EMC Proven Infrastructure For Video Surveillance With ... Confidential EMC Proven Infrastructure for Video Surveillance with Genetec Security Center Implementation Guide 5 VMware vSphere®

EMC Confidential Implementation Guide

Abstract

This document describes a proven infrastructure for a large, centralized video surveillance system enabled via Genetec Security Center. The infrastructure involves all data center centric components for this system: servers, application, hypervisor, and storage platforms.

EMC PROVEN INFRASTRUCTURE FOR VIDEO SURVEILLANCE WITH GENETEC SECURITY CENTER Enabled by Genetec Security Center, VMware vSphere, EMC Isilon, and EMC VNX™

EMC Confidential

EMC Proven Infrastructure for Video Surveillance with Genetec Security Center Implementation Guide

2

Copyright © 2014 EMC Corporation. All rights reserved. Published in the USA.

Published March 2014

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC2, EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date regulatory document for your product line, go to the technical documentation and advisories section on the EMC online support website.


Part Number: H12979

EMC Confidential

EMC Proven Infrastructure for Video Surveillance with Genetec Security Center

Implementation Guide

3

Contents

Chapter 1 Introduction .......................................................................... 9

Purpose....................................................................................................... 10

Business value ............................................................................................ 10

Scope .......................................................................................................... 10

Audience ..................................................................................................... 10

Terminology ................................................................................................ 11

Chapter 2 Solution Overview ............................................................... 13

Key components .......................................................................................... 14

Video Management Software ............................................................................... 14

Virtualization Platform ......................................................................................... 15

Networking .......................................................................................................... 17

Video Storage ...................................................................................................... 18

Diagram – Physical View of Infrastructure .................................................... 19

Diagram – Security Center Components ....................................................... 20

Chapter 3 Before You Start .................................................................. 21

Prerequisites ............................................................................................... 22

Data center power and power protection .............................................................. 22

Virtualization infrastructure ................................................................................. 22

Network Infrastructure ......................................................................................... 23

Microsoft Licensing .............................................................................................. 23

Genetec Licensing and Feature Support ............................................................... 23

Desktop and Moble Viewing ................................................................................. 23

Support resources ....................................................................................... 23

EMC ..................................................................................................................... 23

Cisco .................................................................................................................... 23

Genetec ............................................................................................................... 23

VMware ................................................................................................................ 23

Contents EMC Confidential


4

Chapter 4 Implementation Guides....................................................... 25

Virtualization Platform Implementation ....................................................... 26

Platform Requirements & Sizing Considerations .................................................. 26

Virtual Machine Requirements & Configuration Settings...................................... 26

VNX Storage Considerations & Sizing Information ................................................ 29

Cisco UCS Considerations & Sizing Considerations .............................................. 31

Unified Fabric Considerations .............................................................................. 32

Network Implementation ............................................................................. 33

Design considerations ......................................................................................... 33

Video Storage Implementation .................................................................... 33

Isilon Design Considerations ................................................................................ 33

Sizing the Isilon Cluster ....................................................................................... 35

System Configuration Overview ............................................................................ 37

Isilon Impact Policies ........................................................................................... 38

Create Shares ...................................................................................................... 40

Configure Networking ........................................................................................... 41

Configure SmartConnect ...................................................................................... 41

Smartquota Configuration .................................................................................... 43

Isilon Protection Scheme ..................................................................................... 44

Genetec Implementation ............................................................................. 45

Architecture Overview .......................................................................................... 45

Genetec Sizing Information .................................................................................. 48

Implementing Genetec for Isilon .......................................................................... 49

High Availability Implementation ................................................................. 52

System High Availability ....................................................................................... 52

Genetec High Availability ..................................................................................... 53

VMWare High Availability ..................................................................................... 56

Chapter 5 Solution Validation ............................................................. 57

Baseline Hardware Validation ...................................................................... 58

Validations .................................................................................................. 59

Key metrics .......................................................................................................... 59

Test methodology load test .................................................................................. 59

Isilon Test Results with Genetec ........................................................................... 61

VMWare Test results ............................................................................................ 62

Other considerations ........................................................................................... 62

Chapter 6 Reference Documentation ................................................... 63

White papers ............................................................................................... 64

OneFS Technical Overview ................................................................................... 64

Scale Out NAS for Video Surveillance ................................................................... 64

EMC Confidential



5

VMware vSphere® vMotion® Architecture, Performance and Best Practices in VMware vSphere® 5 ............................................................................................ 64

Business Advantage Delivered: The Cisco Unified Computing System .................. 64

Product documentation ............................................................................... 64

Genetec SC5.2 System Specification .................................................................... 64

Genetec Security Center 5.2 Administration Guide ............................................... 64

OneFS 7.1 Administration Guide .......................................................................... 65

UCS Configuration Guide for Local Zoning ............................................................ 65

Cisco UCS Configuration Guide ............................................................................ 65

UCS Manager Quick Start Guide ........................................................................... 66

UCS Best Practices for VMWare ............................................................................ 66

VMware Compatibility Guide ................................................................................ 66

Cisco Nexus 5548 Configuration Guide ................................................................ 66

EMC VNX 5200 Configuration Guide ..................................................................... 66

Appendix A Tools ............................................................................... 67

Power Configuration .................................................................................... 68

Cisco UCS Power Calculator ................................................................................. 68

EMC Power Calculator .......................................................................................... 68

Support Portals ........................................................................................... 68

EMC Powerlink ..................................................................................................... 68

Cisco Partner Support .......................................................................................... 68

Genetec Technical Assistance Portal .................................................................... 68

VMware Partner Central ........................................................................................ 68

End of Section

EMC Confidential

7

Tables and Figures

Table 1. Terminology ....................................................................................... 11

Table 2. Video Management Sofware ............................................................... 15

Table 3. Virtualization Platform ........................................................................ 16

Table 4. Networking ......................................................................................... 18

Table 5. Video Storage ..................................................................................... 18

Figure 1: VMWare Network Layout ..................................................................... 28

Figure 2: Cisco UCS Architecture ....................................................................... 31

Figure 3: System Sizing Inputs .......................................................................... 35

Table 6. Isilon Maximum Bandwidth with Genetec Test Results ....................... 36

Figure 4: Add SMB Share .................................................................................. 40

Figure 5: Sample SmartConnect Configuration .................................................. 42

Figure 6: SmartConnect Settings ....................................................................... 43

Figure 7: Creating a Storage Quota .................................................................... 44

Table 7. Genetec Main Roles ............................................................................ 45

Figure 8: Genetec Security Center Network Diagram .......................................... 47

Figure 9 : Genetec Omnicast Network Diagram................................................... 48

Figure 10: Modifying Genetec Server Service Properties ...................................... 49

Figure 11: Changing Genetec Server Service Account .......................................... 50

Figure 12: Setting the Archiver Path to Isilon Cluster Share ................................. 50

Figure 13: Set Delete Oldest Files Setting ............................................................ 51

Figure 14: Setting Automatic Cleanup ................................................................. 52

Table 8. Genetec Database Server Hight Availability Methods .......................... 54

Figure 15: Genetec Active-Standby Overview Diagram ......................................... 55

Table 9. Validated Hardware ............................................................................ 58

Table 10. Isilon Test Results with Genetec ......................................................... 61

Table 11. ESXi Host Bandwidth Comparison ...................................................... 62

End of Section

EMC Confidential

9

Chapter 1 Introduction

This chapter presents the following topics:

Purpose ..................................................................................................... 10

Business value .......................................................................................... 10

Scope ........................................................................................................ 10

Audience ................................................................................................... 10

Terminology ............................................................................................... 11

Introduction EMC Confidential


10

Purpose The goal of this document is to provide a proven infrastructure for video surveillance systems.

A proven infrastructure can be used with confidence to build a solution that will fit the needs of an enterprise environment that demands significant server, storage, and networking resources required by video surveillance monitoring and archiving. This document provides business partners with this infrastructure by providing a detailed overview of the entire solution, including specific implementation guidelines, a review of the validation process used to verify this solution, and to organize additional resources that can be used to obtain further assistance as needed.

Business value EMC proven infrastructures are validated and modular architectures built with best of breed technologies to create complete solutions that enable business partners to make an informed decision in the application, compute, networking and/or storage layers. Proven Infrastructure solutions reduce planning and configuration burdens. When embarking on a video surveillance project, this document can serve as a guide for achieving faster deployment, expanded choices, greater efficiency and lower risk.

Scope This proven infrastructure guide enables a validated solution for deploying Genetec Security Center in a highly scalable, efficient, highly available, and robust manner, while lowering risks of unknown system performance. The primary use case for this infrastructure solution is in large Gaming, Transportation, Municipal, Energy, Healthcare, or Government surveillance installations. These systems share common attributes: Deployments with more than 250 cameras, a requirement for increased retention on archived video, higher resolutions usually 1080p and above, centralized deployments, and a mission critical role of surveillance during operations.

Audience This document is intended for solutions architects, sales engineers, and other key individuals with an EMC business partner whose task is to evaluate, design and ultimately implement the software and required resources needed to support a large scale centralized video surveillance deployment.

EMC Confidential Introduction



11

Terminology Table 1. Terminology

Term Definition

Video management system (VMS)

This is the central component of a video surveillance system. This software orchestrates the collection and retrieval of video from camera sources.

High Resolution In the video surveillance business, the term high resolution usually refers to camera resolution at 1080p or higher.

Frames per Second or FPS This is the number of video frames captured in a single second. This impacts bandwidth and storage. This will be range typically from 1 to 30.

Active Directory An authentication method used by Microsoft to consolidate user and group management. Active Directory is managed by one or more Domain Controllers.

IP Video IP Video refers to physical cameras that are able to capture video and transmit that video over a TCP/IP network using several different video streaming protocols.

Network Attached Storage or NAS

A method of presenting network storage to computers and servers such as CIFS (SMB), or NFS share.

Subnetwork A division in a network either setup virtually or in a network switch configuration. Can also be referred to as a Virtual LAN or VLAN

GE Refers to a Gigabit Ethernet interface. Can have two primary speeds: 1GE or 10GE.

Hypervisor A term that refers to an operating system that installs directly to server hardware with the sole purpose of creating an environment for installing multiple virtual machines. Commonly referred to as the host operating system.

End of Section

EMC Confidential

13

Chapter 2 Solution Overview


Key components ........................................................................................ 14

Diagram – Physical View of Infrastructure ................................................... 19

Diagram – Security Center Components ...................................................... 20

Solution Overview EMC Confidential


14

Key components

Video management software (VMS) is the central component of a video surveillance architecture. Genetec Security Center includes proven video management software designed to provide the scalability required in large enterprise security systems. It is based on a hierarchical architecture with support for centralized or highly-distributed designs. Genetec Security Center supports Genetec Archivers that serve as the primary agents in the capture, archiving and playback of video surveillance footage.

Genetec Security Center

Security Center is a unified platform that unifies Genetec’s offerings for security and safety systems in one solution. The systems unified are Omnicast IP video surveillance, Synergis IP access control, and AutoVu IP license plate recognition system. For this solution, the Security Center provides a core feature set that includes the following elements:

Alarm management

Zone management

Federation capabilities

Report management

Scheduled task management

User and group management

Active Directory integration

Programmable automated system behavior

Genetec Security Center Components Security Center (see Diagram – Security Center Components) will have at least two Genetec Servers operating in a Directory role. Typically in large environments other roles that require computing resources are expanded to include other servers for redundancy and load balancing. These servers are referred to as Expansion Servers. Security Center is managed with a Config Tool, and each Genetec Server is managed with a web based admin tool. One or more Security Desk applications will interface with the Security Center for performing the above tasks.

In a centralized environment, using the virtualized infrastructure that is being specified in this document, all Genetec servers deployed will have the Directory role and also function in such a required role as a Media Router. This benefits a centralized architecture and the expanded capacities of the virtualized environment. Expansion servers will be added to assume other roles, including the Archiver role of Omnicast.

Omnicast – IP Video Surveillance

Omnicast is the IP video surveillance component of Security Center. Omnicast provides for the management of digital video, audio and metadata across IP

Video Management Software

EMC Confidential Solution Overview



15

networks. For this solution, Omnicast provides the following important features needed to operate a successful video management solution:

View live and playback video from all cameras

View up to 64 video streams side by side on a single workstation

View all cameras on independent timelines or on synchronized timelines

Full PTZ control, using a PC or CCTV keyboard, or on screen using the mouse

Digital zoom on all cameras

Motion detection on all cameras (hardware based and software based motion detection is possible, software based motion detection was not validated as part of this Implementation Guide)

Visual tracking: follow individuals or moving objects across different cameras

Search video by bookmark, motion, or date and time

Export video in proprietary G64 format or public ASF format

Protect video against accidental deletion

Protect video against tampering by using watermarks (deployment of watermarking not validated as part of this Implementation Guide)

Omnicast Components Omnicast requires additional servers, separate from the servers hosting the Directory role for Security Center. Omnicast servers have multiple roles as well including Archiver, Auxiliary Archiver, and Media Router. In this implementation guide, the Archiver and Media router roles are maintained by each Ominicast server in the infrastructure. The Auxiliary Archiver roles that allow for the separate archiving of cameras for special scenarios are not included in this guide.

Table 2. Video Management Software

Component Validated System Components

Video Surveillance Software

Genetec Security Center 5.2 (Server)

Genetec Security Desk 5.2 (Client)

VMware provides an enterprise level hypervisor that allows abstracting of the operating system from the physical server hardware. This is a big advantage in centralized surveillance systems because each Omnicast Archiver is limited to 300Mbps, so one physical server can now support up to (4) Omnicast Archiver instances while providing a smaller footprint at reduced cost. This platform is achieved with VMware vSphere deployed on Cisco Unified Computing System (UCS) using EMC VNX as primary storage.

Virtualization Platform



16

Table 3. Virtualization Platform





17


Virtualization Platform Servers:

Any blade and rack-mount servers with the following parameters is supported in line with the Genetec SC5.2 System Specification:

Quad Core Intel Xeon E5640 2.66 GHz or better

12 GB of RAM or better

80 GB for OS and application (All Genetec Servers)

40 GB for Database (Not applicable to Archiver)

40 GB for Log files (Not applicable to Archiver)

(2) 10GE NIC

Recommended: Cisco 5108 Chassis with Cisco UCS B230 M2: 20 cores and 64GB RAM each. UCS 2204 as fabric extenders to UCS 6248 Fabric Interconnect.

Unified Fabric:

10GE Switches supporting the virtualized servers to support multiple VMS instances per physical server.

1GE switches for management network connectivity to all server and storage infrastructure.

Recommended:

Cisco 6248 for Fabric Interconnect to Servers and Block Storage: 10GE and 8Gbps FC

Cisco 3560s for Management Switches: 1GE

Storage:

VMWare uses block storage for the datastores.

Recommended:

VNX5200, 10K drives, (2) 4port FC module

Operating System:

Any operating system specified by Genetec SC5.2 System Specification (but note that Genetec recommends use of Windows 2008 R2 Server (64 bit) or Windows 2012 R2 Server (64 bit) when running in VMWare environment).

Recommended:

Microsoft Server 2012 (64 bit)

Hypervisor:

VMware vSphere 5 with ESXi 5.1 or later

Networking is always a primary concern with video surveillance systems, specifically the transmission of video to centralized monitoring and archiving locations. The reduction of network bottlenecks to compute resources is achieved with Cisco Unified Fabric using Cisco Nexus switch products. Improved flexibility with existing networking equipment is achieved with a standards based approach and performance improvements are realized with networking equipment optimized for

Networking



18

virtualization. Reduction of network infrastructure requirements with unified fabric design is also an important aspect of this technology.

Table 4. Networking


Networking 10GE switches between Virtualization Platform and existing network infrastructure, incoming camera streams and Security Desk applications

Recommended:

Cisco Nexus 5548UP: 10GE

Simple, scalable, and reduced total costs are important when considering high growth video archives. This is achieved by using EMC Isilon. This is an industry leading Network Attached Storage (NAS) product that uses standard protocols to store and playback massive video libraries from the Genetec Archivers. A non-monolithic architecture allows EMC Isilon to scale in capacity and bandwidth as an innate capability, while also providing unmatched efficiency and protection of the video or related data.

Table 5. Video Storage


Video Storage Video storage used NAS on EMC Isilon.

Recommended:

EMC Isilon X400 (>48GB RAM), NL400 (>24GB RAM) with OneFS version 7.0.x or higher (7.0.1 tested)

Video Storage




19

Diagram – Physical View of Infrastructure



20

Diagram – Security Center Components

End of Section

EMC Confidential

21

Chapter 3 Before You Start


Prerequisites ............................................................................................. 22

Support resources ..................................................................................... 23

Before You Start EMC Confidential


22

Prerequisites This implementation guide assumes that the environment being considered for deployment will have certain prerequisites available. This is not a comprehensive list, as a video surveillance project can be complex. This list does not address issues relating to the infrastructure needed to support IP based video surveillance cameras specifically. This list of perquisites only addresses the implementation of the components in this guide and not all the elements required in a video surveillance implementation.

This document assumes that this implementation will occur in a datacenter or like facility. The correct type, quantity, and connectors must be used to power the equipment used in this solution. The primary components requiring a proper power source are listed below. Each of these products can be ordered with different power configurations, the selection of which is beyond the scope of this document. Related to this same issue is the protection of this equipment in power failure and the capacity of air-conditioning units to keep the equipment at a suitable operating temperature. Neither of these concerns are specifically addressed in this document.

Important to consider is that if any of these are configured with the goal of high availability, then the power, cooling, and weight of the solution will increase significantly.

Cisco UCS Most manufacturers of datacenter equipment will have power calculators available to calculate the power consumption requirements, connector types and recommended UPS load. Reference the Cisco UCS Power Calculator once the size of the project has been determined.

EMC VNX and Isilon EMC also produces an online tool called the EMC Power Calculator that is maintained in the partner portal for EMC. This online tool is updated with the release of EMC products. Power and cooling capacity requirements can be determined using this tool for both VNX and Isilon products.

Most enterprise environments will have an existing virtualization infrastructure. If the environment is already using VMware, then a significant investment has already been made toward the virtualization infrastructure. This implementation guide suggests the use of vSphere ESX hypervisor for installation of Cisco UCS blades. This implementation guide does not provide the guidance for a complete virtualization infrastructure, and assumes that this infrastructure is either not completely required, or will be independent of an existing virtualization infrastructure. Most enterprise environments will want this to be deployed into their existing infrastructure, so a prerequisite is gathering important details about the vCenter management cluster, any vNetwork configuration and the authentication methods being used.

Data center power and power protection

Virtualization infrastructure

EMC Confidential Before You Start



23

Any implementation of this size will already have a network infrastructure in place using one or more routing and switch manufacturers. This infrastructure guide suggests the use of Cisco Nexus switches as the interface between the premise networking equipment and the infrastructure hosting the Genetec software and video recording. This product provides significant capability for third party integration; however, care must be taken into consideration regarding the size and scope of the incoming transmission for video streams, video management, and other traffic. The quantity, type, and interface requirements of the switch ports must also be taken into account when interfacing with the requirements of a complete solution.

This implementation requires Microsoft licensing, specifically, the guest operating system that the Genetec server software components will be installed on. This requires Windows Server to be licensed and installed appropriate for use in a virtualized infrastructure. Selecting the correct distribution of the Windows Server 2008 or 2012 product can depend on the licensing program in which that environment participates, and the number of virtual machines that are required to be installed. The selection of licensing is not included in the scope of this document, but is an important prerequisite.

Genetec software must be licensed properly for this infrastructure to work as presented in this document. Some features of Genetec software, specifically features that may be needed to provide enhancements beyond the scope of this document, also require licensing. The selection of the correct licensing for deployment in an enterprise environment is beyond the scope of this document. It is not only a suggestion, but a requirement, to engage Genetec in the appropriate selection and purchase of the correct licenses for a deployment of this size.

A key aspect of video surveillance is the monitoring, management, and display of live and recorded camera footage. This requires appropriate workstations suitable to the task of viewing multiple streams and performing the necessary decoding operations. This configuration, which is required for an acceptable operation of the Genetec software, is beyond the scope of this document. Additionally, several features of the Genetec software allow for remove viewing via web interfaces and mobile devices. The software and infrastructure required to make this happen was not a consideration of this document. However, these aspects are important to the success of the software and the evaluation of these requirements is a prerequisite to a successful video surveillance implementation.

Support resources All the manufacturers involved in this infrastructure guide have significant resources available for pre and post sales support of the products in this solution. The nature of this support is based upon the partner relationship with each manufacturer. The following lists the manufacturer support options available and partner requirements if needed.

EMC has a unified support portal for all EMC business partners. This support portal is the starting point for all support requests, requirements for further documentation, and access to available tools. Registration is required to access this portal. You can access this portal by referring to the following tool EMC Powerlink.

Network Infrastructure

Microsoft Licensing

Genetec Licensing and Feature Support

Desktop and Mobile Viewing

EMC

Cisco

Genetec VMware

Before You Start EMC Confidential


24

Cisco has a unified support portal for all Cisco business partners. This support portal is unique from customer product support. Cisco partner’s support will provide different levels of access depending on the authorizations achieved, certifications obtained, and other requirements. You can access this portal, or register for a Cisco Partner account by accessing the tool Cisco Partner Support.

Genetec has a support portal for all partners and customers. This can be accessed with the tool Genetec Technical Assistance Portal. This portal provided all support material, documentation, updates, and access to technical support resources for Genetec software.

VMware has a unified support portal that is accessed with this tool VMware Partner Central. This is the support portal to manage licenses, obtain documentation, version upgrades and initiate support requests.

End of Section

EMC Confidential

25

Chapter 4 Implementation Guides


Virtualization Platform Implementation ...................................................... 26

Network Implementation ............................................................................ 33

Video Storage Implementation ................................................................... 33

Genetec Implementation ............................................................................ 45

High Availability Implementation ................................................................ 52

Implementation Guides EMC Confidential


26

Virtualization Platform Implementation

The virtualization platform includes the entities involved with providing server instances for hosting the Genetec Security Center components in this implementation guide. This platform consists of a hypervisor (VMWare ESXi 5.x), server platform (Cisco UCS and unified fabric), and disk pool for the servers (EMC VNX).

This implementation guide outlines a baseline or minimum set of requirements for each component based on validated hardware and software configurations.

The primary deciding factor for the sizing of the virtualization platform is the number of virtual machines required. Each Virtual Machine has a minimum and recommended installation parameters, so these remain fairly static in order to allow a reliable sizing effort. Similarly, each ESXi host can support a set amount of virtual machines, allowing an engineer to derive a set number of ESXi hosts. The total number of virtual machines required at each data center will be the number of Genetec Directory servers and Genetec Omnicast Archiver servers. Sizing of these items are outlined in the Genetec Sizing Information section.

1. Determine total number of virtual machines via Genetec Sizing.

2. Derive total number of ESXi hosts for each datacenter based on the number of virtual machines.

3. Derive the UCS parts based on the number of ESXi hosts per datacenter site.

Each virtual machine has a static setting specified in the following section for the Virtual Machine Requirements & Configuration Settings. In order to identify the configuration for the UCS and unified fabric, each blade server (ESXi host) and chassis can support a set number of virtual machines (4 VMs per blade and 4x8=32 VMs per chassis), such that the UCS components can be sized accordingly.

VMware minimum system requirements to host a Genetec Archiver Servers and/or Directory Server are listed below for reference during configuration of the system:

VMware ESXi 5.1 Update 1 or later (ESXi 5.2 tested)

Windows 2012 (64 Bit) or Windows 2008 R2 (64 bit)

4vCPUs

12 GB of RAM

80 GB for OS and application (All Genetec Servers)

40 GB for Database (Not applicable to Archiver)

40 GB for Log files (Not applicable to Archiver)

(2) 10GE NIC (VMXNET3)

Each Genetec host should have network interfaces that allow routing to a minimum of the clients and cameras subnetwork as well as the storage subnetwork. As described

Platform Requirements & Sizing Considerations

Virtual Machine Requirements & Configuration Settings

EMC Confidential Implementation Guides



27

in the VMWare networking aspect, these subnetworks are best separated to compartmentalize ingest and client traffic (front end traffic) from storage traffic (backend traffic). The ESXi hosts should also be mapped to a management and VMotion subnetwork as well, in line with VMware vSphere® vMotion® Architecture, Performance and Best Practices in VMware vSphere® 5.

The Genetec system will integrate with Microsoft Active Directory. This is outlined in Genetec Security Center 5.2 Administration Guide. It is important to make sure each ESXi host has network connectivity to all Microsoft Directory servers in the site that the ESXi host is in. This is also specified in the Figure 10: Genetec Security Center Network Diagram. It is assumed for this infrastructure that the Client and Camera network and the Storage network provide routing to the Active Directory servers for AAA functionality as well as DNS functionality. This is also needed if EMC SmartConnect is used such that failover is supported between Genetec Archivers and EMC Isilon using SMB reconnect.

An overview of the network configuration within VMWare for the distributed vSwitch to enable the overall solution is depicted below. For every Security Center virtual machine, mapping the Client and Camera subnetwork and the Storage subnetwork is required. Additional subnetworks for vMotion and management should be setup in the vSphere distributed vSwitch implementation for the ESXi hosts. Depending on where the Microsoft Active Directory servers are in the network, this traffic would use one of the interfaces.



28

Figure 1: VMWare Network Layout




29

The VNX platform suggested for use in the virtualization platform is the VNX 5200. The VNX 5200 consists of a head unit (disk processor unit - DPU) that can support multiple drive enclosures (25x2.5” drives or 15x3.5”drives) and a total of 125 drives per array

The VNX 5200 baseline system shall meet the following minimum recommendation, but may be expanded as necessary:

Vault drives

10K RPM drives (600GB/900GB/1.2TB)

(2) FC 8Gbps per controller for total of (4) FC 8 Gbps per VNX DPU.

4+1 RAID5 RAID groups targeting 1.9TB LUNs for datastores. Traditional RAID Groups in the VNX5200 are Active/Active, meaning that the all storage paths are optimized no mater which Storage Processor (SP) is the owning SP.

o Using Storage Pools, the use of 20+drives is possible with use of “thick LUNS” to accommodate the 1.9TB LUNs per datastore to support 6 Virtual Machines running the Genetec services. This would occur if VNX5200 + DAE were used to accommodate the system.

VMWare vSphere’s native multi-pathing only leverages one path at a time per datastore. PowerPath/VE should be installed to better balance the available paths for better overall performance for any Fiber Channel implementation or multiple hardware iSCSI initiator implementations.

Using Storage Pools can address many of the limitations of traditional RGs - as long as you pay attention to the details. A basic Storage Pool can be made up of many more or less drives than a traditional RG. Instead of being limited to 16 drives in an RG, you could potentially have hundreds of drives in a single pool. These drives are divided up and configured as RGs "under the covers" by FLARE in order to protect to your data, but you don't see the RG structures as you work with the pool.

Sizing should be based on the number of Genetec servers to be supported by the virtualization platform. For every (5) 10K disks in the VNX 5200, 6 Genetec servers can be supported with high levels of confidence. The number of Genetec servers is determined via the Genetec sizing information.

Creating RAID Groups in EMC VNX GUI is illustrated below for each of the datastores. First, create the RAID Group Figure 3: Create Storage Pool (RAID Group) Configuration for VNX. The recommended RAID5 configuration will be presented. Give the RAID Group a name and proceed to creating the LUN Figure 1: VMWare Network Layout. For datastores we generally create 1 LUN per RAID Group unless using high capacity disks. Select Max for the user capacity and name the LUN. If using high capacity disks, then you may choose to make a number of LUNs for equal size.

VNX Storage Considerations & Sizing Information



30

Figure 2: Create LUN Configuration for VNX

Figure 3: Create Storage Pool (RAID Group) Configuration for VNX




31

The UCS system setup is inline with Cisco UCS architecture that includes the UCS compute system and unified fabric which provides substantial advantages for virtualized environments Business Advantage Delivered: The Cisco Unified Computing System.

Figure 4: Cisco UCS Architecture

UCS 5108 provides a blade chassis for implementing UCS B-series blade servers for hosting the Genetec server instances.

Cisco UCS Considerations & Sizing Considerations



32

UCS 6248 acts as a fabric interconnect or “top of rack” switch for the 5108 with 2204/2208 fabric extenders embedded in the compute elements. This allows a single point of management, UCS manager, for the entire compute platform and interconnectivity up to the UCS 6248 interconnects and Nexus 5548 switches.

The ESXi host or blade server should meet the following minimum requirements. In the case of UCS, this is the B-series server used in the UCS 5108 chassis. The following is the minimal configuration for the UCS B-series configurations:

20-core ESXi host at 2.2 GHz or later

64 GB memory per ESXi host

2x100 GB SSD

Quad Core Intel Xeon E5640 2.66 GHz or better

The validated configuration used the following configuration for Cisco UCS for the ESXi hosts:

Cisco UCS 5108 Chassis

Cisco UCS B230M2:

20 cores

128 GB memory

2x100GB SSDs

Other B-series servers could be considered for this configuration such as the lower end B200 M3 servers. Use of the B200 M3 servers meet the minimum requirements and could be positioned, but were not validated as part of this effort.

If the planned server infrastructure does not follow this guide, reference the list of compatible hardware in the VMware Compatibility Guide.

The unified fabric in UCS is designed using the 2204/2208 fabric extender modules on the midplane of the UCS 5108 that connect directly to the top of rack switch with UCS manager capability, the Cisco 6248/6296 UP.

The port density recommendations are as follows:

(2) 2204s Fabric Extenders for every (4) BSeries servers

(2) 2208 Fabric Extenders for every (8) Bseries servers

The unified fabric carries all FC and Ethernet traffic from the UCS compute to the UCS 6248/96 for further break out to a Nexus 55xx, to allow for further integration to the rest of the network. This traffic will consist of the following:

FC traffic for virtual machine HDDs hosted on VNX 5200

Unified Fabric Considerations




33

10 GE traffic for Camera video streams and associated control traffic

10 GE traffic for SMB to/from Isilon

10GE traffic for client (Genetec Security Desk).

The use of the UCS 6248/6296 to connect directly to the EMC VNX 5200 is supported via the use of Local Zoning in UCS manager configuration as outlined in UCS Configuration Guide for Local Zoning. The alternative to this mechanism of connecting the VNX 5200 directly to the UCS 6248/6296 is using external, supported Fiber Channel switches to connect the VNX to via Fiber Channel.

Network Implementation

The network elements for the Proven Infrastructure include the networking elements part of the Unified Fabric in the UCS system up to the UCS 6248/6296 switches. These switches act as part of the Unified Fabric, including running the UCS manager suite.

The port counts in the UCS 62xx or Nexus 55xx for this infrastructure is outlined as in the table below. Port configurations are not covered.

Component Ports and Port Type Description

EMC VNX 5200 4 FC 8Gbps Storage area networking ports to Cisco UCS 62xx or Cisco Nexus 55xx

EMC VNX 5200 2 GigE Management ports connecting to UCS 62xx fabric interconnect or Nexus 55xx.

EMC Isilon Node 2 GigE per node

GigE for video storage connecting to UCS 62xx fabric interconnect or Nexus 55xx. GigE for Exports and management interface to InsightIQ. These ports also connect to UCS 62xx or Nexus 55xx.

VMWare ESXi Hosts 2 10GigE per host (UCS BSeries)

Each ESXi host channels traffic through the UCS 2204/2208 to the UCS 62xx fabric interconnect. This consists of all FC and Ethernet traffic. Max of 16 ports for UCS 5108 hosting 32 Genetec servers.

Video Storage Implementation

Isilon designed and developed its clustered storage systems specifically to address the needs of storing, managing, and accessing digital content and other unstructured data. An Isilon clustered storage system is composed of three or more nodes. Each

Design considerations

Isilon Design Considerations



34

node is a self-contained, rack-mountable device that contains industry standard hardware, including disk drives, CPU, memory chips, and network interfaces, and is integrated with the proprietary OneFS operating system, which unifies a cluster of nodes into a single shared resource.

The Isilon OneFS® file system is a distributed networked file system designed by EMC Isilon Systems for use in its Isilon storage appliances.

Isilon nodes come in numerous models and configurations using 7.5K RPM, 15K RPM, or SSD drives. Isilon’s OneFS filesystem operates as a clustered entity and scales for bandwidth and capacity linearly as the system grows. Video surveillance proves only slightly challenging for even the lowest end nodes in the Isilon portfolio. The primary target node types for Genetec implementations are the X200, X400, and NL400 models. Due to the use of Isilon on larger video surveillance systems, the higher capacity nodes are generally used: NL400s and X400s both capable of 144TB raw capacity. The use of SSDs is unnecessary and the 7.2K RPM drives are validated for use with Genetec and all other Video Surveillance applications.

It is important to note, one should work with EMC partners for the sizing of the Isilon cluster. OneFS does not use RAID and the static associated overhead in any way, and relies on data protection using block coding mechanisms to provide N+M:B protection. This results in the ability to support N+2:1 to N+4 protection of video. N+2:1 means 2 disks and/or 1 node can fail simultaneously in the cluster, while N+4 means 4 nodes and/or disks can fail simultaneously without loss of video data. The use of block coding allows significant capacity efficiency gains with more protection over RAID. The equivalent comparison of technologies in wireless technology has resulted in use of block coding in all transmission schemes to allow for lossy channels without loss of data at minimal overhead (where block coding principals originated).

Reference OneFS Technical Overview and the High Availability Implementation section for more details.

The Isilon node type to select is typically based on the required bandwidth for each Genetec Omnicast Archiver as well as the ratio of servers to Isilon nodes. When the system requires higher than 1:1 ratios, it is recommended to use the X400 node types for the cluster. For a system with 20 Archivers and 15 Isilon nodes, the load distribution would be 5 nodes with 1:1 ratio and 5 nodes with 2:1 ratio. In this system, using the X400 node type is recommended, but it is important to make sure the per-server bandwidth does not exceed the amount listed in tables below. If this bandwidth is exceeded, additional servers should be added to the system to reduce the per server bandwidth. Reference the Sizing the Isilon Cluster section.

One consideration for the Isilon nodes has to do with what network interfaces to use (GE or 10GE) and what OneFS licenses to use with the system. All testing and validation with Genetec was with GE, so use of GE for the Isilon per node connectivity is acceptable. 10GE may result in higher bandwidths, but this is not yet validated.

The use of SmartConnect is required to allow for SMB failover using the SmartConnect DNS load balancing mechanisms.

SmartQuota is also required in order to accommodate presentation of a portion of Isilon cluster capacity to Genetec Omnicast Archivers.




35

The information required to size the Isilon components is similar to the rest of the system. The variables/cells in green in Figure 5: System Sizing Inputs are what is needed to size the EMC Isilon nodes in this solution. The sizing for Isilon is accomplished based on aggregate capacity and aggregate and per server bandwidth. This capacity can be calculated by the following formula:

AVERAGE BIT RATE x NUMBER OF CAMERAS x RETENTION TIME x PERCENTAGE RECORDING.

The AVERAGE BIT RATE number is the most dubious piece of this calculation because using H.264/H.265 codecs the bit rates are variable and peak at the time of more scene complexity. For the same camera type and configuration covering a busy train station versus a stairwell, the average bandwidths will be dramatically different (up to 30% variability). The best case is where a customer already knows the average bit rates across many cameras. Next, one can use the camera vendor’s average bit rate numbers per camera for each field of view for the resolution, frame rate, and quality/compression ratio.

Figure 5: System Sizing Inputs

Tests in EMC Labs were performed using simulated “busy scene” cameras at 1080p@15fps averaging 88 such cameras per archiver or less. If the planned deployment requires many more cameras per Archiver (like 200 low-resolution cameras), the numbers in the following table can be used with confidence for up to 2,000 cameras.

Sizing the Isilon Cluster



36

EMC Labs performed all tests with node/drive failures in place in the cluster (i.e. with Flexprotect running) to ensure all sizing parameters take these OneFS jobs into account (i.e. Disk or node fail).

Table 6. Isilon Maximum Bandwidth with Genetec Test Results

EMC Labs used GE interfaces with no more than two SMB connections per GE interface. A 10GE interface can accommodate all four connections in a configuration.

The tests performed with Genetec uncovered that per-Archiver/Server bandwidth was reduced as the Archivers per Node ratio increased, reference Table 6: “Isilon Maximum Bandwidth with Genetec Test Results.” This means that while 37.5 MBps applies for 1:1 Archiver to Isilon Node ratio, the 2:1 Archiver to Isilon Node tests showed degradation. This degradation is less when using Isilon X400s than Isilon NL400s. This is logical because the NL400s use less robust motherboards compared to the X400s.

When sizing the Isilon cluster, there are 2 factors: capacity and bandwidth. Empirical evidence shows that for systems with retention time > 30 days, capacity results are the deciding factor for sizing.

For the bandwidth sizing, one should target the ability for the bandwidth to be supported even during a node failure to ensure a highly robust system with high

Node Type Archivers Per node & Version OneFS

Cluster total bandwidth (MB/s)

BW per node (MB/s)

BW per host (MB/s)

Cluster size

Nodes written

Disk size type RPM

NL400 1 OneFS 7.0.x 150 37.5 37.5 5 4 1 TB

SATA

7,200 rpm

NL400 2 OneFS 7.0.x 160 40 20 5 4 1 TB

SATA

7,200 rpm

NL400 4 OneFS 7.0.x 160 40 10 5 4 1 TB

SATA

7,200 rpm

X400 1 OneFS 7.0.x 150 37.5 37.5 5 4 1 TB SATA

7,200 rpm

X400 2 OneFS 7.0.x 240 60 30 5 4 1 TB

SATA

7,200 rpm

X400 4 OneFS 7.0.x 240 60 20 5 4 1 TB

SATA

7,200 rpm




37

availability with the local storage subsystem. This will ensure no loss of video ingest and playback in the event of any node failures or downtime.

For capacity sizing, the Isilon cluster should be sized to accommodate the usable capacity plus 15% for clusters less than 10 nodes and 10% otherwise. This ensures the cluster is not running above 90% utilization. The cluster should be able to handle the usable capacity + 10% even when and if a node fails.

In the event that the system requires higher than 1:1 server to node ratios, use of the X400s is ideal due to better bandwidth handling. For any systems that require large read bandwidth (beyond the 20% reads validated) due to post processing analytics or other workloads (evidence/case management systems), use of the X400s is ideal. Targeting a system that results in 1:1 ratios is ideal, which may require use of smaller disks per node (i.e. 3 TB versus 4TB). In the event the per-server bandwidth is higher than the listed maximum that was last validated, one could add Genetec Archivers to reduce the per server bandwidth to accommodate this.

Example Sizing: 1000 cameras at 2Mbps for 30 days of continuous recording. Estimated 100 cameras per Genetec Archiver (10 archivers total). Estimated aggregate bit rate of ~200 Mbps per Archiver. Estimated aggregate capacity of ~618TB usable.

About 30 Genetec Security Desk clients are anticipated with an average of 4 streams per client. This amounts to a maximum ~12% Read ratio, well below the 20% validated against in EMC Labs.

No need exists for additional capacity for evidence store (i.e., exports).

Using the X400_144TB nodes, the sizing for this results in only requiring 6 nodes to accommodate this aggregate bandwidth, but 8 nodes to handle the capacity using N+2:1 protection scheme. This node count of 8 results in the ability to handle a node failure with no data loss, but also the resulting load distribution on the cluster would be supported with maximum bandwidth, as would the capacity even during a node failure scenario.

The alternative of using the NL400_144TB nodes is significantly different. In order to accommodate the aggregate bandwidth and capacity with 8 nodes is possible, but the per server bandwidth is too high. This occurs because, with Genetec, the Archivers can only scale to 20MBps per NL400 when the Archiver:Node ratio is 2:1 (reference test results table). Hence, one would either have to increase the number of Archivers to 13 or use more nodes, such as a 10 node cluster of NL400_108TB (using 3TB vs. 4TB disks).

Technically either option will work. In this case, the X400 option is much more efficient for the customer. This is not always the case as capacity can be an overwhelming driving factor, as when retention time is 90 days instead. In this case, NL400_144TB are well positioned.

The Isilon system configuration for Genetec video storage involves some basic items listed below:

System Configuration Overview



38

Network Configuration: Setup of the subnets and NIC grouping for use in automatic load balancing (SmartConnect) SMB connections from Genetec Omnicast Archivers and also for use for the Exports and management interfaces.

SMB Share Configuration: Create SMB shares for each archiver.

SmartConnect Configuration: Configure DNS servers with appropriate entries for Isilon as a Delegate for the FQDN used on Isilon (i.e. videorepository.acme.org). Setup pool for Archivers to interface with and pool for clients/management.

SmartQuota Configuration: For each archiver, the share should be set to a hard threshold, versus presenting the entire cluster size. Configure each share with an appropriate hard threshold.

Protection Configuration: N+2:1 protection is standard, default, but for larger clusters, or certain shares can be set to N+2 and stay within the performance envelope aligned with testing.

SmartLock Configuration: Only used for directories or shares used for exports not to be modified. Typically for evidence protection. Files in SmartLock directories cannot be modified according to policies set forth in Isilon GUI.

Authentication Configuration: The Genetec and Isilon systems should use the same authentication sources. Microsoft Active Directory is the supported mechanism for this Proven Infrastructure. The Genetec user in the Archiver setup should be in the directory and this directory should be mapped in Isilon.

Isilon acts as the primary tier of storage for every Genetec Archiver as well as the target for exports for every Genetec Security Desk client (if desired). The use of Isilon for the exports is not an element that affects the overall system significantly, except to ensure that sizing for the capacity of these exports is taken into account.

Impact Policy and Priority configuration

The Impact Policy defines the number of parallel tasks or workers allowed to run at one time within OneFS. For best I/O performance, you should configure all background jobs with the Impact Policy set to Low. Do not change the priority of any job from the default setting unless it is specified below. This configuration setting is in located at: Operations > Jobs and Impact Policies.

OneFS 7.0 or greater (recommended) In all cases, the EMC physical security lab recommends using OneFS 7.0 or later to maximize bandwidth and minimize video review response times. In most cases, you may use the default Impact Policy with S400, X400, NL400, and greater. For less powerful nodes, such as the X200 and earlier running OneFS 7.0 or greater, modify all jobs to use an Impact Policy of Low.

Isilon Impact Policies




39

Priority configuration Even if the Impact Policy is modified, for example by modifying all the jobs to Low, the priority of the jobs should remain at their default settings.

I/O Optimization configuration Set the default I/O Optimization setting to Streaming by choosing File System Management> SmartPools > Settings > Default File Pool Policy Settings.

Note: A SmartPool license is NOT required for this setting to be active.



40

It is recommended that you use a single share per Genetec Omnicast Archiver. A single share can be created for the Archiver and multiple directories in this shared directory can be mounted if desired. If one were to use many smaller volumes (like 8TB), this would result in many directories for ArchiverX but only one share, thus reducing work effort. The simplest and validated approach is to use larger volume sized per Archiver so only 1 share per Archiver is required. Reference the SmartQuota section for more details.

In Isilon OneFS GUI, an SMB Share is added with some basic configuration options.

1. Choose Protocols tab.

2. Under Windows Sharing (SMB) choose SMB Shares tab.

3. To add a share, use +Add a share option.

a. Specify the share name. See below for ensuring unique Share names for each Archiver.

b. There is no need to change any default configuration items.

c. Under User/Group Accounts, specify the Account that is in the Active Directory database that will be used by the Genetec Archivers. Ensure Full Control is granted to user. This user should be in the proper Active Directory Domain.

Figure 6: Add SMB Share

Create Shares




41

Uniqueness defined (share names):

Isilon is a single file system and each Archiver uses time and date as part of its directory and files naming conventions.

To avoid possible corruption caused by overwriting, or grooming (deleting) files prematurely, it is required that a unique share be created for each Archiver. The share should be in the form:

\\video_repository\archivern Where ‘n’ depicts the sequential number for a unique archiver.

Genetec has the ability to specify a different folder name in Config Tool, but the default is VideoArchive.

A pool for the video repository should be used and another pool for access from the clients for Exports. These pools will use separate interfaces (EXT1 or EXT2) across the nodes in the cluster for each pool. This makes sense also since the Genetec Security Desks will be on separate network than the recording traffic.

The use of pools allows different interfaces associated with each pool and associated FQDN while also allowing a different SmartConnect method to be used.

Each pool will have SmartConnect configured as detailed below in the section Configure SmartConnect.

SmartConnect provides load balancing of connections to the Isilon cluster as well as failover handling of connections. With Genetec, it allows the use of a single UNC path for the Archivers, versus requiring manual mapping of each node’s IP Address in the Archiver configuration.

SmartConnect uses DNS load balancing for the SMB connections from the Archivers. Additionally, using SmartConnect Advanced allows for failover, which is important for reducing the effect of a node failure on video playback. You can also configure static IP addresses per node and per interface.

To configure SmartConnect, from Cluster Management:

1. Choose the Networking Configuration tab.

2. Under Subnet Settings, define the SmartConnect IP address (SSIP). This is used as the IP address configured in a DNS server as the Authorative name server for the Isilon Cluster DNS name (videoarchive.acme.com for instance).

3. Under Pool settings:

a. Define the SmartConnect zone name, which is the name to which Genetec Archivers will connect.

b. Identify the subnet that will use SmartConnect. This is the subnet that has the SSIP configured on the DNS server.

4. Define the connection balancing policy. For Genetec, one mechanism is throughput, but this requires that each Archiver is activated, configured, and recording video once it connects to Isilon. If this is not the case, use

Configure Networking

Configure SmartConnect



42

Connection Count, but one must ensure no additional systems connect to the pool you are using (and, thus skew the connections per node).

a. Set the IP Allocation strategy to Static (SMB is not supported with Dynamic Failover as of OneFS 7.1.x).

Figure 7: Sample SmartConnect Configuration




43

Figure 8: SmartConnect Settings

Genetec provides best practices based on in-house testing as well as customer experiences. For video storage with Security Center 5.2, the best practice is to limit volumes to 8TB. EMC Isilon is able to handle these large volumes because it uses a clustered file system that does not perform defragmentation. This file system called OneFS is not a RAID-based or block-based storage system. OneFS operates as a single file system up to 20PB without any bandwidth or scale issues.

Based on lab tests and customer experiences, Genetec realizes that an Isilon cluster performs extremely well with video storage shares much greater than 8TB. Genetec supports these larger shares with EMC Isilon. The suggested practice is to specify the share size equal to the total capacity desired for each archiver (100TB for instance). Using SmartQuota, this is possible. SmartQuota logically segments Isilon’s single file system so each Archiver has a logical subset “view” of storage. This is also referred to as “thin provisioning”.

To configure SmartQuotas, from File System Management choose the SmartQuotas tab and perform the following steps:

1. Set the hard threshold to the Archiver video file share limit.

1. Define OneFS to show the available space as the size of the hard threshold.

SmartQuota Configuration



44

2. Set the usage calculation method to show the user data only.

Figure 9: Creating a Storage Quota

Isilon OneFS does not rely on hardware-based RAID for data protection. The Isilon system uses the Reed Solomon algorithm for N+M protection.

In the N+M data protection model, N represents the number of nodes, and M represents the number of simultaneous node or drive failures, or a combination of node and drive failure that the cluster can withstand without incurring data loss. N must be larger than M. OneFS supports N+1, N+2:1, N+2, N+3:1, N+3, and N+4 data protection schemes, and up to 8x mirroring.

The default validated and set in the Isilon cluster uses N+2:1.

Protection is applied at the file-level, enabling the cluster to recover data quickly and efficiently. Nodes, directories, and other metadata are protected at the same or higher level as the data blocks they reference. Since all data, metadata, and forward error correction (FEC) blocks are striped across multiple nodes, there is no requirement for dedicated parity drives.

Isilon Protection Scheme

http://www.isilon.com/onefs-operating-system




45

If recovery time duration is a concern, you can increase the protection level to +3:1 or greater. Work with the Isilon team to determine the best protection level for your installation. Additionally, if some video cameras or archivers cover highly sensitive areas, these directories can be setup with different protection schemes than the cluster default.

The following best practices are based on a five-node minimum cluster size.

Use N+2:1 protection level for 1 to 10 nodes. Use N+2 for node counts from 11 through 20, and N+3 for node counts 21 and greater. This is a general rule of thumb to achieve high levels of Mean Time to Data Loss (MTTDL), but be sure to work with EMC partners on the best choice for your specific implementation.

Genetec Implementation

Genetec Security Center’s architecture uses a client/server model in which a pool of servers distributed over an IP network handles all system functions. The number of servers can range from a single machine for a small system to hundreds of machines for a large-scale system. For this infrastructure guide, any server can be used with identical or better specifications compared to what is specified in the Genetec SC5.2 System Specification.

The Genetec server can be deployed as shown in the Diagram – Physical View of Infrastructure where each Windows server is hosted in a Virtualization platform as is described in this infrastructure guide.

You must install the Genetec Security Center software, a Windows service, on every virtual server to be included in the pool of servers available for Security Center to use. Every virtual server is a generic computing resource capable of taking on any role (set of functions) you assign to it: Directory or Archiver.

A role is a software module that performs a specific function (or job) within Security Center. For example, you can assign roles for archiving video, controlling a group of units, or synchronizing Security Center users with your corporate directory service.

Genetec Main Roles listed in Table 7 below describes the main roles provided by Genetec Security Center for video surveillance.

Table 7. Genetec Main Roles

Service Description

Media Router Handles all stream (audio or video) requests on the system.

Calculates the optimal path between the source and destination, based on location and transmission capabilities.

Architecture Overview



46

Service Description

Directory Defines a Security Center system.

Includes a main server module that provides a centralized configuration database for all entities in the system including cameras, users, other Security Center roles, and applications on the system.

Responsible for authentication and access control using the built-in security model or through Microsoft Active Directory.

Offers the option to log all system events and user actions in a relational database for reporting purposes.

Starting with Security Center 5.1, multiple Directories can run concurrently to provide high availability and load balancing to client connections.

SQL mirroring is also available for Directory database failover.

Health monitoring

Monitors Security Center and provides real-time status of the system entities.

Includes health statistics that provide valuable information like availability, uptime, mean time between failures, and mean time to recovery for cameras, door controllers, and intrusion panels.

Detects health issues early enough to avoid potential problems in the future.

Archiver Manages the communication with IP cameras and an encoder. The Archiver is the only Security Center component that communicates directly with the IP cameras.

Has a plug-in architecture to introduce support for new camera manufacturers without requiring a complete software upgrade.

Records up to 300 cameras or a maximum bandwidth of 300 Mb/s (37.5 MB/s). This maximum bandwidth assumes no watermarking nor motion based recording. Reference sizing below for more information.

Responsible for maintaining the database that links a specific camera at a specific time to a video file stored on disk.

Performs motion detection algorithms on recorded video streams.

Each of the primary roles outlined in the table above work in conjunction with each other as outlined in the Figure 10: Genetec Security Center Network Diagram. While there are many ways the Genetec surveillance architecture can build out, this guide outlines the infrastructure in the datacenter to support a large scale deployment with the following requirements:

Centralized recording: the distributed cameras in the site/sites are all streaming over the network back to a central location. Genetec archivers are located physically in the datacenter location alongside the storage to avoid long latencies for the network storage protocols (SMB).




47

Large Scale System: A system of at least 250 cameras benefits from the many elements of the proven infrastructure. All validations were run up to ~2000 cameras.

Failover is Required: The details for how this proven infrastructure guide will support failover is outlined in “High Availability Implementation,” but the system will be required to handle failure of Genetec archivers as well as the primary Genetec directory server and still allow for recording and playback. This infrastructure can support an active/active failover scenario or an active/standby failover scenario.

Figure 10: Genetec Security Center Network Diagram

In Figure 11: Genetec Omnicast Network Diagram below, the networking requirements within the Genetec Omnicast video surveillance system components for this solution are graphically illustrated. One item for consideration is the use of a variety of TCP and UDP ports across the system. While not specifically covered in this infrastructure guide, the ports for use in ACLs are specified.



48

Figure 11: Genetec Omnicast Network Diagram

The number of Genetec Archivers needed is a function of the expected number of cameras and their resolutions and rates. From this, along with any needed functions such as Watermarking and Software based Motion detection, the bandwidth of the servers will be limited to 37.5 MBps (or below) with the following general rules applied to optimally size the system:

Software based motion detection could reduce the maximum capacity by as much as 50%.

Watermarking could reduce the maximum capacity by as much as 20%.

The size of the Genetec deployment along with additional features (Federation, Trickling, Auxiliary Archiving, License Plate Recognition) will determine the optimal placement of each Genetec role. For Video Surveillance system, the baseline system is the Genetec Directory servers (primary and secondary) and the Genetec Archivers. These systems are deployed in a hierarchical manner, but the basic architecture is sized according to throughput for video surveillance with Genetec. The requirements for each Directory server allows for scale up to Genetec maximum limits, while the

Genetec Sizing Information




49

Archivers can be scaled out N times. The number of Archivers needed depends on the per Archiver bandwidth.

Example Genetec Archiver Sizing: 1000 cameras at 4Mbps (common average bit rate for 1080p@15fps) per camera will require more than 4000 Mbps/ 300 Mbps per archiver = 13.33 Archivers, or a minimum of 14 Archivers.

For the example sizing secondary and redundant Archivers will equal the number of primary Archivers. Failover Directory servers will be the equivalent to Primary Directory servers.

The full implementation of Genetec Security Center for Video surveillance is not covered in this Proven Infrastructure, but various items for the configuration are noted that should be taken into consideration.

Each Archiver requires the Genetec Server Properties modified to allow for proper authenticated users accessing the Isilon shares. The user should be in the same domain as that synchronized with Isilon as well as should have full control access to the Isilon share. See Create Shares.

Figure 12: Modifying Genetec Server Service Properties

Implementing Genetec for Isilon



50

Figure 13: Changing Genetec Server Service Account

Once the authentication element is completed, the only other aspect necessary is to add the share to each Archiver’s recording configuration. By going to the Archiver’s Resources tab, one can add a UNC path for recording. This path will be the \\FQDN\Sharename for the Isilon cluster.

Figure 14: Setting the Archiver Path to Isilon Cluster Share




51

Additional considerations for Delete Oldest files when disks are Full and Automatic Cleanup being enabled are ways to avoid runaway recorders.

Figure 15: Set Delete Oldest Files Setting



52

Figure 16: Setting Automatic Cleanup

High Availability Implementation

The video surveillance as a full system of systems has to maintain high availability outside just the individual components. This involves servers, VMS instances, network, and storage. The intent in this HA design is to allow for disaster recovery from a primary site to secondary COOP site.

Servers: The servers acting as a set of hosts for the Genetec instances are protected from localized failures (power on a blade, processor, memory, etc.…) by using the VMware HA functions. As detailed in previous sections, this need is minimal when using “Genetec Failover” mechanisms for the variety of roles, but mainly the Omnicast Archiver and Directory servers. For scenarios where upgrades are required on the hardware hosting certain virtual machines, these machines can be vMotioned to other ESXi hosts.

Genetec: Use of Genetec high availability methods allows the video access, distribution, and ingest to be protected during system outages. This means using an Active-Standby or Active-Active approach outlined in the previous sections with Genetec. The need for access to real time and archived video during outages are enabled via these mechanisms.

Network: Cameras will not be covered in this guide, but the network for the datacenter consists of dual switches and dual homed physical servers to avoid loss

System High Availability




53

of connectivity between Genetec servers and EMC Isilon storage systems in the event of a failure.

Storage: With the ability to handle failures of at least 1 Node and/or 2 disks simultaneously, the EMC Isilon storage system has significant localized failure handling. The data protection scheme employed by Isilon allows configuration of the system so that up to 4 nodes can simultaneously fail without loss of video ingest or playback. Additionally, any failures of the servers or storage allow for transparent failover of the storage connectivity using EMC Isilon OneFS SmartConnect capability to ensure that the failures do not result in any video playback issues or ingest frame losses.

Genetec supports multiple high availability scenarios, but for this proven infrastructure, it provides the ability for active-active and active-standby architectures, assuming a two data center site solution.

The Genetec Security Center Design Guidelines (accessible in GTAP portal for documentation) and Genetec Security Center Administration Guide outline this availability in much more detail.

There are two primary Genetec server elements of high availability with Genetec: Directory servers and Omnicast Archivers. In order to accommodate functionality during a site or component outage, failover mechanisms for both are needed.

The Directory servers need to be synchronized to allow for functionality in the event of a site or hardware failure on the Directory servers. There are a variety of methods Genetec supports for this on the Directory roles as specified in the Genetec Security Center Admin Guide. Each Directory role connects to a Database server. Methods of synchronization of this database server are described below:

Backup and restore. The Directory Manager protects the Directory database by regularly backing up the master database instance (source copy). During a failover, the latest backups are restored to the backup database that’s next in line. Two schedules can be defined: one for full backups, and another for differential backups.

o This method is recommended due to its simplicity and because it meets most customer requirements.

Mirroring. Database failover is taken care of by Microsoft SQL Server and is transparent to Security Center. The Principal and Mirror instances of the Directory database are kept in synch at all times. There is no loss of data during failover.

Just as the Directory servers need to have a mechanism for failover, so do the Genetec Omnicast Archivers.

The common theme is to use an Active-Standby approach, mainly due to costs. In this approach, one site would host the active archiver and the other site would host a standby archiver. Some customers have the all the primary archivers at one site and all the secondary archivers at another site, while some customers choose to have each data center with half the primary archivers at each. This decision usually

Genetec High Availability



54

depends on the networking and data center physical limitations (power, rack space, etc.).

In Genetec Security Center, the active-standby functionality is enabled using a “Failover Archiver”. The primary archiver is the active archiver while the secondary archiver is only idling unless the primary archiver fails in some way (server, storage, database, etc.…). At this point, the secondary archiver connects to the cameras and starts recording from that point on, while real time video from the cameras to the Security Desk clients are unaffected.

Table 8. Genetec Database Server High Availability Methods

To enable the Active-Standby scenario, the primary datacenter archivers are designed in the same manner as before, but the secondary datacenter now requires less storage per each archiver, since it will only be recording during a failure. Typically, this is less than 7 days worth of video. The primary servers and secondary servers are of identical infrastructure, networking is the same, but the actual storage allocated to the secondary archiver is much less.

Database Server HA Method

Description Advantages Disadvantages Affect on Infrastructure

Backup and Restore

Allows synchronization, but not in real time, between (2) databases supporting the Directory roles.

Simple – use Genetec Directory server built in capabilities.

Changes made while the Directory is connected to the backup database are lost when the Directory switches back to the master database.

Nothing.

Mirroring

Allows real time synchronization between (2) databases supporting the Directory roles.

All real time updates to the directory server are provided.

Requires SQL Server 2008 Standard Edition or better with the mirroring feature. Robust network link between 2 database servers to handle sync.

Additional Virtual Machine for the Database Server running separately from the Directory Server.




55

Figure 17: Genetec Active-Standby Overview Diagram

For an Active-Active scenario, the video streams from cameras are presented to (2) Genetec Omnicast archivers at the same time (using multicast streams from the cameras). The setup within Genetec Security Center to enable this is referred to as “Redundant Archiver”. In this mode, the proven infrastructure would replicate the exact infrastructure at (2) data center sites.

In order to accommodate this functionality, the entire network needs to support multicast between cameras/video units and the Genetec Omnicast Archivers. This scenario provides the Security Desk clients with the ability to have minimal to no loss in video playback and real time video as well as access to bookmarks and related video information, even when an entire site goes down due to catastrophic failure, planned downtime (power, HVAC, structural), or just an upgrade of one of the system components.

The Active-Active solution requires the same Infrastructure at both Datacenters. It also requires robust network connectivity between the 2 sites to handle the Directory Server synchronization as well as the bandwidth for the redundant video streams.



56

VMware HA automatically reboots a virtual machine to a different ESXi host in the vSphere cluster if a failure occurs. You can use HA for any Genetec service. HA is not dependent on the CPU having hardware-assisted virtualization (Intel VT and AMD-V), which is a restriction of VMware Fault Tolerance.

VMWare HA can be a good fit for the Genetec Archiver servers, but there is still a boot-up time involved. The Genetec “Failover Archiver” is the more common mechanism for solving this issue and avoiding video loss during the boot-up. The Genetec solution is quicker but does requires additional licenses. We review this mechanism in the previous section Genetec High Availability.

For information about VMware supported hardware, refer to the VMware Compatibility Guide.

End of Section

VMWare High Availability

EMC Confidential

57

Chapter 5 Solution Validation


Baseline Hardware Validation .................................................................... 58

Validations ................................................................................................ 59

Solution Validation EMC Confidential


58

Baseline Hardware Validation The following hardware components were used in the EMC labs that derived sizing and functionality information in this Proven infrastructure.

Table 9. Validated Hardware

Component Validated System Components (2013)

Video Surveillance Software

Genetec Security Center 5.2 and Security Desk 5.2

Video Storage Platform EMC Isilon X400_36TB_48GB_2x10GE&2x1GE, OneFS 7.0.1

EMC Isilon NL400_36TB_24GB_2x10GE&2x1GE, OneFS 7.0.1

Insight IQ v2.5.2

Virtualization Platform Servers:

Cisco 5108 Chassis with Cisco UCS B230 M2: 20 cores and 128GB RAM each. UCS 2204 as fabric extenders. UCS 6248s as

Unified Fabric:

Cisco 6248 for Fabric Interconnect to Servers and Block Storage: 10GE and 4Gbps FC (ISL to Cisco MDS 9XXX switches)

Cisco 3560s for Management Switches: 1GE

Operating System:

Microsoft Windows Server 2008 R2 (64-bit)

Hypervisor:

VMWare ESXi 5.1 and 5.2

Storage:

Tested: VNX 5300, 8GB RAM, 8Gbps FC, 10K SAS Drives

Networking Cisco 5548 for collapsed core switches: 10GE

Cisco 3750 for additional distribution switches (1GE)

Cisco 3560 for additional access switches (1GE)

EMC Confidential Solution Validation



59

Validations

The objectives of the tests were to:

Determine the bandwidth for EMC Isilon scale-out storage using NAS protocols from Genetec Archivers with multiple recorders.

Determine the configuration parameters for EMC Isilon and Genetec Security Center for integration.

Determine optimal video storage performance requirements for use of Isilon Scale-Out storage clusters based on various failure scenarios.

VMware functionality with Genetec: DRS and VMotion.

Multiple tests were run. The VMWare testing targeted how many Archivers could be supported with enterprise functionality on various platforms.

The Genetec testing was to evaluate video storage and Genetec’s application to the EMC Isilon storage system. Additional tests evaluated ESXi host hardware in relationship to virtual CPU settings and the resulting bandwidths.

During all the tests, we assumed that Genetec Security Center or Genetec Omnicast is correctly configured per Genetec’s best practices and operates within the bandwidth, camera count, and other Genetec maximums.

To test the storage bandwidth and configuration, we:

1. Configured video storage for an EMC Isilon storage cluster.

1. Configured Genetec Archivers for the NAS protocol to be tested (SMB2).

2. Set up traffic generators to produce a traffic load to each Genetec Archiver at the desired bandwidth.

3. Verified that motion detection was in an “on” state for all cameras.

a. Watermarking Off

b. Automatic Cleanup On

4. Evaluated the network and video storage to ensure an error free environment at the induced bandwidth.

a. Low CPU and Memory utilization on Isilon

b. ZERO frame losses in Genetec

5. Introduced storage device errors to include:

a. Initiate Isilon node failures and recoveries.

b. Initiate Isilon node removals (downsizing a cluster) and adds (increasing cluster)

6. Captured the cluster and host statistics.

7. Based on the above results:

a. Incremented the bandwidth if no issues are detected.

Key metrics

Test methodology load test



60

b. Decremented the bandwidth if issues are detected.

We repeated the above test until the maximum, error free, bandwidth was reached. These bandwidths were then padded significantly and published as our test results to ensure a buffer of <10%.

EMC Confidential Solution Validation



61

Table 10. Isilon Test Results with Genetec

Isilon Test Results with Genetec

Node Type

Archivers Per node, OneFS Version

Cluster total bandwidth (MB/s)

BW per node (MB/s)

BW per host (MB/s)

Cluster size

Nodes written

Disk size type RPM

NL400 1 OneFS 7.0.x

150 37.5 37.5 5 4 1 TB SATA 7,200 rpm

NL400 2 OneFS 7.0.x

160 40 20 5 4 1 TB SATA 7,200 rpm

NL400 4 OneFS 7.0.x

160 40 10 5 4 1 TB SATA 7,200 rpm

X400 1 OneFS 7.0.x

150 37.5 37.5 5 4 1 TB SATA 7,200 rpm

X400 2 OneFS 7.0.x

240 60 30 5 4 1 TB SATA 7,200 rpm

X400 4 OneFS 7.0.x

240 60 20 5 4 1 TB SATA 7,200 rpm

X200 1 OneFS 6.5.x

112.5 37.5 37.5 5 3 2 TB SATA 7,200 rpm

X200 2 OneFS 6.5.x

120 40 20 5 3 2 TB SATA 7,200 rpm

X200 3 OneFS 6.5.x

126 42 14 5 3 2 TB SATA 7,200 rpm

X200 4 OneFS 6.5.x

150 50 12.5 5 3 2 TB SATA 7,200 rpm

108NL 1 OneFS 6.5.x

112.5 37.5 37.5 5 3 2 TB SATA 7,200 rpm



62

Table below displays the ESXi 5.1 host class-to-bandwidth comparison results from various host classes (processor chip) across multiple server venders.

Note: The results illustrate that varying the processing power and memory affects server density and aggregate bandwidth. The testing was incomplete and does not necessarily prove this variance will be consistent.

Table 11. ESXi Host Bandwidth Comparison

Host Class Cores Memory Maximum Archivers

Maximum bandwidth MB/s

Xeon E7-8830 80 1 TB 34 1,275

Xeon E7-2800 20 256 GB 6 225

Xeon 7500 24 128 GB 6 225

Xeon 7400 24 64 GB 3 112

Our UCS 6248 FC configuration is for Fabric Inter-Switch Link (ISL) between FC switches. However, it is not configured for connecting Arrays. I do not think this is a useful configuration unless the implementation is into a site with a pre-existing FC fabric.

The following VNX configuration was validated for reference:

VNX5300 with 10K RPM drives.

The datastores are built on 4+1 RAID5 RAID Groups using 1.9TB LUNs for the Datastore. Each datastore supported up to 6 Genetec servers during testing.

o Storage pools not validated at the time of this publication.

4Gb/s FC for the arrays. PowerPath/VE aggregates the multi-path bandwidth. 8 Gbps is supported as well.

End of Section

VMWare Test results

Other considerations

EMC Confidential

63

Chapter 6 Reference Documentation


White papers ............................................................................................. 64

Product documentation ............................................................................. 64

Reference Documentation EMC Confidential


64

White papers For additional information, see the white papers listed below.

http://www.emc.com/collateral/hardware/white-papers/h10719-isilon-onefs-technical-overview-wp.pdf

http://www.emc.com/collateral/white-papers/h12546-wp-video-surveillance.pdf

http://www.vmware.com/files/pdf/vmotion-perf-vsphere5.pdf

http://www.cisco.com/c/dam/en/us/solutions/collateral/borderless-networks/advanced-services/business_delivered_cisco_ucs.pdf

Product documentation For additional information, see the product documentation listed below.

http://www.genetec.com/Documents/EN/Products/EN-Genetec-Security-Center-System-Requirements.pdf

Genetec Security Center 5.2 Administration Guide – Accessible though GTAP (Requires credentials)

OneFS Technical Overview

Scale Out NAS for Video Surveillance

VMware vSphere® vMotion® Architecture, Performance and Best Practices in VMware vSphere® 5

Business Advantage Delivered: The Cisco Unified Computing System

Genetec SC5.2 System Specification

Genetec Security Center 5.2 Administration Guide



http://www.emc.com/collateral/white-papers/h12546-wp-video-surveillance.pdf

http://www.vmware.com/files/pdf/vmotion-perf-vsphere5.pdf





EMC Confidential Reference Documentation



65

OneFS 7.1 Administration Guide – Accessible though EMC Support Site(Requires credentials)

http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-manager/116197-configure-ucs-manager-00.html

http://www.cisco.com/c/en/us/support/servers-unified-computing/ucs-manager/products-installation-and-configuration-guides-list.html

OneFS 7.1 Administration Guide

UCS Configuration Guide for Local Zoning

Cisco UCS Configuration Guide





Reference Documentation EMC Confidential


66

http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-manager/whitepaper_c11-697337.html

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=6664&tclass=popup

http://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/dc-partner-vmware/c22-599617-01_vSphere_sOview.pdf

http://www.vmware.com/resources/compatibility/search.php

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/502_n1_1m/b_Cisco_n5k_layer2_config_gd_rel_502_N1_1.pdf

EMC VNX 5200 Configuration Guide – Accessible though EMC Support Site (requires credentials)

End of Section

UCS Manager Quick Start Guide

UCS Best Practices for VMWare

VMware Compatibility Guide

Cisco Nexus 5548 Configuration Guide

EMC VNX 5200 Configuration Guide







http://www.vmware.com/resources/compatibility/search.php



EMC Confidential

67

Appendix A Tools

This appendix presents the following topics:

Power Configuration .................................................................................. 68

Support Portals .......................................................................................... 68

Tools EMC Confidential


68

Power Configuration

http://www.cisco.com/assets/cdc_content_elements/flash/dataCenter/cisco_ucs_power_calculator/

https://powerlink.emc.com/nsepn/webapps/powercalculator/Main.aspx (Requires Credentials)

Support Portals

http://powerlink.emc.com

http://www.cisco.com/web/partners/index.html

https://gtap.genetec.com/Login.aspx

https://my.vmware.com/web/vmware/login-partners

Cisco UCS Power Calculator

EMC Power Calculator

EMC Powerlink

Cisco Partner Support

Genetec Technical Assistance Portal

VMware Partner Central



https://powerlink.emc.com/nsepn/webapps/powercalculator/Main.aspx

http://powerlink.emc.com/

http://www.cisco.com/web/partners/index.html

https://gtap.genetec.com/Login.aspx

https://my.vmware.com/web/vmware/login-partners