FireWire optimizes security camera networks
Digital equipment advances reduce cost and complexity of 1394-based security and surveillance networks.
Digital equipment advances reduce cost and complexity of 1394-based security and surveillance networks
Dimitrios Staikos, Codemost Technology
Companies making security and surveillance systems that rely on multiple cameras are facing a major technology transition: the swap to an all-digital system. That transition will necessitate a digital network that links all of the cameras in an installation. Video-centric security systems in the past have typically used analog connections that link remote cameras to a surveillance control center. Older systems have even stored video on analog media such as videotapes. More modern analog designs digitize the video using servers in the control center. Industry-standard compression techniques yield video that is stored on disk drives for quick access and the ability to jump instantaneously to any timestamp in a recorded stream.
There are a number of reasons to move to an all-digital security system with the compression/encoding step being integrated directly into asmart camera. With codec ICs and fast-and-affordable microprocessors enabling real-time compression in the camera, the amount of equipment, as well as the power and cooling requirements, in the surveillance center are greatly reduced. Moreover, analog systems often suffered from lost frames or image distortion. The digital cameras place the A/D conversion and encoding function adjacent to the CCD or CMOS imaging sensor, eliminating distortion caused by noise and long cable runs. The digital network can then stream perfect video through high-EMI environments.
Digital networks also offer flexibility in terms of topology relative to the dedicated cables that must run from the surveillance center to each camera in an analog system. Modern data transfer technologies such asFireWire (1394) can carry the data payload and control commands and information to a camera using a single cable, and, in some cases, even power the camera over the same cable. In analog systems, separate cables are typically required for data and control.
Once a product design team decides to develop a digital security system, choosing the network technology is a critical decision. The installer community demands simplicity. But the chosen network must meet extraordinary requirements including the support of multiple video streams, support for some level of uncompressed video, and extreme reliability.
A wireless network might offer the ultimate in installation simplicity. But no wireless network can meet the reliability or bandwidth requirements of anything beyond hobbyist security systems. The choice will ultimately come down to wired options such as Ethernet and FireWire.
A FireWire-based network will offer the best match for the video-centric security application. Relative to alternatives such as Gigabit Ethernet, FireWire offers equivalent or even greater bandwidth in the latest S1600 andS3200-based solutions, isochronous capabilities that can guarantee bandwidth and timing, optimal synchronization of streams from multiple cameras, a flexible topology, and advanced fault tolerance.
The use of the term “1394” implies the IEEE 1394-2008 standard that combined into a single specification all of the prior versions of the standard. That version also introduced features such as 800-Mbit/s bandwidth over 100-m twisted-pair cables and coax that, as you will read later, are very important capabilities in a digital security application.
The advantages of FireWire come down to a physical layer (PHY) that offers a much more robust set of capabilities than Ethernet does. Let’s examine what the1394 PHY offers in terms of:
- isochronous functionality
- network monitoring and management
- fault tolerance
- flexible topology
In terms of bandwidth, FireWire matches or exceeds the standard flavors of Ethernet. Currently Ethernet tops out at 1 Gbit/s in terms of widely shipping technology. The industry has developed 10-Gbit/s varieties but that technology has not gone mainstream. Moreover, it’s unlikely that 10-Gbit/s Ethernet will ever use the low-cost cabling required in security applications. The 10-Gbit/s technology will either require expensive fiber media or rely on very short-range copper cables that would not suffice in the security industry.
The 400-Mbit/s (S400) and 800-Mbit/s (S800) flavors of FireWire are broadly available and proven in computer-centric products. Moreover, S800 FireWire is the equal of 1-Gbit/s Ethernet because the latter uses 8B/10B data encoding, and that encoding overhead effectively reduces Ethernet performance by 20%. Moreover 1.6-Gbit/s (S1600) FireWire has been announced in 2010, is due within 2011, and will be compatible with the low-cost cooper cabling that will be required in security installations.
A FireWire network provides sufficient bandwidth to carry many compressed video streams. The total number of streams depends on the resolution of the cameras and the color depth of the capture devices. A typical security camera might use the H.264 video encoding standard that might yield a 5- to 6-Mbit/s stream. A FireWire network could carry more than 20 such streams simultaneously with plenty of headroom to spare.
Some security applications also require transmission of uncompressed video. Compression always adds a small amount of latency in the encoding and decoding processes. And in some security installations, a fraction-of-a-second delay may be critical.
Security system vendors have deployed FireWire technology in installations to carry a mix of compressed and uncompressed streams. For example, an installation might utilize a relatively lower-resolution uncompressed stream for absolute real-time monitoring of a scene. A higher-resolution compressed stream is transmitted and stored to support detailed review by security personnel.
While FireWire and Ethernet have essentially equivalent maximum bandwidth, all bandwidth isn’t created equally. The 1394 standard inherently supports quality of service (QoS). The Ethernet community has added QoS layers, but those added layers simply prioritize traffic. Conversely, a system designer can schedule FireWire traffic, guaranteeing real-time delivery of video streams without lost or delayed packets due to packet queuing.
The FireWire advantage in carrying video streams goes even further in a security application. From the beginning, FireWire has supported isochronous capabilities. In a security application, the isochronous feature can be used to precisely synchronize video streams from different cameras.
Companies that are using FireWire in security systems have used the isochronous capability to actually stitch together streams from multiple cameras. That technique can create a continuous streaming presentation that exceeds what any single camera can capture.
A common misconception about FireWire is that bandwidth usage is restricted to 80% of the available bandwidth. This is indeed what the IEEE-1394 standard specifies, but this is just a soft rule that should be applied to "open systems.” A security system, like an industrial system, for example, is not considered an open system. Industrial systems and security systems are "closed systems." An end-user PC, where potentially anything can get attached to the bus at any time, is considered an open system.
The 1394 Trade Association has written a detailed white paper explaining these limits and describing how to safely use up to 92% of the bandwidth for isochronous operations in closed systems (seehttp://bit.ly/hZdQHZ).
The 1394 physical layer (PHY) is also a good match for the requirements of a security camera network. The PHY allows a central control system in the surveillance center to monitor and manage a network of video cameras. Moreover, the control system can detect attempted network hacks.
A FireWire network offers fullplug-and-play convenience. Devices connected to the network can be fully discovered by every other node on the network. A central controller can configure devices such as cameras over the network greatly simplifying the system installation process.
The PHY features allow the central controller to continuously monitor the health of each node/camera. Indeed, the control system has complete visibility into the network topology. If a node fails, the system can pinpoint the location of the failure immediately. Ethernet, in contrast, would require installers to map IP addresses to camera locations so that personnel could locate a failed camera.
The plug-and-play aspects of the FireWire PHY also ensure that a central controller can detect any unauthorized device that is added to the network. For example, consider a case where an intruder might attempt to insert a video recorder or storage device on the network to capture streams. The controller on the FireWire network would automatically detect that device.
Moreover, it is possible for the host, using the standard 1394 protocols, to detect and disable all disconnected ports on the whole network, so attaching any malicious device will not have any effects to the topology. Similarly, the software can detect any "unexpected disconnection" event and immediately block the newly disconnected port so that no unauthorized device can be attached in its place.
It is really one of the big strengths of FireWire that it can separately address each and every port of every device on the bus. Furthermore, through software commands (sending a PHY packet) it can even disable a connected port, which essentially has the same results as unplugging the cable from that port--all done by exchanging data packets and without any mechanical intervention.
So consider the following scenario: Ten cameras are connected on a bus and the PC has two FireWire adapters for extra reliability (if one fails, the other can take over) that are not connected directly to each other but only get connected through the bus. So the bus essentially is a straight line starting from one host adapter and ending on the other.
If an extraordinary event occurs (alarm conditions), then the PC can disable a selected port at the "middle" of the bus and thus "break" the bus into two 1394 buses, with each host adapter now handling five cameras on each bus. Thus the cameras can be configured into higher resolution/frames-per-second (but reduced redundancy if one adapter fails) during the alarm situation, so the quality of recorded information is even higher.
When the alarm condition is over, then the cameras can be set to normal resolution and the two buses rejoined to operate as one.
By nature, security systems require high levels of reliability. A video-surveillance system does an owner little good if the system can’t continuously capture video data.
A FireWire network offers far greater reliability and fault tolerance than does an Ethernet network at a fraction of the cost. The 1394 PHY virtually supports any topology and any number of loops.
Moreover, b-loop recovery is a much faster process than the recovery provided by the Spanning Tree algorithm: A b-loop disconnection only causes a normal bus reset, that is handled at the PHY layer and requires a maximum of about 166 microseconds to process while running the Spanning Tree algorithm may take several seconds, depending on the topology, as the bridges exchange Bridge Protocol Data Units and go through a number of states in their state machines. Clearly FireWire was a network designed to inherently support redundant connections, while on Ethernet redundancy only came as an afterthought and unexpected/dynamic changes in the network topology are considered an exceptional event.
The 1394 Trade Association has demonstrated the reliability features using off-the-shelf products and impromptu network configurations. The demonstration relies on cameras and a PC connected in a loop with video streamed from each camera to the PC. You can subsequently remove any one cable from the network and the video streaming will continue flawlessly from every camera.
System designers can leverage the fault-tolerant capabilities of FireWire through unique topologies and develop more robust capabilities relative to the simple example described above. Ethernet could potentially be deployed with some level of fault tolerance. But the fact is that most Ethernet switches and routers don’t support such capabilities.
System designers and installers will benefit from the flexibility that’s inherent in the 1394 PHY both in terms of topology and media. For example, you can daisy-chainFireWire cameras--a feature that Ethernet does not support. Ethernet can only be used in a star networks or tiered-star networks. With FireWire you can mix stars, loops, and other topologies.
If "star or tiered-star networks" versus "flexible topologies" is too abstract for your taste, then simply take a look at the diagrams showing topologies.
Figure 1 shows what a star topology looks like in practice. Compare it to a daisy-chain topology using FireWire for the same location, as shown in Fig. 2, below, and you can immediately see the huge gains in cabling costs and complexity.
|FIGURE 1. Typical star network topology.|
|FIGURE 2. Daisy-chain network topology using FireWire (1394).|
The 1394 standard also supports a variety of media types including Cat-5/6 cables, coax, and fiber-optics. In fact, a FireWire-based system could in most cases use coax cable that is in place, deployed previously for an analog security system. Naturally, a FireWire bus can be built by a combination of different media types, for example long-haul fiber or coax cables connecting together remote FireWire segments that locally use standard FireWire cables.
The nature of the FireWire bus allows the system designer to implement multiple monitoring stations at no added cost. The data is only transmitted once and the isochronous video stream is on the bus available for any node to receive, so any number of monitoring stations can be easily implemented.
The monitoring stations can even be completely separate from the recording stations as shown in Fig. 3, allowing the installation of dumb displays around the perimeter so the security personnel can follow the activity from several locations.
|FIGURE 3. Monitoring stations can be completely separate from recording stations in a daisy-chain FireWire network topology.|
When using VCRs, you need additional connections between the multiple VCRs and the monitoring stations in order to retransmit the video streams from one place to another. When using a digital network with mainstream IP cameras, in most cases two stations can connect to the same camera, but that means that the camera is transmitting two separate video streams. Clearly this does not scale well when many cameras need to be displayed on multiple monitors.
The IP camera
Ethernet proponents have been exalting the simplicity of an IP camera. Presumably the IP camera would be simple to install and use because people have a growing level of comfort with Internet technology. Moreover, some Ethernet proponents point out that security systems can use existing Internet applications such as Telnet so long as the camera has an integrated IP node.
Whether or not there are any real advantages to the IP concept remains to be seen. But the IP-camera concept does not require an Ethernet network. Ethernet equipment vendors on purpose cultivate the impression that IP and Ethernet are practically synonymous, but the Internet Engineering Task Force (IETF) has gone to great lengths to make sure that the IP protocol can operate over a variety of physical layers.
The IETF and the 1394 Trade Association have previously published standards allowing IP to operate over FireWire networks:
- RFC 2734 "IPv4 over 1394"
- RFC 2855 "DHCP for IEEE 1394"
- RFC 3146 " Transmission of IPv6 Packets over IEEE 1394 Networks"
- 1394TA 2009007 "IPv4 over 1394 Test Specification"
Ethernet is just one of the physical layers that support IP, certainly the most commonplace among office and home installations, but an IP camera could easily be built using FireWire as the physical layer of choice.
The most likely implementation of a digital security network will require a dedicated network for video traffic in any case. Mixing enterprise IT traffic with video stream would saturate the network and can cause issues with both the IT users that want fast access to the Internet and the security personnel that need guaranteed video delivery.
Still, there is almost assuredly a need to allow access to captured video from an enterprise’s IT network. The ideal implementation would use a FireWire network to connect the cameras to the control center. But the video servers in the control center would also be accessible on the IT network. None of the real-time video capture would impact the IT network, but employees could access stored video selectively via the IT network.
Security applications span a broad range in terms of the size of a network and the fidelity required. A convenience store or other small retail establishment might need a few relatively low-resolution cameras. Security at a site such as a large sports stadium might require tens or even hundreds of cameras spread around a large area. And demanding applications such as casino gambling floors require many cameras with resolution suitable to view details on the gaming tables.
A manufacturer of security systems that wants to develop a range of systems capabilities will find that FireWire can scale to meet applications across the spectrum. The FireWire choice is an affordable one even in a system with a few cameras. For large installations, system designers can use multiple FireWire segments to serve hundreds of cameras. FireWire also can support any resolution required and the mix of compressed and uncompressed streams.
As security camera networks move toward the digital domain, FireWire is proving to be the best choice to network the cameras. The technology delivers the fidelity, flexibility, and reliability required for security applications. The installer community will find the plug-and-play FireWire devices simpler to deal with than Ethernet.
Surely image resolution plays an important role in security and surveillance systems. The higher the resolution, the clearer the image or the wider the field of view, the greater the required bandwidth.
It is good to have an accurate understanding of the relative sizes of the most commonly used resolutions (see Fig. 4).
|FIGURE 4. Image resolution comparison for security and surveillance systems.|
The system outlined below is a relatively low-cost system that can outperform more expensive installations.
In the system shown in Fig. 5, we have a FireWire bus with 10 cameras and 2 PCs, which serve as recording and monitoring stations. Each PC has two FireWire adapters, which are a relatively inexpensive component, for improved reliability. The PCs are also connected to each other over an Ethernet connection, so that they can exchange control information without loading the FireWire bus.
|FIGURE 5. System uses a FireWire bus with 10 cameras and 2 PCs, each of which incorporates two FireWire adapters.|
Both PCs record all the video traffic on an internal array of RAID10 disks with hot-swap capability comprised by five identical hard disks of 2 Tbytes each. RAID10 means that two disks are joined in one volume 4 Tbytes in size (spanning), so that we get improved performance, and then they are mirrored to the other two disks so that we get improved reliability. The fifth disk is hot standby, which allows a very good level of recovery in case of a disk crash. The RAID is restored automatically and all we have to do is replace the failed disk, while the system operates at full redundancy but temporarily without a hot swap.
This kind of RAID capability is provided by many server-grade motherboards and does not require any additional hardware purchase. RAID10 is a bit more wasteful in space when compared to RAID5 but much easier to set up and manage for a low-cost solution.
There are three b-loops in this design: one going around the building, one running through the left half, and one through the right half of the building. This simple design allows the system to withstand a significant number of failures and still keep functioning.
It is worthwhile mentioning that the host can even detect the 1394 ports at which the b-loops are "broken." These are called "loop disabled" ports and they always come in pairs. So if the standard configuration of the system has six loop disabled ports and after a bus reset these become four, then the host software can immediately tell that a cable was damaged and a loop was closed to heal the bus topology.
Some example scenarios include:
- A device or cable failure (or malicious action) destroys one of the cables or one of the cameras (the cameras act as repeaters). The bus is healed immediately. The PCs, using the standard 1394 protocols, can detect that the topology is changed and thus notify the operator that immediate action is required.
- A hard disk fails in one of the two PCs. The RAID10 is automatically healed, RAID recovery is initiated while the system continues to operate and the operator is notified that immediate action is required.
- One of the PCs fails completely, despite the redundancies in hardware, power provision, etc. The second PC is still functioning and accessing all cameras so it can still record all traffic until the 1st PC is restored.
- This system design can even withstand two device failures at the same time--for example any camera and one PC at the same time, or any cable and a PC, or two cables/cameras, but not any combination of two cables/cameras.
Dimitrios Staikos is vice chair of the 1394 Trade Association and director of Codemost Technology (Taipei, Taiwan).