Bosch software is distributed via the Bosch website, but can also be re-distributed by Bosch partners. It is important for the system-installer to check if the installation file he or she has received, matches exactly with the output of the engineering process. There are several risks that, in the distribution path, changes are made to the installation file. Keyloggers or other spyware could be added to the installation, or in theory video surveillance footage could be routed to external resources.
The attached document describes how the integrity of software can be checked.
The attached technical notes give a short introduction to scripting alarm and counter tasks with Intelligent and Essential Video Analytics in FW 6.60. It also provides a broad selection of example scripts for explanation as well as including real world application examples.
The BVMS Operator Cliet can be automatically logged in by using parameterized startup. For this, a new shortcut to the OperatorClient.exe needs to be created, and the target of the shortcut needs to be adjusted. The text between ** needs to be adjusted to the specific situation.
"*BVMS installation directory*\bin\OperatorClient.exe" /user="*username*" /password="*password*" /connection="*ip address*"
"C:\Program Files\BOSCH\VMS\bin\OperatorClient.exe" /user="Admin" /password="password123" /connection="192.168.20.120"
The connection parameter works with BVMS 9.0 and newer. The username and password parameters are working from BVMS 5.0 onwards.
The username and password are stored as cleartext in the target of the shortcut, which could be considered a security risk.
Possible Communication Issue between BVMS 8.0 Central Server and Video Recording Manager (VRM) 3.7x with BVMS 8.0 installed on different Servers.
Communication can get interrupted and configuraiton might fail if the below desribed actions are not performed. If your system is affected or not is described here as follows:
There can be authentication issues between the BVMS Central Server and the Video Recording Manager in case they are installed on different Servers.
It is possible to see reports at the BVMS 8.x system alarms that VRM reports wrong version
Please check in the VRM debug logging if the following logline indications can be found
CONFIG;DEBUG;SENDING XPATH /SYSTEM/DEVICES/DEVICE as well as HAS NO CONFIGURED NODE, SET TO CONFIGURED
CONFIG;INTERNAL;/SYSTEM/DEVICES CHANGED IN CONFIG. DEVICEID= [DEVICE IP]\0;SYSINFO;INTERNAL;LINE 1 HAS NO CONFIGURED NODE, SET TO CONFIGURED
In general please keep in mind, that it is strongly recommended to use VRM 3.71.00xx with BVMS 8.0. Do not use any older VRM version like 03.71.0022. The 03.71.0029 and Releaseletter is available at the BOSCH DownloadStore (status update 2018-10-26). https://downloadstore.boschsecurity.com/FILES/Setup_VRM_03.71.0029_win32.zip Release Letter: https://downloadstore.boschsecurity.com/FILES/Bosch_Releaseletter_VRM_3.71.0029.pdf
At the VRM system / server, please check and ensure that the following Microsoft software packages are pre-installed:
.NET framework 4.6.2 or higher
Redistributables for Visual Studio 2015
In case one component is missing, please perform the following steps:
Download the missing Microsoft components. Note: When using BVMS 8.0 the VRM is typically a 32-Bit VRM software. Therefore the 32-Bit Microsoft packages are needed. Component that was seen as missing is the >> “Visual C++ Redistributable for Visual Studio 2015” https://www.microsoft.com/en-US/download/details.aspx?id=4814 Please choose the 32-Bit version of that when using with 32-Bit VRM and the >> .NET framework 4.6.2 or higher (NDP462-KB3151800-x86-x64-AllOS-ENU.exe) https://www.microsoft.com/en-US/download/details.aspx?id=53344
Stop the VRM (rms.exe) service in Windows services
Install those components with Administrator rights at the VRM server Reboot the server after installation of the Microsoft components
Check if the VRM service is running and if needed Re-Start the VRM (rms.exe) service
Check that the combination of messages are not longer seen in the VRM debug logging
The VRM package is enhanced and useres should no longer run into this issue with VRM 3.81 and newer versions. Please be aware that BVMS releases are tested with certain VRM verions. This still can offer to install a newer VRM than originally rolled-out in the BVMS overall installer. For all VRM versions 3.7x and below 3.81 it is needed to add this packages.
The attached documents should help you to make the upgrade process as smooth as possible. The upgrade itself is not restricted to BVMS software only. The supported software and firmware versions can be found in the release notes of the related BVMS version.
An attachment is added to this article for each BVMS version. Currently the upgrade guides for BVMS 8.0 and 9.0 are attached to this article. From BVMS 10.0 onwards a description on how to migrate systems has been included as well.
Connectivity problems after DIVAR Mobile Viewer APP upgrade from v3.0.0 to the new v3.1.0
As result of a software bug in the APP problems in the connectivity can occur in case the DIVAR hybrid/network is running firmware v3.0.0 or below. Running firmware v3.1.0 does not show the problem.
This problem exists for both Android and IOS app platfoms
Customers can upgrade the DIVAR firmware to v3.1.0, this will resolve the DIVAR Mobile Viewer v3.1.0 app connectivity problems.
DIVAR Mobile Viewer app 3.1.1 for both Android and iOS have been released and are available on the stores. This version is compatible with previous DIVAR hybrid/network firmware v3.0.0 and 3.1.0
Additional info for DIVAR AN 3000/5000
For the DIVAR AN 3000/5000 we just learned that the DIVAR Mobile Viewer app v3.1.1. can consume more than one session per device. This typically happens when in the Live Preview the "Device List" (top right icon) is used to open all cameras simultaneously. This seems only to happen as a first action when you open the app. This can result is a failing connection showing the message “System is busy”.
For the moment please apply these workarounds avoiding this connection problem: - Change the number of remote sessions allowed (default=4) in the DIVAR AN 3000/5000 configuration to 64 (Menu, Settings, Network, Max. connection) OR - Avoid the use of "Start Live Preview (16)" in "Device List" as an first action. By viewing one camera only as first action showed that new session consumption was prevented.
In case of occurring connection problem: close and restart the DIVAR Mobile Viewer app. This problem seems not to occur when using Android or for accessing DIVAR network/hybrid.
The attached document describes the settings you must perform after having installed BIS and BVMS on the different computers. Ensure that the installations of BIS Server and BVMS Management Server were performed successfully on separate computers. Additionally you must have purchased and activated an OPC Server License for BVMS.
The document can be found in the attachments section on the bottom of the page or the right side of the page. Please look for the attachment icon.
BVMS Installer - Windows Pending Restart Message
The pop-up dialog window message: "Setup has detected a pending restart. Please reboot the system and rerun the installation" appears when attempting to run the valid BVMS windows installer package.
BVMS Installer Pending Restart Message
This is a known Windows specific problem when another (non-BVMS) installer does not properly manage its creation and deletion of the “PendingFileRenameOperations” registry key. The most common user created way for this key value to be left resident in the system is when an installation prompts for a restart, yet the system is not expeditiously restarted.
A. Restart the affected workstation
B. If the issue still persists, delete the orphaned "PendingFileRenameOperations" registry key value
Open a registry editor, such as Regedit.exe or Regedt32.exe.
Navigate to "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\"
In the right navigation pane, right-click the "PendingFileRenameOperations" key value and select delete
Close Registry Editor.
Run the software Installer again as Administrator
Note: This message is not a Bosch product failure message. This is a problem within windows and it's registry clean-up handling. This is a Windows work around.
This troubleshooting guide, will guide you through the recovery steps of an DIP, without video data loss
General note: Using a Bosch DIP system without video data disks is a non supported use case, its mandatory to equip the system with data disks to recover the system.
Step 1 - Preperation
Download the attachment repair.zip and unzip the content
Prepare an USB-stick, rename it to SCRIPT
Copy the repair.txt extracted of the attachment on the USB-stick
Insert the USB-stick into an USB-slot of your machine
Insert the BOSCH r ecovery DVD into the DVD-drive
Step 2 - Create RAiD1
Boot the machine and enter the Intel RAiD MENU pressing CTRL + I
Navigate to CREATE RAiD VOLUME and hit enter
Set RAiD level to RAiD1(Mirror), navigate to CREATE VOLUME and hit enter
Exit the RAiD controller, navigate to EXIT and hit enter
Reboot the machine (e.g. press CTRL + ALT + DEL)
Step 3 - System Recovery
During the reboot, boot from DVD, press ENTER as the line will displayed
In the System Management Utility, click on CONSOLE
Type into command line "diskpart.exe" hit enter
Type into command line "list volume" hit enter and search for your USB-stick called SCRIPT, note down the assigned drive letter (LTR)
End diskpart.exe by typing on the command line "exit" hit enter
Type into the command line "diskpart.exe /s [YOUR_USB_DRIVE_LETTER]:\repair.txt" hit enter
Wait until the script has been finished and CLOSE the console
Step 4 - System Recovery
On the System Management Utililty click on SYSTEM RECOVERY (back to factory default)
NOTE: Do not select Initial Factory Setup, this will wipe all existing data!
As the recovery has been completed, click on OK to confirm and reboot
Do not eject the DVD and follow the instructions on your screen to initialize the system.
This article provides you with information related to the Windows Firewall, how to access, configure and adjust it.
A firewall is a program installed on your machine or a piece of hardware in your network, that uses a rule-set to block or allow access to a computer, server or network. It seperatres dedicated network segments, likly your LAN from the Internet. Firewalls can permit traffic to be routed through a specific port to a program or destination, while blocking all other traffic.
The Windows Firewall interface can be accessed multiple ways. The way we will look during this TB is via the Windows search function.
Click the Windows icon and type in “firewall“. Then, click on the “Windows Firewall with Advanced Security” icon.
The GUI provides you a general overview, about the basic function of the software. Displaying the current status of the firewall also which profiles are currently set up. By default the firewall should be enabled.
We strongly recommend that the Windows Firewall is enabled on all your Bosch devices featuring a Windows Operating System.
There are 3 different profiles within your Windows Firewall, which are simply groups of different firewall rule-sets, depending where your machine is currently connected.
Public Profile: This profile is used when the computer is connected directly to a public network like a restaurant, library or airport. This profile should be the most restrictive because security is usually not well controlled in public places.
Private Profile: This profile is used if your are only connected to a private network, not directly to the Internet. In these cases, your device is located behind a router or hardware firewall. Which allows to set this profil less restrictive.
Domain Profile: This profile is used when the machine is connected to a domain controller, which in turn is controlling a windows domain. This profile should be the least restrictive of the other profiles because security is usually very well controlled within a domain.
by default the Windows Firewall behavior is the following:
Windows Firewall never blocks outgoing traffic. Any requests sent out from the server will not be hindered in any way.
Windows Firewall blocks all incoming traffic, except for traffic that is in responses to a request. This means that if you make a request to Google, Google’s inbound reply to your outbound request will not be blocked.
Windows Firewall blocks all other traffic. This means that any traffic that is not explicitly allowed is blocked in the firewall.
In the Windows Firewall we can filter connection in two different kinds: port exceptions (rule assigned to a dedicated port number) and program exception (rule assigned to a dedicated program)
In general we need to distinguish between the inbound (frome somewhere to your machine) and outbound (from your machine to somewhere) rule-set.
Open a port in the firewall (inbound rule)
In the Windows Firewall with Advanced Security window, right-click "Inbound Rules", and then click "New Rule..." in the action pane.
"Rule Type" dialog box, select "Port" depending on your need and then click "Next".
In the "Protocol and Ports" dialog box, select "TCP". Then select "Specific local Ports", and then type the port number and then click "Next".
In the "Action" dialog box, select "Allow the connection" and then click "Next".
In the "Profile" dialog box, select any profiles that apply and then click "Next". (We have allowed all three for demonstration purposes, your selection may vary.)
In the "Name" dialog box, type a name and description for this rule, and then click "Finish".
At this point, you will now see a new rule in the main firewall rules in the center section, as well as a new listing in the right window panel.
Open a program in the firewall (inbound rule)
Click on the "Inbound Rules" option on the top left of the firewall interface. Then, click on the "New rule…"
Under "Rule Type" dialog box, select the option "Program" and then click "Next".
Select the option "This Program path" browse to the path/location of the program and click "Next".
Next, we select the option “Allow the connection” and then click “Next”.
Select the "Profile" the rule will be applied to and click "Next". (We have allowed all three for demonstration purposes, your selection may vary.)
Select a "Name" and "Description" for this rule and then Click “Finish”.
At this point, you will be dropped back to the main firewall screen. You will now see a new rule in the main firewall rules in the center section, as well as a new listing in the right window pane
Edit a port / program in the firewall
Right-click on the rule which will open a context menu. Then click "Properties" and adjust the rule according your needs .
Close a port / program in the firewall
Right-click on the rule which will open a context menu. Then click " Delete".
Adjust program rule after BVMS upgrade
In case you upgraded your current BVMS up to BVMS10, refering to the article TSG-Upgrading-VRM-from-32bit-to-64bit you need to adjust the inbound + outbound rule "Bosch VRM Server" and "USB Transcoder".
Therefore right-click on the rule which will open a context menu. Then click "Properties" and adjust the programs path to:
Bosch VRM Server: "C:\Program Files\Bosch\Video Recording Manager\VRM Server\bin\rms.exe"
USB Transcoder: "C:\Program Files (x86)\Bosch\Video Recording Manager\VRM Server\bin\usbsvc.exe" Keep in mind, that you need to perform this action on all four rules (inbound and outbound)
Alternatively download the attachment set_fw_rules.zip (1 KB) locally to your device, extract the archive and run the PowerShell script "set_fw_rule_trancoder.ps1" as administrator. The script will adjust all necessary rules.
The attached document aims to provide concerned parties, such as customers, users, operators or consultants, with an overview of data privacy and protection related features of BVMS Person Identification. Moreover, this document describes how data, as processed during the Person Identification steps, can be classified. Finally, this document lists technical measures for data protection in the context of BVMS Person Identification.
What's new in version 1.3.1?
Dear users, thank you for working with the Bosch Project Assistant. Based on your feedback, we have introduced the following improvements and features to make its use even more effective and enjoyable: • Sorting option on project overview page • Easier and faster removal of cameras from a project • Time server support • Re-commissioning support for VRM-managed cameras (focus on Flexidome IP 8000i) • Configuration mismatch (between project/app and camera) resolution dialog • Integration of Bosch Portable camera installation tool (NPD-3001-WAP), i.e. automatic detection of its wireless access point, management of multiple tools, and configuration of the tool’s network settings within the app
Please check out the updated article " How-to: connect to and configure the portable camera installation tool ". Here we have added new videos that help you to get started and which explain the sepcifics of the different platforms - iOS, Android and Windows.
Your Bosch Security App Team
PS: For details, please have a look at the latest release letter in our Bosch Security Download Area.
As video surveillance use grows in commercial, government and private use cases, the need for low-cost storage at scale is growing rapidly. BVMS, Bosch cameras, HPE hardware and SUSE Enterprise Storage provide a platform that is an ideal target for recording these streams.
There are numerous difficulties around storing unstructured video surveillance data at massive scale. Video surveillance data tends to be written only once or become stagnant over time. This stale data takes up valuable space on expensive block and file storage, and yet needs to be available in seconds. With this massive scale, the difficulty of keeping all the data safe and available is also growing. Many existing storage solutions are a challenge to manage and control at such scale. Management silos and user interface limitations make it harder to deploy new storage into business infrastructure.
The solution is software-defined storage (SDS). This is a storage system that delivers a full suite of persistent storage services via an autonomous software stack that can run on an industry standard, commodity hardware platform. Bosch, Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS to the video surveillance industry. Using SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers in a Bosch video surveillance environment simplifies the management of today’s volume of data, and provides the flexibility to scale for all enterprise storage needs.
The full description can be found in the attached whitepaper.