Why IP? Installation Challenges in Historic Grand Central Terminal

Fresh from the successful video security and systems installation at the new Agern restaurant and the Great Northern Food Hall in Grand Central Terminal, I spoke with Chris Kossifos, Managing Member of CK Technology Group, about the benefits of deploying an open platform, IP system within this demanding historic setting.

Agern restaurant in Grand Central Terminal

You just finished a challenging installation for both a high-end, world-class restaurant and a bustling retail food hall in New York’s Grand Central Terminal. A high-traffic, high-profile, historic location… why did you choose an IP-based video surveillance system?

This was a challenging but rewarding installation, certainly. One of the main advantages of using IP as our platform for all communications systems — not just surveillance, but also telephony, video menu boards, hard-wired data, WiFi (both public and private), door access control and all of the POS terminals — is that we can do everything over a single cable utilizing a converged network design. This is really empowering and is very much needed when you deploy in a location like Grand Central Terminal, where installing infrastructure presents unique challenges due to the Terminal’s historic nature (we have to be very careful with each wire we lay and each hole we drill). The fewer infrastructural changes we need to make in order to support the plethora of systems utilized in such a large and diverse operation, the better!

How robust is this system? What services are included?

To begin with, each location on the property has six distinct systems. As mentioned, the property utilizes video surveillance, door access control, POS terminals and printers, computers requiring LAN and internet access, as well as WiFi for guests and staff alike. We also have digital signage and music operating on the network. Each service shares the bandwidth of a single network cable to each location/station, which is vital because we aren’t afforded the luxury of space for large data rooms or trays of network cabling.

People often talk about how IP cameras are great because they have better image clarity, but that’s just one of their strengths. One of the most overlooked advantages of an IP surveillance system lies in its ease of use and integration into an existing network, all while being able to use one type of cable for everything. You can deliver power, video, data, everything over that single cable through a single switch port, and that same network switch can be used to provide a variety of services simultaneously and securely.

With multiple services and so much data, are you worried about bandwidth?

With the exception of real-time video chats, video surveillance is probably the most bandwidth-intensive service on a computer or communications network today. In the Great Northern Food Hall, for example, we use ultra-high-megapixel, 360-degree cameras, and yes, bandwidth was a real concern. But by using various Axis camera models with their Zipstream technology, we were able to compress the data and efficiently send it over the stream.

This solution is further enriched through our use of the Milestone video management software (VMS), offering a tremendous spectrum of control options with regard to frame rate, video quality, and recording metrics. For example, the recording of every pixel at full speed may not be necessary until there is some footage we actually want to see. We accomplish this by recording at a much lower frame rate until an event of interest occurs at which time the Milestone VMS is programmed to increase the frame rate which gets recorded as the event is taking place then throttled back down automatically for monitoring/viewing. This ensures that the activity we are trying to capture gets prioritized with regard to image quality and frame rate while simultaneously lowering the demand on the surveillance system as a whole.

There’s a lot of flexibility in the Milestone software that affords us numerous opportunities to customize solutions based on bandwidth, activity, motion and even the time of day. It is by far the easiest to use and most reliable video management platform we have come across in our nearly 20 years of deploying digital surveillance solutions. – Chris Kossifos, CK Technology Group

When you upgraded to Milestone XProtect Corporate 2016, did you notice any performance improvement?

Yes, we did. Video viewing performance has been greatly improved over previous versions of XProtect, actually there has been a massive improvement.

In our internal tests, we saw performance improvement as high as 70%. – Chris Kossifos, CK Technology

I’d say we see even more than that. We run a CPU meter app after installations, during our “burn-in” period, to monitor both the client and server performance before deploying live. When the new XProtect Corporate 2016 client was released, we performed a benchmark test. We ran an XProtect 2013 client next to a 2016 client and the difference was staggering. Previously, we would have CPUs spiking toward 100% capacity, and now we’re seeing around 20% and even 10% on some client systems. There is definitely a large difference moving to the latest version. Another great feature is that the latest version of the XProtect client works no matter what version of the XProtect server you’re running. You can run an older version of an XProtect server and the newer client still functions.

Shifting gears a bit, with such a system, how do you deal with multiple users and permission layers with the services?

The Great Northern Food Hall in Vanderbilt Hall of Grand Central Terminal NYC

Good question. In the food service business, generally there are a large number of transient employees, special events and seasonal business surges. Staffing needs to scale to meet the demands of the event or season. For example, it’s Christmas time now, and the whole food hall is decked out and a lot of new staff has been hired, including front-of-house managers and back-of-house staff, and many of these people need access to specific cameras and information. So rather than having to completely set them up with new credentials and access levels, we assign them into a pre-existing group that’s all managed through the Microsoft Active Directory server, which can assign roles and access without having to modify each individual user. All of this control takes place across the customer’s organization so a single directory change updates not only their access to the milestone VMS, but access to the PBX System, their computer logins, their email, etc.

This is something you manage within the Milestone VMS?

Logins and permissions can be a struggle when you’re dealing with so many users. A majority of tech support calls we receive have to do with authentication. Once the existing Active Directory structure is linked with the Milestone VMS, we can add people directly to the domain then easily configure Milestone XProtect Corporate by simply selecting the domain user. Now, with the Active Directory integration into the Milestone VMS, it’s the same password for the computer and email. This is particularly liberating because not every user has their own computer, they can go to the office and use a common PC and all of the configuration simply follows their profile. They simply launch the Milestone app and go.

Chris Kossifos, Managing Member, CK Technology Group

These are the kinds of details that don’t sound significant when you’re trying to sell a product. It’s not sexy, it’s not fancy, but when it comes to managing a large client base with hundreds of different users, it’s worth its weight in gold. Ease of setup, ease of management — Milestone meets all these needs for us and our clients. One of the most significant take-aways from this is that increased manageability of the system also lowers the total cost of ownership as much less management is needed from a human resource perspective.

You mentioned this location has a lot of restrictions on pulling new cables or making any kind of permanent installation. Did you deploy wireless cameras as a solution?

Yes, we have some wireless cameras in the system as well. We have them in other areas of the building that don’t require the 24/7/365 real-time surveillance. Generally, wireless cameras are not as reliable as wired ones, however they certainly fill a need while remaining highly cost effective. As with everything else on the client’s network, wireless cameras remain an important participant in our unified network approach and further highlight why IP is so cool.

To support this endeavor, we almost exclusively chose wireless access points from our partner, Ruckus wireless. Ruckus manufactures a very powerful product with great richness in features and flexibility, especially when coupled with their wireless LAN management server, the ZoneDirector. Utilizing policies in place on the ZoneDirector, we are able to have hidden wireless networks (hidden SSIDs) which we use exclusively for wireless cameras. The hidden networks are not visible to regular users but the wireless cameras can connect to these networks and the network has the intelligence to ensure the camera stream enters the security network exclusively.

And those wireless cameras stream into XProtect Corporate?

Yes, they’re all fed into the Milestone software, so although everything is on the same physical network infrastructure, we have six different networks running at nearly every location, including the security network. Once connected, the wireless cameras participate in the surveillance efforts like all the wired cameras with zero impact on the performance for our guests, staff or the other networks. It all runs seamlessly together – an elegant and secure solution. What’s important to realize is that running 80 or so ultra-high-definition cameras in the system creates a lot of network traffic.

Understanding that we had to deploy five other systems alongside the video surveillance, it was crucially important to ensure that the systems didn’t trample on each other. We employ a fully enterprise local area network and utilize best practices such as VLAN segmentation, layer 3 routing, Class of Service, etc., to ensure that the network traffic remains segregated and that we’re able to prioritize traffic effectively.

Video surveillance, along with the MICROS Retail POS transaction terminals, is very high priority traffic for our client. Lower priority traffic includes services like music and public WiFi. So, if the network ever starts to get congested, we’re able to adapt and give priority to the mission-critical services. The beauty of this design is that most of this is automatic and doesn’t require operator intervention.

Interviewed by Courtney Dillon Pedersen, Corporate Communications Manager, Milestone Systems

This article was also published January 17 on Business Solutions Magazine website.