Security: Video

The attached document describes the settings you must perform after having installed BIS and BVMS on the different computers. Ensure that the installations of BIS Server and BVMS Management Server were performed successfully on separate computers. Additionally you must have purchased and activated an OPC Server License for BVMS.   The document can be found in the attachments section on the bottom of the page or the right side of the page.  Please look for the attachment icon.

Question How can I protect my security system, from an IT security perspective? Answer The attached document explains how the security system can be hardened. Additionally the BVMS - Network Design Guide includes best practices for desgning a secure network.  

Question What is the decoding performance of BVMS? How many cameras can I open on the screen before the systems is overloaded (and frames are being dropped)? Answer The BVMS client performance overview is attached to this article and shows, based on several workstation configurations and a specific BVMS version, how many cameras can be opened before the workstation is overloaded.

 Time is everything: meetings, public transportation, religion, transactions: the whole world is working because the concept of “time” exists. Within a security (or any other) system this is not different: recording schedules, logging, authorizations, encryption keys, timelines, all of these concepts can exist because of time. As a result, time can either make or break a system: problems can appear only due to a time difference of a couple of seconds between two system components. The attached document describes how time services can be configured in a BVMS environment.

The attached manual provides  information for Mobile Video Service (MVS) within Bosch Video Management System. You can find:  -  how to configure the router and Internet Information Service (IIS) - how to add MVS to BVMS - user guide - some troubleshooting tips

Related Products: BVMS / MVS / VSDK Overview: On request from development to provide a dump file from MVS system please follow the steps in the solution section. Solution: Reproduce the issue Download the Microsoft debugger procdump (https://technet.microsoft.com/en-us/sysinternals/dd996900.aspx). The procdump tool is also attaced to the article https://community.boschsecurity.com/t5/Security-Video/How-To-create-BVMS-memory-dump/ta-p/7326?advanced=false&collapse_discussion=true&filter=includeTkbs,location&include_tkbs=true&location=tkb-board:bt_community-tkb-video&q=dump&search_type=thread  When application is crashing, do not click any buttons on the appeared error window that will change the program state. Run the procdump.exe from the directory where you copied the tool with following command line (Start - cmd): procdump.exe –ma <name of the programm exe> <dump file name>.dmp In the case of MVS you need to do that for all 4 MVS services: - Bosch.MVS.SourceProvider.BVMS.Service.exe - Bosch.MVS.DataStorage.Service.exe - Bosch.MVS.SourceProvider.MobileCamera.Service.exe - Bosch.MVS.Transcoder.Service.exe

Related Products: BVMS, application crash, memory dump This article lists the scenarios in which technical support normally request dump file from a BVMS system. It contains general guidelines how to create a dump file for BVMS system and provides links to more concrete articles, that correspond to particular issues and exact steps to create a dump. BVMS dumps are needed to troubleshoot the following types of issues: Application crashes – dump is expected to provide more information about the cause of the crash and its origin. Memory or handle leaks – dump is expected to point to their origins Deadlocks, freezes and hangs – dump is expected to point to their origins Recommended tool to create BVMS dumps. The recommended tool is Procdump. It is a command line tool which must be started from the command shell. Development provides couple of .bat files that start Procdump with predefined parameters and cover the most common dump creation cases. The tool as well as the set of .bat files are attached to this article: BVMS_DumpTools_V2.zip The batch file names follow a naming guideline: <Executable>_<Dump use case> , where <Executable> is one of: ConfigClient ConfigWizard OperatorClient ManagementServer ArchivePlayer ExceptionTest and <Dump use case> is one of SingleDump TwoDumps DumpOnException ActivatePostmortemDebugging There are 3 possible error scenarios and corresponding dump creation methods: Dump creation for reproducible crashes that trigger Windows Error Reporting Run the affected application/service (Operator Client, Configuration Client or Management Server Service) Reproduce the steps that lead to the crash Leave the Windows crash dialog open Run the corresponding batch file for creating a single dump: *_SingleDump.bat. E.g. run OperatorClient_SingleDump.bat to create a single dump of the Operator Client process. Provide support with the resulting .dmp file a description of the steps to reproduce the problem ConfigCollection Note: attached you can find a configured example for this scenario and application Operator Client - BVMS_OC_dump_onException.zip Dump creation for reproducible memory or handle leaks Run the affected application/service (Operator Client, Configuration Client or Management Server Service) Run the corresponding batch file for creating two dumps: *_TwoDumps.bat. E.g. run OperatorClient_TwoDumps.bat to create two dumps of the Operator Client process. Note that by default, the delay between the two dumps is set to one hour (3600 seconds). Depending on the magnitude of the memory leak, you might want to increase/decrease the delay. To do that, edit file *_TwoDumps.bat: replace value "3600" by a value that fits your needs e.g. a value of "7200" will create two dumps with a delay of two hours. Reproduce the steps that lead to the memory leak. Wait until the second dump was created. Provide support with the resulting two .dmp files a description of the steps to reproduce the memory leak a ConfigCollection Dump creation for crashes/hangs/freezes that are hard to reproduce Deactivate the restarting option for Operator Client / Configuration Client: To deactivate the restarting option for Operator Client / Configuration Client: edit ..\Bosch\VMS\bin\ConfigClient.exe.config or ..\Bosch\VMS\bin\OperatorClient.exe.config. Navigate to section <appSettings> add a new entry <add key = "DisableExceptionHandling" value="TRUE" />. Run ActivatePostmortemDebugging.bat Run the affected application/service (Operator Client, Configuration Client or Management Server Service) As soon as the issue appears, check whether the dump was created. Provide support with the resulting .dmp file description of the steps to reproduce the crash ConfigCollection Note: attached you can find a configured example for this scenario and application Operator Client - BVMS_OC_dump_Just-In-Time-Debuger.zip

 BVMS customers can download camera updates free of charge, in order to integrate approved, third-party cameras. BVMS scans for third-party cameras, automatically configuring motion and other key events; it also enables installers to configure the most important settings for third-party cameras from a single user interface, without the hassle of having to access the websites of other camera manufacturers. The attached files include a list of compatible cameras and the ONVIF mapping files for each specific BVMS version.

Related Products: BVMS SDK, BVMS    Overview: Analyzing BVMS systems with SDK components is a challenging task, because the functionality and the runtime behavior of those systems are harder to determine than for a BVMS systems without SDK functionality. In order to troubleshoot BVMS systems with SDK components support needs the following information and logging.   Please prove the following information to support. 1. Detailed description of the expected behavior of the SDK functionality. 2. Detailed description of the actual behavior of the SDK functionality. 3.SDK Components What type is the standalone SDK application (based on ClientSDK, ServerSDK, or CameoSDK) and on which machine is it running? Are there additionally client scripts, server scripts or workstation startup scripts? 4.SDK Interactions Do SDK components interact with remote Operator Clients? Do SDK components interact with the Operator Client UI? Do SDK components control devices? How often are client scripts triggered? How often are scripts triggered by BVMS event? 5.Environment Which shared resources are accessed by SDK actions? (Dome cameras, AMG, Operator Client UI) Do SDK components interact with an unreliable environment? (Unstable network, offline devices, offline PCs, etc.) Do SDK components properly handle offline situations? (offline devices, configuration changes, etc.)    Please provide the Scriplet and/or Log files The optimal approach is to provide both the scriplet and logging. ClientScript logfiles: can be found in the ConfigCollection of Operator Client machines. Make sure that logging is implemented in the script and that logging is activated in the configuration. ServerScript logfiles: can be found in the ConfigColletion of Management Server machines. Make sure that logging is implemented in the script and that logging is activated in the configuration.  

Related Products: BVMS SDK, BVMS    Overview: BVMS Scriptlets can be debugged via logging to a logger file or messaging to the Operator workstation. This article describes how to enable BVMS Scriplet logging. You can log to the Server Script log or the Client Script log. Logs are default send to C:\ProgramData\Bosch\VMS\Log   1.Creating Log files ClientScriptLogger – automatically created Creates file “ClientScriptLog.txt” ServerScriptLogger - automatically created  Creates file “ServerScriptLog.txt” 2.Log information to the log files There are 3 methods to log information: Log Info Log Error Log Debug   Examples: [Scriptlet("59c4d66e-9395-4dcc-8d27-90dc2b7a00c4")] public void DemoLogger() { //use refence:C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 MessageBox.Show("Hello World"); Logger.Info("Hello World script started"); Logger.Error("Hello World script started"); Logger.Debug("Hello World script started"); // Not writing to ClientScriptLog.txt ! } 3.Logging Location - C:\ProgramData\Bosch\VMS\Log. The logs are automatically collected by the BVMS Configuration Collection Tool. 4.Changing the location of the BVMS Scriplet Logging. Server Scripts : Logging Directory can be found in the file: C:\Program Files (x86)\Bosch\VMS\AppData\Server\CentralServer\BvmsLogCfg.xml and is defined by the ServerScriptLogAppender path: Default: </appender> <appender name="ServerScriptLogAppender" type="Bosch.Vms.Shared.Logging.Imp.RollingFileAppender, Bosch.Vms.Shared.Logging.Imp"> <file value="%CommonApplicationData%\\Bosch\\VMS\\Log\\ServerScriptLog.txt"/> Client Scripts : Logging Directory can be found in the file: C:\Program Files (x86)\Bosch\VMS\AppData\Client\OpClient\ApplicationWiring\Nvr\LogCfg.xml and is defined by the ClientScriptLogAppender path: Default: </appender> <appender name=“ClientScriptLogAppender" type="Bosch.Vms.Shared.Logging.Imp.RollingFileAppender, Bosch.Vms.Shared.Logging.Imp"> <file value="%CommonApplicationData%\\Bosch\\VMS\\Log\\ClientScriptLog.txt"/>            

Related Products: BVMS SDK, Cameo SDK, BVMS  Overview: Analyzing BVMS systems interaction with BVMS SDK based application is a challenging task. One needs to determine if the issue is based on wrong implementation of the BVMS SDK functionality, wrong programming practices, functionality and runtime behavior of BVMS system with SDK functionality or BVMS SDK issues. In order to troubleshoot BVMS SDK or Cameo SDK application support needs the following information and logging. Please prove the following information to support. 1. Detailed description of the expected behavior of the SDK functionality. 2. Detailed description of the actual behavior of the SDK functionality. 3. SDK Components What type is the standalone SDK application (based on ClientSDK, ServerSDK, or CameoSDK) and on which machine is it running? Are there additionally client scripts, server scripts or workstation startup scripts? 4. SDK Interactions Do SDK components interact with remote Operator Clients? Do SDK components interact with the Operator Client UI? Do SDK components control devices? Do SDK components link to 3rdParty devices or applications? 5.Environment Which shared resources are accessed by SDK actions? (Dome cameras, AMG, Operator Client UI) Do SDK components interact with an unreliable environment? (Unstable network, offline devices, offline PCs, etc.) Do SDK components properly handle offline situations? (offline devices, configuration changes, etc.)  Please provide source code and/or Log files The optimal approach is to provide both source code and logging for the problematic BVMS SDK application. If it is not possible to provide the code, we will start the troubleshooting process based only on the logging. 1.Source Code Provide a little sample application that illustrates the BVMS SDK issue and list the reproduction steps. 2.Logfiles Add log outputs to the SDK application functionality. The logs should illustrate which BVMS SDK functionality was called at which time. Provide the logs to support.   List of Typical Mistakes that are often seen when troubleshooting BVMS / Cameo SDK based applications Use of Thread. Sleep() in event handlers - Consequence: loss of events in customer SDK application. Implementations that are not thread safe - Consequence: unexpected SDK application effects Unintentional introduction of multithreading issues by using timers - Consequence: unexpected SDK application effects Application without "speed control" - Consequence: operator overload in case of high event frequency Lack of configuration change handling - Consequence: data inconsistencies in SDK application (access to no longer existing devices) Lack of traces/logging in SDK code - Consequence: not detected malfunctions and troubleshooting difficulties Lack of error tolerance in SDK code - Consequence: unhandled exceptions in SDK application / script Lack of exception handling - Consequence: SDK application crashes    

Question How can I migrate the full configuration (including server configuration and user settings) of a BVMS system from one server to another? (please note that, currently, the export mechanisms provided in the BVMS Configuration Client do not export the userdata. This is a known problem and being worked on. Until then this work-around should be applied). Answer Stop the BVMS Central Server service on the existing server from the Windows task manager or Services overview. Stop the BVMS Central Server service on the new server from the Windows task manager or Services overview. Copy the contents of the directory C:\programdata\Bosch\VMS\UserData on the existing server to the same directory on the new server (via the network or other media). Copy the "elements.bvms" file located in the directory C:\programdata\Bosch\VMS\ on the existing server to the same location on the new server (via the network or other media). Start the BVMS Central Server service on the new server from the Windows task manager or Services overview.

Related Products: BVMS Operator Client, BRS Overview: BVMS CS gets from BRS the camera states and the events. BVMS OC connects to BRS for camera live view and playback. The BVMS OC to BRS connection is DCOM based (BVMS CS to BRS connection - either web services or DCOM). Troubleshooting and information providing steps: 1. Connectivity issues between BVMS OC and BRS. We speak for BVMS OC to BRS connectivity issue when: BVMS CC scans the BRS and BVMS CS gets the camera states and events (red dot on camera icon when the camera is recording for example) but BVMS OC get no live view or playback from the BRS cameras.      Step 1.  Check if the cameras are correctly configured in BRS and that BRS itself gets live view and recording from the cameras Step 2. DCOM "ConnectionServer" is not registered correctly. "dcomcnfg.exe" navigate to "Component Services - Computers - My Computer - DCOM Config" check if entry "ConnectionServer" is listed. if there is no such entry, register the ConnectionServer out of the installation dir. Open console and navigate to the BVMS installation DCOM directory, e.g. C:\Porgram files (x86)\Bosch\VMS\DCOM type "ConnectionServer.exe /regserver" - press enter refresh DCOMconfig window and check if entry "ConnectionServer" is listed. Restart OC and BRS cameras should work. Step 3. Check and correct the DCOM settings on OC. start dcomcnfg go to Computer and then to MyComputer right click on MyComputer and open properties switch to DCOM-Security Go one after other to both tabs "Edit Limits" and for the accounts "Everyone" and "Anonymous" check all the checkers under the option "Allow" restart the PC   2. BVMS OC doesn’t get BRS cameras Live View, but playback from the same cameras works. Reproduce the issue, note the date and time. Is there other BVMS OC machine where the liveview works as expected? Is the live view working in BRS itself? provide the answer to the above questions and the BVMS OC Configuration Collector Logs to technical support   3. BVMS OC doesn’t get playback from BRS cameras, but gets live view from the same cameras Does the BVMS OC find the time line of the recording? Is it possible to get the playback of the camera on the BRS Appliance itself? Is there other BVMS OC machine where the playback works as expected? Is the playback working in BRS itself? Reproduce the issue provide the answer to the above questions and the BVMS OC Configuration Collector Logs to technical support

Question How can I find the source (details of the workstation) and credentials that are used to attempt to login into BVMS (when the attempt has failed)? Answer The username that is used to login is saved into the BVMS logbook and can be found by searching the logbook from the Operator Client (username of login is "blabla").   The details of the workstation (mainly the IP address) is logged into the BVMS client log files. These can be found on the workstations in the directory: C:\ProgramData\Bosch\VMS\Log (Hint: for log file analysis a lot of free / open source tools are available. Snaketail is one of these tools, and can be found here.) Open the BVMSClientLog.txt (there could be multiple files which are all related to a different timeframe) and search for the phrase "InvalidCredentialException". If an user has tried to login to the system the following log lines should be present in the log file: 2019-03-17 18:31:53,668 75516 [GUI Thread] INFO Bosch.Vms.Frontend.OpClient.Wcf.DataAccessServiceClient ConnectAndAuthenticate - Call failed with InvalidCredentialException 2019-03-17 18:31:53,670 75518 [GUI Thread] INFO Bosch.Vms.Frontend.OpClient.ServerManagement.CentralServerManager AuthenticateAtMainServer - Main-Server 192.168.20.190: WCF online authentication result is WrongUserOrPassword This needs to be checked for every workstation which runs the BVMS Operator Client.  

The attached documents should help you to make the upgrade process as smooth as possible. The upgrade itself is not restricted to BVMS software only. The supported software and firmware versions can be found in the release notes of the related BVMS version. An attachment is added to this article for each BVMS version. Currently the upgrade guides for BVMS 8.0 and 9.0 are attached to this article.

The entire BVMS installation package, available on the downloadstore, contains the client as well as the server components. When a BVMS client needs to be deployed, all of this data (over 2.5GB) needs to be copied to the target workstation, which can be quite a challenge in some environments. Once the BVMS Management Server is set-up, it creates a client installation package (mainly used for the auto-upgrade functionality). This client installation package is a lot smaller compared to the full installation package and is located on the BVMS Management Server (assuming the default installation directory is used): C:\Program Files\Bosch\VMS\Update In order to use the client installation package: copy all the files in this directory from the management server to the new workstation and start BVMS.msi (please note Setup.exe will trigger the auto update mechanism, which will not work as there are no existing components to be updated). The MSI will start the installation process and will allow you to select Operator Client, Configuration client and/or SDK. Please note: The correct version of the .NET framework will need to be installed manually before this procedure is used. This can be found in the zip file available in the product catalogue: “zip file extraction location”\ISSetupPrerequisites\Microsoft .NET Framework x.x.

Which Bosch encoders and decoders are compatible with BVMS? Up until some years ago, new released cameras, encoders, domes and decoders that are introduced into market after a BVMS release could not be connected to an existing BVMS version because these cameras where not known to the BVMS. In the BVMS 4.5.1, a new concept was introduced. This concept treats Bosch video encoders and decoders as generic devices, and automatically recognizes specific device functionality (for example the number of streams, relays and inputs). Based on this information the, at that time, unknown device is added to the system and can be used by the operator. The attached document provides a detailed description of this functionality.

Do you want to know more about designing a BVMS system?

Learn how to design a network on which BVMS can run comfortably.

 Bosch software is distributed via the Bosch website, but can also be re-distributed by Bosch partners. It is important for the system-installer to check if the installation file he or she has received, matches exactly with the output of the engineering process. There are several risks that, in the distribution path, changes are made to the installation file. Keyloggers or other spyware could be added to the installation, or in theory video surveillance footage could be routed to external resources. The attached document describes how the integrity of software can be checked.