i want to get into casino surveillance business!

[balitech 0]

i have many systems i have designed just need to implement

[scorpion 0]

I was curious? Do you already have a shop, or an office, or are you looking in to start up cost, advertising etc, etc, or are you just reaching out to people to hire your services?

[sic0048 0]

Personally I think he has been watching too much Las Vegas.

[scorpion 0]

LOL!

[sinbad 0]

casino sounds like a fun account. sign me up 2.

[CollinR 0]

I know around here you need a responce time that makes them very difficult to cover for a startup.

[survtech 0]

I know around here you need a responce time that makes them very difficult to cover for a startup.

Quite true. MICS requires that malfunctions be repaired within 72 hours. Many casinos may require better than that. Typically, for critical cameras, we fix ours (or provide a temporary workaround) within 24 hours.

[woodyads 0]

i have many systems i have designed just need to implement

 

The first thing I ask for is a reference site. I work on a hot mine so my questions are. Give me the phone name and email address of a customer in a hot, dry, dusty environment with a tight IT security model and remote power and complex RF issues. The other customer would have to be of the same scale. I'm also check for a history of the equipment operating at 60 degree C.

 

If I was in the casino industry I would be asking for a past customer with the same network infrastructure, a tight IT security model, a solid implementation of Qos, Redundancy, live disaster recovery sites, SANS infrastructure, and virtualisation. I would also want to know how big your insurance policy was.

 

It may be advisable to try to team up with a QoS consultant. Currently Voice on IP are the highest paid specialists in the IT industry. The real issues with VOIP are QoS based. Once you install VOIP and Video on IP the synergies are massive as one will pay for the other. In reality once you head down either path QoS will become the future focus.

[survtech 0]

If I was in the casino industry I would be asking for a past customer with the same network infrastructure, a tight IT security model, a solid implementation of Qos, Redundancy, live disaster recovery sites, SANS infrastructure, and virtualisation. I would also want to know how big your insurance policy was.

I am in the casino industry.

 

1. We don't care much about past customers' network infrastructure since each casino is vastly different and Surveillance rarely, if ever, shares network infrastructure with IT.

 

2. Casino Surveillance could care less about Qos.

 

3. Redundancy is good, within limits. Total redundancy is way too expensive when your storage is over 250TB and the total non-redundant system cost is millions.

 

4. Casino Surveillance could also care less about live disaster recovery sites. Data is rarely, if ever, stored offsite due to sensitivity and its subjection to subpoena when stored off-reservation.

 

5. What is SANS infastructure? If you mean SAN storage, that depends on the system - we use direct-attached.

 

6. Virtualization? Of what? The matrix? Too much latency for us.

 

7. We require at least $1M liability, etc.

[woodyads 0]

 

1. We don't care much about past customers' network infrastructure since each casino is vastly different and Surveillance rarely, if ever, shares network infrastructure with IT.

 

2. Casino Surveillance could care less about Qos.

 

3. Redundancy is good, within limits. Total redundancy is way too expensive when your storage is over 250TB and the total non-redundant system cost is millions.

 

4. Casino Surveillance could also care less about live disaster recovery sites. Data is rarely, if ever, stored offsite due to sensitivity and its subjection to subpoena when stored off-reservation.

 

5. What is SANS infastructure? If you mean SAN storage, that depends on the system - we use direct-attached.

 

6. Virtualization? Of what? The matrix? Too much latency for us.

 

7. We require at least $1M liability, etc.

 

You are a vendor to the Casino industry. I was implying what I would look for if I was in the Casino industry not as a vendor. My point being that with no reference sites I would be unlikely to take on a vendor based on designs only. If your customers aren't asking for and checking reference sites then it is their bad practice and not one that should be seen as an industry standard or acceptable by any means. Much of my job is correcting poorly deployed IT infrastructure where the customer has failed to check the vendors reference sites. We call this slide-ware because the customer buys on the strengths of a power-point slide presentation.

 

How to check a reference site.

Get on the phone and find the person who is fixing the stuff-ups. Not the person who ordered the system they will always tell you its great. Make sure they have similar issues to you. Even if the Video system is non IP you should still check reference sites.

 

CCTV on IP can use layer 1,2,3 and 4 security. Non IP can only use layer 1 security. There is food for thought.

 

Banks use DR sites for their data so why don't casinos for their data and video? These facilities already exist.

 

Virtualisation of servers and infrastructure. Increases availability, instant failover and rebuild. SAN infrastructure is crucial to server virtualisation.

 

QoS. Since it is the biggest slice of the pie and the thing that will create the most headaches moving forward into the future. Eventually IT firms will sell IP infrastructure consolidation, Phones, VC, Two Way, Surveillance and data all done properly with QoS. Video surveillance integrators will loose business to these companies. Not caring less about QoS could be a big mistake.

 

I thought the casino industry would be all over these technologies. Especially for entities that own more than one casino.

[rory 0]

Video surveillance integrators will loose business to these companies.

 

I highly doubt it. CCTV companies will evolve with whatever the current technology is that best suits their industry, or more so each individual application; as they do now.

 

IT companies have typically just jumped into the industry, without knowing its not plug and play, it is a whole other industry in itself. To get the right camera for the right job, is not 1+1, never has been, never will be. Now this is true with not just IT companies, it happens to techs from other industries, especially Alarm Companies, and even first time start ups. Only with lots of time and dedication will they ever become an expert ... and for that, they will need to give up time on something else.

 

Anyway, there are reasons there are experts, an expert in Networking wont necessarily be an expert in CCTV .. neither the other way around. Its good to know a little of the this and that, but as the saying goes, "if one is an expert in everything, then one is not an expert in anything .." (well yah I just made that up )

 

Like survtech said, we dont really care about the network, its not our job .. its just a nice extra toy but its not the main guts of the Video Surveillance system. Now if one is ONLY installing IP network cameras, then thats their job to either know or sub it out, i say sub unless its a basic network, spend their time on the actual cameras and system, let someone else worry about maintaining the network, someone that is an expert in that "field".

 

Heck, down here, most home users could care less about whether they can view it over the internet .. they just want catch they husband cheating or the murderer kicking in the front door .. most times its sad, but they dont even want to record it .. but hey, they are the lion share of the market .. Retail stores are so so, they are so used to buying their own product to resell, many like to just go online and order the cheapest thing they can find .. or the first thing.

 

Anyway, we've been here before on another thread .. you know how I feel, IP software still has a way to go IMO, from what Ive seen so far, and so do most of the cameras. Only when more experts (i say more as many are now) from the CCTV world venture into the development side of it, will it then get much better, and eventually cheaper. Look at it this way, I can write software to do pretty much anything, but If I dont know the industry that Im writing it for . .. it wont be that good.

 

Really though, if CCTV companies began to actually loose CCTV work to IT companies, i'm sure they would start venturing into IT as well .. its not that difficult if they are loosing money over it

 

Lastly .. most IT companies and guys I know, arent about to go out in the hot sun all day and work all night, days on end, installing cameras, most of them have their mind set on A/C and easy work and big money

[woodyads 0]

Guess my point is, now is the time to nail the NVR market by becoming and expert in QoS and VOIP and doing the full integration. There are thousands of largish companies who would jump at the technology if they new it was there.

 

The IT companies I talk about aren't your corner store boys, They are your big cumbersome Unisys's etc. Who are too busy fixing up all the Sarbanes and Oxley issues and VOIP to even consider CCTV. That's why there is an opportunity. They won't hunt down the work, they will eventually be asked by their customers for it. They will turn to the CCTV industry for the camera specifics but the rest of the work will go out other doors. The software, network, cabling, servers and control rooms will bypass the integrator along with bug bucks and opportunity.

 

Fine if your happy with your home customers but once your corner computer stores starts selling to them your margin goes south pretty quick.

 

Rory's right. You won't really loose work, but I can see there is an untapped market out there and its huge and premium.

[rory 0]

I hear yah man ..

[survtech 0]

You are a vendor to the Casino industry.

No, I am in the casino industry, not a vendor to it. I manage Surveillance Technicians at a major casino.

 

I was implying what I would look for if I was in the Casino industry not as a vendor. My point being that with no reference sites I would be unlikely to take on a vendor based on designs only. If your customers aren't asking for and checking reference sites then it is their bad practice and not one that should be seen as an industry standard or acceptable by any means. Much of my job is correcting poorly deployed IT infrastructure where the customer has failed to check the vendors reference sites. We call this slide-ware because the customer buys on the strengths of a power-point slide presentation.

I understand what you are saying but you must understand that the casino surveillance business is very close-mouthed. It is difficult, if not impossible to get vendor recommendations, either good or bad, from other casinos. Also, a large percentage of the surveillance tech departments in casinos are not that knowledgeable about IT. Casinos are notorious for not being willing to pay enough to get highly trained technicians. Most are trained on-the-job.

 

CCTV on IP can use layer 1,2,3 and 4 security. Non IP can only use layer 1 security. There is food for thought.

IP is not viable for most casino surveillance yet. The costs are too high; the bandwidth requirements are too high; the infrastructure is not there and the incentive is not there. Remember you are talking about thousands of cameras, each sending 2-5Mb/sec. You also need a complete rewiring of the entire casino with Cat-5/6; also requiring distribution points no more than 100m apart in an area not designed to accomodate IDF closets.

 

Banks use DR sites for their data so why don't casinos for their data and video? These facilities already exist.

Primarily because of the nature of both the data and Surveillance itself. We have 250TB of primary storage that would be impossible to back up either on or off-site due to its constantly changing nature. We also have 8TB of RAID61 for long-term evidence storage that could be backed up off-site but once the data leaves the reservation, it can be subpoenad by anyone with an axe to grind. We do back up this data but store the backups locally.

 

Virtualisation of servers and infrastructure. Increases availability, instant failover and rebuild. SAN infrastructure is crucial to server virtualisation.

Cost, cost, cost! And availability - find me a DVR/NVR manufacturer that builds such equipment.

 

QoS. Since it is the biggest slice of the pie and the thing that will create the most headaches moving forward into the future. Eventually IT firms will sell IP infrastructure consolidation, Phones, VC, Two Way, Surveillance and data all done properly with QoS. Video surveillance integrators will loose business to these companies. Not caring less about QoS could be a big mistake.

See above. Also, bandwidth. Remember, we are talking about thousands of cameras at say, 2-5Mb/s plus the rest of the data. Nobody manufactures equipment that can handle that efficiently, reliably and especially economically.

 

I thought the casino industry would be all over these technologies. Especially for entities that own more than one casino.

The casino industry is not "all over these technologies" because they are not yet viable for our purposes: they cost too much, they require too many changes to facilites and they are unproven.

 

Also, where is the ROI? It is difficult enough for most casino surveillance departments to convince higher-ups that it is worth plunking down big bucks on something that does not directly generate income. Casino surveillance is often regarded as a "necessary evil" that gets the minimum investment needed to meet regulatory requirements. In that atmosphere, it is nearly impossible to justify large expenditures.

[woodyads 0]

Very good points. The Casino industry being closed mouthed would a problem in getting reference sites. Also the issue of meeting minimum regulations wrapped with a least cost mentality. This will create a technology gap between casino's and other industries. The RIO for all NVR installations will at first come with synergies with other technologies. VOIP is one of the first for most industries, for us it was RF infrastructure and tyranny of distance. Our control room is 2km from our pit and we can't run any cable. (Definition of an excavator is a machine specifically built with the sole intention of locating and severing fibre cable). We did actually pick up VOIP as a bonus as we put in a building out in the middle of nowhere and used the data infrustructure for just 5 phones. I new another department was running short on copper cable for standard phones so I sold them the idea of VOIP and they helped pick up the cost.

 

Server Virtualisation has been long been available for many NVR's. As long as there is no service specific hardware on the server it can be virtualised. This is the main advantage NVR's have over DVR's. DVR's can't be fully virtualised because of the cards in them. There is a term for all this garbage, its referred to as Enterprise Orientated Architecture. There are many crap articles on the net about it, check out TechRepublic for some of the better ones.

 

Synergies for the Casino industry could come from VOIP or multi site management, or reducing the footprint of your control rooms. I guess a good question for Survtech is are the gambling machines on IP or looking to go that way, do you record the conversations of the security staff radios, is your data on virtual servers, have you looked into power on IP (not power over ethernet), does your data and video share the same UPS system, and are there any changes planned to the phone infrastructure in the near future?

 

A strong argument against these technologies is the physical layer security. (Layer 1 in the ISO model) It has always been considered the primary level of security but as time goes by and security on the higher layers improves it is slowly being eroded. I believe that it will totally disappear.

 

Another strong argument for Casino's not requiring to head down this path so quickly is many may not be public companies. Sarbanes and Oxley only applies to public companies, This is a set of regulations regarding the accountability of directors for the companies data. Those who have to comply, are more likely to have infrastructure and synergies to deploy these newer technologies.

 

You guys are right NVR is expensive, I don't think NVR sells itself. I think you have to sell it off with other technologies.

[rory 0]

Server Virtualisation has been long been available for many NVR's. As long as there is no service specific hardware on the server it can be virtualised. This is the main advantage NVR's have over DVR's. DVR's can't be fully virtualised because of the cards in them.

 

You can still do this with DVRs .. simply using the network ., each video camera connected to the DVR is a seperate network connection .. so you can basically do the same thing .. just depends on the software developer and the DVR card in question.

[woodyads 0]

Still can't be fully virtual, . DVR's can have a workstation to view the image, but if you want to shut down the server, or want to move the server to a DR site it can't be done virtually. A virtual server can't have hardware dependencies, you might be able to put the licence server, data and database different servers that could be virtualised. Then the computer with the card will only be capturing and capture encoding itself. But once you have done this you have created a NVR anyway, using the computer with cards as of encoders. The big difference between an encoder and a computer with a card in it is security. Encoders are essentially data loggers that are not susceptible to the standard viruses as they have cut down OS's that are two rare to attract virus builders. They also lack the services required by viruses to spread themselves as well as only answer to a couple of open ports. So IT will accept your encoders or IP cameras as standard equipment but a computer or server with a Capture card in falls outside the SOE environment and is not EOA complient.

 

My control and server rooms are adjacent to the Heavy Duty workshop. (not the best place for it but I wasn't given the time to erect a new building) If we had to evacuate and shut down power to the area I can start a new virtual server in one of the other two server rooms on site. I couldn't do this with DVR's with cards in them because IP is self routing and coax is not. The closest of these rooms is 1.6 km away and the closest camera is about the same distance with other 2km across wireless bridges. NVR has no specialised hardware, it becomes transparent and can be 100% virtualised. Its only dependency is IP address the clients machines call for this can be changed in one DNS entry. Even then IP addresses are virtual it is the mac address that is physical.

 

While I could have built a cheaper solution using DVR I would end up having to support the server as a specialist system. As NVR I can push the whole server to IT and as classic enterprise orientated architecture the will deliver the whole virtualised server architecture from their budget with out me having to lift a finger. I am going into discussions next week with several other sites and one of the topics of discussion will be centralisation using virtualisation in a capital city. I have already had discussions with local IT about them using my server room as DR that they can visualise their servers into and we will be going that way. Our onsite processing plant has been told by the general manager to implement the same Open Route Surveillance system I have in the pit. So we will be able to share what ever server or servers we decide to put the NVR system on and where we would like to keep the data and use the budget to fund the virtualisation of other servers and services.

[rory 0]

Still can't be fully virtual, . DVR's can have a workstation to view the image, but if you want to shut down the server, or want to move the server to a DR site it can't be done virtually. A virtual server can't have hardware dependencies,

But the NVR has hardware dependencies .. the IP cameras, not to mention the PC, switches, etc. Though i understand what you mean (see further down).

 

you might be able to put the licence server, data and database different servers that could be virtualised. Then the computer with the card will only be capturing and capture encoding itself. But once you have done this you have created a NVR anyway, using the computer with cards as of encoders.

Correct, DVR software has had this for a long time now.

 

Actually not all DVRs, but with GeoVision, each channel on the card is a separate network connection, which really helps when writing custom software - in other words I create my own multi views. Other DVRs I have tested though dont have that feature and you are somewhat limited. We are inevitably limited either way, to what the manufacturer gives us access to in their code.

 

The big difference between an encoder and a computer with a card in it is security. Encoders are essentially data loggers that are not susceptible to the standard viruses as they have cut down OS's that are two rare to attract virus builders.

There are embedded RTOS DVRs on the market, which have been around for several years now. I installed and supported these for several years - example; Kalatel DVRs (now GE), and yes not susceptible to viruses and such was a selling point - at the time - however things have changed, once you setup XP properly it will be fine. Granted these dont typically have the features of the Windows XP PC systems.

 

They also lack the services required by viruses to spread themselves as well as only answer to a couple of open ports. So IT will accept your encoders or IP cameras as standard equipment but a computer or server with a Capture card in falls outside the SOE environment and is not EOA complient.

A Windows XP PC will only respond to specific ports, once you use TCP/IP Port Filtering, and disable all unnecessary services. I always block all ports, except those required by the DVR server, and disable many of the default windows XP services. However it is designed for other PCs to connect to, yet requires knowledge of the code to do so. Granted most DVR builders dont do what I do on setup.

 

My control and server rooms are adjacent to the Heavy Duty workshop. (not the best place for it but I wasn't given the time to erect a new building) If we had to evacuate and shut down power to the area I can start a new virtual server in one of the other two server rooms on site. I couldn't do this with DVR's with cards in them because IP is self routing and coax is not. The closest of these rooms is 1.6 km away and the closest camera is about the same distance with other 2km across wireless bridges. NVR has no specialised hardware, it becomes transparent and can be 100% virtualised. Its only dependency is IP address the clients machines call for this can be changed in one DNS entry. Even then IP addresses are virtual it is the mac address that is physical.

Bingo! See you now have something that a DVR cant do!

Good point .. because you are connecting to the cameras themselves .. well the main switch/router, or over the net.

 

While I could have built a cheaper solution using DVR I would end up having to support the server as a specialist system. As NVR I can push the whole server to IT and as classic enterprise orientated architecture the will deliver the whole virtualised server architecture from their budget with out me having to lift a finger. I am going into discussions next week with several other sites and one of the topics of discussion will be centralisation using virtualisation in a capital city. I have already had discussions with local IT about them using my server room as DR that they can visualise their servers into and we will be going that way. Our onsite processing plant has been told by the general manager to implement the same Open Route Surveillance system I have in the pit. So we will be able to share what ever server or servers we decide to put the NVR system on and where we would like to keep the data and use the budget to fund the virtualisation of other servers and services.

 

Sounds good ... definitely sounds like you are on top of that .. let us know how it works out .. any demos, screen shots, specs, etc you can also share I am sure would be appreciated by others here that may be looking at similar applications. I WILL be looking at it in the not to far future myself

 

Thanks

Rory

[woodyads 0]

Special thanks to Survtech and Rory. I have to give a presentation on Wednesday to 30 people from other mine sites around Australia. And will have several of them flying to site on Thursday to view my setups and systems. Most are interested in the IP video system but can't see the importance of the synergies. Your feed back to what I have been saying is invaluable. It gives me an idea to what people will consider as important.

[woodyads 0]

Rory,

 

The security issues with computers are many. I kind of think that if I am going to leave holes get IT to deal with it. This is the long way at looking at the problem but is how I think

 

I have a choice of databases. MDE or SQL. Problem with databases is backing them up. There are open file issues and restores don't always work. You really need a specialist cause you want to get on with what you are good at. So my IT department have no issues with SQL it is enterprise orientated and we have hundreds of SQL databases. So that falls under the service agreement where the MDE does not. Its not all that hard to backup an MDE but I am not interested in testing the restores, tape integrity and everything else I should do.

 

Problem with SQL is it advertises its presents over the network and requires protocols to log in etc. (same for MDE's) . Remember the Slammer virus. Many viruses have exploited holes in the login protocols, and once they get in they look for typical files they can infect. From there they can re-enable services or replace service files with infected versions. So at the end of the day anything that resembles a standard PC or server required daily virus and security updates. All of which should be tested in a test bed environment before deployment.

 

Encoders may use as little as 3 login or reply services, and do not have a standard directory structure. Change of firmware must be done through a dedicated protocol, it can't use redirector or many other standard services or the standard Windows logon protocol. The first service a hacker will find is telnet. However this should be blocked at your firewall. Encoders are just to limited to provide any services to be of any use to viruses.

 

I am always going to be suspicious of any cut down version of Windows or Windows CE. Two of my vendors are currently looking at such systems and I am leaving it up to IT to pass judgement. I certainly won't be an early adapter of that technology. If i am forced to use it I will certainly deploy Static IP addresses and port filtering to those areas. Not as good as being able to handball it all off to IT.

[rory 0]

I never got into SQL server myself, never had a need to .. yet. But remember, one can always pull the power cord on a PC ... or even the encoder .. so security will always still be limited regardless of the hardware, and basically if a criminal wants something bad enough, they will get it, somehow

 

I hear you though, if its a big company and they have IT staff, let them handle it, makes sense. Done that in the past and makes life easier.

 

Dont fear stripped down Windows though; 50% more or less of the services with default Windows XP are not required by a DVR, NVR, and many other applications. Many of the components are not required either (though thats where it gets a little iffy). Check out the Nlite community for more info on that.

 

In fact you dont even need Explorer.exe. I use BBlean for some applications, as the explorer replacement, works well; Note - its just a desktop replacement, you still need to block other windows features such as Task Manager and Windows Shortcut keys (i do that also). Other than the XP login and Shutdown screens (which can also be disabled), you dont even know you are in windows. I even created my own non windows desktop.

 

Close ALL TCP, UDP, and IP ports, but only add required TCP ports. Yes you can telnet to those ports, but if there is nothing on the PC side to interact with, such as an Exploit or other Service, then they cant really do anything. Most security issues with PCs really stem from users browsing the web or using some other 3rd party software though. Disable XP auto updates also - do any safe updates manually.

 

Nothing is ever going to be 100%, even the RTOS embedded systems are susceptible to an extent, heck satellite boxes, cable boxes, cell phones, you name it, they hack them down here (call this the Hong Kong of the West!).

 

In the end though, a simple paint ball gun, or high power surge, can bring even the best system down. You can only do what you can ..

 

Anyway, also check out these links:

http://www.cctvforum.com/viewtopic.php?p=36977#36977

http://www.cctvforum.com/viewtopic.php?t=7342

[survtech 0]

We use the simplest and most secure network of all for our DVR and viewing system - a closed network. We have no connections (other than KVM's) to the casino's domain and only one (firewalled) connection outside of Surveillance for viewstations.

 

As we expand into IP cameras and other remote connections, we intend to keep our system totally independent from any others on the property. This pretty much insures against external attacks. It also prevents data overload on either system.