Best strategy for remote access?

[cosmo]

I am looking for guidance on the appropriate configuration of a surveillance system that will only be accessed remotely.

I can make a trip out to install it, but after than, I will always be remote. And I do mean remote, as in the other side of the planet.

A word on bandwidth. From the remote end (here), I will have good cable performance. At the site, not so good. DSL with 5Mbps download, 0.3Mbps upload (Hoping to be 1Mbps eventually).

Goals: On one camera, immediate notification when vehicles come down a driveway. On all cameras, be able scan a timeline of when motion is detected and review footage, even if it's only stills, so long as they are high quality.

It will be a 4 camera system. I already bought a HikVision 3mp camera and NVR to learn the ropes. I'm finding that the software, between what's on the camera, the NVR, PC based, web and mobile based, is a dog's breakfast. There are major functional differences and gaps.

The main problem I am having is that the simple approach of connecting the cameras to the NVR with PoE and using web access for remote control is very limited. It doesn't help that my PC is a Linux box and the HikVision software (Both application and web based) is incompatible, so I have to run a Windows box in a VM for any kind of remote access, which works, but it is pretty crappy and there are crippling limitations for motion detection through web access.

I thought this should be doable, but so far, remote access for configuration of the cameras and NVR is not working out.

I am now contemplating putting a headless Windows PC beside the NVR and VPN'ing in to the PC. Or running Blue Iris. And maybe not connecting the cameras through the NVR, but to the router for more fine grained control, if that becomes a necessity.

Whatever the solution, once it's set up, it has to be reliable, because it's a heck of a long way to go for a reboot.

 

[SquareEyes]

Remote systems are something I do a few time a year. Yes the other side of the planet remote.

I have a few questions that may need to be considered.

1) Do you have someone available at remote location who is capable of swapping out hardware should a fault develop? I usually buy 3 sets of identical hardware, 1 installed and 2 backups. The most important devices the environment I deal with are UPS, modem and then routers. Actually the DSL splitters are the most common point of failure in lightning prone areas. Having identical hardware with synchronised software makes remote trouble shooting much more easy.

2) Hardware watchdogs. It is important to test all hardware for it's ability to restart itself back to a working state without intervention. The 2 most critical components are the modem and router, then comes the cameras themselves. UPS, switches and other networking infrastructure is fairly resilient.

3) Is CCTV the best solution? CCTV is a nice high tech solution but not necessarily the best. Can other technologies such a "traditional" alarm systems, GPS vehicle trackers or a security guard do the job cheaper and more reliably? (In many parts of the world a reliable manned security contract costs very little).

I don't know what kind of response my input will recieve, so will keep it brief.

Like the old Yiddish proverb says: Make not a fence more expensive or more important than the thing that is fenced.

 

[cosmo]

Do you have someone available at remote location who is capable of swapping out hardware should a fault develop?

Yes. A friend with good diagnostic skills and access lives 90 minutes away.

The property has a security service that could come and reboot systems if required. They actually install NVR / cameras systems but I found their quote expensive.

You make good points and things that I am considering.

 

[cosmo]

BTW, we loose power frequently at the site. Probably once a fortnight. Sometimes momentarily. Sometimes for hours. Usually weather related. So yes, that would all need to be tested and verified.

 

[nayr]

0.3Mbps upload is not going to be usable for remote video, the best this is going to give you is jpeg snapshots... D1 Substreams need at least 1Mbit for pretty low bitrate.. any lower and quality just goes away.

Does your NVR have any AlarmIO? With this environment making remote viewing and playback of footage is going to be hard; I would urge the use of physical security sensors to trigger recordings and alerts (real motion sensors designed for outdoor use, or a tripwire people runover when coming into driveway).. this way you dont get a buttload of false alarms.. and can likely squeeze months of activity onto a reasonable sized storage system.

Make it so your friend/security company has the ability to retrieve/review footage too.. they might be the only ones who can go through a few hours of recordings to find when you got robbed.. or at least the'll be able to do it quicker than you could over a meager 300Kbps connection.

I would suggest you get a Managed PoE switch, these come with features that will let you power cycle your cameras remotely.. and they have port watchdogs you can setup, the'll ping the camera and if it goes down it'll restart it... much better than using auto-reboot/auto-maintain feature on cameras.. if your smart you could even use a PoE to 12VDC splitter (like this: http://www.amazon.com/EdisLEGIANT-Ethernet-Splitter-Adapter-Cameras/dp/B0146LFMZG/) and hack it to power your Modem/Router, heck even your NVR and then use the switches watchdog feature to restart your internet or NVR when they go down.

Another option is what's called a Managed or Metered PDU (Power Distribution Unit), think network connected power strip.. this will show you how much power each port is using and you can turn on/off ports remotely, not all have watchdogs so make sure you check it does (same goes for managed poe switch)... cheap example on ebay: http://www.ebay.com/itm/Metered-Rack-PDU-AP7832-120V-24Amp-2-Bank-24-Outlets-0U-Power-Ethernet-/262358294247

 

[cosmo]

I agree that the best way to detect motion is a physical sensor. I was hoping to avoid the plumbing effort, hence the consideration of line crossing, which I have still yet to get working properly. The driveway is a good 150 feet from where the NVR would be located. I am already faced with a significant effort to lift the roof to get Cat6 in conduit to where I had planned to put the entrance camera. A sensor would add to this. But yes, very few false positives and negatives that way.

I don't understand a lot about switches and how they can be controlled remotely, but I see the value in it. I'm assuming that so long as the DSL modem and router comes back online, that I would establish a VPN connection into the router, then connect through to the switch and tell it to reset various things that weren't working.

I'm not quite sure about your comment on using the splitter to power the modem/router. If the modem is the internet point of entry, how can I control anything before that to control the modem?

As you can see, in the networking world, I am out of my league, but learning. Software is more my thing.

I am wondering that even if the system was robust with the physical sensors and Ethernet switches, still how I would remotely be able to scan the NVR's recording for motion events if I have continuous recording. It seems like a HikVision limitation.

 

[nayr]

Managed PoE switches, like the one I have.. have a feature called 'Watchdog', you put in the IP address of the device plugged into that port, configure some timing settings and the switch will monitor that device via a continuos ping.

So for your modem you put in an internet IP like google's dns 8.8.8.8, and if that address becomes unreachable the switch will cut the power to your modem for a few moments after a set timeout in an attempt to hard-reset the device.. this is all possible because the switch provides power to the device on the other end, so it can cycle power to it automagically..

if a camera stops responding to a ping, reset it.. if the internet stops responding to ping, reset the cable modem.. Watchdog devices really help keep remote networks up and running through the worst of it.

You do have to be EXTREMELY cautious about doing firmware upgrades however, because if you dont disable the watchdogs completely it could yank the power right in the middle of a reflash, and result in a brick.. if you dont set tight timeout loops you can avoid this problem, so dont try pulling the power until like 10mins of no response.. any updates would have been completed by then, well should have.. if you do update anything, time it and see how long it takes.. then set your watchdog timeout to twice that at minimum.

 

[cosmo]

Ahhh. I get it. Thanks for the explanation. Makes perfect sense.

I did some searching for managed switches but only came up with serious looking commercial hardware. Do they go by another name in the consumer grade category? Do you happen do know of a model that might suit?

 

[nayr]

look on ebay for used gear, everyone is upgrading to GigE and PoE+ in the datacenter for 802.11AC WiFi and they are pulling these great units out and offloading them for cheap.. they spent there entire life in a climate controlled environment, with the cleanest power you can get.. they are designed for maximum reliability and live for decades in service without giving you grief.

http://www.ebay.com/itm/3COM-3CDSG10PWR-HP-V1905-10G-PoE-JD864A-10-Port-PoE-Managed-Gigabit-Switch-/252330685035

Your going to want to download the manuals and make sure it has the watchdog feature you want, it could be called something else.. system monitor, port watcher, etc.

this is a commercial feature, its going to take commercial hardware to get it.. and thats a good thing when you need a network that will run its self from a few thousand miles away.

 

[Stealth22]

Ahhh. I get it. Thanks for the explanation. Makes perfect sense.

I did some searching for managed switches but only came up with serious looking commercial hardware. Do they go by another name in the consumer grade category? Do you happen do know of a model that might suit?

Consumer grade switches are known as "unmanaged" switches. They simply let network traffic flow, and they lack the features of a managed switch.

Managed switches are, indeed, enterprise grade hardware. I am not a network engineer, so @nayr could give you more information than I could on managed switches, and suggest a model. However, managed switches are quite expensive, as they are meant for business use. Just as an example, a managed switch with 24 ports (non-POE) runs in the neighbourhood of $1500.

That being said, however, you can find a lot of used managed switches on eBay for a good price. They are made with much higher quality materials than your average consumer switch, and are built to last. A coworker of mine recently bought an HP 2810 (24 ports, non POE) off eBay for about $150, I think. If you live in the States, you'll likely find them for cheaper than that...us Canadians get hosed on shipping charges.

​EDIT: Nayr beat me to it, lol!

 

[nayr]

hah, nothing wrong with used carrier grade network gear.. my entire basement is full of second hand datacenter gear that I get dibs on before they go to recyclers any time I upgrade a server room.. its one of the perks of doing all that manual labor.

2 48U Cabinets - Used & Free
2 30A 3000VA UPS's - Used & Free
2 30A APC PDU's - Used & Free
1 48P GigE Managed Switch - Used & Free
1 24p Managed 10/100 PoE Switch w/GigE uplink - Used & Free
60A Linear 12VDC Power Supply - Used & Free
More patch panels than i'd ever need - Used & Free

Id you have a local tech recycling facility, go check it out.. the'll give it to you at a much better deal than shipping it on ebay.. most of the cost is in testing/packaging/shipping.

these switches do suck up a bit of power compared to the consumer counterparts, that I do admit.. its a hidden tax.

 

[cosmo]

Id you have a local tech recycling facility, go check it out

Shouldn't be hard as I live in Silicon Valley, 2 miles from Apple. I see companies here that can't get rid of stuff fast enough. Craigslist is full of it.

 

[nayr]

yeah you should be able to find what you need for little more than a song and a dance, even if your not all that attractive

 

[cosmo]

hehe

here's a quick local scan of craigslist for "managed switch"

HP A3100-8 DC EI Managed Ethernet Switch $200
HP Procurve 2524 24 Port 10/100 Switch $249
NetGear FS726TP 24-Ports External Switch $300
NetGear ProSafe (GS716T-200NAS) 16-Port External Switch $80
Dell PowerConnect 2716 16-port Gigabit managed switch $60
EMC CX3 Clarrion, HP C3000 with 3 blades, 1GB switch $350
Cisco 3548XL 48-Port 10/100 Managed Switch (2x Gigabit module bays, don't have modules, they are cheap though, used, $20)
BayStack 5510-48T 48-Port Gigabit Managed Switch (easy to use Web UI, used, $45



I have no idea what I'm looking at, but that's a sample.

Research, research...

 

[nayr]

http://www.ebay.com/itm/PINGBROTHER-MOBILROUTER-EPIW104P-120W-POE-SWITCH-4-PORTS-30W-POE-IN-OUT-/121934845466?

 

[cosmo]

Nice device. Cheap insurance. This is all stuff I had no idea about when I set out to do remote monitoring.

Any robust remote system is going to need this sort of stuff. But I do need to first come up with an approach where I can reliably be informed of contractors attending and leaving the property (One requirement - they come multiple times a week for gardening, home services etc.) and how I can actually view what happened, even if it is just JPEGs. Bandwidth is the issue. It's a challenge. Without that problem solved, even a robust system isn't much good to me.

Thanks for the education on switches. More reading for me...

Currently testing HikVision line crossing at night. Patchy. Not reliable on the first shot. Might need some tuning.

 

[Jack B Nimble]

Nayr I need more POE ports is this one ok ?

http://www.ebay.ca/itm/Cisco-Catalyst-Express-500-WS-CE500-24PC-24-Port-POE-Network-Switch-w-Ears-QTY-/272173737975?hash=item3f5ed1a7f7:g:H1EAAOSwv9hW6daJ

 

[jasauders]

if a camera stops responding to a ping, reset it.. if the internet stops responding to ping, reset the cable modem.. Watchdog devices really help keep remote networks up and running through the worst of it.

Hi there, nayr. I'm curious if you'd be able to elaborate on this particular point. Given the nature of POE devices and a continual ping to watch those devices, it makes sense how a managed switch would bounce network ports automatically to effectively reboot POE cameras, as they receive both data + power on that network port.

But how does a modem interface with an auto-reboot? Unless the modem is somehow powered by POE from the same switch I wasn't able to draw up a conclusion (disclaimer: coffee mug is still quite full yet)

Or were you suggesting a particular modem type with its own level of watchdog-like features? (as an entirely independent feature to run parallel with the managed switch watching the POE cameras)

(sorry to interject my question here, though given its relevance I figured it may help in the gear purchasing/decision making process for those involved)

 

[ruppmeister]

Hi there, nayr. I'm curious if you'd be able to elaborate on this particular point. Given the nature of POE devices and a continual ping to watch those devices, it makes sense how a managed switch would bounce network ports automatically to effectively reboot POE cameras, as they receive both data + power on that network port.

But how does a modem interface with an auto-reboot? Unless the modem is somehow powered by POE from the same switch I wasn't able to draw up a conclusion (disclaimer: coffee mug is still quite full yet)

Or were you suggesting a particular modem type with its own level of watchdog-like features? (as an entirely independent feature to run parallel with the managed switch watching the POE cameras)

(sorry to interject my question here, though given its relevance I figured it may help in the gear purchasing/decision making process for those involved)

@nayr is suggesting that if you use the PoE switch port with Watchdog features to power the modem, if the Watchdog isn't able to reach www.google.com or something else always available on the Internet that you could safely assume your modem was no longer connected to the Internet and may need to be auto rebooted using the managed switch port with the PoE.

 

[SquareEyes]

I do need to first come up with an approach where I can reliably be informed of contractors attending and leaving the property (

A way that has proven itself reliable on this island, is to give contractors access to a wireless network on site. Don't have to give them too much bandwidth, just better than they can get from a 3G or 4G connection. Then sit back and monitor the logs for connected clients.

There are other ways too, just use imagination.