SSI logo

Ethernet Switches Are Fast-Rising on the Security Horizon

Long a staple of IT networking functionality, Ethernet switches until recently were seldom used for video surveillance applications. That is rapidly changing with the emergence of IP networks in support of IP cameras, DVRs and larger storage solutions.

As video surveillance technology grows more prevalent as a result of increasing homeland security and public safety needs, the Ethernet switch is rapidly becoming an indispensable instrument as solutions move inexorably onto the network. 

Until recently, most video systems deployed were non-networked analog solutions consisting of CCTV cameras connected primarily to coaxial cable. Although Ethernet switches have been used for years in other IT networking applications, the devices were rarely employed for video security. That is rapidly changing with the emergence of Internet protocol (IP) networks to support IP cameras, DVRs and larger storage solutions. In this new converged world, the Ethernet switch becomes a key element to any IP security solution. 

This trend from traditional to network-based solutions is forcing systems integrators to keep pace with the shifting technological landscape. IP networks require a higher level of technical sophistication than is typically associated with analog solutions. And while innately more robust than analog, IP-based systems can prove less reliable due to network design and installation complexity. 

The key to the robustness — and the difficulty — of IP network design is the Ethernet switch: The switch is the backbone of the network and the physical connection to security appliances. Hence, correct switch selection can make or break an IP security network. 

Perils of Unmanaged Ethernet Switches Give Rise to ‘STP’

To date, IP video surveillance solutions have used either unmanaged or managed Ethernet switches, both of which were developed for IT networks. Initially, physical security managers used unmanaged Ethernet switches for their IP networks. While easy to install and to set up the network, unmanaged switches are extremely vulnerable and provide little to no protection from network failure. A single point of failure, loss of power or spike in network traffic would cause a disruption of service or complete collapse of the security network. 

To provide more reliable networks, managed Ethernet switches were introduced. Managed switches feature some communications capabilities, support networking protocols, and offer the ability to preset a number of performance parameters to better manage the network. However, managed switches are more complex, and require more operator training and a high level of IT expertise to install and maintain a network. 

Traditional managed switches utilize Spanning Tree Protocol (STP) and variants thereof to achieve a higher level of network reliability. As defined by IEEE Standard 802.1D, STP was designed to provide a self-healing capability that would better enable transmissions to continue uninterrupted by providing automatic backup paths when a link failed in the network. Like the spreading branches of a tree, STP is designed to provide a network of multiple paths through which a signal can travel, disabling those not being used so that only a single active path is available between nodes.

In reality, problems arise when several paths are available. A network crippling condition called “bridge looping” occurs in which several paths can remain open due to an address failure and transmitted packets get “stuck” being forwarded endlessly between switches. As it multiplies, more switches and bandwidth are drawn into the situation creating a “broadcast storm” that overwhelms the network and causes a system crash.

Additionally, every time a device is added to the network — say, another camera — or certain failure events occur, networking parameters and device attributes must be assigned and reconfigured for the network to work properly.

As a result, networks utilizing STP-based switches can be difficult to initialize and re-establish when networks fail and devices have to be reconfigured. Although STP-based Ethernet switches can be configured in a redundant ring topology, they are limited to a small number of nodes that can be supported. Indeed, many network designers and certain equipment manufacturers recommend not deploying STP-based switches in a ring configuration because of the inherent vulnerabilities to network failures and the difficulty of diagnosing and correcting those failures.

‘Self-Healing’ Switch Combines Ease of Installation, Redundancy and Reliability

In recent years, IP switch technology has gone through an evolutionary process resulting in Milford, Mass.-based CBL Systems’ next-generation self-managed Ethernet switch that addresses many of the limitations of STP-based switches. The self-managed switch combines ease of installation and configuration with redundancy and reliability. These new switches have built-in integrated intelligence that requires virtually no administration, while avoiding the limitations of STP. 

To achieve near instantaneous network redundancy, the devices utilize a distributed random ring-master algorithm in which the entire ring recalculates and a new master is rapidly assigned if one switch becomes inoperable or isolated. This switching technology enables the network to “self-heal” around any point of failure on the network, even the master switch. Because these self-managed switches have built-in intelligence, they can automatically identify and establish contact with various IP devices such as cameras, video recorders, routers, PCs and servers when plugged into Ethernet service ports. When additional self-managed switches are connected into the ring, the built-in intelligence automatically creates the ring network without any IT administration. This enables applications to access the appropriate data streams from any port on the network as needed. 

Self-Managed Switches Ensure Hack-Proof, Secure Networks

Physical security networks built with self-managed switches also offer inherent protection from being hacked. In self-managed mode, these new switches operate without an IP address and, therefore, can’t be accessed or altered by external sources, protecting them from unwanted intrusion, rerouting or modification. 

For further protection, the self-healing, single-fiber or copper ring architecture provides secure network redundancy. A break in the fiber (or copper cable) or loss of power will trigger an alarm and the self-healing ring immediately locates the fault and reroutes the data stream back over an alternative path to provide uninterrupted service. 

All of this makes for particularly reliable perimeter security and video surveillance networks. The gigabit fiber-optic ring provides a secure method to network devices such as cameras, sensors and recorders to a central command center, while being impervious to lightning strikes and electromagnetic interference. 

Systems integrators and end users alike will also find other notable advantages to the self-managed Ethernet switch: lower installation costs, unlimited scalability, reduced IT administration costs and, significantly, no need for specialized operator training. These benefits add up to a return on investment that makes the self-managed switch the benchmark against which to measure all other switches for IP-based security solutions.

Jim Schakenbach is managing partner of Northborough, Mass.-based  SCT Group Inc., a high technology marketing communications agency. He can be reached at (508) 919-2092 or via e-mail, [email protected].

Article Topics
Video Surveillance · CBL SYSTEMS · Data Privacy · Ethernet · Features · Fiber Optics · IT Management · All Topics

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You'll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

CBL SYSTEMS, Data Privacy, Ethernet, Features, Fiber Optics, IT Management, Protocol

Commenting is not available in this channel entry.


Don't miss out! Subscribe to Security Sales & Integration magazine today. - Security Sales & Integration


View all security resources & downloads