NVR build - question about 2nd LAN port

[AP2]

I'm building a NVR out of some spare parts and had a question about the 2nd LAN port on the motherboard.

Can I use one of the LAN ports as a DHCP server? basically I would like to attached my 8 port POE switch for my cameras to keep the traffic off my main network and use the other LAN port to connect to me main network.

Motherboard: dq77KB
CPU: i5-3570S
RAM: 8gb DDR3
OS: Server 2012 R2
Harddrive: Adata 128GB OS
Harddrive: 1tb (x2) western digital black drives
Switch: Foritnet POE switch - non managed
Cameras: Axis

 

[goodcooper]

absolutely... with IP cams these days that's the preferred method... isolates the networks nicely...
i personally use larger switches and vlans, but certainly isolating your IPcams from the internet is a noble cause...

there are a few services that it's nice to have running on that port for the cams... DHCP you could go either way on... i prefer to statically assign IPs to IP cameras... one of the few devices i do that with.... mainly because remotely if something happens with the power and your server is disconnected, when the cameras boot up, which will likely be faster than the server, you won't have a DHCP server there to hand out IPs... if you're protected on the power maybe that's not an issue... or if you've got the ability to remotely power cycle the cameras either via PoE controls or some other methods, it's not that big of a deal either... with many NVR software suites... having those IPs static is very important...

even if you don't put DHCP on that port for your cameras, consider putting an NTP server out there for your cameras to sync up with...

edit: how many cameras and what resolution and capture settings are you using? if you have more than 10 or so cams recording 1080p 30fps, those drives will likely be dead within a year or two... hard drive choice is incredibly important when building an NVR server...

 

[Cmustang87]

You can do that, for sure. I would suggest using your firewall to connect to another switch for this usage though. Do you have that capability?

Basically, create a new zone on your firewall with a subnet and firewall the traffic that way. This way you can have DNS/DHCP/IDS/IPS services on your NVR network.

 

[scottatwittenberg]

edit: how many cameras and what resolution and capture settings are you using? if you have more than 10 or so cams recording 1080p 30fps, those drives will likely be dead within a year or two... hard drive choice is incredibly important when building an NVR server...

What hard drives are you recommending? The specific surveillance ones that WD and Seagate are selling?
Do you recommend using those in a NAS that has a surveillance package such as Synology and QNAP?

I implemented a "large scale" surveillance solution a year ago. Synology Survelliane Station, Vivotek Cameras, SD cards recording motion only. Each camera records 24/7 to the Synology and motion only to local SD. 10 FPS, 1920x1080, interframe relay 2FPS, quality 2nd highest. (5 out of 6, or 4 out of 5 on Synology) They are all centrally managed by a Synology NAS as the main office. 13 Synologies so far with at least 1TB per camera in raid 5. 150 cameras in total. Some Systems had analog cameras which were converted, or other brand IP cameras which were added to the system.
It is working pretty smoothly. We have been using Synology NAS lowest grade $30 per TB drives and it is all smooth sailing for now. But the oldest system has been live for 1 year.
We also put all of the cameras on the main LAN. All sites are hub and spoke VPN to the main office. We can get to any camera or "NVR" via IP address from the main office.
I did a lot of testing and research regarding FPS, and it seems that 2-6 FPS is good for most situations, unless you are dealing with moving traffic, cash registers, and gambling tables. So I set everything to 10 FPS since hard drives are cheap.
I feel like motion only with a ton of false positives is really the way to go. It would cut down the HDD storage insanely. Storage is cheap though. Our "in house" solution has been much better and in most cases less than 1/2 the cost that the traditional 3rd party vendor solutions were quoting. Central management, backup recording to SD cards (when I randomly spot check cameras, they have 60-120 or way more days of motion recordings on the 64GB SD card).
All sites have gigabit switches and only a handful of computers. I found it funny that most IP cameras only have 10/100 NICs in them. Each camera is password protected, the "NVR" *synology" is too with a good password.
I an understand segregating traffic if you have more than 30 cameras in a single location and/or if you are high profile target. But the previous solution was, NVR with cameras plugged into the internal switch on DHCP, password for ever was 1234 or 1111. It was stupid.

How much is an Axis Camera license? I remember the big names being $200 per camera. Synology is $50 per camera which i feel is steep, but at the same time, easy and flat fee.

I just looked up Axis licenses, and it looks like it is $50-100 per camera for the base license, but they charge for extras like cross line detection, fence guard, loitering, etc. which, those features don't exist, (especially loitering) in Synology or Vivotek. however, you could create a high sensitivity area on a "line" or "fence" in the Vivotek. I used some Mobotix cameras, which are $1000 each, and they do motion tracking differently too, where motion in a direction is flagged differently.
The moral of my story here, is the Motion Detection aspect of the solution I provided had too many questions and variables. So rather than hash it out for tons of hours, we decided to record 24/7. Everything is reactive at this client. It is a company that owns buildings. So the police come in and ask for a video from a certain date and time. There is nothing that needs to send an alert when someone jumps a fence or goes out of bounds from an airplane on the runway to the terminal, or anything line that.

 

[goodcooper]

What hard drives are you recommending? The specific surveillance ones that WD and Seagate are selling?
Do you recommend using those in a NAS that has a surveillance package such as Synology and QNAP?

I implemented a "large scale" surveillance solution a year ago. Synology Survelliane Station, Vivotek Cameras, SD cards recording motion only. Each camera records 24/7 to the Synology and motion only to local SD. 10 FPS, 1920x1080, interframe relay 2FPS, quality 2nd highest. (5 out of 6, or 4 out of 5 on Synology) They are all centrally managed by a Synology NAS as the main office. 13 Synologies so far with at least 1TB per camera in raid 5. 150 cameras in total. Some Systems had analog cameras which were converted, or other brand IP cameras which were added to the system.
It is working pretty smoothly. We have been using Synology NAS lowest grade $30 per TB drives and it is all smooth sailing for now. But the oldest system has been live for 1 year.
We also put all of the cameras on the main LAN. All sites are hub and spoke VPN to the main office. We can get to any camera or "NVR" via IP address from the main office.
I did a lot of testing and research regarding FPS, and it seems that 2-6 FPS is good for most situations, unless you are dealing with moving traffic, cash registers, and gambling tables. So I set everything to 10 FPS since hard drives are cheap.
I feel like motion only with a ton of false positives is really the way to go. It would cut down the HDD storage insanely. Storage is cheap though. Our "in house" solution has been much better and in most cases less than 1/2 the cost that the traditional 3rd party vendor solutions were quoting. Central management, backup recording to SD cards (when I randomly spot check cameras, they have 60-120 or way more days of motion recordings on the 64GB SD card).
All sites have gigabit switches and only a handful of computers. I found it funny that most IP cameras only have 10/100 NICs in them. Each camera is password protected, the "NVR" *synology" is too with a good password.
I an understand segregating traffic if you have more than 30 cameras in a single location and/or if you are high profile target. But the previous solution was, NVR with cameras plugged into the internal switch on DHCP, password for ever was 1234 or 1111. It was stupid.

How much is an Axis Camera license? I remember the big names being $200 per camera. Synology is $50 per camera which i feel is steep, but at the same time, easy and flat fee.

I just looked up Axis licenses, and it looks like it is $50-100 per camera for the base license, but they charge for extras like cross line detection, fence guard, loitering, etc. which, those features don't exist, (especially loitering) in Synology or Vivotek. however, you could create a high sensitivity area on a "line" or "fence" in the Vivotek. I used some Mobotix cameras, which are $1000 each, and they do motion tracking differently too, where motion in a direction is flagged differently.
The moral of my story here, is the Motion Detection aspect of the solution I provided had too many questions and variables. So rather than hash it out for tons of hours, we decided to record 24/7. Everything is reactive at this client. It is a company that owns buildings. So the police come in and ask for a video from a certain date and time. There is nothing that needs to send an alert when someone jumps a fence or goes out of bounds from an airplane on the runway to the terminal, or anything line that.

the specific surveillance ones or a NAS drive like WD Red at the very very bottom end, having them in an array will extend their lives... your typical desktop drives are not designed for the constant workload of an IP surveillance system

personally i use WD Red Pro drives in our array'd surveillance servers... they tend to be a good place for price/reliability... if it's not those it's just our old standby enterprise drive, HGST Ultrastar....

surveillance station isn't bad... i demo'd a 2 cam system for a while on an xpenology rig... i can't complain, even though they're kind of light on features... my only issue is being tied to synology's form factors... i prefer small, rack mounted surveillance rigs... synology's rack mounted form factors are ridiculously priced for very little performance...

10-15fps is more than anyone really needs... this is generally where our cams end up... i think i have a few of our 1500 or so line cams recording at 8.5fps or something.... we run full recording during work hours and motion off hours... it really is a huge chore dialing the motion in real well, i generally only take the time where there is some obvious issues like a camera facing a main road... i'll block those sorts of things out, otherwise, nobody really has time for that... due to increased need for monitoring and more eyes working to make our sytems better, i've been trying to hire another person to actually have working on this system almost full time..., it's a ton of work

SD backup storage is great, if your cameras support them it's not a bad idea, sd cards are cheap... but again, it's something you have to monitor to make sure they're working... we personally don't use them, but it's not a bad idea... i don't think having IP cams on the main lan is a good idea... IP cams are notoriously insecure, and are severely targeted by malware... they're usually easily owned, i wouldn't expose them to the internet, or any desktop lan.... that said, i have plenty of less than ideal setups at the moment, so i can't blame anyone.. but any new setup moving forward is segmented out to the best of our ability... sometimes the equipment just isn't available to secure it the best it can be secured...

the idea is only a management network will be able to access the cams, fw blocks all other traffic... the surv either has vlan split up on the server net and the cam net, kind of like OP.... or... like most of mine... just have the server on the cam net and pinhole that one server IP in the fw so the users can get to their NVR... most of our rigs are bluecherry, although after demoing the most recent Ubiquiti cam solution, we may start to move back that direction.... hard drives may be cheap but when you're trying to keep 30 days of 40 1080p cams, the servers and the enterprise drives can drive your costs up considerably.... the ubnt solution is INCREDIBLY space efficient... camera offload means you could probably put 100s of cams on a single i3 or lowest grade xeon rig... our test system right now i believe has 14 TB on it and > 3 months of footage... way over kill... that's with 8 cams... as it is right now if we re-do our largest site, it'll get a ubnt solution... they've certainly come a long way, and the audio recording seems to work flawlessly, which is an incredibly popular feature... the users want and need a reliable video and audio solution, and although i'm never too keen on locking into an ecosystem, if there's anyone to lock into, ubnt is the least painful...

they're finally starting to come out with some decent cams, too..

 

[Red Squirrel]

I don't think spindle drives really fail based on wear like SSDs, should be fine with consumer drives. Use raid though with hot swap bays and make sure they get good cooling. If anything kills them due to the heavy load, it will be the heat. An NVR won't be any worse of a load than say, a VM environment.

Been toying with this for years myself, what's a good NVR software now days? I really want to go Linux because of mdadm raid, but worse case I'd setup the storage as an iSCSI enclosure then the NVR can just be a windows VM that maps the enclosure directly.

 

[goodcooper]

I don't think spindle drives really fail based on wear like SSDs, should be fine with consumer drives. Use raid though with hot swap bays and make sure they get good cooling. If anything kills them due to the heavy load, it will be the heat. An NVR won't be any worse of a load than say, a VM environment.

Been toying with this for years myself, what's a good NVR software now days? I really want to go Linux because of mdadm raid, but worse case I'd setup the storage as an iSCSI enclosure then the NVR can just be a windows VM that maps the enclosure directly.

definitely not true... look up the metric "WRL" workload rate limit, and "MTBF" mean time between failure... when choosing a surveillance server hard disk...

you'll find the enterprise drives have 10x the WRL/MTBF as the desktop drives...

i learned this over the course of years of experience.... over the years i've had drive failures of different types of drives line up almost perfectly with the WRL rates of the different drives.. (not the actual hours or GB/year, but lower WRL/MTBF drives always dying first, higher WRL/MTBF drives dying last... well, actually we've not had any enterprise grade drives fail yet... maybe in another 5-10 years)... this would account for probably over 90% of drive failures on our surveillance systems... i put a bunch of cheap desktop 3TB drives out during a rollout wave during the whole hard disk drive shortage craze when the prices were nuts... knowing full well i'd probably have to replace them in a few years.... and what do you know, after getting hammered 24/7/365 they finally died a few years later... i was losing 1 or 2 a month for a year or two straight... finally got caught up on work and just started replacing them preemptively.... they were dying with almost an exact correlation between how many cams and how high res they were... the lowest res fewest cam systems died last... which points to them being run way beyond their workload rate limit for just too long...

sadly nobody is making a really good surveillance platform for linux... 90% of the enterprise solutions are windows... we're using bluecherry because at the time their interface cards gave us all we needed to do for interfacing with older analog cams, but now that we're moving past analog or even hybrid surveillance servers, pure NVR solutions have a lot more options... i've got 1 server out there with the latest iteration of ubnt unifi video, about 10 cams, and so far so good, there have been a few hiccups but on the whole the features are fantastic and the stability is rising with every release.... it seems ready for production to me... and they finally have some decent cameras to choose from

we're also using mdadm in most locations... i have one ubuntu 16 system i have that we're testing ZFS on...