In August 2018 (10-08-2018) the VRM version 03.71.0029 was released.
The Video Recording Manager 03.71.0029 is fully supported with BVMS 8.0 and Product Management of BVMS and VRM recommend to use this VRM version instead of the former Release version of VRM 03.70.0056.
Changes / Bug Fixes:
One of the main bugfix reasons to use VRM 03.71.0029 is a fix in regards to correct display and replay of recorded clips in continous and alarm recording mode. This fix is listed on page 2 of hte attached Relase Letter.
For Troubleshooting and support reasons it is essential to double-check a reported gap in recording and to analyze on Level 2 and Level 3 support side what circoumstanced could lead to a video gap. See in the following chapter what kind of data a trained BOSCH partner, Installer or Video expert should provide to the BOSCH Technical Support to advise on next steps. The data described here below can and should be collected before the software VRM is changed and updated to a latger version. Note: Video Recording Manager version 03.71.0029 is not the latest available version of VRM, but in combination with other 3rd party implemantation or usage of special BOSCH VMS software version (e.g. BVMS 8.0) this VRM version 03.71.0029 may be required.
VRM logging to collect for in depth expert troubleshooting
In certain situations and troubleshooting scenarios extended logfiles might be required. The BOSCH Level 1 and BOSCH Level 2 team will assist all users on how to collect these data and cooperate with the BOSCH Level 3 Support where needed.
Backup the configuration of BVMS and VRM (BVMS elements and VRM config.xml file)
Enable debug logging of the VRM Depending on the used Configuraiton Software the debug logging need to be enabled to get an extended logging informaiton. In case a gap in recording happened in the past it is anyhow helpful to enable the debug logging for a defined time for future incidents. To analyze the already occured video recording gap the available VRM logging must be collected.
Depending on 32-Bit or 64-Bit version of the VRM software, the loggings are found in the "primary" or "secondary" sub-directory structure. Surch for ...\Bosch\Video Recording Manager\VRM Server folder at your VRM server to find a similar directory view like shown in the screenshot here below:
Inside the directory "log" the standard logging data of the VRM are found and need to bre collected. In addition to the standard logfiles of the relevant day, the debug logging from a defined time period need to be provided in case debug logging was enabled prior to an incident.
Here the "debug" logfiles are found: The debug loggins are saved in a special directory "debug".
The Spanhistory logging does provide details of the storage usage. It describes which internal "storage block" was used. It describes the IP of the target, the LUN and the block used for a recording. The Spanhistory of the day where the recording was done and shows issues (e.g. the video reocriding gap), the related spanhistory logfiles is required.
As seen in an earlier screenshot above the VRM configuration file is found in the directory: ...\Bosch\Video Recording Manager\VRM Server\primaryAll versions of the config.xml need to be provided to the Technical Support.
... View more
Can I receive / retrieve more than 4 live video streams with BOSCH Video Security Client version 2.2 on my Windows PC?
All VRM versions newer than version 3.0 running on a DIVAR IP (e.g. DIVAR IP 6000 R2) do offer automated live video forwarding via the VRM running on the DIVAR IP. For example the current VRM version 3.71.0029 or VRM 03.81.0032 can offer 4 transcoded live videos and on top normal non-transcoded video depending on available performance and bandwidth.
As the Video Security Client do not offer connections to devices of DIVAR IP Family through HTTP(S) proxies, the VSC cannot correctly determine if a DIVAR IP is local or connected via public internet. The Release letter of the Video Security Client (VSC) informs in section "4. Restrictions, known issues". DIVAR IP Family devices coming with VRM 3.6x and later are reachable via non transcoded tunneled way as well in case the Video Security Client can detect the DIVAR IP as local available device. There is a mechanism in the Video Security Client (VSC) to detect if the DIVAR IP is in the same local network as the Windows workstation running the VSC. As soon the VSC cannot reach the DIVAR IP locally but via a public IP the VSC tries to use a transcoded live video. A DIVAR IP offers up to 4 transcoded video connection in total.
Note: There is one sentence in the release letter that is only valid for the VRM version 3.0 but not for any later/(newer VRM version: "• Connections to devices of the DIVAR IP Family with VRM Version 3.0 support only transcoded connections"
Please be aware that of course newer VRM versions offer non-transcoded live video via the VRM live video forwarding in the local network.
... View more
MTU and MSS
MTU stands for "Maximum Transmission Unit."
MTU is a networking term that defines the largest packet size that can be sent over a network connection. The MTU is typically limited by the type of connection, but may sometimes be adjusted IT network settings. The typical value of the Network MTU is 1514 Byte. If a system sends packets over an Ethernet network that are larger than this size, the data will be fragmented into smaller packets. When referring to Ethernet MTU this includes 4 Byte checksum. The 1514 Byte is the interface MTU without the Ethernet Checksum.
In cae there are limitations by the type of connection, the packets will then need to be reassembled on the receiving side (e.g. Bosch video management software or Bosch hardware decoder). However, it can be beneficial to optimize the packet size on the sender side (e.g. IP camera) to the exisitng network infrastructure.
As MTU maximum packet size is layer 1 related, the IP MTU that you can be adjusted at the BOSCH device configuration (Configuration Webpages or with the help fo BOSCH configuraiton software like "Configuraiton Manager"). The BOSCH GUI refers to this as “Network MTU”. BOSCH products can manage fragmented data.
MSS stands for "Maximum Segment Size"
The MSS value is calculated from the MTU. MSS = MTU – (layer 3 TCP header [20 Byte] + Layer 2 IP header [20 Byte]+ Layer Ethernet 1 [6+6+2 = 14 Byte])
For example looking at CPP 6 Platform – like FLEXIDOME IP panoramic 7000 MP in Firmware version 6.50.0128 you can adjust and find the following values:
Network MSS (in Byte) - default value = 1460
iSCSI MSS (in Byte) – default = 1460
Network MTU (in Byte) – default = 1514
MTU and MSS can be adjusted at all released firmware versions 4.x and later.
Here some screenshots as example based on Firmware 06.50.0128
... View more
Combined firmware package 6.60 – applicable to all platforms
The Release Letter of the combined firmware package for all platforms 6.60.1321 provides information about the dependencies between firmware versions for a better understanding of the upgrade process of devices with older firmware.
CCP4 and CPP6 devices:
Due to an internal file system being introduced to CPP4 and CPP6 since firmware 6.10 and architectural changes thereof, a direct upgrade from firmware below version 6.10 to latest firmware is only possible via intermediate firmware 6.1x.
CPP4 cameras with firmware versions below 6.10 need to upload this package twice. For example, when having firmware 5.92 on a CPP4 device, you need to load the CPP all common firmware file two times: > First time this is loaded the device will be updated to the 6.11.0021 which is part of the common file. > Second time you load the common firmware file, the update to 06.50.0128 will be performed.
CPP6 cameras with firmware versions below 6.10 need to upload the separate firmware version 6.1x first to receive the latest firmware version. This means that intermediate firmware version 6.1x for CPP6 needs to be requested from your technical support. A support ticket to Level 3 team at MKP PRM group via the support ticket system is needed. In case we see a high demand for that a new combined firmware file might be created by PRM. Only after receiving and uploading firmware 6.1x, you can upload combined firmware package for all platforms 6.50.0620 or CPP6 specific firmware 6.50.0128.
This combined firmware cannot be applied to CPP5 products with firmware version older than 5.91. It is required to upgrade to intermediate firmware 5.91 first
This means that intermediate firmware version 5.91 for CPP5 needs to be requested from your technical support. Only after receiving and uploading firmware 5.91, you can upload combined firmware package for all platforms e.g. 6.50.0620 or CPP5 specific firmware 6.30.0059. To find a combined firmware file in the downloadstore you can use the folowing URL syntax: https://downloadstore.boschsecurity.com/index.php?type=fw&filter=CPP
or you use the CPP 6.50 combined file here: https://downloadstore.boschsecurity.com/FILES/KnowledgeBase/CPP_FW_6.50.0620.fw
and Releaseletter of that combined firmware package: https://downloadstore.boschsecurity.com/FILES/KnowledgeBase/Bosch_Releaseletter_CPP_FW_6.50.0620.pdf
Note: Upgrading from versions lower than 5.5x
To upgrade to a newer firmware version using this combined firmware package, firmware versions before 5.5x require an intermediate update cycle using the respective platform firmware version mentioned above.
This firmware and its included platform firmware builds are not applicable to MPEG-4 products.
The final firmware version for VIP-X1600-XFM4 modules is FW 5.53. No newer firmware will be provided for these modules.
Configuration Manager cannot upload this Combined Firmware file to VIP-X1600-XFM4 modules. Use the module’s web page instead for uploading; or use the separate firmware file.
The final firmware version for CPP3 devices is FW 5.74. No newer firmware will be provided for these products.
The Combined Firmware file does not load onto VG4 AUTODOME or AUTODOME Easy II via the browser when running a firmware version before 5.52.0017. The specific platform file should be used instead.
(Note: In case any link might not work to the current DownloadStore, see attached a copy PDF of the Release Letter.)
How to get and request a BOSCH Legacy Firmware:
The procedure to request and get an legacy firmware that is no longer online in the web is as follows:
Customers are kindly requested to reach out to the local BOSCH Support (L1 and L2 team).
Bosch Level 2 will ask for the exact BOSCH Commercial Type Number (CTN). The local BOSCH team can check the Global End of service date. The project background (How many of these devices/cameras) need to be collected.
The relevant BOSCH Technical Support (e.g. Level 2) can explain and check if there is the chance to update the project and included management software in order to be able to use the latest BOSCH device firmware as the goal is to have a non-vulnerable product in productive environments.
In case there is no newer firmware available (hardware was discontinued), a commercial hardware upsell can be recommended.
In general all firmware that is not available on the product catalog, and for all firmware files that are ranked to have vulnerabilities, this need to be documented in a Technical Support case.
In case legacy firmware is anyhow needed and requested by our customers, the Bosch Technical support will start an approval flow. The BOSCH Level 3 Technical Support will provide a form/document that must be signed by the installer/endcustomer. See an example PDF (empty) "Example_Aged_Software_Release_form.pdf" attached to this article. Such a form will be prepared by the BOSCH Level 3 Technical support team and provided to our customer/installer in order to confirm that legacy firmware is then used on the risk of the installer and customer (See text and legal note in the PDF). In the future BOSCH plan to introduce and setup a self-service portal for all customers to simplify this process.
The above mentioned combined firmware 6.50 supports:
CPP7.3 HD and UHD cameras update from FW 6.40 or newer to latest FW 6.50
CPP7 UHD cameras update from FW 6.30 or newer to latest FW 6.50
CPP6 UHD cameras update from FW 6.10 or newer to latest FW 6.50
CPP5 encoders update from FW 5.91 or newer to latest FW 6.30
CPP4 HD cameras update from FW < 6.10 to intermediate FW 6.11 update from FW 6.10 or newer to latest FW 6.50
CPP3 cameras and encoders update from FW 4.54.0026 or newer to latest FW 5.74
CPP-ENC VIP-X1600-XFM4 encoders: update from FW 4.2x or newer to latest FW 5.53 VJT XF and VJD-3000 update to latest FW 5.97
The combined firmware package includes the following build versions:
CPP7.3 FW 6.50.0128
CPP7 H.264 6.50.0128
CPP6 H.264 6.50.0128
CPP5 H.264 6.30.0059
CPP4 H.264 6.50.0128
CPP4 H.264 6.11.0021
CPP3 H.264 5.74.0010
CPP-ENC H.264 5.97.0005 for VJT XF family, VJD-3000 and VJC-7000
CPP-ENC H.264 5.53.0004 for VIP X1600 XFM4
For detailed description please refer to the separate release letters.
Customers can upload such combined firmware packages by using multi-select in the Configuration tool "BOSCH Configuration Manager" (currently available in version 06.01.0157 at the BOSCH DownloadStore or Product catalog > Video Software > Video Management Systems > Configuration Manager)
When using the multi-select option in Configuration Manager, please make sure this combined firmware package for all platforms can be uploaded to all the devices selected and there are no additional requirements or intermediate steps needed for any of the devices in question.
This article has status of 31st of October 2018 and changes in this procedure might be introduced. When changes are done, then this article will be updated. Therefore check this article from time to time.
... View more
This article informs about improvements in firmware handling and new security mechanisms that help our customers to increase security related to firmware updates and IP camera protection.
BOSCH introduces authenticated firmware signature
Firmware security with IP cameras and IP video encoders is enhanced by introducing signed firmware. The signature of the firmware file has been strengthened by using a two-factor authentication process for signing any firmware file within BOSCH that is published as "RELEASED FIRMWARE". This new process has been prepared with firmware 6.50 already and comes into effect with firmware versions 6.51 and newer. Non-released firmware cannot be installed on products in the field. The new signature protects from non-released versions being installed in productive systems.
As a result any integrator-specific firmware e.g. for Field Acceptance Test or project assistance from BOSCH R&D need to have a special license installed prior to the firmware update (loading a project-specific firmware) to allow a "Development Build" of a firmware. The BOSCH Integration Partner Program Program (IPP) Team and the BOSCH support teams are happy to assist our customers / integration partners where needed. For all projects where such a "Allow Development Build" license is required, a technical support case must be created with BOSCH technical support and those cases will be tracked and documented.
Introducing a "minimum required version"
For specific projects with implementation into 3rd party management software, a firmware downgrade to an older firmware version than 6.51 can be required.
All customers and partners in the need to downgrade are requested to contact their local BOSCH Support. Partners with special Support regulation should contact their known IPP support contact in the region in order to get in touch with the Global IPP support.
Right now a simple downgrade to a less secure firmware, which might also lack other improvements, is no longer possible in each case. The dependencies and the minimum required version is documented and listed in the Release Letter of any firmware version 6.51 or newer.
NOTE: All Firmware requests to downgrade to less secure firmware (status 2018-10-16 e.g. 6.44.x). Any downgrade to a firmware version which is not ranked as secure enough must be requested via the BOSCH technical support in your region. See details published in Security Advisories of BOSCH: https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html Such a waiver form must be handed out by BOSCH support and signed by Integrator, Installer and/or BOSCH Partner.
Note: Please also be aware that depending on Hardware there is a minimum Firmware version mentioned at the section "Device Overview" at the WEB GUI of all BOSCH IP cameras. Especially in case of the need to "downgrade" to previous/older Firmware, this Firmware version information must be checked before and taken into consideration. In case a downgrade to a firmware version above the displayed "Minimum required Firmware is planned or needed, it is recommend to check the downgrade process with the local Technical Support of BOSCH. A downgrade is not recommended in general, as fixes and security improvements added to new firmware is missing in older firmware. (example screenshot here below) For other firmware releases, newer than 6.51 (status 03/2019) additional dependencies might be introduced. Please make use of the search feature to find additional news on future firmware releases in our Knowledge Base and read through the Release Letter of such newer Firmware.
Firmware file encryption
Update to 6.51 Firmware: In order to upload version 6.51 to a device running a firmware version below 6.50, you need to upgrade first to version 6.50, since older firmware versions do not support firmware file decryption.
... View more