BVMS Mobile Video Service - Creating a Self-Signed Certificate to establish a trusted connection
Some sites may request or require that the connection to the Mobile Video Service is a trusted connection. The following procedure will allow you to create a self signed certificate to allow a trusted connection between a web browser and MVS.
-Navigate to the Microsoft Management Console
Run command mmc.exe
Go to File ---> Add/Remove Snap-in…
Highlight Certificates and Add for Computer Account
You should see certificates listed for Local Computer
Save a copy of this console to the Desktop
-Run Windows PowerShell ‘as administrator’ on the MVS Server
Run the following commands in Windows Power Shell to create the self-signed certificate including the IP address of the MVS and the DNS name so both will work when accessing from a web browser.
$todaydt = Get-Date
$20years = $todaydt.AddYears(20)
New-SelfSignedCertificate -DnsName "mvsIPaddress",”DNSname” -notafter $20years
If creation was successful, you will see a thumbprint with a hash as well as the subject CN=ipaddress
-Navigate back to your saved MMC console
Find the newly created certificate under the Personal ---> Certificates directory
Copy the Certificate to Trusted Root Certification Authorities ---> Certificates directory
-Navigate to the IIS Manager
Highlight the server machine name on the top-left and then double-click Server Certificates
Double-click the created certificate and verify that a private key corresponds to the certificate and that the certificate is OK under the Certification Path
Expand the server machine name on the left to reveal the Sites
Select Bindings… on the far right-hand side
Edit the Binding for 443
Select the newly created certificate under the SSL certificate dropdown
Click Yes that you want to change the binding
Add… new binding
Choose BoschVms in the SSL certificate dropdown
-Navigate to the BVMS Config Client to edit the MVS URL
Change the MVS URL to reflect port 444
Red X should go away
Save/Activate (BVMS will be bound on the new port and still be able to communicate with the MVS server
-Open Internet Explorer (as administrator) and navigate to the MVS URL using the IP address or the DNS Name
Continue to the site with the certificate error
Click on the certificate error in the navigation bar
Click View Certificates and then Install Certificate
Install for the Local Machine
Place certificate in the Trusted Root Certification Authorities store
Click Finish and close out the browser
Open IE again and navigate back to the MVS. There should be no more error.
*The reason behind changing the port to 444 is to make browser access for basic users easier. This way basic users only have to enter the IP address or DNS name and do not have to enter a special port in the URL.
Possible Communication Issue between BVMS 8.0 Central Server and Video Recording Manager (VRM) 3.7x with BVMS 8.0 installed on different Servers.
Communication can get interrupted and configuraiton might fail if the below desribed actions are not performed. If your system is affected or not is described here as follows:
There can be authentication issues between the BVMS Central Server and the Video Recording Manager in case they are installed on different Servers.
It is possible to see reports at the BVMS 8.x system alarms that VRM reports wrong version
Please check in the VRM debug logging if the following logline indications can be found
CONFIG;DEBUG;SENDING XPATH /SYSTEM/DEVICES/DEVICE as well as HAS NO CONFIGURED NODE, SET TO CONFIGURED
CONFIG;INTERNAL;/SYSTEM/DEVICES CHANGED IN CONFIG. DEVICEID= [DEVICE IP]\0;SYSINFO;INTERNAL;LINE 1 HAS NO CONFIGURED NODE, SET TO CONFIGURED
In general please keep in mind, that it is strongly recommended to use VRM 3.71.00xx with BVMS 8.0. Do not use any older VRM version like 03.71.0022. The 03.71.0029 and Releaseletter is available at the BOSCH DownloadStore (status update 2018-10-26). https://downloadstore.boschsecurity.com/FILES/Setup_VRM_03.71.0029_win32.zip Release Letter: https://downloadstore.boschsecurity.com/FILES/Bosch_Releaseletter_VRM_3.71.0029.pdf
At the VRM system / server, please check and ensure that the following Microsoft software packages are pre-installed:
.NET framework 4.6.2 or higher
Redistributables for Visual Studio 2015
In case one component is missing, please perform the following steps:
Download the missing Microsoft components. Note: When using BVMS 8.0 the VRM is typically a 32-Bit VRM software. Therefore the 32-Bit Microsoft packages are needed. Component that was seen as missing is the >> “Visual C++ Redistributable for Visual Studio 2015” https://www.microsoft.com/en-US/download/details.aspx?id=4814 Please choose the 32-Bit version of that when using with 32-Bit VRM and the >> .NET framework 4.6.2 or higher (NDP462-KB3151800-x86-x64-AllOS-ENU.exe) https://www.microsoft.com/en-US/download/details.aspx?id=53344
Stop the VRM (rms.exe) service in Windows services
Install those components with Administrator rights at the VRM server Reboot the server after installation of the Microsoft components
Check if the VRM service is running and if needed Re-Start the VRM (rms.exe) service
Check that the combination of messages are not longer seen in the VRM debug logging
The VRM package is enhanced and useres should no longer run into this issue with VRM 3.81 and newer versions. Please be aware that BVMS releases are tested with certain VRM verions. This still can offer to install a newer VRM than originally rolled-out in the BVMS overall installer. For all VRM versions 3.7x and below 3.81 it is needed to add this packages.
BVMS, Operator Client
This article describes the initial information needed to start troubleshooting Operator Client Crash.
Needed information and logs from the customer:
1. Note down the events that lead to crash
2. Classify the crash
reproducible crashes that trigger Windows Error Reporting
crashes/hangs/freezes that are hard to reproduce, or take long before repeating
3. Provide the following logs:
Dump file from the crash – refer to the following article ( https://community.boschsecurity.com/t5/Security-Video/How-To-create-BVMS-memory-dump/ta-p/7326 )
ConfigCollection from the machine where the crashing Operator Client is running.
Status February 25, 2017
BOSCH offers and confirms that since February 2017 the firmware version 3.180.05-1562 can be used with the LSI MegaRAID Controller. In case there are newer versions supported and recommended with BOSCH DIVAR IP this will be announced in cooperation with the Product Management.
For DIVAR IP units (e.g. DIVAR IP 6000) BOSCH BT Security & Safety Systems offers an firmware update for the internal MegaRADI Controller.
It could happen that in the Megaraid Software the user can see potential non-optimal configuration due, PD commissioned as Emergency Spare error.
There is an article as well from hardware partner: http://www.supermicro.com.tw/support/faqs/faq.cfm?faq=19518
Here we provide the steps to update a DIVAR IP system:
Using MegaRAID Storage Manager utility under OS
1) Open MSM, Right click on Supermicro MegaRAID controller to be updated and click Update Controller Firmware
2) Click Browse to search for new firmware
3) Select the new MegaRAID controller firmware
4) Click OK to continue
5) Check the “Confirm” box and click OK to continue
*** Wait for around 1~2 minutes to complete
6) Click OK once firmware update completed
7) Reboot the system and check firmware version in controller OPROM banner during boot. At the section Revision you can see version 3.180.05-1562
😎 Check firmware version using MSM in OS When selecting the "Supermicro SMC 2208 (Bus1, Dev 0) device you can see on the right the "Firmware Version" = 3.180.05-1562
The firmware *.rom filw is available via the following link - inside the ZIP file:
This Firmware Version is subject of change. Any new version must be announce by BOSCH PRM responsible for DIVAR IP via the BT-ST/ETP-MKP2 organisation and BOSCH support at BT-ASA here in the BOSCH Knowledge Base.
This article provides you with information related to the Windows Firewall, how to access, configure and adjust it.
A firewall is a program installed on your machine or a piece of hardware in your network, that uses a rule-set to block or allow access to a computer, server or network. It seperatres dedicated network segments, likly your LAN from the Internet. Firewalls can permit traffic to be routed through a specific port to a program or destination, while blocking all other traffic.
The Windows Firewall interface can be accessed multiple ways. The way we will look during this TB is via the Windows search function.
Click the Windows icon and type in “firewall“. Then, click on the “Windows Firewall with Advanced Security” icon.
The GUI provides you a general overview, about the basic function of the software. Displaying the current status of the firewall also which profiles are currently set up. By default the firewall should be enabled.
We strongly recommend that the Windows Firewall is enabled on all your Bosch devices featuring a Windows Operating System.
There are 3 different profiles within your Windows Firewall, which are simply groups of different firewall rule-sets, depending where your machine is currently connected.
Public Profile: This profile is used when the computer is connected directly to a public network like a restaurant, library or airport. This profile should be the most restrictive because security is usually not well controlled in public places.
Private Profile: This profile is used if your are only connected to a private network, not directly to the Internet. In these cases, your device is located behind a router or hardware firewall. Which allows to set this profil less restrictive.
Domain Profile: This profile is used when the machine is connected to a domain controller, which in turn is controlling a windows domain. This profile should be the least restrictive of the other profiles because security is usually very well controlled within a domain.
by default the Windows Firewall behavior is the following:
Windows Firewall never blocks outgoing traffic. Any requests sent out from the server will not be hindered in any way.
Windows Firewall blocks all incoming traffic, except for traffic that is in responses to a request. This means that if you make a request to Google, Google’s inbound reply to your outbound request will not be blocked.
Windows Firewall blocks all other traffic. This means that any traffic that is not explicitly allowed is blocked in the firewall.
In the Windows Firewall we can filter connection in two different kinds: port exceptions (rule assigned to a dedicated port number) and program exception (rule assigned to a dedicated program)
In general we need to distinguish between the inbound (frome somewhere to your machine) and outbound (from your machine to somewhere) rule-set.
Open a port in the firewall (inbound rule)
In the Windows Firewall with Advanced Security window, right-click "Inbound Rules", and then click "New Rule..." in the action pane.
"Rule Type" dialog box, select "Port" depending on your need and then click "Next".
In the "Protocol and Ports" dialog box, select "TCP". Then select "Specific local Ports", and then type the port number and then click "Next".
In the "Action" dialog box, select "Allow the connection" and then click "Next".
In the "Profile" dialog box, select any profiles that apply and then click "Next". (We have allowed all three for demonstration purposes, your selection may vary.)
In the "Name" dialog box, type a name and description for this rule, and then click "Finish".
At this point, you will now see a new rule in the main firewall rules in the center section, as well as a new listing in the right window panel.
Open a program in the firewall (inbound rule)
Click on the "Inbound Rules" option on the top left of the firewall interface. Then, click on the "New rule…"
Under "Rule Type" dialog box, select the option "Program" and then click "Next".
Select the option "This Program path" browse to the path/location of the program and click "Next".
Next, we select the option “Allow the connection” and then click “Next”.
Select the "Profile" the rule will be applied to and click "Next". (We have allowed all three for demonstration purposes, your selection may vary.)
Select a "Name" and "Description" for this rule and then Click “Finish”.
At this point, you will be dropped back to the main firewall screen. You will now see a new rule in the main firewall rules in the center section, as well as a new listing in the right window pane
Edit a port / program in the firewall
Right-click on the rule which will open a context menu. Then click "Properties" and adjust the rule according your needs .
Close a port / program in the firewall
Right-click on the rule which will open a context menu. Then click " Delete".
Adjust program rule after BVMS upgrade
In case you upgraded your current BVMS up to BVMS10, refering to the article TSG-Upgrading-VRM-from-32bit-to-64bit you need to adjust the inbound + outbound rule "Bosch VRM Server" and "USB Transcoder".
Therefore right-click on the rule which will open a context menu. Then click "Properties" and adjust the programs path to:
Bosch VRM Server: "C:\Program Files\Bosch\Video Recording Manager\VRM Server\bin\rms.exe"
USB Transcoder: "C:\Program Files (x86)\Bosch\Video Recording Manager\VRM Server\bin\usbsvc.exe" Keep in mind, that you need to perform this action on all four rules (inbound and outbound)
Alternatively download the attachment set_fw_rules.zip (1 KB) locally to your device, extract the archive and run the PowerShell script "set_fw_rule_trancoder.ps1" as administrator. The script will adjust all necessary rules.
Which Bosch encoders and decoders are compatible with BVMS?
Up until some years ago, new released cameras, encoders, domes and decoders that are introduced into market after a BVMS release could not be connected to an existing BVMS version because these cameras where not known to the BVMS. In the BVMS 4.5.1, a new concept was introduced. This concept treats Bosch video encoders and decoders as generic devices, and automatically recognizes specific device functionality (for example the number of streams, relays and inputs). Based on this information the, at that time, unknown device is added to the system and can be used by the operator. The attached document provides a detailed description of this functionality.
What's new in version 1.3.1?
Dear users, thank you for working with the Bosch Project Assistant. Based on your feedback, we have introduced the following improvements and features to make its use even more effective and enjoyable: • Sorting option on project overview page • Easier and faster removal of cameras from a project • Time server support • Re-commissioning support for VRM-managed cameras (focus on Flexidome IP 8000i) • Configuration mismatch (between project/app and camera) resolution dialog • Integration of Bosch Portable camera installation tool (NPD-3001-WAP), i.e. automatic detection of its wireless access point, management of multiple tools, and configuration of the tool’s network settings within the app
Please check out the updated article " How-to: connect to and configure the portable camera installation tool ". Here we have added new videos that help you to get started and which explain the sepcifics of the different platforms - iOS, Android and Windows.
Your Bosch Security App Team
PS: For details, please have a look at the latest release letter in our Bosch Security Download Area.
In situations when you need to commission a camera that it not yet connected to the network and / or has no power supply, the Bosch portable installation tool can help:
Fast on-site commissioning solution with Bosch Project Assistant app
Highly portable, lightweight and compact installation tool
Rechargeable high capacity Lithium-ion battery
No dependency on available network and power infrastructure
The following video shows you how to connect the device and how to configure it in order to align the device's and the cameras' target network settings:
This is the old way as for Project Assistant versions < 1.3:
This is the easier and more convenient way introduced with Project Assistant 1.3.1:
1) Project Mode
2) Single Camera Mode
Wi-Fi interaction between the Bosch Portable Installation Tool and the Project Assistant differs slightly between the three platforms (Windows, iOS and Android). Please refer to the videos above for details
Automatic detection of the tool’s Wi-Fi access point within the app might not work, if the tool was previously connected to / added to the list known Wi-Fi networks in the phone’s or PC’s Wi-Fi settings, i.e. the first time connection was established outside of the Project Assistant. Remove the tool’s Wi-Fi network from the list of known networks of your phone/PC and re-connect from within the Project Assistant.
Wi-Fi access point is set to factory default by pressing the reset button on the (physical) Wi-Fi module of the Bosch Portable Installation tool
Your Bosch Security App Team
What is the decoding performance of BVMS? How many cameras can I open on the screen before the systems is overloaded (and frames are being dropped)?
The BVMS client performance overview is attached to this article and shows, based on several workstation configurations and a specific BVMS version, how many cameras can be opened before the workstation is overloaded.
The attached document aims to provide concerned parties, such as customers, users, operators or consultants, with an overview of data privacy and protection related features of BVMS Person Identification. Moreover, this document describes how data, as processed during the Person Identification steps, can be classified. Finally, this document lists technical measures for data protection in the context of BVMS Person Identification.
As video surveillance use grows in commercial, government and private use cases, the need for low-cost storage at scale is growing rapidly. BVMS, Bosch cameras, HPE hardware and SUSE Enterprise Storage provide a platform that is an ideal target for recording these streams.
There are numerous difficulties around storing unstructured video surveillance data at massive scale. Video surveillance data tends to be written only once or become stagnant over time. This stale data takes up valuable space on expensive block and file storage, and yet needs to be available in seconds. With this massive scale, the difficulty of keeping all the data safe and available is also growing. Many existing storage solutions are a challenge to manage and control at such scale. Management silos and user interface limitations make it harder to deploy new storage into business infrastructure.
The solution is software-defined storage (SDS). This is a storage system that delivers a full suite of persistent storage services via an autonomous software stack that can run on an industry standard, commodity hardware platform. Bosch, Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS to the video surveillance industry. Using SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers in a Bosch video surveillance environment simplifies the management of today’s volume of data, and provides the flexibility to scale for all enterprise storage needs.
The full description can be found in the attached whitepaper.
How can I protect my security system, from an IT security perspective?
The attached document explains how the security system can be hardened. Additionally the BVMS - Network Design Guide includes best practices for desgning a secure network.
Trying out the BVMS Lite is easy! Download BVMS Lite from the downloadstore and use the quick installation guide to set-up the system. BVMS Lite contains 8 video channels, 2 workstations, 1 DVR, 2 keyboards, and 1 intrusion panel and can be used without a time limit. BVMS Lite can be expanded to 42 channels using license extensions.
A step-by-step instruction on how to install the BVMS Lite license can also be found as an attachment to this page.
DIVAR IP 7000R2 and DIVAR IP 6000R2
DIVAR IP 6000 2U W/O HDD
DIVAR IP 6000 2U 4X3TB
DIVAR IP 6000 2U 8X3TB
DIVAR IP 6000 2U 4X4TB
DIVAR IP 6000 2U 8X4TB
DIVAR IP 6000 3U W/O HDD
DIVAR IP 6000 3U 16X3TB
DIVAR IP 6000 3U 16X4TB
DIVAR IP 7000 2U W/O HDD (R2)
DIVAR IP 7000 2U 4X3TB (R2)
DIVAR IP 7000 2U 8X3TB (R2)
DIVAR IP 7000 2U 8X3TB (R2)
DIVAR IP 7000 2U 8X4TB (R2)
DIVAR IP 7000 3U W/O HDD (R2)
DIVAR IP 7000 3U 16X3TB (R2)
4000GB HDD DIVAR IP 6000/7000
For recovery of DIVAR IP 6000 R2 or DIVAR IP 7000 R2 one should use only the DVD provided with the particular device. Do not use the DVD for recovery if you are not sure that it is the one delivered with the system. In case the DVD is lost or damaged request the respective ISO image from Bosch Technical Support.
Request the ISO image from Bosch Technical Support:
Provide the Serial Number of the device
What is the reason for the recovery
Why it is not possible to use the recovery DVD
This troubleshooting guide, will guide you through the recovery steps of an DIP, without video data loss
General note: Using a Bosch DIP system without video data disks is a non supported use case, its mandatory to equip the system with data disks to recover the system.
Step 1 - Preperation
Download the attachment repair.zip and unzip the content
Prepare an USB-stick, rename it to SCRIPT
Copy the repair.txt extracted of the attachment on the USB-stick
Insert the USB-stick into an USB-slot of your machine
Insert the BOSCH r ecovery DVD into the DVD-drive
Step 2 - Create RAiD1
Boot the machine and enter the Intel RAiD MENU pressing CTRL + I
Navigate to CREATE RAiD VOLUME and hit enter
Set RAiD level to RAiD1(Mirror), navigate to CREATE VOLUME and hit enter
Exit the RAiD controller, navigate to EXIT and hit enter
Reboot the machine (e.g. press CTRL + ALT + DEL)
Step 3 - System Recovery
During the reboot, boot from DVD, press ENTER as the line will displayed
In the System Management Utility, click on CONSOLE
Type into command line "diskpart.exe" hit enter
Type into command line "list volume" hit enter and search for your USB-stick called SCRIPT, note down the assigned drive letter (LTR)
End diskpart.exe by typing on the command line "exit" hit enter
Type into the command line "diskpart.exe /s [YOUR_USB_DRIVE_LETTER]:\repair.txt" hit enter
Wait until the script has been finished and CLOSE the console
Step 4 - System Recovery
On the System Management Utililty click on SYSTEM RECOVERY (back to factory default)
NOTE: Do not select Initial Factory Setup, this will wipe all existing data!
As the recovery has been completed, click on OK to confirm and reboot
Do not eject the DVD and follow the instructions on your screen to initialize the system.
have you ever wondered how to best transition from the Project Assistant to (B)VMS?
This article aims at providing you a recommendation and the answer is quite simple: Use the Project Assistant to its full extent and once the cameras are connected to the target network, perform a network scan using the BVMS Configuration Client, to add the respective cameras to the system. The remaining fine-grained settings can then be tackled within BVMS.
For details, please check out the attached presentation.
Let us know, if you have further questions and share your comments below.
Your Bosch Security App Team
How can I combine a ISS SecureOS Auto system (providing ANPR functionality) with a BVMS system?
The attached document describes the steps how to configure BVMS and the ISS SecureOS Auto system for achieving watchlist ANPR alarms and recorded ANPR detections into the BVMS logbook.