Starting with BVMS v10.0, you can leverage VRM Encryption Technology.
Compatibility requirements are as follows:
Video Devices that do not meet the prerequisites defined above, or were produced prior to 2014, can be encrypted utilizing VSG
Data encryption on iSCSI storages
Supported Clients: VSC, BVMS v10 and Higher
The VRM iSCSI encryption process happens in several phases and utilizes two sets of keys:
When cameras are added to the VRM configuration
The Camera will encrypt all of it’s “Blocks” with its own dynamically generated Symmetric Keys:
The Camera’s “Symmetric Key” that was used to encrypt the block is then:
VRM performs the playback function by retrieving the camera’s Symmetric Key that was encrypted with its “Public Key”, and stored in the block.
When a VRM service starts for the first time, it will auto generate a self signed “Recording” Certificate (REC1)
All capable video devices that are added to the VRM are automatically given the VRM’s static “Public” key:
VRM encryption cannot be initially started until a “Backup” of the of its Private “REC1” key is made!
In the Devices Tree highlight the system’s VRM. Navigate to the “Service” menu tab and the “Recording encryption” submenu:
You will receive a “Create redundancy key pop-up menu
You will receive a key menu similar to the Micro CA
The backup key will be saved as a PKSC12 File (PXF) which will contain the Private Key and X.509 Certificate
After a Redundancy key has been created you will now have access to the “Enable encrypted recording” checkbox.
Similar to the Certificate Store in the Cameras and the Micro CA in Configuration Manager, VRM has a “Certificates Page” ( Services and Certificates menu).
Because the Workstation setting of direct playback from storage will not function if dealing with encrypted video, this setting is automatically ignored if configured:
If there is a VRM failure and a new installation has occurred:
Nice to know: