ONVIF releases Profile Q for straightforward configuration
Out-of-the-box, easy, plug and play interoperability — it is what we all want and expect as end-users in today’s market. No matter what the brand or even platform, the expectation is that when we buy a new tablet or wireless speakers and hook them up, the devices will work in concert with one another.
Though the technology is on a larger scale and arguably more complex, integrators, system providers and end-users in the physical security industry have similar expectations about IP-enabled security devices; in fact, recent surveys of ONVIF users and integrators have shown that easy configuration is the number-one requested feature for future profiles.
Profile Q, ONVIF’s newest draft specification, has been created in direct response to this feedback. The new profile — initially released in January 2015 — answers the call for easy installation and out-of-the-box functionality using the ONVIF specification, catering to the security-specific needs of an easy set-up mechanism and basic device-level configuration.
Slated for final release in June 2015, manufacturers will have ONVIF automatically enabled for every product that is Profile Q-conformant. This means that an integrator or user does not have to find a switch to activate ONVIF, or search for instructions issued by the manufacturer or printed on a label on the device.
Making Installs Easy
ONVIF Profile Q-conformant devices are easily discoverable and enable the installer to program common settings such as IP address, time, authentication and security options. It does not matter what type of device the client is communicating to, as the ONVIF commands are common to all device types.
When replacing a camera in an existing system, a Profile Q device can be configured quickly by using the data from a backup. The new profile also features a factory reset functionality that will bring a conformant device back to its original out-of-the-box state, thereby always retaining interoperability with other ONVIF IP security devices. Events —such as fan, power supply or storage failure, as well as critical temperature and last backup — can also be managed through Profile Q devices.
Advanced Information Security
Another essential element of Profile Q has been developed in response to recent changes in infrastructure and management philosophy. In the days of analog, dedicated networks for CCTV and access systems provided not only the expectation of plug-and-play interoperability, but also the peace of mind that the information transmitted between devices was free from harm. The IP equivalent of those private networks is a dedicated IT network for security devices, but the reality is that the expense of maintaining a separate network for security and another for other business operations is a luxury few organizations can afford in the long run. Therefore, networks are converging and being streamlined in order to affect cost savings. When sharing communication infrastructure with other business networks, however, CCTV and access control systems need particular information security capabilities in order to provide the same security as a system that is operating in a dedicated network.
Profile Q answers the call for advanced information security features, in addition to providing necessary out-of-the-box interoperability. An integral part of interoperability is setting up secure connections between devices and clients. Profile Q does this by supporting Transport Layer Security (TLS), the primary security feature of the new profile. TLS is a widely used cryptographic protocol that is designed to provide communication security. The protocol uses certificates and asymmetric cryptography to authenticate the data transferred between the parties.
As a prerequisite for TLS, Profile Q also allows for the management of certificates and keys on ONVIF devices themselves. Once set up, Profile Q devices and clients can communicate across the network in a way that prevents tampering and eavesdropping even though the network is shared with other systems.
It is no coincidence that the two main features of Profile Q are easy set up and advanced security features. The two are inexorably intertwined. If a product is too complicated to set up and configure, then it often goes unused. If security features are also difficult to install, configure and maintain, busy and frustrated operators often turn them off. This, of course, though understandable, leaves devices and networks vulnerable to attack. Profile Q makes configuration and the implementation of advanced security easy for integrators and users, saving their valuable time and ensuring that their networks are safe for multiple uses.
An Array of Profiles
Profile Q is one of four profiles currently offered by ONVIF —joining Profile G for video storage, which was released in July of 2014; Profile C for physical access control, released in March of 2014; and Profile S, ONVIF’s first profile, which was released in January of 2012. Together, they helps end-users and system designers in determining interoperable components of a physical security solution.
Profile G is the specification that encompasses on-board video storage, searching, retrieval capabilities and media playback. It was created to further refine the interoperability between live video and video storage, and it covers cameras, encoders and network video recorder (NVR) devices as well as client systems such as video management systems, building management systems and physical security information management (PSIM) systems, among others.
Through Profile C, systems integrators, specifiers and consultants are able to achieve interoperability between clients and devices of physical access control systems (PACS) and network-based video systems. Compatibility between access control edge devices and clients is improved, installation simplified and training time diminished because of the reduced need for multiple proprietary monitoring systems to handle different PACS devices. Profile C-conformant devices within the access control system provide door and access point information and functionality related to basic door control activities such as locking and unlocking doors, when a door has been accessed and other door monitoring tasks.
Profile S describes the common functionalities shared by ONVIF-conformant video management systems and devices such as IP cameras or encoders that send, configure, request or control the streaming of media data over an IP network. The profile includes specific features such as pan, tilt, zoom control, audio streaming and relay outputs.
Profile Q works across brands and profiles to give end-users and systems integrators the tools that they need to connect systems and devices as seamlessly as possible, in order to create a truly interoperable security system.
The Release Candidate for Profile Q will be available online for member review and comment until June 2015 (visit www.onvif.org for more information). If no technical modifications are necessary, the final publication of ONVIF Profile Q is expected in late June of 2015.
Gero Baese is the chairman of the ONVIF Profile Q Working Group, and serves as Senior Research Scientist, in the Imaging and Computer Vision Department of Corporate Technology, for Siemens. Reach him at [email protected].