Video installation

A network of video devices may include one or more Axis cameras, a Milestone DVR (Digital Video Recorder) and display device connected to the DVR or Maxpro cameras and an NVR (Network Video Recorder). The system provides the Axis, Milestone and Maxpro drivers. Each device has its own installation procedure, which is documented in materials provided by the manufacturer. This chapter segregates installation and configuration procedures based on the driver.

While these procedures use the web UI, you may prefer to use Workbench instead. Refer to the Niagara Video Framework Guide for Workbench procedures.

Browsers

HTML5 video rendering has been tested using Internet Explorer and Google Chrome.

Web Launcher and the Java applet

Niagara 4.9 supports HTML5 as well as the older Java-applet technology for rendering and playing back video clips. Video drivers, which support HTML5 (Milestone and Axis) do not require the Web Launcher (Web Start replacement) and Java applet, which run completely outside of a web browser.

These configurations require the Web Launcher and Java applet:

Configurations that use the Maxpro video driver
Configurations that use any video driver to play back older video clips that were rendered using the Java applet
Configurations that use the Surveillance Viewer

TLS secure communication

TLS (Transport Layer Security) is a methodology for server authentication and data encryption. When TLS is enabled, all communication is automatically encrypted, including the data transferred from a camera to a station.

In addition to encryption, certificates provide device (server) authentication over a local area network in two ways:

If you know that the self-signed certificate provided by a video device is valid, you can accept it the first time the station connects to the device and then manually approve it as an allowed host. Thereafter, no further action is required.
More secure than using a self-signed certificate is to import a certificate into the video device that was signed by a CA (Certificate Authority) whose root certificate is in the station’s trust store. The first time the station connects to the device, authentication occurs automatically.

Over the Internet, an additional server certificate is required in the camera to authenticate the camera, as a server, to the browser that manages the transmission from the camera to the station. Again, you may accept and then approve a camera’s self-signed certificate, however, importing a signed server certificate into the camera is much more secure and should be your standard practice for securing all video devices when using the Internet.

A company may use a third-party CA, or serve as its own CA.

Security caveat

RTSP (Real Time Streaming Protocol) over TCP (Transmission Control Protocol), which is used for streaming media servers (video on demand and voice recording), is not secure. It does not use a TLS connection.

Video and port connections

When a configuration uses fox streaming to deliver video from a device, including a camera, DVR, NVR, and server (Axis, Maxpro, Milestone, XProtect), the controller station processes the incoming video and transmits it to users via the Web Service. This means that a device’s network port can be different from the station’s network port.

When a configuration does not use fox streaming, the station does not process the incoming video. Instead, the video stream transmits from the device to the user. This means that the video device must share the same network port as the station.