Configuring Media Gateway roles - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

You can enable the RTSP protocol on your system or improve the streaming performance of the Web App Server and Web Client Server roles by changing the settings of the Media Gateway role it is assigned to.

Before you begin

If you want to enable the RTSP protocol, the Number of Media Gateway RTSP streams option in your Security Center license must be greater than zero.

What you should know

The RTSP protocol is disabled by default for security reasons. If you enable it, both Require TLS (RTSPS) and User authentication options are turned on by default. We recommend that you leave them on.

Procedure

  1. From the Config Tool homepage, open the Video task and click the Roles and units view.
  2. Click the Media Gateway role that you want to configure and click the Resources tab.
  3. (Optional) Change the role’s primary server.
  4. To configure load distribution for the Media Gateway, add servers to the role.
    1. Click the Resources tab.
    2. Under the Servers list, click Add an item ().
      A dialog box opens, listing all remaining servers on your system not assigned to the role.
    3. Select the server that you want to add, and then click Add.
    All video streaming requests are distributed among the listed servers.
  5. Click the Properties tab.
  6. (Optional) Enable the RTSP protocol.
    1. Under the RTSP section, turn on the Enable option.
    2. Ensure that the default Start multicast address and port settings for IPv4 and IPv6 do not conflict with other roles, such as the Archiver roles, the Media Router role, the redirectors, and other applications on your system.
      In multicast, all video sources are streamed to different multicast addresses using the same port number, because multicast switches and routers use the destination IP address to make their routing decisions. Similarly, the Media Gateway assigns that same port number to all streaming cameras, starting with the specified IP address and incrementing the IP address by 1 for each new camera it encounters.
    3. If the default Listening port (654) conflicts with other roles or applications on your server, select a different port number.
    4. Leave the Require TLS (RTSPS) option on to force RTSP client applications to use secure transport (TLS) to communicate with this Media Gateway role.
    5. Leave the User authentication option on to limit the user accounts that RTSP client applications, such as third-party video analytics software, can use to communicate with this Media Gateway role.
      If you turn off this option, anyone can connect to the Media Gateway. You may turn it off if you know that your network is secure.
      NOTE: The cameras that an RTSP client application can view in the system depend on the user account the client uses to log on to Security Center. If RTSPS is disabled, you must specifically add the users you allow to access this Media Gateway role to the Accessible to list. Assign to each user a different password than the one used for connecting to Security Center to minimize the risks of exposing their Security Center passwords. If RTSPS is enabled, the Media Gateway uses regular Security Center credentials to validate access. Moreover, the Security Center users must have the Log on using the SDK privilege.
  7. If necessary, change the default (443) secure HTTP port and URL used to connect to this Media Gateway role.
    Turn off the Use the default secure HTTP port of the server option if you need to make changes. The format of the URL is https://<host>:<port>/<web address>, where host is the IP address or host name of the server that hosts the Media Gateway role, port is the HTTPS port, and web address is media by default.
  8. If necessary, change the default settings for streaming video to Security Center Web Client or Genetec™ Web App.
    Decide between one of the five standard streams: Live, Recording, Remote, Low resolution, High resolution, or Automatic.
    With the Automatic option, the Media Gateway decides between the Low resolution, the Live, or the High resolution stream, based on the resolution of the viewing tile in the browser. The following thresholds help the Media Gateway make that decision.
    Low resolution to Live
    Resolution at which the Media Gateway decides to use the Live stream. Below this resolution, the Media Gateway uses the Low resolution stream.
    Live to High resolution
    Resolution at which the Media Gateway decides to use the High resolution stream.
  9. Decide whether the Media Gateway should be allowed to transcode and in what situation.
    Transcoding is CPU-intensive and requires high-end servers. You have the following options:
    Never
    The Media Gateway never transcodes. If the client device cannot decode the stream, the error "Unsupported codec" is displayed.
    Only for PTZ control and Mobile Server
    The Mobile Server role can request transcoded streams at any time. Other applications can only use transcoding to reduce video latency while the user is controlling a PTZ, otherwise an error message is displayed.
    Always (for unsupported devices and codecs)
    The Media Gateway transcodes when:
    • The client application requests it.
    • PTZ camera is being moved (to reduce latency).
    • The codec used by the camera is not supported by the client application.
  10. If you allow the Media Gateway to transcode, configure the following settings:
    Maximum resolution for MJPEG transcoding
    When transcoding, downscale the resulting transcoded stream to this resolution. Stream that are not transcoded are untouched.
    Frame rate
    Maximum frame rate of the resulting transcoded stream.
  11. Click Apply.