Potential for Data Inconsistency Issues on E-Series Storage Systems
With the controller firmware 11.50.1 and newer version like NetApp controller firmware 11.50.2 an issues are fixed by NetApp, which enforce an immediate update of all E2800 iSCSI Storage Systems (their controllers). In July 2019 BOSCH announced the need to update from all former NetApp controller firmware 08.30.40.00 to newer versions. At that time the Firmware for NetApp E2800 controller recommended was version NetApp Firmware 11.50R1. This is also announced by NetApp on their support websites (see https://mysupport.netapp.com/).
Bosch approval 31st of January 2018
Bosch approval 7th of May 2019
Bosch approval 20th of September 2019
NetApp Firmware 08.30.40.00 no longer allowed for usage
NetApp Firmware: 11.50.R1 no longer allowed for usage
NetApp Firmware: 11.50.2 currently shipped by Netapp via BOSCH
NetApp Firmware: 11.50.2P1 11.50.3 11.60
Please follow our BOSCH Knowledge Base and monitor for updates at this article for important news. Eventhough NetApp inbuild functions for BOSCH video optimized recording 24/7 and generic firmware is used at E2800 iSCSI storage systems, BOSCH is evaluating new firmware versions provided by NetApp on a regular bases. The BOSCH submodel ID 356 ensures that the NetApp system is optimized for 24/7 video recording.
All DSA E-Series (E2800 12-bay) and DSA E-Series (E2800 60-bay)
Example product variants:
DSA-N2E8X4-12AT Base unit 12x4TB High-performance and high-capacity storage system base unit with iSCSI disk arrays, single controller. DSA E2800, 12 x 4 TB HDD, Order number DSA-N2E8X4-12A
DSA-N2C8X4-12AT Dual controller unit 12x4TB High-performance and high-capacity storage system base unit with iSCSI disk arrays, dual controller. DSA E2800, 12 x 4 TB HDD, Order number DSA-N2C8X4-12AT
Note: There are other models with various HDD capacity (e.g. 8TB harddrives and larger) available For more details visit the BOSCH product website
Summary of issue
NetApp® has become aware of issues that could occur when an E-Series controller reboots at certain points during the evacuation of data from a drive that is performed as part of the sequence when a drive is being failed by the controller. As a result, there is a small possibility of data inconsistency on controllers running certain versions of E-Series SANtricity® OS controller software.
First announced in 06/2019: The issues are possible on E-Series controllers running 8.30, 8.40, 11.30, 11.40, and 11.50 versions of E-Series SANtricity OS controller software. The overall probability of these issues occurring is very low, but RAID 1 volumes have a higher probability of encountering the issues than other RAID levels or NetApp Dynamic Disk Pools. These issues do not affect traditional RAID volume groups that have no global hot spare drives because drive evacuation does not occur in this configuration. For information about fixes in these releases, view the readme notes for each revision release.
No workaround available. Controller Firmware update is needed. HDD Firmware update is not in relation to the descdribed issue here, but it is in general recommended to install the latest offered HDD firmware that is recommended by BOSCH and NetApp. The same applies for HDD firmware.
Solution: Update the NetApp Controller Firmware
Upgrade E-Series SANtricity OS controller software to the latest applicable revision release for each platform as soon as possible.
status 06/2019: controller firmware version minimum 11.50R1
status 10/2019: controller firmware version to be used 11.50.2
Where to get the Controller Firmware
All customers with a full NetApp NOW support account can download the controller firmware by using the own NetApp user account.
All other customers are requested to contact the BOSCH Support organisation. The controller firmware package can be downloaded fro mthe NetApp website directly. Revisions can be found at https://mysupport.netapp.com/NOW/cgi-bin/software/ See also: https://mysupport.netapp.com/products/web/ECMLP2854621.html
Additional information is available at NetApp and accessible after user registration. First go to https://mysupport.netapp.com/ to register. Product Release Notes from NetApp: https://mysupport.netapp.com/ecm/ecm_download_file/ECMLP2842060
NetApp Support Bulletin, please view the following URL: https://kb.netapp.com/app/answers/answer_view/a_id/1086731 (As the URL can change any time by NetApp, search for the KB id 1086731)
Steps to update
The E-Series SANtricity ® OS package includes data for simplex controller and duplex controller systems and the firmware file itself.
NVSRAM File for for duplex.
NVSRAM file for simplex
and the controller firmware
Download the latest SANtricity OS software files from the NetApp Support Site to your management client.
From SANtricity System Manager, select Support > Upgrade Center .
In the area labeled “SANtricity OS Software upgrade,” click NetApp Support .
On the NetApp Support Site, click the Downloads tab, and then select Software .
Locate E-Series/EF-Series SANtricity OS (Controller Firmware) .
For the platform, select E2800 , and click Go!
Select the version of SANtricity OS (Controller Firmware) you want to install, and click View & Download .
Follow the online instructions to complete the file download.
Attention: Risk of data loss or risk of damage to the storage array — Do not make changes to the storage array while the upgrade is occurring. Maintain power to the storage array.
Combined firmware package 6.60 – applicable to all platforms
The Release Letter of the combined firmware package for all platforms 6.60.1321 provides information about the dependencies between firmware versions for a better understanding of the upgrade process of devices with older firmware.
CCP4 and CPP6 devices:
Due to an internal file system being introduced to CPP4 and CPP6 since firmware 6.10 and architectural changes thereof, a direct upgrade from firmware below version 6.10 to latest firmware is only possible via intermediate firmware 6.1x.
CPP4 cameras with firmware versions below 6.10 need to upload this package twice. For example, when having firmware 5.92 on a CPP4 device, you need to load the CPP all common firmware file two times: > First time this is loaded the device will be updated to the 6.11.0021 which is part of the common file. > Second time you load the common firmware file, the update to 06.50.0128 will be performed.
CPP6 cameras with firmware versions below 6.10 need to upload the separate firmware version 6.1x first to receive the latest firmware version. This means that intermediate firmware version 6.1x for CPP6 needs to be requested from your technical support. A support ticket to Level 3 team at MKP PRM group via the support ticket system is needed. In case we see a high demand for that a new combined firmware file might be created by PRM. Only after receiving and uploading firmware 6.1x, you can upload combined firmware package for all platforms 6.50.0620 or CPP6 specific firmware 6.50.0128.
This combined firmware cannot be applied to CPP5 products with firmware version older than 5.91. It is required to upgrade to intermediate firmware 5.91 first
This means that intermediate firmware version 5.91 for CPP5 needs to be requested from your technical support. Only after receiving and uploading firmware 5.91, you can upload combined firmware package for all platforms e.g. 6.50.0620 or CPP5 specific firmware 6.30.0059. To find a combined firmware file in the downloadstore you can use the folowing URL syntax: https://downloadstore.boschsecurity.com/index.php?type=fw&filter=CPP
or you use the CPP 6.50 combined file here: https://downloadstore.boschsecurity.com/FILES/KnowledgeBase/CPP_FW_6.50.0620.fw
and Releaseletter of that combined firmware package: https://downloadstore.boschsecurity.com/FILES/KnowledgeBase/Bosch_Releaseletter_CPP_FW_6.50.0620.pdf
Note: Upgrading from versions lower than 5.5x
To upgrade to a newer firmware version using this combined firmware package, firmware versions before 5.5x require an intermediate update cycle using the respective platform firmware version mentioned above.
This firmware and its included platform firmware builds are not applicable to MPEG-4 products.
The final firmware version for VIP-X1600-XFM4 modules is FW 5.53. No newer firmware will be provided for these modules.
Configuration Manager cannot upload this Combined Firmware file to VIP-X1600-XFM4 modules. Use the module’s web page instead for uploading; or use the separate firmware file.
The final firmware version for CPP3 devices is FW 5.74. No newer firmware will be provided for these products.
The Combined Firmware file does not load onto VG4 AUTODOME or AUTODOME Easy II via the browser when running a firmware version before 5.52.0017. The specific platform file should be used instead.
(Note: In case any link might not work to the current DownloadStore, see attached a copy PDF of the Release Letter.)
How to get and request a BOSCH Legacy Firmware:
The procedure to request and get an legacy firmware that is no longer online in the web is as follows:
Customers are kindly requested to reach out to the local BOSCH Support (L1 and L2 team).
Bosch Level 2 will ask for the exact BOSCH Commercial Type Number (CTN). The local BOSCH team can check the Global End of service date. The project background (How many of these devices/cameras) need to be collected.
The relevant BOSCH Technical Support (e.g. Level 2) can explain and check if there is the chance to update the project and included management software in order to be able to use the latest BOSCH device firmware as the goal is to have a non-vulnerable product in productive environments.
In case there is no newer firmware available (hardware was discontinued), a commercial hardware upsell can be recommended.
In general all firmware that is not available on the product catalog, and for all firmware files that are ranked to have vulnerabilities, this need to be documented in a Technical Support case.
In case legacy firmware is anyhow needed and requested by our customers, the Bosch Technical support will start an approval flow. The BOSCH Level 3 Technical Support will provide a form/document that must be signed by the installer/endcustomer. See an example PDF (empty) "Example_Aged_Software_Release_form.pdf" attached to this article. Such a form will be prepared by the BOSCH Level 3 Technical support team and provided to our customer/installer in order to confirm that legacy firmware is then used on the risk of the installer and customer (See text and legal note in the PDF). In the future BOSCH plan to introduce and setup a self-service portal for all customers to simplify this process.
The above mentioned combined firmware 6.50 supports:
CPP7.3 HD and UHD cameras update from FW 6.40 or newer to latest FW 6.50
CPP7 UHD cameras update from FW 6.30 or newer to latest FW 6.50
CPP6 UHD cameras update from FW 6.10 or newer to latest FW 6.50
CPP5 encoders update from FW 5.91 or newer to latest FW 6.30
CPP4 HD cameras update from FW < 6.10 to intermediate FW 6.11 update from FW 6.10 or newer to latest FW 6.50
CPP3 cameras and encoders update from FW 4.54.0026 or newer to latest FW 5.74
CPP-ENC VIP-X1600-XFM4 encoders: update from FW 4.2x or newer to latest FW 5.53 VJT XF and VJD-3000 update to latest FW 5.97
The combined firmware package includes the following build versions:
CPP7.3 FW 6.50.0128
CPP7 H.264 6.50.0128
CPP6 H.264 6.50.0128
CPP5 H.264 6.30.0059
CPP4 H.264 6.50.0128
CPP4 H.264 6.11.0021
CPP3 H.264 5.74.0010
CPP-ENC H.264 5.97.0005 for VJT XF family, VJD-3000 and VJC-7000
CPP-ENC H.264 5.53.0004 for VIP X1600 XFM4
For detailed description please refer to the separate release letters.
Customers can upload such combined firmware packages by using multi-select in the Configuration tool "BOSCH Configuration Manager" (currently available in version 06.01.0157 at the BOSCH DownloadStore or Product catalog > Video Software > Video Management Systems > Configuration Manager)
When using the multi-select option in Configuration Manager, please make sure this combined firmware package for all platforms can be uploaded to all the devices selected and there are no additional requirements or intermediate steps needed for any of the devices in question.
This article has status of 31st of October 2018 and changes in this procedure might be introduced. When changes are done, then this article will be updated. Therefore check this article from time to time.
As video surveillance use grows in commercial, government and private use cases, the need for low-cost storage at scale is growing rapidly. BVMS, Bosch cameras, HPE hardware and SUSE Enterprise Storage provide a platform that is an ideal target for recording these streams.
There are numerous difficulties around storing unstructured video surveillance data at massive scale. Video surveillance data tends to be written only once or become stagnant over time. This stale data takes up valuable space on expensive block and file storage, and yet needs to be available in seconds. With this massive scale, the difficulty of keeping all the data safe and available is also growing. Many existing storage solutions are a challenge to manage and control at such scale. Management silos and user interface limitations make it harder to deploy new storage into business infrastructure.
The solution is software-defined storage (SDS). This is a storage system that delivers a full suite of persistent storage services via an autonomous software stack that can run on an industry standard, commodity hardware platform. Bosch, Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS to the video surveillance industry. Using SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers in a Bosch video surveillance environment simplifies the management of today’s volume of data, and provides the flexibility to scale for all enterprise storage needs.
The full description can be found in the attached whitepaper.
How to terminate a M12 connector for FLEXIDOME micro 5000 MP?
Both RJ45 and M12 plug connectors are available with IEC 11801:2002 Cat5 compliance. This further simplifies the concurrent use of both connector types within a single system. Assembly consists of three easy steps, none of which require specialist tools. The plug connectors, compliant with all standards and fully shielded against EMC interference, are available in four-pin and eight-pin configurations. They can be connected to flexible or rigid wires, with sizes ranging from AWG 26 to AWG 22. This makes the connectors suitable for all Industrial Ethernet transmission systems, Ethernet-based fieldbus systems such as Profinet, and EtherNet/IP up to gigabit speeds. The M12 Quickon connector provides a sturdy metal housing with a plug-and-turn mechanism. A 360 degree shielding connection with an iris spring means the connector is well suited to system environments with large amounts of EMC interference. The compact design of the RJ45 Quickon connector, on the other hand, makes it suitable for horizontal or vertical multi-port connection (as is frequently required by switches, for example). Connector ID rings are available in eight colors to visually aid patch-bay layout.
Autodome 7000 HD, MIC 7000i, and MIC 9000i
Why is the minimum FW version 6.52.0003 for these models?
In November 2018 an internal hardware (HW) change was made to these models that requries this new minimum FW verison. The new HW version isn't bckwards compatible with older FW versions.
If the unit has been upgraded to a higher version, how do I get the 6.52.0003 FW?
This FW verison was only released for these three models, so it isn't available on the Bosch Download Store. At this time, please contact Technical Support to obtain this FW. It will be available on the individual Produvt catalog pages by March 11, 2019 (or sooner).
Video Analytics for Firmware 6.60 and above
Technical Note on Intrusion Detection
The technical Note attached to this article contains detailed technical description of Intrusion Detection, set up guidance for different usage scenarios and best practices. It is useful to get in depth knowledge about Intrusion detection or to find the answer of frequently asked questions.
Intrusion detection without calibration
Learn how to use the default scenario - Intrusion detection no camera calibration: A predefined scenario that can be used to detect intruders in small areas and controlled environments
Intrusion detection one field
Learn how to use the default scenario - Intrusion detection one field: A predefined scenario that can be used to detect intruders in small areas.
Intrusion detection two fields
Learn how to use the default scenario - Intrusion detection two fields: A predefined scenario that can be used to detect intruders in large outdoor areas.
Note: If needed you can get additional how to information on camera calibration.
Keeping an eye on system messages and to collect logging data at a central site just got a whole lot easier
Syslog feature is implemented in all IP BOSCH Products for many years. Since latest firmware versions e.g. Firmware version 6.xx and even more enhanced in firmware 7.1x and later a GUI on the WEB-page of the IP cameras was added. The BOSCH IP cameras as network devices can continuously send system messages via Syslog to a Syslog server software. This funciton must be activated and configured before.
One aspect is to setup a Syslog server that can receive such information and
Inside the IP cameras the IP of such a Syslog server can be configured in order to tell the IP camera to whic hSyslog server the messages should be send to. Enabling this funciton will allow a continous monitoring information even troughout a complete IP camera power cycle (reboot) as the camera starts connecting to the syslog server IP as soon it is getting back online.
Network administrators usually monitor these messages and should also be able to offer and inform about Syslog server IPs to use.
Tools as Syslog server:
There are many different monitoring tools available and common in the market. Configuration and technical analysis functions of those are in responsibility of those software vendors. Examples of some easy tools to start working with can be e.g.:
PRTG NETWORK MONITOR from PAESSLER
Kiwi Syslog Server
EventLog Analyzer from ManageEngine
and many more.
When to make use of SYSLOG
Especially for incidents that happen unpredictable and do not necessarily trigger an alert message can be analyzed with syslog even throughout reboots of equipment (switch reboot / IP camer reboot etc.) as the syslog reconnects to the destination server.
As well in cases were many systems / devices are involved this can be very helpful as the different loginformation can be compared by having the same time bases (Syslog server time when messages arrive). By using the BOSCH Configuration Manager (stand-alone configuration software) or Bosch Configuration Client software (part of BVMS) can help to quickly setup the syslog function for many cameras in just a few mouseclicks. 💡
Via the device webpage or above mentioned configuration tools it is easy to configure loggings that are also sent out via syslog. There are different levels of logging information that can be sent out:
debug logging (on advice of a BOSCH expert)
In addition there is a chance to download recent history of such data (if enabled before) via the configuration section at the device webpages. Details are described in the product manual. For continous long-term monitoring the syslog function is best choice.
Please feel free to get contact with your Level 1 support contact and if needed 2nd Levle support agent to get commands for section (3) debug logging syslog printouts if needed.
Which Bosch encoders and decoders are compatible with BVMS?
Up until some years ago, new released cameras, encoders, domes and decoders that are introduced into market after a BVMS release could not be connected to an existing BVMS version because these cameras where not known to the BVMS. In the BVMS 4.5.1, a new concept was introduced. This concept treats Bosch video encoders and decoders as generic devices, and automatically recognizes specific device functionality (for example the number of streams, relays and inputs). Based on this information the, at that time, unknown device is added to the system and can be used by the operator. The attached document provides a detailed description of this functionality.
MTU and MSS
MTU stands for "Maximum Transmission Unit."
MTU is a networking term that defines the largest packet size that can be sent over a network connection. The MTU is typically limited by the type of connection, but may sometimes be adjusted IT network settings. The typical value of the Network MTU is 1514 Byte. If a system sends packets over an Ethernet network that are larger than this size, the data will be fragmented into smaller packets. When referring to Ethernet MTU this includes 4 Byte checksum. The 1514 Byte is the interface MTU without the Ethernet Checksum.
In cae there are limitations by the type of connection, the packets will then need to be reassembled on the receiving side (e.g. Bosch video management software or Bosch hardware decoder). However, it can be beneficial to optimize the packet size on the sender side (e.g. IP camera) to the exisitng network infrastructure.
As MTU maximum packet size is layer 1 related, the IP MTU that you can be adjusted at the BOSCH device configuration (Configuration Webpages or with the help fo BOSCH configuraiton software like "Configuraiton Manager"). The BOSCH GUI refers to this as “Network MTU”. BOSCH products can manage fragmented data.
MSS stands for "Maximum Segment Size"
The MSS value is calculated from the MTU. MSS = MTU – (layer 3 TCP header [20 Byte] + Layer 2 IP header [20 Byte]+ Layer Ethernet 1 [6+6+2 = 14 Byte])
For example looking at CPP 6 Platform – like FLEXIDOME IP panoramic 7000 MP in Firmware version 6.50.0128 you can adjust and find the following values:
Network MSS (in Byte) - default value = 1460
iSCSI MSS (in Byte) – default = 1460
Network MTU (in Byte) – default = 1514
MTU and MSS can be adjusted at all released firmware versions 4.x and later.
Here some screenshots as example based on Firmware 06.50.0128