Video Surveillance Management at the Edge with Cisco HyperFlex Edge, Cisco SD-WAN, Cohesity, and Milestone XProtect
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Executive summary
Video surveillance is gaining importance as organizations recognize that they can monetize its video streams for a variety of real-time use cases. Although video surveillance has been in use for a while, it now can be used to provide insights in real time through analytics using machine-learning and deep-learning techniques.
Recognizing the benefits of real-time insights, many enterprises and public-sector organizations have begun to use video surveillance streams in a variety of situations. One of the main use cases is surveillance at remote branch offices and at unstaffed places that need to be monitored continuously for specific scenarios of interest in real time. Other use cases include monitoring to provide information about traffic accidents and to identify defective products on an assembly line, social distancing violations in a workplace, and so on. Such use cases require self-managed video surveillance and analytics systems that can be deployed at remote places with little human intervention.
Cisco HyperFlex™ Edge with Cisco® SD-WAN along with Milestone XProtect video management software (VMS) provides a solution that is easy to deploy and manage for remote branch offices for the video surveillance and analytics use case. Cisco HyperFlex Edge systems can be deployed and managed at scale using the Cisco Intersight™, which is a cloud-based comprehensive infrastructure management platform. With the addition of Cohesity DataPlatform on Cisco UCS® S3260 Storage Servers, this solution provides a comprehensive approach for acquiring and archiving video surveillance feeds.
This document describes how to deploy and manage the Milestone XProtect video surveillance system at the network edge. It also explains sizing and performance characteristics based on the results from our lab tests for such deployments.
Our integrated, software-defined branch solution combines Cisco HyperFlex Edge with Cisco SD-WAN and Milestone video management software. The solution delivers a computing, storage, network, and VMS solution to your remote and branch offices with integrated network services and security.
In this architecture, a two-node Cisco HyperFlex Edge system is used to host Milestone VMS in a virtual environment. The cameras are connected to the recording server, and the live data is stored on Cisco HyperFlex HX Data Platform. The data is then archived to Cohesity DataPlatform hosted at the data center through Cisco SD-WAN integration. Figure 1 provides an overview of the solution.
Solution architecture: Logical view
The solution consists of the following components:
● Two-node Cisco HyperFlex Edge system
● Milestone VMS system
● Cisco SD-WAN (vManage, vSmart, vBond, and cEdge devices)
● Cisco Intersight platform
● Cohesity DataPlatform on Cisco UCS S3260 M5 Storage Server, hosted at the data center
With Cisco HyperFlex Edge running Cisco SD-WAN, managed together through Cisco Intersight and Cisco vManage, you can deploy branch-office infrastructure at every site with efficiency and complete consistency. Now you can deploy, manage, and secure your remote and branch offices quickly and easily.
This solution is certified by Milestone and posted on Milestone marketplace.
To help you meet the challenge of deploying large numbers of new applications at any scale, and in any location, we developed Cisco HyperFlex™ systems. In today’s world this adaptable platform acts as your on-premises and edge infrastructure that complements and integrates with the workloads that you deploy into public clouds. Tight integration with the Cisco Intersight™ cloud operations platform enables full lifecycle management of your workloads wherever you want to deploy them, locally, at the edge, and into the cloud. With management hosted in the cloud, you have access to unlimited deployment locations and scale.
Cisco HyperFlex Edge
Cisco HyperFlex Edge provides flexible options for adding computing and storage resources to your edge environments in a simple-to-manage, high-performing, HCI solution. The solution provides infrastructure where your data lives, whether it resides in remote or branch offices, retail or manufacturing locations, or anywhere else you need it.
Cisco HyperFlex Edge delivers the computing and storage flexibility you need at the edge. You can start small with a two-node cluster and expand as your business requires. These systems support either 1- or 10-Gbps networking.
Cisco HyperFlex HX*240-M5SD short-depth edge nodes
Cisco is expanding the Cisco Unified Computing System™ (Cisco UCS) server portfolio with a new, short-depth (SD) rack server, the Cisco UCS C240 SD M5 Rack Server. The C240 SD M5 is well-suited for the edge, places outside the data center such as points of presence (POPs), co-location facilities (COLOs), small IT closets, industrial environments, or anywhere that a short-depth or rugged server is needed.
The Cisco HyperFlex HX*240c-M5SD server is a two-socket two-rack-unit (2RU) short-depth chassis designed to operate in edge environments. Built on the Cisco UCS C240 SD M5 Rack Server, it enables Cisco Intersight managed Cisco HyperFlex Edge solutions in more places and smaller spaces.
Note: This document focuses on the Cisco HyperFlex Edge system. However, all the configurations apply to Cisco HyperFlex HX*240 SD edge nodes, and the solution is certified by Milestone.
Today, the Internet is your WAN. This is both good and bad news. It is good news in that there are lots of available networks. The challenge is that you need to deploy and secure branch offices without throttling your users and applications. What you need is an integrated, single solution engineered for the modern branch office, a solution that provides a way to securely deploy and remotely manage branch offices, in a repeatable way, without needing skilled staff on site.
Cisco HyperFlex Edge running Cisco SD-WAN helps ensure a high-quality user experience at your branch offices while reducing costs and complexity.
Cisco SD-WAN lets you manage connectivity across your WAN from a single dashboard with greater speed, reliability, and efficiency. It combines software-defined efficiency and flexibility with exceptional security and visibility across your Internet-based WAN. It provides optimal connectivity to your users and a comprehensive security platform to harden your network.
With Cisco HyperFlex Edge running Cisco SD-WAN, managed together through Cisco Intersight and Cisco vManage, you can deploy branch-office infrastructure at every site with efficiency and complete consistency. Now you can deploy, manage, and secure your remote and branch offices quickly and easily.
This solution provides these benefits (Figure 2):
● Deliver network services and security with Cisco HyperFlex Edge equipped with Cisco SD-WAN.
● Easily deploy and centrally manage your infrastructure with the Cisco Intersight and Cisco vManage platforms.
● Support massive scale for the size of your business now and in the future.
Cisco HyperFlex Edge and SD-WAN enable secure remote- and branch-office deployment at scale
Architecture and components
The Cisco SD-WAN solution consists of separate orchestration, management, control, and data planes (Figure 3):
● The orchestration plane assists in the automatic onboarding of the SD-WAN routers to the SD-WAN overlay.
● The management plane is responsible for central configuration and monitoring.
● The control plane builds and maintains the network topology and makes decisions about where traffic flows.
● The data plane is responsible for forwarding packets based on decisions from the control plane.
Overview of Cisco SD-WAN solution planes
The Cisco SD-WAN controllers have specific hardware requirements. For more information about hardware recommendation, see the Cisco SD-WAN compatibility matrix. This document assumes that the hardware requirements for installing Cisco SD-WAN controllers are met at the data center.
The Cisco Intersight solution is a cloud operations platform that delivers intelligent visualization, optimization, and orchestration for applications and infrastructure across your hybrid environment. This platform offers an intelligent level of management that enables IT organizations to analyze, simplify, and automate their environments in more advanced ways than the prior generations of tools. The Cisco Intersight platform provides an integrated and intuitive management experience for resources in the traditional data center and at the edge. With flexible deployment options to address complex security needs, getting started with the Cisco Intersight platform is quick and easy.
The Cisco Intersight platform has deep integration with Cisco UCS and with Cisco HyperFlex systems, allowing remote deployment, configuration, and ongoing maintenance. The model-based deployment works for a single system in a remote location or hundreds of systems in a data center. It enables rapid, standardized configuration and deployment. It also simplifies the maintenance of those systems whether you are working with small or large configurations.
Cisco Intersight software delivers a new level of cloud-powered intelligence that supports lifecycle management with continuous improvement. It is tightly integrated with the Cisco Technical Assistance Center (TAC) and Smart Call Home. Expertise and information flow seamlessly between Cisco Intersight, Cisco UCS, and Cisco HyperFlex users. Remediation and problem resolution are supported with automated uploading of error logs for rapid root-cause analysis.
The Cisco Intersight platform uses a continuous integration (CI) and continuous deployment (CD) approach, so you never have to worry about whether your software is up-to-date. Even the Cisco Intersight virtual appliance is automatically updated.
Cisco Intersight software offers these main features:
● Software-as-a-service (SaaS)–based management: SaaS delivers global management with frequent updates that don’t impede your operations.
● Proactive guidance: The recommendation engine provides notifications, insights, and actionable intelligence to ease daily operations.
● Security and extensibility: The service is designed for secure connection and data access with an extensible architecture for third-party integrations.
● Enhanced support: Enhanced capabilities and Cisco TAC integration help you quickly respond to problems before they affect operations.
● Intuitive experience: Help your administrators and DevOps teams be more effective, less burdened with details, and more productive.
Figure 4 provides an overview of the Cisco Intersight platform.
Cisco Intersight cloud-based infrastructure automation
Cohesity DataPlatform: Redefining data management
Cohesity has built a unique solution based on the same architectural principles that are employed by cloud hyperscalers managing consumer data, but optimized for the enterprise environment. Hyperscalers use an architectural approach that has three major components: a distributed file system—a single platform—to store data across locations, a single logical control plane through which to manage this platform, and the ability to run and expose services on top of this platform to provide new functions through a collection of applications. The Cohesity platform takes this same three-tier hyperscaler architectural approach and adapts it to the specific needs of enterprise data management.
Cohesity SpanFS file system
At the core of Cohesity DataPlatform is a fully distributed, shared-nothing file system. Inspired by web-scale principles, Cohesity SpanFS is a unique file system that is meticulously designed to address the challenge of mass data fragmentation.
To effectively consolidate data, enterprises need a file system that can handle the requirements of multiple use cases simultaneously. To meet modern data management requirements, SpanFS provides the following features (Figure 5):
Cohesity SpanFS features
● Unlimited scalability: Start with as few as three nodes and grow limitlessly on-premises or in the cloud with a pay-as-you-grow model.
● Strict consistency: Help ensure data resiliency with strict consistency across nodes in a cluster.
● Multiprotocol support: Support traditional Network File System (NFS) and Server Message Block (SMB)–based applications as well as modern Amazon Simple Storage Service (S3)–based applications. Read and write to the same data volume with simultaneous multiprotocol access.
● Global deduplication: Significantly reduce your data footprint by deduplicating across data sources and workloads with global variable-length deduplication.
● Unlimited snapshots and clones: Create and store an unlimited number of snapshots and clones with significant space savings and no performance impact.
● Self-healing design: Automatically balance and automatically distribute workloads across a distributed architecture.
● Automated tiering: Automatic data tiering across solid-state disk (SSD), hard-disk drive (HDD), and cloud storage helps you achieve the right balance between cost optimization and performance.
● Multicloud support: Natively integrate with leading public cloud providers for archiving, tiering, and replication and to protect cloud-native applications.
● Sequential and random I/O: Achieve high I/O performance by automatically detecting the I/O profile and placing data on the most appropriate media.
● Multitenancy with quality of service (QoS): Natively support multiple tenants with QoS, data isolation, separate encryption keys, and role-based access control (RBAC).
● Global indexing and search: Rapidly perform global searches as a result of file and object metadata indexing.
Milestone Systems is a global leader in open-platform IP video surveillance software. Milestone has provided easy-to-use, powerful video management software in more than 200,000 installations worldwide.
Milestone XProtect provides open-architecture products that are compatible with more IP cameras, encoders, and digital video recorders than products from any other manufacturer. Because Milestone provides an open platform, you can integrate today’s best business solutions and expand your capabilities with future innovations. Visit www.milestonesys.com for more information.
XProtect Corporate
XProtect Corporate is a powerful IP VMS solution designed for large-scale and high-security deployments. Its single management interface enables efficient administration of the system, including all cameras and security devices, regardless of the system’s size or whether it is distributed across multiple sites. For systems demanding supreme situational awareness and precise response to incidents, XProtect Corporate includes Milestone XProtect Smart Wall. XProtect Corporate includes advanced video grooming functions and encryption capabilities that help organizations reduce video storage costs while helping ensure the integrity of video evidence and compliance with industry and federal regulations.
VMS server components
The video management software includes following main components:
● Management server: the center of your installation; consists of multiple servers
● One or more recording servers
● One or more installations of XProtect Management Client
● XProtect Download Manager, Event Server, and Log Server
● One or more installations of XProtect Smart Client
● One or more implementations of XProtect Web Client and installations of the XProtect Mobile app client if needed
For more information about XProtect VMS system and components, see the XProtect VMS administrator manual.
The Cisco HyperFlex system is used primarily for hosting Milestone VMS components, infrastructure virtual machines, and Cisco Cloud Services Router (CSR) 1000V (cEdge) virtual machines and for storing live database recordings. The retention time for video recordings is set for 2 days, and the data is then archived to Cohesity DataPlatform deployed on Cisco UCS S3260 M5 servers at the data center. The retention time for live and archive database can be modified according to your requirements and storage configuration.
Physical topology
Cisco UCS and Cisco HyperFlex systems are managed and configured through Cisco Intersight, a lifecycle management platform for the infrastructure. The Cisco Intersight platform includes the Cisco HyperFlex installer in all editions, providing an easy way to deploy Cisco HyperFlex Edge systems.
A Cisco HyperFlex Edge cluster is built using Cisco HyperFlex HX-Series rack-mount servers without connecting them to Cisco UCS fabric interconnects. Upstream network connections, also referred to as northbound network connections, are made directly from the servers to the customer-selected data center top-of-rack (ToR) switches at the time of installation. The solution uses a 10 Gigabit Ethernet topology to deploy Cisco HyperFlex Edge.
All you need to do to deploy a Cisco HyperFlex cluster is to connect power and network cables and claim the servers in the Cisco Intersight user interface. Apply a cluster profile to a Cisco HyperFlex node through the Cisco Intersight platform, and your systems or clusters are configured automatically in minutes.
Figure 6 shows the physical topology.
The Cohesity DataPlatform configuration at the data center is covered in the document Manage Video Surveillance with Cisco HyperFlex Systems, Cohesity DataPlatform, and Milestone XProtect.
Physical topology
Tables 1 and 2 show the hardware components and software versions used in the solution.
Table 1. Hardware components
Table 2. Software versions
Logical overview
Figure 1 earlier in this document provides a logical view of the solution architecture. Milestone VMS components and infrastructure virtual machines are deployed on the Cisco HyperFlex Edge system. Infrastructure virtual machines such as the XProtect Management Server, XProtect Management Client, XProtect Event Server, XProtect Log Server, and Microsoft SQL Server are deployed in a single virtual machine, and XProtect Recording Server is deployed in a separate virtual machine.
You can deploy the SD-WAN solution on Cisco HyperFlex clusters on two, three, and four Cisco HyperFlex Edge nodes. The SD-WAN controllers such as vManage, vSmart, and vBond are deployed at the data center. The Cisco CSR 1000v, a router and network services platform in a virtual form factor, is deployed in the data center and branch location to provide a highly secure VPN gateway. The WAN connections are cEdge (CSR 1000v) routers, which can be either single or dual terminated.
Acquiring video
The XProtect Recording Server is responsible for recording videos and for communicating with cameras and other devices. Live streams from cameras retrieved on the recording server are stored directly in Cisco HyperFlex storage. More cameras can be added by deploying additional recording server virtual machines.
Archiving video
Milestone’s unique multistage storage technology allows you optionally to use internal and external video archives. This capability offers the possibility of using cost-effective, high-density storage systems such as scale-out network-attached storage (NAS) for long-term video storage.
The camera data from the XProtect Recording Servers can be securely moved to Cohesity DataPlatform deployed at the data center through highly secure Cisco SD-WAN. Cohesity DataPlatform is used to store the archived database data, which can then be moved to the public cloud on S3 storage for long-term retention (LTR).
Cohesity DataPlatform is configured on Cisco UCS S3260 M5 servers hosted at the data center. Cohesity DataPlatform provides globally distributed NFS, SMB, and S3 object storage with best-in-class global deduplication and compression. The SMB protocol is enabled on the Cohesity DataPlatform and mounted as an SMB file share on the recording servers to archive the data.
Configuration
Table 3 summarizes the XProtect components and infrastructure virtual machine configuration details that were used in the setup tested for this document (refer to Figure 1). Each recording server is configured with 10 virtual CPUs (vCPUs), 32 GB of RAM, a 100-GB OS disk, and 2.5 TB of space for live video recording.
Table 3. Milestone virtual machine and Cisco SD-WAN controllers: Virtual machine configuration details
All the video streams were configured to use 1920 x 1080 full high-definition (HD) H.264 codec video with the number of frames set to 30 frames per second (FPS). Two recording servers, with each recording server receiving video feed from 100 cameras, were simulated. A total of 200 camera feeds were recorded on the system, with the retention time set to 2 days. The data was then archived on Cohesity NAS for 2 weeks and then copied to the Amazon Web Services (AWS) cloud on S3 storage, which is sized for 3 months data.
Having the recording servers on a virtual machine helps you scale the system whenever new cameras are added, thus eliminating the need to configure storage or networking components, unlike with physical servers
Note: For systems with more than 100 cameras, Milestone recommends that you use dedicated virtual machines for all or some of the components.
Note: For best performance, Milestone recommends that your storage be formatted with an NTFS 64-KB block size (instead of the default 4-KB block size), regardless of the use of RAID and JBOD.
The connection of the solution is based on 10-Gbps connectivity, and traffic is isolated using VLANs.
Figure 7 shows the network connectivity of the Cisco HyperFlex Edge system
Cisco HyperFlex Edge network connectivity
The dual-switch configuration provides a topology that requires two Ethernet ToR switches so that switch redundancy is provided in addition to link and port redundancy. The requirements of the upstream network are the same as for the single-switch topology except that two managed switches with VLAN capability are required in this topology. The connection to any two ports from the Cisco UCS Virtual Interface Card (VIC) 1457 adapter on each server goes to one 10 Gigabit Ethernet switch port on each of the two ToR switches.
Cisco SD-WAN
Figure 8 shows a high-level overview of the Cisco SD-WAN network topology used in this solution.
SD-WAN network topology
In this topology, there is one data center and one remote site. The transports can be Multiprotocol Label Switching (MPLS) and Internet service provider, broadband, or any other mode. The SD-WAN controllers are deployed using Cisco's cloud-managed service and can be reached through the Internet transport. The data center has one vManage instance, one vSmart controller, one vBond orchestrator, and a WAN edge router, the remote location has one WAN edge router. Each WAN edge router attempts to make a connection to the controllers over each transport. The cEdge router will initially connect to a vBond orchestrator and will then connect to the vSmart controller over each transport. Only one vManage connection is made from the site, and it will depend on which transport first connected to it, but this preference is configurable. The WAN edge routers connect to the controllers over the Internet service provider and MPLS transport by being routed over the IPsec tunnels to the data center and following the default route out of the Internet firewall to the Internet transport. For more information, see the Cisco SD-WAN End-to-End Deployment Guide, see the Cisco SD-WAN End-to-End Deployment Guide.
Table 4 provides a summary of the site IDs and system IP addresses for the sample network used as an example in this document.
Table 4. IDs and IP addresses used in network example
| Host name |
Location |
Site ID |
System IP address |
| UCS-vManage |
Data center |
101 |
2.0.0.1 |
| UCSvBond |
Data center |
101 |
2.0.0.2 |
| UCSvSmart |
Data center |
101 |
2.0.0.3 |
| Router (CSR 1000v) |
Data center |
102 |
2.0.0.4 |
| Edge (CSR 1000v) |
Remote sites |
103 |
2.0.0.5 |
The Cisco SD-WAN dashboard (Figure 9) connects all the data centers, core and campus locations, WAN branches, co-location facilities, cloud infrastructure, and remote workers. Cisco SD-WAN uses the Overlay Management Protocol (OMP) to control the entire network. It simplifies IT operations with automated provisioning, unified policies, and streamlined management to help ensure rapid updates and problem resolution, and it provides advanced network functions, reliability, and security.
Cisco SD-WAN dashboard
Cisco HyperFlex network settings
The Cisco HyperFlex HX Data Platform installer automatically creates server profiles, virtual switches (vSwitches), and VLANs based on user input. Multiple virtual network interface cards (vNICs) are carved out from the same physical port, and a total of four vNIC pairs (eight vNICs) are created. Each pair has one vNIC from Uplink Port 0 and one from Uplink Port 1.
Each VMware ESXi host needs the following networks.
● Management traffic network: From VMware vCenter; handles hypervisor (ESXi server) management and storage cluster management
● Data traffic network: Handles the hypervisor and storage data traffic
● VMware vMotion network: Used for virtual machine and storage vMotion traffic
● Virtual machine network: Handles the archive database traffic
● Camera network: Handles the camera feed traffic
Four vSwitches, each with a pair of vNICs, are created for management, storage, vMotion (archive database), and camera traffic, with each carrying a different network:
● vswitch-hx-inband-mgmt: This vSwitch is used for ESXi management and storage controller management.
● vswitch-hx-storage-data: This vSwitch is used for ESXi storage data and HX Data Platform replication. These two vSwitches are further divided into two port groups with assigned static IP addresses to handle traffic between the storage cluster and the ESXi host.
● vswitch-hx-vmotion: This vSwitch is used for virtual machine storage vMotion.
● vswitch-hx-vm-network: This vSwitch is used for virtual machine traffic.
Figure 10 shows the Cisco HyperFlex logical network layout.
Logical network layout
Notes:
● Dotted lines represent a standby link.
● All “a” vNICs connect to Uplink Port 0, and all “b” vNICs connect to Uplink Port 1.
● A maximum transmission unit (MTU) of 9000 is recommended for storage data, vMotion, and camera network traffic.
● All switch interconnects and switch uplinks should be configured with jumbo frames. Failure to ensure full-path MTU could result in a cluster outage if traffic is not allowed to pass after a link or switch failure.
Table 5 shows the VLAN and vSwitch configuration used in the solution described in this document.
Table 5. VLAN and vSwitch configuration
Note: By default, the hx-vm-network vSwitch is configured as active-active. All other vSwitches are configured as active-standby.
Cohesity network settings
Two Cisco UCS vNICs are configured per node: one on the A-side fabric and one on the B-side fabric. The two interfaces are configured as slave interfaces in a bond in the Linux operating system, using bond mode 1 (active-passive).
A floating virtual IP address is assigned, one per node, and is used by Cohesity for all management, backup, and file services access. The address assignment is handled by the Cohesity software, and addresses are reassigned to an available node if any node should go offline. These floating addresses are all assigned in the Domain Name System (DNS) to a single A record, and the DNS server must respond to queries for that A record using DNS in a round-robin process.
Cohesity configuration for archiving
For the validation reported in this document, the Cohesity SmartFiles feature was used to provide Milestone recording servers with a Cohesity View through an SMB share.
Configuring Cohesity Views
Cohesity Views represent mount points into a specific storage domain. Views provide NFS or SMB and Common Internet File System (CIFS) protocol access for files, snapshots, and clones of other views. QoS can be set for each view to tune performance for the target workload (Figure 11).
Cohesity provides several QoS policies that can be changed dynamically. QoS profiles have different settings based on different types of workloads. Therefore, based on the storage I/O characteristics of the workload (for example, whether I/O is sequential or random), a suitable QoS policy can be used to meet performance requirements.
The SMB share for Milestone was configured with journaled sequential dump QoS policy and with fast durable handles to boost performance. The fast durable handles option provides faster performance (more I/O operations per second [IOPS], metadata operations, file listing, etc.) for SMB clients. The feature can tolerate restarts of the Cohesity data service and short-duration network failures. However, it may not tolerate a node failure or SMB server service failure.
Configuring a Cohesity View
Configuring protection policies
Protection policies describe backup frequency, backup retention, replication processes, and archive schedules. After policies are defined, they can be applied to protection jobs, helping ensure appropriate protection strategies across your environment (Figure 12).
Configuring protection policy
Protection jobs define one or more groupings of virtual machines or views for protection that comply with a specific protection policy. Jobs also set the time and time zone of the job and the storage domain that will contain the protected data (Figure 13).
Configuring a protection job
As shown here, Cohesity was also used to simplify data management, and it was configured to provide snapshot-based data protection for the SMB share for Milestone archive database data sets. This snapshot-based data protection provides multiple advantages from a recovery perspective, and it also allows data sets to be cloned to provide multiple users a historical view into the Milestone data sets.
As shown in Figure 13, the SMB share was configured for data protection with the Milestone-Gold policy to use Cohesity snapshots, and the Milestone data set was retained locally on the cluster for 1 week. As part of the same policy, archiving was configured for these data sets, copying them to AWS S3 blob storage for long-term retention for 3 months.
Cohesity simplifies data management by enabling long-term retention or archiving of the Milestone data set by providing native capabilities to archive data to the cloud.
The AWS S3 external target was configured with the settings shown in Figure 14, which support overall data efficiency and provide data security with AES-256 encryption, compression, source-side deduplication, and if required, advanced features such as bandwidth throttling.
Configuring an external storage target
Sizing and scaling
The ESXi host CPU utilization on the Cisco HyperFlex Edge node for the 100-camera simulation test and other infrastructure virtual machines was less than 25 percent, and the host has enough resources available to add more cameras and analytics virtual machines and to support any other applications that are needed at the edge and remote branch-office setup.
In the case of Cisco HyperFlex HX*240-M5SD short-depth edge nodes, ESXi host CPU utilization was less than 20 percent for the 60-camera simulation test, and the system has room for future expansion. Both the hardware and software of this solution are easily scalable because the solution incorporates the best of hyperconverged architectures both in the primary platform with the Cisco HyperFlex system and in the data management platform with Cohesity. When more cameras need to be added to the network, more recording server virtual machines can be deployed, and Cisco HyperFlex Edge supports future expansion.
Note: Cluster node expansion is not supported but is planned for a future software release with 10 Gigabit Ethernet topologies.
Table 6 shows the number of cameras configured per recording server virtual machine and the average virtual machine vCPU and ESXi CPU utilization for Cisco HyperFlex Edge and the Cisco HyperFlex short-depth edge system.
Table 6. Recording server configuration and ESXi CPU utilization
Storage configuration
The Cisco HyperFlex Edge system used in the solution was configured with eight 960-GB SATA SSDs for capacity, which provides a total usable space of 6.4 TB. The Cisco HyperFlex HX*240-M5SD short-depth edge node was configured with four 960-GB SATA SSDs, which provides a total usable capacity of 3.4 TB.
The video recommended for verification of the system, Door_1920x1080_4Mbit_20_Motion, contains a section with motion in the first 20 to 25 percent of the total video followed by video with no motion for the rest of the video. During the test, the total bandwidth required per camera was 0.97 Mbps. The total bandwidth required per recording server depended on the number of cameras configured.
Table 7 shows the storage space required by the recording server per day.
Table 7. Storage space requirements
The bandwidth requirements will change with the video, camera resolution and frame rate, and hence you should size the storage accordingly. More cameras can be added depending on the storage space available and the live database retention time.
The solution described in this document was tested with the Milestone certification kit, which includes the StableFPS driver and can be used to simulate feeds from multiple cameras. The StableFPS driver uses the feed server, which is installed on the recording server, to generate network load.
The video feed to the recording server was generated using the feed server, which is connected to the ToR switch. System performance was measured by using high-resolution 1920 x 1080 H.264 codec video containing a section with motion in the first 20 to 25 percent of the total video followed by video with no motion for the rest of the video. The number of frames was set to 30 FPS.
The test was run for 7 days, and the results were captured. During the test, on each recording server, ingress data throughput (data coming into recording server media) was 400 Mbps, but the average disk throughput of each recording server virtual machine was 97.6 Mbps, because of the use of the Cisco HyperFlex inline deduplication feature. The total throughput was 195.2 Mbps, and the average ESXi CPU utilization was 22 to 25 percent for 200 camera simulation tests. Also, during the 7-day test, latency, vCPU use, memory use, and network throughput were all well within the limits.
Figure 15 shows the average read-write bandwidth and latency observed in Cisco HyperFlex Connect during the 200-camera simulation test with archiving. The aggregate bandwidth of both the recording servers was 195.2Mbps, with an average latency of 5 milliseconds (ms), and each virtual machine contributed an average bandwidth of 97.6 Mbps.
Average read-write throughput and latency of all recording servers observed in Cisco HyperFlex Connect
During the archive process, the average read bandwidth increased without affecting the write throughput. The average read bandwidth was 196 Mbps (24.5 MBps), with an average latency of 1.6 ms; the average write latency was 5 ms.
Figure 16 shows the latency and bandwidth on Cohesity DataPlatform observed during the archive process.
A single recording server with 100 cameras generated about 1 TB of data for 24 hours. This data was archived to a single node in the three-node Cohesity cluster at a rate of close to 192 to 216 Mbps (24 to 27 MBps). Because the system is a scale-out system, Cohesity performance scales linearly, with the load being distributed across all the nodes in the cluster.
Bandwidth and latency of Cohesity DataPlatform
Figure 17 shows the SD-WAN bandwidth utilization. During the data archive process, the bandwidth utilization was close to 24 to 27 MBps (190,996 to 220,000 Kbps) when observed through the Cisco vManage GUI.
SD-WAN bandwidth utilization
Figure 18 shows the average vCPU utilization of two recording server virtual machines, and the average ESXi host CPU utilization for the 7-day test. The average vCPU utilization of all recording servers was 58 to 59 percent without any media loss. Also, during the 7-day test, latency, vCPU use, memory use, and network throughput were all well within the limits.
Average vCPU utilization of recording servers and VMware ESXi host CPU utilization
For any video surveillance system to be deployed at the edge and at scale, it must have a fully automated and manageable framework. The Cisco Intersight platform provides such a framework. It also requires the right infrastructure: Cisco HyperFlex Edge coupled with leading video management solutions from Milestone provide the critical components of a video surveillance system at the edge. An archival solution also is needed to retain the video streams at the data center. Cohesity deployed on Cisco UCS S3260 servers provides a complete solution for acquiring, archiving, and analyzing video streams at the edge. The Cisco HyperFlex system also provides an optional graphical processing unit (GPU) to accelerate analytics at the edge.
The tests reported in this document demonstrate that a solution consisting of Cisco HyperFlex Edge with Cohesity over Cisco SD-WAN meets the performance demands of video surveillance workloads with room for growth.
For additional information, see the following resources:
● https://www.cisco.com/c/en/us/products/servers-unified-computing/intersight/index.html
● https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html
● https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/SD-WAN-End-to-End-Deployment-Guide.pdf
● https://docs.cohesity.com/6_5/Web/UserGuide/Content/Welcome/Welcome.htm