two USB cameras, you would plug one into port 1 or 5, and the other into port 3 or 4, so that they are on separate high-speed busses. If you were to connect a camera to port 2, it would work poorly, or maybe not at all, because this port is on a USB 1.1 bus.

Similarly, if you use an external USB hard drive, this should be on its own high-speed bus for optimum performance. Therefore, in the above example, we have one camera using one high-speed bus, and one USB hard drive using the other high-speed bus.

If your computer has PCI slots (a Mac Pro for example), you can add extra USB ports using PCI cards. Note however that such cards typically have only one bus, and share this bus between all their ports, so it is likely that you will need one PCI card per USB camera.

Our advice remains: use network cameras, which don’t suffer the same limitations, and are designed for the purpose of video surveillance with typically far superior video quality. SecuritySpy supports a wide variety.

Tagged , , , ,
Oct 28 2011
2 Comments
SecuritySpy

Network Topology

Overseeing a new installation of a video surveillance system recently gave me some useful insights into network hardware and layout. The system is relatively high-spec, using Arecont AV2100 and ACTi ACM-1231 megapixel network cameras, with a Mac Mini as the recording computer (running SecuritySpy of course!). If you are unfamiliar with Arecont, they produce simple box cameras with unparalleled visual quality. ACTi cameras were chosen for other areas because they offer additional features such as infrared night vision and audio.

A high-performance switch was required, and a Netgear FS116 was chosen:

This switch supplies power-over-ethernet (PoE) on 8 of the 16 ports, which is supported by both models of camera mentioned above, simplifying the wiring installation.

From my experience, it is not worth economising on such items of network hardware. Netgear is a company with a long history of making high-quality reliable products. You may be tempted by alternative cheaper products from little-known manufacturers but it is generally a false economy. The above switch costs around GBP £150, a small price to pay for such a critical component.

The first setup of the system was laid out as follows:

As you can see, the router connects the Mac Mini and the main switch – the router basically contains its own internal hub/switch that provides four ethernet ports. This setup was chosen because of the close proximity of the router and Mac Mini (therefore easier wiring), and also to implement as short a route as possible from the Mac Mini to the internet. As well as managing the video surveillance system, the Mac Mini is providing some important web server functionality to the internet, and the above layout means that a failure of the main switch would not cause an outage of these functions.

However, this setup was plagued with problems. There were frequent timeouts and disconnections in the communication between the Mac Mini and the cameras. Troubleshooting revealed that the problem was down to the router’s internal hub. As you can see from the above diagram, the traffic from the cameras has to pass through the router to get to the Mac Mini, and apparently the router’s hub wasn’t up to the task. This underlines the point made above about only using high-quality networking hardware – a point apparently ignored by router’s manufacturer. So, the topology was changed as follows:

Now, the Mac Mini connects directly to the main switch. The traffic from the cameras goes straight through the main switch to the Mac Mini, and the router doesn’t see any of this traffic. Since the change, performance has improved and reliability has been flawless.

The above switch works at “fast ethernet” speeds, up to 100Mbps. This works well for the system described above, which has only four cameras. With more cameras, this speed limitation may start to impact on performance (depending of course on the cameras’ resolutions and your desired frame rates). The solution is to to use a gigabit switch, which offers speeds 10 times that of fast ethernet. For this I would recommend the Netgear FS728:

As well as 24 fast ethernet ports (all of which provide PoE), this switch offers four gigabit ethernet ports, one of which you would use to connect the computer. This removes the speed limitation and will allow you to connect many more cameras without any problems of network bandwidth. In addition, this is a managed switch, so has a web interface that has some useful statistics as well as other features such as cable tests – very handy for troubleshooting network connections.

Oct 28 2011
19 Comments
News

New Blog

This blog has been set up to provide information relevant to users of our Macintosh video-related software. In particular we will cover topics relevant to video surveillance system setup, equipment and software usage. Please feel free to suggest topics for us to cover.