The firewall configuration dialog is a fixed step in the setup process and will allow automatic configuration of all required firewall settings to run BVMS. The applied rules and settings can be found in the readable command script file "C:\Program Files\Bosch\VMS\bin\FirewallConfig.cmd".
The firewall rules that have been applied with the setup cannot be reverted and must be manually changed/removed if required.
In order to quickly offer a technical solution or to provide a professional advice for the next analysis steps, the technical support specialists need to get some general and basic information.
Ticket content should always be in English and provided in a well summarized and structured way in order to be able to provide a quick and appropriate feedback.
Not following the guideline will impact the processing time of the ticket.
Related Products: BVMS Operator Client
This article describes the initial steps one can take for troubleshooting BVMS display issues (during live view or playback). It also summarizes what initial information and logs are needed for support in order to start the issue investigation.
How to retrieve the Hardware ID for BVMS and check the Software Maintenance Agreement (SMA) status?
BVMS stand alone or appliance
Detailed problem description
Check and eventually update the version of your Graphic Card driver.
During BVMS system tests there were documented cases of display issues related with out of date Graphic card divers. ❗ It is important that the Graphic Card driver of the client is up to date. Find the supported version of the Graphic Card driver in the corresponding to your BVMS version Release Notes (https://downloadstore.boschsecurity.com), in the section Hardware drivers.
Symptom specific Information
Is the issue camera type / FW dependent?
Are all the devices in the system affected?
Is the issue existent for all BVMS Operator Clients in the system?
Is the issue existent for hardware decoders, for camera Web Interface or other display Clients?
Is the recording, the playback or are both affected?
BVMS ConfigCollector logs keeping the following conditions:
From the machine that shows the issue
VSDK logging – please follow the steps from the article:
How to collect Video SDK log files
VRM logs (in case VRM runs on the same machine like the BVMS MS, then BVMS ConfigCollector logs from the server)
for VRM version 3.82 and onwards use VRM Monitor. The following articles will help you out:
How to access VRM monitor from BVMS Configuration Client?
How to collect VRM logs with VRM Monitor (v3.82/ v3.83)?
Screenshot of the Dashboard of the VRM
for VRM version till 3.81 - contact support to receive BVIP Log collector tool and use it to collect VRM logs
Movie showing the display artefacts can be helpful
What is the difference between RAID 5, RAID 5 plus a Hot Spare and RAID 6?
The RAID combines two or more physical drives into a logical unit presented as a single hard drive to the operating system. There are currently six basic RAID levels: RAID 0, RAID 1, RAID 0+1, RAID 1+0, RAID 3, RAID 4, RAID 5 and RAID 6.
The scope of this article is to provide basic information for the levels RAID 5 and RAID 6 and to compare them from point of view of performance and security.
Hot spare is a drive that acts as a stand by drive in RAID 1, RAID 5 or RAID 6 volume. It is fully functional drive that contains no data and is not used during normal operation. If a drive from the volume fails, the controller reconstructs the data from the failed drive to the hot spare drive.
A RAID 5 array is designed to protect against the failure of a single disk within the array. Because of the way that RAID 5 works, the total capacity of one disk is lost to overhead. If, for example, a RAID 5 array contained five 10TB disks, then the array’s usable capacity would be 40TB.
A RAID 5 (with Hot Spare disk) array can be configured to treat one of the disks as a hot spare. Then one of the disks is reserved as a replacement in the event that a disk fails. For the above example with five 10TB disks, this would decrease the example array’s usable capacity to 30TB.
A RAID 6 array is designed to protect against two simultaneous disk failures. However, the price for this extra protection is that two disks' worth of capacity is lost to overhead. As such, a RAID 6 array made up of five 10TB disks would have a usable capacity of 30TB because 20 TB is lost to overhead.
The performance during Normal Operation is measured in IOPS (Input/output operations per second) and as a sum for all the disks (excluding the Hot Spares and decreased for writing parity data) in the array. As a rule of the thumb, the higher the overhead associated with writing parity data (in the above example RAID 5 with Hot Spare causes the same overhead like RAID 6) the lower the IOPS.
The reason for implementing RAID arrays is to secure the data. The level of protection does not directly correlate with the overhead. From the above example both RAID 5 with Hot Spare and RAID 6 have same capacity, but offer different level of protection. In case of failure of RAID 5 array with Hot Spare, the Hot Spare is activated and the rebuild process start immediately.
The system can recover from a single disk failure and during the recovery, process is vulnerable to second disk failure.
Therefore, RAID 5 and RAID 5 with Hot Spare disk offer the same level of protection – single disk failure.
In contrast, if a disk fails at RAID 6 array, the recovery will start only after the faulty disk is replaced manually. However, if during the recovery process second disk fails, the RAID 6 array will stay functional.
The purpose of this article is to provide step by step instructions on how to successfully import video and storage devices from a DIVAR IP Recording Appliance to a Professional BVMS system while retaining all existing recorded video.
Note: This procedure should only be performed by a certified BVMS / VRM technician or installer
This article describes how to configure a generic Microsoft Windows Server (2012 R2, 2016 or 2019) based server to serve as an iSCSI target for a Bosch video surveillance environment.
SCSI (Small Computer System Interface) is most commonly used for the communication between computers and peripheral devices, such as hard drives.
iSCSI enables devices to use SCSI over a network interface, therefore it makes a lot of sense for cameras to use iSCSI to record video.
The camera is a small computer that needs a (network) connection to a "hard drive" to store video footage. In other systems this job is performed by the network video recorder (NVR).
Time is everything: meetings, public transportation, religion, transactions: the whole world is working because the concept of “time” exists. Within a security (or any other) system this is not different: recording schedules, logging, authorizations, encryption keys, timelines, all of these concepts can exist because of time.
As a result, time can either make or break a system: problems can appear only due to a time difference of a couple of seconds between two system components.
This article describes how time services can be configured in a BVMS version ≤ 10.1 environment.
For BVMS version ≥ 11.0 please refer to the following article:
Where can you configure NTP server for cameras/encoders in BVMS≥11?
Time: what is the challenge?
Each device has its own internal clock, which is based on a hardware mechanism. This mechanism acts like a watch: try to put two watches together and synchronize them on the millisecond. A security system consists out of more than two devices, it can consist of thousands of devices.
Synchronizing the time of all these devices by hand is a very time consuming task. Additionally, due to small differences in electronic components, devices can have deviations from one another.
These deviations cannot be detected by the human eye, but can result in considerable time differences when a device is running for months.
The Network Time Protocol (NTP) was created to solve these challenges. The Network Time Protocol is a network-based protocol for clock synchronization between system components. The protocol utilizes a standard IP network to communicate and can maintain a time difference (considering a local area network) of less than one millisecond between components. The Network Time Protocol is a standard protocol and documented in RFC 5905.
The operation and configuration of the Network Time Protocol are complex: a hierarchical architecture needs to be set-up including several layers of systems which are able to run the Network Time Protocol. To reduce complexity the Simple Network Time Protocol (SNTP) was created. The Simple Network Time Protocol is mainly used when less accuracy (deviations of 1-2 seconds are acceptable).
Windows Time Service
The Bosch Video Management System is running on Microsoft Windows Server operating systems. Windows includes an internal time service, which is explained on Microsoft Technet:
“The Windows Time service, also known as W32Time, synchronizes the date and time for all computers running in an AD DS domain. Time synchronization is critical for the proper operation of many Windows services and line-of-business applications. The Windows Time service uses the Network Time Protocol (NTP) to synchronize computer clocks on the network so that an accurate clock value, or time stamp, can be assigned to network validation and resource access requests. The service integrates NTP and time providers, making it a reliable and scalable time service for enterprise administrators.
The W32Time service is not a full-featured NTP solution that meets time-sensitive application needs and is not supported by Microsoft as such. For more information, see Microsoft Knowledge Base article 939322,Support boundary to configure the Windows Time service for high-accuracy environments (http://go.microsoft.com/fwlink/?LinkID=179459).”
Source: Windows Time Service Technical Reference - Microsoft Technet
The Windows Time service is based on the Simple Network Time Protocol.
The Network Time Protocol requires a very complex infrastructure, which impacts the total installation and configuration effort of the system. The Simple Network Time Protocol (also used for the Windows Time Service) reduces the complexity, but at the same time also reduces the accuracy.
For most security applications the Simple Network Time Protocol provides sufficient accuracy. Bosch recommends to use the Windows Time service, based on the Simple Network Time Protocol, as basis for time synchronization in a security network. This article provides best-practices on how to configure the Bosch Video Management System and related components in a time synchronization environment based the Windows Time service.
Alternatively, the Network Time Protocol can be used whenever it is already existing inside an infrastructure or when event accuracy with a deviation less than one second is required. Due to the complexity of the infrastructure Bosch does not make any recommendations related to the Network Time Protocol.
Management server configuration
A. Operating system configuration
This section also applies for the Video Recording Manager and Mobile Video Service when these are not running on the management server.
Microsoft has prepared a lot of documentation related to time configuration Go to the Microsoft Support: How to configure an authoritative time server in Windows Server page and scroll down to the section “Configuring the Windows Time service to use an external time source”. Click the download button under the “Here’s an easy fix” section.
Figure: Download the Microsoft Windows Time service configuration utility
The utility will configure external time servers. To select these, browse to http://pool.ntp.org and select two servers which are related to the geographical location of the system, for example “de.pool.ntp.org” and “nl.pool.ntp.org”, referring to Germany and the Netherlands. Another (local or external) (S)NTP server can also be chosen.
Start the Microsoft configuration utility and configure it as indicated and shown in the figure below.
Administrative access is required to run the utility.
Figure: Pool.ntp.org locations
Figure: Windows Time service configuration
Alternatively the configuration can be done from the command-line, using the command shown below.
net stop w32time w32tm /config /syncfromflags :manual /manualpeerlist : "nl.pool.ntp.org, de.pool.ntp.org" net start w32time
The configuration can be verified by starting the Windows Command prompt and issuing the command “w32tm /query / status”, as shown in the figure below. Notice the time source, this should point towards the configured servers.
Figure: verifying configuration
It can take up to one minute before the correct time source is displayed.
When there is a problem, the configured (S)NTP server can be tested by issuing the “w32tm /stripchart /computer:de.pool.ntp.org”, which should result in the output displayed in the figure below.
Figure: test the (S)NTP service
When an unexpected result is returned, it is recommended to check access to the specific (S)NTP server. A firewall might prevent the communication between the (S)NTP server and the management server.
B. BVMS Management Server configuration
BVMS automatically points devices to its own time-server. This can be changed by editing the BvmsCenterlServer.exe.config file, located in C:\Program Files\Bosch\VMS\bin\. Find the key "TimeServerIPAddress" and adjust the value, as shown in the example below (192.168.0.1).
<!-- Ip address of the time server for VRM/NVR encoders(defaults to the Central-Server IP if not set) . --> < add key = "TimeServerIPAddress" value = "192.168.0.1" />
C. Workstation configuration
The Bosch Video Management System Operator client runs on a Windows workstation. When the workstation and server are part of the same Microsoft Active Directory service domain, no manual time synchronization needs to be configured.
Figure: workstation configuration, "192.168.0.200" needs to be replaced by the IP address or Fully Qualified Domain Name of the management server.
When the Bosch Video Management System workstation and management Server are not joined in a domain, or into the same domain, the workstation(s) need to be manually configured to use the management server as a time server. To achieve this, the description above can be used. Instead of using the pool.ntp.org as a server, the management server is now entered.
D. Camera configuration
If a camera is connected to a BVMS system the time server will be automatically configured.
When working with previous versions of BVMS, remote connectivity was cumbersome due to the amount of port mapping that needed to be configured. BVMS 7.5 provides a new method of remote connectivity utilizing Secure Shell (SSH) Tunnelling.
SSH Tunnelling constructs an encrypted tunnel established by an SSH protocol/socket connection. This encrypted tunnel can provide transport to both encrypted and un-encrypted traffic. The Bosch SSH implementation also utilizes Omni-Path protocol, which is a high performance low latency communications protocol developed by Intel.
The BVMS SSH service generates a private and public key when it is started for the first time. Both keys are saved in an encrypted file. When the BVMS SSH service restarts this file is detected and the private key is read.
There is little to no configuration required for this feature to function.
The SSH Service must be installed and running. If deploying a BVMS Pro system, insure the SSH Service is part of the installation process.
Recording Appliances that ship with BVMS 7.5 should have the service pre-installed. Check your “Services”.
If the service has not been installed, the install package can be run from the BVMS 7.5 downloadable install package. If working with a DIVAR IP Recording Appliance, the appliance “Installer Package” must be used.
B. Port mapping entry
The primary configuration step is to configure one (1) port forwarding for the BVMS Central Server to utilize port 5322 for both internal and external connections. This is the only port mapping entry that needs to be made for the entire system.
The image below shows a sample configuration.
A. Login with the Operator Client
After the basic configuration is done, logging in via Operator Client is very intuitive:
From the log menu, select the “Connection” drop down menu, then Select <New…>
You will be prompted to enter an IP address or DNS host name. You will also notice a cheat guide below the entry menu that will assist with address entry. Addressing must be in the following format: ssh://IP or servername:5322. In the example we used: ssh://22.214.171.124:5322.
After entering a properly formatted address, enter a valid user name and password. SSH users MUST have a password associated with their BVMS account. User accounts without a password cannot log in utilizing an SSH Connection.
After connection is established via an SSH Tunnel, all communications between the BVMS Server (192.168.1.19) and a remote client (126.96.36.199) are encrypted. Below is a Wireshark Capture taken from the BVMS Server after a connection is established.
C. Changing the SSH port
Locate the SSH service configuration file in " C:\Program Files\Bosch\BVMS\bin "
Open the configuration file and find the section below. Edit the value of the BvmsSshServicePort (the port should be unused) and restart the system.
The attached manual provides information for Mobile Video Service (MVS) within Bosch Video Management System.
You can find: - how to configure the router and Internet Information Service (IIS) - how to add MVS to BVMS - user guide - some troubleshooting tips
This document can also be found online here.
This article describes the different components that Bosch Video Management System offers to to establish a connection between Bosch Video Management System and a 3rd party management system.
This description helps you in writing your own commands for controlling Bosch VMS from inside your management system.
In many cases a minimum and maximum retention time needs to be defined in a video surveillance systems due to legal requirements. While the minimum retention time defines the time period for how long video recordings need to be stored, the maximum retention time defines after which period of time the recordings have to be deleted. Thus, the minimum retention time is going to influence the amount of storage needed. The higher the minimum retention time the more storage space is required.