Multi-Site NVR Solutions

So after talking to multiple “Security Camera Specialists” and being rather unimpressed with their solutions, I’m hoping I can get some thoughts and ideas on implementing a secure multi-site CCTV solution that allows for both remote viewing and is secure from a network point of view.

I am helping out my community modernize their camera systems which are currently at every entry point into the community. Each entry has a 2 to 3 PoE cameras, a UPS, an NVR, and its own internet connection which uses a router provided by the ISP. The ISP is fiber based with plenty of symmetric bandwidth and each location utilizes static IP addresses. That’s the easy part. The community also has a main gate which has an on-site security guard. The community wants a live feed of all the entries viewable by the guard. Currently this is accomplished by port mapping the NVR’s directly onto the internet (I can hear the collective gasp), and using software provided by the NVR vendor on a Windows 10 PC to view all of the cameras. None of it is currently implemented with any security in mind, no encryption (not even https), and raw RTSP feeds. To make things worse, the NVRs have not been updated by the vendor in quite some time.

So looking at this, it is very similar to a small business with a couple of sites that I want to network together, and that is how I ended up here. I was thinking of reaching out to companies like Lawrence tech services (and I would but we are not geographically near them) because of how little thought security camera vendors actually put into securing the systems they sell. Only one vendor out of many that I have spoken to even talked about networking and VPN equipment.

To me the solution that has the fewest components in harsh environments (NVRs in non-climate controlled boxes), is to create VPN connections between each entry and the main gate and record all of the feeds to one NVR (realizing this would need to be a high capacity/bandwidth NVR). While this looks good on paper, I don’t have the experience with commercial camera systems to know if this is even a reliable approach. This would also require networking equipment capable of multiple VPN connections with each connection having about ~10-20mpbs of continuous traffic. The community also wants continuous recording (being burned by motion activated recording a couple times). It isn’t a mission critical application but a needs to have a good up time and be able to recover if something goes down without user intervention. The second approach would be to continue each location recording to a local NVR but then using a secondary stream to send to the guard, using a secure network connection.

So my ask to the community is, anyone have a similar configuration and what did you do to solve it? Any particular camera, NVR, or networking suggestions? A pure Cloud solution is not out of the question either but there are a bunch of cloud only vendors and trying to find one that will still exist in 5 years may be the hard part.

In general the cameras need to be PoE, IP66 or IP67 and IK10 rated. Most the quotes I have seen so far are using cameras by Axis Communications, Arecont, Digital Watchdog or Panasonic. Some of the NVRs are Tyco’s exacq or Pansonic’s offerings. Open to anything but Hik-Vision equipment and would prefer some type of SSA.

I did think about going all Ubiquiti with a Dream Machine Pro and Ubiquiti cameras but being the cameras use proprietary protocols and being unsure if you could view all of the feeds from separate NVRs in one screen sort of ruled that out.

Not something we have used, but there is this. Eagle Eye Cloud Video Surveillance System

I would be hard pushed to recommend unifi CCTV right at the moment but honestly if I was tasked with doing this, that’s what I would use…

My 2p worth would be.
Pick a “primary site” to host the NVR and SG3100 with OpenVPN (or maybe wireguard). Maybe make that at the guards location?
SG1100 at each remote site with a PoE switch, UPS and cameras. VPN back to “primary”.

If you did go unifi you could use cloudkey or udm to run the switches as well as the cameras depending on how many cameras and how much storage that would take. If you don’t want to use the unifi CCTV (which is understandably) then any other IP based CCTV system should just run over the VPN.

Not sure if this helps (or to be honest where I got the numbers from…) but I work on 4.8mbps for HD cameras and 18mbps for 4k cameras for bandwidth requirements and then 2Gb / 7Gb storage per hour. 3 cameras per site gives you 15mbps UPLOAD requirement per site. 15 x num sites gives download requirement for “primary site”. num cameras total x 2gb x hours of retained recording required gives HDD space requirements.

As I say, just my 2p worth.

Also the unifi video tubes (can’t remember the proper name!) so your primary could be a totally different location, other side of the country and have a tube+sg1100 in the guards location.

That was one of the companies I came across in my search for cloud solutions. Verkada and Rhombus were the other two seeming large players. On paper they all look good, would be nice if I has hand on experience.

Your approach would be what I would personally do. However, my community wants a solution they can have a third party maintain. It is not a bad requirement because they cannot guarantee I’m not moving out in 6 months.

I believe you are referring to the UniFi Protect ViewPort PoE devices which basically are just an ethernet port and an HDMI out. I couldn’t find any information on if they only did local viewing or if they could do a mix of remote and local with multiple NVRs. I tend to find that Unifi’s site lacks details for those types of questions which is unfortunate.

You might want to avoid those, or maybe you can get them at a really good deal right now…

Yes, the View Port is the bit of kit I was thinking of.

No reason that someone else could not maintain a ubiquiti solution.

Fairly sure the viewport will only support one NVR as you have to adopt it on the controller you want to use it on. However if you have one NVR centrally located and VPN the remote sites back then you would not have a problem, all cameras go to the same NVR.