Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction


This document is intended for people responsible for installing and deploying 3VR Security Servers and servers/appliances to their customer communities. This 3VR Deployment Guide describes the important capabilities of the 3VR system. It contains a configuration overview and best practices demonstrating how to run the system efficiently through efficient product deployment. This guide also describes the hardened security measures 3VR has built into the product to address the IT requirements of today’s security buyers. 3VR has invested heavily to ensure that all 3VR Video Management Software (VMS) and appliances are as secure as possible against virus threats and external attacks.

What’s new in 3VR 8.1.1.x

Steps to follow for a successful upgrade

  • Upgrade client (System Manager/Op-center) to 8.1.1.x. The 8.1.1.x System Manager is needed to connect to the 8.1.x Enterprise and VMS. All 8.1.1.x clients can be used to connect to older 7.3.2.x or 7.2.5.x VMS servers/appliances
  • Upgrade the existing enterprise first to 8.1.1.x release
  • VMS Servers (Appliances) can now be upgraded to 8.1.1.x or can continue to stay on 7.3.2.x or 7.2.5.x environments

VMS Servers (Appliances) cannot be upgraded to 8.1.1.x within an enterprise, unless the enterprise is upgraded to 8.1.1.x.

New Features included in the release

For a complete list of features and how to use them, refer to the 8.1.1.x documentation included with the release.

Improving operational costs

  • Multi-enterprise support for simplified deployment
  • System Diagnostics and User Audits for superior support experience
  • New low cost storage solution with tape integration for extended storage

Providing more value for the customers

  • Leverage edge motion analytics at cameras for delivering large deployment options
  • View video anytime, anywhere on tablets or desktops using Web applications
  • Dynamic CPU/Memory/Storage for each camera at the appliance

New market opportunities

  • Real-time occupancy counter with alerting capabilities
  • Redesigned Dashboard for Retail locations with Context based metrics
  • 360p Camera support for retail and banking locations

3VR System’s Architecture and Security Features

The list below outlines the 3VR system’s basic architecture and points out its many security features.

  • The 3VR system is built upon a modular version of Microsoft Windows (either Microsoft Windows Embedded Standard, Microsoft Windows Embedded Standard 7 (WES) or Windows 7-SP1 Embedded (32-bit/64-bit)). It is implemented to severely restrict components that present security risks, such as Internet Explorer, and other applications, which have historically exposed vulnerabilities.
  • Interconnects between all 3VR applications are built on a proprietary protocol. This eliminates the attack vectors that viruses use to attack systems. To attack the 3VR system, intruders would have to build complex protocols. The 3VR software applications are also protected against denial of service attacks.
  • All 3VR software applications communicate using an encrypted and secure proprietary message passing protocol that minimize the risk of intruder access.
  • The 3VR system is hardened against all attack vectors with fully secure data streams in and out of the appliance.
  • The 3VR system conforms to industry-leading information security baselines; it poses an equal or lesser risk than alternative servers/appliances, workstations or operating systems on the market.
  • 3VR Servers/appliances use minimal bandwidth to prevent any disruption of existing business systems.
  • Communication only via a fully encrypted and secure proprietary message-passing protocol.
  • A minimal operating system and software stack on the appliance that omits unnecessary services.
  • 3VR Servers/appliances keep data at the edge until required. In addition, the servers/appliances perform search and reporting functions in a fully distributed fashion, thereby minimizing bandwidth-intensive communications. 3VR Servers/appliances first retrieve metadata and video thumbnails to help users refine their searches without pulling the complete video streams.

After many widespread commercial deployments, 3VR has not generated any security compromises.

3VR Application Characteristics

3VR has developed a series of products that are designed to be used within a unified “enterprise” that gives users a single operational and administrative view of all the VMS servers in the corporation.
The heart of the 3VR platform is the VMS server/appliance. The VMS Software records video from all attached cameras and, in real time, indexes and analyzes the video. The analysis phase can include facial recognition, license plate recognition, object tracking, people counting, etc., depending on the VMS server/appliance and camera configuration.

The VMS server/appliance locally stores the video itself, as well as the indexes and metadata derived from analysis. Only the 3VR software can access this data. Internally, the VMS server uses a mixture of flat files and an embedded MySQL database to store information. Neither the file system nor the database are network accessible. The figure below illustrates the 3VR system architecture within a sample deployment.

Video Management System

Users can deploy the 3VR VMS as either an integrated appliance or a managed software package. In either configuration, the system includes a Digital Video Recorder (DVR) with advanced analytic and search capabilities.

VMS uses a patented, multi-stage system for inputting and analyzing video from analog and IP (Internet Protocol) cameras. This system allows each camera to be configured to run the appropriate analytic mix, thereby maximizing the capabilities of each appliance. Each analytic component can add its own metadata to the video stream.
The metadata is processed in three different ways:

  • The appliance indexes and stores metadata in an embedded database (including both relational and non-relational elements) to support efficient forensic search.
  • When client applications (or Application Programming Interface (API) clients) monitor specific conditions, the content pipeline matches new events to their criteria and notifies clients in real time when new events occur.
  • When users view the video, they can use the metadata to discover information about the video itself. This provides valuable information about the information the analytics discovered.

Enterprise Server

Users can deploy the 3VR Enterprise Server as a managed software package within the customer data center or in the cloud. In either case, the Enterprise Servers provide:

  • Enterprise-wide administration across all VMS servers/appliances
  • Support common administration functions, such as adding and deleting users and appliances, and configuring cameras
  • Provide search, alert and reporting capabilities across the enterprise
  • Enterprise Server supports delegating authentication to an Active Directory/LDAP back-end to support single sign-on. Users are synchronized from the corporate LDAP/AD server.
  • Ability to push upgrades across all server/appliances within the enterprise

Clients connect to the Enterprise Server to learn about aspects of their 3VR installation, but then connect directly to VMS servers/appliances to perform searches, view video and monitor events. The Enterprise Server does not act as a conduit for video or other data.

The list below outlines the important Enterprise Server features:

  • Provides a directory of all VMS severs/appliances, organized by region, based on customers’ needs
  • Provides a directory of users and performs authentication
  • Collects health information from the VMS Servers/appliances and presents the stored data via the health dashboard. Users can access this data through the System Manager application or programmatically via the health alert API.
  • Hosts the 3VR case-management system, which allows investigators to correlate data across time and different locations while investigating an incident or series of incidents. This includes storing events, images and video files that are part of a case. See “Case Management” below.
  • Supports centralized software installation and configuration template for all VMS Servers/appliances within an organization
  • Provides a central execution point for application reporting, such as traffic counting and retail analytics

New with 3VR 8.1.1.x

Customers also have option of creating a multiple enterprise environment to manage VMS servers. The enterprise servers can be deployed based on countries, regions or business units to make it easier and simpler to manage VMS server/appliance.

Benefits of Multi-enterprise deployment

  • Multiple enterprises can be done based on Region, country, role, division
  • Allows roll-out of upgrades based on priority by enterprises
  • Reduces single point of failure of a single enterprise across the entire deployment
  • Allows the ability to setup a back-up server for reduced downtime
  • Centralized approach to managing multiple Enterprise Servers with a parent enterprise (like corporate enterprise)
  • One Enterprise Server can be a parent or child for another
  • Supports System Manager and Op-center

Best Practices of Multi-Enterprise Deployment for customers Upgrading for Existing Customers (7.2.x or 7.3.x) Enterprise

  • Recommendation is to have 2 levels of multiple-enterprises with the initial release of 8.1.1.x, i.e. have a single Parent Corporate (root) enterprise with child enterprises to manage multiple regions
  • Upgrade the existing enterprise first to 8.1.1.x release, this is the release that supports multiple enterprises. This will be the Parent Corporate(root) enterprise in the new multi-enterprise system.
  • Upgrade client (System Manager/Op-center) to 8.1.1.x to connect with the 8.1.1.x enterprise
  • VMS Servers (Appliances) can now be upgraded to 8.1.1.x or can continue to stay on 7.3.2.x or 7.2.5.x environments. VMS Servers (Appliances) cannot be upgraded to 8.1.1.x unless the enterprise is upgraded to 8.1.1.x.

For setting up additional multiple-enterprises, please download the following file: Multi-enterprise migration guide. Please contact 3VR FSE’s to configure multiple enterprises based on your deployment needs and model.

Case Management

In general, the VMS server/appliance does not upload video and event data to the Enterprise Server. To keep network usage modest, data is kept at the edge, that is, on the VMS server/appliance. Users can perform searches and other enterprise-wide operations in a distributed fashion. The only data that is uploaded to the Enterprise Server is the data and video used by the case-management system. Because events are manually added to cases, case-management data always represent a small amount of data compared to what is recorded throughout the enterprise. For large enterprises, however, the total amount of case storage on the enterprise may end up being moderately large.

Extended Storage Server

The 3VR Extended Storage Server (ESS) provides the ability to use either redundant or archival storage for all of the 3VR VMS Servers/appliances across the enterprise.

Client Applications

Client applications consist of the following three different applications to support three important feature sets. The 3VR client applications (discussed in more detail in the section, “Client Application Management”) are:

  • OpCenter: View live and stored video and to search video.
  • System Manager: Administer the Enterprise Server and servers/appliances.
  • Evidence Viewer: Package evidence videos for law enforcement.

The client applications do not support extensions or scripting. Therefore, attacks via these applications are not possible.

Data Integrations

In addition to indexing video by characteristics of the video itself, the VMS software can interact with other systems in the business to tag video with data about what was happening at the time it was recorded. This can include information from systems that manage alarms, access control, ATMs, teller transactions and point-of-sale purchases.

You can install plug-in software components on a machine running the VMS software or a VMS server/appliance to support these interactions, depending on your needs. You can manage the plug-ins (and the health of their connections to external systems) via the Enterprise Server.

Security

The 3VR system provides security at the physical and network level. All communication between the various 3VR components and client applications is encrypted.

Physical Access

3VR software servers/appliances can be physically accessed in one of two ways:

  • Logging in at the local console with a monitor, keyboard and mouse
  • Logging in to the 3VR client applications on a laptop that is directly connected to the system with a USB network adapter. This connection method is subject to the same security restrictions as a remote client.

3VR’s support of an embedded operating system within the 3VR appliances means that no unauthorized user can gain access to the underlying system.

Network Services

3VR has created an integrated VMS appliance that is highly resistant to network-based attacks. The applications most commonly exploited by attackers are either severely restricted or are not present on 3VR systems. These applications include:

  • Internet Explorer
  • Internet Information Server
  • File Transfer Protocol (FTP)
  • Telnet servers and clients

3VR does not use any form of file sharing for storage on the appliance.

To further protect the system, 3VR has built in a software firewall that restricts traffic to only the allowed ports. With this set of security measures in place, the 3VR VMS appliance uses only one type of service: a 3VR proprietary protocol that supports authentication with one-way, hash-based encryption.

Encryption

All communications between the components of the 3VR system and between client applications is encrypted. A symmetric AES 128-bit encryption key is negotiated using the Diffie-Hellman key-exchange algorithm. In addition, all communication between the 3VR components and client applications is renegotiated every hour. Encryption can be disabled using System Manager, but even when it is disabled, encryption is always used during user authentication, when user names and passwords are sent.

Communication Strategy

The diagram below shows the 3VR enterprise architecture, including the ports used for communication. See the table at the end of the document for a detailed listing of the ports used.

SMTP/SSMTP

3VR provides limited SMTP/SSMTP (Simple Mail Transfer Protocol/ Secure Simple Mail Transfer Protocol) support that is constrained to eliminate risk. 3VR provides outbound-only SMTP/SSMTP, and only provides it when a customer specifically configures it. 3VR does not allow SMTP forwarding. The software automatically determines the email content. Furthermore, the SMTP client is coded directly into the application and the 3VR applications do not contain any email receiving code.

Antivirus

3VR’s antivirus strategy focuses on lock-down. 3VR Servers/appliances do not currently perform antivirus scanning. In 10+ years of widespread commercial deployment, not a single 3VR system has been infected with a virus.

Vulnerability Testing

3VR runs Tenable’s Nessus vulnerability test suite on every release it ships. These tests consistently show that the 3VR system is clean with respect to known vulnerabilities. (Detailed test results are available from 3VR on request.) Network security personnel for various 3VR customers have run different suites with similar results.

Systems Management

3VR’s systems and user-management features are designed to provide central enterprise management and security.

Systems and User Management

3VR designed its systems-management solution to centralize the operations of all of the systems within the enterprise. By doing so, it maximizes the security of the entire deployment and the overall network. The following systems and user management security and centralized management features are provided:

  • 3VR separates login to the 3VR application from Windows login
  • 3VR stores passwords for user accounts in a SQL database using a one-way hash. No 3VR user account has access to the operating system. Windows user account logins are completely disabled on 3VR Servers/appliances
  • 3VR provides single sign-on capabilities, so that an administrator can centrally access and modify system and camera configurations on any specific 3VR system across an enterprise.
  • 3VR supports LDAP/AD integration through the Enterprise Server. Please see section under Enterprise server for additional details

User Management Features

The administrator can centrally manage users’ privileges and passwords. Administrators can restrict users’ access rights as described below.

User Access by Enterprise Server/appliance and/or Region

An administrator can grant a user access to certain specific VMS Servers/appliances, or to a group of servers/appliances in a region or an enterprise. For example,

  • An administrator may give a user access only to the servers/appliances in the Northeast Region
  • An administrator can grant users access to all servers within an enterprise

User Access by Role

An administrator may restrict a user to viewing video only, or only recorded video, or may only allow a user to create cases, etc.

Password Policies

The administrator of a 3VR Enterprise can enable password constraints to enforce one or more of the following password restrictions:

  • Require minimum password length
  • Require that the password contain lowercase, uppercase or non-alphanumeric characters
  • Prevent simple dictionary words
  • Prevent word variations
  • Prevent resetting passwords to a previously used password

The administrator may also restrict user behavior in respect to user accounts changes in the following ways:

  • Block an account after a given number of failed sign-in attempts
  • Require password changes after a given number of days
  • Block an account after a number of days of inactivity

    Any outside intruder who acquires the password for a 3VR user despite the protections above can only change data maintained by the 3VR software. There is no system access available via the 3VR software and, therefore, there is no risk to the system or network.

Maintenance Mode

3VR provides a special system access account used for maintenance. This account is accessed through a double password: one supplied by the customer and one built into the system that changes daily. No user can access the special maintenance functions unless the user correctly enters both passwords.

Systems Health Monitoring

3VR provides remote health monitoring with real-time health alerts for cameras, hard drives, systems, software and networks. Administrators can log on from a central location to monitor the health of components, thereby reducing potential downtime.

Upgrades and Plug-in Packages

3VR requires all installation packages to be signed using the industry-standard X.509 digital certificate and SHA- 1 signature mechanism.

Each installation package must contain:

  • A signed X.509 certificate issued by 3VR. This ensures that the package is trusted by 3VR.
  • A signed SHA-1 hash of the entire package. This ensures the integrity of the package and confirms that it has not been tampered with in any way since it was originally created.

By requiring install packages for system software and plug-ins to be signed, 3VR eliminates the possibility of rogue software installation. Software upgrades may be either performed in real-time or sent from an Enterprise Server at a scheduled date and time.

Updates/Upgrades Management Plan

3VR manages software updates and upgrades through the 3VR system software, which is inaccessible without the 3VR client. Customers can administer updates or upgrades by using 3VR’s System Manager without having to connect to each system.

Customers have the ability to choose the number of appliances they upgrade at one time using the Upgrade Software under the Maintenance Tab. The recommendation for deploying upgrades depends on the customer bandwidth available for the 3VR Application.

If the enterprise has been divided into regions, upgrades can be applied to one region at a given time. Depending on the size of the upgrade package, the recommendation is to apply upgrades to about 10 to 20 servers in parallel.

The diagram below shows the centralized upgrade process and the ports used.

Client Application Management

3VR provides the following applications for managing videos, users and systems, as well as monitoring video, receiving alerts and packaging evidentiary videos.

Op-Center and System Manager

3VR OpCenter is a powerful video monitoring and search application, which also includes the ability to create and track cases, develop watch-lists and configure alerts. 3VR System Manager is an server/appliance configuration and health monitoring application, used for camera setup, user management and performing system updates and maintenance.

Spot Monitor and Evidence Viewer

  • 3VR Spot Monitor is a simple application used to view multiplexed or sequential live video feeds on a TV or other monitor
  • 3VR Alert Viewer is an application that notifies the user when an alert has been triggered on the 3VR system
  • 3VR Evidence Viewer is a standalone application that packages video to be used as evidence with appropriate watermarks for law enforcement to use as evidence

Data Redundancy

3VR supports Redundant Array of Independent Disks (RAID) and Just a Bunch of Disks (JBOD) storage.

RAID and JBOD

For users that require data redundancy, 3VR offers configurations that support RAID. This provides fault- tolerance and protection against loss of video or data in the event of disk error or disk failure. All 3VR VMS Servers/appliances utilize on-board flash storage for system software and configuration settings. In the event that a “single disk” (JBOD) or entire array (RAID) fails, users can replace the drive(s) and the system will come back online with its all of its configuration information intact.

Alternatively, users can install a completely new system and then copy the system and configuration files from the failed system to the new system. This ensures quick return to full functionality without extended downtime for re-installing software and re-configuring the system.

Extended Storage Server

Extended Storage Server (ESS) is a VMS software package that users can add to a private or public network.

ESS provides the following benefits:

  • Supports different media to store backups, including the local file system, Network Attached Storage (NAS), Storage Area Network (SAN) and tape
  • Ability to retain and archive video data by providing additional storage across all the VMS Servers/appliances in the enterprise
  • ESS provides both redundant data storage, as well as archive data, for longer storage retention policies
  • Provides the ability to store video data in a data center based on customers’ needs
  • When configured for redundant data storage, reduces the risk of video data loss due to lack of local storage space within the VMS Appliance
  • Supports continuous or scheduled backup of video data to the Extended Storage Server
  • Enables users to access video from an Extended Storage Server in the event that the VMS Server/appliance is unavailable

ESS functions best on a powerful system with high CPU and storage capabilities for seamless data redundancy. For hardware recommendations for Extended Storage Server, please contact 3VR Field Service/Sales Engineers or Tech support.

Bandwidth Utilization

The 3VR system optimizes bandwidth utilization via the mechanisms described below.

Bandwidth Consumption

3VR designed its network architecture to ensure that the system minimizes resource utilization and respects bandwidth constraints even on relatively slow network connections, such as Digital Subscriber Lines (DSL). The 3VR system uses reliable TCP links for video and data transport, and relies on TCP re-transmissions capability in case of data loss. TCP has sophisticated algorithms for congestion avoidance that allow it to efficiently use slow networks without overwhelming them with re-transmissions.

Finally, the 3VR system naturally reduces bandwidth for live video streaming by employing adaptive frame dropping. All of these design principles ensure that the 3VR VMS Server/appliance functions efficiently under most network conditions. Bandwidth consumption in the application is highly dependent on load (for example, the number of faces recognized per minute). Below are some examples of load for certain applications.

ApplicationRateLoad
Live Video10 fps CIF

64kb/s

Search32 events, with three images per event150 KB total per page of search results. The Search results are downloaded one page at a time as the user asks for them.

Depending on event load, some amount of new event notification traffic flows from server to client.

Bandwidth Throttling

3VR systems have a configurable bandwidth throttle that constrains the bandwidth from an individual 3VR VMS Server/appliance to remote clients. Bandwidth throttling provides Quality of Service (QoS) by ensuring that bandwidth is available for other applications, even on slower networks.

Smart Streaming

Smart Streaming functionality helps utilize “network bandwidth” effectively and reduces resource utilization on 3VR client machines. The resolution of the video adjusts dynamically based on the view mode, ‘single-view’ or ‘multi-view’ mode, configured on the 3VR client application–OpCenter–so that videos display smoothly and jitter free.
If a user watches a single channel, that is, uses single-view mode, OpCenter renders the video with full resolution. If the user chooses to watch multiple channels, that is, uses multi-view mode, OpCenter automatically lowers the video resolution to ensure smooth video display.

Multi-Pipeline Manager

While viewing videos through OpCenter, Multi-Pipeline Manager allows video distribution across multiple processes within the VMS software. If the user sets the Pipeline Manager to a value greater than one, OpCenter distributes the channels across the processes using the benchmark process.

  • Users can also assign a specific process to a channel to ensure that the channel is able to use the process memory needed for smooth display.
  • Users should configure Multi-Pipeline Manager based on the CPU capacity and memory available on the VMS Server or Appliance.

Universal Camera Driver

A Universal Camera Driver (UCD) is a single camera driver that works for all IP/network cameras from a manufacturer (or at least all cameras past a certain firmware version). The idea behind it is that the 3VR system queries the camera to find out which settings, resolutions and frame rates it supports and then dynamically populates the 3VR System settings based on the response. 3VR implements UCDs for ONVIF drivers and several other camera brands, including Axis, Arecont Vision, AcTi, Innotech, Tyco Illustra, Milesight, Panasonic, Sony, Canon, HikVision, Vivotek and Hanwha.


UCD is designed to move away from specific drivers for each camera model from each manufacturer. UCDs should be future proof (or at least as future proof as the manufacturer's API allows) so that when a manufacturer releases a new camera, the driver should not only work with that camera without any further development required, it should also support its full set of features and resolutions. 3VR recommends using the universal camera drivers for the supported cameras. 3VR continues to add more manufacturers’ UCDs in each of the new releases.

Web Services

3VR VMS web service-based APIs include APIs to:

  • Create transaction events
  • Query for matching events (either once or for a stream of matching events that are delivered as they’re created)
  • Streaming live or recorded video
  • Monitoring health and audit trails
  • Creating and editing watch-lists tied to access control systems

The chart below shows the available 3VR VMS web service APIs, the programming languages associated with them, the data flow of information, and the port used for communication.

3VR also provides a client-side video API that is useful for client applications that require complex video-interaction capabilities. For example, 3VR uses the client-side video API to support central station systems, such as AMAG’s video capability.

The client-side video API uses 3VR’s proprietary communication protocols to retrieve video for presentation in third-party programs. Therefore, web services don’t need to be enabled to support client-side video.

Ports Used for Communication between the 3VR Enterprise Server and VMS Server/Appliance

3VR Enterprise Server (Inbound Rules)

ProtocolLocal PortLocal MachineRemote MachineRemote Port Usage
TCP803VR Enterprise Server3VR Mobile ClientAnyRemote 3VR Mobile Client connects to port 80 of Enterprise Server.
TCP25003VR Enterprise Server3VR Client (OpCenter)AnyRemote 3VR client connects to port 2500 of Enterprise Server for streaming videos.
TCP30203VR Enterprise Server3VR Client (System Manager)AnyRemote 3VR System Manager connects to port 3020 of Enterprise Server to push upgrades.
TCP30453VR Enterprise Server3VR Client, VMS server/ApplianceAnyRemote 3VR clients (System Manager and/or OpCenter) and Appliance(s) connect to port 3045 of Enterprise Server for data transfer.
TCP80013VR Enterprise Server3VR Dashboard Admin ConsoleAnyRemote 3VR Dashboard plug-in connects to port 8001 of Enterprise Server.
TCP80803VR Enterprise ServerExternal ClientsAnyRemote 3VR REST API clients connect to port 8080 of Enterprise Server for supported APIs.
UDP33333VR Enterprise Server3VR Client (System Manager)AnyPeer-to-peer communication between VMS servers as well as Enterprise Server to send status
TCP30463VR Enterprise Server3VR VMS Server /ApplianceAnyRemote VMS servers connect to port 3046 of Enterprise Server for heart beat/keep alive sync.
TCP30443VR Enterprise Server3VR Client (OpCenter)AnyShow Enterprise Server bandwidth and average latency.
TCP30013VR Enterprise Server3VR ClientsAnyRemote clients connect to port 3001 of Enterprise Server to write logs.
ProtocolLocal PortLocal MachineRemote MachineRemote PortUsage
TCPAny3VR Enterprise Server3VR VMS Server
/Appliance
3020Enterprise Server connects to port 3020 of remote VMS servers/appliances for schedule upgrade and server/appliance status
TCPAny3VR Enterprise Server3VR VMS Server
/Appliance
3046Enterprise Server connects to port 3046 of remote VMS servers/appliances to synchronize data.

3VR Enterprise Server (Outbound Rules)

ProtocolLocal PortLocal MachineRemote MachineRemote Port Usage
ProtocolLocal PortLocal MachineRemote MachineRemote PortUsage
TCPAny3VR Enterprise Server3VR VMS Server
/Appliance
3020Enterprise Server connects to port 3020 of remote VMS servers/appliances for schedule upgrade and server/appliance status
TCPAny3VR Enterprise Server3VR VMS Server
/Appliance
3046Enterprise Server connects to port 3046 of remote VMS servers/appliances to synchronize data.

3VR Server/ Appliance (Inbound Rules)

ProtocolLocal PortLocal MachineRemote MachineRemote Port Usage
TCP803VR VMS Server /Appliance3VR Mobile AppAnyRemote 3VR Mobile Client connects to port 80 of the Appliance
TCP5543VR VMS Server /ApplianceRTSP AppAnyRTSP app connects to port 554 of Appliance
TCP25003VR VMS Server /Appliance3VR Client (OpCenter)AnyRemote 3VR client (OpCenter) connects to port 2500 of Appliance for streaming videos.
TCP30203VR VMS Server /Appliance3VR Client (System Manager) or EnterpriseAnyRemote 3VR client (System Manager) or Enterprise Server connects to port 3020 of Appliance to push upgrades.
TCP30433VR VMS Server /Appliance3VR Clients (System Manager and/or OpCenter) and EnterpriseAnyRemote 3VR clients (System Manager and/or OpCenter) and Enterprise connect to port 3043 of Appliance for data transfer.
TCP30443VR VMS Server /Appliance3VR Client (OpCenter)AnyUsed to show current bandwidth.
UDP80013VR VMS Server /Appliance3VR Retail BI Admin ConsoleAnyRemote 3VR Dashboard plug-in connects to port 8001 of Appliance.
TCP80803VR VMS Server /ApplianceExternal ClientsAnyRemote 3VR REST API clients connect to port 8080 of Appliance for supported APIs.
UDP33333VR VMS Server /Appliance3VR Client (System Manager)AnyUsed to find all local servers/appliances during login.
TCP30463VR VMS Server /Appliance3VR Enterprise ServerAnyRemote Enterprise Server connects to port 3046 of Appliance to synchronize data.
TCP30013VR VMS Server /Appliance3VR ClientsAnyRemote clients connect to port 3001 of Appliance to write logs.

3VR Appliance (Outbound Rules)

ProtocolLocal PortLocal MachineRemote MachineRemote Port Usage
TCPAny3VR VMS Server /Appliance3VR Enterprise3045VMS Server/Appliance connects to port 3045 of remote Enterprise Server to do user authentication
TCPAny3VR VMS Server /Appliance3VR Enterprise3046VMS Server/Appliance connects to port 3046 of remote Enterprise Server to synchronize data.

3VR Extended Storage Server (Inbound Rules/Outbound Rules)

SecurityProtocolLocal PortLocal MachineRemote MachineRemote PortUsage
YesHTTP/Web socket443 (default). Can be configurable3VR Extended Storage Server (ESS)3VR VMS Server/ AppliancesAnyVMS Servers/appliances connect to port 443 of Extended Storage Server (ESS) to send or retrieve data, and the communication is encrypted.
NoTCP8081 (default). Can be configurable.3VR Extended Storage Server (ESS)3VR VMS Servers/ AppliancesAnyVMS Servers/appliances connect to port 8081 of Extended Storage Server (ESS) to send or retrieve data, and the communication is not encrypted.
  • No labels