Security: Video

Related Products: BVMS, Operator Client This article describes the initial information needed to start troubleshooting Operator Client Crash. Needed information and logs from the customer: 1. Note down the events that lead to crash 2. Classify the crash reproducible crashes that trigger Windows Error Reporting crashes/hangs/freezes that are hard to reproduce, or take long before repeating 3. Provide the following logs: Dump file from the crash – refer to the following article ( https://community.boschsecurity.com/t5/Security-Video/How-To-create-BVMS-memory-dump/ta-p/7326 ) ConfigCollection from the machine where the crashing Operator Client is running.

This article provides you with information related to the Windows Firewall, how to access, configure and adjust it.   Firewall A firewall is a program installed on your machine or a piece of hardware in your network, that uses a rule-set to block or allow access to a computer, server or network. It seperatres dedicated network segments, likly your LAN from the Internet. Firewalls can permit traffic to be routed through a specific port to a program or destination, while blocking all other traffic.   Windows Firewall The Windows Firewall interface can be accessed multiple ways. The  way we will look during this TB is via the Windows search function. Click the Windows icon and type in “firewall“.  Then, click on the “Windows  Firewall with Advanced Security” icon.   The GUI provides you a general overview, about the basic function of the software. Displaying the current status of the firewall also which profiles are currently set up. By default the firewall should be enabled. We strongly recommend that the Windows Firewall is enabled on all your Bosch devices featuring a Windows Operating System.   Firewall profiles There are 3 different profiles within your Windows Firewall, which are simply groups of different firewall rule-sets, depending where your machine is currently connected. Public Profile: This profile is used when the computer is connected directly to a public network like a restaurant, library or airport. This profile should be the most restrictive because security is usually not well controlled in public places. Private Profile: This profile is used if your are only connected to  a private network, not directly to the Internet. In these cases, your device is located behind a router or hardware firewall. Which allows to set this profil less restrictive. Domain Profile: This profile is used when the machine is connected to a domain controller, which in turn is controlling a windows domain. This profile should be the least restrictive of the other  profiles because security is usually very well controlled within a domain.   Standdard rule-set by default the Windows Firewall behavior is the following:  Windows Firewall never blocks outgoing traffic. Any requests sent out from the server will not be hindered in any way. Windows Firewall blocks all incoming traffic, except for traffic that is in responses to a request. This means that if you make a request to Google, Google’s inbound reply to your outbound request will not be blocked. Windows Firewall blocks all other traffic. This means that any traffic that is not explicitly allowed is blocked in the firewall. In the Windows Firewall we can filter connection in two different kinds: port exceptions (rule assigned to a dedicated port number)  and program exception (rule assigned to a dedicated program)   In general we need to distinguish between the inbound (frome somewhere to your machine) and outbound (from your machine to somewhere) rule-set.   Open a port in the firewall (inbound rule) In the Windows Firewall with Advanced Security window, right-click "Inbound Rules", and then click "New Rule..." in the action pane. "Rule Type" dialog box, select "Port" depending on your need and then click "Next". In the "Protocol and Ports" dialog box, select "TCP". Then select "Specific local Ports", and then type the port number and then click "Next". In the "Action" dialog box, select "Allow the connection" and then click "Next". In the "Profile" dialog box, select any profiles that apply and then click "Next". (We have allowed all three for demonstration purposes, your selection may vary.) In the "Name" dialog box, type a name and description for this rule, and then click "Finish". At this point, you will now see a new rule in the main firewall rules in the center section, as well as a new listing in the right window panel.   Open a program in the firewall (inbound rule) Click on the "Inbound Rules" option on the top left of the firewall interface. Then, click on the "New rule…" Under "Rule Type" dialog box, select the option "Program" and then click "Next". Select the option "This Program path" browse to the path/location of the program  and click "Next". Next, we select the option “Allow the connection” and then click “Next”. Select the "Profile" the rule will be applied to and click "Next". (We have allowed all three for demonstration purposes, your selection may vary.) Select a "Name" and "Description" for this rule and then Click “Finish”. At this point, you will be dropped back to the main firewall screen. You will now see a new rule in the main firewall rules in the center section, as well as a new listing in the right window pane   Edit a port / program in the firewall Right-click on the rule which will open a context menu. Then click  "Properties" and adjust the rule according your needs .   Close a port / program in the firewall Right-click on the rule which will open a context menu. Then click  " Delete".       Adjust program rule after BVMS upgrade In case you upgraded your current BVMS up to BVMS10, refering to the article TSG-Upgrading-VRM-from-32bit-to-64bit you need to adjust the inbound + outbound rule "Bosch VRM Server" and  "USB Transcoder". Therefore right-click on the rule which will open a context menu. Then click "Properties" and adjust the programs path to: Bosch VRM Server: "C:\Program Files\Bosch\Video Recording Manager\VRM Server\bin\rms.exe" USB Transcoder: "C:\Program Files (x86)\Bosch\Video Recording Manager\VRM Server\bin\usbsvc.exe" Keep in mind, that you need to perform this action on all four rules (inbound and outbound) Alternatively download the attachment set_fw_rules.zip (1 KB) locally to your device, extract the archive and run the PowerShell script "set_fw_rule_trancoder.ps1" as administrator. The script will adjust all necessary rules.

Which Bosch encoders and decoders are compatible with BVMS? Up until some years ago, new released cameras, encoders, domes and decoders that are introduced into market after a BVMS release could not be connected to an existing BVMS version because these cameras where not known to the BVMS. In the BVMS 4.5.1, a new concept was introduced. This concept treats Bosch video encoders and decoders as generic devices, and automatically recognizes specific device functionality (for example the number of streams, relays and inputs). Based on this information the, at that time, unknown device is added to the system and can be used by the operator. The attached document provides a detailed description of this functionality.

Question What is the decoding performance of BVMS? How many cameras can I open on the screen before the systems is overloaded (and frames are being dropped)? Answer The BVMS client performance overview is attached to this article and shows, based on several workstation configurations and a specific BVMS version, how many cameras can be opened before the workstation is overloaded.

The attached document aims to provide concerned parties, such as customers, users, operators or consultants, with an overview of data privacy and protection related features of BVMS Person Identification. Moreover, this document describes how data, as processed during the Person Identification steps, can be classified. Finally, this document lists technical measures for data protection in the context of BVMS Person Identification.

As video surveillance use grows in commercial, government and private use cases, the need for low-cost storage at scale is growing rapidly. BVMS, Bosch cameras, HPE hardware and SUSE Enterprise Storage provide a platform that is an ideal target for recording these streams. There are numerous difficulties around storing unstructured video surveillance data at massive scale. Video surveillance data tends to be written only once or become stagnant over time. This stale data takes up valuable space on expensive block and file storage, and yet needs to be available in seconds. With this massive scale, the difficulty of keeping all the data safe and available is also growing. Many existing storage solutions are a challenge to manage and control at such scale. Management silos and user interface limitations make it harder to deploy new storage into business infrastructure. The solution is software-defined storage (SDS). This is a storage system that delivers a full suite of persistent storage services via an autonomous software stack that can run on an industry standard, commodity hardware platform. Bosch, Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS to the video surveillance industry. Using SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers in a Bosch video surveillance environment simplifies the management of today’s volume of data, and provides the flexibility to scale for all enterprise storage needs. The full description can be found in the attached whitepaper.

Question How can I protect my security system, from an IT security perspective? Answer The attached document explains how the security system can be hardened. Additionally the BVMS - Network Design Guide includes best practices for desgning a secure network.  

Trying out the BVMS Lite is easy! Download BVMS Lite from the downloadstore and use the quick installation guide to set-up the system. BVMS Lite contains 8 video channels, 2 workstations, 1 DVR, 2 keyboards, and 1 intrusion panel and can be used without a time limit. BVMS Lite can be expanded to 42 channels using license extensions. A step-by-step instruction on how to install the BVMS Lite license can also be found as an attachment to this page.

Do you want to know more about designing a BVMS system?

Dear users, have you ever wondered how to best transition from the Project Assistant to (B)VMS? This article aims at providing you a recommendation and the answer is quite simple: Use the Project Assistant to its full extent and once the cameras are connected to the target network, perform a network scan using the BVMS Configuration Client, to add the respective cameras to the system. The remaining fine-grained settings can then be tackled within BVMS.  For details, please check out the attached presentation. Let us know, if you have further questions and share your comments below. Best regards, Your Bosch Security App Team    

Are you writing the specification of a video surveillance system?

The attached document describes how the GDPR impacts video surveillance systems and how BVMS can be configured to function in a GDPR compliant organization.

Functionality for security operators

 Time is everything: meetings, public transportation, religion, transactions: the whole world is working because the concept of “time” exists. Within a security (or any other) system this is not different: recording schedules, logging, authorizations, encryption keys, timelines, all of these concepts can exist because of time. As a result, time can either make or break a system: problems can appear only due to a time difference of a couple of seconds between two system components. The attached document describes how time services can be configured in a BVMS environment.

The attached document will provide a basic explanation and simple examples of the interfacing (scripting, calling functions by external applications) functionality in Bosch Video Management System. The interfacing functionality is based on Bosch VMS SDKs. The Bosch VMS SDKs contain all interfaces, object types and methods that are needed for automation and integration to and of Bosch VMS.   The document can be found in the attachments section on the bottom of the page or at the right side of the page.  Please look for the attachment icon.

The attached document describes the settings you must perform after having installed BIS and BVMS on the different computers. Ensure that the installations of BIS Server and BVMS Management Server were performed successfully on separate computers. Additionally you must have purchased and activated an OPC Server License for BVMS.   The document can be found in the attachments section on the bottom of the page or the right side of the page.  Please look for the attachment icon.

 BVMS customers can download camera updates free of charge, in order to integrate approved, third-party cameras. BVMS scans for third-party cameras, automatically configuring motion and other key events; it also enables installers to configure the most important settings for third-party cameras from a single user interface, without the hassle of having to access the websites of other camera manufacturers. The attached files include a list of compatible cameras and the ONVIF mapping files for each specific BVMS version.

 The attached documents show the different design options that are available when designing a BVMS system.

The attached documents should help you to make the upgrade process as smooth as possible. The upgrade itself is not restricted to BVMS software only. The supported software and firmware versions can be found in the release notes of the related BVMS version. An attachment is added to this article for each BVMS version. Currently the upgrade guides for BVMS 8.0 and 9.0 are attached to this article. From BVMS 10.0 onwards a description on how to migrate systems has been included as well.

Learn more about virtualization!