2010 ASIS Accolades Award and 2010 Security Industry Awards WINNER!
Dedicated Micros’ ground breaking Closed IPTV solution makes deploying an IP Video, CCTV system safe, secure and simple. Combining patent-pending innovation with zeroconf networking technology, Closed IPTV automatically allocates IP addresses to IP cameras by physical port. In this way the system is completely deterministic, creating firewalls and monitoring IP connections by individual network ports so they cannot be hacked or intercepted. This ground breaking solution provides a very simple and secure answer to IP Video, meaning that no prior knowledge of IP networking is required. Sophisticated and Dependable network security can be achieved with a single click.
- Plug and play, secure, IP video product solution
- Deterministic IP camera assignment to network port
- Provides all the physical security of a traditional Closed Circuit TV system – over IP
- The essence of simplicity – just connect the cameras to the DVR or Layer 3 Enhanced CCTV Switch and the system will automatically assign IP addresses to the IP cameras
- Removes the headaches of a traditional IP CCTV installation such as configuring firewalls
- Requires no manual configuration of IP addresses
- Standard or High Definition cameras supported
- ‘Lock down’ cameras to specific network ports to ensure security
FAQs about Closed IPTV
Does Closed IPTV lock you in to proprietary protocols?
No, Closed IPTV provides increased ease of installation and security dependent on the equipment used. The Enhanced Switch functionality, combined with the DM NVR provides basic deterministic solutions which operate with any IP products, and in the majority of cases will give enhance security capabilities at either VLAN or MAC access control list level, with little user intervention. However when used with DM products significant extra advantages are enabled, with fully automated IP discovery and allocation with transparent defaults configurations and setup options. Further enhancements such as 'Trusted Endpoint' technology are only realised with DM product.
Are the security techniques of Closed IPTV proprietary, and hence unfamiliar or unwelcome to many users?
The proprietary systems utilised are firstly targeted at the physical layer, through the Enhanced layer 2/3 switch employed. This removes much of the burden of achieving in a single user operation MAC ACL and VLAN restrictions which could otherwise be implemented by a specialist installer with significant additional effort. The IP scheme is unique in that it allows a general Private Network Address range, as operated in the client's existing installation, to potentially operate concurrently with an auto configured address scheme. Once configured, it is the users choice to rely upon the DHCP/Static generated addresses, or the autoconfig addresses, or in fact both. This is implemented using dual MAC / VLAN techniques, transparently supported by the enhanced switch.
The further implementations of “Trusted Endpoint” are specifically designed to meet the unusual needs of CCTV, in that the key benefit of TCP/IP in the WWW is specifically non-deterministic, and when secure connections are required, it is typical that the client is in an insecure location, and the server protected in a secure location.
For CCTV we specifically demand that the connection to the camera is unequivocal as a physical device, with deterministic knowledge of its location, and that the 'servers', i.e. the cameras, are typically located outside the protected area, and the user is typically inside the protected area. This requires bespoke and focussed solutions, rather than the general case of the WWW.
Does the Closed IPTV technology only have a short term appeal to those afraid of IP Video?
DM believes this is not the case. Due to the reasons stated above, Closed IPTV offers ease of installation and key benefits to far more than the user just afraid of 'setting a few IP addresses'. While simple segregated IP TV solutions have been implemented, they are often open to attack compromising the video being delivered, and many of the benefits are lost from the segregation as soon as access id shared with the general network.
The solution is far more than just a simple discovery scheme as proposed by GVI or for example the Genetec Security Vault SV-3200. In the case of GVI it offers little more than a custom DHCP server, which updates system parameters when the IP address is dynamically re-allocated. It offers no other system protection – and assumes that this must be the active DHCP solution for this element of the system, regardless of the client's demands or needs to use an alternative DHCP scheme.
In particular, Closed IPTV addresses segregation of the IP system while still allowing access as required direct to the cameras, for Multicast as an example. If IP Camera systems are going to offer genuine benefits over IP Video enabled analogue solutions, this will only be achieved if the IP connectivity of the cameras themselves can be leveraged to improve ROI – otherwise the IP technology is just an alternative, and more complex, transport medium.
It is short sighted for people to claim a limited appeal for Closed IPTV until the full sophistication and advantages are fully understood.
Is the Switch custom to DM and does it support PoE?
Yes, the switch is a custom device, heavily integrated into the NVR user interface to allow the specific and key goals to be achieved in the required environment for CCTV. It supports dual address ranges and VLANS, as well as the various additional security protocols. While the maximum benefit is achieved with NetVu Connected devices from DM, it will also provide basic benefits for any IP camera, to much the same level as can typically be achieved by a number of hours of custom configuration of an 'off the shelf' layer 2 or 3 switch.
All the NetVu Connected parts are available in PoE versions, and the only unconfirmed date is the exact production scheduled build of the PoE versions of the Enhanced Switch. First production quantities of the non PoE version will be available from September, with full approval and availability of the PoE version anticipated before the end of the calendar year.
All NetVu Connected PoE capable cameras will additionally be shipped with a passive PoE injector.
Does the proprietary nature of the discovery 'lock you in', and why not just spend a few days writing scripts to achieve the same thing?
Again the base layer of Closed IPTV utilizes zeroconf as one of the more universal discovery schemes, supported by many devices, and likely to be the most popular solution under PSIA and ONVIF. It is the further deterministic solution of Closed IPTV that easily delivers the security advantages as well, which it is likely that while such script may enhance discovery, they do little for enhancing security.
The basis of all open standards is that the fundamental lower layers should be non-proprietary to achieve common ground and interoperability. It is however the enhancements at the higher layers that deliver the unique benefits and strengths of a solution, otherwise no one would be able to deliver an enhanced, bespoke solution. Closed IPTV completely fulfils those goals, and delivers them with a few key strokes, rather than days or weeks of writing custom scripts, assuming this knowledge is held.
Does DM support other IP Cameras, in particular HD cameras, and also HDcctv Alliance cameras?
DM has supported third party HD cameras for some time in many of its Hybrid DVR's – in fact the recoding capabilities allow many such cameras to exceed their baseline capabilities. For example early Mobotix cameras only supporting JPEG and a proprietary motion format can be integrated into a NetVu environment,and then allowing access in JPEG, MPEG, and even multicast.
Launched at IFSEC and ASIS was a generic SDI/HD single channel encoder, which was not listed as HDcctv Alliance as this was prior to DM endorsing the format. The DV-IP NV1 server also allows the encoding of up to four analogue or IP sources, including the recoding of HD IP cameras.
The HDcctv Alliance format NetVu Connected encoder is planned to be available at the same time as general availability of HDcctv cameras.
Does the DM NetVu Connected format only operate in a Closed IPTV environment?
While there are many benefits to the Closed IPTV environment, all the functions are a superset of the capabilities available under a generic IP environment and switches.
Elements of the zeroconf and discovery can still be utilized, although many of the deterministic and enhanced security features will be lost. Some of these capabilities in a crude and laborious form should be possible to implement in the majority of layer 2 & 3 switches, however it will also require much more extensive security validation of these techniques are applied manually. It isn't believed that a full equivalent of the “Trusted Endpoint” capability can be achieved with standard switches.
General Technology Questions
Is 'closing' IP cameras an inefficient approach to gain simplicity?
Most certainly not. It's important not to confuse 'Closed IPTV' with restrictive proprietary protocols. The usage of Closed IPTV is highly efficient, as with little installer overhead the following is achieved:
- Deterministic allocation and configuration, combined or independent of the client's wider DHCP or other addressing scheme.
- VLAN level security protocols – without the user even having to be aware that multiple and sophisticated VLANS have been implemented.
- MAC level security ACL's, again without the user even being aware of the MAC addresses of the devices used.
- Endpoint to Endpoint segregation, blocking access of any other IP camera from an unprotected endpoint.
- Full monitoring and protection against 'Man in the Middle' attacks, such as ARP storms etc, without any user configuration and intervention.
- Interoperability with other IP vendors, to the extent of the capabilities of that camera.
- “Trusted Endpoint” technology ensuring in an absolutely deterministic manner that the device connected physically to the port, and configured as a device to a specific channel is the device unaltered with no intermediate device.
- Both secure signature and optional encryption of the streams to a unique key generated when the system solution is secured, to both protect data from eavesdropping or interception and ensure that the validity and integrity of the data received can be assured.
This is all achieved by utilising the Enhanced Switch, and selecting two or three options with the 'Closed IPTV – Lock Down' menu. This is certainly not inefficient, and achieves much improved secure scenarios than many alternative environments.
How do DM claim 'Impossible to Hack' and why has it not been independently validated by such as Viper labs?
The Closed IPTV solution utilises a number of techniques, at different levels of the OSI model. Some of these techniques are easy and innovative ways of achieving known non proprietary techniques, such as VLAN limitations and MAC ACL limitations. It is however by implementing a completely custom switch, under the exclusive control of the NVR, that further and sophisticated solutions are applied, right up to application layer within the OSI model.
The Closed IPTV solution provides a highly secure environment against all known methods today. Inevitably one can expect that further techniques and methods will become apparent. This is the inevitability of always being prepared to evolve the better 'mousetrap'.
Within the DM Closed IPTV environment, such enhancements will typically be achieved by software upgrades within the switch, NVR and NetVu connected cameras. Far from all of the techniques either already applied or planned to be applied in the near future are contained within the above comments.
DM has a long history of supporting products in the field, on occasions for ten's of years, and this policy will continue – contrary to many PC based, 'software only' solutions where both the hardware and software is frequently considered 'disposable' and unsupportable after only three years or so.
The first production releases of the entry level solutions, supporting a single server and up to 32 channels will be available during September. Full enterprise class solutions supporting many hundreds of cameras, and multiple servers will be available before calendar year end.
Full disclosure has been limited initially during the filing processes for patent protection on a number of the techniques. Detailed training seminars with increased information are now being held. We anticipate being a target for hackers – and are ready to assume that challenge.
As each product becomes available DM will welcome and invite independent tests to probe the validity and security of the solution.
What capabilities of Closed IPTV are possible with 3rd. Party IP cameras?
Will not be as comprehensive as with NetVu Connected cameras, however 3rd. party IP camera support will be useful for existing installations.
Basic deterministic discovery will work, and once locked down, the switch will be secure at both MAC and VLAN. It will be less easy to lock down specifics - for example allow Multicast in a secure manner only. In particular Trusted Endpoint, full service discovery, auto defaults, and remote codec operation is bespoke to NetVu Connected.
The type of limitations are there when using third party cameras?
- Manually define capabilities, especially Camera Classes - Hi Def v. Std etc.
- No Trusted Enpoint
- Lack of access easily to specific services - e.g. Multicast, single addressing scheme only
- i.e. no dual zeroconfig and general network concurrent addressing,
- Typically limited mDNS support
- No remote codec
- Limited default parameters.
Closed IPTV Layout and Topography Related Questions
Does the 90m/100m distance of ethernet cabling still apply?
Yes but this can be extended using suitable hardware - e.g. fiber links.
Is EcoSense NVR and SD Advanced 16 cameras only?
Both are expandable to 32 cameras, using cascade port on Layer 3 Enhanced CCTV Switch. Address switch on underside of switch selects 1 to 16, 17 to 32.
Can analogue and IP cameras be mixed in a Closed IPTV system?
EcoSense NVR is IP only for up to 32 channels, SD Advanced is hybrid, supporting up to 32 channels in total, of which 16 can be analogue. SD Advanced 32 can accommodate either 32 analogue, 32 IP channels or any mix up to a total of 32 channels per server.
Encoder ICR can be used to connect up to 4 analogue or IP cameras aat a time to either solution. Inputs occupied by analogue cameras are automatically flagged as allocated on Closed IPTV inputs.
Is there a simple way of creating systems for 100 or more cameras?
It is possible to connect multiple machines (with multiple Closed IPTV sub nets) to be accessed from a single point using an HDMI capable KVM. An example configuration utilising an ATEN KVM is being documented as a Technical Note.
Alternatively Console or decoders can map them as a single linear system.
Can I map hundreds of cameras to multiple servers with Closed IPTV?
Initial launch in Q3 2010 is targeting single server solutions connected by Closed IPTV Enhanced switches for up to 32 channels. Initially larger solutions with multiple Closed IPTV networks can be implemented using a KVM as above.
Approx Q1 2011 there will be a full multiserver / up to 15 switch solution implemented. This will allow 240 endpoints on a single Closed IPTV network, and if NV1 encoders are utilised, each endpoint can support 4 cameras.
How would I use multiple Enhanced Layer 3 switches when the IP cameras were scattered over a large network with multiple patching and switching locations?
Enhanced switches can be interconnected in either a 'star', cascade or a mixed architecture. Each switch is identified by an address switch on the underside.
How would several Enhanced Layer 3 switches solution handle port one on each switch being used by a different camera?
The default camera base number is 1 + (Switch ID-1)*16, i.e. 1,17,33 etc., however there will be an advanced setup to allow the base of each switch to be set - allowing all fifteen available addresses to be used over a smaller number of cameras. (Feature release date to be confirmed, est Q4 2011).
Is it possible to traverse the Client's existing network to connect multiple Closed IPTV Enhanced Layer 3 Switches?
There are occasions where cameras are to be distributed across a large site, and it is preferred to use the existing switch and cabling infrastructure to connect. This can be acieved by creating a Layer 2 VLAN will will allow the Host / Cascade ports to be remoted over a distributed structure if required. This will also allow 'star' distribution to multiple switches. Note : Only requires unique Layer 2 VLAN defined on specific ports WITHOUT any level 3 routing or DHCP allocation. Detailed tech note to follow.
It is anticipated that this will be utilised by advanced users on Enterprise level deployments.