Planning Networks to Leverage Perspective VMS® Built-In Security

 TECH SUPPORT
LENSEC Technical Support

Perspective VMS® is a secure software, ready with encryption that protects the entire security system. There are various levels of network setup recommended by LENSEC’s PVMS product experts.

Below, we describe four typical setups that security integrators may use to build a network architecture. The differences described will vary, depending on the level of security needed by the end-user’s enterprise.

LENSEC - Basic Network Setup

Network security is added using SSL (Secure Socket Layer) and WSS (WebSocket Secure) between the Perspective VMS® servers and the client workstations. Additionally, the edge devices may be setup on a subnet, communicating via the streaming service as a proxy.

Overall, the advanced methods outlined here will add an extra layer of protection from hackers and harden the network architecture to prevent outside attacks.

Basic Network Setup

  • A typical Perspective VMS® solution consists of a web application, a database, and a series of services.

NOTE: These are often contained on a single server, represented here by a grey box.

  • External connections exist from this server, connecting to the cameras and to the client PC (via web browser).

Distributed Network Setup

LENSEC - Distributed Network Setup
  • In a distributed Perspective VMS® deployment across multiple sites, there remains a web application, a database, and a series of services. However, these services are split between multiple PCs or Servers, and offer multiple external connections.
  • External connections exist from these servers, connecting to the cameras and to the client PC (via web browser and distributed streaming services).

SSL & WSS Network Setup

LENSEC - SSL & WSS Network Setup
  • In this scenario, data transmitted between Perspective VMS® servers and the client PC can be secured using SSL and WSS.
  • SSL (Secure Socket Layer) encrypts data between the client and the web application.
  • WSS (WebSocket Secure) encrypts the video data streaming from the distributed servers.

Camera/Device Segregation via Proxy Network

LENSEC - Camera/Device Segregation via Proxy Network
  • When using a proxy, the IP cameras and other edge devices can be segregated on their own subnet. The edge devices communicate to the client network via the streaming service only as a proxy.
  • This segregation adds an additional layer of security to the network.

As a note, LENSEC technology partners, Bosch and Axis, manufacture cameras that offer SSL streaming. When HTTPS protection is enabled, data from the camera is encrypted. Now the video stream is protected from eavesdroppers and man-in-the-middle attacks.

If you have questions about deployment of security projects using network architecture as described here, please contact the LENSEC technical support team or physical security experts.

If integrator technicians need support, call (713) 395-0800 + Option “1” or email [email protected] for assistance.