IP Networking for PhysicalSecurity - Cisco

7/27/2019 IP Networking for PhysicalSecurity - Cisco

1/74

2007 Cisco Systems, Inc. All rights reserved.Presentation_ID 1

Bob Beliles ([email protected])Sr. Manager, Physical SecurityMarket Management

October 29, 2007

Introduction to IPNetworking for

Physical SecurityProfessionals


2/74

2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2

Convergence Today and TomorrowFrom Proprietary to Open, an IP Systems Approach

Todays Buildings Disparate Building Networks Proprietary and Redundant Sub-Optimal Information Usage

A Shared Vision Interoperable Efficient and Scalable Multi-use Systems Information Maximized ROI and Lower TCO

IP Communications

Fire

Physical

Security

Lighting

VisitorAccess

Elevator

24 / 7Monitor

Energy HVAC

WAN


3/74


Building automation systems typically operate

independent of one another and suffer from an

inherent lack of functionality, which significantly limits

the companys ability to optimize facilitiesmanagement.

ARC Advisory Group, Building Automation Systems

Worldwide Outlook, 2002

Industry InsightOperational Pain and Cost

It is estimated that approximately 30% of a

building's life cycle cost is lost due to redundant

information and processes that could be avoided

by improved collaboration and data management.

SOURCE: International Alliance of Interoperability

www.iai-na.org


4/74


PainLimited Accessibility, MobilityDelay Incident Response & Resolution, Unrealized Value

Central station access only Little to No remote access No on-scene collaborative

access

Investigation delays Locate tape in archive Ship from remote location

Review hours of video

Multiple uses for video Customer satisfaction Trend analysis

Process control


5/74


1st Gen

Netwo rk Conso l idation

Network Evolution Convergence WavesStandalone to Strategic & Interoperable

FAX

2nd Gen

FAX

3rd Gen

IP-PBX

Emerging

IP-PBX


6/74


Convergence Enablers

High performance, low cost processing and storage Cheaper and more powerful CPUs and DSPs Decreasing $ / storage byte

IP gateways (encoders and decoders)

A to D and D to A functions CODEC algorithms enhance transmission efficiency

Industry Standards, such as IEEE Common format for information Enable Interoperable platforms

Open APIs enhance flexibility and enable customization Spawn new uses Support 3rd Party software integration

IP networks Ubiquitous infrastructure

High degree of reliability, scalability, accessibility, and security


7/74 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7

A Couple of Key Definitions

NetworkingVarious devices communicate and share information over a

common infrastructure using a common set of

communications rules (protocols) and a common format forinformation exchange

InternetworkingVarious devices on one network communicate with devices on

another, possibly dissimilar network



A Few more of Key Definitions

ProtocolA set of rules relating to the format and timing of data

transmission between two devices.

Protocol stack

A collection of modules of software that together allow aprotocol to work.

LayerOne level of a stack. Each layer solves a set of problems

involving the transmission of data, and provides a well-definedservice to the higher layers.



Driving ForcesStandardization and Interoperability

For:Computer Communications

Why?Users: Non-proprietary, vendor-independent solutions

Vendors: More marketable products for a larger market opportunity

How?

Seven layer model defining key functions of each layer and howeach layer communicates with the layer above and below it

International Organization for Standardization (ISO)



Open Systems Interconnect (OSI) ModelRules/Layers for Interoperability

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer Physical media specifications,electrical range values

Information (frame) transmissionformat rules and error correction

Logical address to physical address,translation, specifies route

Reliable transmission of hostmessages, segmentation / re-assembly

Establishes / terminatescommunication processes betweenhosts

Data format (presented) / syntax to beused between hosts

User Interface What the Userinteracts with

Host

P

rocesses

KeyFocusfor

NetworkMana

gers



Peer to Peer CommunicationsEach Layer Communicates with its Counterpart

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

HostDevice A

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

HostDevice B



Transforming Messages to Data CommunicationsMessage Encapsulation

Data = Payload

PayloadApp Hdr

AH +PPres Hdr

PH + AH +PSess Hdr

SH + PH + AH + PTransp Hdr

TH + SH + PH + AH + PNetw Hdr

NH +TH + SH + PH + AH + PFr Adr Cntrl FCS Fr

Bits = DLH/F +NH +TH + SH + PH + AH + P

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Each layer pre-pends header /footers to the payload(encapsulates the data

message)



Upper-Layer Data

De-Encapsulating Data

IP + TCP + Upper-Layer Data

TCP+ Upper-Layer Data

Upper-Layer Data

0101110101001000010

Transport

Data-Link

Physical

Network

Presentation

Application

Session

Upon receipt, the

host removes theheader / footers todistill the actual

data forapplication usage



Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Example: Host Communications via layer 1(physical layer) Network HubData is Wrapped per Rules, Transmitted, Unwrapped

HostDevice A

HostDevice B

Physical

Layer

Repeater / HubNetworkDevice

Physical

Layer



Switched (Bridged) Host CommunicationsConnected with a Layer 2 (Data Link) Network Device

HostDevice A

HostDevice B

DataLink

PhysicalLayer

Bridge / SwitchNetwork

Device

PhysicalLayer

DataLink

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer



Routed Host CommunicationsConnected Via Layer 3 (Network Layer) Device

HostDevice A

HostDevice B

NetworkLayer

DataLink

PhysicalLayer

RouterNetworkDevice

PhysicalLayer

DataLink

NetworkLayer

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer



Tunneling Protocols

What?

Encapsulates non-switchable / non-routable information with a switch-ablelayer 2 header and/or routable layer 3 header such that it can betransported across a data network

Uses the network as a wire Why?

Preserves information format / signaling that would otherwise not besuccessfully transmitted across the network

Allows logical segmentation of information sharing a common physicalinfrastructure

Examples: Layer 2 Tunneling Protocol (L2TP), Point to Point Tunneling Protocol

(PPTP), Layer 2 Forwarding (L2F) Generic Route Encapsulation (GRE),Virtual Private Networks (VPN)



Networking Fundamentals3 Key Types of Network Topologies

Buses

Rings

Stars



A Closer look at a LANEthernet Basics

Ethernet: A bus (data-link layer, aka layer 2)oriented topology

Ethernet is typically deployed as a star using a

Switch

Hub/Switch: a device that allows a bus topologyto be deployed as a Star Network



Networked Host CommunicationEach Device Must have its own address

Where is PC 2?

PC 2PC 1

Network

PC 3

I am not PC 2



DataSource Address FCSLengthDestination Address

Variable266 4

0000.0C xx.xxxx

VendorAssigned

IEEE Assigned

MAC Layer802.3

Data-Link Layer (Layer 2) AddressesUnique ID / (Physical) Address for Each Device

Preamble

Ethernet IIuses Type

here anddoes not use802.2.

Physical Device or

MAC Address

8Number of Bytes

Def: Media Access Control

aSub-la er in Data Link La er



2 Key ways to communicate across a networkUnicasting and Broadcasting

Unicast Communication

Message

only to PC

2

PC1

Network

PC3

Broadcast Communication

Message

to all

PC2PC1

Network

PC3

PC2

1 to 1 communication 1 to all communication



Broadcast in ActionLocating A Given Host is on the Network / Sub-Net

ffffff

MAC DA

Layer 2Layer 3

Payload

Broadcast Frame

Network

Send Broadcast

to Everyone

PC 1 learns new addresses by broadcasting a message to every

host on the network

It uses a special destination address (all fs) to signify broadcast, it

will wait for a response to learn PC 2s layer 2 address, if it is

attached to this network segment or sub-net

PC 1

Where is PC

2?



Communicating on a Shared MediumMust Control Broadcast and Collision Domains

Hello PC 2

PC 2PC 1

Network

PC 3

Did someone say

hello?

Hello PC 2?


25/74


The Problem with Hubs:One Collision Domain

More end stations meansmore collisions.

CSMA/CD is used.


26/74


Collision Avoidance802.3 Ethernet- CSMA/CD

Ready to

transmit

Transmit data &

sense channel

(4)

Transmit

Jam Signal

(5)

Wait according to

backoff strategy

(6)

Sense

Channel

(1)

New attempt

Channel free

for IFG (9.6us)(2)

Channel busy

(3)

Collision detected

Wait according to a random Binary

Exponential Backoff (BEB)

algorthm,

& then try again. After 16

consecutive collisions,give up and

discard the frame


27/74


Collision AvoidanceFull Duplex - Enabled in Switches

Half Duplex One station transmits, other listens.

While transmitting, you do not receive, as no one else istransmitting.

Full Duplex (standardized in 802.3x) Transmit and receive at the same time.

Transmit on the transmit pair, and receive on the receivepairs.

No collision detection, backoff, retry, etc

No CS, no MA, no CD. Only relationship to HD is frameformat & encoding/signaling method.


28/74


SwitchesSeparate Collision Domains, and More

Each segment is its own

collision domain.Broadcasts areforwarded to allsegments.

Memory

Switch


29/74


Each segment / connection has its own collision domain.

All segments (switch connections) are in the samebroadcast domain.

Data-Link

Switches and BridgesOperate at Data-Link Layer

OR1 2 3 1 24

Dedicated Bandwidth /

Connectione.g. 100Mbps


30/74


Separating Collision DomainsHub to Bridge / Switch

Floor #3

Floor #2

Floor #1

Hub

Rpt

1 Collision

Domain

1- Broadcast

Domain

8 Collision

Domains

1- Broadcast

Domain

2 Collision

Domains

1- Broadcast

Domain


31/74


Checkpoint:Why Physical Security Operations Should Care?

Switches typically provide full duplexconnectivity to each host

Delivering guaranteed bandwidth to eachhost

Break up collision domains

Retain single broadcast domain at layer 2

This can be a problem in large flatnetworks


32/74


Quality of Service Mechanisms

Type of Service bits in Layer

2 frames,

IP PrecedenceWeighted Fair

Queuing, RSVP, etc.

Session

44

Session

3

Session

22

Session

11 3

322600/3600_0498 Cisco Systems Confidential

Version

Length

ToS

1 ByteLen

IPV4: 3 Most Significant Bits called IP Precedence

DiffServ Uses Six D.S. Bits Plus Two for Flow Control

ID offset TTL Proto FCS IP-SA IP-DA Data

Traffic Prioritization, Congestion Management

N t k L (L 3) F ti


33/74


Interconnects multipledata links allowssimilar and dissimilarnetworks to beconnected!

Defines logical source

and destinationaddresses associatedwith a specific protocol

Defines paths through

network

Network

IP, IPX

Data-Link

Physical

EIA/TIA-232V.35

802.2

802.3

Network Layer (Layer 3) FunctionsThe relationship between IP (Network, Layer 3)

and Data-Link (Layer 2) Protocols


34/74


Multiple Addresses in a Typical NetworkMessageEthernet Frame specifies L2 address and IP Packet specifies L3 address

DestinationAddress

SourceAddress

Preamble

&SFD

Length Data/Payload

FCS

VersionHeaderLength TOS

Total Length

Identifier Flags Fragment Offset

TTL Protocol Header Checksum

Source Address

Destination Address

Options Padding

Ethernet Frame

IP Packet


35/74


The IP (Layer 3) AddressWhy a 2nd type of address???

IP started as a unique physical address (similar to layer 2)

Today: used as a re-allocatable, network dependent address alogical address that allows different types of network devices

using IP as the common protocol to communicate with eachother

Definition:

An Internet Protocol (IP) address specifies the logical location of ahost or client on the Internet.

How we see it: 202.14.64.1

What the Networked Devices see:

11001010000011100100000000000001


36/74


DataSource

Address

Destination

Address

IP Header

172.15.1.1Host /Node

Network

LogicalAddress

Network Layer End-Station Packet

IP addresses are written indotted decimalformat.

Four sections are separated bydots.

Each section contains a numberbetween 0 and 255 (28 = 256).

Layer 3 Network Layer PacketIP Packet and IP Address


37/74


32 Bits

Network Host

Network Host

Network Host

Class A

Class B

Class C

0

10

110

IP Address ClassesDifferent Size Organizations, Different Size Blocks of Addresses

Size of Network, large to small

Number of hosts connected to a given network

# of Class C addresses > # of Class B > # Class A addresses Example: Class A addresses typically given to Service Providers (e.g.

ATT) to connect many customer networks or large Universities or

corporations that support many hosts


38/74


Difference Between Routers & Switches

OSI Model

Physical

Data Link (L2)

Network (L3)

Transport

OSI Model

Physical

Data Link (L2)

Network (L3)

Transport

Routers Care about L3 Addresses

Switches Care about L2 Addresses

Switching/ForwardingDecision


39/74


Dynamic Host Configuration ProtocolEases Device Administration

DHCPServer

PC 2

IP AddressDatabasePC 1

Hi, Im new to the

network. Please

provide me with my

new IP address

Heres your new IP

address!

Hi, Im new to the

network. Please

provide me with mynew IP address


40/74


Broadcast control

Multicast control

Optimal path determination

Traffic management

Logical addressing

Connects to WAN services

L3 Operation and classification

Routers the Layer 3 device:Operate at the Network Layer


41/74


Why Do We Need Routers (Layer 3) Devices?Scalability and Segmentation: Broadcast Domain Control

All L2-switch connected devices are part of thesame broadcast domainThis becomes a performance issue, even inmedium sized networks

Networks dont scale well at L2 and need to be

segmented at L3


42/74


How do routers handle L2 Broadcasts?Routers Break Up Broadcast Domains

ffffff 255.255.255.255

MAC DA

Layer 2 Layer 3

Send Broadcast

to Everyone

PC 1 Sends a Broadcast to See If PC 2 Is Locally Connected

Bu t, a router wi l l not pass the layer 2 broadcast on to th e other

devices connected to it ! It wi l l pass a layer 3 broadcast if network

manager permits i t , und er certain condit io ns

PC 1

Protocol DA

Send Broadcast

to Everyone on

This Subnet PC 2

X


43/74


Separating (Layer 2) Broadcast DomainsHub to Switch to Router

Floor #3

Floor #2

Floor #1

A1

A2 A3A4

B1

B2B3

B4

C1

C2C3

C4

C1, C2 C3, C4

A1, A2 A3, A4

B1, B2 B3, B4

Bridge A

Bridge B

Bridge C

9 Collision

Domains

3- Broadcast

Domains


44/74


Hub Switch Router

Collision Domains:

1 4 4

Broadcast Domains:

1 1 4

Network Device Domains


45/74


Assessment

Connect iv i ty

Access

Input

Output

Encoders

1 23

4 5 67 8 9

0

Shot

MonProdClr

PHILIPS

A-to-D

Ethernet Acc essDecoders

D-to-A

Transmission

WAN

Traffic Engineering:Another type of Network Communication Type Needed

High AvailabilityIP LAN Legend:

1st Unicast StreamRedundant UnicastStream

Unicast Wasteful for Multiple Simultaneous Viewers/Streams

A 3rd type of Network Communication


46/74


Assessment

Connect iv i ty

Access

Input

Output

Encoders

1 23

4 5 6

7 8 9

0

Shot

MonProd

Clr

PHILIPS

A-to-D

Ethernet Acc essDecoders

D-to-A

Transmission

WAN

A 3rd type of Network CommunicationMulticast: Subscription-Based BroadcastMulticast is B/W Efficient!

High AvailabilityIP Multicast LAN

Legend:1st Unicast StreamEfficient MulticastStream


47/74


212.14.198.103Seen fromThe Internet

192.168.0.1

192.168.0.2

Inside the Home Network

Network Address TranslationCreates more Address Segments, Secures, Easier to Manage


48/74


A Look at a Network Address Table

SourceComputer

Source

Computer's IPAddress

Source

Computer'sPort

NAT Router's IPAddress

NAT Router's

Assigned PortNumber

A 192.168.32.10 400 215.37.32.203 1

B 192.168.32.13 50 215.37.32.203 2

C 192.168.32.15 3750 215.37.32.203 3

D 192.168.32.18 206 215.37.32.203 4


49/74


What About IPv6?

IETF IPv6 working group began in early 90s, to solveaddressing growth issues, but

CIDR, NAT, were developed

IPv4 32 bits address = 4 billion hosts~40% of the IPv4 address space is still unallocated

BUT

IP is everywhereData, Voice, Audio and Video integration is a Reality

Regional Registries apply a strict allocation control

Addressing scheme is not optimum as for any Looking ahead.


50/74


Explosion of New Internet AppliancesTransforming Business Processes

1.5 B

500 M

350 Million

375 Million

500 Million

750 Million

35 Billion

Mobile Phones, PDAs, ...

PCs, Servers, ...

Vehicles, Cargo Containers, ...

Medical Devices, HVAC, ...

Controllers, ...

Smart Sensors, ...

Microprocessors, ...

750 Million

35 Billion

375 Million

500 M

1.5 Billion

2003 Harbor Research, Inc All Rights Reserved

Harbor

projects 44

million

devices in

2003 and

1.5 billion

in 2010 will

benetworked


51/74


IPv6 versus IPv4A Few of the Key differences

Address length quadrupled to 16bytes

Header Simplification

Fixed length

(Optional headers

daisy-chained) No checksumming

(Done by Link Layer)

No hop-by-hop segmentation

Integrated QoS support

(Class of Service/Multimedia support- Flow label/class)

Authentication and PrivacyCapabilities

IPv4 Header

IPv6 Header

IHL Type of Service

Options

Total Length

Identification Flags Fragment Offset

Protocol Header Checksum

Source AddressDestination Address

Padding

Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

Version

Time to Live

Version


52/74


Internet

Telecommuter

Branch Office

Modem or ISDN Terminal Adapter

Mobile User

Main Office

Routers Also Provide WAN Access


53/74


WAN Selection Considerations

54000

1544+

128 / 64

56

28

19.2

9.6

Determine applications that you want to run.

ISDN,Frame Relay

Really Old Modem Telnet

Modem

Web Browsing

Voice

Video, Multimedia

E-Mail, File Transfer

Leased Line,Frame Relay,xDSL, Cable,T3, OC-3

kbps


54/74


Routers provide scalability at L3, controlbroadcast domains, enable connection toother networks (WANs, etc.) and more

NAT provides a layer of security by

shielding addresses of hosts from theoutside world, allows for better addressutilization

DHCP eases administration of adding /moving devices in a network, alsoimproves address utilization


Can your network-connected devices work with these

key features/devices?


55/74


Distinguishes betweenupper-layer applications

Establishes end-to-endconnectivity betweenapplications

Defines flow control

Provides reliable orunreliable services for datatransfer

Ne

twork

IPXIP

Transport

SPXTCP UDP

Transport Layer Functions


56/74


Synchronize

Acknowledge, Synchronize

Acknowledge

Data Transfer

(Send Segments)

Sender Receiver

Connection Established

Reliable Transport LayerFunctions

Summary and a Few More Networking


57/74


Summary and a Few More NetworkingIcons

WAN Cloud

AccessServer

Data Service Unit/Channel Service Unit

Web Server

Bridge Switch Router

Ethernet Serial LineFast Ethernet

DSU/CSU

File ServerPersonalComputer

Modem

VLAN(Color May Vary)

Hub Network Cloud orBroadcast Domain

Circuit-Switched

Line

MultilayerSwitch

Silicon-BasedMultilayer

Switch

Scalability & Availability


58/74


Scalability & AvailabilityTypical Network for SMB / Enterprise

Dedicated 100Mbps to

EACH End Point (Camera,Badge Reader, PC, etc.)

1-20Gbps links(Switch to Switch)

768kbps - 54Mbps(WAN links)


59/74


Network-Connected Device BandwidthProfileModest Needs for a Dedicated 100Mb/s Connection.

Badge Swipe:


60/74


Common Network PlatformsAmple Bandwidth for Physical Security Needs

Switch ing

Platform PortsMax System Capacity

Recommended Streams**

Catalyst

3750G-48PS

Catalys t 6513

Sup720

48 10/100/1000 po rts4 GbE (up l ink)

576 10/100/1000 po rts

4-21 10GbE por ts (upl in k)

32 Gbps /4,760 Streams

720 Gbps /

57,460Streams

Assumes 3.5Mbps / Stream

64 byte / Packets (typically video payloads would be larger

**


61/74


OSI Transport Layer enables applicationconnectivity with reliable and unreliablemechanisms

Routers and switches (L2 and L3) offer a numberof options, tailored for specific deploymentrequirements

Network design provides scalability and highavailability using 2 or 3 tier hierarchy (access,

backbone or access, distribution layer and core)


Are you alone or on the bleeding edge? No


62/74


Multiple waves of systemconvergence

Numerous physical securityoperations run overconverged IP today

Success with large scale video

surveillance operations

Resiliency / Availability

Application and device security

Increased functionality and mobility

y g gIP Convergence Experience & Expertise

Criteria for World-Class Converged Systems


63/74


Criteria for World-Class Converged SystemsPhysical Security Can Thrive on an IP Network!

SecurityScalability & Availability

Bandwidth Control

Manageability / Control

Accessibility

InteroperabilityStorage

Information Utility


64/74


Co-existence through SegmentationNetwork Security Toolset #1

Security Officer J Doe, Marketing

SecurityCamera

CollateralDatabase

Out of the box, switches usuallyplace all ports in the same LAN

Consequence: everyone can reacheverything; no policy enforcement

Security Officer J Doe, Marketing

SecurityCamera

CollateralDatabase

Segmenting user groups is thefoundation for policy enforcement

Multiple techniques: VLANs, IPsubnets, mGRE, IPSec, MPLS,

VRF, physically separate equip


65/74


Security Protection Against Hacks & VirusesNetwork Security Toolset #2

Device DoS

Network DoS

Address Spoofing

Port Hijack

DHCP DoS

MAC Flood

SysAdmin Spoofing

Command Spoofing

Worm Propagation

Port Security, 802.1X,Disable unused ports

QoS Toolset

AAA, Strong passwords,

Separate mgmt network

DHCP SpoofingPrevention, 802.1X

Device command authorization

Dynamic ARP Inspection,IP Source Guard, 802.1X

802.1X

NOTE: Segmentat ion and f i rewal l ing techniques no t con sidered here as th is design assum es complete physica l separation

Port Security

HIPS / AV / PFW, NetworkAdmission Control


66/74


FirewallsSegmentation and Security

Trusted

Sources

UN-trusted

Sources

FirewallsSoftware or hardware services that enforce access control

policies (rules) or employ filtering to control access to networkresources


67/74


Video Surveillance on the WANMultiple Techniques and Consideration Points

Use compression

Monitoring

Pull on demand

Push upon a pre-defined event

Use Multicast technology send 1 copy of video, not 2 or more

Transcode reduce frame rate conserves bandwidth

Recording

Consider local facility recording

Retrieval does not have to be real-time

15FPs or less is usually acceptable

Record on motion only or snapshot for 24 x 7 requirements


68/74


Loc al / Distr ib uted

DVR/NVR

Disks

Management

Storage

SAN

Disks

Centralized

DVR/NVR

Connect iv i ty

Access

Input

Output

Encoders

1 23

4 5 67 8 9

0

Shot

MonProdClr

PHILIPS

A-to-D

Ethernet A ccess Decoders

D-to-A

Transmission

WAN

High Availability

IP Multicast LAN

Video Surveillance RecordingStorage Considerations

Legend:1st Unicast Stream

TranscodedMulticast Stream

A

ssessment

Migrating to IP-Based Video SurveillanceL E i ti I t t & E bl N C biliti


69/74


Dedicated CCTVKeyboards & Displays

Analog Fixed &

PTZ Cameras

Leverage Existing Investments & Enable New Capabilities

Analog CCTV VCRCisco Integrated Services Platformw/ Strm Mgr S/W (DVR)

Analog Video Fiber

Multiplexers &

DistributionAmplifiers

Cisco Services Platformw/ Strm Mgr S/W (NVR)

Web-based

Monitoring

Add IP cameras Incrementally

Cisco IP Gatwyw/ Strm Mgr S/W

Video Matrix

Switch

Cisco IP Gatwyw/ Strm Mgr S/W

No RetrainingAccess live OR recorded videoSnap Stills

Cisco IP Network

Switch

Cisco IP Phones

Datacenter

Servers

Cisco Stream ManagerMonitoring S/W for Local &

Remote Operations

Cisco on Cisco: Lower TCO and Maximized ROI


70/74


Converged Physical Security, HR, Finance, Etc.

Cisco Phys ical Secur i ty Ops Resul ts

Central ized S&S op erat ions to 4 g lobal

locat ions

Hybrid Netwo rk of Analog and IP devices

Reduced false alarms by 90% Reduced sto rage requ irements by 50%

and number of servers by 40%

Reduced maintenance costs b y 20%

Decreased MTTR (NVR)

Policy-based access and segmentation QoS prioritization

IT monitors system health, remediate problems,

maintains servers


71/74


Convergence Today and TomorrowFrom Proprietary to Open, an IP Systems Approach

IP COMMUNICATIONS

Central Monitoring & Control

IP COMMUNICATIONS

INTERACTIVECOMMUNICATION

SYSTEMS

ALARM/ ACCESS

CONTROL

VIDEO

SURVEILLANCE

FIRE

POWER

LIFTS

LIGHTING

HVAC

Multiple Control Networks & Systems

Todays Buildings Disparate Building Networks Proprietary and Redundant Sub-Optimal Information Usage

A Shared Vision Interoperable Efficient and Scalable Multi-use Systems Information Maximized ROI and Lower TCO

Conclusions:


72/74


Increase information utilityand accessibility tomaximize ROI

Eliminate infrastructureredundancy to increaseproductivity and lower TCO

Organizations that leverage investments inan IP network-centric Physical SecurityOperation will maximize the inherent valueof video, capital and personnel, enhancingthe safety and security of people, and an

organizations assets.

Conclusions:Building Your Own Intelligent Converged Environment


73/74


Questions and Where to Go Next

For all general networking information, see the CiscoWeb site:

http://www.cisco.com

For Networking Training:http://www.cisco.com/web/learning/index.html

For more on Cisco Video Surveillance:

http://www/cisco.com/go/videosurveillance

Partnering is the key to successful deployments

Engage and chat / work with your IT counterpart!


74/74

Date post:	02-Apr-2018
Category:	Documents
Upload:	sunil5007
View:	226 times
Download:	0 times

IP Networking for PhysicalSecurity - Cisco

Documents