Avigilon Architecture & Best Practices

Contents
Servers & Storage ................................................................................................................................................. 2
Avigilon Server & Storage Hardware ................................................................................................................. 2
3rd Party Hardware .............................................................................................................................................. 2
Virtualization ...................................................................................................................................................... 2
Storage ................................................................................................................................................................ 3
Failover ............................................................................................................................................................... 3
Clients..................................................................................................................................................................... 5
Avigilon Clients .................................................................................................................................................. 5
3rd party Clients ................................................................................................................................................... 5
Networking ............................................................................................................................................................ 6
Network Requirements and Best Practices ......................................................................................................... 6
Active Directory.................................................................................................................................................. 7
Time Synchronization ......................................................................................................................................... 7
Redundant Recording.......................................................................................................................................... 8
Communications and Encryption ........................................................................................................................ 9
Avigilon Control Center Ports ............................................................................................................................ 9
ACC Encryption and Security ............................................................................................................................ 9
ACM Ports ........................................................................................................................................................ 11

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
Servers & Storage
Avigilon Server & Storage Hardware
1. Maximum incoming recording bandwidth of 256Mbps (32MB/S) on NVR-3 value line server
2. NVR-3 standard servers must be designed, installed and configured per very specific guidelines, and these
guides are available from the following link
a. https://avigilon.box.com/s/1tn1aej6u9g29d92w3cnyplu6hnnx31m
3. NVR-3 premium servers must be designed, installed and configured per very specific guidelines, and these
guides are available from the following link
a. https://avigilon.box.com/s/w139e4qzhu9c2uzqg3u95jdv9e7dgdzz

3rd Party Hardware

Recommended Server Configuration for 3rd party servers – matches NVR3 value line specs
 Windows Server 2008/2012 or Windows 7
 Intel Xeon E3-1220 V5 processor or better
 8GB DDR2 RAM
 2 Gbps Intel Pro/1000 or Broadcom NetXtreme II adapters
 SATA-II 7200 RPM Enterprise Class Hard Drives – RAID 5 or better

Virtualization
Avigilon will take support requests for ACC running in a VM environment in order to assist with any issues that may
arise regarding the software only. Although currently, Avigilon is not officially certified with Avigilon Control Center
(ACC) software running in a Virtual Machine (VM) environment. If an issue is related to the performance of the
environment Avigilon expects the party responsible for support of the environment to correct the issue. Since any
manufacturer’s HD video surveillance applications require near real-time access to disk and network input/output
(I/O) resources, among other things, performance is a concern. See the system requirements for physical server
systems above, as this is what would need to be dedicated per ACC VM, plus some additional CPU and for overhead
management of the VM layer.

Maximum incoming bandwidth in a virtual environment should be designed around 256mbps with the above
specifications. Solutions above 256mbps are possible, but each environment would need to be tested and accepted
by the end-user.

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
Storage
Types of Storage
The ACC Server software requires storage devices that provide access to consolidated block level data storage and
must be accessible to servers so that the devices appear like locally attached volumes to the operating system.
External storage systems that do not provide this type of access can only be used as a backup destination for the ACC
Enterprise Edition software.

For more information about the different software editions, see

http://avigilon.com/#/products/avigilon-control-center/editions/.
Note: The storage device must be capable of handling the total incoming bandwidth of the Avigilon server to avoid
write speed errors during normal operation. It is possible to estimate the total incoming bandwidth in the Avigilon
System Design Tool.
External storage devices that can be used for live recording include:
 Avigilon HD NVR Storage Expansions (Mini-SAS)
 iSCSI with initiators
 SAN devices
 eSATA devices (throughput limitations may be a concern)
Avigilon recommends using direct attached storage systems like the Avigilon HD NVR Storage Expansion units with
Avigilon NVR Servers.
External Storage devices that can only be used for video Backup (including devices listed above):
 NAS based devices

Potential Issues
Connectivity between the server and the external storage unit must be constant. Due to this requirement, there are
several potential issues to be aware of when planning for external storage drives:
 The Primary Data Volume and Config Volume data should be stored in the same location
 Ensure the connecting cables cannot be kicked or jarred loose
 Ensure there will be no packet loss or significant latency for IP-based connectivity to the external storage
units
 The Primary and all Secondary storage volumes should be similar in size. (or additional RAM included for
increase in utilization of larger arrays)

Failover
1. Failover in ACC is an N+1 or N+many environment for primary camera connections. Cameras can be
connected to failover servers as secondary or tertiary connections, where the secondary is monitoring the
primary and the tertiary is monitoring the secondary. This failover architecture provides two layers of
resiliency at the hardware level. In addition to the failover on the hardware level, ACC also supports stream
prioritization with 5 levels of priority, and 1 being the highest. The stream priority is only available on
secondary and tertiary connections and the software will ensure the highest priority cameras are connected
first if there are not enough camera licenses on the failover server to support all failed cameras.
2. Failover Pre-requisites
a. ACC Enterprise edition on all ACC servers

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
 b.
Two or more servers
c.
All servers in the same network (preferably lan?)
d.
All IP cameras should be accessible by their primary server and all failover servers
e.
Avigilon and 3rd party cameras are supported
f.
Ensure failover server(s) are licensed appropriately to accommodate the failover connections
required
3. The maximum expected failover and failback time is no more than 120 seconds for each transition
a. The actual time is environment based and not fully predictable, since it is subject to a number of
system deployment factors, including detection of failed primary server, the number of servers in the
cluster, the delay before the camera begins streaming to the new server, and the key frame intervals
on the cameras
4. In the event the networking environment of the ACC servers is such that the servers can communicate with
each other (server clustering) across two unique paths on the network, additional configuration steps are
necessary to ensure a network failure on the camera network will trigger failover
a. Please follow this KB article for detailed instructions on proper configuration of the servers
i. https://avigilon.box.com/s/mywo59is9jiv80by1g3qe80mes8xvxl7

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
Clients
Avigilon Clients
1. 4 monitor (HD-RMWS-4MN) workstations are capable of supporting up to 144 streams (HDSM required)
and can have (4) 1080P monitors or (2) 4K monitors connected
2. 2 monitor (HD-RMWS-2MN) workstations are capable of supporting up to 72 streams (HDSM required) and
can have (2) 1080P monitors or (1) 4K monitor connected
3. Performance specifications for each workstation are as follows
a. 2MN workstation – with 2 monitors connected
i. (20) 5MP @ 13IPS streams or (20) 2MP @ 30IPS streams
b. 4MN workstation – with 2 monitors connected
i. (20) 5MP @ 13IPS streams or (20) 2MP @ 30IPS streams
c. 4MN workstation – with 4 monitors connected
i. (10) 5MP @ 13IPS streams or (10) 2MP @30IPS streams

3rd party Clients

Recommended Client Configuration (2 Monitor)
 Windows 7 64 bit
 6th Gen Intel Core I5-6600 processor
 8GB RAM
 nVidia graphics card with PureVideo VP2 or better – K620

Recommended Client Configuration (4 Monitor)

 Windows 7 64 bit
 Intel Xeon E5-1620
 8GB RAM
 2 x nVidia graphics card with PureVideo VP2 or better – K620

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
Networking
Network Requirements and Best Practices
1. When possible although not required, recording and client traffic should be segmented into two
physical/virtual networks
a. NIC(s) on the servers shall be configured appropriately (proper subnet and/or Vlan) and connected
to the recording network(s) that supports Cameras, Encoders… etc
b. The quantity and type (1G or 10G) of interfaces used for the NVR-3 premium servers is determined
by the maximum potential incoming bandwidth
i. (1) 1GbE interface = up to 250Mbps
ii. (2) 1GbE interfaces = up to 500Mbps
iii. (3) 1GbE interfaces = up to 600Mbps
iv. (1) 10GbE interface = up to 800Mbps
v. (2) 10GbE interfaces = dependant on server model and % playback (follow NVR-3
performance guideline)
c. The quantity of 1G interfaces used for the NVR-3 standard server is determined by the maximum
potential incoming bandwidth
i. (1) 1GbE interface = up to 250Mbps
ii. (2) 1GbE interface = up to 450Mbps
d. One or more NIC’s on the servers shall be configured appropriately (proper subnet and/or Vlan) and
connected to the client network
e. Segmentation helps load balance incoming and outgoing traffic on the recording servers
f. Segmentation also helps mitigate broadcast traffic and provides more security
g. It is recommended to not have multiple gateway addresses on multiple interfaces on a single server.
2. NIC teaming is supported for fault tolerance on the NVR-3 premium server
a. Setup for fault tolerance requires configuration on the server only, and the NIC teaming guide can be
found in the link under Avigilon hardware
3. All servers that are grouped into a cluster (site) within ACC must be in the same subnet or appropriate
routing must be configured to allow for communication between all servers
a. Low Latency (<10ms) 1gbps connection between all servers in a site
b. Reliable with less than 0.1% Packet Loss;
c. All servers need to communicate on port 38882
4. Network connections to servers and clients should be 1gbps minimum
5. Externally mounted cameras over copper should be protected with surge suppression
6. Do not load an Ethernet connection greater than 70% of its maximum throughput
7. On Enterprise systems it is best practice to constrain the bit rates on cameras and encoders to eliminate
unnecessary bandwidth spikes, which ultimately can result in packet loss on the recording streams.
Bandwidth spikes can also degrade the performance of the client application due to overstressing the
processor and video card on the workstation

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
 8. ACC can operate in both closed and converged network environments, however when deploying in a
converged environment there are a number of things to consider when scaling a network for a large
enterprise deployment
a. Segmentation of the traffic via Vlan’s is critical for managing potential broadcast issues that can have
an adverse impact on the UDP streams between cameras and servers
b. Proper evaluation of bandwidth availability to support the surveillance application
c. Avigilon is predominantly a UDP application and isolation and control of the broadcast domains is
critical to managing packet loss on the surveillance application, and also minimizing the impact on
other applications in the converged environment

Active Directory
1. Avigilon Control Center (Enterprise) does support integration with active directory
2. The basic functionality of the integration is as follows:
a. An ACC site is configured to join one domain and attach to specific AD group(s), and the group and
all associated users will populate within the ACC Users list.
i. AD users must be in a global group, local and universal groups are not supported
ii. Users must be in the top level of a group as nesting is not supported
b. Synchronization will occur daily at 2:00am system time. The synchronization will refresh the user’s
database in ACC by adding/removing users to match any AD group modifications that were made
before 2:00am.
c. If new users are added to an AD group between synchronizations, the new users will be able to
login to ACC with their AD credentials even though their user account may not appear in the ACC
users tab until the 2:00am sync.
d. If users are removed from an AD group between synchronizations, the removed users will not be
able to login to ACC even though their user account may still appear in ACC Users tab until the
2:00am sync.
i. Note: If a user is removed from an AD group while they are logged into ACC, they will
maintain access until they next log out or the AD sync occurs. Enforcing the auto-log out
feature within ACC will help strengthen the security of the solution and will prohibit users
from staying logged into the application while not using it

Time Synchronization
1. It is critical to have all components within the Avigilon solution time synchronized
2. In applications where the surveillance network can see the internet, NTP settings can be configured to point
to public NTP servers
a. Additionally, Avigilon recommends time synchronization via a common NTP server/source on all
windows appliances to ensure all devices are synched together and at a more frequent interval, or
modify the registry to update the polling interval to at least every 2 hours. One method of
accomplishing this would be to use a program like Nettime, or something similar. Nettime will ensure

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
 all hardware is in sync with each other, while one of the windows machines is acting as a master and
synching with an NTP source.
b. When Avigilon cameras sync with the Avigilon or NTP server and its’ time is greater than 125ms it
will automatically jump to the updated time. If the time is less than 125ms, the camera will slowly
adjust the time in 0.5ms per second increments to the updated time.
3. In applications where the surveillance network is closed, it is recommended to install a GPS time server to
ensure accurate time sync
4. It is critical for 3rd party cameras and all integrated solutions to be time synced with the server the camera is
recording to. These cameras should be pointing to an NTP source on the network
a. Note, Avigilon cameras and encoders automatically synch time to an ACC server via port 38884. 3rd
party cameras could also point to the server the camera is recording on.
5. Time synchronization configuration options can be downloaded here:
a. https://avigilon.box.com/s/e60pr57n52fno9zsfgiqojr54sv8tzio

Redundant Recording
Avigilon Control Center supports redundant recording of cameras to multiple servers, and the network
connectivity between the camera and server can be configured as unicast or multicast. In redundant recording
applications, it would be recommended to utilize multicast in order to reduce the load across the network and to
not overtax the CPU of the camera. Multicasting does require additional camera configurations to enable the
multicast stream, and will require the network switch infrastructure to be configured to manage multicast traffic
appropriately.

The following link provides details on the configuration of multicast on Avigilon devices, and best practices for
the management of multicast traffic across the network.
https://avigilon.box.com/s/on7k2jy0qnl6sovbuejtisjvn2k2zib9

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
Communications and Encryption

Avigilon Control Center Ports

Source Destination Port(s) Transport Comments

Camera Server 51000-54999 RTP/RTCP (UDP) Video Streaming
Avigilon Cameras Server 38884 UDP NTP Server (Time)
Camera Network 3702 UDP ONVIF (devices Auto
Discovery)
Server Camera 80, 443, 554 HTTP, HTTPS, Listening ports
RTSP (TCP)
Server Server 38880, 38881, UDP Site server clustering
38882 and peer to peer
communications
Server Client/SDK/Gateway 51000-55000 UDP Video Streaming –
LAN mode only
Server Network 38883 UDP Server discovery
Client/SDK/Gateway Server 38880, 38881 HTTP, HTTPS Connection port and
(TCP) secure
authentication
ActiveX Web Client Server 38880, 38881 HTTP, HTTPS IE 6.0 or higher only
(TCP)
HTML5 Web Client/ Gateway 80 or 443 HTTP, HTTPS HTML5 browsers
Vidproxy (TCP)

ACC Encryption and Security

 In general, HTTPS encrypted communication is used for all control and configure traffic and HTTP non-
encrypted is used for video/audio in the WAN configuration. In a WAN environment the video/audio data is
sent over 38881.
 Authentication data from Server to Client and Camera to Server is encrypted using TLS1.2 protocol, with
TLS1.1 and 1.0 as a fallback. Authentication data from Camera to Server is encrypted. Non-encrypted data
includes TCP ONVIF calls and video streaming from cameras to the server.
 Native Avigilon video files (AVE)
o Exported AVE files include a hash (a calculated "fingerprint") of the binary content of each image
frame.
o The Avigilon Control Center Player software is able to verify if the hashes match the image's current
binary content, bit-for-bit, in order to assure that the file as a whole is authentic and unmodified. The
authentication process uses verifiable code paths and industry standard technologies to ensure that
exported AVE files can be verified.

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
 o Watermarks, by definition, alter the image so that it can't be corrupted. Unlike the hashing method,
watermarks cannot guarantee that the image will remain 100% identical to the image that was
exported.
 Application and Firmware Security
Two security concerns with updating devices and updating software packages are consider when the files
are downloaded from the internet. These are:
1) Authenticity – was the software actually produced by the organization who produced it
2) Integrity – was the software modified/corrupted during the download process or has other malware
installers been placed inside.

In the past SHA1 or SHA256 digital file hash checking was previously used as a method to check for
Authenticity and Integrity for firmware and software files. The developer of the software would create a hash
code of the installer, then after a download the user would need to manually confirm that the file that was
downloaded matches the hash code from the developer. This is no longer a preferred method but it can still
be found as a method for checking open software or packages provided in source code form.

The latest file security method is done by using a certificate authority. Windows has a built in mechanism
(Microsoft Authenticode) to address both the Authenticity and Integrity concerns. The mechanism makes
use of certificates, public key infrastructure and a chain of trust back to certificate authorities that issue the
certificates to companies, organizations, or individuals (This is similar to how web traffic is secured over
HTTPS using SSL/TLS).

All of the Avigilon video application installers are signed using a code signing certificate that Avigilon has
purchased from a certificate authority. When the installers are run, this allows Windows to report that the
installer was indeed created by Avigilon and that it hasn’t been modified or corrupted.

In the case of the Avigilon user friendly “remote upgrade” feature, It goes a step further to check that the
installer is valid and untampered both before the client pushes it to the server (it won’t push a random
installer not signed by Avigilon) and when the server unpacks and tries to install it (allowing a further option
to revoke the signing authority, should the signing key become compromised.) A second aspect is that this
provides deeper security: if someone were to create a malicious installer, and obtain ACC admin credentials,
the system would prevent them from uploading their new binaries and taking control of the system, since
they would have no way to “sign” the package and prove it comes from Avigilon.

Avigilon has also secured most of the camera firmware with the same mechanism. Recent firmware images
from Avigilon (including all currently shipping H3A and H4A cameras) are signed, and will reject any updates
that are not themselves also validly signed. This makes it that much harder for an attacker to “take control”
of an Avigilon camera.

10

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.
  Antivirus Software
o If servers or clients are on a public network and/or internal policy requires the use of antivirus
software, the use of up-to-date firewall and antivirus programs are supported.
 If an antivirus program is used on the ACC server, the antivirus guide for ACC should be
followed: https://avigilon.box.com/s/mhyigxiwpa337tm5jp85quucpue3eujm

ACM Ports
Source Destination Port(s) Transport Comments
Web Browser ACM server 443 - configurable HTTPS ACM web client
Mercury Controller ACM Server 6050 TCP Event service port
Mercury Controller ACM Server Configurable TCP Edge Listening
ACM/ACC Gateway ACM Server 443 – match web HTTPS Web server port
client port above
ACM/ACC Gateway ACM Server 6050 TCP Diagnostic service
port
ACM/ACC Gateway ACC Site 38880 HTTP SDK communication
for alarm mapping
into ACC
ACM Server ACC Server 80 – Configurable HTTP Vidproxy – video
streaming from ACC
to ACM

11

© 2015 Avigilon Corporation. All rights reserved.

No license is granted with respect to any copyright, trademark, patent or
other intellectual property rights of Avigilon Corporation or its affiliates.