Related Products Common Product Platforms (CPP) Background: In December 2017 information about two vulnerabilities in modern processors were published. These exploits are often referred to as Meltdown and Spectre. Due to the nature of the flaw, many processors (AMD, ARM, Intel, etc.) are considered vulnerable. In order to use the exploit, an attacker needs to execute malicious code on the target system. It is thus generally advised to protect systems from unauthorized access (e.g. by using a strong password policy). Solution Our IP cameras and encoders are based on Common Product Platform (CPP) designs. Each CPP uses a specific System-on-Chip (SOC), or a family of SoC’s, which inherit various CPU cores. Some of them include ARM cores, which are considered vulnerable. We therefore have analyzed our Common Product Platforms if they are affected, with the result: Our Common Product Platforms CPP-ENC, CPP3 and CPP4 are not affected by the vulnerabilities. The processors used in the SoC’s of our Common Product Platforms CPP6, CPP7 and CPP7.3 are affected. But as we do not allow 3rd party code being installed or executed on our cameras, successful exploitation is considered not possible with Meltdown or Spectre. In short, our IP cameras and encoders are not vulnerable to Meltdown or Spectre exploitations. Notes To endure insusceptibility it must be ensured to have recent firmware installed on the devices and access protection kept on a reasonable level.
... View more
Which are the Absolute Positioning functions and protocols of Bosch Autodome & MIC cameras?
This article contains detailed examples for the absolute position functions of the various IP models of the Autodome & MIC cameras.
The support model series are: • Current Models: AUTODOME IP 4000/5000, AUTODOME IP 4000i/5000i, VG5 IP 7000, MIC IP 7000 & MIC IP 7000i, MIC IP 9000i • EOL models: VG5 700, VG5-800, JR HD
NOTES: 1. These commands will NOT work with either the Analog cameras with the serial interface.
2. The HD cameras do not support the OSRD absolute position commands. The HD models operate using the BICOM protocol over IP.
1. Command Repetition Rate
In order to avoid conflicting commands to the camera pan & tilt motors, commands must be controlled using one of the following methods.
Wait for Acknowledge using the GET command
After a SET command is issued, use the GET command to read the dome position and wait for the dome to reach the final position to ensure that it has stopped before sending another SET command. OR
Check to determine if the motors have stopped
The compound PTZ command includes the motors status in the reply to the GET (Inquiry) command. After the camera is told to Move (SET command) to a position, then GET commands can be used to check the motor status. If the motors are still moving, then don’t send another Move (SET) commands. OR
Add a fixed delay time between commands
A fixed delay of 100 mS could be added before a new SET command is issued. The camera will not reach the final position within this amount of time, but the internal buffer can receive commands at this rate. The camera will move to each position in the order that the commands are received, before it will move to the next position. NOTE: The Zoom position data updates at 4 times per second. If the Zoom command isn’t changed, then the value is not updated.
Important: If commands are sent faster than 100 mS, the following will occur:
• When the Autodome motors are in motion to go to a position, and they are not stopped before moving to another position, mechanical slippage will randomly occur.
o This will cause a loss of the home position, which in turn will cause all movements after this to be incorrect. o This will occur more often if the new position is not in the same direction.
• This will not happen when using the MIC IP 7000 camera, since it has an internal resolver that always ensures that any shifts in position are corrected.
2. Bicom Protocol Message Syntax
The Bicom message syntax consists of Flags + Server ID + Object ID + Operation + Bicom Data.
0x81 if a Return_Payload is expected 0x80 if No Return_Payload
Bicom PTZ Server ID:
0x0006 PTZ Server The PTZ server controls the pan, tilt and zoom position.
The Object ID consists of 4 Hex values (0x #### ). This document explains 0x1D0 & 0x, object ID.
0x01 GET (Read a value back from the device) 0x02 SET (Send a value to a device) 0x03 SET_GET (Will perform either of the above actions)
Bicom Data (Up to 30 bytes)
T his depends on the type of command being sent. This document is restricted to the Absolute Position commands and the data bytes are defined below.
NOTE: The 0x at the beginning of these values indicates that it is a Hex value. The 0x is only sent as the beginning characters of the Payload. It is removed for the rest of the data. Refer to the examples below.
3. Position Coordinates
The position data is defined by the Bosch Unified Coordinate System (UCS). The figure below illustrates how the UCS is defined.
NOTES: 1. All versions of cameras have a Pan range of 0.00 to 359.99 2. The Autodome cameras Tilt down from 90.00 Degrees (Horizon) to 180.00 Degrees (looking straight down). 3. The MIC 7000 Camera Tilts up from 90.00 to 0.00. 4. All camera models adjust the coordinates when mounted inverted when the correct setting is configured.
4. Object ID 0x1D0 “Compound PTZ Command”
This section describes the Pan/Tilt/Zoom Compound Absolute Position Object, plus Movement Status object. This object provides control of the Pan, Tilt, Zoom positions in a single command. There is also an option to ignore any of these positions.
E.g. Send the Pan and Zoom position data and ignore the Tilt data. The Hex data for the Pan and Tilt positions is degrees (x100). The Zoom position Hex data is the focal length in mm (x 100).
NOTES: 1. The VG5 700; 800; JR HD FW version must be 5.5 or higher. 2. The AutoDome IP 7000 series & MIC IP HD 7000 series FW version must be 5.92 or higher. 3. This object is not supported by the VG4, VG5 600, MIC analog cameras, and the MIC IP PSU. a) There are separate documents available for these models. 4. The Absolute Position command is typically used for a movement to an Alarm condition to move the cameras as quickly as possible to a known location. Therefore, the camera always responds to an Absolute Position command at the MAX speed after the camera reaches this position, the control then typically changes to use the Variable Speed PTZ command to provide finer control of the camera Section VII). 5. The Maximum Speed varies for each model. Please refer to the Data Sheet for the specific values
Definition of the Get command and response (PTZPosMoveStatus)
Definition of the Set command and response (PTZPosMoveStatus)
Definition of the Data Bytes:
*********Description of Individual Data Bytes********* Bytes# 0 - 5 : PTZ Positions - Request and Response PPPP - 2 bytes Pan Position in Degrees x 100 (UCS) TPTP - 2 bytes Tilt Position in Degrees x 100 (UCS) ZPZP - 2 bytes Zoom position in Focal Length x 100 ****** Byte 6 : Ignore Flags - Expects valid data during Request (SET/SETGET), Don’t care during GET or Response
IP - Ignore Pan: 1 IT - Ignore Tilt: 1 IZ - Ignore Zoom: 1
****** Byte# 7 : Motors Move Flags - Don’t care during Request Motors status is reflected during Response MMF - Motors Move Flags reflects Motion Flags in the returned Data (GET)
PMF - Pan Move Flags: 0 - Stopped, 1 - Moving TMF - Tilt Move Flags: 0 - Stopped, 1 - Moving ZMF - Zoom Move Flags: 0 - Stopped, 1 – Moving
Refer to the PTZ_MovementReferenceGuide_Autodome_&_MIC_7000series_4_1.xlsx for a table of Magnification values.
5. Compound PTZ Absolute Command Examples
Bosch IP Video products in video management system environments are mainly controlled and managed using an enhanced version of Remote Control Protocol, RCP+, pronounced “RCP plus”.
This protocol defines commands and messages that allow to configure the units and to establish communication between units, or units and management systems. As RCP+ message and command sets are dependent on firmware features.
Full RCP+ documentation is available, but a brief summary is:
RCP+ provides opcodes (e.g. 0x9A5) for data transfer. It may be used with any programming language such as C++ or CGI scripts.
CGI Script Example
The use of absolute positioning does require detailed knowledge of programming or scripting languages and the user has to know how to use RCP+. The RCP+ Opcode used in this CGI script example is 0x09A5.
Please refer to the complete RCP+ documentation on usage of this message.
1. Syntax http://aaa.bbb.ccc.ddd/rcp.xml?command=0x09A5&type=P_OCTET&direction=WRITE&num=1&payload=0x80000601d002pppptptpzpzpiiff
• pp pp=Pan values in Hex (Degrees x 100) • tp tp = Tilt values in Hex (Degrees x 100)
• zp zp=Zoom values in HEX (Focal Length x 100)
• ii = Ignore flags (section V, ii)
• ff = Motor Move Flags (section V, ii)
Examples SET Commands:
SET command to pan 90, tilt 90, and zoom to full wide focal length (4.3 mm * 100, Decimal 430, HEX 01AE) http://aaa.bbb.ccc.ddd/rcp.xml?command=0x09A5&type=P_OCTET&direction=WRITE&num=1&payload=0x80000601d0022328232801ae0000
SET command to pan 270, tilt 135, zoom full optical focal length (129 mm * 100, Decimal 12900, HEX 01d6) http://aaa.bbb.ccc.ddd/rcp.xml?command=0x09A5&type=P_OCTET&direction=WRITE&num=1&payload=0x80000601d002697a34d832640000
SET command to pan 180, tilt 180 15X zoom (64.5 mm, Decimal 6450, HEX 1932) http://aaa.bbb.ccc.ddd/rcp.xml?command=0x09A5&type=P_OCTET&direction=WRITE&num=1&payload=0x80000601d0024650465019320000
6. Object ID 0x110 (Operation 0x85) “Variable Speed PTZ Command”
This section describes the Variable Speed Pan/Tilt/Zoom Position Movement object. This object provides control of the Pan, Tilt, Zoom positions in a single command. NOTES: • The Hex data for the Pan and Tilt positions is degrees (x100). • The Zoom position Hex data is the focal length (x 100).
Definition Position.MoveContVarSpeed: (0x85)
Notes: • A speed greater than 0 will cause the operation to start. • A speed equal to 0 for an individual command will cause that operation to stop for that one movement (P, T, or Z). • A speed equal to 0 for all three commands will stop ALL movement (PTZ) • The default mode is for the unit to operate in Proportional Speed. This means that a correction factor is applied to reduce the Speed, so that the control is smoother when at increased magnification factors. • The correlation of the Proportional Speed reduction versus the Zoom/Magnification Factor is provided in PTZ_MovementReferenceGuide_Autodome_&_MIC_7000series_4_0.xlsx.
7. Variable Speed PTZ Command Examples
Refer to Section 5. Compound PTZ Absolute Command Examples for more details on the format of these examples.
Send the command to pan Right at a speed of 15, Tilt Down at a speed of 2, and Zoom Out at a speed of 3 http://aaa.bbb.ccc.ddd/rcp.xml?command=0x09A5&type=P_OCTET&direction=WRITE&num=1&payload=0x8000060110858F0203
Send the command to Tilt Up at a speed of 5 and Zoom In at a speed of 3 http://aaa.bbb.ccc.ddd/rcp.xml?command=0x09A5&type=P_OCTET&direction=WRITE&num=1&payload=0x800006011085008383
... View more
Related Products Bosch Video Management System Windows 7 Issue The Audio Intercom functionality does not work after having installed Bosch VMS. Potential Audio Intercom problems are: Encoder audio cannot be heard on the Operator Client computer audio output. Audio Intercom toolbar button is disabled when hovering over it and the button cannot be pressed . Audio Intercom toolbar button can be pressed, but audio cannot be heard on the encoder audio output. Solution Audio Intercom functionality consists of two parts: Output of encoder audio on the Operator Client Output of microphone input on the encoder Part 1: Output of encoder audio on the Operator Client To get audio output on the Operator Client, follow these steps: 1. Check whether the encoder supports audio and activate it. 1.1 Open the webpage of the encoder. 1.2 In Advanced Mode, navigate to the Encoder/Audio page. Hint: If there is no audio page, then the encoder does not support audio. 1.3 On the Audio page, make sure that audio is switched "On". 1.4 On the Audio page, make sure that the Line In input levels are not zero. 1.5 On the Audio page, make sure that there is an input signal, i.e. the gauge of the Line In input should flicker. 2. Configure audio permissions in Bosch VMS Configuration Client. 2.1 Start Configuration Client 2.2 Click the User Groups tab. 2.3 Click the Camera Permissions tab. 2.4 Click to check the Playback Audio permission for the cameras to be used for Audio Intercom. 2.5 Click the Cameras and Recording tab. 2.6 Select the audio sources for the cameras to be used for Audio Intercom in the Audio column. 2.7 Save and activate the configuration. 3. Configure Windows audio playback settings. 3.1 Start some audio playback. E.g. open the Audio webpage of the encoder as described in step 1 to hear the audio signal of the encoder. Alternatively play an audio file on your Bosch VMS Configuration Client PC. 3.2 In the system tray, richt-click the audio icon and click Playback devices. The Sound dialog opens. 3.3 Make sure that the desired playback device is set as Default Device. Make sure that there is an input signal, i.e. the gauge of the playback device should flicker. If there is no input signal yet, proceed with step 3.4. 3.4 In the system tray, right-click the audio icon and click Open Volume Mixer. The audio mixer opens. 3.5 Ensure that the audio level of the desired playback device is at maximum. 3.6 Make sure that there is an input signal, i.e. the gauge of the output device in the audio mixer should flicker. 4. Check audio playback in Bosch VMS Operator Client 4.1 Start Bosch VMS Operator Client 4.2 In Live Mode, open an Image pane for a camera with audio support. 4.3 In the Image pane toolbar, click the loudspeaker symbol to activate audio playback. If no audio can be heard, make sure that the loudspeaker icon in the toolbar is activated and that the audio level in the toolbar is set to maximum. Part 2: Output of microphone input on the encoder To activate Intercom functionality on the Operator Client, follow these steps: 5. Configure Audio Intercom permissions in Configuration Client. 5.1 Start Configuration Client. 5.2 Click the User Groups tab. 5.3 Click the Permissions tab. 5.4 Click to check the Audio Intercom permission. 6. Configure microphone input for Operator Client. 6.1 In Windows Explorer, navigate to directory C:\Program Files (x86)\Bosch\Vms\bin 6.2 Open the file OperatorClient.exe.config with Notepad. 6.3 Navigate to line "key="MicrophoneInputNr" ADD value="0"". Make sure that the value is set to 0. 7. Configure Windows audio recording settings. 7.1 In the system tray, right-click the audio icon and click Recording devices. The Sound dialog opens. 7.2 Make sure that the desired microphone device is set as Default Device. 7.3 Make sure that all other recording devices are disabled. 7.4 Speak into the microphone and make sure that the gauge of the microphone device flickers. If this is the case, proceed with step 8. If there is no microphone signal yet, proceed with step 7.5 7.5 Right-click the microphone device and click Properties. The microphone properties dialog opens. 7.6 Select the Level tab and make sure that the microphone level and amplification are properly set. 7.7 Speak into the microphone and make sure that the gauge of the microphone device flickers. If there is no microphone signal yet, make sure that you plugged in the microphone to the correct connector. 8. Check Audio Intercom functionality in Operator Client. 8.1 Start Operator Client. 8.2 In Live Mode, open an Image pane of an encoder with audio support. 8.3 Hover the mouse over the Audio Intercom icon. Note that the Audio Intercom icon changes, i.e. a grey double-arrow is displayed. If hovering on the Audio Intercom icon does not change the icon appearance, check whether the "MicrophoneInputNr" value is "0" as described in step 6.3. 8.4 Click the Audio Intercom icon and speak into the microphone. Hold the mouse button while speaking. Note that the Audio Intercom icon changes, i.e. a red double-arrow is displayed while the mouse button is pressed. 8.5 Check whether audio can be heard on encoder audio output. If the encoder audio output cannot be heard because the encoder is located on a remote site, then open the encoder webpage as described in step 1. 8.6 Speak into the microphone while watching the Line Out gauge: the gauge should flicker when speaking into the microphone. Notes Note that configuration of Audio Intercom functionality differs for Windows XP systems.
... View more
Related Products All NetApp E-Series Systems (E.g. E2700 and E2600) Issue The internal chip vendor for the NetApp host card (HIC) responsible for the CH3 / CH4 host ports has a predefined set of MAC addresses for every port on the host card. These are set to allow multiple protocols support. The normal behaviour is to have FCoE/ethernet/iSCSI MAC addresses all uniquely defined on the same port. Solution If you must quickly identify what MAC addresses would be visible by some security applications, you can determine a list using a label on the controller host card. Locate the controller HW and write down the MAC address from the label on the host card (white sticker). Based on the example label we refer here, you can see the MAC, 00:A0:98:5C:1C:B8 x6. 'x6' is indicating that the MAC address pool for this card is 6 sequential addresses long. The NetApp HIC would require the following MAC addresses be allowed in aggressive port security implementations. 00:A0:98:5C:1C:B8 00:A0:98:5C:1C:B9 00:A0:98:5C:1C:BA 00:A0:98:5C:1C:BB 00:A0:98:5C:1C:BC 00:A0:98:5C:1C:BD If the label is missing or further evidence is required, there is a shell command that can output the MAC address pool list. Please note that shell commands are sensitive and should only be completed by NetApp to avoid any chance of error and impact. 1. Connect to shell of controller 2. Execute chall 0 and document what host channel relates to the port of interest. In my example, we are using channel 4 and 5 to show the full list of the card. -> chall 0 chAll (Tick 0304974794) ==> 04/11/17-12:24:26 (GMT) 2701-A 08.25.08.00 .....Channels.....:...........Target...........:............Initiator..........: Link :ITN :..........IOs..........:ITN :............IOs...........:.........Busy.........Idle. Ch H/D STP Down :cnt : Open Completed Errs :cnt : Qd Open Completed Errs: Ms Ms ---- --- --- ---- :--- :----- ---------- ----- :--- :--- ----- ---------- -----: ------------ ------------- 0 Drv SAS 0 : 1 : 0 41267 0 : 14 : 0 0 112236 0: 16536 61258555 1 Drv SAS 0 : 1 : 0 41150 0 : 14 : 0 0 104671 6: 12267 61262825 -< 2 Hst SAS 0 : 0 : 0 0 0 : 0 : 0 0 0 0: 0 61275093 -< 3 Hst SAS 0 : 0 : 0 0 0 : 0 : 0 0 0 0: 0 61275093 -< 4 Hst FCP 0 : 0 : 0 0 0 : 0 : 0 0 0 0: 0 61275093 -< 5 Hst FCP 0 : 0 : 0 0 0 : 0 : 0 0 0 0: 0 61275093 6 Drv USB 0 : 0 : 0 0 0 : 2 : 0 0 0 0: 0 61275094 value = 1 = 0x1 3. Using channel from step #2, execute qlSetMacAddresses # to output MAC addresses to shell. The highlighted portion of the output below correlates to the last octet of the MAC addresses in the list we manually created above. -> qlSetMacAddresses 4 address into qlSetMacAddresses:0 NOTE: memory values are displayed in hexadecimal. 0x0c697700: b8 1c 5c 98 a0 00 00 00 * .\.....* 0x0c697710: b9 1c 5c 98 a0 00 00 00 ba 1c 5c 98 a0 00 00 00 *..\.......\.....* 0x0c697720: bb 1c 5c 98 a0 00 00 00 bc 1c 5c 98 a0 00 00 00 *..\.......\.....* 0x0c697730: bd 1c 5c 98 a0 00 00 00 *..\.............* value = 0 = 0x0 -> 04/11/17-12:29:41 (tShellRem208398600): WARN: Mac Address of less that 0xFFFFFFFF rejected 04/11/17-12:29:41 (tShellRem208398600): WARN: QLogic command failed -> qlSetMacAddresses 5 address into qlSetMacAddresses:0 NOTE: memory values are displayed in hexadecimal. 0x0c690500: b8 1c 5c 98 a0 00 00 00 b9 1c 5c 98 a0 00 00 00 *..\.......\.....* 0x0c690510: ba 1c 5c 98 a0 00 00 00 bb 1c 5c 98 a0 00 00 00 *..\.......\.....* 0x0c690520: bc 1c 5c 98 a0 00 00 00 bd 1c 5c 98 a0 00 00 00 *..\.......\.....* value = 0 = 0x0 -> 04/11/17-12:31:06 (tShellRem208398600): WARN: Mac Address of less that 0xFFFFFFFF rejected 04/11/17-12:31:06 (tShellRem208398600): WARN: QLogic command failed 4. Repeat this process for every port (channel) connected on each controller.
... View more
Related Products Divar IP 7000 R2 Overview Memory leak on a Divar IP 7000 R2 triggered by Catalyst Control Center. Issue Under some circumstances the software Catalyst Control Center (ccc.exe) occupies 100% of the virtual memory on a Windows Server 2012 system. Loglines from Windows event log showing the memory issue: Warning 15.09.2017 02-30-37 Microsoft-Windows-Resource-Exhaustion-Detector (3) NT AUTHORITY\SYSTEM mydivar ->Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: CCC.exe (10744) Solution There are two different ways to solve the issue: 1. delete ccc manually from the registry and restart the Divar IP 7000 R2. OR: 2. Update your Divar IP with upcoming BVMS Appliance version 8.0.x Notes Issue is fixed inside upcoming BVMS Appliance version 8.0.x
... View more