BVMS Mobile Video Service - Creating a Self-Signed Certificate to establish a trusted connection
Some sites may request or require that the connection to the Mobile Video Service is a trusted connection. The following procedure will allow you to create a self signed certificate to allow a trusted connection between a web browser and MVS.
-Navigate to the Microsoft Management Console
Run command mmc.exe
Go to File ---> Add/Remove Snap-in…
Highlight Certificates and Add for Computer Account
You should see certificates listed for Local Computer
Save a copy of this console to the Desktop
-Run Windows PowerShell ‘as administrator’ on the MVS Server
Run the following commands in Windows Power Shell to create the self-signed certificate including the IP address of the MVS and the DNS name so both will work when accessing from a web browser.
$todaydt = Get-Date
$20years = $todaydt.AddYears(20)
New-SelfSignedCertificate -DnsName "mvsIPaddress",”DNSname” -notafter $20years
If creation was successful, you will see a thumbprint with a hash as well as the subject CN=ipaddress
-Navigate back to your saved MMC console
Find the newly created certificate under the Personal ---> Certificates directory
Copy the Certificate to Trusted Root Certification Authorities ---> Certificates directory
-Navigate to the IIS Manager
Highlight the server machine name on the top-left and then double-click Server Certificates
Double-click the created certificate and verify that a private key corresponds to the certificate and that the certificate is OK under the Certification Path
Expand the server machine name on the left to reveal the Sites
Select Bindings… on the far right-hand side
Edit the Binding for 443
Select the newly created certificate under the SSL certificate dropdown
Click Yes that you want to change the binding
Add… new binding
Choose BoschVms in the SSL certificate dropdown
-Navigate to the BVMS Config Client to edit the MVS URL
Change the MVS URL to reflect port 444
Red X should go away
Save/Activate (BVMS will be bound on the new port and still be able to communicate with the MVS server
-Open Internet Explorer (as administrator) and navigate to the MVS URL using the IP address or the DNS Name
Continue to the site with the certificate error
Click on the certificate error in the navigation bar
Click View Certificates and then Install Certificate
Install for the Local Machine
Place certificate in the Trusted Root Certification Authorities store
Click Finish and close out the browser
Open IE again and navigate back to the MVS. There should be no more error.
*The reason behind changing the port to 444 is to make browser access for basic users easier. This way basic users only have to enter the IP address or DNS name and do not have to enter a special port in the URL.
BVMS Lite and BVMS Viewer are BVMS editions that you can download and activate free-of-charge.
How can I set-up a basic (live and recorded video) BVMS system?
First, you need to download the software package, active the BVMS Lite license and install the software. This is described in this article: BVMS - Activating a license.
Second, you need to prepare an iSCSI environment which is suitable for recording video. Any Windows Server based operating system will do. This is described in this article: BVMS - Configuring a Microsoft iSCSI target.
Last, you need to add cameras to the system and start the recording. This is described in this youtube video: How to add a new camera using Configuration Client (BVMS).
Now, have a look at the Operator Client quick guide and you're ready to go!
Where can I get more information on advanced functionality?
Once the software (configuration client or operator client) is running you can press F1 at any time to open the embedded software help! All of the advanced functionality BVMS offers is explained in the help files.
How can I combine a ISS SecureOS Auto system (providing ANPR functionality) with a BVMS system?
The attached document describes the steps how to configure BVMS and the ISS SecureOS Auto system for achieving watchlist ANPR alarms and recorded ANPR detections into the BVMS logbook.
What is the decoding performance of BVMS? How many cameras can I open on the screen before the systems is overloaded (and frames are being dropped)?
The BVMS client performance overview is attached to this article and shows, based on several workstation configurations and a specific BVMS version, how many cameras can be opened before the workstation is overloaded.
How can I migrate the full configuration (including server configuration and user settings) of a BVMS system from one server to another?
(please note that, currently, the export mechanisms provided in the BVMS Configuration Client do not export the userdata. This is a known problem and being worked on. Until then this work-around should be applied).
Stop the BVMS Central Server service on the existing server from the Windows task manager or Services overview.
Stop the BVMS Central Server service on the new server from the Windows task manager or Services overview.
Copy the contents of the directory C:\programdata\Bosch\VMS\UserData on the existing server to the same directory on the new server (via the network or other media).
Copy the "elements.bvms" file located in the directory C:\programdata\Bosch\VMS\ on the existing server to the same location on the new server (via the network or other media).
Start the BVMS Central Server service on the new server from the Windows task manager or Services overview.
In August 2018 (10-08-2018) the VRM version 03.71.0029 was released.
The Video Recording Manager 03.71.0029 is fully supported with BVMS 8.0 and Product Management of BVMS and VRM recommend to use this VRM version instead of the former Release version of VRM 03.70.0056.
Changes / Bug Fixes:
One of the main bugfix reasons to use VRM 03.71.0029 is a fix in regards to correct display and replay of recorded clips in continous and alarm recording mode. This fix is listed on page 2 of hte attached Relase Letter.
For Troubleshooting and support reasons it is essential to double-check a reported gap in recording and to analyze on Level 2 and Level 3 support side what circoumstanced could lead to a video gap. See in the following chapter what kind of data a trained BOSCH partner, Installer or Video expert should provide to the BOSCH Technical Support to advise on next steps. The data described here below can and should be collected before the software VRM is changed and updated to a latger version. Note: Video Recording Manager version 03.71.0029 is not the latest available version of VRM, but in combination with other 3rd party implemantation or usage of special BOSCH VMS software version (e.g. BVMS 8.0) this VRM version 03.71.0029 may be required.
VRM logging to collect for in depth expert troubleshooting
In certain situations and troubleshooting scenarios extended logfiles might be required. The BOSCH Level 1 and BOSCH Level 2 team will assist all users on how to collect these data and cooperate with the BOSCH Level 3 Support where needed.
Backup the configuration of BVMS and VRM (BVMS elements and VRM config.xml file)
Enable debug logging of the VRM Depending on the used Configuraiton Software the debug logging need to be enabled to get an extended logging informaiton. In case a gap in recording happened in the past it is anyhow helpful to enable the debug logging for a defined time for future incidents. To analyze the already occured video recording gap the available VRM logging must be collected.
Depending on 32-Bit or 64-Bit version of the VRM software, the loggings are found in the "primary" or "secondary" sub-directory structure. Surch for ...\Bosch\Video Recording Manager\VRM Server folder at your VRM server to find a similar directory view like shown in the screenshot here below:
Inside the directory "log" the standard logging data of the VRM are found and need to bre collected. In addition to the standard logfiles of the relevant day, the debug logging from a defined time period need to be provided in case debug logging was enabled prior to an incident.
Here the "debug" logfiles are found: The debug loggins are saved in a special directory "debug".
The Spanhistory logging does provide details of the storage usage. It describes which internal "storage block" was used. It describes the IP of the target, the LUN and the block used for a recording. The Spanhistory of the day where the recording was done and shows issues (e.g. the video reocriding gap), the related spanhistory logfiles is required.
As seen in an earlier screenshot above the VRM configuration file is found in the directory: ...\Bosch\Video Recording Manager\VRM Server\primaryAll versions of the config.xml need to be provided to the Technical Support.
Bosch software is distributed via the Bosch website, but can also be re-distributed by Bosch partners. It is important for the system-installer to check if the installation file he or she has received, matches exactly with the output of the engineering process. There are several risks that, in the distribution path, changes are made to the installation file. Keyloggers or other spyware could be added to the installation, or in theory video surveillance footage could be routed to external resources.
The attached document describes how the integrity of software can be checked.
The VRM eXport wizard is a tool that allows you to export video directly from the VRM. You can find the VRM eXport wizard setup file in the bonus directory of the BVMS zip file. Exports made with the VRM eXport Wizard 1.20.0010 can be open in BVMS (Viewer) 9.0 or newer. The attached document describes how to use the VRM eXport Wizard. BVMS 10 comes with the VRM eXport Wizard 1.20.0016.
How can I use "virtual" cameras to demonstrate BVMS?
Demonstrating a video surveillance system typically requires a couple of cameras. However, when you only have a couple of cameras, the screen can look boring and empty. Did you know you can use the video streaming gateway to pull in any online JPEG picture as a camera into BVMS? This makes your demonstration more interesting! Additionally, you can set-up your own webserver and host customer JPEG images yourself. You can find a warehouse example below, fully based on JPEG based static images.
The attached document describes how to configure JPEG cameras.
My customers asks me to store the field of view of the cameras connected to BVMS. Is there an easy way to achieve this without opening every camera manually?
The embedded BVMS script engine makes this easy to achieve. The attached document explains how to achieve this and included an example script.
Compared to hardware, in which it is relatively easy to define an end-of-support concept based on the expected lifetime, software behaves totally different. In theory, when the environment does not change, software can still be running ten years after it has been installed. As new versions of the software are released regularly, it is important for customers to know what they can expect from Bosch Building Technologies when the software is purchased. This document describes how Bosch Building Technologies handles the life-cycle of the BVMS, BIS, AMS, and APE, and in which state a specific release can reside. Additionally this document lists the up-to-date situation for all of those software packages.
The attached document aims to provide concerned parties, such as customers, users, operators or consultants, with an overview of data privacy and protection related features of BVMS Person Identification. Moreover, this document describes how data, as processed during the Person Identification steps, can be classified. Finally, this document lists technical measures for data protection in the context of BVMS Person Identification.
As video surveillance use grows in commercial, government and private use cases, the need for low-cost storage at scale is growing rapidly. BVMS, Bosch cameras, HPE hardware and SUSE Enterprise Storage provide a platform that is an ideal target for recording these streams.
There are numerous difficulties around storing unstructured video surveillance data at massive scale. Video surveillance data tends to be written only once or become stagnant over time. This stale data takes up valuable space on expensive block and file storage, and yet needs to be available in seconds. With this massive scale, the difficulty of keeping all the data safe and available is also growing. Many existing storage solutions are a challenge to manage and control at such scale. Management silos and user interface limitations make it harder to deploy new storage into business infrastructure.
The solution is software-defined storage (SDS). This is a storage system that delivers a full suite of persistent storage services via an autonomous software stack that can run on an industry standard, commodity hardware platform. Bosch, Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS to the video surveillance industry. Using SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers in a Bosch video surveillance environment simplifies the management of today’s volume of data, and provides the flexibility to scale for all enterprise storage needs.
The full description can be found in the attached whitepaper.
How can I protect my security system, from an IT security perspective?
The attached document explains how the security system can be hardened. Additionally the BVMS - Network Design Guide includes best practices for desgning a secure network.
How can I find the source (details of the workstation) and credentials that are used to attempt to login into BVMS (when the attempt has failed)?
The username that is used to login is saved into the BVMS logbook and can be found by searching the logbook from the Operator Client (username of login is "blabla").
The details of the workstation (mainly the IP address) is logged into the BVMS client log files. These can be found on the workstations in the directory: C:\ProgramData\Bosch\VMS\Log
(Hint: for log file analysis a lot of free / open source tools are available. Snaketail is one of these tools, and can be found here.)
Open the BVMSClientLog.txt (there could be multiple files which are all related to a different timeframe) and search for the phrase "InvalidCredentialException". If an user has tried to login to the system the following log lines should be present in the log file:
2019-03-17 18:31:53,668 75516 [GUI Thread] INFO Bosch.Vms.Frontend.OpClient.Wcf.DataAccessServiceClient ConnectAndAuthenticate - Call failed with InvalidCredentialException
2019-03-17 18:31:53,670 75518 [GUI Thread] INFO Bosch.Vms.Frontend.OpClient.ServerManagement.CentralServerManager AuthenticateAtMainServer - Main-Server 192.168.20.190: WCF online authentication result is WrongUserOrPassword
This needs to be checked for every workstation which runs the BVMS Operator Client.
The Software "VIDOS" or "VIDSO-NVR" with the replay tool "Archive Player for VIDOS" are all rather outdated former software developments of BOSCH ST.
We kindly request all our partners and customers in the need to get technical support on license transfers to get in contact with a local BOSCH team (e.g. Sales contact person). Level 2 Support / ASA organization can assist and help you to find a correct contact person as well, but a support ticket should and can no longer be created as license transfers are no longer offered for discontinued and outdated software.
Status of Aug 3, 2018
In many countries, the VIDOS Software went end of live 2011. With this announcement, we inform about the discontinuation of the software maintenance and license transfers. Please be aware of the EOL status (End of life). EOL was rolled out globally in June 30, 2011 with some exceptions in North America. December 31, 2012 and later it was no longer possible to purchase the software. End of 2015 License management was restricted. Due to many other changes (Operating system limitations and not state of the art security support), it is anyhow no longer possible to use those software. BOSCH does offer for a long time other software generations and we offer migration support from commercial side to find software today that can meet the needs in projects.
Since 2018-08-03, BOSCH Support can no longer offer license transfers for VIDOS and similar former Software packages.
Following Type Number and SAP Number is included:
For more details you can check with the Technical Support for video products at BOSCH in your region.