Flussonic Agent - firmware for cameras

    The organization of cloud-based video surveillance is a lot of technical nuances that need to be addressed immediately: camera visibility due to NAT, camera activation and identification, encryption and automatic provisioning. When connected, the camera should automatically become part of the IT infrastructure of the operator. Plus, communication with the subscriber should be provided. Flussonic Agent solves these problems.

    image

    In the previous article, we talked about one of the applications of Flussonic Watcher and briefly about why the Flussonic Agent is needed. And even earlier, about how an agent can solve security problems when transmitting a video stream . And everywhere we answered the questions “Why?”, But very briefly touched on the question “How?”.
    As we already wrote, the main problem when launching a large video surveillance network is setting up camera visibility from the Internet. To solve it, there are three classic schemes:

    1. Install proxy servers OpenVPN.
    2. Manual port forwarding.
    3. Assign white IP addresses for each camera.

    Openvpn


    A common and easiest way is to set up an OpenVPN tunnel. It is chosen primarily because for most cheap cameras the firmware is built using buildroot, and it already has OpenVPN and it turns on easily.

    The connection certificate and the address of the OpenVPN server are registered on the camera. Then the streaming server in the cloud sees the camera through the OpenVPN server and takes the video from it. However, OpenVPN requires another server nearby, doubling your server costs.

    Managing the server to which the camera will come is located on the device itself. Quickly adding a new server instead of a burned one and sending the camera to it will not work - you need to change the DNS. And on the way between your DNS server and the camera, a convenient foreign DNS server caching for a day will surely appear, which will carefully substitute the old OpenVPN server address.

    In addition, OpenVPN requires more resources due to the fact that it does more than is necessary for this task. A full-fledged tunnel is organized that passes traffic through the linux kernel. In the case of the Flussonic Agent and Flussonic Media Server, this does not happen - all traffic comes and remains in one process. With gigabyte of incoming video, this is very noticeable.

    Manual port forwarding


    Port Forwarding - port forwarding or manual port forwarding - allows you to access the IP camera located on the internal network behind a router using NAT from the Internet. Access is provided by redirecting the traffic of certain ports from the external address of the router to the address of the selected device on the local network. The disadvantages of manual port forwarding are:

    1. Setting up each router and each camera is very complicated and takes a prohibitively long time.
    2. Anyone can enter the open port. That is, there is a clear security hole in the face.
    3. All traffic load falls on the distributing camera and the distributing channel, and they will fall already on the third client.
    4. By RTSP, the camera will give out a crumbling picture.

    Assigning White IP Addresses


    Buying “white” IP addresses for each IP camera solves the access problem due to NAT, but it can only be an adequate solution if you do not have a very large number of cameras. Otherwise, the organization of video surveillance will simply become a disadvantageous enterprise.

    Flussonic agent


    Each of these schemes has advantages and disadvantages. Two factors unite them: applicability only to a small video surveillance network and the inability to organize Plug-n-play mode for the subscriber and process automation for service administrators. Flussonic Agent just closes these problems, allowing our customers to simplify the launch of the service. The program is installed on all cameras, transfers the necessary information for activation and communication of the camera with the user to billing or directly to Flussonic Watcher and starts to send video to the operator’s streaming server.

    As with the OpenVPN server, the agent has a DNS binding, but still it is much easier to provide a failover for a small virtual machine that runs only a web interface and a management server than a failover of a heavily loaded server with a thick channel.

    What cameras does the Flussonic Agent work with?


    We can run Flussonic Agent on almost all Linux cameras. An important point - we need the original firmware of the device. At the moment, agent installation on street cameras based on HiSilicon, TI DaVinchi and MIPS dd-wrt based routers has been tested.

    How Flussonic Agent Works


    The most interesting. The firmware we prepared with the agent is installed by the vendor at the factory or flashed by the operator themselves. After the camera with the installed firmware reaches the client and is first launched, the following working scheme is implemented:

    1. When the camera is connected to the network and connected to the Internet, the Flussonic Agent is launched.

    2. The agent connects to the server with Flussonic Media Server , on which Flussonic Watcher is installed , and reports that it is ready to transmit video. This server is the managing server and is called in the terminology of the agent: endpoint . Here the camera receives control information, logs in, and passes through connection upgrade to our own protocol.

    3. If the Flussonic Watcher recognizes the agent (mutual verification of the password occurs), then it passes the agent information about one of the running Flussonic Media Servers to which the video traffic will go. Such Flussonic Media Server is called streampoint in agent terminology . Also, endpoint can send a command to quickly switch to another streampoint in order to work out the situation with the exit from one of the streamers in the Flussonic Media Server cluster.

    4. After connecting to the Flussonic Media Server, the agent waits for a command to open the connection. It looks like an SSH tunnel. When the Flussonic Media Server decides to pick up the video from the camera, it asks the agent to establish a TCP tunnel. This tunnel can transmit both video from RTSP and screenshots from the camera.

    The Flussonic Agent also implements the ability to switch between the main and backup management server (endpoint) and the streaming servers Flussonic Media Server.

    Video Delivery Security


    In addition to the main task, it was important for us to protect the cameras from hacking and the video stream from interception. Most Chinese devices are very poorly protected even from the simplest backdoors. Flussonic Agent is able to encrypt the video stream using TLS encryption, eliminating any penetration of third parties into the data transfer process.

    Thailand Flussonic Agent Case Study


    To understand the principles of operation of the Flussonic Agent and the advantages of its implementation, it is worth considering an example of implementation. We were approached by a client who bought Flussonic Media Server so that users from the office could look at the sunny beaches of Thailand, be impressed, and then run away to buy tickets. The development of working with cameras led him to provide OTT VSaaS services. This means that the client takes the video from the cameras that are installed in restaurants, cafes and other public places of Thailand, and gives access to the video both in the recording and in the live broadcast.

    But in Thailand there are two global problems with the Internet:

    1. Expensive external Internet: from $ 80 per month per megabit. If the video from the cameras goes abroad of Thailand, then this can automatically add a lot of money to the monthly check.
    2. Internet quality. Back in 2011, in Thailand there were ads saying "high speed 1 mbit." Now the situation is better, but still a 4-megabyte stream from the camera from the restaurant calls into question the provision of Wi-Fi to visitors, which is very important in this country.

    Of course, video surveillance in restaurants can also be provided using an ordinary Chinese registrar with the p2p cloud application , but this approach has many disadvantages:

    1. The registrar requires an external IP address. In Thailand, such a service costs from $ 30 to $ 60 per month.
    2. The registrar gives out the video as many times as the number of customers arrives. Given the above problems with the Internet, giving a video to more than a couple of customers is already a problem
    3. The registrar will most likely require the configuration of port forwarding on the router, and in the light of Mirai it is also possible to communicate with the provider about unlocking the necessary ports.
    4. If you take video on RTSP from Chinese equipment, then you are almost guaranteed to run into a bug which is not there .

    Our client offers a service that solves these problems. In Thailand, Flussonic Watcher was installed on a rented server, and a copy of the software package was registered with us so that you can log in via the mobile application. To solve the above problems, our agent is installed on the cameras, with which the camera turns into a full Plug And Play: brought, hung, turned on - video on the site.

    To ensure this level of service, we worked a lot with the client, up to tips on which cameras to buy and from which manufacturers. It was also important for us that all cameras be XM firms. This is a very common noname brand that makes devices of fairly decent quality and at the same time very inexpensive. Hikvision, of course, is better than XM, but also more expensive.

    Camera manufacturers sent slightly different devices, but we were ready for this and prepared several firmware. They were designed so that the cameras immediately went to the desired copies of Flussonic Media Server. The client independently installed the firmware on the cameras and launched the service. A couple of points we had to fix already remotely on the installed cameras due to problems caused by the very specific Internet in Thailand, but they were easily fixed.

    Total


    As you can see, the Flussonic Agent can greatly simplify the launch of video surveillance, bypassing both internal technical problems and external problems associated with the Internet in this geographic region. In future articles, we will talk about how Flussonic Watcher integrates with operator billing.

    Also popular now: