Media Router configuration tabs - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

You configure the settings of the Media Router role from the Video task in Security Center Config Tool.

Media Router - Properties tab

Click the Properties tab to configure the stream redirectors, the start multicast endpoint, and the RTSP port for the Media Router.
Redirectors
Servers assigned to host redirector agents, which is a software module launched by the Media Router to redirect data streams from one IP endpoint to another.
Server
Server selected to host the redirector agent.
Incoming UDP port range
Range of ports used by the redirector agent to send video using UDP. If the redirector agent is running behind a firewall, ensure that these ports are unlocked for inbound packets for UDP connections.
Live capacity
Limit the maximum number of live streams that can be redirected through this server (redirector). This feature prevents overloading the server with too many users who are simultaneously trying to view video that needs redirection. When the limit is reached, an error message is displayed on the client application when users request live video, stating that the live stream capacity is exceeded.
Playback capacity
Limit the maximum number of playback streams that can be redirected through this server (redirector). This feature prevents overloading the server with too many users who are simultaneously trying to view video that needs redirection. When the limit is reached, an error message is displayed on the client application when users request playback video, stating that the playback stream capacity is exceeded.
Bandwidth control
Limit the maximum bandwidth for video streams that are redirected through this server (redirector). You can also set a different bandwidth limit for live and playback video. This feature prevents overloading the network with too many video streams coming from a remote site that has limited bandwidth.

When the limit is reached and users request a new video stream, an error message displays stating that the bandwidth limit is exceeded. If the bandwidth limit is reached and a user with a high user level (Security Center) requests a stream, the user with the lowest user level who is viewing video that is being redirected from that redirector loses their stream connection. If multiple users with the same user level are viewing redirected video streams, the user who requested the video stream last loses the stream connection.

Redirection strategy
If you have multiple network cards, you can specify the actions performed by each network card. For example, you might want to specify that video export and video transfer can only be performed by your Wireless network card. For more information, see Configuring network card usage for a redirector.
NOTE: By default, all actions are performed on the connected network card with the highest priority.
Multicast interface
Network adaptor to use for streaming data in multicast mode.
RTSP port
Port used by the redirector agent to receive TCP commands.
NOTE: If you configure the redirector agent on the server hosting the Media Router, the RTSP port cannot be the same as the one used by the Media Router.
RTP port
Port used by the redirector agent to stream live video data using TCP.
RTSP port
Incoming TCP command port used by the Media Router.
Secure communication
Encrypts all RTSP video requests. When secure communication is enabled, all video communications use RTSP over TLS, but only the RTSP control channel is encrypted for live video streaming. To encrypt the video data channel, set the camera encryption to In transit from Archiver or In transit and at rest. Video playback and video export always use RTSP over TCP, therefore the RTSP control channel and the video data channel are both encrypted.
IMPORTANT: Secure communication is enabled by default on new installations, but disabled if you upgraded from version 5.5 or earlier. When secure communication is turned on, Security Center systems older than 5.5 cannot federate your Security Center system.
Multicast
In multicast, all audio and video sources are streamed to different multicast addresses while using the same port number, because multicast switches and routers use the destination IP address to make their routing decisions. Similarly, in its default configuration, the Media Router assigns that same port number to all streaming devices (microphones and cameras), starting with the specified IP address, and adding 1 for every new device it encounters.

The multicast IP address ranges are configured separately for Local streams and Federated streams for optimization. Each range of multicast IP addresses is defined by a Start address and a specific port number.

Increment ports
This option is turned off by default to avoid having to open too many ports on systems with low multicast traffic.

If you have a large number of cameras streaming in multicast, turn this option on to let the Media Router increment the port number by 2 for every multicast address. This strategy is used to overcome a known Windows limitation that puts a cap on the bandwidth of a single port at around 100 Mbps. When the maximum value (65535) is reached, the port number restarts from the value that you configured.

Media Router - Resources tab

Click the Resources tab to configure the servers and database assigned to this role.
Servers
Servers hosting this role. All must have access to the role database.
Database status
Current status of the database.
Database server
Name of the SQL Server service. The value (local)\SQLEXPRESS corresponds to Microsoft SQL Server Express Edition installed by default with Security Center Server. Ensure that the SQL Server version is compatible with Security Center software requirements. For more information, see Security Center 5.12 software requirements .
Database
Name of the database instance.
Actions
You can perform the following functions on the role database:
Create a database ()
Create a new database with the option to overwrite the existing one.
Delete the database ()
Delete the database.
Database info ()
Show the database information.
Notifications ()
Set up notifications for when the database space is running low.
Resolve conflicts ()
Resolve conflicts caused by imported entities.
Backup/Restore ()
Back up or restore the database.
Authentication
Specifies which SQL Server authentication is to be used:
Windows
(Default) Use Windows authentication when the role server and the database server are on the same domain.
SQL Server
Use SQL Server authentication when the role server and the database server are not on the same domain. You must specify a username and password in this case.
Database security
Security options for communication between the role and its database server.
Encrypt connections
(Default) Uses Transport Layer Security (TLS) protocol for all transactions between the role and the database server. This option prevents eavesdropping and requires no setup on your part.
Validate certificate
Authenticates the database server before opening a connection. This is the most secure communication method and prevents manipulator-in-the-middle attacks. The Encrypt connections option must first be enabled.
NOTE: You must deploy a valid identity certificate on the database server. A valid certificate is signed by a certificate authority (CA) that is trusted by all servers hosting the role and that is not expired.