SONAVISION DVR network viewing requirements
A White Paper
By Matt R. Duncan
There are multiple ways to view a SONAVISION DVR over a network. The four most common ways are a Local Area Network (LAN), a Wide Area Network (WAN) via a Virtual Private Network (VPN), remote connection software, and DNS (Domain Name Server) translation companies. This information will help you identify the pros and cons of your options, and the information we will need prior to installing your DVR. Please note that “dial-up” internet access/connectivity is not discussed here because the bandwidth requirements are, in most cases, too large for dial-up connection. High-speed internet access (DSL, IDSL, ADSL, Cable, T1, Fiber, etc.) will be needed on BOTH ENDS of the WAN for remote viewing access.
Connecting to a LAN
Connection to a LAN is the most common way DVR’s are viewed on a network and in most cases will be required to connect the DVR to a WAN. This is as simple as plugging in a CAT5 network cable from the DVR to a router, hub, or network switch. This will allow (in most cases) any computer on the LAN to “see” the DVR and therefore view it’s contents; just like the DVR was a computer or printer on the network. The DVR is assigned a static (non-changing) IP address at the time of installation. Once the connection is made, and the IP address is programmed into the DVR, any computer on the LAN can type the IP address of the DVR inside an internet browser (internet explorer) and make contact with it, and in turn see the video images or download the viewing software from the DVR.
Basic hardware that needs to be installed and working prior to installation in order for our technicians to connect the DVR to a LAN:
· Router, hub, or network switch (network hardware)
· A CAT5 (network cable) connection between the DVR and network hardware
· An open port (physical plug in) on the network hardware to connect the CAT5
If you have a high-speed internet connection to the building, or multiple computers connected together, you more than likely have the correct hardware needed; just make sure you have space available to “plug-in” the DVR to the network.
Information needed prior to installation in order for our technicians to correctly set up a DVR on a LAN:
· A static IP address, Subnet Mask, and Gateway Address inside the LAN. This information is easily obtained from the network administrator, or by typing “ipconfig /all” from the command prompt (Start menu / Run / CMD) of a computer on the same LAN. This information will allow us to tell the DVR it is part of the LAN and allow network connectivity.
Connecting to a WAN
This is where things get tricky. There are umpteen options when connecting the DVR to a WAN and this will cover some concepts and ways to do so.
NOTE: For ease of understanding, we are calling a WAN connection the “ability to remotely view your DVR”. A WAN connection, in all truth, is not what we are going to discuss here. If you need a “true” WAN connection, you need to hire a computer network firm to help. WAN connections require substantial investments and only need to be utilized under robust network requirements.
With that being said, what is a WAN? To make things simple, think of it as a way to view your network from a remote location, like viewing your office network from home, or visa-versa. There are significant network security concerns when addressing a WAN and we recommend having someone with experience on your network available, for we don’t know the “ins and outs” of your network.
Option 1, VPN tunnel:
A VPN tunnel is a common way people access their network from remote locations. Most of the time the connection is made from home to work (allowing people to work longer hours…). A VPN tunnel is software and/or hardware that talks to each other on both ends, establishes a secured “hand-shake”, and lets your remote computer securely breach your network. Once inside, your remote computer has access to anything on the LAN.
One of the big requirements is a STATIC IP address for the location of the DVR. Most businesses have, or can easily obtain from your ISP, a static IP address. (There may be an addition monthly charge from you ISP to have a static address). If you have a firewall at the location of the DVR, you more than likely need to create a VPN to get past it (or establish a DMZ which will not be discussed here). If you don’t have one already, you will most likely need to contact a computer network firm, or network administrator to correctly establish a VPN tunnel. A VPN tunnel is a very convenient way to “seamlessly” connect to your network from remote locations and is recommended if other work needs to be performed remotely; like printing, accessing office files, etc. This is generally considered a very secure connection, especially if it is a hardware-to-hardware VPN tunnel.
Things needed for creating a VPN tunnel:
· A static IP address from your ISP for the LAN containing the DVR
· VPN Software and/or Hardware on BOTH ends of the WAN (downloadable from the internet for a fee.)
· Network administrator/computer firm to set up the VPN prior to our installation
· A LAN connection for the DVR
Option 2, Port Routing or NAT:
Port Routing and NAT both require a static IP address (or DHCP routing through a company like TZO.com discussed later). Simply put, port routing and NAT (Network Address Translation) is telling your router that any incoming internet traffic should be sent to a specific LAN IP address. This is a very simple way to let the “internet” see your DVR without creating a direct breach in your network security. The pro to this is you don’t need special software or hardware on either end to get access to the DVR. Just type the assigned IP address from any internet capable computer and you will be “routed” directly to the DVR. The con, anyone in the world that knows the IP address can see the DVR. Of course the DVR is password protected, but like all other computers, it has the potential to be hacked and therefore the ability to let the world see your video. Note: if someone does “hack” into the DVR they most likely can’t do any harm to the rest of network.
Keeping this in mind, this is a popular way of setting up a DVR and the security risk is very low.
Things needed for port routing or NAT:
· A static IP address from your ISP for the location of the DVR
· A LAN connection for the DVR
· Administrator username and password to get into your router
· A network administrator to help set up the routing
Option 3, remote connection software:
Lots of people today use software like PCANYWHERE to access their network remotely. This is software on both ends of the WAN that allows your remote computer to “log-in” to a computer on the LAN. Once logged in, you can view your DVR through a LAN computer via the viewing software or internet browser of that machine. This is generally considered a safe connection but is often times a “slow” connection. It’s reliant upon having enough bandwidth on both ends, the LAN computer being turned on, having the software running on both ends, and both computers having enough processing power to multi-task.
Things needed for remote software connection:
· A static IP address from your ISP for the location of the LAN computer
· Software on both ends of the WAN running
· A computer on the LAN with enough power and bandwidth to run the software
One thing in common you will see between all three of these options is a STATIC IP ADDRESS at the LAN location. There are ways around this, but the bottom line is this; if your remote computer doesn’t know “where” your LAN is on the internet, there is no way to connect to it. It is highly recommended that you talk to your ISP about obtaining a Static IP address prior to having the DVR installed.
DNS Translation companies:
ISP’s often only supply a DHCP IP address, or one that changes. This allows them to assign IP addresses to their customers without tying up resources. Every time your internet router is reset, or on a set schedule, it contacts the ISP and is given a new public IP address. Because you never know what the address is (in most cases), it’s not proper to set up any of the previous options with a DHCP address.
The most common way around using a static public IP address is to use a company like TZO.com. TZO.com is a company that your router talks to every time your DHCP address changes and “remembers” the new IP address information. Then, from the internet, you type in http://www.yourdomain.com and you are “re-routed” to the IP address your router forwarded to TZO.com. This is a great option for people that have DVR’s at their residence, as most ISP will not supply a static IP address to a residence.
Things you will need to set up TZO.com (or other DNS translation companies):
· A public DHCP address
· A registered domain name (www.yourcompny.com)
· A router capable of forwarding to TZO.com (see your router manual for capability)
· Set up of port routing or NAT (See option 2 above)
Hopefully this helps identify potential options for utilizing your SONAVISION DVR to its fullest capacity. We, being a security company, always recommend contacting a certified network professional when dealing with potential network security risks. This information is to help you better understand your option and inform you of things we will need. We, in no manner, said or expressed herein, take on any liability for potential network security risks by connecting your DVR to your network.
Copyright 2006 Matt R. Duncan
