This guide summarizes high-level design recommendations and best practices for implementing Cisco Video Surveillance on the following platforms:
Cisco UCS B- and C- Series platforms
Cisco UCS Express and E- Series platforms on the Integrated Services Router Generation 2 (ISR G2)
Note This guide does not describe the configuration and operation of the Cisco Video Surveillance (Cisco VSM) products or the deployment of the Cisco VSM virtual machine images on the Cisco UCS platforms. For more information on these subjects, see the “Related Documentation” section.
In some instances, existing network equipment and topologies have the necessary configuration and performance characteristics to support high-quality IP video surveillance. In other instances, network hardware might require upgrading or reconfiguration to support increased bandwidth needed to support video.
Figure 1 represents a virtualized VSM application running on a UCS B- and C- Series platform.
Figure 1 Cisco IP Video Surveillance on UCS B- and C- Series Platforms
Figure 2 displays the Cisco ISR G2 platform integrating Cisco Video Surveillance on the UCS Express and E- Series platforms. This solution uses a single network access device for remote sites.
Figure 2 Cisco ISR G2 With the UCS Express and E- Series Platforms Integrates Video Surveillance on Single Network Access Device for Remote Sites
Design Recommendations for Deployment Models
A typical IP video surveillance deployment in an enterprise network consists of one or more campus locations running a Cisco Video Surveillance Media Server and a Video Surveillance Operations Manager on an Intel-based Linux Enterprise Server OS (Cisco Physical Security Multiservices Platform or Cisco UCS Platform).
Deploy Cisco VSM on UCS Express or E-Series platforms only if you plan to record up to 32 streams 1 M or 15 streams @ 2 M or 7 streams @ 4 M.
– For the UCS Express, consider dedicating the entire SRE 9xx for video surveillance.
– UCS Express or E-Series platforms are deployed on the Cisco Services Ready Engine (SRE) with ESXi running a video surveillance virtual machine (VM). The VMs can run the Cisco Video Surveillance Media Server and Video Surveillance Operations Manager software.
Locations with more than 32 video surveillance cameras can be deployed on standalone hardware or the UCS C-Series server running a video surveillance virtual image.
For enterprise-level deployments, we recommend to use the UCS B-Series servers in the data center.
In cases where implementing cameras is the only requirement, it may be practical to transport the camera feeds across the WAN for archiving. However, in most deployments, local storage is necessary due to the bandwidth required and the bandwidth costs.
A typical enterprise deployment consists of one or more campus locations running the Cisco Video Surveillance Media Server.
Branch offices and teleworker locations may view and administer the video surveillance system
External users and external organizations can also access the system using an Extranet or the public Internet and a web browser.
Figure 5 illustrates the topology and application services deployed in an enterprise-wide implementation of IP-based video surveillance.
Figure 5 VSM Deployment Models
The branch locations are connected to the enterprise campus by WAN technologies, including Metro Ethernet, private line, the public Internet, or a Layer-2 or Layer-3 Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) deployment. With a Layer-2 MPLS deployments (Pseudowire), IP cameras can be Ethernet-attached to a remote switch and can transport images through the carrier network, provisioned and managed by the Video Surveillance Operations Manager, either at a branch location or a central location. Branches attached through a Layer-3 MPLS network, leased line, or over the Internet can support viewing stations and IP cameras that can be managed by either the campus or branch deployment.
Cisco technologies, such as Dynamic Multipoint Virtual Private Network (DMVPN), can be overlaid on to the WAN transport to provide data privacy and authentication by way of IP security (IPsec) encryption. To ensure the prioritization of voice, video, and mission-critical applications over the WAN, QoS is deployed on the WAN. Where multiple WAN links exist, Performance Routing (PfR) can be enabled to provide intelligent path selection and the ability to route around brownouts and transient failures, thereby enhancing what can be provided by traditional routing protocols, such as the Enhanced Internal Gateway Routing Protocol (EIGRP).
The decision as to whether a specific environment should implement the Cisco Video Surveillance on UCS Express or E-Series platforms at a branch location and archive data at the branch—or provision cameras off the campus implementation of the Cisco Video Surveillance Manager—depends on the number of cameras, the resolution, frame or bit rate of the camera, quality factors of the cameras, and the bandwidth cost and availability at the remote locations.
WAN is used to connect different LANs and typically includes a broad geographic area. WAN services are leased from service providers who provide different speeds and connectivity options.
Figure 6 illustrates how a remote branch office relies on the connectivity provided by a WAN service provider.
Figure 6 Service Provider Network
Deploying a video surveillance solution through a WAN environment presents challenges that are not typically seen in a LAN. In a LAN environment, it is common to see 1 Gbps and 10 Gbps of bandwidth, while in a WAN environment, most connections are less than 10 Mbps; many remote connections operate on a single T1 (1.544 Mbps) or less.
These inherent bandwidth constraints require careful evaluation of the placement of cameras and Media Servers, and how many viewers can be supported at remote sites simultaneously. By using child proxies, bandwidth requirements can be reduced to transport video streams across WAN connections.
The placement of recording devices also becomes important. The video can be streamed to a central site using lower frame rates or resolution, but another attractive alternative is to deploy Media Servers at the remote sites and stream the traffic using the LAN connectivity within the remote site.
A point-to-point or leased line is a link from a primary site to a remote site using a connection through a carrier network. The link is considered private and is used exclusively by the customer. The circuit usually is priced based on the distance and bandwidth requirements of the connected sites.
Technologies, such as Multilink Point-to-Point Protocol (PPP), allow several links to be bundled to appear as a single link to upper routing protocols. In this configuration, several links can aggregate their bandwidth and be managed with only one network address. Because video surveillance traffic requirements tend to be larger than other IP voice and data applications, this feature is attractive for video surveillance applications.
Hub-and-spoke, also known as star topology, relies on a central site router that acts as the connection for other remote sites. Frame Relay uses a hub-and-spoke topology predominantly due to its cost benefits, but other technologies, such as Multiprotocol Label Switching (MPLS), have mostly displaced Frame Relay.
Example 1—Network Bandwidth Usage
Figure 7 and Figure 8 illustrate a simple scenario with two sites. Each site has a Media Server and each is the direct proxy for an IP camera. Three video monitoring workstations are active in Site A and each IP camera generates 1 Mbps of network traffic.
Two monitoring workstations display video streams from Camera 1 and Camera 2, while one monitoring workstation displays three video streams: two streams from Camera 1 and one stream from Camera 2. The network bandwidth required to display video streams for Camera 2 in Site A is relatively small for a LAN environment, but the traffic from Camera 1 can be significant for WAN environments because four different 1 Mbps streams must traverse the WAN locations.
Figure 7 UCS B- and C- Series: Network Bandwidth Requirements
Note For simplicity, the Operations Manager has been removed from Figure 7 and Figure 8.
Figure 8 UCS Express and E- Series: Network Bandwidth Requirements
Example 2—Sites with Remote Storage
Figure 9 and Figure 10 display how Media Servers can be deployed at different WAN locations to minimize the bandwidth requirements. By deploying the Media Servers close to viewers and edge devices, the network traffic remains local to each site. Archiving video streams at each location is also an attractive solution to minimize the network traffic between sites.
In this example, Site A and Site C have Media Servers acting as direct proxies and archives for the IP cameras. Because both sites archive and distribute video to the monitoring workstations locally, the network traffic remains local to each site.
Site B can function without a local Media Server, but all video streams must traverse the WAN connections. Because Media Server A is the direct proxy for Camera B, the 1 Mbps stream must reach Media Server A before reaching any monitoring workstation. A total of 3 Mbps would be required for both monitoring workstations in Site B to receive video from Camera B.
Figure 9 UCS B- and C- Series: Sites with Remote Storage
Figure 10 UCS Express and E- Series: Sites with Remote Storage
Example 3—Distributed Media Servers
Figure 11 and Figure 12 display a deployment with several remote sites, each with a local Media Server acting as the direct proxy and archive for local IP cameras. In this scenario, all recording occurs at the remote sites and live video streams are viewed by OM viewers and VM monitors (video walls) at the headquarters.
The Media Server at the headquarters could also have Parent-Child proxies to each remote Media Server and request the remote streams only when required at the headquarters. This would have less bandwidth impact when the same stream is requested by more than one viewer because the traffic would be contained locally in the headquarters LAN.
Figure 11 UCS B- and C- Series: Distributed Media Servers
Figure 12 UCS Express and E- Series: Distributed Media Servers