8/9/2019 3Com-503155

1/8

WHITE PAPER

1

Introduction

Whether it relates to property or individuals, physical security is becoming a growing concern in

todays world. And now with the pervasive availability of IP networks and digital imaging technology,

the possibility of using low-cost, highly flexible video monitoring has become a reality for more

and more organizations. This paper discusses the ways in which it is possible to implement this

new method of providing security camera surveillance. Simply put: if a location is equipped with

a computer network the necessary basic infrastructure is already in place to add networked

video. The design considerations discussed in this document will help explain how best to deploy

highly effective networked IP video camera applications across a network.

Deploying Video over IP Network Cameras

WirelessNotebook Clients

WirelessWorkgroupBridge

IP Camera PoE IP Camera Client PCs

IP PhoneIntelliJack

SwitchPoE EdgeSwitch

WorkgroupAggregationSwitches

Voice overIP Server

Network CoreSwitches

WirelessAccess Point

WANRouter 6080

IntrusionPreventionSecurity

ApplicationServers

ServerAggregationSwitches

NetworkManagement

Wireless SwitchController

3CR1716 1 -9

1S up erS

ta ck 4Swit c

h 5 500-E I 28

-P o rt

3 CR17161

-91S upe

rS t a ck4 Swi

tc h 5500 -E I 2

8 -P o rt

3CR1 71

61 -91S u

perS t ack 4 S

wit c h5500 -E

I 2 8 -Po rt

3CR1716 1 -9

1S u per

S ta ck 4Swit c

h 5 500 -E I 28

-P o rt

3CR17161

-9 1S up

erS ta ck 4 Sw

it c h 5500 -E I

28 -P ort

3CR 171

61 -91S u

perS ta ck 4S

wi tc h55 00 -

EI 28 -Po rt

3C RW X4400 9

5AWi rel essLAN

Controller WX44

00

3 CR17 161

-9 1S upe

rS ta c k4 S wit

c h 5500 - EI 2

8 -P ort

3 CR17 161

-9 1S upe

rS ta c k4 S wit

c h 5500- EI 2

8 -P o rt

WAN / Internet

PSTN

Integrated Solutions for Networked IP Cameras

8/9/2019 3Com-503155

2/8

3COM DEPLOYING VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

2

Deploying Video over IP Network Cameras

Alternate Approaches toImplementing Closed Circuit TelevisionTraditional surveillance (CCTV) cameras areusually connected to a monitor by means of

dedicated coaxial cabling. If a multiplexer isadded, its then possible to display imagesfrom several cameras on a single monitor. Itis also relatively easy to add one or two moremonitors within a building. But viewingimages from additional outside locationsbecomes progressively more complicated,because dedicated cable is required to add anew monitor or camera to any existingsystem. Whats more, CCTV users mustalways consider how to store the large quan-tities of magnetic tape that result.

In contrast, network cameras are designedwith built-in video servers and Ethernetconnectivity, enabling their images to beviewed from any computer connected to alocal area network, over a private intranet,or even the Internet. A network videocamera can be configured to provide theentire Internet community with access to itsimages via a web site, or conversely toprovide restricted viewing access to alimited number of authorized people.

Why use networked video over IP tech-nology? Because it makes it possible to

access up-to-the-second images at any timefrom any computer anywhere. The imagescan be stored at remote locations for conven-ience and/or security, and the Internet canbe used as carrier for the information. Acamera can be placed almost anywhere.There are no limitations tied to physicalinputs or frame grabbers; the product can beconnected to a LAN, xDSL, modem, wirelessadapter, or mobile phone. Network videoimages can be received from any locationthat calls can be received on a mobile phone.And network video technology is highlycost-effective, since it doesnt even require a

new PC to make the camera usable. Anyexisting computer can be used for viewingvideo images; there is no need to buy dedi-cated video monitors. With an existingnetwork infrastructure capable of videotransmission, no separate coaxial videocables are required.

Example Applications

Remote monitoring

Network video is useful for thousands ofapplications. Simply attach a camera to anexisting IP network and view live video on aPC with an Internet browser. Use networkcameras in schools to see who is in the hall,computer room, lab, or cafeteria. Install it atmanufacturing plants to see that productionis running smoothly, and that the machineryis performing as it should. Or remotelymonitor and record images from multipleretail outlets to protect staff and assets

Security surveillance

False alarms present a big problem to secu-rity systems. Network cameras enable alarms

to be checked and confirmed from anywherebefore action is taken. They are as equallywell suited to taking snapshots of peoplepassing through a door, as they are to beingused in sophisticated biometric systems withdedicated application software. For example,a security guard who has been alerted to abreak-in can get a view of the room wherethe break in has occurred by checking videoimages sent to his wireless PDA. Then heknows whether or not it is safe to enter.With network video products there is nolonger any need to worry about changing (orforgetting to change) tapes in time-lapserecorders. And because images are stored onhard disks instead of VHS tapes, any oldunwanted images can be erased automati-cally. The ability to deliver live high-qualityimages and sound also makes network videoideal for improving school and campus secu-rity. In combination with a security firewall,network cameras can be quickly configuredfor securely monitoring hallways, class-rooms, and parking lots.

Broadcasting images over the Internet is agreat way for companies to promote their

services, and to provide customers with up-to-the minute information. For example,cameras transmitting video of a ski stationshow the weather conditions on the slopes.People can check these by browsing theInternet before leaving home. Live videowhether it shows images and sounds of abustling city, a busy university, or thebeauty of a mountain, beach, or forestcanmake a web site attractive, dynamic, inter-esting and worth a return visit. With HTML(Hyper-Text Mark-up Language) its easy tocreate web pages, web sites, or home pagesthat display images from network cameras

C O N T E N T S

Introduction....................................................1

Deploying Video over IP Network Cameras.....2

Alternate Approaches to Implementing

Closed Circuit Television.............................2

Example Applications.................................2

Network Video Use in Market Sectors........3

Advantages of Video over IP Solutions.......3

Installation Considerations .........................4

Wireless LANs............................................6

Wide Area Networks .................................7

Internet and Virtual Private Networks.........7

Summary........................................................8

8/9/2019 3Com-503155

3/8

3

3COM DEPLOYING VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

Network Video Use in Market Sectors

Education

Educational establishments are increasinglyusing network cameras to monitor andprotect staff, students, and property.Surveillance and remote monitoring of

playground areas, corridors, halls, and class-rooms are easy to achieve. Its even possibleto give parents limited, controlled access tolet them monitor their child in the schoolenvironment.

Banking

Bank branch offices are often small andgeographically dispersed. A network videosystem offers the major advantage ofenabling security personnel to view from acentral location images from every localoffice. The administration of a networkvideo system is simpler and less labor inten-sive than CCTV. Images are stored oncomputer hard disks employees do nothave to change and take care of video tapes.Using a network video system also makes itpossible to quickly provide emergency serv-ices agencies with photos that can help themidentity and apprehend suspected criminals.

Industrial

Manufacturing lines, industrial and pharma-ceutical processes, automation, warehouse,and stock control systems are just a few ofthe many industrial applications that

network video can monitor effectively. Thisvirtual set of eyes can greatly improveefficiency at a production plant.

Retailing

The use of network video for security andremote monitoring purposes can help keepstore owners better informed, prevent theft,and improve store management efficiency.Images from stores from various locationscan be accessed from a chains headquartersat any time over the IP network. Camerascan also be deployed quickly in stores tomonitor consumer behavior and to improvethe impact of merchandising efforts.

Advantages of Video over IP SolutionsIn comparison to legacy video monitoringsystems, IP-based video cameras can dramat-ically impact the total cost of ownershipwhile delivering enhanced features and flex-ibility. They offer the following advantages:

Lower infrastructure costsconvergednetworks use a single cable infrastructureand component equipment, typically lessexpensive than legacy CCTV systems;separate support and maintenancecontracts for dedicated coax CCTVnetwork can also be eliminated

Scalabilitychanging camera placementor adding new cameras can be accomplishedwith relative ease.

Integration with other applicationsmanyrelated technologies, such as buildingaccess control systems and biometrics,can be supported by the same networkinfrastructure

Digital storagedigitally recorded imagesare not prone to degradation, are easilystored on computer hard drives, and takeup less space than traditional and less reli-able VCR analogue magnetic tape cassettes.Digital images are easier to index, archive,search, and retrieve for fast access

Remote accessibilitycamera access canbe made available to any authorized userat any place within an organizations IP

network; in the case of a special event, awider community can be given access viathe Internet

8/9/2019 3Com-503155

4/8

3COM DEPLOYING VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

4

Installation ConsiderationsThere are several key factors that should beconsidered before implementing a videoover IP solution for surveillance cameras:

power delivery

IP addressing bandwidth

Power Delivery

The majority of networked video camerasutilize an external power supply to providethe low voltage (typically between 12 and24V DC) from the AC main supply. Giventhat the majority of cameras will be physi-cally installed in hard-to-reach places suchas ceiling corners, supplying easily accessedpower can be a significant problem.

There are innovative technologies that canaddress this issue. Of particular benefit isIEEE 802.3af Power over Ethernet (PoE),which enables a single UTP cable to supplyboth DC power and Ethernet connectivity tothe camera. If the networked camera doesnot support this type of power delivery,then small external splitters can be usedto channel the PoE-enabled connection toseparate traditional data and DC powerconnections.

There are two methods for providing Powerover Ethernet.

1. Use a PoE-enabled switch such as the3Com Switch 5500 to provide LANswitching and power over the sameconnection.

2. Use a mid-span PoE device that sits in-between an existing data-only switch andcombines the data with the provision ofDC power. For new installations, a PoEswitch provides a lower cost of acquisitionand requires less space in the wiring closet.

If PoE is the chosen power delivery method,then a single network cable is the only

connection required from the networkcamera back to the switch / mid-span PoEdevice. If there is a nearby Ethernet cablealready in place, it is possible to use smallin-wall mountable devices such as the 3ComIntellijack switch to increase the densityof ports and provide PoE forwarding. Theseswitches are powered via the PoE feed. IfPoE is not selected, then a suitable localsource of main AC power will need to beprovided for the networked cameras powersupply.

When the networked video camera is to be

connected directly to a wireless local areanetwork (WLAN), but does not have an

inbuilt WLAN capability, an external clientbridge can be used. WLAN and IP camerasare ideal for quick installation of a tempo-rary or ad-hoc video system.

IP Addressing

Network video cameras are IP devices and assuch require defined IP address properties toparticipate in the IP network. It is commonpractice for client PCs and devices to havedynamically allocated IP addresses using anetwork service such as Dynamic HostConfiguration Protocol (DHCP). A DHCPserver (or software service running on adevice within the network) allocates IPaddress properties from a pool of freeaddresses when requested by networkdevices wishing to join the IP network.DCHP servers typically supply IP addressesfor a single IP Subnet.

While DHCP is a very useful networkfeature that reduces IP administrative over-heads, it is recommended that cameras usefixed IP addresses for fast and consistentaddress accessibility. This fixed IP addresscan be manually configured within thecamera, It must be removed from the pool ofaddresses available to any DHCP server toeliminate the chance of duplicate IPaddresses appearing in the network. Wherethe DHCP server supports mapping of thecameras Ethernet MAC address to a fixed IPaddress, the DHCP server can handle the IPaddress assignment.

The majority of networked cameras can bemanaged remotely, typically with a web-based or a command line interface, using atelnet session or SNMP (Simple NetworkManagement Protocol). To preventunwanted configuration changes within thedevice, it is highly recommended that thedefault administrator password be replaced.To further boost security, the web-basedmanagement can be reconfigured with anonstandard TCP port (HTTP Default Port is

80), preventing the loading of a webbrowser session and even an administrativemanagement login. For still further safety,the cameras can be placed on a separatevirtual LAN (VLAN). A Camera VLAN canbe completely isolated from the regular usersof the network or made visible only todefined devices within the main network byusing intra-VLAN routing and AccessControl Lists (ACLs) on a Layer 3 switch orrouter (See Figure 1). And when the camerais connected to a managed PoE switch, itspossible to remotely re-set the camera orturn its power on and offgreatlyenhancing management and control.

8/9/2019 3Com-503155

5/8

5

3COM DEPLOYING VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

Bandwidth

Though the amount of bandwidth utilizedby a network camera is dynamic, it is closelyinfluenced by the image frame size, rate, andamount of image motion, as well as by thevideo compression algorithm used (e.g.MPEG or Motion JPG). The more detailedthe image and rapid the refresh rat, thegreater the bandwidth requirement.

Transmission speeds are measured in bitsper second, 8 bits making up one byte. Totransmit one byte, approximately two extrabits are needed for control. This means thatapproximately 10 bits are required totransmit one byte. Table 1 on the followingpage illustrates some possible transmissionrates.

In single-site local area network installa-

tions, technologies such as wire-speed10/100/1000 switched Ethernet can deliverthe raw bandwidth demanded by high-reso-lution, full-motion video. However, whereother critical applications co-exist on thesame network infrastructure, considerationshould be given to identifying and control-ling the differing applications and classes ofservice to ensure application performance isnot impacted by network loading.

When deploying networked video camerasacross a network supporting multiple appli-cations, it is important that the cameratraffic can be identified by the networkinfrastructure and given priority to ensuregood performance even under high networkloads. This concept of building an intelligentnetwork infrastructure to differentiatebetween applications can be achieved in twosteps:

1. Identify each packet from the networkcameras as it enters the networkconfigure the cameras to use a TCP portother than the typical defaultTCP 80(HTTP/web). A packet analysis tool canbe used to identify which TCP port numbersare currently in use. (See Figure 2)

2. Mark the packet with a priority tag.Using edge switches that support Layer 4

features, insert a Quality of Service (Q0S)tagthe IEEE 802.1P standard defineseight levels of priority. To select anappropriate level of priority, take aholistic view of all key applications usingthe network, then allocate them intodefinitions as shown in Figure 2. It issuggested that the priority for networkcamera applications be set above that ofany critical data applications, but belowvery time-sensitive application such asVoice over IP. This type of telephonyrequires predictable, rapid network

response, though not particularly muchbandwidth.

Network Cameras

Member of camera VLANs

User PCs

Member of

regular user VLAN,

unable to access

security cameras

Security Staff PC

Member of camera

VLANs, only able

to monitor

cameras

Layer 3 Switches

Provides intra-VLAN routing and access

controls to segment cameras from all but

authorized users

Management Station

Access granted to both

camera VLANs and

regular user VLAN

Edge Switches

Inserts the VLAN information into the

network packets. Sets a high priority

for all camera VLAN traffic to ensure

good response rates under high

network loads

3CR 17161-91S upe rS ta ck 4S witc h5 500 -EI28 -P ort

3CR17161-9 1S upe rSta ck 4S witc h5500 -EI2 8 -P o rt

3CR17 161 -91S upe rS ta ck 4 Switc h 5500 -E I2 8 -P o rt

3CR 17161- 91SuperSt ac k 4Swit c h5500-EI 28-P ort

3CR1 7161-9 1SuperSta c k 4Swit c h55 00-EI 2 8-P o rt

3CR17161-91Su perS tac k 4Swit c h55 00-E I2 8-P o rt

3 CR1716 1-91SuperS ta c k4Switch 5500 -E I 28 -P o rt

3 CR1716 1-9 1S upe rS ta ck4 S witch 5500 -E I28 -P ort

FIGURE 1: VLAN Segmentation

8/9/2019 3Com-503155

6/8

3COM DEPLOYING VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

6

Once these two steps have been completed,the network infrastructure can recognizeand differentiate the video camera traffic

and ensure great application response. 3Comsimplifies the defining of Class of Servicepolicies with tools such as the PrioritizeNetwork Traffic Wizard within its networkmanagement platforms. Such tools guide thenetwork administrator through five steps todefine and mark applications to be priori-tized. The tool then rolls out the qualityof service policy to the Layer 4 aware edgeswitches across the network.

Wireless LANsRadio-based WLANs are broadcast basedand do not currently have the ability to

enforce QoS. As at the time of writing theproposed IEEE 802.11e standard for WLANQoS is not expected to be ratified beforeSeptember 2005, other methods can be usedto isolate the video traffic within a WLAN.Figure 3 provides some reference data tohelp select an alternative.

In cases where there is an existing IEEE802.11b or 802.11g WLAN deployed formobile access to data applications, a separate802.11a based WLAN can be built to carrythe video camera traffic. While IEEE 802.11aWLANs are typically more expensive than

TABLE 1: Transmission Rate Projections

1 byte/s ~10 bps 1 Kbps ~1,000 bps 1 Mbps ~1,000 KbpsBandwidth (Kbps) = File size (KB) x Frame rate (fps) x 10

MAX FRAME RATE

TIME TO TRANSMIT (BASED UPON A 25 KB

TRANSMISSION TYPICAL AVAILABLE A 25 KB IMAGE IMAGE) IN FRAMES

MEDIUM TYPE BANDWIDTH (IN SECONDS) PER SECOND

Ethernet 5 Mbps 0.05 20

Fast Ethernet 50 Mbps 0.005 200

Gigabit Ethernet 500 Mbps 0.0005 2000802.11B WLAN 5.5 Mbps 0.05 20

802.11G WLAN 22 Mbps 0.01 100

802.11A WLAN 22 Mbps 0.01 100

E1 WAN 2.048 Mbps 0.15 9

T1 WAN 1.55 Mbps 0.2 6

ADSL 768 Kbps 0.3 3

Cable Modem 750 Kbps 0.3 3

ISDN BRI 128 Kbps 2 0.5

V.92 Analog Modem 45 Kbps 6 10 Frames per minute

GPRS 48 Kbps 6 10 Frames per minute

FIGURE 2: Setting Application Priorities

Video

Voice

SNMP

ERP

Email

File Transfer

MP3, GamingLower

Higher

Blocked Applications

Less than Best Effort

Best Effort

Critical Data Applications

High Bandwidth

Time Sensitive

Network Management

8/9/2019 3Com-503155

7/8

7

3COM DEPLOYING VIDEO OVER IP NETWORK CAMERAS WHITE PAPER

their 802.11b/g counterparts that operate inthe 2.4 GHz frequency range, they use a 5GHz frequency range that is normally lesscrowded with other signals and oftencapable delivering better performance (seeFigure 3). When the IEEE 802.11e WLANQoS standard is implemented, it will become

viable to deploy video cameras on 802.11gWLANs for lower implementation costs andco-existence with existing data applicationsand mobile user clients.

Wide Area NetworksFor installations that span multiple locationsconnected through a WAN, it is suggestedthat the WAN routers also be configured toprioritize the video camera traffic. Manymodern routers have the ability to under-stand the IEEE 802.1P priority tag fromwithin the Ethernet frame and map/translate

it to a Layer 3 prioritization scheme such asIPTos or DiffServ. Such a configureation willensure a high WAN priority level for videostreams from remote located camerasparticularly important since WANs typicallyrun at high levels of utilization and arecomparatively slower than LANs. Due to therelatively smaller bandwidth available acrossWAN links, multisite implementations mayrequire a choice between optimized imagequality or bandwidth usage. By enablingcameras to send only images when motion isdetected in a user-defined area of the videoframe, the amount of network bandwidthrequiredas well as the image storagerequirements of the video camera manage-ment applicationcan be dramaticallyreduced.

Internet and Virtual Private NetworksWhen cameras are located at remote sitesconnected by the Internet, it is common forthe Internet router/gateway/firewall deviceto provide a Network Translation Service(NAT). NAT enables a private IP addressingscheme in the remote LAN while presentinga single public IP address to the Internet(see Figure 4). This service disallows directconnection to the private IP address of theremote site camera(s). To address thislimitation, an organization can have itsISP allocate a Static Public IP address andconfigure the NAT service so that differentport numbers of the public IP address aremapped (assigned) to the respective IPaddresses of the cameras. For example,10.10.10.243:8080 will access the LANPrivate IP address 192.168.1.101.

To restrict direct Internet access to thecameras, a Virtual Private Network (VPN)should be established between the broad-band router/gateway and the main siteInternet router. The VPN forms an encryptedlink between the two locations on the samenetwork. When using VPNs to connect/removesites via the Internet, there is no requirementto configure NAT mapping of public/privateIP addresses and TCP ports. The one caveatto VPN use in this situation is that, ifnetworked cameras utilize IP Multicast tobroadcast video streams, the majority ofVPN protocols do not natively support

multicast applications.

FIGURE 3: Wireless Standards Overview

802.11A 802.11B 802.11G

Standard Ratified 2002 1999 2003

Radio Band 5GHz 2.4GHz 2.4GHz

Data Rates Up to 54Mbps Up to 11Mbps Up to 54Mbps

Coverage Area Up to 50 Meters Up to 100 Meters Up to 100 Meters

Pros Less potential for interference Most widely deployed system today Compatible with 802.11b Good support for multimedia apps and Extensive cl ient device support High data rates and broad coverage area

densely populated user environments

Cons Requires hardware upgrade Slower data rate Interference in 2.4GHz band Less coverage area Interference in 2.4GHz band Not compatible with 802.11b/g

8/9/2019 3Com-503155

8/8