This article explains how to add new ONVIF cameras to a system that runs in full Bosch Video Management System (BVMS) via the Configuration Client. Depending on the license type you have installed in the Bosch Video Management System (BVMS), you can add a certain number and different types of cameras/ encoders. BVMS supports 3rd party cameras as well, but they need to be compliant to ONVIF Profile S.
Time is everything: meetings, public transportation, religion, transactions: the whole world is working because the concept of “time” exists. Within a security (or any other) system this is not different: recording schedules, logging, authorizations, encryption keys, timelines, all of these concepts can exist because of time.
As a result, time can either make or break a system: problems can appear only due to a time difference of a couple of seconds between two system components.
This article describes how time services can be configured in a BVMS version ≤ 10.1 environment.
For BVMS version ≥ 11.0 please refer to the following article:
Where can you configure NTP server for cameras/encoders in BVMS≥11?
Time: what is the challenge?
Each device has its own internal clock, which is based on a hardware mechanism. This mechanism acts like a watch: try to put two watches together and synchronize them on the millisecond. A security system consists out of more than two devices, it can consist of thousands of devices.
Synchronizing the time of all these devices by hand is a very time consuming task. Additionally, due to small differences in electronic components, devices can have deviations from one another.
These deviations cannot be detected by the human eye, but can result in considerable time differences when a device is running for months.
The Network Time Protocol (NTP) was created to solve these challenges. The Network Time Protocol is a network-based protocol for clock synchronization between system components. The protocol utilizes a standard IP network to communicate and can maintain a time difference (considering a local area network) of less than one millisecond between components. The Network Time Protocol is a standard protocol and documented in RFC 5905.
The operation and configuration of the Network Time Protocol are complex: a hierarchical architecture needs to be set-up including several layers of systems which are able to run the Network Time Protocol. To reduce complexity the Simple Network Time Protocol (SNTP) was created. The Simple Network Time Protocol is mainly used when less accuracy (deviations of 1-2 seconds are acceptable).
Windows Time Service
The Bosch Video Management System is running on Microsoft Windows Server operating systems. Windows includes an internal time service, which is explained on Microsoft Technet:
“The Windows Time service, also known as W32Time, synchronizes the date and time for all computers running in an AD DS domain. Time synchronization is critical for the proper operation of many Windows services and line-of-business applications. The Windows Time service uses the Network Time Protocol (NTP) to synchronize computer clocks on the network so that an accurate clock value, or time stamp, can be assigned to network validation and resource access requests. The service integrates NTP and time providers, making it a reliable and scalable time service for enterprise administrators.
The W32Time service is not a full-featured NTP solution that meets time-sensitive application needs and is not supported by Microsoft as such. For more information, see Microsoft Knowledge Base article 939322,Support boundary to configure the Windows Time service for high-accuracy environments (http://go.microsoft.com/fwlink/?LinkID=179459).”
Source: Windows Time Service Technical Reference - Microsoft Technet
The Windows Time service is based on the Simple Network Time Protocol.
The Network Time Protocol requires a very complex infrastructure, which impacts the total installation and configuration effort of the system. The Simple Network Time Protocol (also used for the Windows Time Service) reduces the complexity, but at the same time also reduces the accuracy.
For most security applications the Simple Network Time Protocol provides sufficient accuracy. Bosch recommends to use the Windows Time service, based on the Simple Network Time Protocol, as basis for time synchronization in a security network. This article provides best-practices on how to configure the Bosch Video Management System and related components in a time synchronization environment based the Windows Time service.
Alternatively, the Network Time Protocol can be used whenever it is already existing inside an infrastructure or when event accuracy with a deviation less than one second is required. Due to the complexity of the infrastructure Bosch does not make any recommendations related to the Network Time Protocol.
Management server configuration
A. Operating system configuration
This section also applies for the Video Recording Manager and Mobile Video Service when these are not running on the management server.
Microsoft has prepared a lot of documentation related to time configuration Go to the Microsoft Support: How to configure an authoritative time server in Windows Server page and scroll down to the section “Configuring the Windows Time service to use an external time source”. Click the download button under the “Here’s an easy fix” section.
Figure: Download the Microsoft Windows Time service configuration utility
The utility will configure external time servers. To select these, browse to http://pool.ntp.org and select two servers which are related to the geographical location of the system, for example “de.pool.ntp.org” and “nl.pool.ntp.org”, referring to Germany and the Netherlands. Another (local or external) (S)NTP server can also be chosen.
Start the Microsoft configuration utility and configure it as indicated and shown in the figure below.
Administrative access is required to run the utility.
Figure: Pool.ntp.org locations
Figure: Windows Time service configuration
Alternatively the configuration can be done from the command-line, using the command shown below.
net stop w32time w32tm /config /syncfromflags :manual /manualpeerlist : "nl.pool.ntp.org, de.pool.ntp.org" net start w32time
The configuration can be verified by starting the Windows Command prompt and issuing the command “w32tm /query / status”, as shown in the figure below. Notice the time source, this should point towards the configured servers.
Figure: verifying configuration
It can take up to one minute before the correct time source is displayed.
When there is a problem, the configured (S)NTP server can be tested by issuing the “w32tm /stripchart /computer:de.pool.ntp.org”, which should result in the output displayed in the figure below.
Figure: test the (S)NTP service
When an unexpected result is returned, it is recommended to check access to the specific (S)NTP server. A firewall might prevent the communication between the (S)NTP server and the management server.
B. BVMS Management Server configuration
BVMS automatically points devices to its own time-server. This can be changed by editing the BvmsCenterlServer.exe.config file, located in C:\Program Files\Bosch\VMS\bin\. Find the key "TimeServerIPAddress" and adjust the value, as shown in the example below (192.168.0.1).
<!-- Ip address of the time server for VRM/NVR encoders(defaults to the Central-Server IP if not set) . --> < add key = "TimeServerIPAddress" value = "192.168.0.1" />
C. Workstation configuration
The Bosch Video Management System Operator client runs on a Windows workstation. When the workstation and server are part of the same Microsoft Active Directory service domain, no manual time synchronization needs to be configured.
Figure: workstation configuration, "192.168.0.200" needs to be replaced by the IP address or Fully Qualified Domain Name of the management server.
When the Bosch Video Management System workstation and management Server are not joined in a domain, or into the same domain, the workstation(s) need to be manually configured to use the management server as a time server. To achieve this, the description above can be used. Instead of using the pool.ntp.org as a server, the management server is now entered.
D. Camera configuration
If a camera is connected to a BVMS system the time server will be automatically configured.
The attached manual provides information for Mobile Video Service (MVS) within Bosch Video Management System.
You can find: - how to configure the router and Internet Information Service (IIS) - how to add MVS to BVMS - user guide - some troubleshooting tips
This document can also be found online here.
This article describes the different components that Bosch Video Management System offers to to establish a connection between Bosch Video Management System and a 3rd party management system.
This description helps you in writing your own commands for controlling Bosch VMS from inside your management system.
It is possible to add ONVIF compliant cameras to Bosch Video Management System as live only devices or as VSG devices (then the cameras will also record). This article explains how to add an ONVIF camera as VSG device in full Bosch Video Management System (BVMS 10.1).
We recommend using Bosch Workstations and Servers. They are fully tested and optimized for Bosch Video Management System.
ONVIF camera. Please refer to BVMS - ONVIF Device compatibility for additional information.
PC/ Server/ Workstation
When working with previous versions of BVMS, remote connectivity was cumbersome due to the amount of port mapping that needed to be configured. BVMS 7.5 provides a new method of remote connectivity utilizing Secure Shell (SSH) Tunnelling.
SSH Tunnelling constructs an encrypted tunnel established by an SSH protocol/socket connection. This encrypted tunnel can provide transport to both encrypted and un-encrypted traffic. The Bosch SSH implementation also utilizes Omni-Path protocol, which is a high performance low latency communications protocol developed by Intel.
The BVMS SSH service generates a private and public key when it is started for the first time. Both keys are saved in an encrypted file. When the BVMS SSH service restarts this file is detected and the private key is read.
There is little to no configuration required for this feature to function.
The SSH Service must be installed and running. If deploying a BVMS Pro system, insure the SSH Service is part of the installation process.
Recording Appliances that ship with BVMS 7.5 should have the service pre-installed. Check your “Services”.
If the service has not been installed, the install package can be run from the BVMS 7.5 downloadable install package. If working with a DIVAR IP Recording Appliance, the appliance “Installer Package” must be used.
B. Port mapping entry
The primary configuration step is to configure one (1) port forwarding for the BVMS Central Server to utilize port 5322 for both internal and external connections. This is the only port mapping entry that needs to be made for the entire system.
The image below shows a sample configuration.
A. Login with the Operator Client
After the basic configuration is done, logging in via Operator Client is very intuitive:
From the log menu, select the “Connection” drop down menu, then Select <New…>
You will be prompted to enter an IP address or DNS host name. You will also notice a cheat guide below the entry menu that will assist with address entry. Addressing must be in the following format: ssh://IP or servername:5322. In the example we used: ssh://126.96.36.199:5322.
After entering a properly formatted address, enter a valid user name and password. SSH users MUST have a password associated with their BVMS account. User accounts without a password cannot log in utilizing an SSH Connection.
After connection is established via an SSH Tunnel, all communications between the BVMS Server (192.168.1.19) and a remote client (188.8.131.52) are encrypted. Below is a Wireshark Capture taken from the BVMS Server after a connection is established.
C. Changing the SSH port
Locate the SSH service configuration file in " C:\Program Files\Bosch\BVMS\bin "
Open the configuration file and find the section below. Edit the value of the BvmsSshServicePort (the port should be unused) and restart the system.
The purpose of this article is to provide step by step instructions on how to successfully import video and storage devices from a DIVAR IP Recording Appliance to a Professional BVMS system while retaining all existing recorded video.
Note: This procedure should only be performed by a certified BVMS / VRM technician or installer
This article describes how a Tattile camera can be connected to BVMS. We recommend keeping the Tattile camera documentation and BVMS configuration manual at hand to fine tune the system configuration to the specific needs of your project
This article helps you to configure three aspects:
Match list configuration: the Tattile cameras can load a license plate match list from an FTP server. This article describes how you can enable an FTP server on the BVMS management server and use this as a source of the license plate match list.
Camera configuration: the Tattile camera itself requires specific settings before it can be added to BVMS.
BVMS Configuration: adding the Tattile camera to BVMS.
Check list configuration
Tattile cameras can have up to two check lists: A and B. This article helps you to configure check list A based on an FTP server running on the BVMS management server. The article is written based on Windows Server 2019 but can also be used Windows Server 2016 and Windows Server 2012 R2 as they look and feel similar.
1. Setting up an FTP server on the BVMS management server
Open the Internet Information Services Manager and add an FTP site to the local server.
You can give the FTP site an arbitrary name. The physical path needs to be accessible for a user with both read and write access on the file system as well as via the FTP site.
The FTP site should not be configured with SSL. The other settings can be adjusted based on the security-level of the installation. The security-level can be increased by applying, for example, IP filtering on the FTP site or in the Windows Firewall. This way, only configured cameras can access the FTP site.
The FTP site uses Basic authentication. This means that the FTP authentication uses the Windows authentication mechanisms in the background. Users (cameras) should only have read access on the FTP site. This prevents unauthorized modifications of the match list.
Use the computer manager to create a special user, for example, "ftp_user". This user should have read and write access on the FTP site folder and on the file system.
Create a file in the FTP site, for example, BlackList.txt using Notepad. Save the file using UTF8 encoding:
The contents of the file should match the following format: License plate; Country;Comments Please be aware that the Country identifier always consists of three letters. ### can be used as a wildcard and represents all countries
AB134HK;ITA; Test BS46588;###; Substitute car RS054HG;ITA; President’s car
Test if you can open the file using your favorite browser by entering the FTP address: ftp://ftpuser:email@example.com:21/ BlackList.txt. The username and password dialogue should not pop-up and you should have direct access to the content of the BlackList.txt file.
1.1. Synchronizing the check list in the camera with the FTP server
Plate Reader => Check List => Check List A You should enable check list A and configure the List Location as FTP. The FTP IP should match the location of the IP address from the BVMS management server. The File Name should match the name of the file storing the check list.
When you click Reload List, the List Loaded message should appear, including the number of license plates you have put on the list. Multiple cameras can point to the same check list. The checklist can also be generated by an external application that writes the file considering the required format.
1.2. Configure match list management from BVMS Operator Client
BVMS operators can manage the check list from the BVMS Operator Client. The user account the operator uses to login to Windows needs to have read and write access to the file that the FTP server hosts. You can achieve this by creating a new shared folder or by using the existing (hidden) shared folder. In the example below we use an existing (hidden) share folder: c$. Use the BVMS configuration client to open the resource manager.
Add a new resource, in our case, an external application.
The external application launched notepad.exe and points to the location of the check list using an argument.
Add the external application to the BVMS logical tree. This way operators can access it when they want to adjust the check list. Of course you can also put the external application in a folder.
2. Camera configuration
The Tattile camera can handle one admin connection simultaneously. As a result, you can add one camera to one BVMS system.
2.1. Add user
System => HTTP Users Change the default usernames and passwords or add an additional admin user that BVMS can use to login to the camera.
2.2. Configure communication protocol
System => Protocols => VRC BVMS communicates with the Tattile cameras using a secured protocol (VRCS). Configure the VRC server settings as indicated in the image below.
System => Network Configure the IP address from the BVMS management server in the Static hosts section. The Names must state BvmsLpr_Server (case sensitive).
If the Names does not match BvmsLpr_Server, in this dialog or in the events / action settings, the BVMS management server will not receive events from the Tattile camera.
2.3 Configure event and action settings
Plate Reader => Events Actions The Tattile camera has several events and actions. We use two events: Ocr Read and Match On List A. Configure the Template Message for these events by clicking on the image.
You should configure both events in the same way using the example below. The Server name/IP must state BvmsLpr_Server .
The Text Value should state:
Apply the changes. Plate Reader => Events Actions => Template Configuration (Config, bottom of the page) Additionally, you need to upload a template message. Click the Upload Page and load the file C:\ProgramFiles\Bosch\VMS\Appdata\LPR_Event_Template.txt on systems where the BVMS configuration client is installed.
2.4. Configure separator plate
Optionally you can configure a separator plate for specific countries. This determines how the detected license plates are written into the BVMS logbook. The camera user manual contains more information.
3. BVMS configuration
The BVMS configuration manual also describes how to add LPR devices to the BVMS configuration.
3.1. Add LPR camera
Add an LPR device by right clicking on the LPR devices node.
3.2. Add video (RTSP) camera
Some Tattile cameras also have a video output (Not possible for the basic family). You can add these cameras to the Video Streaming Gateway (VSG) configuration as an RSTP camera.
Use the rstp://x.x.x.x without authentication to load the video stream into BVMS.
3.3. Configure LPR events
You can use the Events and Alarms tab in the BVMS configuration client to configure the events and alarms. BVMS receives License plate detected (Ocr read) and License plate identified (Match On List A) from the camera.
We recommend to configure an alarm on the License plate identified event and store the License plate detected event in the BVMS logbook.
3.4. Allow only users in the "Admin" group to manage license plates
Some user groups might not be allowed to edit the check list. You can remove the rights by de-selecting the node in the logical tree on the User groups tab in the BVMS configuration client.
Alarms from the camera are processed using the normal BVMS alarm management. The check list can be easily edited by an operator by dragging and dropping the Manage License Plates application into an image pane, editing the file, and saving it (either by CTRL+S or by clicking File / Save).
4.1 Alarm Handling
If the License plate identified or License plated detected events are configured to trigger alarms, the following information will be displayed in an alarm:
The standard BVMS alarm information as timestamp, event type, alarm title, triggering device, etc.
The license plate itself
The country identified (DEU for Germany, etc.)
4.2 Investigation / Reporting
With the LPR events License plate identified and License plate detected stored in the BVMS logbook, it is possible to solve use cases as "When did a car enter and leave the premises". Open the logbook search in the Operator Client, define a search filter for the License Plate detected or License Plate identified event and run the search, if you want to get an overview of all detected plates. If you look for a specific number plate, you can additionally enter the license plate in the Text Data field.
The results are listed below and can be exported using the Save results button.
Starting with BVMS 11.0, the standard BVMS licensing scheme also applies to the DIVAR IP units.
Attached document describes how the upgrade process to BVMS 11.0 looks like and what kind of licenses are needed for a DIVAR IP unit!
This article helps you to solve the situation where the "No Config" error message appears when you try to authenticate in Operator Client.
This error can be persistent, no matter what central server you attempt to login to and no matter what user account or credentials you are trying to use.
This means that you have a corrupt cache .dat file on your system.
Follow the steps from this article if you attempt to login into BVMS Operator Client and encounter the message below and you want to fix it:
"Please enter your credentials...
With BVMS 11.0, new licensing system was introduced.
Attached document describes how to migrate existing activated BVMS licenses from the Bosch Software License Manager System (SLMS) licensing system to the new Bosch Remote Portal licensing.