Possible causes and solution(s)
The Activation Key provided from SLMS cannot be activated in BVMS.
During the introduction of BVMS 10.0 the BVMS Lite16, 32, and 64 base licenses were not introduced and succeeded by BVMS Lite 10.0 (8 channel base package). Existing BVMS Lite customers might still want to upgrade to BVMS 10.0.
The LIF file attached to this article (in the zip archive) can be imported in BVMS Lite 10.0 installations using the license manager (the license manager can be found in the "Tools" menu of the BVMS Configuration Client). Once imported, BVMS Lite 16, 32, 64 systems that are covered under SMA can be upgraded.
... View more
Possible causes and solution(s)
During the introduction of BVMS 10.0 the BVMS Plus unmanaged site expansion licenses were not introduced, even though this functionality was announced to be available.
The LIF file attached to this article (in the zip archive) can be imported in BVMS Plus 10.0 installations using the license manager (the license manager can be found in the "Tools" menu of the BVMS Configuration Client). Once imported, the purchased licenses (MBV-XSITEPLU-100) can be activated
... View more
Are there technical measures for data protection in the context of BVMS Person Identification?
This article aims to provide concerned parties, such as customers, users, operators or consultants, with an overview of data privacy and protection related features of BVMS Person Identification. Moreover, this article describes how data, as processed during the Person Identification steps, can be classified. Finally, this article lists technical measures for data protection in the context of BVMS Person Identification.
Importance of GDPR
The General Data Protection Regulation 2016/679 (GDPR) on the protection of natural persons with regard to processing of personal data and on exchange of such data became effective on 25 May 2016 and is repealing existing EU Directive 95/46/EC. The GDPR regulates the processing (handling) of personal data in the European Union. The objective is to protect the fundamental rights and freedom of natural persons and in particular their right of protection of personal data. Personal data are all the information which relate to an identified or identifiable natural person, for example, names, addresses, telephone numbers or e-mail addresses which are or can be the expression of the identity of a person.
Special categories of personal data in the sense of GDPR are information about a person, which are especially protected by the GDPR and therefore the data processing is subject to strict conditions. Special categories of personal data are, for example, racial or ethnic origin, genetic data, health data or biometric data. Art. 4 GDPR contains definitions of these terms. Before processing any personal data the national legal framework (see 3 Legal Framework) must be examined.
We recommend to contact the responsible supervisory authorities in order to eliminate legal uncertainties.
Data Privacy and Protection at Bosch
Worldwide, some 1,000 associates work for Bosch as data security officers and data security partners. They provide their colleagues with advice on matters of data protection and information security. In consequence, data protection and data security are firmly anchored in the development process for new products and services. We will not start marketing these until we have proven – e.g. by means of penetration tests – that our data protection and security measures are effective.
We assign our in-house data-protection and IT-security experts to development projects to make sure these aspects are given full consideration at all times.
How Does Person Identification Work?
During the Person Identification steps, personal data (i.e. photo and video), including special categories of personal data (i.e. biometric data), are processed by the system.
Using the video surveillance system requires a legal framework. The GDPR is the legal basis for processing of personal data in Europe. Examples for the legal framework for processing of personal data are Art. 6 (1) GDPR and Art. 9 (2) GDPR, if special categories of personal data are processing, e.g. biometric data.
Guidelines published by official authorities and / or boards, such as the European Data Protection Board (EDPB) Guidelines 3/2019 on processing of personal data trough video devices can be helpful to give an orientation for the evaluation.
Use of a video surveillance system can be also regulated in national regulations (Art. 9 (4) GDPR). The relevant national regulations should be examined.
Use of a video surveillance system can be regulated in national regulations. The relevant national regulations should be examined.
Processing of Personal Data and Special Categories of Personal Data
Video Surveillance System
A video surveillance system processes (including display as well as storage) a huge amount of data. However, such a system can at most automatically classify the type of an object (person, car, bike), but not classify the identity of that object. This functionality allows, for example, an operator to search for "persons" or "cars", but does not allow him to search for person "John Doe" or for the car with license plate "M-12345".
As a result, most of the data processed by a traditional video surveillance system is classified as ("normal") personal data and listed in the table below.
Single frame out of a video stream.
Recording Time Camera
Timestamp (visible or invisible) which is stored in the video recordings.
Recording Location Camera
Location data which enable the correlation of camera id and its position.
Person Trajectory (Single Camera)
Data consisting of multiple location and time entries to describe movement patterns in a single camera`s field of vision.
Person Trajectory (Multiple Cameras)
Data consisting of multiple location and time entries to describe movement patterns combined over multiple cameras.
Event Log (Id. Events, DB Modifications)
Logbook in BVMS.
Video Surveillance System with Person Identification
New technologies enable the system to uniquely identify persons who are captured by the cameras connected to the video surveillance system. Once the system is able to uniquely identify persons, some of the data is considered Special Category of Personal Data in the sense of GDPR. This allows, for example, the operator to add the picture of "John Doe" to the system and have the system notify him when "John Doe" appears in front of one of the cameras.
When extending BVMS with the Person Identification functionality, the data listed in the table below is processed in addition to the data listed above, which includes a special category of personal data in the sense of GDPR, i.e. biometric data.
Used as Input for "Facial Vector from Passport Photo". Also stored (raw) in "Subject Database".
Name in clear text for subject management in "Subject Database".
Facial Vector from Passport Photo
Facial Vector generated from "Passport Photo" as input for the "Subject Database".
Special Category of Personal Data
Facial Vector from Video
Facial Vector generated from video data (multiple sources).
Special Category of Personal Data
Subject-ID generated for each new subject entry in the "Subject Database".
Subject list with multiple entries of "Name", "Passport Photo", "Facial Vector from Passport Photo" and "Subject-ID", organized in groups.
Special Category of Personal Data
Successful identification of a facial vector. The event in the Log will contain: Time, (Camera)-Location, Subject-ID
The video data and metadata (without person identification) is generated by the camera, and if recording of this data is enabled, is stored on an iSCSI drive. This video data can be replayed and the metadata generated by the camera can be searched for specific events. The video data itself, and the related metadata, is considered personal data. Additionally system events, actions and alarms are stored in the BVMS Logbook which is located on the BVMS MS (Management Server).
If the Person Identification functionality is enabled, the camera video data is also sent to the Person Identification Device (PID). The PID first attempts to find faces in the video. Once a face is detected, its facial features are determined and translated in a so-called face vector. A face vector is a unique mathematical representation of the face of a person. Every time this specific person appears in front of any camera, a face vector is generated. This allows the system to identify a specific person, even though this person is recognized in a different location under different circumstances (e.g. differing camera angles, varying light conditions, etc.). As the face vector can be used to uniquely identify a person, this is considered biometric data.
Based on this functionality, the security operator is able to instruct the system to search for a specific person. This is done by adding a photo of a person's face to the subject database. Managing the subject database is done from the BVMS Operator Client. Once a subject is added, the Operator Client sends the photo to the PID. Using the process described above, the PID searches for a single face in that photo, and generates a face vector. Both the photo and the face vector are stored in a subject database on the PID.
Once The PID has detected a face, it compares the face vector of the detected person in front of the camera with the face vectors stored in the subject database. If it finds a match between the two face vectors, it means that the system has detected a subject and an event is send to the BVMS Management Server. Depending on the configuration this event can be stored for later investigations. If the PID cannot find a match between the detected face vector and the subject database, the detected face vector is discarded and not stored within the PID.
Besides the PID specific description, data protection in general is explained in the document BVMS - Securing the Security System.
This section describes the technical measures that are available to manage both the personal and the special category of personal data in the sense of GDPR, i.e. biometric data. The technical measures outlined below follow a privacy by design approach.
Authorization and access rights management
BVMS has extensive authorization and access rights management. User groups (which can also be related to an enterprise user management environment) can be created, and can contain multiple users. For each user group, operating and configuration permissions can be set.
Following the privacy by design approach, the system contains, by default, two user groups: for the "Admin Group" all permissions are set, whereas for the "Operator Group" only the essential operator permissions are enabled. Access rights management itself (modifying who has access to the system and which functionality is permitted) is, by default, available for the "Admin Group", but can be (optionally) enabled for other user groups as well.
The following functionality can be restricted by user group:
PTZ control of dome cameras
Allegiant trunk lines
Print and save; Alarm display
Playback; Logbook access
Operator event buttons
Close operator client
Minimize operator client
Manual alarm recording
Set reference image
Arm intrusion panel
Force arm intrusion panel areas
Disarm intrusion panel areas
Bypass intrusion panel points
Unlock intrusion panel doors
Secure and unsecure intrusion panel doors
cycle intrusion panel doors
The login can be restricted with a login schedule, the access to specific devices can be enabled or disabled and the event subscription can be tailored.
The users of the system are authenticated based on their user name and password. The system contains account policies which allow the system administrator to enforce the usage of strong passwords, including a minimum password length, and a maximum password age. To further decrease the risk of misusing data a four-eye principle can be applied on the login process (dual authorization). This means that two users need to authenticate themselves for login before the system enables them to access the defined system's functionality.
Pseudonymization and data erasure
For each event that is triggered by the system it is possible to configure whether the event is transformed into an alarm (notifying the operator of the event) and whether the related event data is stored into the BVMS Logbook. For each camera managed by the system, the recording parameters (including the minimum and maximum retention time) can be configured as described in the BVMS - Policy Based Recording article.
The biometric data stored in the BVMS logbook as well as the personal data stored in the video archives can be removed by operators who have the permissions for this user action.
The system contains two log locations:
The BVMS Logbook (an SQL database, with own authorization and access rights management) stores the events configured in the configuration of the system. In addition, it stores user actions (for example, when an operator calls up a camera or adds a person to a subject list) as well as system events (e.g., device disconnected or storage state failure). The BVMS Logbook itself can also be restricted in its retention time.
The system log files, which can be used for debugging and detailed investigations, are stored in the file system of the server or workstation (C:\Programdata\Bosch\VMS\Log). For example, finding the source of an unauthorized login requires the usage of the system log files. The retention time of the log files differs depending on the purpose of the specific log file and the application, but is typically set to 200MByte (the actual time is depending on the amount of log data being generated and therefore to the usage of the system).
As video surveillance systems are typically not accessible for the public this section is not applicable.
Information related to specific software security measures are described in the BVMS - Securing the Security System article.
Default: 55%; Minimum 0%; Maximum 100% The similarity of a detected face and a reference photo in the database is expressed as a percentage between 0% and 100%. The higher this number is, the higher is the probability that the two faces are the same person. The threshold probability defines the threshold, above which the system considers it a match and triggers an alarm.
Recommendations for on-premise solutions
The BVMS - Securing the Security System recommends how to handle the system configuration from an IT security perspective, while the BVMS Network Design guide gives recommendations on how to set up the network infrastructure. Bosch recommends involving an IT security/network specialist to ensure these recommendations fit to your specific IT infrastructure.
Nice to know:
BVMS 12.0 introduced the new AI-based Privacy overlay. The AI-based Privacy overlay removes personal data from videos by pixelating the whole person without exposing their unique identity, ensuring compliance with data protection laws and regulations worldwide. Learn more >
... View more
Possible causes and solution(s)
As video surveillance use grows in commercial, government and private use cases, the need for low-cost storage at scale is growing rapidly. BVMS, Bosch cameras, HPE hardware and SUSE Enterprise Storage provide a platform that is an ideal target for recording these streams.
There are numerous difficulties around storing unstructured video surveillance data at massive scale. Video surveillance data tends to be written only once or become stagnant over time. This stale data takes up valuable space on expensive block and file storage, and yet needs to be available in seconds. With this massive scale, the difficulty of keeping all the data safe and available is also growing. Many existing storage solutions are a challenge to manage and control at such scale. Management silos and user interface limitations make it harder to deploy new storage into business infrastructure.
The solution is software-defined storage (SDS). This is a storage system that delivers a full suite of persistent storage services via an autonomous software stack that can run on an industry standard, commodity hardware platform. Bosch, Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS to the video surveillance industry. Using SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers in a Bosch video surveillance environment simplifies the management of today’s volume of data, and provides the flexibility to scale for all enterprise storage needs.
Video surveillance systems need to store large numbers of data. To enable security operators to effectively manage security incidents when they happen, this data also needs to be available at all times. Based on the Bosch Video Recording Manager, SUSE Enterprise Storage and the HPE line of density-optimised servers, a scalable storage solution on different levels can be achieved.
Scalability meets adaptability with HPE's line of density-optimised servers: Powerful computing with multiple systems on a chip (SoC), Speed of provisioning and the time to service are increased with built-in fibre and software for connectivity, scalability and adaptability. Make your move toward modular, hyper scale and ultra-converged infrastructure.
On top of the physical server infrastructure, SUSE Enterprise Storage allows for unlimited scalability with a distributed storage cluster designed to scale to thousands of nodes and multi-hundred petabyte environments and beyond to meet the growing data requirements.
Last, but not least, the Bosch Video Management System (BVMS) allows to scale up to 256 petabyte per system of 2000 cameras. Multiple BVMS systems can be combined into a massive BVMS Enterprise system, potentially spread out across the world. Existing BVMS systems can be easily expanded using a scale-out configuration: just add a new storage system to the Bosch video surveillance environment and the system will automatically take this into it's virtual pool of available storage capacity. There is no need to re-assign cameras to NVRs or re-configure NVRs to use a different storage system.
All of this data is put at the fingertips of a video surveillance security operator. With Forensic Search, the operator can browse recorded images based on movement, but also on criteria, like the size or colour of objects. So, with just a few clicks, huge data volumes can be searched for all objects recognized as, for example, a person or a yellow taxi.
HPE's high-density server family delivers breakthrough performance with efficient rack-scale compute, storage, networking, power and cooling for your most demanding massive data analytics and object storage workloads.
The latest iteration of Ceph, available in SUSE Enterprise Storage, offers BlueStore, which doubles the write performance of previous releases and significantly reduces input and output latency. The ability to provide a write-back cache tier enables the system to also service high performance short-term streams where only a percentage of requests actually end up being served from the long-term archive.
The Bosch Video Recording Manager automatically balances the load across the available (SUSE Enterprise) storage targets, depending on a target specific performance configuration. This allows for very flexibly configurations, in which lower performance storage systems can be combined with high performance storage systems, while distributing the load on those systems accordingly.
HPE InfoSight gathers operational intelligence from an infrastructure by analysing millions of sensors across a globally-connected installed base, and using behavioural data provides trend insights, forecasting and recommendations, to predict and prevent problems. The result is higher efficiency and reliability, creating a smarter, easier-to-manage infrastructure for customers.
SUSE Enterprise Storage comes with erasure coding, which lets you define the settings for data protection. You can determine how many device failures your cluster can tolerate before considering the data compromised.
Compared to other video management systems BVMS allows for maximum resilience. This means continuous live and playbacks – no matter what happens. While other systems require you to add redundant components to create a resilient system, BVMS offers several levels of resilience out of the box. As a result, cameras keep recording and streaming live video even when multiple system components fail simultaneously.
HPE is the only vendor to provide silicon root of trust on Gen10 servers, which creates a digital fingerprint in the silicon and ensures that the server will never boot with compromised firmware. This root of trust and other unique security features have garnered HPE recognition for having the “world’s most secure industry-standard servers. The SUSE Enterprise Storage operating system supports trusted boot scenarios to ensure that only signed kernels and drivers can be booted from and loaded. Because video data is often highly critical and sensitive, Bosch is driving a systematic approach to maximize data security by considering physical safety and cybersecurity simultaneously.
The combination of SUSE Enterprise Storage, HPE and Bosch video surveillance components has been extensively tested. Not only the performance of the solution has been proved: several failure scenarios are considered to ensure the system continues to operate as expected.
SUSE Enterprise Storage - Powered by CEPH
Ceph is the most popular OpenStack software-defined storage solution on the market today. It is extensively scalable from a storage appliance to a cost-effective cloud solution. It also provides industry-leading storage functionality such as Unified Block and Object, Thin Provisioning, Erasure Coding, and Cache Tiering. What's more, it is self-healing and self-managing.
There are three primary roles in the SUSE Enterprise Storage cluster covered by this sample reference configuration:
OSD Host—Ceph server storing object data. Each OSD host runs several instances of the Ceph OSD Daemon process. Each process interacts with one Object Storage Disk (OSD), and for production clusters, there is a 1:1 mapping of OSD Daemon to logical volume. The default file system used on each logical volume is XFS, although Btrfs is also supported.
Monitor (MON): Maintains maps of the cluster state, including the monitor map, the OSD map, the Placement Group Map, and the CRUSH map. Ceph maintains a history (called an “epoch”) of each state change in the Ceph Monitors, Ceph OSD Daemons, and Placement Groups (PGs). Monitors are expected to maintain quorum to keep an updated cluster state record.
Administrator: This is the self-master and hosts openATTIC, the central management system which supports the cluster.
RADOS Gateway (RGW)—Object storage interface to provide applications with a RESTful gateway to Ceph Storage Clusters. The RADOS Gateway supports two interfaces: S3 and Swift. These interfaces support a large subset of their respective APIs as implemented by Amazon and OpenStack Swift.
A minimum SES v4 cluster should contain:
One administrator (typically a ProLiant DL360 server)
Three or more MON nodes (typically ProLiant DL360 servers)
Three or more OSD nodes (recommended Apollo 4000 servers)
One or more RGW (typically ProLiant DL360 severs)
Optional: iSCSI gateway (one or more ProLiant DL360 server)
Density-optimized Apollo 4000 servers are ideal for use as the bulk storage OSD nodes. Ceph supports mixing Apollo 4000 server types and generations, enabling seamless growth with current technologies.
Keeping data safe
SUSE Enterprise Storage brings Ceph’s flexibility to bear by supporting data replication as well as erasure coding. Erasure coding mathematically encodes data into a number of chunks that can be reconstructed from partial data into the original object. This is more space efficient than replication on larger objects, but it adds latency and is more computationally intensive. The overhead of erasure coding makes it space inefficient for smaller objects, and block storage requires a replicated cache tier to utilize it. As such, erasure coding is recommended for capacity efficiency, whereas replication is most appropriate for lower capacity block storage and small objects.
Putting data on hardware
One of the key differentiating factors between different object storage systems is the method used to determine where data is placed on hardware. Ceph calculates data locations using a deterministic algorithm called Controlled Replication Under Scalable Hashing (CRUSH). CRUSH uses a set of configurable rules and placement groups (PGs) in this calculation. Placement groups tell data where it is allowed to be stored and are architected in such a way that data will be resilient to hardware failure.
HPE value for a Ceph storage environment
Hewlett Packard Enterprise (HPE) and SUSE have partnered to deliver the benefits of SDS on reliable hardware. SUSE Enterprise Storage™ on HPE ProLiant DL and Apollo servers can simplify management of today’s volume of data— and provide the time to value, cost control and flexibility to scale for all of your enterprise storage needs.
HPE hardware gives you the flexibility to choose the configuration building blocks that are right for your business needs. The HPE Apollo 4000 Gen10 server systems are most suited for the task and allow you to find the right balance between performance, cost-per-gigabyte, building block size, and failure domain size.
Software defined storage running on Linux servers can be deployed on a variety of hardware platforms. However, clusters built on a white-box server infrastructure work for business at small scale, but as they grow, the complexity and cost make them less compelling than enterprise hardware-based solutions. With white-box server infrastructure, IT has to standardize and integrate platforms as well as supported components themselves, and support escalation becomes more complicated. Without standardized toolsets to manage the hardware at scale, IT must chart their own way with platform management and automation. Often the result is the IT staff working harder and the businesses spending more to support a white-box hardware infrastructure than the one-time CAPEX savings realized in buying the white-box servers.
Using an HPE hardware and software solution provides advantages that reduce OPEX spending not available in an infrastructure built on white-box servers. Key OPEX savings from using an integrated HPE solution are:
Platform management tools that scale across data centers
Server components and form factors that are optimized for enterprise use cases
Hardware platforms where component parts have been qualified together
A proven, worldwide hardware support infrastructure
In addition to the benefits above, all Apollo 4000 configurations include an HPE Smart Array card capable of secure encryption where enterprise-class encryption is needed. Encryption is FIPS-2—certified for security, has been tested as not affecting IOPS on spinning media for low-performance impact, and is transparent to the operating system for ease-of-use. This means any drive supported on the server can be used, giving much more cost/performance flexibility than encryption on drive solutions. Key management is simple and can be managed locally or via an enterprise key management system. hpe.com/servers/secureencryption
Multi-generational Ceph support
Ceph cluster support mixing multiple generations of x86 server storage nodes. Apollo 4510 Gen10 can be used to expand existing storage cluster based on Apollo Gen9 systems.
BVMS and Software Defined Video Surveillance Storage
Video surveillance cameras generate more data as a result of higher resolutions and frame-rates. This has a direct impact on the storage costs of the entire video surveillance environment. The storage consumption can be reduced to use alarm recording instead of continuous recording. This means the system will only start the recording when an alarm is generated (for example, when motion is detected). However, in some projects continuous recording is still required. This entire concept is described in a separate whitepaper: BVMS - Policy Based Recording
Video Recording Manager
The Bosch Video Recording Manager (VRM) is at the heart of the recording system. Instead of acting like an NVR (which takes video streams from the cameras and stores it on a storage environment) it just tells the Bosch cameras where to record their video. This means that the VRM is not involved in the recording itself, which has a couple of benefits.
The first benefit relates to performance: one VRM is able to manage the recording for as much as 2000 cameras an 2 petabyte of storage, while a typical NVR struggles to handle 300 cameras. One BVMS system can handle up to 128 VRMs, which results in a maximum of 256 petabyte per BVMS system.
The second benefit relates to resilience: if the VRM fails, the cameras continue to record for a configurable amount of time. Depending on that configuration, the VRM ensures the cameras have a list of potential storage locations (or block) cached. The camera itself checks the availability of the location and, if a storage location is unavailable or goes off-line unexpectedly, it will automatically fail-over to the next location on the list. The camera even has a built-in cache which stores the last couple of seconds of video. This cache is flushed to the next storage location when a fail-over occurs, which results in a zero frame-loss fail-over. When the VRM fails, the camera offers as a fail-over replay path. Optionally a fail-over VRM can be added to the environment.
The third benefit relates to scalability: the VRM creates virtual blocks on the storage locations, which are reserved for a specific camera (depending on the configured retention time and failure options). If storage capacity is added to the system, the VRM re-calculates the available storage space and distributes the new virtual blocks to the cameras which are active in the system.
Available on request at HPE, SUSE or Bosch.
Describe test process.
Record and replay
The iSCSI gateway is disconnected from the network. The camera re-connect time (time it takes before recording is restarted) will be measured.
Record, replay and rebuild
Disk is removed from the system
One OSD node is disconnected from the system.
... View more