MOBOTIX

Step 1: Licenses

Download the Surveillance Bridge executable and manuals from the Tiger Technology licensing server:

a) Visit: https://license.tiger-technology.com/ and enter your account credentials

b) Once you have logged in, you will be prompted to register.

c) If you logged in using a Client Account, click on “Home” to you see the list of product licenses available. Click on the product license you wish to use.

d) To download the manuals, click on “Documentation” (bottom left)

e) To download the executable, click on “Current Version” (bottom left)

While on the licensing server, configure your email notifications preferences:

Step 2: System Requirements

When determining local storage requirements, consider egress fees and potential outages. In the event of an internet outage, the VMS should be capable of continuing local recording (the available space on your local storage dictates how long before the VMS begins deleting recordings). Meanwhile, storing a larger number of recordings locally can reduce cloud egress charges (when applicable). The ideal local storage capacity thus balances the retention of past recordings and the potential duration of outages. For instance, if most of your investigations occur within the past 4 days and you want to prepare for up to 3 days of internet outage, ensure that your local storage can accommodate a total of 7 days of recordings. When looking at long retention periods, keep in mind that every 1 million files consume 100MB of local disk space. Surveillance Bridge generally uses up to approximately 20% of the CPU while initially indexing the file system (each time the services are started), but this decreases to around 5% during regular operations. Memory usage is typically not a concern.

  1. Recording Servers should have:

a) Internet upload speed at least 25% more than total camera ingests to disk

b) Access to https://saas.tiger-technology.com

c) Access to the cloud bucket endpoint

d) Ports 443 outbound

e) Ports 8536 and 8537 inbound (when Management Client is remote)

  1. Cloud requirements

a) One cloud bucket/container has been created for each of your recording locations.

b) Recording Servers should have FULL Read/Write AND Delete capabilities on the objects in the cloud.

Step 3: Prepare your VMS

Prior to installing Surveillance Bridge, ensure the following steps have been completed:

  1. Connect and configure your Archiver/Recording Server according to the guidelines of your VMS.

NOTE: Surveillance Bridge operates most effectively when used directly on your live recording drive, effectively turning the cloud into your archive. This approach provides optimal recovery options when using Disaster Recovery (DR). If you need to configure your Archiver/Recording Server with an Archive location, Surveillance Bridge can be used for either the recording storage or the archive. While technically possible, it isusually not recommended to use Surveillance Bridge on both because of the excessive data movements required.

  1. IMPORTANT:In the Management Client, navigate to "Storage and Recording Settings" and adjust the "Retention time" of your VMS based on the total amount of camera data you wish to store on your volume(s). This global setting determines when data will be deleted both locally and in the cloud:

a) The retention time should cover local AND cloud data

b) The size should cover local AND cloud data (don’t worry if your volume is much smaller as it will extend into the cloud)

EXAMPLE: If you set a 90-day retention time, your VMS will delete the data, regardless of its location. As the VMS removes local files, Surveillance Bridge deletes the corresponding data in the cloud tiers (keep in mind that there might be delays with some cloud providers). Using Surveillance Bridge, you can decide how much data to keep on the local drive, nearline (hot) cloud storage, or archive (cold or frozen) cloud storage.

c) To decommission an Archive volume without losing data, follow these two steps:

  • First, ensure that the retention time on the Recording storage is at least as long as the current Archive volume.

  • Archive data will continue to play from the current Archive until a full Archive period has been completed.

  • After passing a full archive period, the Archive volume can be decommissioned, as all the most recent "archive" data will now be sourced from the cloud.

Step 4: Storage and Bandwidth requirements

  1. Estimate your requirements

a) Identify the current storage requirements for a given retention period: If you don’t have this information, try to obtain it from your VMS vendor, based on your camera count, resolution, frame rate, etc. Tiger Surveillance can also help with this.

Here are simple rules of thumb you can use to quickly scope your project:

  • 1 HD camera => 1TB per 90-day retention

  • 1x HD camera => 1 Mbps of upload bandwidth

  • 100Mbps connection => uploads ~1TB per day (~100 cameras)

  • 1Gbps connection => uploads ~10TB per day (~1,000 cameras)

b) Initial seed If your VMS has been recording for some time, you can estimate the time it will take to upload your existing seed (while it is busy uploading the incoming feeds).

Total Time to Upload Seed = Total Seed / (Daily Upload – Daily Ingest)

Example: If the seed is 200TB and the live camera ingest is 100Mbps

  • Using 1Gbps connection (i.e. 10TB per day) => 200TB/ (10TB - 1TB) => 3-4 weeks

  • Using 200Mbps connection (i.e. 2TB per day) => 200TB/ (2TB - 1TB) => more than 6 months

Step 5: Setup your cloud bucket/containers

  1. Log into your Cloud account and create separate buckets/containers to be associated with each recording location (server and volumes).

NOTE: For a recording server with only a Recording volume (no Archive volume), the same bucket/container stores a single copy of all data, serving both Disaster Recovery (DR) and Extension purposes. DR includes all camera data, along with XML and index files necessary for reconstructing the database. Extension, on the other hand, only needs a subset, specifically the camera data. If your recording server has more than one storage location configured, each location will require its own separate bucket.

  1. Have your Cloud account details ready for the install (Access Key, Secret Key, etc.)

a)Make sure you have full permission on the account (Read/Write/Delete)

Step 6: Installing Surveillance Bridge

Surveillance Bridge must be installed on your live recording servers (aka archivers). It does not require a reboot and there is no need to stop your VMS software from recording.

  1. Make sure your recording server is fully configured prior to installing Surveillance Bridge. Run the Surveillance Bridge installer as an administrator:

  1. Click in the ‘License Terms and Conditions’ agreement box to accept, and then click Next.

  1. Choose your VMS and click ‘Next’ to continue with the installation process.

  1. Install Surveillance Bridge (follow on-screen instructions)

    1. The installer contains five software components:

      • Management Client module (for configuration – must be installed)

      • Recording Server module (all the cool technology – must be installed)

      • Shell Extension (for file system access and troubleshooting – optional)

      • Smart Client module (for data visualization and job manager – optional)

      • Event Server module (for notifications – optional)

    2. It is possible to install these components on ONE or SEPARATE machines. You can also install the Management Client and Smart client plug-in on multiple machines for convenience.

Unless advised to do otherwise, choose default options. The Surveillance Bridge software automatically detects what is required. Installation takes a few minutes to finish.

Step 7: Activate your License

Activate your license by opening the Management Client

a) Click on the Surveillance Bridge “Administration” tab

b) Select the recording server you wish to activate

  • NOTE: If you were provided a Client Account in addition to Product Licenses, you must use the later credentials for activating your license. In this case, the Product License will typically be identical to your login, but will typically have the _SB? suffix added to it and the password will be empty (you add your own).

c) If you have any issue activating, please see the Troubleshooting section below

d) You can choose which options will be available to operators using the Smart Client (see details below)

Step 8 Configure the Disaster Recovery

Activating the Disaster Recovery (DR) functionality using Surveillance Bridge is easy. This functionality can be activated on your Recording storage(s), your Archive(s), or both.

  1. Select the Surveillance Bridge “Disaster Recovery” tab

    a)For each volume where you desire DR, click “Enable”

    b) Configure your target

    1. Make sure to select a DIFFERENT bucket/container for EACH volume

    2. If Storage Extension has already been configured, you will NOT be prompted for cloud details as your data will NOT be replicated twice. The same dataset is used.

    c) To start the replication process, switch the “Paused” to “Running”

    b) Within a few minutes (depending how many cameras and files are managed), Surveillance Bridge will start replicating and display the % of local data that has been replicated to the cloud.

NOTE: After all existing files have been replicated, this number will typically be just shy of 100%, unless you stop the camera streams or the recording server in order for the most current data to reach your cloud target.

Step 9: Verify that your internet is keeping up

Open Task Manager on the Recording Server to see how fast Surveillance Bridge can upload to the cloud. Click on the “Performance” tab, and then select “Disk” and “Ethernet”.

The screen grab on the left shows a problematic situation where the upload (Send bandwidth) is less than the camera ingest (Write speed to disk). Keep in mind that one megabytes per second (MB/s) is equivalent to eight megabits per second (Mbps). As such the system is writing to disk at 9.8MB/s => 96.04 Mbps and the internet upload speed must be ten times faster to keep up.

Step 10: Recovery After a Disaster

When Disaster Recovery is enabled, Surveillance Bridge can recover from a storage or server failure. As soon as Surveillance Bridge detects a failure, it flashes the server in red and displays a big “red” warning message in its Disaster Recovery tab. It is critical to follow the step-by-step instructions of the Wizard for a successful recovery of your recordings. Attempts to replace the storage without following the proper procedure could lead to complete loss of data.

NOTE: IF YOU WANT TO TEST DISASTER RECOVERY, DO NOT DELETE FILES ON YOUR DISK AS THIS WILL RESULT IN DELETING DATA IN THE CLOUD. INSTEAD, REFORMAT YOUR RECORDING DRIVE TO SIMULATE A REAL FAILURE. REFER TO THE ADMIN GUIDE FOR RECOVERY PROCEDURE.

Step 11: Configure the Storage Extension

Use the Extension option to make your local volume appear bigger and infinitely scalable. This functionality can be activated on your Recording storage(s), your Archive(s), or both. It can be activated with or without Disaster Recovery. When activated with Disaster Recovery, Extension uses a subset of the data already replicated on the DR target.

Configuration Steps

  1. Select the Surveillance Bridge “Extension” tab

a) For each volume where Extension is desired, click “Enable”

b) Configure your target

  • If Disaster Recovery has already been configured for this volume, you will NOT be prompted for cloud details as your data does NOT get replicated twice. The same bucket will be used.

c) Make sure to select a DIFFERENT bucket for EACH of your recording locations.

  1. Click on “Configure”

Choose “By Age” to keep camera data locally for a specific amount of time or choose “By Size” to keep it until your local drive reaches a specified capacity threshold. When either condition is met, content is removed and replaced by zero-byte stub files. Data is safely kept in the cloud until the retention time set on your storage volume is met. Make sure to maintain enough “free” space on your recording drive to ensure your VMS has enough room to continue recording during an internet outage.

a) To start the replication process, switch from “Paused” to “Running”

b) Within a few minutes, Surveillance Bridge will display the % of local data that has been moved to the cloud.

c) If your cloud provider supports an archive tier, Surveillance Bridge allows you to leverage it. Note that in this case, any archived video will need to be manually recalled BEFORE it can be viewed on the timeline.

Step 12: Using the Smart Client plug-ins

There are a few options available to the Smart Client. They are all enabled by default but can be disabled through the Management Client (see Installation and Activation steps above).

Timeline Color Monitoring - Visual indication of where the data is currently stored

  1. Go to Settings, select Timeline, and set “Additional data” to “Show” (vs. “Hide”)

  1. When activated, Surveillance Bridge will display additional colors on the timeline:

Clicking on the bottom right “?” brings up the timeline legend:

Rehydration is a manual process that can be achieved through the Job Manager or through the Management Panel (see below). By definition, camera data in an archive tier will typically take hours to restore (thus the significantly lower cost). Surveillance Bridge has the unique ability to display a “Recording in Archive Tier” frame.

Manual Restore Panel

Surveillance Bridge will display an “Recording Offline” notice when playing or selecting areas of the timeline that are Archived (frozen) until the archived video has been restored to the nearline (hot) cloud tier.

  1. When the Job Manager is invoked from the Plug-ins section, Smart Client operators can restore data for specific time ranges and cameras.

a)

TIP: Use the Time Selection Mode or Set Start/End Time buttons to automatically set the date and time interval to be restored:

Restore jobs can also be created from within the Management Client plug-in.

  1. Open Management Client and go to the Administration tab:

Step 13: Configuring Firewalls and Proxy Servers

Surveillance Bridge must communicate with the cloud target as well as with the Tiger Technology licensing server for activating your license and for keeping them activated.

  1. Make sure that the following requirements are met:

a) Can reach the Azure service running at https://saas.tiger-technology.com.

1) When typing the URL, you should in your browser, you should obtain the following response:

2)If you get an error, you will need to whitelist the domain name

b) Check your firewall. The following ports must be open:

  • •(for object storage target over http connection) 80 - outbound rule only

  • (for SaaS activation and/or communication with object storage target over https) 443 - outbound rule only

  • (for a network target) 445 - outbound rule only

  • (for remote connection) 8536 - inbound rules

  • (for remote connection) 8537 - inbound d rules

    • You can test this connection AFTER you have installed the Surveillance Bridge plugin by entering the following URL in a web browser on the Management Server: https://xxx.xxx.xxx.xxx:8537/version (where xxx.xxx.xxx.xxx is the IP address of the Recording Server you are testing)

  1. If you are using a proxy server, Bridge uses different mechanisms for accessing the cloud and for communicating with the licensing server.

a) To configure proxy for the cloud target:

  • Open a Command prompt in elevated mode and type:

b) To configure proxy for the licensing server:

  • Set your System Environment Variables:

IMPORTANT: It is required to reboot your computer after changing system variables.

  • If you are still experiencing issues activating the Bridge software, please use the SaaS-Check utility to troubleshoot your issue, as described below.

Step 14: Saas-Check Utility

Tiger Technology has developed a troubleshooting application that can help identify the source of the problem.

  • NOTE: Troubleshooting firewalls and proxy issues will likely require the assistance of your System Administrator.

If you are experiencing issues activating your Bridge software, download the saas-check.exe utility (https://tinyurl.com/8fjjaby4).

  1. On the Bridge machine (i.e. Recording Server), open a Command prompt in Elevated mode.

  2. Run saas-check with the following parameters

    • Usage: saas-check.exe <server_host> <cabundle_path>

    • Where:

      • <server_host> is saas.tiger-technology.com

      • <cabundle_path> is "C:\ProgramData\Tiger Technology\backup\cert\cacert.pem" is your activation

      • <username> is your activation Username

      • <password> is your activation Password

      • <serial> is the ?????- ?????- ?????- ?????- ????? serial key found in the Bridge interface

The command above assumes C: is where the utility was copied. Successful output of this tool should look like this:

If you do not receive a successful activation message, please check if the error falls in one of the following categories:

Failed SSL Connect Error

A “Failed SSL Connect Error” will likely occur due to improper firewall configuration. SaaS- Check.exe will report something like this:

For a quick test, you can try disabling Windows Defender on Management Server and Recording Server. If you are using advanced firewalls, such as Palo Alto Networks, make sure you are not blocking access to encrypted websites (https://saas.tiger-technology.com). Also make sure you are disabling control of decrypted SSL. These settings can be used to limit or block SSL sessions based on criteria including the use of unsupported cipher suites or protocol versions, or the availability of system resources to process decryption.

Peer Certificate Authetication Error

A “Peer Certificate Authentication Error” will likely occur due to missing security certificate. SaaS-Check.exe will report something like this:

Bridge uses cURL to communicate with its licensing server. However, cURL may not automatically integrate your domain security certificates. If your organization uses domain security certificates, you will need to follow these steps:

  1. In Windows, search for “Manage computer certificates” and open

  2. Locate your domain security certificate (most likely stored under Trusted Root Certification Authorities/Certificates)

a) Look for a certificate that contains the name of your organization (typical)

b) Double click on the certificate

c) Select the “Details” tab

d) Click on “Copy to files...”

e) Select “Base-64 encoded X.509 (.CER)

f) Specify file name to export

g) Locate the exported file

h) Open the exported file with Notepad

i) Copy the ENTIRE content of the file

  1. Locate the security certificate used by Bridge, and open it in Notepad:

  1. Append the copied certificate to the existing list of certificates by pasting it at the end of the file. Save the file.

  1. Try activating the software again. If none of the above works, send us the output you are getting when running the saas-check.exe command.

Last updated