Bosch Building Technologies

    Security: Video

    Sort by:
    ‎10-11-2019 12:02 PM
    This article provides you with information related to the Windows Firewall, how to access, configure and adjust it.   Firewall A firewall is a program installed on your machine or a piece of hardware in your network, that uses a rule-set to block or allow access to a computer, server or network. It seperatres dedicated network segments, likly your LAN from the Internet. Firewalls can permit traffic to be routed through a specific port to a program or destination, while blocking all other traffic.   Windows Firewall The Windows Firewall interface can be accessed multiple ways. The  way we will look during this TB is via the Windows search function. Click the Windows icon and type in “firewall“.  Then, click on the “Windows  Firewall with Advanced Security” icon.   The GUI provides you a general overview, about the basic function of the software. Displaying the current status of the firewall also which profiles are currently set up. By default the firewall should be enabled. We strongly recommend that the Windows Firewall is enabled on all your Bosch devices featuring a Windows Operating System.   Firewall profiles There are 3 different profiles within your Windows Firewall, which are simply groups of different firewall rule-sets, depending where your machine is currently connected. Public Profile: This profile is used when the computer is connected directly to a public network like a restaurant, library or airport. This profile should be the most restrictive because security is usually not well controlled in public places. Private Profile: This profile is used if your are only connected to  a private network, not directly to the Internet. In these cases, your device is located behind a router or hardware firewall. Which allows to set this profil less restrictive. Domain Profile: This profile is used when the machine is connected to a domain controller, which in turn is controlling a windows domain. This profile should be the least restrictive of the other  profiles because security is usually very well controlled within a domain.   Standdard rule-set by default the Windows Firewall behavior is the following:  Windows Firewall never blocks outgoing traffic. Any requests sent out from the server will not be hindered in any way. Windows Firewall blocks all incoming traffic, except for traffic that is in responses to a request. This means that if you make a request to Google, Google’s inbound reply to your outbound request will not be blocked. Windows Firewall blocks all other traffic. This means that any traffic that is not explicitly allowed is blocked in the firewall. In the Windows Firewall we can filter connection in two different kinds: port exceptions (rule assigned to a dedicated port number)  and program exception (rule assigned to a dedicated program)   In general we need to distinguish between the inbound (frome somewhere to your machine) and outbound (from your machine to somewhere) rule-set.   Open a port in the firewall (inbound rule) In the Windows Firewall with Advanced Security window, right-click "Inbound Rules", and then click "New Rule..." in the action pane. "Rule Type" dialog box, select "Port" depending on your need and then click "Next". In the "Protocol and Ports" dialog box, select "TCP". Then select "Specific local Ports", and then type the port number and then click "Next". In the "Action" dialog box, select "Allow the connection" and then click "Next". In the "Profile" dialog box, select any profiles that apply and then click "Next". (We have allowed all three for demonstration purposes, your selection may vary.) In the "Name" dialog box, type a name and description for this rule, and then click "Finish". At this point, you will now see a new rule in the main firewall rules in the center section, as well as a new listing in the right window panel.   Open a program in the firewall (inbound rule) Click on the "Inbound Rules" option on the top left of the firewall interface. Then, click on the "New rule…" Under "Rule Type" dialog box, select the option "Program" and then click "Next". Select the option "This Program path" browse to the path/location of the program  and click "Next". Next, we select the option “Allow the connection” and then click “Next”. Select the "Profile" the rule will be applied to and click "Next". (We have allowed all three for demonstration purposes, your selection may vary.) Select a "Name" and "Description" for this rule and then Click “Finish”. At this point, you will be dropped back to the main firewall screen. You will now see a new rule in the main firewall rules in the center section, as well as a new listing in the right window pane   Edit a port / program in the firewall Right-click on the rule which will open a context menu. Then click  "Properties" and adjust the rule according your needs .   Close a port / program in the firewall Right-click on the rule which will open a context menu. Then click  " Delete".       Adjust program rule after BVMS upgrade In case you upgraded your current BVMS up to BVMS10, refering to the article TSG-Upgrading-VRM-from-32bit-to-64bit you need to adjust the inbound + outbound rule "Bosch VRM Server" and  "USB Transcoder". Therefore right-click on the rule which will open a context menu. Then click "Properties" and adjust the programs path to: Bosch VRM Server: "C:\Program Files\Bosch\Video Recording Manager\VRM Server\bin\rms.exe" USB Transcoder: "C:\Program Files (x86)\Bosch\Video Recording Manager\VRM Server\bin\usbsvc.exe" Keep in mind, that you need to perform this action on all four rules (inbound and outbound) Alternatively download the attachment (1 KB) locally to your device, extract the archive and run the PowerShell script "set_fw_rule_trancoder.ps1" as administrator. The script will adjust all necessary rules.
    View full article
    100% helpful (1/1)
    ‎10-28-2019 03:38 PM
    BVMS Mobile Video Service - Creating a Self-Signed Certificate to establish a trusted connection Some sites may request or require that the connection to the Mobile Video Service is a trusted connection.  The following procedure will allow you to create a self signed certificate to allow a trusted connection between a web browser and MVS. -Navigate to the Microsoft Management Console Run command mmc.exe Go to File ---> Add/Remove Snap-in… Highlight Certificates and Add for Computer Account You should see certificates listed for Local Computer Save a copy of this console to the Desktop -Run Windows PowerShell ‘as administrator’ on the MVS Server Run the following commands in Windows Power Shell to create the self-signed certificate including the IP address of the MVS and the DNS name so both will work when accessing from a web browser. $todaydt = Get-Date $20years = $todaydt.AddYears(20) New-SelfSignedCertificate -DnsName "mvsIPaddress",”DNSname” -notafter $20years If creation was successful, you will see a thumbprint with a hash as well as the subject CN=ipaddress -Navigate back to your saved MMC console Find the newly created certificate under the Personal  ---> Certificates directory Copy the Certificate to Trusted Root Certification Authorities ---> Certificates directory -Navigate to the IIS Manager Highlight the server machine name on the top-left and then double-click Server Certificates Double-click the created certificate and verify that a private key corresponds to the certificate and that the certificate is OK under the Certification Path Expand the server machine name on the left to reveal the Sites Highlight BoschIVS Select Bindings… on the far right-hand side Edit the Binding for 443 Select the newly created certificate under the SSL certificate dropdown Select OK Click Yes that you want to change the binding Add… new binding Type: https Port: 444 Choose BoschVms in the SSL certificate dropdown Click OK -Navigate to the BVMS Config Client to edit the MVS URL Change the MVS URL to reflect port 444 Example:  https://mvsIPaddress:444/mvs Red X should go away Save/Activate  (BVMS will be bound on the new port and still be able to communicate with the MVS server -Open Internet Explorer (as administrator) and navigate to the MVS URL using the IP address or the DNS Name Continue to the site with the certificate error Click on the certificate error in the navigation bar Click View Certificates and then Install Certificate Install for the Local Machine Place certificate in the Trusted Root Certification Authorities store Click Finish and close out the browser Open IE again and navigate back to the MVS.  There should be no more error.   *The reason behind changing the port to 444 is to make browser access for basic users easier.  This way basic users only have to enter the IP address or DNS name and do not have to enter a special port in the URL.    
    View full article
    ‎09-19-2019 08:32 AM
    The attached document aims to provide concerned parties, such as customers, users, operators or consultants, with an overview of data privacy and protection related features of BVMS Person Identification. Moreover, this document describes how data, as processed during the Person Identification steps, can be classified. Finally, this document lists technical measures for data protection in the context of BVMS Person Identification.
    View full article
    ‎09-18-2019 09:17 AM
    As video surveillance use grows in commercial, government and private use cases, the need for low-cost storage at scale is growing rapidly. BVMS, Bosch cameras, HPE hardware and SUSE Enterprise Storage provide a platform that is an ideal target for recording these streams. There are numerous difficulties around storing unstructured video surveillance data at massive scale. Video surveillance data tends to be written only once or become stagnant over time. This stale data takes up valuable space on expensive block and file storage, and yet needs to be available in seconds. With this massive scale, the difficulty of keeping all the data safe and available is also growing. Many existing storage solutions are a challenge to manage and control at such scale. Management silos and user interface limitations make it harder to deploy new storage into business infrastructure. The solution is software-defined storage (SDS). This is a storage system that delivers a full suite of persistent storage services via an autonomous software stack that can run on an industry standard, commodity hardware platform. Bosch, Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS to the video surveillance industry. Using SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers in a Bosch video surveillance environment simplifies the management of today’s volume of data, and provides the flexibility to scale for all enterprise storage needs. The full description can be found in the attached whitepaper.
    View full article
    ‎09-03-2019 01:41 PM
    Dear users, have you ever wondered how to best transition from the Project Assistant to (B)VMS? This article aims at providing you a recommendation and the answer is quite simple: Use the Project Assistant to its full extent and once the cameras are connected to the target network, perform a network scan using the BVMS Configuration Client, to add the respective cameras to the system. The remaining fine-grained settings can then be tackled within BVMS.  For details, please check out the attached presentation. Let us know, if you have further questions and share your comments below. Best regards, Your Bosch Security App Team    
    View full article
    ‎05-14-2018 06:27 PM
    This article guides you through the process of activating Bosch VMS Audio Intercom functionality on Windows 7.
    View full article
    ‎05-16-2018 09:36 PM
    Related Products Bosch Video Management System   Issue When opening a new Image pane in Live Mode, the camera image is discolored, i.e. there is a green cast or the image is displayed in black and white. When viewing the same camera image with the webbrowser, the live image is properly colored.   Solution Update the graphics card driver. Refer to BVMS release notes: they list the recommended graphics card driver versions to be used. 
    View full article
    ‎05-13-2018 02:30 PM
    Standard Service Documents The calculation of the storage capacity is done in different way in Configuration Client and VRM Monitor: - In BVMS Configuration Client Capacity (GB) stands for the available physical capacity of the storage, as calculated and provided by the storage vendor (for example NetApp). -In VRM Monitor – under Target Overview – Total is listed the number of all available blocks multiplied by the size of the blocks that is by default 1GB. This calculation concerns the logical storage and depends on the way the storage is used (for example how many Luns are imported in the system).
    View full article
    ‎05-18-2018 07:48 PM
    Related Products BVMS OPC Server   Question List with restricted symbols when using BVMS OPC Server.   Answer BVMS OPC server restricts the use of some symbols in the camera names. We can divide them into 3 groups: - XML restricted symbols. For the OPC server the device configuration is exported in a XML file. So no reserved XML characters should be used as they will be replaced by blanks when exporting the OPC file. XML restricted characters: : & < > " ' - OPC Specification restricted symbols. OPC Specification restricts the use of: " ´ ` ' # - OPC namespace delimiters: . , /
    View full article
    100% helpful (2/2)
    ‎07-18-2019 07:50 AM
    Question Can I move the BVMS Logbook database to a separate Microsoft SQL Server to ease maintenance or increase the size of the Logbook? Answer The BVMS Logbook database can be moved to another SQL Server. The attched guide describes the steps that are necessary to migrate the database and describes how to confirm if the migration was successful.
    View full article
    ‎05-21-2018 08:39 PM
    This article guides you through the process of installing the BVMS Logbook Health Checker. The Bosch VMS Logbook Health Checker is a tool that is capable of fixing the overflow of the Bosch VMS Logbook database before it occurs.
    View full article
    ‎08-19-2020 08:21 AM
    Question How can I protect my security system, from an IT security perspective? Answer The attached document explains how the security system can be hardened. Additionally the BVMS - Network Design Guide includes best practices for desgning a secure network.  
    View full article
    ‎05-21-2018 08:42 PM
    In Bosch VMS it is possible to assign an LDAP user group to a Bosch VMS user group. This article describes why it is important to not assign the same LDAP user group to multiple Bosch VMS user groups.
    View full article
    ‎05-21-2018 08:47 PM
    Can I upgrade existing BVMS Pro system to a BVMS Enterprise system?
    View full article
    ‎08-20-2020 09:08 AM
    Question What is the decoding performance of BVMS? How many cameras can I open on the screen before the systems is overloaded (and frames are being dropped)? Answer The BVMS client performance overview is attached to this article and shows, based on several workstation configurations and a specific BVMS version, how many cameras can be opened before the workstation is overloaded.
    View full article
    ‎04-26-2019 11:03 AM
    Related Products: BVMS / MVS / VSDK Overview: On request from development to provide a dump file from MVS system please follow the steps in the solution section. Solution: Reproduce the issue Download the Microsoft debugger procdump ( The procdump tool is also attaced to the article,location&include_tkbs=true&location=tkb-board:bt_community-tkb-video&q=dump&search_type=thread  When application is crashing, do not click any buttons on the appeared error window that will change the program state. Run the procdump.exe from the directory where you copied the tool with following command line (Start - cmd): procdump.exe –ma <name of the programm exe> <dump file name>.dmp In the case of MVS you need to do that for all 4 MVS services: - Bosch.MVS.SourceProvider.BVMS.Service.exe - Bosch.MVS.DataStorage.Service.exe - Bosch.MVS.SourceProvider.MobileCamera.Service.exe - Bosch.MVS.Transcoder.Service.exe
    View full article
    ‎11-19-2019 12:41 PM
    Related Products: BVMS, application crash, memory dump This article lists the scenarios in which technical support normally request dump file from a BVMS system. It contains general guidelines how to create a dump file for BVMS system and provides links to more concrete articles, that correspond to particular issues and exact steps to create a dump. BVMS dumps are needed to troubleshoot the following types of issues: Application crashes – dump is expected to provide more information about the cause of the crash and its origin. Memory or handle leaks – dump is expected to point to their origins Deadlocks, freezes and hangs – dump is expected to point to their origins Recommended tool to create BVMS dumps. The recommended tool is Procdump. It is a command line tool which must be started from the command shell. Development provides couple of .bat files that start Procdump with predefined parameters and cover the most common dump creation cases. The tool as well as the set of .bat files are attached to this article: The batch file names follow a naming guideline: <Executable>_<Dump use case> , where <Executable> is one of: ConfigClient ConfigWizard OperatorClient ManagementServer ArchivePlayer ExceptionTest and <Dump use case> is one of SingleDump TwoDumps DumpOnException DumpOnHang ActivatePostmortemDebugging There are 3 possible error scenarios and corresponding dump creation methods: Dump creation for reproducible crashes that trigger Windows Error Reporting Run the affected application/service (Operator Client, Configuration Client or Management Server Service) Reproduce the steps that lead to the crash Leave the Windows crash dialog open Run the corresponding batch file for creating a single dump: *_SingleDump.bat. E.g. run OperatorClient_SingleDump.bat to create a single dump of the Operator Client process. Provide support with the resulting .dmp file a description of the steps to reproduce the problem ConfigCollection Note: attached you can find a configured example for this scenario and application Operator Client - Dump creation for reproducible memory or handle leaks Run the affected application/service (Operator Client, Configuration Client or Management Server Service) Run the corresponding batch file for creating two dumps: *_TwoDumps.bat. E.g. run OperatorClient_TwoDumps.bat to create two dumps of the Operator Client process. Note that by default, the delay between the two dumps is set to one hour (3600 seconds). Depending on the magnitude of the memory leak, you might want to increase/decrease the delay. To do that, edit file *_TwoDumps.bat: replace value "3600" by a value that fits your needs e.g. a value of "7200" will create two dumps with a delay of two hours. Reproduce the steps that lead to the memory leak. Wait until the second dump was created. Provide support with the resulting two .dmp files a description of the steps to reproduce the memory leak a ConfigCollection Dump creation for crashes/hangs/freezes that are hard to reproduce Deactivate the restarting option for Operator Client / Configuration Client: To deactivate the restarting option for Operator Client / Configuration Client: edit ..\Bosch\VMS\bin\ConfigClient.exe.config or ..\Bosch\VMS\bin\OperatorClient.exe.config. Navigate to section <appSettings> add a new entry <add key = "DisableExceptionHandling" value="TRUE" />. Run ActivatePostmortemDebugging.bat Run the affected application/service (Operator Client, Configuration Client or Management Server Service) As soon as the issue appears, check whether the dump was created. Provide support with the resulting .dmp file description of the steps to reproduce the crash ConfigCollection Note: attached you can find a configured example for this scenario and application Operator Client -
    View full article
    ‎04-01-2019 12:31 PM
    Related Products: BVMS SDK, BVMS    Overview: BVMS Scriptlets can be debugged via logging to a logger file or messaging to the Operator workstation. This article describes how to enable BVMS Scriplet logging. You can log to the Server Script log or the Client Script log. Logs are default send to C:\ProgramData\Bosch\VMS\Log   1.Creating Log files ClientScriptLogger – automatically created Creates file “ClientScriptLog.txt” ServerScriptLogger - automatically created  Creates file “ServerScriptLog.txt” 2.Log information to the log files There are 3 methods to log information: Log Info Log Error Log Debug   Examples: [Scriptlet("59c4d66e-9395-4dcc-8d27-90dc2b7a00c4")] public void DemoLogger() { //use refence:C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 MessageBox.Show("Hello World"); Logger.Info("Hello World script started"); Logger.Error("Hello World script started"); Logger.Debug("Hello World script started"); // Not writing to ClientScriptLog.txt ! } 3.Logging Location - C:\ProgramData\Bosch\VMS\Log. The logs are automatically collected by the BVMS Configuration Collection Tool. 4.Changing the location of the BVMS Scriplet Logging. Server Scripts : Logging Directory can be found in the file: C:\Program Files (x86)\Bosch\VMS\AppData\Server\CentralServer\BvmsLogCfg.xml and is defined by the ServerScriptLogAppender path: Default: </appender> <appender name="ServerScriptLogAppender" type="Bosch.Vms.Shared.Logging.Imp.RollingFileAppender, Bosch.Vms.Shared.Logging.Imp"> <file value="%CommonApplicationData%\\Bosch\\VMS\\Log\\ServerScriptLog.txt"/> Client Scripts : Logging Directory can be found in the file: C:\Program Files (x86)\Bosch\VMS\AppData\Client\OpClient\ApplicationWiring\Nvr\LogCfg.xml and is defined by the ClientScriptLogAppender path: Default: </appender> <appender name=“ClientScriptLogAppender" type="Bosch.Vms.Shared.Logging.Imp.RollingFileAppender, Bosch.Vms.Shared.Logging.Imp"> <file value="%CommonApplicationData%\\Bosch\\VMS\\Log\\ClientScriptLog.txt"/>            
    View full article
    ‎06-18-2020 02:57 PM
    Collect Video SDK Logs for VSDK based applications:
    View full article
    ‎04-01-2019 12:33 PM
    Related Products: BVMS SDK, BVMS    Overview: Analyzing BVMS systems with SDK components is a challenging task, because the functionality and the runtime behavior of those systems are harder to determine than for a BVMS systems without SDK functionality. In order to troubleshoot BVMS systems with SDK components support needs the following information and logging.   Please prove the following information to support. 1. Detailed description of the expected behavior of the SDK functionality. 2. Detailed description of the actual behavior of the SDK functionality. 3.SDK Components What type is the standalone SDK application (based on ClientSDK, ServerSDK, or CameoSDK) and on which machine is it running? Are there additionally client scripts, server scripts or workstation startup scripts? 4.SDK Interactions Do SDK components interact with remote Operator Clients? Do SDK components interact with the Operator Client UI? Do SDK components control devices? How often are client scripts triggered? How often are scripts triggered by BVMS event? 5.Environment Which shared resources are accessed by SDK actions? (Dome cameras, AMG, Operator Client UI) Do SDK components interact with an unreliable environment? (Unstable network, offline devices, offline PCs, etc.) Do SDK components properly handle offline situations? (offline devices, configuration changes, etc.)    Please provide the Scriplet and/or Log files The optimal approach is to provide both the scriplet and logging. ClientScript logfiles: can be found in the ConfigCollection of Operator Client machines. Make sure that logging is implemented in the script and that logging is activated in the configuration. ServerScript logfiles: can be found in the ConfigColletion of Management Server machines. Make sure that logging is implemented in the script and that logging is activated in the configuration.  
    View full article
    Top Contributors