Time to throw away your NVR?
Are you still considering to buy a Network Video Recorder (NVR) for your surveillance solution? Or do you consider replacing your old NVR with a new one with more channels? My 2 cents: think twice!
In this blog post, I will explain my point of view and discuss some important aspects I believe you should consider. In the end you make your own conclusion, but I’m here to give you some hints and topics to consider in your own research.
;TLDR
With NVRs -suffering from many modern features- being installed in almost every household and enterprise, we are ready for the next evolution, where we can leverage and reuse existing hardware and cloud native technologies such as Kubernetes to create high available, scalable and resilient solutions. At Kerberos.io we are building the next generation video management platform, to achieve all the expectations of a modern and scalable NVR.
- With Kerberos Agents and Kerberos Factory you can deploy containers in and out a Kubernetes cluster to scale against your IP cameras. So no need to install new NVR each time, have a high available and resilient in place by default.
- With Kerberos Vault, you store your data where you want at the edge or in the cloud (we don’t mind). Use well known certified storage providers that are high available and keep functioning in the event of failure.
- With Kerberos Hub you leverage state-of-the-art VMS features, view your recordings from within your own cloud. You own the data and any end-to-end data transfer is controlled by you, and only you.
Is a NVR a bad thing?
No, let me be clear, it’s really not a bad thing! A long time ago it was the defacto solution for many scenarios in video surveillance; and in fact it’s still the reality in a lot of enterprises and industries, unfortunately.
It might not come as a surprise, but nowadays the game has changed, due to the rise of new hardware (GPU’s, boards like Raspberry Pi’s, NUCs, etc) and software technologies (WebRTC, Cloud Native technologies, Kubernetes, Object storage, etc). Thanks to these innovations, a path have been paved for new business models and cloud platforms in the video surveillance landscape.
Going forward I will explain the change in more detail and provide 5 important aspects which should make you clear the change is real!
1. NVR, an empty box?
If you’ve ever installed a NVR, you should have seen the inside of the box. Most of it is air, making space to mount a HDD, and the rest is occupied by a small board and little fans on the sides to cool down the massive heatsink (as there is no mounted fan on the CPU) and HDD; be cautious this gets extremely hot!
Usually a NVR is sold with a number of channels, which means the number of POE ports you have to plugin one or more cameras, and the total number of cameras you can add to the NVR (for example through ONVIF discovered in the network). The latter is where I would like to open a discussion.
After seeing the inside of an NVR and having experimented with it for a long time, I’ve come up with the following thoughts:
- It’s expensive. I would expect the hardware in a NVR to be more capable than recording just 4 concurrent streams (even in a higher resolution). With a continues recording scenario you basically just write content to a file (MP4), and that’s it. To give you an idea, a Raspberry Pi 3, which is half the price of a NVR, you are able to record over 10 IP cameras in a continues recording setting at the same time. An Intel NUC is similar priced and can even go to 20 IP cameras at the same, and even leave room and resources for other custom scenarios you envision.
- It’s limited. I was expecting the channels of the NVR only be limited for the physical POE connectors but it is applicable for the virtual connectors (IP cameras on the network) as well. So a 4 channel NVR can only process 4 streams, a 16 channel NVR can only process 16 stream (or less of course).
- It’s fixed. If you buy a NVR, you buy dedicated software as well, it’s single-purposed. There is no way for you to re-use the hardware or change it for other purposes. This last one, might be an obvious thing, but it’s against all design patterns of modern software solutions where technology is abstracted from hardware. Even if it was purposed for video surveillance, you cannot install another solution on it as well; read more in - 5. vendor lock-in.
2. Scale
So this is an interesting one as it keeps most people in the video surveillance industry awake.
If you buy a NVR your scale factor is the number of channels. So if you consider installing a 16 channel NVR at one of your customers, because they have 16 IP cameras at that time, your 16 channel NVR will be a great candidate. However 2 weeks later your customers wants to install more cameras, and so you are required to buy an additional NVR. So should you go with a 4-channel or 16-channel this time? Your customer might install more cameras, or maybe not?
Scaling with NVR’s is hard, and it can be expensive. Wouldn’t it be better that you scale it more easily in a cost-effective manner? Each time your customer wants more cameras and all channels are occupied, you’ll need to go back to your customer, install a new NVR and HDD, setup the configuration, and the list goes on. Waist of time if you ask me..
Using Kubernetes or other Cloud Native tools such as Docker, Docker compose, Podman, Portainer.io, you’ll be able to scale more easily and horizontally. Leveraging the containerisation concept of Kerberos Agents and Kerberos Factory, you can define and measure the concept of scale better, by adding additional resources (vertical) or adding additional machines (horizontal) to your cluster. Each time a new camera is added you add them to the cluster remotely. If a machine in your cluster goes down, another machine will take over the workloads, so it makes sure we’ll keep recording.
3. High availability and resilience
This is a fun one, as most NVR manufactures claim to be high available but in fact they are not. So what do they mean?
NVRs claim to be high available due to the fact they support backup features; replicate to another HDD or cloud storage. Well that’s not what I understand for high availability, backup is just a small part of the concept.
The reality is that once your HDD dies in your NVR, and you did setup a backup solution, you will be able to review your recordings through the backup drive or in a cloud scenario using the cloud application that your NVR is providing. That’s great, but at the point your HDD dies, your NVR stops writing recordings as well, so you might have your old recordings, but you will not have any new ones until you install a new HDD. This is what we mean with high availability and resilience, it’s keeps online/available in the event of failure.
Modern solutions such as object storage (S3, Google Storage, Azure Storage, Ceph, Storj, Minio) allow you to create a redundant cluster of HDDs that allow you to replicate your data in real-time, and keeps your storage online in the event of failure.
With Kerberos Vault we’ve created a concept of bring-your-own-storage (BYOS), that helps you to connect to a storage provider of choice (S3, Ceph, Storj, ..).
4. Security
This might get sensitive but be aware that every software solution or software creator might contain/create bugs in the/their product by accident. Either by not being aware, incapable, or propagated from an underlaying library that became vulnerable over time (which your CI/CD didn’t discover).
Unfortunately, the reality is that when a security bug or data leak is found in a security solution to protect someone/something against, this will be BIG news! It doesn’t matter how much damage the security threat can or will make, big news for sure!
If you do your own research you will find-out that there are many articles regarding security leaks or exposures of surveillance hardware such as IP cameras and NVRs. Primarly the chinese brands are targetted mentioning the usage of default credentials and insecure P2P networking. On top of that a lot of articles and research has been done around data transfer and persistence. Be aware that when using a P2P network your data will be transferred to intermediate servers (which are invisible to you) before the recording or stream reaches you. Usually the data (recording) itself is not end-to-end encrypted so the recording can be captured during the transmission window. I’m not saying someone will do something wrong with your data, but it’s a fact that if you don’t end-to-end encrypt, someone can see it..
To summarise, the problem is two folded:
- You are using closed software, so you have no control or awareness what is happening with your data, where it is stored and who can/will consume it.
- There is no end-to-end encryption. Ideally you are the sole owner of encryption keys, making sure you are the only one who can create (encrypt) and read (decrypt) the recordings or stream; typically this is not available in NVRs.
Within the Kerberos Enterprise Suite, we implement end-to-end encryption at different levels. Your data is encrypted using shared and private keys that you are the sole owner of. No one else other than you can see the recordings and livestreams.
5. Vendor lock-in and your own business models
We live in a time that plain-vanilla video surveillance is simply not enough anymore. We expect AI, machine learning, to identify and filter recordings as much as possible, so that it’s easier to navigate through TBs of data. The good thing is that these AI features are getting alive in the more recent NVRs, but unfortunately are still limited and very generic.
If you like it or not once you get into an ecosystem you are more likely to become locked-in (e.g. Hikvision, Dahua, Axis, etc). Look at Apple and Sonos, once you have one or more devices you will consider them again for other products as it is striving to be uniquely compatible integrated.
Now let’s jump into the reality, when using closed solutions from a specific vendor you’ll enter a closed environment of tools and hardware, with a lot of opinionated and limited integration capabilities. When selecting a specific NVR you’ll be guided to use the related cloud service or tooling, if you want to deviate from the standard workflow: integrate with with S3, add your own machine learning model, integrate with a custom security center, or just build your own VMS around it. You will have a hard time..
Some vendors like videoloft.com even require an additional hardware device, on top of your NVR, to make your NVR available through a closed-cloud environment. Madness..
In a summary, all big surveillance manufactures such as Dahua, Hikvision, Axis, Avigilon, and the list goes on, simply do NOT allow you to extract any data in a decent way or create a custom workflow. In the short term, going forward with a closed system might look appealing as you have stable and a mature system in place, however in the long run, when you consider a more scalable and custom business model, you will lose the game.
At Kerberos.io we embrace Open Source and openness and integration by default. All our products ship APIs through Swagger, and provide custom connectors such as Kafka, RabbitMQ, SQS, your own API web hooks and many more. Kerberos Vault allows you to integrate and interfere with your custom machine learning models in real-time, using a well-organised and scalable integration pattern.
You host the Kerberos.io suite where you want, in the cloud, in your private datacenter, at the edge or hybrid. You are in control of the network, the data, the encryption. You run the show.
Conclusion
Are you still considering a NVR for your business or use case? Think twice, nowadays there is much more interesting tooling available in the market. A NVR is interesting for small deployments but in the long run might become complex when scaling.
Learn more about our best practices at Kerberos.io to build a scalable and high available video management platform.