EMC STORAGE FOR PHYSICAL SECURITY - uk.emc.com · EMC STORAGE FOR PHYSICAL SECURITY . EMC VNX, ... • Closed hardware platforms ... EMC VNX and EMC CLARiiON storage arrays, from

Reference Architecture

EMC Solutions Group

April 2012

EMC STORAGE FOR PHYSICAL SECURITY EMC VNX, VNXe, and Isilon, and Genetec Security Center

• Genetec Omnicast performance using EMC storage arrays

• Genetec Security Center performance using EMC storage arrays • Correct sizing storage in a Genetec physical security environment

EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture

2

Copyright © 2012 EMC Corporation. All Rights Reserved.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

The information in this publication is provided “as is.” EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.

VMware, VMware vCenter, and VMware vSphere are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. Iomega and IomegaWare are registered trademarks or trademarks of Iomega Corporation. All other trademarks used herein are the property of their respective owners.

All trademarks used herein are the property of their respective owners.

Part Number H10583

3 EMC Storage for Physical Security EMC VNX, VNXe, and Isilon, and Genetec Security Center—Reference Architecture

Table of contents

Reference architecture overview ........................................................................................................... 4

Document purpose .......................................................................................................................... 4

Solution purpose ............................................................................................................................. 4

The business challenge .................................................................................................................... 4 The technology solution ................................................................................................................... 5

Key components ................................................................................................................................... 6

Introduction ..................................................................................................................................... 6

Digital video streams ....................................................................................................................... 6

Main server and expansion server .................................................................................................... 6

EMC storage ..................................................................................................................................... 6

Physical architecture ............................................................................................................................ 8

Architecture diagram ........................................................................................................................ 8 EMC storage configurations ................................................................... Error! Bookmark not defined.

Genetec architecture ............................................................................................................................ 9

Genetec servers ............................................................................................................................... 9

Genetec deployment size ................................................................................................................. 9

Main roles ...................................................................................................................................... 10

EMC RSA secured domain ................................................................................................................... 11

Overview ........................................................................................................................................ 11

RSA logon ...................................................................................................................................... 11

Validated environment profile ............................................................................................................ 12

Profile characteristics..................................................................................................................... 12

Hardware resources ....................................................................................................................... 12

Software resources ........................................................................................................................ 13

Conclusion ......................................................................................................................................... 14

Summary ....................................................................................................................................... 14


4

Reference architecture overview

This document provides an architectural overview of the EMC Physical Security solution enabled by EMC® VNX™, EMC VNXe™, EMC Isilon®, Iomega4®, and Genetec Security Center and Omnicast.

Use this document in conjunction with the document entitled “Configuration Guidelines: EMC Storage for Physical Security Enabled by Genetec Omnicast and Security Center,” which includes configuration guidelines and resource specifications for the solution components, storage arrays, and other EMC product integration.

The purpose of this Reference Architecture is to demonstrate how using the EMC and Genetec integrated solution enables a security team to view real-time video streams while also receiving policy-based and anomaly-based alerts. Genetec’s sophisticated software analyzes data from remote locations and historical archives and generates alerts based on your criteria.

Private businesses and public entities alike have responded to rising concerns about theft, fraud, and terrorism by sharpening their focus on physical security and surveillance systems. Organizations such as retailers, casinos, financial institutions, higher education institutions, transportation companies, law enforcement, school systems, prison systems, and government agencies all need to manage and protect their ever-growing volume of physical security information.

The ability to access the right data at the right time from anywhere is crucial to supporting physical security and surveillance needs. However, the following factors can hinder a comprehensive solution:

• Proprietary software

• Closed hardware platforms

• Lack of manageable archival capabilities

• Data retrieval wait times

• Lost data

• Unproven content authenticity

• Information management limitations

The high expansion costs of legacy video surveillance systems, based on CCTV, digital video recorders (DVRs), or network video recorder (NVR) technologies and non-integrated IT and physical security systems, amplify these limitations further.

After Genetec Omnicast captures the information — and throughout the initial response, detection, legal, judicial submission, and data disposal processes — information management, availability, security, and protection are the core capabilities needed for tamper-proof evidence collection, increased conviction rates, and asset protection.

Document purpose

Solution purpose

The business challenge


EMC physical security solutions provide flexibility to control video surveillance and analyze security incidents in real time, collect evidence faster, and easily review archived data, from anywhere.

EMC storage arrays provide quality storage for the smallest to the largest customers using a variety of storage topologies including SAN (FC and iSCSI) and NAS (NFS, CIFS).

Virtualization with VMware consolidates the number of Genetec Archivers required at a given site. Aggregating multiple Genetec Archivers onto VMware® ESX®/ESXi™ hosts enables more bandwidth per physical host than is normally recognized from a physical host.

With EMC Isilon's easy installation, management, and scalability, this solution also adds value to non-IT centric and IT-centric customers alike.

This solution integrates EMC and Genetec technology to help meet the challenges of video surveillance information convergence and management. This enterprise-class solution provides data management in each phase of the video surveillance lifecycle, including:

• Capturing and monitoring

• Analyzing

• Protecting and securing

• Archiving

• Authenticating evidence

Genetec Security Center is a unified security platform that seamlessly blends Genetec’s IP security and safety systems within a single innovative solution. The systems unified under Security Center management include Genetec’s Omnicast IP video surveillance, Synergis IP access control, and AutoVu license plate recognition (LPR).

Developed with simplicity of operation in mind, the Security Center presents information to operators through a single interface and simplifies operators’ tasks, standardizes workflows, increases productivity, and enhances decision-making. It aggregates physical security content from multiple sources, integrating IP networking with a full range of physical security systems, including:

• Video surveillance cameras

• Access control devices and intrusion detection systems

• Information security applications

• Visitor management and identity recognition

• Asset management

• Sensors and alarms

The technology solution

Data management

Genetec Security Center


6

Although you can use EMC VNX and EMC Isilon storage for high-throughput solutions, alternate storage solutions include EMC Symmetrix® VMAX™ and Symmetrix DMX™.

Key components

The physical security components typically consist of legacy analog monitoring capabilities, analog cameras, and IP cameras.

Video encoders convert standard NTSC/PAL video from analog cameras to a digital video stream over TCP/IP. You can also deploy customer-furnished IP cameras in this solution. Each camera is capable of producing a digital video stream over TCP/IP.

This solution uses EMC storage platforms to provide single- or multi-tiered storage architectures for centralized or decentralized enterprise requirements. EMC PowerPath® software provides channel failover on Omnicast Security Center servers for both fiber and iSCSI connectivity options.

An Omnicast System Center Archiver captures digital video streams over TCP/IP and then typically writes the video to EMC VNX or Isilon storage.

A System Center installation consists of a single server or of multiple servers in a hierarchical structure.

The main server is the only server on your system that hosts the Directory role. The Directory is the role that identifies your system. All other servers on the system must connect to the main server in order to be part of the same system. You may have only one main server on any Security Center system.

An expansion server is any computer other than the main server that you add to your system to increase its total computing power. An expansion server must connect to the main server and may host any role in Security Center, except the Directory role.

This reference architecture uses the EMC VNXe and VNX storage platforms. However, you can integrate different EMC storage platforms and array sizes with Genetec Security Center to provide a physical security solution to meet any size application.

Table 1 describes EMC storage platforms that are compatible with Genetec software for physical security.

Table 1. EMC storage platforms available for this solution

EMC storage Description

Symmetrix VMAX The EMC Physical Security Lab tested the EMC Symmetrix VMAX storage array connected to a Cisco UCS server using VMware ESX 4.0 running Microsoft Windows Server 2008 64-bit.

This solution is ideal for very large, demanding installations or environments that already have VMAX and Cisco UCS.

Introduction

Digital video streams

Main server and expansion server

EMC storage


EMC storage Description

VNX

VNXe/Celerra

EMC VNX and EMC CLARiiON storage arrays, from the AX4 through the VNX7500, all perform exceptionally well with the Genetec Security Center physical security solution.

The solution also supports unified storage derivatives such as the VNXe, NX, and NS storage arrays. Unified storage topologies include FC, iSCSI, NFS, and CIFS. NFS and CIFS accommodate smaller customers and those with specific use cases. FC attaches directly to the VNX or CLARiiON, bypassing the data mover.

Isilon Isilon storage arrays provide exceptional NAS performance. Omnicast version 4.8 or greater and Security Center 5.1 and greater are compatible with the Isilon storage arrays.

Iomega The Iomega PX12, IX12, and PX4d storage arrays are ideal for smaller customers.

For data resilience, use RAID 6 if possible.


8

Physical architecture

Figure 1 shows the overall physical architecture of the core solution.

Figure 1. Solution architecture

Architecture diagram


Genetec architecture

Security Center’s architecture uses a client/server model in which a pool of server computers distributed over an IP network handles all system functions. The number of servers can range from a single machine for a small system to hundreds of machines for a large-scale system.

Genetec Server is the Windows service you must install on every computer that you want included in the pool of servers available for Security Center to use. Every server is a generic computing resource capable of taking on any role (set of functions) you assign to it.

A role is a software module that performs a specific function (or job) within Security Center. For example, you can assign roles for archiving video, for controlling a group of units, or for synchronizing Security Center users with your corporate directory service.

You can position Genetec solutions for both small and large customers. As illustrated in Table 2, acceptable storage solutions may be large or small, as long as the file server meets the requirements of EMC and Genetec. The solution also works very well with VMware ESX/ESXi 4.x.

You can use VMware ESX/ESXi 4.0 (and later) to greatly reduce the server farm footprint while increasing the bandwidth each physical server can produce. Genetec Omnicast and Security Center are ideally suited for VMware.

Table 2. Deployment guidelines

Validated component Compatibility

Storage VMAX, VNX, CX4, CX3, AX4, VNXe, Isilon, NS, NX, Iomega PX line and IX12

Platform Blade and rack-mount servers

Operating system Microsoft Windows Server 2008 (64-bit used in lab)

VMware Compatible (with excellent performance )

Genetec servers

Genetec deployment size


10

Table 3 describes the main roles provided by the Genetec Security Center for video surveillance.

Table 3. Genetec main roles

Service Description

Media Router • Handles all stream (audio or video) requests on the system

• Calculates the optimal path between the source and destination based on location and transmission capabilities

Directory • The Directory role is what defines a Security Center system.

• The main server module provides a centralized configuration database for all entities in the system including cameras, users, other Security Center roles, and applications on the system.

• The Directory role is responsible for authentication and access control using the built-in security model or through Microsoft Active Directory.

• The Directory also offers the option to log all system events and user actions in a relational database for reporting purposes.

• Starting with Security Center 5.1, multiple Directories can run concurrently to provide high availability and load-balance client connections.

• SQL mirroring is also available for Directory DB failover.

Health monitoring

• Set of tools to monitor the health of Security Center

• Provides real-time status of the system entities

• Health statistics providing valuable information like availability, uptime, mean time between failures, mean time to recovery for cameras, door controllers, and intrusion panels

• Detects health issues early enough to avoid potential problems in the future

Archiver • Manages the communication with IP cameras and an encoder. The Archiver is the only Security Center component that communicates directly with the IP cameras.

• Has a plug-in architecture to introduce support for new camera manufacturers without requiring a complete software upgrade.

• Records up to 300 cameras or 300 Mb/s of throughput

• Responsible for maintaining the database that links a specific camera at a specific time to a video file stored on disk

• Performs motion detection algorithms on recorded video streams

Main roles


EMC RSA secured domain

The Genetec Security Center solution installed with EMC’s RSA-secured domain increases Windows and Security Center security. RSA® authentication using constantly changing RSA tokens increases the user’s Security Center experience by providing a single logon structure for accessing multiple Security Center applications.

For more information refer to the EMC white paper entitled EMC Physical Security—Enabled By RSA SecurID Two-Factor Authentication with Genetec Omnicast Client Applications.

In general, the login process consists of the following steps:

1. The login request using RSA authentication (token) sends the request through the EMC RSA SecurID® appliance.

2. If the user credentials are correct, the EMC RSA SecurID appliance proxies the login to the Active Directory and the Active Directory authenticates the login into the requested Windows Domain.

3. Login to the Windows Domain is complete.

4. User accesses the requested application.

5. User credentials verify if this user has access rights for the requested application. The user may be required to press Enter before continuing into the application (this is application-specific).

Figure 2 shows the login process.

Figure 2. RSA login process

Overview

RSA logon


12

Validated environment profile

Table 5 describes the environment that EMC validated for this solution.

Table 4. Validated provide

Profile characteristic Value

Omnicast application software Omnicast 4.4 – Windows Server 2003 SP2/R2 on local server disk or boot from CLARiiON

Omnicast 4.4 through 4.6 – Windows Server 2008 x32 and x64

Omnicast 4.7 and above – Windows Server 2008 X64

Omnicast 4.8 (Security Center 5.1) required for EMC Isilon storage arrays

Storage topology SAN, DAS, iSCSI

• iSCSI – HBA

• iSCSI – Microsoft initiators with Windows Server 2008 and later only

NAS

• SMB2 to the Isilon X200 or 108NL storage arrays

Total bandwidth per Archiver server

37.5 MB/s (300 Mb/s)

Table 5 lists the hardware used in this solution.

Table 5. Solution hardware

Hardware Quantity Configuration

Any 1U, 2U, or blade server on Genetec and EMC’s supported hardware listing

1 Per Security Center server

Any VNX, VNXe, AXA, AX4-5/5i, CX3-XX, CX4-XXX, Isilon X200, and 108NL, NX, NS

Based on solution requirements

See the Genetec Omnicast Bandwidth Technical Note for additional information. If you do not have access to this document, see your EMC representative.

Profile characteristics

Hardware resources


Table 6 lists the software used in this solution.

Table 6. Solution software

Software Version Configuration

Windows Server 2003 SP2/R2 Operating system for Omnicast servers and workstation(s), used for AX and CX3 testing

Windows Server 2008 64-bit Operating system for Security Center servers and workstation(s)

Genetec Omnicast Server

4.4 – 4.8 4.4 – 4.6 Windows Server 2003 R2; Windows Server 2008

4.7 – 4.8 Windows 2008 x32 and x64

Local disk drive installation for all non-boot from SAN configurations

Genetec Security Center 5.0 – 5.1 Windows 2008 x64

EMC PowerPath Latest GA version Installed on Omnicast servers

EMC Naviagent Latest GA version Installed on Omnicast servers

Security Center, Security Desk, and Configuration Tool

Minimum of 1; maximum – unlimited

Specified in Genetec Security Center documentation

Software resources


14

Conclusion

The EMC Physical Security solution enabled by EMC storage arrays and Genetec Security Center products represents an ideal solution for surveillance management and IT infrastructure. The solution provides a flexible and highly scalable infrastructure that can meet a broad range of today’s demanding physical security requirements.

As requirements change and become more sophisticated, the EMC Physical Security solution’s flexibility and modular architecture can be enhances to meet customers’ individual needs.

Summary

Documents

EMC STORAGE FOR PHYSICAL SECURITY - uk.emc.com · EMC STORAGE FOR PHYSICAL SECURITY . EMC VNX, ... • Closed hardware platforms ... EMC VNX and EMC CLARiiON storage arrays, from