This document provides an architectural overview of the EMC Physical Security solution enabled by EMC VNX, EMC VNXe, EMC Isilon, Iomega4, and Genetec Security Center and Omnicast. Use this document in conjunction with the document entitled "Configuration Guidelines: EMC Storage for Physical Security Enabled by Genetec Omnicast and Security Center", which includes configuration guidelines and resource specifications for the solution components, storage arrays, and other EMC product integration.
DevoxxFR 2024 Reproducible Builds with Apache Maven
EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Security Center Reference Architecture
1. Reference Architecture
EMC STORAGE FOR PHYSICAL SECURITY
EMC VNX, VNXe, and Isilon, and Genetec Security Center
• Genetec Omnicast performance using EMC storage arrays
• Genetec Security Center performance using EMC storage arrays
• Correct sizing storage in a Genetec physical security environment
EMC Solutions Group
April 2012
3. Table of contents
Reference architecture overview ........................................................................................................... 4
Document purpose .......................................................................................................................... 4
Solution purpose ............................................................................................................................. 4
The business challenge.................................................................................................................... 4
The technology solution ................................................................................................................... 5
Key components ................................................................................................................................... 6
Introduction ..................................................................................................................................... 6
Digital video streams ....................................................................................................................... 6
Main server and expansion server .................................................................................................... 6
EMC storage ..................................................................................................................................... 6
Physical architecture ............................................................................................................................ 8
Architecture diagram........................................................................................................................ 8
EMC storage configurations ...................................................................Error! Bookmark not defined.
Genetec architecture ............................................................................................................................ 9
Genetec servers ............................................................................................................................... 9
Genetec deployment size ................................................................................................................. 9
Main roles ...................................................................................................................................... 10
EMC RSA secured domain ................................................................................................................... 11
Overview ........................................................................................................................................ 11
RSA logon ...................................................................................................................................... 11
Validated environment profile ............................................................................................................ 12
Profile characteristics..................................................................................................................... 12
Hardware resources ....................................................................................................................... 12
Software resources ........................................................................................................................ 13
Conclusion ......................................................................................................................................... 14
Summary ....................................................................................................................................... 14
EMC Storage for Physical Security 3
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
4. Reference architecture overview
Document purpose This document provides an architectural overview of the EMC Physical Security
solution enabled by EMC® VNX™, EMC VNXe™, EMC Isilon®, Iomega4®, and Genetec
Security Center and Omnicast.
Use this document in conjunction with the document entitled “Configuration
Guidelines: EMC Storage for Physical Security Enabled by Genetec Omnicast and
Security Center,” which includes configuration guidelines and resource specifications
for the solution components, storage arrays, and other EMC product integration.
Solution purpose The purpose of this Reference Architecture is to demonstrate how using the EMC and
Genetec integrated solution enables a security team to view real-time video streams
while also receiving policy-based and anomaly-based alerts. Genetec’s sophisticated
software analyzes data from remote locations and historical archives and generates
alerts based on your criteria.
The business Private businesses and public entities alike have responded to rising concerns about
challenge theft, fraud, and terrorism by sharpening their focus on physical security and
surveillance systems. Organizations such as retailers, casinos, financial institutions,
higher education institutions, transportation companies, law enforcement, school
systems, prison systems, and government agencies all need to manage and protect
their ever-growing volume of physical security information.
The ability to access the right data at the right time from anywhere is crucial to
supporting physical security and surveillance needs. However, the following factors
can hinder a comprehensive solution:
• Proprietary software
• Closed hardware platforms
• Lack of manageable archival capabilities
• Data retrieval wait times
• Lost data
• Unproven content authenticity
• Information management limitations
The high expansion costs of legacy video surveillance systems, based on CCTV,
digital video recorders (DVRs), or network video recorder (NVR) technologies and non-
integrated IT and physical security systems, amplify these limitations further.
After Genetec Omnicast captures the information — and throughout the initial
response, detection, legal, judicial submission, and data disposal processes —
information management, availability, security, and protection are the core
capabilities needed for tamper-proof evidence collection, increased conviction rates,
and asset protection.
EMC Storage for Physical Security 4
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
5. The technology EMC physical security solutions provide flexibility to control video surveillance and
solution analyze security incidents in real time, collect evidence faster, and easily review
archived data, from anywhere.
EMC storage arrays provide quality storage for the smallest to the largest customers
using a variety of storage topologies including SAN (FC and iSCSI) and NAS (NFS,
CIFS).
Virtualization with VMware consolidates the number of Genetec Archivers required at
a given site. Aggregating multiple Genetec Archivers onto VMware® ESX®/ESXi™
hosts enables more bandwidth per physical host than is normally recognized from a
physical host.
With EMC Isilon's easy installation, management, and scalability, this solution also
adds value to non-IT centric and IT-centric customers alike.
Data management This solution integrates EMC and Genetec technology to help meet the challenges of
video surveillance information convergence and management. This enterprise-class
solution provides data management in each phase of the video surveillance lifecycle,
including:
• Capturing and monitoring
• Analyzing
• Protecting and securing
• Archiving
• Authenticating evidence
Genetec Security Genetec Security Center is a unified security platform that seamlessly blends
Center Genetec’s IP security and safety systems within a single innovative solution. The
systems unified under Security Center management include Genetec’s Omnicast IP
video surveillance, Synergis IP access control, and AutoVu license plate recognition
(LPR).
Developed with simplicity of operation in mind, the Security Center presents
information to operators through a single interface and simplifies operators’ tasks,
standardizes workflows, increases productivity, and enhances decision-making. It
aggregates physical security content from multiple sources, integrating IP networking
with a full range of physical security systems, including:
• Video surveillance cameras
• Access control devices and intrusion detection systems
• Information security applications
• Visitor management and identity recognition
• Asset management
• Sensors and alarms
EMC Storage for Physical Security 5
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
6. Although you can use EMC VNX and EMC Isilon storage for high-throughput solutions,
alternate storage solutions include EMC Symmetrix® VMAX™ and Symmetrix DMX™.
Key components
Introduction The physical security components typically consist of legacy analog monitoring
capabilities, analog cameras, and IP cameras.
Video encoders convert standard NTSC/PAL video from analog cameras to a digital
video stream over TCP/IP. You can also deploy customer-furnished IP cameras in this
solution. Each camera is capable of producing a digital video stream over TCP/IP.
This solution uses EMC storage platforms to provide single- or multi-tiered storage
architectures for centralized or decentralized enterprise requirements. EMC
PowerPath® software provides channel failover on Omnicast Security Center servers
for both fiber and iSCSI connectivity options.
Digital video An Omnicast System Center Archiver captures digital video streams over TCP/IP and
streams then typically writes the video to EMC VNX or Isilon storage.
Main server and A System Center installation consists of a single server or of multiple servers in a
expansion server hierarchical structure.
The main server is the only server on your system that hosts the Directory role. The
Directory is the role that identifies your system. All other servers on the system must
connect to the main server in order to be part of the same system. You may have only
one main server on any Security Center system.
An expansion server is any computer other than the main server that you add to your
system to increase its total computing power. An expansion server must connect to
the main server and may host any role in Security Center, except the Directory role.
EMC storage This reference architecture uses the EMC VNXe and VNX storage platforms. However,
you can integrate different EMC storage platforms and array sizes with Genetec
Security Center to provide a physical security solution to meet any size application.
Table 1 describes EMC storage platforms that are compatible with Genetec software
for physical security.
Table 1. EMC storage platforms available for this solution
EMC storage Description
Symmetrix VMAX The EMC Physical Security Lab tested the EMC Symmetrix VMAX
storage array connected to a Cisco UCS server using VMware ESX
4.0 running Microsoft Windows Server 2008 64-bit.
This solution is ideal for very large, demanding installations or
environments that already have VMAX and Cisco UCS.
EMC Storage for Physical Security 6
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
7. EMC storage Description
VNX EMC VNX and EMC CLARiiON storage arrays, from the AX4 through
VNXe/Celerra the VNX7500, all perform exceptionally well with the Genetec
Security Center physical security solution.
The solution also supports unified storage derivatives such as the
VNXe, NX, and NS storage arrays. Unified storage topologies
include FC, iSCSI, NFS, and CIFS. NFS and CIFS accommodate
smaller customers and those with specific use cases. FC attaches
directly to the VNX or CLARiiON, bypassing the data mover.
Isilon Isilon storage arrays provide exceptional NAS performance.
Omnicast version 4.8 or greater and Security Center 5.1 and
greater are compatible with the Isilon storage arrays.
Iomega The Iomega PX12, IX12, and PX4d storage arrays are ideal for
smaller customers.
For data resilience, use RAID 6 if possible.
EMC Storage for Physical Security 7
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
8. Physical architecture
Architecture Figure 1 shows the overall physical architecture of the core solution.
diagram
Figure 1. Solution architecture
EMC Storage for Physical Security 8
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
9. Genetec architecture
Genetec servers Security Center’s architecture uses a client/server model in which a pool of server
computers distributed over an IP network handles all system functions. The number
of servers can range from a single machine for a small system to hundreds of
machines for a large-scale system.
Genetec Server is the Windows service you must install on every computer that you
want included in the pool of servers available for Security Center to use. Every server
is a generic computing resource capable of taking on any role (set of functions) you
assign to it.
A role is a software module that performs a specific function (or job) within Security
Center. For example, you can assign roles for archiving video, for controlling a group
of units, or for synchronizing Security Center users with your corporate directory
service.
Genetec You can position Genetec solutions for both small and large customers. As illustrated
deployment size in Table 2, acceptable storage solutions may be large or small, as long as the file
server meets the requirements of EMC and Genetec. The solution also works very well
with VMware ESX/ESXi 4.x.
You can use VMware ESX/ESXi 4.0 (and later) to greatly reduce the server farm
footprint while increasing the bandwidth each physical server can produce. Genetec
Omnicast and Security Center are ideally suited for VMware.
Table 2. Deployment guidelines
Validated component Compatibility
Storage VMAX, VNX, CX4, CX3, AX4, VNXe, Isilon,
NS, NX, Iomega PX line and IX12
Platform Blade and rack-mount servers
Operating system Microsoft Windows Server 2008 (64-bit
used in lab)
VMware Compatible (with excellent performance )
EMC Storage for Physical Security 9
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
10. Main roles Table 3 describes the main roles provided by the Genetec Security Center for video
surveillance.
Table 3. Genetec main roles
Service Description
Media Router • Handles all stream (audio or video) requests on the system
• Calculates the optimal path between the source and destination
based on location and transmission capabilities
Directory • The Directory role is what defines a Security Center system.
• The main server module provides a centralized configuration
database for all entities in the system including cameras, users,
other Security Center roles, and applications on the system.
• The Directory role is responsible for authentication and access
control using the built-in security model or through Microsoft Active
Directory.
• The Directory also offers the option to log all system events and user
actions in a relational database for reporting purposes.
• Starting with Security Center 5.1, multiple Directories can run
concurrently to provide high availability and load-balance client
connections.
• SQL mirroring is also available for Directory DB failover.
Health • Set of tools to monitor the health of Security Center
monitoring
• Provides real-time status of the system entities
• Health statistics providing valuable information like availability,
uptime, mean time between failures, mean time to recovery for
cameras, door controllers, and intrusion panels
• Detects health issues early enough to avoid potential problems in
the future
Archiver • Manages the communication with IP cameras and an encoder. The
Archiver is the only Security Center component that communicates
directly with the IP cameras.
• Has a plug-in architecture to introduce support for new camera
manufacturers without requiring a complete software upgrade.
• Records up to 300 cameras or 300 Mb/s of throughput
• Responsible for maintaining the database that links a specific
camera at a specific time to a video file stored on disk
• Performs motion detection algorithms on recorded video streams
EMC Storage for Physical Security 10
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
11. EMC RSA secured domain
Overview The Genetec Security Center solution installed with EMC’s RSA-secured domain
increases Windows and Security Center security. RSA® authentication using
constantly changing RSA tokens increases the user’s Security Center experience by
providing a single logon structure for accessing multiple Security Center applications.
For more information refer to the EMC white paper entitled EMC Physical Security—
Enabled By RSA SecurID Two-Factor Authentication with Genetec Omnicast Client
Applications.
RSA logon In general, the login process consists of the following steps:
1. The login request using RSA authentication (token) sends the request through
the EMC RSA SecurID® appliance.
2. If the user credentials are correct, the EMC RSA SecurID appliance proxies the
login to the Active Directory and the Active Directory authenticates the login
into the requested Windows Domain.
3. Login to the Windows Domain is complete.
4. User accesses the requested application.
5. User credentials verify if this user has access rights for the requested
application. The user may be required to press Enter before continuing into
the application (this is application-specific).
Figure 2 shows the login process.
Figure 2. RSA login process
EMC Storage for Physical Security 11
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
12. Validated environment profile
Profile Table 5 describes the environment that EMC validated for this solution.
characteristics
Table 4. Validated provide
Profile characteristic Value
Omnicast application software Omnicast 4.4 – Windows Server 2003 SP2/R2 on local
server disk or boot from CLARiiON
Omnicast 4.4 through 4.6 – Windows Server 2008 x32
and x64
Omnicast 4.7 and above – Windows Server 2008 X64
Omnicast 4.8 (Security Center 5.1) required for EMC
Isilon storage arrays
Storage topology SAN, DAS, iSCSI
• iSCSI – HBA
• iSCSI – Microsoft initiators with Windows Server
2008 and later only
NAS
• SMB2 to the Isilon X200 or 108NL storage arrays
Total bandwidth per Archiver 37.5 MB/s (300 Mb/s)
server
Hardware Table 5 lists the hardware used in this solution.
resources
Table 5. Solution hardware
Hardware Quantity Configuration
Any 1U, 2U, or blade server on 1 Per Security Center server
Genetec and EMC’s supported
hardware listing
Any VNX, VNXe, AXA, AX4-5/5i, Based on See the Genetec Omnicast
CX3-XX, CX4-XXX, Isilon X200, solution Bandwidth Technical Note for
and 108NL, NX, NS requirements additional information. If you do not
have access to this document, see
your EMC representative.
EMC Storage for Physical Security 12
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
13. Software resources Table 6 lists the software used in this solution.
Table 6. Solution software
Software Version Configuration
Windows Server 2003 SP2/R2 Operating system for Omnicast servers and
workstation(s), used for AX and CX3 testing
Windows Server 2008 64-bit Operating system for Security Center servers and
workstation(s)
Genetec Omnicast 4.4 – 4.8 4.4 – 4.6 Windows Server 2003 R2; Windows Server
Server 2008
4.7 – 4.8 Windows 2008 x32 and x64
Local disk drive installation for all non-boot from SAN
configurations
Genetec Security Center 5.0 – 5.1 Windows 2008 x64
EMC PowerPath Latest GA version Installed on Omnicast servers
EMC Naviagent Latest GA version Installed on Omnicast servers
Security Center, Minimum of 1; Specified in Genetec Security Center documentation
Security Desk, and maximum – unlimited
Configuration Tool
EMC Storage for Physical Security 13
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture
14. Conclusion
Summary The EMC Physical Security solution enabled by EMC storage arrays and Genetec
Security Center products represents an ideal solution for surveillance management
and IT infrastructure. The solution provides a flexible and highly scalable
infrastructure that can meet a broad range of today’s demanding physical security
requirements.
As requirements change and become more sophisticated, the EMC Physical Security
solution’s flexibility and modular architecture can be enhances to meet customers’
individual needs.
EMC Storage for Physical Security 14
EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture