Index | Prev | Next

XProtect requirements

Secure communication requires a secure connection between all components, processes and browsers. XProtect products use an XProtectManagementServer to manage live video and store recorded video.

Native process protection

Behind the scenes a native process using port 9117 functions as a bridge between an XProtect management server and the station. Running on the local computer that houses the station, the native process starts when the xprotect driver starts and stops when the station shuts down.

Figure 60.   XProtect connections
Image

In Niagara, this process randomly assigned the port it used to connect without security to the station.

In Niagara, this connection requires a specific port through which only Niagara may make a secure connection from the station through the native process and on to the server. A certificate assigned to the port provides security for the native process. You must set up the Native Process Port and install the certificate.

 NOTE: You should use HTTPS to stream X Pprotect cameras. However, if you must use HTTP, then you must change the staton’s WebService. For example, https_for_passwords must be set to false

Management and mobile servers

The MilestoneXProtectManagement server, which usually runs on a computer that is separate from the Supervisor PC, manages live video and stores recorded video.

The XProtect Mobile server supports mobile devices that use browsers to connect to the XProtect network over the Internet: computers, smartphones and tablets.

Before installing the xprotect driver:

  • Use the Milestone XProtect VMS (Video Management System) Products System Installer, version 2019 R3 or later to install the XProtect software on a PC that is on the network other than your Supervisor PC.
  • Ensure that the XProtect Mobile Server is installed and running on the Supervisor PC. This software provides the HTML5 solution for the video.

Camera certificates

Devices may always connect without security (http://), but to protect your data, all devices, including cameras, need to make only secure (https://) connections. Secure connections through a browser to remote cameras require TLS certificates. The Milestone Mobile server will not connect securely to a camera using even an approved self-signed server certificate. It requires that the camera have a certificate signed by a root CA certificate in the browser’s trust store.

Related Links

  • Creating the XProtect management server
  • Preparing the network for the XProtect management server
  • Checking for administrator privileges
  • Generating a .pem certificate
  • Generating a .pfx certificate from the .pem certificate
  • Importing the .pfx certificate into Windows
  • Binding the certificate to the native port 9117
  • Establishing the connection
  • About Milestone driver configuration (Parent Topic)

    • Index | Prev | Next